PHP - Passing $string Variable Into Mysql Query

I want to perform a query which returns a subset of the fields in a table.  One particular mySQL field is VARCHAR

I have a query like this:
$query = mysql_query("SELECT * FROM table WHERE code LIKE '3%') ;

It's my understanding this should return all values which begin with "3", but it only returns about a dozen of the values 3, 30-39, 300-399, etc.  (It works with string fields, but this field contains numerals.)

Any help appreciated.

thanks,
Tom

Hi there,
is it possible to join a variable and a string inside a $_POST variable inside a mysql query (UPDATE in this case)

Here is what i am trying to accomplish:

$update = "UPDATE mona SET STKFF='$_POST[$counter."NAME"]' WHERE id='$userid'";

if (!mysql_query($update))
  {
  die('Error: ' . mysql_error());
  }
else echo " <br> Update Complete";

Its the '$_POST[$counter."NAME"]' bit that im worried about, is this possible without having to do:
$foo=$counter."NAME"
'$_POST[$foo]'


Thanks
Chris

Can anyone point out how to write a MySQL query with a PHP variable in the WHERE clause. I've tried {} {'xx'} and () and it still doesn't work.

Here is the code



<?php
ini_set('display_errors',1);
error_reporting(E_ALL|E_STRICT);

 include ("include/connect.php");
 include ("include/session.php");

$username = $session->userinfo['username'];

$result = mysql_query("SELECT email FROM customer WHERE user = {'$username'} ");

while($row = mysql_fetch_array($result))
  {
$custemail = $row['email'];
  }

echo "Session username: " . $username . "";
echo "Session customer email: " . $custemail . "";
?>



So I'm trying to show the email address for a record that matches the username of the user logged in.

I really appreciate the help.

I am working on a room availability calendar that has links for each day. When you click on a link it passes the day month and year in the URL to another page like this:


echo "<td class=\"today\"> <a href=\"status.php?month=$month&day=$day_num&year=$year\">$day_num</a> </td>\n";


I can see that the correct information is being passed through the URL like this:

Code: [Select]
.../status.php?month=12&day=9&year=2010

Then the information is supposed to be passed to the MySQL query, but here is my question: How do I do this? I have a DB table set up, but the query is currently returning a blank page.

Here is my current query:


// connects to server and selects database.
include ("../includes/dbconnect.inc.php");

// table name
$table_name = "availability"; 

// query database for events

$result = mysql_query ("SELECT id FROM $table_name WHERE month=$month AND year=$year AND day=$day_num LIMIT 1") or die();

if (mysql_num_rows($result) > 0 ) {
while($row = mysql_fetch_array($result)) {
extract($row);
echo "<h1>Current availability for ".$row['month'] . "/" . $row['day'] . "/" . $row['year'] . "</h1>";
echo " <ul>";
echo " <li>Earth Room: " . $row['earth_room'] . "</li>";
echo " <li>Air Room: " . $row['air_room'] . "</li>";
echo " <li>Fire Room: " . $row['fire_room'] . "</li>";
echo " <li>Water Room: " . $row['water_room'] . "</li>";
echo " </ul>";
}
}
else {
echo " <ul>";
echo " <li>Currently no reservations.</li>";
echo " </ul>";
}


Any help is appreciated.

Thanks,

kaiman

Hi Members,   I am search for the reason for the problem why my mysql query cannot fetch data and store in file based on id in $variable form. For example, $sql="SELECT * FROM mytable WHERE mine_id='1234'"; works for me. But when i use $sql="SELECT * FROM mytable WHERE mine_id='$id'";, files are created as empty. I chanaged the quotes and could not store the data in file. So anyone please help me. For more clear, i attach the part of my code

for ($i=0;$i<=10;$i++)
    {

$id=$seqs[$i];
$dbo = new PDO($dbc, $user, $pass);
echo $sql = "SELECT * FROM mine_id WHERE locus_id='$id'";

$qry = $dbo->prepare($sql);
$qry->execute();
$data = fopen('file.csv', 'w');

   while ($row = $qry->fetch(PDO::FETCH_ASSOC))
              {
          fputcsv($data, $row);
             }
    }

Edited by phpnewbie007, 20 November 2014 - 02:17 AM.

I know the following simple demonstration fails and what to do to rectify it (though with a lot of additional code is necessary), but I don't know why this is the behaviour. It would be great if someone could explain to me why, and what the neatest way of fixing it would be.

Code: [Select]
+----------+--------------+------+-----+---------+
| Field    | Type         | Null | Key | Default |
+----------+--------------+------+-----+---------+
| Id       | int(11)      | NO   | PRI | NULL    |
| Name     | varchar(45)  | YES  |     | NULL    |     
| Number   | int(9)       | YES  |     | NULL    |         

Code: [Select]
$name = "Bradley Cooper";
$number = "";

$query = "INSERT INTO table (Id, Name, Number) VALUES (1, '$name', $number)";
mysql_query($query);

Because the $number variable is empty, this simple query fails. Logically, one would think that nothing or NULL gets inserted to that field since the MySQL structure rule states that default is NULL, and since nothing is fed to it in the query, I think that it would automatically be NULL since if the column is omitted, that is exactly the value that will be inserted.

Enclosing the variable with quotes is not preferable since this field accepts integers. Also, converting the variable to an integer by (int)$number results in a 0, which is not what I want either. Checking if the variable is empty of not, and if it is, assign $number = "''" so that the query would succeed by enclosing the empty string with single quotes. But this creates a lot of unnecessary code (some of my tables are 80 columns wide and the query therefore have equal amount of variables).

So to summarise, why is this happening and how do I neatly avoid assigning quotes to the empty strings? In other words, how do I insert nothing when variables that usually contain an integer is on occation empty?

Hi

I'm having a problem getting a query to work.

I have a simple form with user input for start and end date with format: 2009-03-19 (todays date):

$Startdate = $_POST['date'];

This works well when something is entered into the form, and afterwards using my query:

SELECT COUNT(*) as total FROM mydb WHERE Date BETWEEN '$Startdate' AND '$EndDate' ........

Problem is if user submits the form without entering anything in the date input fields, which makes sense.

I want to check if inputs has been made, and if not set af default date, but can't make it work:

if (isset($_POST['date']) && $_POST['date'] !='') {
$Startdate = $_POST['date'];}
else { $Startdate = '1980-01-01';}

How can I set $Startdate to something that can be used in the query as below doesn't work?

Hi,

I am trying to make some adjustments to uploadify.php which comes with the latest version of uploadify (3.0 beta), so that it works with a session variable that stores the login username and adds it to the path for uploads.  Here is uploadify.php as it currently looks:

Code: [Select]
<?php
session_name("MyLogin");
session_start();

$targetFolder = '/songs/' . $_SESSION['name']; // Relative to the root

if (!empty($_FILES)) {
$tempFile = $_FILES['Filedata']['tmp_name'];
$targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder;
$targetFile = rtrim($targetPath,'/') .'/'. $_FILES['Filedata']['name'];

// Validate the file type
$fileTypes = array('m4a','mp3','flac','ogg'); // File extensions
$fileParts = pathinfo($_FILES['Filedata']['name']);

if (in_array($fileParts['extension'],$fileTypes)) {
move_uploaded_file($tempFile,$targetFile);
echo '1';
} else {
echo 'Invalid file type.';
}
}

echo $targetFolder;

?>
I added Code: [Select]
echo $targetFolder; at the bottom so that I could make sure that the string returned was correct, and it is, i.e. '/songs/nick'.  For some reason though, uploads are not going to the correct folder, i.e. the username folder, but instead are going to the parent folder 'songs'.  The folder for username exists, with correct permissions, and when I manually enter Code: [Select]
$targetFolder = '/songs/nick';all works fine.  Which strikes me as rather strange.  I have limited experience of using php, but wonder how if the correct string is returned by the session variable, the upload works differently than with the manually entered string.

Any help would be much appreciated.  It's the last issue with a website that was due to go live 2 days ago!

Thanks,

Nick

Hello everyone,

Pretty much what I am trying to do is run a query and based of the queries result, return a string - as of now it is turning up blank and cant seem to pass any strings through the function.

Current function:

function addNewBookmark($hash,$url,$title,$username){
     
      Code: [Select]
$query = "INSERT INTO bookmarks (hash,url,title,username) VALUES '".md5($hash)."', '".$url."', '".$title."', '".$username."')";
      $result = mysql_query(query, $this->connection);
      $message = '';
      if(mysql_affected_rows($this->connection)!=1) {

        $message = 'This URL already exists in the database!';
                return $message;
        }
        else
        $message = 'The URL was shared!';
        return $message;
       
           }
The above code seems to run fine, just cant seem to pass a string...read that you can possibly use a __toString function?  but that keeps throwing errors when I try to work with it.

Thanks all!

Pretty simple I would think but I'm unsure on the syntax. I have a variable, $ename. It's actually data from a form that I pass to said variable. What I want is to then in turn use this string in a mkdir() function. Something like

Code: [Select]
mkdir("dir/folder/$ename/");
Obviously that doesn't work. I'd imagine I have to use some sort of . syntax.

Hello Everyone, 

 

I have below datetime string 2021-05-06T13:48:19.2064951+05:30 i need to get the server timezone name by passing this string to date_default_timezone_set(). 

here is it valid?

can somebody please help me i need the timezone name with above datetime string 

Thanks,

Krish

Here is my code:
// Start MySQL Query for Records
$query = "SELECT codes_update_no_join_1b" .
"SET orig_code_1 = new_code_1,
       orig_code_2 = new_code_2" .
"WHERE concat(orig_code_1, orig_code_2) = concat(old_code_1, old_code_2)";
$results = mysql_query($query) or die(mysql_error());
// End MySQL Query for Records


This query runs perfectly fine when run direct as SQL in phpMyAdmin, but throws this error when running in my script??? Why is this???

Code: [Select]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= new_code_1, orig_code_2 = new_code_2WHERE concat(orig_code_1, orig_c' at line 1

Hi, can anybody please tell me how i can make "Arson" into a php variable

Code: [Select]

<script type="text/javascript" src="js/swfobject.js"></script>
<script type="text/javascript">

swfobject.embedSWF(
  "open-flash-chart.swf", "my_chart",
  "550", "400", "9.0.0", "expressInstall.swf",
  {"data-file":"ofc-chart.php?crime=Arson"} );
 
</script>
 

I had an iframe working for the last few months on a site at hostgator.  Yesterday, it quit working (403 permissions error).  After a long bout of trouble-shooting, I found out that it has something to do with mod_security that they have suddenly enabled (have no idea as I'm not a Linux guy). 

They told me they fixed the problem on my domain by whitelisting it as an exception, but strangely, even though the permissions error went away, the actual src= box of the iframe, which was the url variable I was passing in the url, no longer loads. 

So.. I'm trying to break this down into the simplest form to figure it out.  I just understand php basics so needing some verification that I'm doing this right/wrong. 

Here's my code.. 

page1.php
Code: [Select]
<? $testurl = "http://google.com"; ?>
<a href="http://mysite.blah/page2.php?url=<? echo $testurl; ?>">page2.php</a>
page2.php
Code: [Select]
if (isset($_GET['testurl'])) echo $testurl;
else echo "sorry dude";
I am only able to print "sorry dude". 
Am I doing something wrong or shouldn't this send the url? 

Thanks for the help!

Trying to set up an error message when someone tries to upload a file without the approved .ext.
I have it working so it won't up load but I am trying to get an error to print out.

I was thinking that I could do something like this

if the ext are wrong set
$errorMsg1 == 1;
and then the page will refresh and I would pass that variable to echo out

if ($errorMsg1 == 1){
echo "Invalid"; }
else {

but it isn't passing can anyone help me with this? Tyring to keep it simple

this is the code to select an image

else{
 
  $result = mysql_query("SELECT * FROM photos WHERE userID LIKE '$clientID'");
  while ($r=mysql_fetch_array($result))
  {
     $photo_1=$r['photo_1'];
     $photo_2=$r['photo_2'];
     $photo_3=$r['photo_3'];
     $photo_4=$r['photo_4'];
     $photo_5=$r['photo_5'];

   echo " 
    <form enctype='multipart/form-data' action='' method='POST'>
      <input type='hidden' name='MAX_FILE_SIZE' value='500000' />
      <div id='imageTop'>Image &#38;#35;1</div>
        ";
        if ($errorMsg1 == 1){
       echo "Invalid"; }
       echo "

       <div id='imageBottom'>
         <span class='image'>";
           if (empty($photo_1)) { 
            echo " <img src='uploads/noPhoto.gif' width='75' height='75' class='zip'> ";
              }
            else {
             echo "<a href='uploads/$photo_1' ><img src='uploads/$photo_1' width='75' height='75' class='zip'></a> ";
              }
            echo " 
         </span>
         <span class='action'>
            &nbsp;<input type='file' name='photo_1' class='zip'><br><br>
            <input type='checkbox' name='delete_1'>Select to Delete image
          </span>
       </div>

}


this is the code of what to do with that image

  if (isset($_POST['delete_1']))  {
    $query = "UPDATE photos SET photo_1='' WHERE userID='$clientID'";
    $result = mysql_query($query) or die(mysql_error());
    echo " <div id='aboutUpdate'><img src='img/loader.gif'> Information is updating</div> ";
    echo "<meta http-equiv=refresh content=\"0; URL=photos.php\">";
  }
  else if ($one != NULL) {
    $extension = strrchr($_FILES['photo_1']['name'],'.');
    $extension = strtolower($extension);

    if($extension != '.jpg' && $extension != '.gif' && $extension != '.png' && $extension != '.bmp' ){
      $errorMsg1 == 1;
      echo "<meta http-equiv=refresh content=\"0; URL=photos.php\">";
    }
    else {
    $photoNumber="_1";
    $finalName="$clientID$photoNumber";
    $save_path = "uploads/";
    $target_path = $save_path . basename( $_FILES['photo_1']['name']); 
    $NewPhotoName = $finalName; 
    $withExt = $NewPhotoName . $extension;
    $filename = $save_path . $NewPhotoName . $extension; 
    if(move_uploaded_file($_FILES['photo_1']['tmp_name'], $filename)) {
      $query = "UPDATE photos SET photo_1='$withExt' WHERE userID='$clientID'";
      $result = mysql_query($query) or die(mysql_error());
        echo " <div id='aboutUpdate'><img src='img/loader.gif'> Information is updating</div> ";
        echo "<meta http-equiv=refresh content=\"0; URL=photos.php\">";
      }
    }
    else  {