I need to insert an ID into session for later use. Table contains ID, username and password.
To get the ID im using:
$sql = "SELECT id FROM members WHERE username='$myusername' and password='$mypassword'";
$result=mysql_query($sql);
And trying to store it into session:
$_SESSION["id"] = $result;
When im trying to insert $_SESSION[id] into a table I get the value of 0 (which is the default value I made).
Kinda new on PHP, any help would be appriciated :)
you need fetch the value aswell:
$result=mysql_query($sql);
$fetch =mysql_fetch_array($result);
$_SESSION["id"] = $fetch["ID"];
Attempting to print $result won't allow access to information in the resource.
You need to use a function to access the resource returned:
$row = mysql_fetch_assoc($result)
$id = $row['id'];
The proper way to handle result would be to first check it has any value at all, i.e.:
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);
}
mysql_query() returns a resource on success, or FALSE on error. You need to fetch the rows from that result:
$result = mysql_query("SELECT id, name FROM mytable") or die(mysql_error());
$row = mysql_fetch_array($result);
if($row){ // check that there was really selected at least one row
$_SESSION['id'] = $row['id'];
}
Related
The problem I encountered has to do with the query using session variables.
during the user login i assigned a session variable as such
$myemail = $_POST['email'];
$mypassword = $_POST['password'];
$sql = "SELECT * FROM users WHERE email = '$myemail'";
$result = pg_query($db,$sql);
$row = pg_fetch_assoc($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if(count($result) == 1) {
$_SESSION['user_id'] = $row['id'];
}
The highlight is $_SESSION['user_id'] = $row['id']
Next once the user logs in i want to find the info of the user in my database, so I searched for the user as such
$userid = $_SESSION['user_id'];
$result = pg_query($db, "SELECT * FROM users WHERE id = '$userid'") or die("error on query");
$user_info = pg_fetch_assoc($result);
But I keep on getting error on query showing that the query is failing. I have no idea why this is happening.
if user id is int in your db you don't need the single ticks(''). This will cause query failure as well. You could try something like this ".$userid."
$result = pg_query($db, "SELECT * FROM users WHERE id = ".$userid."") or die("error on query");
but count($result) won't give you row count. Try using
if(pg_num_rows($result) == 1){
$session['user_id']= $row['id'];
}else{
echo pg_num_rows($result);
}
Underneath $_SESSION['user_id'] = $row['id']; in the same if statement, echo the id to see what response you get
echo $_SESSION['user_id'];
I don't understand this because I'm just getting into query's and php.
I'm trying to get the user's ID from the database and set that equal to a different users friendreq column.
Don't worry about me not escaping properly, this is only a test so I can practice! Thank you! (Although I'm not sure what escaping is, I'm going to do my research!)
$usernameID = "SELECT Id FROM Users WHERE Username = '$username'";
$sql = "UPDATE Users SET FriendReq = $usernameID WHERE Username = '$usernamebeingreq'";
$result = mysqli_multi_query($con, $usernameID, $sql);
if(!$result)
{
echo 'Failed';
}
else
{
echo 'Friend added!';
}
According to the PHP reference of mysqli_multi_query your two queries need to be concatenated with a semicolon. You're passing each query as its own parameter.
Use the following instead:
$result = mysqli_multi_query($con, $usernameID . "; " . $sql);
This will concatenate your two queries, so that it's the following:
SELECT Id FROM Users WHERE Username = '$username'; UPDATE Users SET FriendReq = $usernameID WHERE Username = '$usernamebeingreq'
I am trying to created a way to call information from the database for a user to view. Such as they log in and it has their registered information viewed. I have this
session_start();
if($_SESSION['id'])
$result = mysql_query("SELECT * FROM User WHERE `id` = $_SESSION[id]")
or die(mysql_error());
while($row = mysql_fetch_array( $result )) {
echo '<b>First Name:</b>' .$row['fname'];
echo '<br>';
echo '<b>Last Name:</b>' .$row['lname'];
}
but nothing shows up. My database name is megan, table is user, fields i want displayed are first name (fname) and last name (lname).
Can someone point me in the right direction. Thank you in advance!
Bad array indexing.
$result = mysql_query("SELECT * FROM User WHERE `id` = " . $_SESSION['id'])
You should turn on PHP error displaying.
First change this,
if(isset($_SESSION['id']))
because you have to check if the session isset correctly then do the query,
then the sql change to this,
$result = mysql_query("SELECT * FROM User WHERE `id` = ".$_SESSION['id'])
Is there any way to store mysql result in php variable? thanks
$query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=$conn->query($query);
then I want to print selected userid from query.
Of course there is. Check out mysql_query, and mysql_fetch_row if you use MySQL.
Example from PHP manual:
<?php
$result = mysql_query("SELECT id,email FROM people WHERE id = '42'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
?>
There are a couple of mysql functions you need to look into.
mysql_query("query string here") : returns a resource
mysql_fetch_array(resource obtained above) : fetches a row and return as an array with numerical and associative(with column name as key) indices. Typically, you need to iterate through the results till expression evaluates to false value. Like the below:
while ($row = mysql_fetch_array($query)){
print_r $row;
}
Consult the manual, the links to which are provided below, they have more options to specify the format in which the array is requested. Like, you could use mysql_fetch_assoc(..) to get the row in an associative array.
Links:
http://php.net/manual/en/function.mysql-query.php
http://php.net/manual/en/function.mysql-fetch-array.php
In your case,
$query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=mysql_query($query);
if (!$result){
die("BAD!");
}
if (mysql_num_rows($result)==1){
$row = mysql_fetch_array($result);
echo "user Id: " . $row['userid'];
}
else{
echo "not found!";
}
$query="SELECT * FROM contacts";
$result=mysql_query($query);
I personally use prepared statements.
Why is it important?
Well it's important because of security. It's very easy to do an SQL injection on someone who use variables in the query.
Instead of using this code:
$query = "SELECT username,userid FROM user WHERE username = 'admin' ";
$result=$conn->query($query);
You should use this
$stmt = $this->db->query("SELECT * FROM users WHERE username = ? AND password = ?");
$stmt->bind_param("ss", $username, $password); //You need the variables to do something as well.
$stmt->execute();
Learn more about prepared statements on:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php MySQLI
http://php.net/manual/en/pdo.prepared-statements.php PDO
$query = "SELECT username, userid FROM user WHERE username = 'admin' ";
$result = $conn->query($query);
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$arrayResult = mysql_fetch_array($result);
//Now you can access $arrayResult like this
$arrayResult['userid']; // output will be userid which will be in database
$arrayResult['username']; // output will be admin
//Note- userid and username will be column name of user table.
I have the following code and it should return just one value (id) from mysql table. The following code doesnt work. How can I output it without creating arrays and all this stuff, just a simple output of one value.
$query = "SELECT id FROM users_entity WHERE username = 'Admin' ";
$result = map_query($query);
echo $result;
I do something like this:
<?php
$data = mysql_fetch_object($result);
echo $data->foo();
?>
You have to do some form of object creation. There's no real way around that.
You can try:
$query = "SELECT id FROM users_entity WHERE username = 'Admin' ";
//$result = map_query($query);
//echo $result;
$result = mysql_query($query); // run the query and get the result object.
if (!$result) { // check for errors.
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result); // get the single row.
echo $row['id']; // display the value.
all you have is a resource, you would still have to make it construct a result array if you want the output.
Check out ADO if you want to write less.
Not sure I exactly understood, what you want, but you could just do
$result = mysql_query('SELECT id FROM table WHERE area = "foo" LIMIT 1');
list($data) = mysql_fetch_assoc($result);
if you wish to execute only one row you can do like this.
$query = "SELECT id FROM users_entity WHERE username = 'Admin' ";
$result = mysql_query($query);
$row = mysql_fetch_row($result);
echo $row[0];
there have been many ways as answered above and this is just my simple example. it will echo the first row that have been executed, you can also use another option like limit clause to do the same result as answered by others above.