Here is the code I input...
mysql_query("INSERT INTO test (string) VALUES ('tes><ssst')");
And this is how I query the result out:
$result = mysql_query("SELECT * FROM test");
while($row = mysql_fetch_array($result))
{
echo $row['id'] . " ---- " . $row['string'];
echo "<br />";
}
but I only get this result:
3 ---- tes>
I miss the missing part: "<ssst", but when I go to the db, I can retrieve the string I inserted. What's happen? Thank you.
That's because your browser thinks <ssst is an html tag. You should encode your output
while($row = mysql_fetch_array($result)) {
echo $row['id'] . " ---- " . htmlspecialchars($row['string']);
echo "<br />";
}
use htmlspecialchars to encode output
Related
I have an MySQL data base that has a cell in a record called balance. The db shows it is stored as a decimal(16,2). When I try to display the vale of the record with echo $row["balance"]; In PHP, it display nothing at all. Can you please point me in the right direction. Thanks you.
$sql = "SELECT id, email, username FROM ppb_users WHERE id = '$USERIDX' ";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
//// output data of each row
while($row = $result->fetch_assoc())
{
echo "<br> id: " . $row["id"] . "<br> email: " . $row["email"] . "<br> username: " . $row["username"] . "<br> Ballance: " . $row["balance"] ."<br>";
$UserEmail = $row["email"];
$balancex = $row["balance"];
}
}
else
{
echo " 0 results <br><br>";
}
$conn->close();
Sorry folks, it would seem I had one of those moments in where when it is over and you realize what you did, how small you feel. I did not add balance to the SQL se3lect line. Uggg! Soryy.
I am trying to access firstname by it self. I have the code below put together:
<?php
$sql = "SELECT firstname, lastname FROM guests WHERE option = $option";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo "You Are " . $row["firstname"]. " " . $row["lastname"]. "<br>";
?>
It gives me You are Bob Testing. I need to convert them to self variable so I can use them anywhere. Like $row["firstname"] = $firstname; so then I could echo $firstname; But it won't work if I use $row["firstname"] = $firstname;
I think the issue is somewhere in how I form the result $result = mysqli_query($conn, $sql); Can I say something else here so then I could just use say $row["firstname"] = $firstname; and use like echo $firstname;? Thanks.
Firstly, if this is your actual code, it's missing a few closing braces.
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo "You Are " . $row["firstname"]. " " . $row["lastname"]. "<br>";
} // this one was missing
} // as was this one
Now, assign a variable "to" the row(s) and not the other way around.
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
$first = $row["firstname"];
$last = $row["lastname"];
}
echo "You are " . $first . " " . $last . "<br>";
}
However the above will only echo a single row, therefore you will need to place the echo "inside" the while loop in order to echo all the rows in your table:
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
$first = $row["firstname"];
$last = $row["lastname"];
echo "You are " . $first . " " . $last . "<br>";
}
}
Something about this though WHERE option = $option";
If $option is a string, it will need to be quoted:
WHERE option = '$option'";
otherwise, MySQL will see that as a syntax error. Check for errors on your query:
http://php.net/manual/en/mysqli.error.php
It will also be prone to an SQL injection, therefore it is best you use a prepared statement.
https://en.wikipedia.org/wiki/Prepared_statement
Seeing you may be new to working with MySQL, it's best to learn about protecting yourself against SQL injection. Here is a good article about it on Stack:
How can I prevent SQL injection in PHP?
I have a user table that contain a lots more data, I wonder how can I improve my select code below
if ($result = $db->query("SELECT * FROM user ")) {
while ($row = mysqli_fetch_assoc($result)) {
echo $row["name"] . "<br />";
echo $row["user_id"] . "<br />";
echo $row["photo"] . "<br />";
//.. a lot more column here
}
}
I use this as a array: $user_info = mysql_fetch_assoc(mysql_query("SELECT * FROM `database` WHERE 1));
and to call it i use $user_info['column']
im having some problem here. basically, i want to compare columns. so i fetched object and the comparing results appeared just as expected. however, it does not return the compare value anymore after i added the fetch_array to view the current table hoping that the compare value would appear beside the compare value. is there any way i could run the compare code and make it appear the table? i tried a query but it would only work in MySQL and not PHP.
$query = "SELECT * FROM system_audit"; $result = mysql_query($query) or die(mysql_error());
echo " ID Type Setting Value ";
while($row = mysql_fetch_array($result)) {
echo $row['ID'];
echo $row['Type'];
echo $row['Setting'];
echo $row['Value'];
}
while ($row = mysql_fetch_object($result)) {
if($row->Setting != $row->Value) {
echo "X";
} else {
echo "O";
}
}
Your code contains a lot of echo's that have no use. I would suggest learning PHP a bit more.
Your compare is wrong, this should work :
$query = "SELECT * FROM system_audit";
$result = mysql_query($query) or die(mysql_error());
echo " ID Type Setting Value ";
while($row = mysql_fetch_array($result)) {
echo $row['ID'] . "<br>";
echo $row['Type'] . "<br>";
echo $row['Setting'] . "<br>";
echo $row['Value'] . "<br>";
if($row['Setting'] != $row['Value']) {
echo "X" . "<br>";
}
else {
echo "O" . "<br>";
}
echo "<br>";
Ive been trying to crack this for 2 hours, but something is wrong. I am very much used to doing things without mysqli but read that there is a recommended shift towards it from regular mysql commands. Hence am stuck with following:
<?php
$mysqli = new mysqli('localhost', 'admin', 'test123', 'kadmindb');
if ($result = $mysqli->query("SELECT * FROM records WHERE '$queryType' = '$keyword'")) {
while ($row = $result->fetch_object()) {
echo "<h2>Result:</h2><br>";
echo "ID: " . $row->id . "<br>";
echo "Name: " . $row->cust_name . "<br>";
echo "Invoice No: " . $row->invoice_num . "<br>";
echo "Date: " . $row->date_recorded . "<br>";
}
}
?>
This code is shown in the page where the result of the query should be displayed but nothing is displayed. I checked that both keyword and queryType variables are set and they contain the correct values. Any help would be greatly appreciated. All am trying to do is: select statement to retrieve all the details based on invoice_num submitted.
EDIT: from help I received, I was able to get this working:
$query = "SELECT * FROM records WHERE ".$queryType. " LIKE '%$keyword%' ";
if ($result = $mysqli->query($query)) {
while ($row = $result->fetch_object()) {
echo "<h2>Result:</h2><br><hr/> ";
echo "ID: " . $row->id . "<br>";
echo "Name: " . $row->cust_name . "<br>";
echo "Invoice No: " . $row->invoice_num . "<br>";
echo "Date: " . $row->date_recorded . "<br>";
echo "<hr/>";
}
}
Are you sure there's data to select? This code will only output data if there actually is.
Make sure that $queryType and $keyword are set and have sane values that will yield a result.
Use var_dump($queryType) and var_dump($keyword) immediately before the query. Now check your output. Are they both strings? Run this query directly in PHPMyAdmin and check how many rows you get.
If you can't do that try echo'ing the number of rows returned along with the query values:
if ($result = $mysqli->query("SELECT * FROM records WHERE $queryType = '$keyword'"))
{
while ($row = $result->fetch_object())
{
echo "<h1>Query WHERE '$queryType' = '$keyword' yielded {$result->num_rows} rows!</h1>";
echo "<h2>Result:</h2><br>";
...
Note, you should not have single quotes around the column ($queryType), if you insist you should use backtick quotes (`) but it's unnecessary really - if you're that pedantic you should be using prepared statements.
Also be sure to filter them for any potentially dangerous values that could allow for sql injections. See: mysqli::real_escape_string
Assuming that $queryType is the name of a column in your records table, then I believe the problem is your WHERE clause.
Rather than:
$mysqli->query("SELECT * FROM records WHERE '$queryType' = '$keyword'")
You should have:
$mysqli->query("SELECT * FROM records WHERE {$queryType} = '{$keyword}'")
Note that I've removed the single quotes around $queryType and have used complex (curly) syntax
Also, in the future you might want to try using an else block to trap errors:
$mysqli = new mysqli('localhost', 'admin', 'test123', 'kadmindb');
if ($result = $mysqli->query("SELECT * FROM records WHERE {$queryType} = '{$keyword}'")) {
while ($row = $result->fetch_object()) {
echo "<h2>Result:</h2><br>";
echo "ID: " . $row->id . "<br>";
echo "Name: " . $row->cust_name . "<br>";
echo "Invoice No: " . $row->invoice_num . "<br>";
echo "Date: " . $row->date_recorded . "<br>";
}
}
else
{
echo "Error: " . $mysqli->error;
}