Try to select use "where" clause in a mysql statement:
e.g.
Table: X with a ID column which is BINARY data type. Then save in a variable in php
$aid = $row["id"];
How do i use this variable later when I try to select from table
$where = "where `ID` = '$aid'";
$query = "SELECT * FROM X ".$where;
Return 0 row.
Does anyone know why?
Answering my own question.
Just figured out:
$where = "where HEX(ID) = 'bin2hex($aid)'";
$query = "SELECT * FROM X ".$where;
Does anyone know better solution?
Try below :
add BINARY in where clause.
$where = "where BINARY ID = '$aid'";
$query = "SELECT * FROM X ".$where;
Related
How can I do something like this:
$query = "SELECT a,b FROM c ORDER BY a";
$query1 = "SELECT a,b FROM '".$query."' WHERE a='".$number."'";
Thank you very much
REAL CASE
$query2 = "SELECT numero,spartenza,sarrivo,opartenza,oarrivo FROM treni ORDER BY opartenza";
$query1 = "SELECT spartenza,sarrivo,opartenza,oarrivo,TIMEDIFF(oarrivo,opartenza) FROM (".$query2.") AS 'ordinata' WHERE numero = '".$id_treno."' ORDER BY opartenza";
Wrap it in parenthesis:
$query1 = "SELECT a,b FROM (".$query.") AS `alias` WHERE a='".$number."'";
Subqueries like this need to be aliased.
MySQl Subquery Documentation
REAL CASE
$query = "SELECT spartenza,sarrivo,opartenza,oarrivo,TIMEDIFF(oarrivo,opartenza) FROM treni WHERE numero = '".$id_treno."' ORDER BY opartenza";
You do not need a subquery at all for this. You can ORDER BY a column that you aren't selecting. One suggestion though would be to alias your TIMEDIFF function like this sothat it will be easier to retrieve.
$query = "SELECT spartenza,sarrivo,opartenza,oarrivo,TIMEDIFF(oarrivo,opartenza) AS `timediff_alias` FROM treni WHERE numero = '".$id_treno."' ORDER BY opartenza";
I have a query string that contains a variable like this
$field_name = 'features';
$value = '5';
$query = "SELECT * FROM Table WHERE $field_name\_tid = '$value'";
My goal is to print out the $query like this SELECT * FROM Table WHERE features_tid = '5';
I put \_ there hoping it would work as escape character, but it didn't work. Is there any way to achieve this without use methods like ". $field_name ." and modifying original variable value?
yes:
$query = "SELECT * FROM Table WHERE {$field_name}_tid = '$value'";
You can use:
$query = "SELECT * FROM Table WHERE {$field_name}_tid = '$value'";
I have following PHP script. I want to count and print comments for each article.
The id for each article can be "recalled" by this: <?php echo $listing['Listing']['listing_id'];?> (this return the contentid number)
Now, I have this script:
<?php
$db =& JFactory::getDBO();
$query = "SELECT COUNT(comments) AS totalcount WHERE contentid = ????? ";
$db->setQuery($query);
$count = $db->loadResult();
echo ($count); ?>
I tried to add in WHERE clause this:
"... WHERE contentid = {$listing['Listing']['listing_id']}"
but $count returns "0" zero.
How can I add this variable in the WHERE clause?
Thanks in advance!
In the case of an integer:
$query = "SELECT
COUNT(comments) AS totalcount
WHERE
contentid = " . ((int) $listing['Listing']['listing_id']);
In the case of a string:
$query = "SELECT
COUNT(comments) AS totalcount
WHERE
contentid = " . mysql_real_escape_string($listing['Listing']['listing_id']);
The biggest thing to be weary of is SQL injection. This makes your queries safe. The explicit cast to int will ensure an int value is passed, even if the value is erroneous, at least you wont be open to any attack.
Use sprintf and escape the string.
$query = sprintf("SELECT COUNT(comments) AS totalcount WHERE contentid = '%s'",mysql_real_escape_string($listing['Listing']['listing_id']));
try
$query = "SELECT COUNT(comments) AS totalcount WHERE contentid = '".mysql_real_escape_string($listing['Listing']['listing_id'])."'";
or
$query = "SELECT COUNT(comments) AS totalcount WHERE contentid = ".mysql_real_escape_string($listing['Listing']['listing_id']);
depending on the data type.
I have this very simple function:
function getCatName($id){
$sql = "SELECT * FROM biznet_category WHERE ID ='".$id."';";
$res = mysql_query ($sql) or die (mysql_error ());
$row = mysql_fetch_assoc ($res);
$name = $row["Name"];
return $name;
}
So with this function I should be able to get the category name, but it doesn't work with the parameter. If I put 8 or 9, the categoryname is displayed correctly.
The id is also passed on like it should, when I print it out, it shows 8 or 9.
I know the solution is quite simple, I just don't see it.
To fix remove the quotes and check the column name for case id or ID. Since the query string is in double quotes you don't have to use the . join
$sql = "SELECT * FROM biznet_category WHERE ID = $id";
You can use curly brackets which I find easier to read
$sql = "SELECT * FROM biznet_category WHERE ID = {$id}";
If you were querying a string rather than an integer you can simply do
$sql = "SELECT * FROM biznet_category WHERE ID = '{$id}'";
$sql = "SELECT * FROM biznet_category WHERE ID ='".$id."';";
To
$sql = "SELECT * FROM biznet_category WHERE ID = ".$id;
Try this
$sql = "SELECT * FROM biznet_category WHERE ID = ".$id;
Is the column name ID spelt correctly?
I am using LIKE to do my searching, i try it in phpMyAdmin and return the result but when i use it in php it return empty result.
$search = "ip";
$start = 0;
$query = "SELECT * FROM product WHERE product_name LIKE '%$search%' LIMIT $start,30";
$result = mysql_query($query);
if(empty($result))
$nrows = 0;
else
$nrows = mysql_num_rows($result);
It will return result when i using phpMyAdmin to run this query but when i use it in php, it return empty.
Update:
Sorry guys,
I just found out the problem is i didn't connect database as well. anyway, thanks for helping.
Try This
$query = "SELECT * FROM `product` WHERE `product_name` LIKE '%".$search."%' LIMIT 0, 30";
And if the sole purpose of your code is to get the number of products with the searched-for name, use SELECT COUNT(*) instead of doing a mysql_num_rows() on all your data. It will decrease your querytime and the amount of data that is (unnecessarily) fetched.
I am not sure why this is not working, as the query seems to be correct to me. I would like to suggest you writing query this way
$query = <<<SQL
SELECT * FROM product WHERE product_name LIKE "%$search%" LIMIT $start,30
SQL;
please note that there should not be any space or any character after SQL;
$query = "SELECT * FROM product WHERE product_name LIKE '%" . $search . "%' LIMIT " . (int) $start. ",30";
you can use directly mysql_num_rows()
but here is right code
$query = "SELECT * FROM product WHERE product_name LIKE '%".$search."%' LIMIT $start,30";
$search = "ip";
$start = '0';
$query = "SELECT * FROM product WHERE product_name LIKE '%".$search."%' LIMIT $start,30";
$result = mysql_query($query)or die(mysql_error());
if(mysql_num_rows($result) == 0){
$nrows = 0;
} else{
$nrows = mysql_num_rows($result);
}
//use mysql_num_rows($result) instead of empty($result) because in this situation $result is every time not empty so use inbuilt PHP function mysql_num_rows($result);