We Keep Coding

To get two values as input in php

In my below php code the student rollno and name is got as input and the student address and mark will be displayed based on it. But the code works only if i give only 1 input.
<?php
if($_SERVER['REQUEST_METHOD']=='GET'){
$rollno = $_GET['rollno'];
$name = $_GET['name'];
require_once('dbConnect.php');
$sql = "SELECT * FROM colleges WHERE rollno='".$rollno."'" and name='".$name."'";
$r = mysqli_query($con,$sql);
$res = mysqli_fetch_array($r);
$result = array();
array_push($result,array(
"address"=>$res['address'],
"marks"=>$res['marks']
)
);
echo json_encode(array("result"=>$result));
mysqli_close($con);
}

replace $sql = "SELECT * FROM colleges WHERE rollno='".$rollno."'" and name='".$name."'";
To
"SELECT * FROM colleges WHERE rollno='".$rollno."' and name='".$name."'";

$sql = "SELECT * FROM colleges WHERE rollno='".$rollno."'" and name='".$name."'";
Corrected :
$sql = "SELECT * FROM colleges WHERE rollno='".$rollno."' and name='".$name."'";
But for better you should use prepared statements
Example
$link = mysqli_connect("localhost", "my_user", "my_password", "db_name");
$query = "SELECT * FROM colleges WHERE rollno=? AND name=?";
$params = array($rollno,$name);
mysqli_prepared_query($link,$query,"ss",$params)

Check and make sure the line $sql query is correct in your code because it is incorrect in your question.
$sql = "SELECT * FROM colleges WHERE rollno='".$rollno."'" and name='".$name."'";
Should be
$sql = "SELECT * FROM colleges WHERE rollno='" . $rollno . "' and name='" . $name ."'";
Or use single quotes for improved performance as:
$sql = 'SELECT * FROM colleges WHERE rollno = "' . $rollno .'" and name= "' . $name ."';
Secondly, what's the data type of your$rollno, if its not string then consider removing the single quotes surrounding it.
Thirdly, make sure both columns rollno and name have variables at all time, with the correct query else you all get a Null result.
Finally, I strongly suggest you use a pdo and its prepared statement next time.

How to loop php using ref data from mysql?

How to loop php using ref data from mysql ?
work flow :
Loop If column 'xxx' == ''
{
$sql = "SELECT * FROM table WHERE xxx == '' order by id desc";
$result = mysql_query($sql);
$datas=mysql_fetch_array($result);{
$id = stripslashes(str_replace('\r\n', '<br>',($datas['id'])));
}
$sql = "UPDATE table SET xxx = 'test' WHERE id = '$id' ";
$dbQuery = mysql_query($sql);'
}

ypur query is confusing. why would you store ids with html in them? regardless, this should work
$sql = "SELECT * FROM table WHERE xxx != '' "; //ORDER BY will not work since ids are not int
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result){
$id = stripslashes(str_replace('\r\n', '<br>',($row['id'])));
$sql = "UPDATE table SET xxx = 'test' WHERE id = '$id' ";
$dbQuery = mysql_query($sql);'
}

How to use an array in a WHERE sql clause?

i am trying to run the following php code:
$con = mysql_connect("localhost", "root", "") or die('connection not made');
$db = mysql_select_db('name', $con) or die('db not selected');
$query1 = "SELECT * FROM nodesensors WHERE NodeID=2";
$result1 = mysql_query($query1, $con);
$sensorids = mysql_fetch_array($result1);
$query2 = "SELECT SensorID, Variable FROM sensors WHERE SensorID IN($sensorids)";
$result2 = mysql_query($query2, $con) or die('query not made');
$sensors = mysql_fetch_array($result2);
echo $sensors;
where i want to get only those sensors that have a SensorID, which is also a value in the 'sensorids' array.
When i run the code i get the following:
Notice: Array to string conversion in C:\...\test.php on line 10
query not made
When i remove the "$" as follows:
$query2 = "SELECT SensorID, Variable FROM sensors WHERE SensorID IN(sensorids)";
the notice goes away, but still, the query is not made.
Is there any problem with the format of the 'sensorids' array?
Also, is 'echo' the right way to present the array or should i use another method?
Thanks a lot!

You don't have to use implode or anything, just combine your queries
SELECT SensorID, Variable FROM sensors WHERE SensorID IN
(
SELECT id FROM nodesensors WHERE NodeID=2
)
A note for all the implode based answers:
That will only work if they select only 1 column in their first query, they are doing SELECT * which results in a multi-dimensional array and doesn't contain only sensor ids and hence that will fail. See the updated answer by diEcho to read more about that.
And use a newer and safer extension for MySQL stuff
How can I prevent SQL injection in PHP?

I would suspect you can do this in 1 query, but I don't know your name of the id field, might be SensorID or something.
$query2 =
"SELECT SensorID, Variable
FROM sensors
WHERE SensorID IN (
SELECT id
FROM nodesensors
WHERE NodeID=2
)";
$result2 = mysql_query($query2, $con) or die('query not made');
$sensors = mysql_fetch_array($result2);
Alternatively:
$query2 =
"SELECT s.SensorID, s.Variable
FROM sensors AS s
INNER JOIN nodesensors ns ON ns.id = s.SensorID
WHERE ns.NodeID=2";
$result2 = mysql_query($query2, $con) or die('query not made');
$sensors = mysql_fetch_array($result2);

Try this and you are done,
Please don't use Select * but use the only column contain senserid
<?php
$con = mysql_connect("localhost", "root", "") or die('connection not made');
$db = mysql_select_db('name', $con) or die('db not selected');
$query1 = "SELECT * FROM nodesensors WHERE NodeID=2";
$result1 = mysql_query($query1, $con);
$sensorids = mysql_fetch_array($result1);
$query2 = "SELECT SensorID, Variable FROM sensors WHERE SensorID IN(".implode(',',$sensorids).")";
$result2 = mysql_query($query2, $con) or die('query not made');
$sensors = mysql_fetch_array($result2);
echo $sensors;
?>

fixes
SELECT * is wrong, select only sensorID column from nodesensors
SELECT sensor_column FROM nodesensors ...
Use implode with glue ',' before applying it to second query
$id_list = implode("','",$sensorids);
Mysql IN takes comma separated values
WHERE SensorID IN(" . $id_list . ")";

Use Implode
$sensorids = implode(',',$sensorids);
$query2 = "SELECT SensorID, Variable FROM sensors WHERE SensorID IN($sensorids)";

Comparing two values set in MySQL table php

I have a mysql table that has 2 columns, claim_status and show (both VARCHAR(500)) I tested with int didn't work.
I want to query only the items that have claim_status='0' and show='1'
right now nothing is returned here is my PHP code:
$query = "SELECT COUNT(*) as num FROM $tableName WHERE claim_status='0' AND show='1'";
$query1 = "SELECT * FROM $tableName WHERE claim_status='0' AND show='1'";
** it fails on this line **
$query = "SELECT COUNT(*) as num FROM $tableName WHERE claim_status=0 AND show=1";

$query = SELECT * FROM tablename WHERE claim_status='0' AND show='1';
$result = mysql_query($query);
if (!$result) {
die('Invalid query: ' . mysql_error());
}

Simple mysql query not working

I have this very simple function:
function getCatName($id){
$sql = "SELECT * FROM biznet_category WHERE ID ='".$id."';";
$res = mysql_query ($sql) or die (mysql_error ());
$row = mysql_fetch_assoc ($res);
$name = $row["Name"];
return $name;
}
So with this function I should be able to get the category name, but it doesn't work with the parameter. If I put 8 or 9, the categoryname is displayed correctly.
The id is also passed on like it should, when I print it out, it shows 8 or 9.
I know the solution is quite simple, I just don't see it.

To fix remove the quotes and check the column name for case id or ID. Since the query string is in double quotes you don't have to use the . join
$sql = "SELECT * FROM biznet_category WHERE ID = $id";
You can use curly brackets which I find easier to read
$sql = "SELECT * FROM biznet_category WHERE ID = {$id}";
If you were querying a string rather than an integer you can simply do
$sql = "SELECT * FROM biznet_category WHERE ID = '{$id}'";

$sql = "SELECT * FROM biznet_category WHERE ID ='".$id."';";
To
$sql = "SELECT * FROM biznet_category WHERE ID = ".$id;

Try this
$sql = "SELECT * FROM biznet_category WHERE ID = ".$id;

Is the column name ID spelt correctly?