PDO Statement accepting INDEX [0], [1], [2], but not [fieldname1], [fieldname2], [fieldname3] - mysql

Beginner here trying out PDO/MySQL. I am coding a simple SELECT * and displaying the results. The code below works fine to display the contents.
$sql = 'SELECT * FROM names'; //fieldnames are id, name, email
$stmt = $db->prepare($sql);
$stmt->execute();
while ($row = $stmt->fetch())
{echo $row[0] . " | " . $row[1] . " | " . $row[2] . "<br/>";}
However, when I use the fieldname as the index instead of the number, I get a PHP notice:
Notice: Undefined index: name
Codes below does not work.
{echo $row['id'] . " | " . $row['name'] . " | " . $row['email'] . "<br/>";}
I have seen several tutorials where they have used fieldname as the index. Can someone provide some further clarification on when/how the fieldname can be used instead of the number for the index?

Related

Select coalesc max on key update?

My sql query is working fine, until I try to add the absolute last row. How can I get that part working?
INSERT INTO posts (ssp_order, ssp_id, ssp_ss_id, ssp_c_id)
SELECT COALESCE(MAX(ssp_order),0)+1 ,
" . $sspid . "," . $ssid . "," . $cid . "
FROM posts
WHERE ssp_ss_id = " . $ssid . "
ON DUPLICATE KEY UPDATE
ssp_status = 0,
ssp_order = SELECT COALESCE(MAX(ssp_order),0)+1 FROM posts
(please don't worry about the safety of the variables in there)

Reference the table used in the select statement rather than using a subquery
INSERT INTO posts (ssp_order, ssp_id, ssp_ss_id, ssp_c_id)
SELECT maxssporder ,sspid,ssid,cid from
(SELECT COALESCE(MAX(ssp_order),0)+1 as maxssporder,
" . $sspid . " as sspid," . $ssid . " as ssid," . $cid . " as cid
FROM posts p
WHERE ssp_ss_id = " . $ssid . ") q
ON DUPLICATE KEY UPDATE
ssp_status = 0,
ssp_order = q.maxssporder

How to define where condition (ex: userid != 0) in this below query?

How to define where condition in this below query?form the database except the zero value need to shown
private function totalVisitedPagesPerUser() {
$query = "SELECT COUNT(*), " . $this->_db->quoteName('customer_name') . "," .
"\n MAX(". $this->_db->quoteName('visit_timestamp') . ")," . $this->_db->quoteName('browser') . "," .
$this->_db->quoteName('os') . "," .
$this->_db->quoteName('session_id_person') . "," .
$this->_db->quoteName('ip') . "," .
"\n SUM(" . $this->_db->quoteName('impulse') . ")," .
$this->_db->quoteName('geolocation') .
"\n FROM ( SELECT * FROM #__realtimeanalytics_serverstats " . $this->whereQuery . " ORDER BY `visit_timestamp` DESC) AS INTABLE" .
$this->whereQuery .
"\n GROUP BY " . $this->_db->quoteName('session_id_person') .
"\n ORDER BY " . $this->_db->quoteName('customer_name');
$this->_db->setQuery($query);
$results = $this->_db->loadRowList();
if ($this->_db->getErrorNum()) {
throw new JRealtimeException(JText::sprintf('COM_JREALTIME_ERROR_RECORDS', $this->_db->getErrorMsg()), 'error');
}
return $results;
}

you can prepare where condition variable by checking conditions before query start, than append that variable at that point like:
$wherecondtion = "Where 1=1";
if($condition1){$wherecondtion."AND (add required filter 1)"}
if($condition2){$wherecondtion."AND (add required filter 2)"}
your subquery will be like:
"( SELECT * FROM #__realtimeanalytics_serverstats " . $wherecondtion . " ORDER BY `visit_timestamp` DESC)"
Is this the thing you needed or something different thing?

mysql_fetch_array convert into mysqli_

Im trying to rewrite mysql_ into mysqli_, but got 2 errors
mysqli_fetch_array() expects parameter 1 to be mysqli_result, boolean given
and
mysqli_num_rows() expects parameter 1 to be mysqli_result,
why? Ive fixed mysql_query("SELECT...) into mysqli_query($db, "SELECT..) and all others
<?php
ob_start();
session_start();
include('config/configuration.php');
if($_POST['Login'])
{
$UserName=$_POST['username'];
$Password=md5($_POST['password']);
$UserQuery=mysqli_query($db, "SELECT Id, UserName, FirstName, LastName, Level FROM users WHERE UserName='$UserName' AND Password='$Password' AND IsActive=1 and level >= 3");
$UserDetails=mysqli_fetch_array($UserQuery);
if(mysqli_num_rows($UserQuery))
{
$_SESSION['UserName'] = $UserDetails['UserName'] . ' (' . $UserDetails['FirstName'] . ' ' . $UserDetails['LastName'] . ')';
$_SESSION['UserId'] = $UserDetails['Id'];
$_SESSION['Level'] = $UserDetails['Level'];
mysqli_query("UPDATE users SET NumberOfLogin = NumberOfLogin + 1, LastLoginDate = NOW() WHERE Id = " . $_SESSION['UserId'] . " ");

Your query is failing.
Try this to see the issue:
if (!$UserQuery) {
echo "MySQLi Error: " . mysqli_error($con);
die();
}

mysql_fetch_assoc() parameter 1 resource, object given in ... on line 6

Hi I've searched for a solution to this and found several answers and after many edits to the code and no success I'm asking here directly.
$return_arr = array();
$fetch = tep_db_query("select * from products, " . TABLE_PRODUCTS_DESCRIPTION . " WHERE products.products_status = '1' and products.products_id = " . TABLE_PRODUCTS_DESCRIPTION . ".products_id and " . TABLE_PRODUCTS_DESCRIPTION . ".language_id = '" . (int)$languages_id . "' and " . TABLE_PRODUCTS_DESCRIPTION . ".products_name LIKE '%" . $_GET['term'] . "%' LIMIT 0,10");
if($fetch === FALSE) {
die(mysql_error());
}
while ($row = mysql_fetch_assoc($fetch))
{
array_push($return_arr, $row['products_name']);
}
print json_encode($return_arr);
This returns: mysql_fetch_assoc() parameter 1 resource, object given in ... on line 6
I get where it is, just can't seem to find the problem.
Thanks in advance

Use tep_db_fetch_array()
$return_arr = array();
$fetch = tep_db_query("select * from products, " . TABLE_PRODUCTS_DESCRIPTION . " WHERE products.products_status = '1' and products.products_id = " . TABLE_PRODUCTS_DESCRIPTION . ".products_id and " . TABLE_PRODUCTS_DESCRIPTION . ".language_id = '" . (int)$languages_id . "' and " . TABLE_PRODUCTS_DESCRIPTION . ".products_name LIKE '%" . $_GET['term'] . "%' LIMIT 0,10");
echo $fetch; die;
if($fetch === FALSE) {
die(mysql_error());
}
while ($row = tep_db_fetch_array($fetch))
{
array_push($return_arr, $row['products_name']);
}
print json_encode($return_arr);
string mysqli_real_escape_string ( mysqli $link , string $escapestr )
link- A link identifier returned by mysqli_connect() or mysqli_init()
escapestr- The string to be escaped.
You can find an example http://php.net/manual/en/mysqli.real-escape-string.php the first parameter needs to be the link identifier returned by mysqli_connect()

Correcting an UPDATE statement (and making it more secure!)

I'm trying to a single value in my DB...When I run it through the console, it works correctly (as I'm replacing the variables with numbers and text).. However, My query is not returning a value for book ID when I insert the PHP variable for it.. It's because the book_id is unpopulated...
$query = "UPDATE books "
. "SET readstatus='".$readstatus."' "
. "WHERE book_id=".$book_id;
echo $query
The echoed query states:
UPDATE books SET readstatus='half' WHERE book_id=0
The book ID is stored in the URI as bookstatusupdate.php?book_id=
Just cannot figure this one out!

It would help to know the error. Firstly, echo out the query:
$query = "UPDATE books "
. "SET readstatus='".$readstatus."' "
. "WHERE book_id=".$book_id;
echo $query;
I would guess that $book_id is unpopulated, so the query fails. What you should really be doing to make it secure is casting integers with (int) and wrapping strings in mysqli_real_escape_string().
$query = "UPDATE books "
."SET readstatus='". mysqli_real_escape_string( $readstatus )."' "
."WHERE book_id=". (int) $book_id;
If you're trying to get data from the URL, do it like so:
$book_id = (int) $_GET['book_id'];
$query = "UPDATE books "
."SET readstatus='". mysqli_real_escape_string( $readstatus )."' "
."WHERE book_id=". (int) $book_id;
echo $query;