i have mysql query like this
mysql_query("UPDATE services SET sub_service='".$subbb_service."' WHERE sub_service='".$idd."' ") or die(mysql_error());
variable $subbb_service is with symbol '. Lets say it Hello' . So it fails query couse it looks like this
mysql_query("UPDATE services SET sub_service=' Hello'' WHERE sub_service='".$idd."' ") or die(mysql_error());
Now it has double '' and it dies. Maybe anyone could help me out?
Use mysql_real_escape_string:
$query = sprintf("SELECT * FROM users WHERE user='%s' AND password='%s'",
mysql_real_escape_string($user),
mysql_real_escape_string($password));
Related
I run the php code below within the 'Eval' section of a Fabrik form element. The code is supposed to return/put a number in a form field, but nothing appears in the form field.
When I used another query (refer to '$query-> ' lines) the code does work, so I get the impression that the query contains errors; however, when executing the related webpage with the form fields no sql error appears.
I have no idea what is wrong with the query(?)
Code:
$form_productname = 'testproduct';
$form_username = 'myname';
$db = JFactory::getDbo();
// Create a new query object.
$query = $db->getQuery(true);
//$query->select($db->quoteName(array('a.id', 'b.productid')));
$query->select($db->quoteName('b.productid'));
$query->from($db->quoteName('#__products', 'b'));
$query->join('INNER', $db->quoteName('#__extendedreg_users', 'a') . ' ON (' . $db->quoteName('a.user_id') . ' = ' . $db->quoteName('b.owner') . ')
AND (' . $db->quoteName('a.cf_collectivename') . ' = ' . $db->quote($form_username) . ')
AND (' . $db->quoteName('b.productname') . ' = ' . $db->quote($form_productname)).')'.;
//echo $query;exit;
$db->setQuery($query);
$db->execute();
$results = $db->loadObjectList();
return count($results);
UPDATE: cause was syntax php error in where statement:
. $db->quote($form_productname)).
must be:
. $db->quote($form_productname).
You are not getting any errors because you are not catching any errors. Have a look at How to do SQL exception / error handling.
Do at least a $query->dump() and run your query in a console if you can't figure out what is wrong.
I don't understand why are you quoting the value you are comparing $form_username and $form_productname. But maybe it's late and I am tired.
I am trying to fetch data from table. Table contains the data and query is true. Even why following query says $u and $t are not define. While condition becoming false.
I manually checked in database, it was showing results.
$url = "http://paulgraham.com/";
$user_id = "123";
$con = mysqli_connect('127.0.0.1', 'root', '', 'mysql');
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
return;
}
$result = mysqli_query($con,"SELECT * FROM post_data WHERE userid =".$url." and url=".$user_id."");
while ($row = #mysqli_fetch_array($result))
{
echo "hi";
$t = $row['title'];
$u = $row['url'];
}
echo "title is : $t";
echo "url is : $u";
Giving your SQL query :
"SELECT * FROM post_data WHERE userid =".$url." and url=".$user_id.""
You can see you are mixing url and userid... Change to :
"SELECT * FROM post_data WHERE userid =".$user_id." and url=".$url.""
Also define your $t and $u variables before your loop in case you have no record.
Next time, try to var_dump your generated query to test it.
If you were able to see the errors the DBMS is reporting back to PHP then you'd probably be able to work out what's wrong with the code.
Before the 'while' loop try...
print mysql_error();
(the obvious reason it's failing is that strings mut be quoted in SQL, and you've got the parameters the wrong way around)
So I'm getting this error:
Error: Column count doesn't match value count at row 1
(Very common, and I've checked through google, and my issue is that most of the issues are actual comlumn mismatches as it describes)
My location table has "user", "latitude", "longitude", "posttext", user and posttext are both varchar, and lat and long are int. For the time being, I'm just trying to insert values with user and posttext values. I've taken the query out of my php, and run it in the SQL part of phpmyadmin and it runs fine, so I'm not sure why I'm getting the error.
A php form supplies the post data from text boxes, and this is the php processing code:
<?php
error_reporting(E_ALL);
$username = $_POST['user'];
$textToPost = $_POST['textToPost'];
$con = mysql_connect("127.0.0.1","*","*");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test");
$sql= "INSERT INTO location(user, posttext)
VALUES ('.$username.,.$textToPost.')";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
echo "1 record added";
mysql_close($con);
echo $username;
echo $textToPost;
?>
So I'm hoping it's a very basic syntax error on my part, but could someone help?
You're missing some quotes:
$sql= "INSERT INTO location(user, posttext)
VALUES ('".$username."','".$textToPost."')";
Shouldn't the query be like this?
$sql= "INSERT INTO location(user, posttext)
VALUES ('".$username."','".$textToPost."')";
Try with
$sql= "INSERT INTO location(user, posttext)
VALUES ('".$username."','".$textToPost."')";
Remember you MUST always sanitize user input before using it in a query!!
It could be better using prepared statements...
$con = mysql_connect("xx","xx","xx");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("ban", $con);
$pass=$_POST["password"];-------------> line 10
$mail=$_POST["email"];----------------->line 11
$result31 = mysql_query
("SELECT * FROM `users` WHERE email = '$mail'AND password='$pass'");
$login_check = mysql_num_rows($result31);
echo $login_check;
mysql_close($con)
this is a part of a login system, but it is not working correctly
error i got was:-
Notice: Use of undefined constant password - assumed 'password' in D:\wamp\www\phpadder.php on line 10
Notice: Use of undefined constant email - assumed 'email' in D:\wamp\www\phpadder.php on line 11
Warning: mysql_num_rows() expects parameter 1 to be resource, string given in D:\wamp\www\phpadder.php on line 17
what's wrong with it?
On your error it says you forgot the $ symbole before your password variable,
but also
Your query should be
("SELECT * FROM `users` WHERE email = '$mail' AND password='$pass'");
you forgot to add a space between mail and AND
also consider escaping your values first before using in the query
$sql = "SELECT * FROM `users` WHERE email = '%s' AND password='%s'";
$sql = sprintf($sql,mysql_real_escape_string($mail),mysql_real_escape_string($pass));
now you can query
$result = mysql_query($sql);
The error you are seeing is because your are probably using $_POST[password] and $_POST[email] somewhere.
However, these are just notices, and if you read them well you will see they will have the same effect as using quotes around them (which you really should!)
But your query is also not correct, this will create a valid query:
$result31 = mysql_query
("SELECT * FROMusersWHERE email = '$mail' AND password='$pass'");
Note the extra space between '$mail' and AND.
Is it possible to perform a MySQL search and replace while honoring wildcards?
eg:
$search = "id='%wildcard%-houselisting-rental'>";
$replace = "class='house_rentals'>";
$query = "UPDATE tables SET field = replace(field,'$search','$replace')";
$result = mysql_query($query);
I appreciate any advise on the subject
-h
I found out this wasn't possible for mysql.