How can I check if value is in mysql's table's column?
Right now I'm creating a login system. After the user registers my php file posts the value and makes it into a variable. I was wondering what code i can use to compare my value to those values in the table and to check whether or not there is a value identical to the value entered.
I tried this code.
$query = "SELECT * FROM users WHERE username ='$username';";
$res = mysql_num_rows(mysql_query($query));
and then if ($res >= 0);
but then i get this error,
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/synameg1/public_html/giveaway/appfiles/register.php on line 23
so i was wondering if there is either a way to fix this error or do what i want to do in another method.
Thanks!
$sql = "SELECT * FROM users WHERE username = '" . mysql_real_escape_string($username) . "'";
$result = mysql_query($sql) or die("Error occurred in [$sql]: " . mysql_error());
$count = mysql_num_rows($result);
Dan: I used your approach with 'zero' result.
<?php
//////////////////////////////////////////////////////////////////////
global $current_user;
get_currentuserinfo();
$user_nam = $current_user->user_login;
$db_host = 'localhost';
$db_user = 'Private'; ////the user name
$db_pwd = 'Private'; /////the pasword
$database = 'Datapase name';/////////
$table = 'Table Name'; ///table name
$sql = "SELECT * FROM $table WHERE 'Submitted Login' = '" . mysql_real_escape_string($user_nam) . "'";
$result = mysql_query($sql) or die("Error occurred in [$sql]: " . mysql_error());
$count = mysql_num_rows($result);
echo $user_nam . "<br />";
echo "count is $count";
////////////////////////////////////////////////////////////////////
?>
Private fields have comments.
It works, I can see $user_nam but the count is zero.
Here is a datebase peek so you can see the values.
http://you-get-real.com/images/database-peek.png
Thanks
Related
I want to count the rows in the users table with specific name and pwd which should be 1 if existed.
but the result always return null(not 0),no matter whether the user existed or not.
I even change the query simple to "SELECT * FROM users", and it ended with the same result.
And I am pretty sure that the name of the DATABASE and TABLE are true,and the table is not empty!
By the way,why I have to use "#" symbol before "mysqli_query" in order to get rid of error?
thx!
enter code here
<?php
#$mysql_db_hostname = "localhost";
$mysql_db_hostname = "127.0.0.1";
$mysql_db_user = "root";
$mysql_db_password = "";
$mysql_db_database = "smartFSUsers";
$con = mysqli_connect($mysql_db_hostname, $mysql_db_user, $mysql_db_password,$mysql_db_database);
if (!$con) {
trigger_error('Could not connect to MySQL: ' . mysqli_connect_error());
}
$name = $_GET["name"];
$password = $_GET["password"];
$query = "SELECT * FROM users WHERE name='$name' AND password='$password'";
$result =#mysqli_query($query,$con);
echo($result);
$row=#mysqli_num_rows($result);
echo"the row num is $row \n";
?>
RTM: http://php.net/mysqli_query
$result =#mysqli_query($query,$con);
You've got your parameters reversed. $con MUST come first:
$result = mysqli_query($con, $query) or die(mysqli_error());
If you had bothered adding error correction to your code, you'd have been told about this. But nope, you opted for # to hide all those error messages.
I'm trying to count entries in a database based on 2 basic criteria. It is returning a blank result, even though there are results to be found. Anyone have any idea what I am doing wrong here? I have tried it so many different ways and they all return no result. (If I enter the query directly in phpmyadmin it returns a result.)
$sql = "SELECT count(*) as total_count from orderOption3Detail WHERE orderDate='$orderDate' AND studentID='$studentID'";
$numericalResult = mysql_query($sql, $con);
$row = mysql_fetch_object($numericalResult);
$totalOrders1 = $row->total_count;
echo "My orders:" . $totalOrders1;
As others stated, make sure you sanitize variables before they go into query.
$sql = "SELECT * FROM orderOption3Detail WHERE orderDate = '" . $orderDate . "' AND studentID = '" . $studentID . "'";
$sql_request_data = mysql_query($sql) or die(mysql_error());
$sql_request_data_count = mysql_num_rows($sql_request_data);
echo "Number of rows found: " . $sql_request_data_count;
That's all you need.
Edited: providing full code corrected:
$con=mysqli_connect($db_host,$db_user,$db_pass,$db_name); // Check connection
if (mysqli_connect_errno()) { echo "Failed to connect to MySQL: " . mysqli_connect_error(); } //global option 1
$sql = "SELECT count(*) as total_count from orderOption3Detail WHERE orderDate='$orderDate' AND studentID='$studentID'";
//echo $sql;
$numericalResult = $con->query($sql);
$row = mysqli_fetch_object($numericalResult);
echo $row->total_count; //echo (int) $row->total_count;
Please test this and let me know. Good luck!
----- End Editing ----
Have you tested assigning values directly as a test in your SQL string, like:
$sql = "SELECT count(*) as total_count from orderOption3Detail WHERE orderDate='05/23/2012' AND studentID='17'";
Also, did you check if the date's format is correct, reading that $orderdate variable and testing it in PHPMyAdmin?
Did you read the $sql with values inserted and test in PHPMyAdmin and worked?
Also, check the connection to assure there is no problem there.
One more thing, sorry. You seem to be using the wrong syntax in your mysql_query statement. That way works for mysqli_query, and the parameters would be inverted. Try only:
$numericalResult = mysql_query($sql);
Provided you made the connection and database selection previously, like in:
$connection=mysql_connect($db_host, $db_username, $db_password);
if (!$connection)
{
$result=FALSE;
die('Error connecting to database: ' . mysql_error());
}
// Selects database
mysql_select_db($db_database, $connection);
Best wishes,
I'm getting the below message on my second page and nothing works...
Fatal error: Call to a member function fetch_assoc() on a non-object in C:\xampp\htdocs\send.php on line 6
here is the first page where I display the Email address and it works nice but when I click on the email and go to info.php I get that error.. What is wrong?
<?php
$mydb = new mysqli('localhost', 'root', '', 'database');
$sql = "SELECT * FROM test ";
$result = $mydb->query($sql);
while( $row = $result->fetch_assoc() ){
echo '<td>'.$row['Email'].' </td>';
echo "<br/>";
}
$mydb->close ();
?>
here is info.php..Just bear in mind that I'm trying to display row Age and Name of single user which I have in a same table in a database ..
<?php
$mydb = new mysqli('localhost', 'root', '', 'database');
$sql = "SELECT * FROM User WHERE id = " . $_GET['email'];
$result = $mydb->query($sql);
while( $row = $result->fetch_assoc() ){
echo $row['Age'] . " " . $row['Name'] ;
echo "<br/>";
}
$mydb->close ();
?>
It means your query did not run correctly. You should put a check:
if (!$result) {
echo $mydb->error;
}
die();
Prepared Statements
You should use them since you're taking user input. Prepared statements provide a good level of cleansing input, so that users can't mess with your database.
It also looks like you have a column for email, but are trying to select a user based on:
id = email.
It's common practice to make id an INT, and email would probably be VARCHAR, so this comparison doesn't make sense (if your table schema is following common practice)
The query is failing because you aren't putting quotes around the email address.
$sql = "SELECT * FROM User WHERE id = '" . $_GET['email'] . "'";
I am a newbie in MySQL and PHP. I have a HTML form where I would like to pass 1 variable from to my PHP code and then run a query on my database for the record that holds that variable under the column 'Serial'. I can run it fine when I hard code the 'serial' that I want to look up but when I try with the variable I get an error.
Any help would greatly be appreciated! Or a better way to do this.
Here is my error: Unknown column 'amg002' in 'where clause'
Here is my code;
$serial= $_POST['Serial'];
echo $serial;
//Connect To Database
$link = mysql_connect($hostname,$username, $password) OR DIE ('Unable to connect to database! Please try again later.');
echo "Connected to MySQL<br />";
//Select the database - 'SiteInfo'
// Collects data from "SiteInfo" table
//****This is where I am running into the error***
$sql = 'SELECT * FROM `SiteInfo` WHERE `Serial` ='.$serial;
// This works!!!
//$sql = 'SELECT * FROM `SiteInfo` WHERE `Serial` ="amg002";';
$data = mysql_query($sql)
or die(mysql_error());
// puts the "SiteInfo" info into the $info array
$info = mysql_fetch_array( $data );
//Print out the contents of the entry
echo "Site Name: ".$info['SiteName'] . "<br /";
Print "Serial Number: ".$info['Serial'] . "<br />";
Print "Location: ".$info['Location'] . "<br />";
// Close the database connection
mysql_close($link);
echo "Connection Closed. <br />";
I agree its a quote issue, but here is how my code would look.
$sql = 'SELECT * FROM SiteInfo WHERE Serial = "' . $serial . '"';
or
$sql = "SELECT * FROM 'SiteInfo; WHERE 'Serial' = \"$serial\"";
Looks like a quote issue:
$sql = 'SELECT * FROM `SiteInfo` WHERE `Serial` ='.$serial.';
should be
$sql = "SELECT * FROM `SiteInfo` WHERE `Serial` ='".$serial."'";
It means your variable:
$_POST['Serial']
is coming empty. You need to run your code if it isn't empty by checking it via isset like this:
if (isset( $_POST['Serial'])) {
$serial= $_POST['Serial'];
// your rest of the code
}
Also if Serial is string and not a number, you need to put it in quotes, use below query:
$sql = "SELECT * FROM `SiteInfo` WHERE `Serial` = '$serial'";
You can also check out what does your query come up like:
$sql = "SELECT * FROM `SiteInfo` WHERE `Serial` = '$serial'";
echo $sql;
exit;
I've got this code:
$query = 'SELECT * FROM users WHERE username = "' . $user . '" AND password = MD5("' . $pass . '") LIMIT 1';
echo $query;
$result = $mysqli->query($query);
echo "<br>Here: " . $result->num_rows;
Using the output from $query I put it into phpmyadmin and it returns 1 row but when trying to get the number of rows using num_rows it doesn't return anything at all - not even 0;
Any ideas?
http://ru2.php.net/manual/en/mysqli.query.php
Returns FALSE on failure.
Have you established a connectection to your DB?
Looks like the SQL query is messed up. As far as I know there is no MD5 function built into MySQL nor the SQL standard. Therefore if it does exist then it is probably proprietary to the particular DB.
That said you can use PHP to check it. Try this to see what is going on.
$encrypted_pass = md5($pass);
$query = "SELECT * FROM users WHERE username = '$user' AND password = '$encrypted_pass' LIMIT 1";
echo $query;
$result = $mysqli->query($query);
if ($result !== FALSE) {
echo "<br>Here: " . $result->num_rows;
}
else {
echo "Something is broken.";
}
Ref:
http://us2.php.net/manual/en/mysqli-result.num-rows.php