if (isset($_SESSION['user_tz'])) {
$posted = "CONVERT_TZ(p.posted_on, 'UTC', '{$_SESSION['user_tz']}')";
} else {
$posted = 'p.posted_on';
}
// Run the query:
$q = "SELECT t.subject, p.message, username, DATE_FORMAT($posted, '%e-%b-%y %l:%i %p') AS posted FROM threads AS t LEFT JOIN posts AS p USING (thread_id) INNER JOIN users AS u ON p.user_id = u.user_id WHERE t.thread_id = $tid ORDER BY p.posted_on ASC";
I changed the $posted in the query to a plain "posted_on" which returned the time, I also tried some wrapping it in '' and "" but those ended up breaking it entirely; for future reference I'd like to know why that variable isn't getting passed through to the query. It's probably something really simple and I'll feel silly but help would be appreciated greatly.
Thanks.
NULL is a valid value for isset() to trigger TRUE. Use unset($_SESSION['user_tz']);
It seems to me that the way you have it written, it is using $posted as the value to pass to the date_format. What you really want is the contents of $posted so you need to close quotes around it and concatenate the value into the $q string.
Related
This is my code:
$sql = $_POST['sql'];
....
$result = $mysqli->query($sql);
This does not return any results. So i echoed the $sql variable and this is the result:
SELECT o.entity_id, o.increment_id FROM sales_flat_order o JOIN sales_flat_order_payment p ON o.entity_id = p.parent_id JOIN sales_flat_order_address a ON o.entity_id = a.parent_id WHERE a.country_id = \'DE\' ORDER BY o.entity_id DESC LIMIT 10;
Now, when I assign this to the $sql variable directly, it works. What could be the problem?
Thanks
Well, first you could test $result and output the last error with $mysqli->error when it's false, that would give you details on what's wrong.
Secondly, you should NOT execute a query that's coming from POST or GET parameter, that's how you allow anyone to do anything on your database with sql injection. That's a big security breach.
Thirdly, the issue is probably on POST encoding (note the quotes \'DE\') so if you urldecode and/or stripslashes your $sql it would probably work
I am doing a sql query inside php file but i don´t know what Im doing wrong in the query. Perhaps I don´t concatenate properly the sql statement or I don't use properly the quotes, somebody can help me? Thank you. Here is my code:
$config['table_name'] = "peliculas";
$config['table_namedos'] = "opiniones";
$sql = "SELECT ".$config['table_name']." id_pelicula ".$config['table_name']." nombre ".$config['table_name']." caratula ".$config['table_name']." duracion ".$config['table_namedos']." nick ".$config['table_namedos']." minuto "." INNER JOIN ".$config['table_namedos']." ON ".$config['table_name']." id_pelicula =".$config['table_namedos']." id_pelicula";
You need to seperate each selected columns with a comma in the query which you are missing and also while doing the concatanation you are giving some space after the colname. fieldname.
Also missing the from table name
so it should be as
$sql = "SELECT
".$config['table_name'].".id_pelicula,
".$config['table_name'].".nombre,
".$config['table_name'].".caratula,
".$config['table_name'].".duracion,
".$config['table_namedos'].".nick,
".$config['table_namedos'].".minuto from
".$config['table_name'].
" INNER JOIN ".$config['table_namedos']." ON ".$config['table_name'].".id_pelicula =".$config['table_namedos'].".id_pelicula";
Try it this way You missed the dots between tablename and columnname, also you need FROM and you need to seperate columns by comma
<?php
$sql = "SELECT
{$config['table_name']}.id_pelicula,
{$config['table_name']}.nombre,
{$config['table_name']}.caratula,
{$config['table_name']}.duracion,
{$config['table_namedos']}.nick,
{$config['table_namedos']}.minuto
FROM
{$config['table_name']}
INNER JOIN
{$config['table_namedos']}
ON
{$config['table_name']}.id_pelicula = {$config['table_namedos']}.id_pelicula";
If you do not like the { } syntax you can also do it this way
<?php
$t1 = $config['table_name'];
$t2 = $config['table_namedos'];
// or in one statement: list($t1, $t2) = array($config['table_name'], $config['table_namedos']);
$sql = "SELECT
$t1.id_pelicula,
$t1.nombre,
$t1.caratula,
$t1.duracion,
$t2.nick,
$t2.minuto
FROM
$t1
INNER JOIN
$t2
ON
$t1.id_pelicula = $t2.id_pelicula";
If you are really really fond of string . concatenating, I advise using ' instead of " and also leave spaces around the . operator so you can see better where . is part of the String and where it is the operator.
I have had the same problem and what I did was assign it to a string {ex: $stringname} then use the string in the query.
So
$stringtablename = $config['table_name'];
$sql = "SELECT ".$stringtablename; ect.
I'm sure you get the point with out me writing the whole thing out.
=)
I've the following code:
$query = "UPDATE `'._DB_PREFIX_.'specific_price` sp SET sp.`from`=NOW(), sp.`to`=DATE_ADD(NOW(), INTERVAL 19 HOUR)
INNER JOIN `'._DB_PREFIX_.'product` p ON (sp.id_product = p.id_product)
WHERE p.`id_manufacturer` = '.(int)$id_manufacturer";
//Run the Query
$result = mysql_query($query);
?>
I know I have to modify the location and usage of _DB_PREFIX And $id_manufacturer but where and how?
I admit that I'm quite lost right now and some help would be highly appreciated.
Thank you in advance
// define variable for database prefix
// you can also use simple php variable here instead of using constant
define(_DB_PREFIX_, "database-name");
// filter data
$id_manufacturer = (int)$id_manufacturer;
// prepare query
$query = "UPDATE "._DB_PREFIX_."specific_price sp
SET sp.`from`=NOW(), sp.`to`=DATE_ADD(NOW(), INTERVAL 19 HOUR)
INNER JOIN "._DB_PREFIX_."product p USING id_product
WHERE p.id_manufacturer = $id_manufacturer";
//Run the Query
$result = mysql_query($query);
Note: Do NOT use above mentioned code in any production system. Please consider this just as tutorial. Its very high time to start using PDO or mysqli. You can google it and get more information about it.
I'm probably missing something obvious but when I try to execute this query, it returns no results. I plugged it directly into MySQL and also tried replacing the variable with a valid row value and I get the correct output. When I use a variable, it gives me no results. Anyone have any thoughs?
$query = "SELECT title FROM le7dm_pf_tasks WHERE project = (SELECT id FROM le7dm_pf_projects WHERE title = '".$ws_title."') ORDER BY title DESC LIMIT 1";
$result_query = mysql_query($query) or die("Error: ".mysql_error());
while ($row = mysql_fetch_assoc($result_query)) {
$result_title = $row['title'];
}
$result_title = substr($result_title,0,6);
echo $result_title;
Your SQL could do with some rework (though not the reason for your issue). No need for the nested select (which can also cause an error if it returns > 1 row). Try a join.
$sql = "
SELECT title FROM le7dm_pf_tasks t
INNER JOIN le7dm_pf_projects p ON t.project = p.id
WHERE p.title = '{$ws_title}'
ORDER BY title DESC LIMIT 1
";
You are also iterating over an unknown number of rows using the while statement. And then you exit and attempt a substring. How do you know that the last row iterated in the while had a value.
Try outputting $result_title inside the while loop itself to confirm data.
echo $result_title;
If you truly only have a single row, there is no need for the while loop. Just do
$row = mysql_fetch_assoc($result_query);
strip_tags($ws_title); - is what did it! The title was wrapped in an anchor tag that linked to that particular project page.
Thanks for all the good suggestions though. I'm gonna use some of them in the future when bug testing.
I am not sure if that join statement is writen in the right way:
<?php
function generateComment($commentID)
{
$avatar_Q=mysql_query("
SELECT * FROM comments com
INNER JOIN users us ON com.user_id=us.user_id
WHERE comment_id=$commentID // will that $commentID be red in that query string or will it treat it as a string "commentID"
");
if($row=mysql_fetch_array($avatar_Q))
{
$userName=$row["us.user_name"]; // do I refer to the fields like that
$avatarPath=$row["us.avatar"];
$avatarRep=$row["us.reputation"];
$message=$row["com.comment"];
$date=$row["com.date"];
}
mysql_close();
if(!isset($avatarPath))
{
$avatarPath="blank picture";
}
?>
Is this the most efficient way to write a join statement
Your query is written correctly, but you can improve it by specifing the table on comment_id, and for a better returning I suggest you to specify with column you want back, also I will use the variable outside the "string", because it's a numeric value (I suppose you omit the single quote like...
$sql = "Select com.command_it, etc
FROM ..... WHERE com.comment_id = ".$commentID."";
If otherwise the com.comment_id is text or varchar you must use the single quote like:
$sql = "Select com.command_it, etc
FROM ..... WHERE com.comment_id = '".$commentID."'";
Moreover this way you get only the rows where there is a user and a comment, if one user have no comment you don't retrieve that user...
If you want the user also if he has no comments you must use a LEFT JOIN
$sql = "SELECT com.comment_id, etc FROM users us
LEFT JOIN comments com ON com.user_id=us.user_id
WHERE com.comment_id=".$commentID."";
Not sure what you're doing with this line
WHERE comment_id=$commentID // will that $commentID be red in that query string or will it treat it as a string "commentID"
");
But you need to specify which table comment_id is coming from, say comments, then you might do something like
$avatar_Q=mysql_query("SELECT * FROM comments com
INNER JOIN users us ON com.user_id=us.user_id
WHERE com.comment_id=$commentID");
Not sur if it's the best way, but you could try to mysqlslap a mysql DB with it. Compare it with left join and other types of join and see which one is the best in your case. MySQL is all about slapping.