I'm trying to do this, but it returns null?
$query_1=$field_name[0]."='{".$field_value[0]."}'";
and then
getType = mysql_query("SELECT * FROM wines WHERE $query_1") or die(mysql_error());
while if i do like this:
$getType = mysql_query("SELECT * FROM wines WHERE $field_name[0]='{$field_value[0]}'") or die(mysql_error());
it works fine.
is this even possible, or am I missing something too obvious?
thank you in advance!
You are building it the wrong way. You should never use curly brackets (or any other string) in a SQL query. Concatenate your query instead.
Like this:
$query_1=$field_name[0]."='".$field_value[0]."'";
and oh, you missed a $ before your query, thats why its null.
This works for me:
$field_name[0] = "test";
$field_value[0] = "someting";
$query_1=$field_name[0]."='".$field_value[0]."'";
echo ("SELECT * FROM wines WHERE $query_1") or die(mysql_error());
Hope it helps
Related
I have a database with users input and was wanting to output a user table (id, username) as a count on a page. The following piece of code is what I've been trying to work with but I've been having no luck and it keeps getting more and more complex - the SQL works perfectly so I'm not sure what's wrong.
mysqli_select_db($db);
$result = $_POST ['$result'] ;
$result = mysqli_query("SELECT COUNT( * )
FROM users");
$row = mysqli_real_escape_string($result,$db);
$total = $row[0];
echo "Total rows: " . $total;
I'm still learning how to properly link SQL in with PHP. The warnings tell me to add an extra parameter however when I do so it still complains.
I originally wanted a simple COUNT but will change the count to a table array if need be. I understand this maybe a little basic and I may have been going about it the wrong way, but I've hit a wall with it and any help on fixing the COUNT would be greatly appreciated
Replace the call to mysqli_real_escape_string to mysqli_fetch_array and your code will works.
mysqli_real_escape_string is only useful for string escaping when you INSERT or UPDATE data to MySQL.
$row = mysqli_fetch_array ($result);
Please try this code:
$sql="SELECT * FROM users";
$result=mysqli_query($con,$sql);
// Numeric array
$row=mysqli_fetch_array($result,MYSQLI_NUM);
$number = count($rows);
Hope this works.
I am sending myself crazy figuring out what the issue is with the following code. All names within the database are exact as I have them here however I can't seem to get the info from the quote using $quoteid however when I type in an id static e.g. quoteid = 12 I can filter through the data.
Obviously this isn't ideal.
<?php
$quoteid = $_GET["quoteid"];
if ($_GET['quoteid']) {
$quoteid = $_GET["quoteid"];
}
$quote = $db->getRow("SELECT * FROM quotes WHERE quoteid = $quoteid");
?>
Html
<h1><?php echo $quote->description;?></h1>
Any help would be greatly appreciated.
Thanks,
Melissa
Note that you need to put the PHP variables inside single quotes when writing SQL queries. Do it like in the example:
$quote = $db->getRow("SELECT * FROM quotes WHERE quoteid = '$quoteid'");
why you getting again and again $_GET["quoteid"] and also use single for variable when writing SQL queries
<?php
$quoteid = $_GET["quoteid"];
if (!empty($quoteid)) {
$quote = $db->getRow("SELECT * FROM quotes WHERE quoteid = '$quoteid'");
}
else {
echo 'quote id is empty';
}
?>
also use mysql_real_string_escape() to prevent sql injection
You should do the following... basic debugging.
print_r or var_dump for $_GET to see if and how "quoteid" is set up
in the $_GET superglobal
echo your SQL (instead of mysql_query just echo it) and run it in
phpmyadmin if it seems ok -- you might have something you missed out
somewhere
That way you should be able to figure out your issue faster
there is mistake in query syntax with $quoteid variable. you should use this one-
global $db;
$quote = $db->get_row("SELECT * FROM quotes WHERE quoteid ='".$quoteid."'");
I'm pretty sure i messed up the quotes, but can't find where exactly. It stopped working after adding the AND operator. Can anybody guide me to the right direction?
$result = mysql_query("SELECT * FROM pl_table WHERE p_num=".$w[0] AND l_num='.$w[0]);
Try this:
$result = mysql_query("SELECT * FROM pl_table WHERE p_num='".
$w[0]."' AND l_num='".$w[0]."'"
);
Basically, you messed up w/ opening/closing quotes.
What error message did PHP return to you? Most of the times, if not always your solution lies therein.
You broke your query string. See this difference
$result = mysql_query(
"SELECT * FROM pl_table
WHERE p_num='".$w[0]."'
AND l_num='".$w[0]"'");
It is the quotes, your AND needs to be inside the quotes, and it is not.
Yours:
$result = mysql_query("SELECT * FROM pl_table WHERE p_num=".$w[0] AND l_num='.$w[0]);
What it should be:
$result = mysql_query("SELECT * FROM pl_table WHERE p_num=".$w[0]." AND l_num=".$w[0]);
$u_ress = mysql_query("SELECT * FROM `blackjack` WHERE `brukernavn`='$spiller->brukernavn' AND `by`='$by'");
$bj = mysql_fetch_object($qry);
This code wont work. It wil only show my $by, but its not what i want. I want it to get from blackjack where brukernavn is ( as it said) AND from by aswell.
How can i this?
SELECT * FROM blackjack WHERE brukernavn='{$spiller->brukernavn}' AND by='$by'
Notice when doing advanced variables within the string you must use brackets.
Try below code,
echo "Query:=".$u_ress = ("SELECT * FROM blackjack WHERE `brukernavn` ='{$spiller->brukernavn}' AND `by` ='$by'");
$query = mysql_query($u_ress);
//$bj = mysql_fetch_object($query);
mysql_query is not recommended.
I get a string vaiable using POST in my php. I want to append this string so that i can use in the sql query to check for containing this string. I want something like this %string%
What i am doing now this gives me error:
$hotelName = '%'+hotelName_old+'%';
just to be sure: did you change your statement to ... WHERE fieldname LIKE '%value%'??
it should be like this
$hotelName = "%'".$hotelName_old."'%";
try this.
just directly use your variable.
$sql = "select * from `tbl_name` where `field_name` like '%{$find}%'"
$result = mysql_query($sql);