|
PHP - Mysql Quirey + String Maniplulation Help
Hi All,
I was hoping to recive some help. I need a DB quiery for a sales DB we have, i have the code (below) and it works as intended. Code: [Select] <?php $db_host = ''; $db_user = ''; $db_pwd = ''; $database = ''; $table = 'nexus_purchases'; if (!mysql_connect($db_host, $db_user, $db_pwd)) die("Can't connect to database"); if (!mysql_select_db($database)) die("Can't select database"); // sending query $result = mysql_query("Select ps_name,ps_member,ps_custom_fields from nexus_purchases where ps_name like 'Varified Owner'"); if (!$result) { die("Query to show fields from table failed"); } $fields_num = mysql_num_fields($result); echo "<h1>Table: {$table}</h1>"; echo "<table border='1'><tr>"; // printing table headers for($i=0; $i<$fields_num; $i++) { $field = mysql_fetch_field($result); echo "<td>{$field->name}</td>"; } echo "</tr>\n"; // printing table rows while($row = mysql_fetch_row($result)) { echo "<tr>"; // $row is array... foreach( .. ) puts every element // of $row to $cell variable foreach($row as $cell) echo "<td>$cell</td>"; echo "</tr>\n"; } mysql_free_result($result); ?> The part i need help with is, this quirey returns, Now the app that deals with our club shop, (nexus) adds bits to the DB I.e ( a:2:{i:3;s:8: ) So in the two feilds when buying club membership someone enters x hae and ST24 And nexus adds a:2:{i:3;s:8:"X HAE";i:4;s:4:"ST24";} to the table in ps_custom_fields What i would like to do is strip out everything not in quotes and get left with "X HAE" "ST24" I hope someone could help me out, Thanks in Advance. Similar Tutorialshere i am again... so i have this algorithm that computes the current academic year for our school.. it outputs the correct academic year on a browser.. but when i try to insert it into my database, the data inserted goes wrong.. it just keeps on inserting -1 instead of the string 2011-2012 here's my code: Code: [Select] <?php $year = date('Y'); $currentyear = $year; $lastyear = $year - 1; $nextyear = $year + 1; if (date('m') < 6) { $current_ay = $lastyear."-".$currentyear; } else if (date('m') >= 6) { $current_ay = $currentyear."-".$nextyear; } echo $current_ay; $insertSQL = "INSERT INTO tbl_elections (election_id) values ($current_ay)"; mysql_select_db($database_organizazone_db, $organizazone_db); $Result1 = mysql_query($insertSQL, $organizazone_db) or die(mysql_error()); ?> *the database column to be inserted into is of varchar data type I am trying to add a value, input into a form, to a MySQL database. However, something must be wrong with the casting, because if there is a space in the form value, then I get an error, as in: //$_POST['string'] == '1blah 2blah'; sql = "INSERT INTO table (some_string) VALUES ($_POST[string])"; $sql_result = mysql_query($sql) or die ('The error is as follows: ' . mysql_error() . '<br /><br />Value could not be added.'); Then I get the following error: The error is as follows: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '2blah' at line 1 I've entered paragraphs into a database before, so this error is now to me. The column 'some_value' is a type: varchar(50). Hi, i have a syntax error on my query string but can't figure out what's wrong : $qry = "UPDATE members SET firstname = '".$fname"', lastname = '".$lname"', passwd = '".md5($password)."' WHERE member_id = '".$_SESSION['SESS_MEMBER_ID']"'"; Any help would be appreciated. Eddy. I have never used real escape string so want to make sure I did it correctly. Also, if I can place it anywhere else to make it even more secure please let me know. This is just the action of a just a simple POST html form. Here it is. Code: [Select] <?php require ('staffarea/sql.php'); $showform="false"; $mcid = mysql_real_escape_string($_POST['mcid']); $age = mysql_real_escape_string($_POST['age']); $description = mysql_real_escape_string($_POST['description']); if(!mysql_query("INSERT INTO `somedatabase`.`appsubmissions` (`id`, `username`, `age`, `description`, `status`) VALUES (NULL, '$mcid', '$age', '$description', 'Pending');")) { echo '<div class=blockrow><b><font size=4>Submission Error</font><br /><br />Something went wrong. Contact Staff in the Support Forums and give them this information:<br /><br /></b><font color=red>'; echo mysql_error(); echo "</font>"; echo '<br /><br /><a href="/forumdisplay.php?f=14">Support Forums</a></div>'; } else { $lastID=mysql_insert_id(); echo "<div class=blockrow><font size=3><b>$mcid, Thank You for your Building Application!</b></font><br /><br />"; echo "Your Unique Application ID: <b>", $lastID; echo "</b> (save this so you can check the application status later)<br /><br /> Your application was submitted successfully. Please allow Staff 24 hours to accept or deny your application. If after 48 hours you still do not have building rights, assume the application was denied and re-submit with different information. DO NOT submit an application more than every 48 hours, doing so will get your account banned for spamming.<br /><br /> While waiting, you might check out the <a href=/index.php?pageid=mcguide>Ultimate Guide</a>.</div>"; } mysql_close($con); ?> Can someone please explain to me why I cant seem to get my mysql update line to work. I have been trying for a while an still nothing. I am new in php and need some help getting this to work. Please be gentle. a good explaination in newbie talk would be appreciated. The session variable I echoed out does work so I know I am reading the variable in from the other page. thanks <?php session_start(); /* Server side scripting with php CISS 225 Lab # Final Project */ //This section will create variables collected from information sent //by the post method on the createUserProcess. /* $_SESSION['city'] = $_POST['city']; $_SESSION['state'] = $_POST['state']; $_SESSION['zipCode'] = $_POST['zipCode']; $_SESSION['profession'] = $_POST['profession']; $_SESSION['activities'] = $_POST['activities']; $_SESSION['hobbies'] = $_POST['hobbies']; */ $city = $_POST['city']; $state = $_POST['state']; $zipCode = $_POST['zipCode']; $profession = $_POST['profession']; $activities = $_POST['activities']; $hobbies = $_POST['hobbies']; $db = mysql_connect("localhost", "root", ""); mysql_select_db("accountprofile",$db); echo $_SESSION['Email']; //$query = "UPDATE accountprofile SET city = '$city', state = '$state', zipcode = '$zipCode', profession = '$profession', " . " //activities = '$activities', hobbies = '$hobbies' WHERE lastName = 'Hildebrand'"; $query = "UPDATE accountprofile SET city = '$city', state = '$state', zipcode = '$zipCode', profession = '$profession', activities = '$activities', hobbies = '$hobbies' WHERE userName = " .$_SESSION['Email'].""; mysql_query($query,$db); if (mysql_error()) { echo "$query<br />"; echo mysql_error(); } echo "THANK YOU!<br />"; echo "Your profile has been completed!<br />"; ?> Hi guys, I have a very simple add.php to add data to a mySQL db. I have a menu/list drop down as one of my fields on my form and this shows an array of results from another table (ranks of the RAF) within my db. When I click the save button I have it process a INSERT INTO command but all i get inputted into my staff table is the first word... eg if I chose "Pilot Officer" from the list menu and then click save all that would appear in my db is "Pilot". Any clues? I will paste the php below... Code: [Select] <?php include('config.php'); ?> <form action='' method='POST' enctype='multipart/form-data'> <p><b>Rank:</b><br /> <select name="rank" id="rank"> <option selected>Please Select</option> <?php $query = "SELECT * FROM ranks ORDER BY rank ASC"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { echo "<option value=". $row["rank"] .">". $row["rank"] ."</option>"; } ?> </select> <p><b>Forename:</b><br /> <input name="forename" type="text" id="forename" value="" size="40"> <p><b>Surname:</b><br /><input name='surname' type='text' id="surname" value='' size="40" /> <p><b>Category:</b><br /> <select name="category" id="category"> <option selected>Please Select</option> <?php $query = "SELECT * FROM categories"; $result = mysql_query($query); while($row = mysql_fetch_array($result)) { echo "<option value=". $row["category"] .">". $row["category"] ."</option>"; } ?> </select> <p><b>Email:</b><br /><input name='email' type='text' id="email" value='' size="50" /> <p><b>Mobile:</b><br /> <input name='mobile' type='text' id="mobile" value='' size="40" /> </p> <input type='submit' value='Save' /> <input type='hidden' value='1' name='submitted' /> </form> <?php if (isset($_POST['submitted'])) { $rank = mysql_real_escape_string($_POST['rank']); $forename = mysql_real_escape_string($_POST['forename']); $surname = mysql_real_escape_string($_POST['surname']); $category = mysql_real_escape_string($_POST['category']); $email = mysql_real_escape_string($_POST['email']); $mobile = mysql_real_escape_string($_POST['mobile']); $sql = "INSERT INTO `staff` (`rank` , `forename` , `surname` , `category` , `email` , `mobile` ) VALUES ( '$rank' , '$forename' , '$surname' , '$category' , '$email' , '$mobile')"; mysql_query($sql) or die(mysql_error()); echo (mysql_affected_rows()) ? "Staff Added":"Nothing Added"; } ?> Hi, how do I store as a string (in a variable) a mysql query b/c what I'm doing below outputs Resource id in client browser: Code: [Select] <?php //database connection set up etc $show=mysql_query("SELECT file_Name FROM xdocument WHERE doc_id=95"); print $show; ?> Any help much appreciated, thanks. I am trying to pass in a $string variable into my query like so but it is returning a warning: Code: [Select] $string = "clientName == '$input'"; $input = "Sam"; $table_id = 'booking'; $query ="SELECT * FROM booking WHERE. '$string' "; $test = mysql_query($query); echo $test; Hello everyone. I'm creating a website that has a sort of messaging system built in and I'm trying to get the information pulled out of the database to display exactly as it was typed. For example, if someone types this message: "This is the first line. This is the second line. And this is two lines below the second line." (By the way, when I view this message using phpMyAdmin, the message is displayed in the above format.) I would like to have the message displayed the same way when it is queried from the database. As of now, this is what I'm seeing instead: "This is the first line. This is the second line. And this is two lines below the second line." How can I achieve this? I would post the code that I'm using, but it's just a basic mysql query to get a variable "$message" then I'm just using echo "$message"; to put it on the page. Any help to point me in the right direction would be greatly appreciated. Thanks! I want to perform a query which returns a subset of the fields in a table. One particular mySQL field is VARCHAR I have a query like this: $query = mysql_query("SELECT * FROM table WHERE code LIKE '3%') ; It's my understanding this should return all values which begin with "3", but it only returns about a dozen of the values 3, 30-39, 300-399, etc. (It works with string fields, but this field contains numerals.) Any help appreciated. thanks, Tom Hi All, I'm working on PHP scripts to interact with a web hosted MySQL DB for an Android Application. Simply what I am trying to do is in the PHP script is run a SELECT statement which will return the value of a column, UserType, and compare the result of this to a string, which will then execute code depending on it's value. This user type can only be either 'student' or 'lecturer'. Any help with this would be much appreciated.
<?php
require "init.php";
$user = $_GET["userID"];
#Selects column account type where the idNum equals $user which is passed from my app.
$sql1 = "select accountType from user_info where idNum = '$user'";
$result1 = mysqli_query($con,$sql1);
$row1 = mysqli_fetch_assoc($result1);
#This is where I am stuck. Simply, I am trying to run the code in the loop where the result of $sql1 equals 'Student'. The else will run if it is not #student and therefore is 'Lecturer'. I'm also not sure if my code inside the IF is fully correct either as it's not running that far.
if($row1['accountType'] == 'Student')
{
$sql2 = "select courseCode from user_info where idNum = '$user'";
$result2 = mysqli_query($con,$sql2);
$row2 = mysqli_fetch_assoc($result2);
$sql3 = "select * from module_details where classListCourseCode = '".$row2['courseCode']."'";
$result3 = mysqli_query($con,$sql3);
$response = array();
while($row = mysqli_fetch_array($result3))
{
array_push($response,array("moduleID"=>$row[0],"lecturerID"=>$row[1],"moduleName"=>$row[2],"classListCourseCode"=>$row[3]));
}
echo json_encode(array("server_response"=>$response));
}
Thanks in advance. Hi there, is it possible to join a variable and a string inside a $_POST variable inside a mysql query (UPDATE in this case) Here is what i am trying to accomplish: $update = "UPDATE mona SET STKFF='$_POST[$counter."NAME"]' WHERE id='$userid'"; if (!mysql_query($update)) { die('Error: ' . mysql_error()); } else echo " <br> Update Complete"; Its the '$_POST[$counter."NAME"]' bit that im worried about, is this possible without having to do: $foo=$counter."NAME" '$_POST[$foo]' Thanks Chris Hi to everybody I need ur help because I’m trying to make a script in php to write the same data but with different date in MySQL depending on the splitting ($data06).... like a schedule...
For example if $data06 = annual and $data03 = “2019/01/01” programm must create in MySQL : 2019/01/01 2020/01/01 2021/01/01 2022/01/01 2023/01/01
if $data06=“half year” will create 10 date , increasing 6 moths ...
But I have a problem at finish of code switch ($data06) { case 'annual': $numrate = 5; $aumdata = "+12 months"; break; case 'half year': $numrate = 10; $aumdata = "+6 month"; break;
default: echo "error"; $sql = "INSERT into $nometb ( name, scadenza ) values ( '$data01', '$data03' )"; if ($conna->query($sql) === TRUE) {} else {die('ERROR'. $conna->error); }
//IMPORT NEXT AND NEW DATE $newDate = date_create($data03); for ($mul = 2; $mul <= $numrate; ++$mul) {
$datanuova = date_create($data03); $datanuova->modify($aumdata); $datanuova->format('yy/m/d'); $newDate = $datanuova->format('yy/m/d');
$sql = "INSERT into $nometb ( name, scadenza ) values ( '$data01', '$newDate' )"; if ($conna->query($sql) === TRUE) {} else {die('ERROR'. $conna->error); }
//HERE THERE IS ERROR $data03 = $newDate;
if ($conna->query($sql) === TRUE) {} else {die('ERRORE NELL\'IMPORTAZIONE'. $conna->error); } }
} }
}
How I can resolve ?
many thanks Francesco i have made function of prepare or check the mysql real escapte string but when i run this code it gives two warnings msg Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user 'SYSTEM'@'localhost' (using password: NO) in C:\wamp\www\cart\include\db.php on line 42 Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\wamp\www\cart\include\db.php on line 42 kindly tell me what is this msg about how to solve it my code is 37 public function mysql_prep($value){ 38 $magic_quotes_active=get_magic_quotes_gpc(); 39v$new_enough_php=function_exists("mysql_real_escape_string"); 40 if($new_enough_php){ 41if($magic_quotes_active){ $value=stripslashes($value);} 42 $value= mysql_real_escape_string($value);} 43 else { 44 if($magic_quotes_active){$value=addslashes($value);} 45} 46 return $value; 48 } Hey there... I'm so stuck on this problem I was hoping someone could help... I need to query a MySQL Database using array values... Here is my array ... $query_keywords = Array ( [7] => business [10] => home [11] => depo ) Here is my php ...$query = "SELECT * FROM product WHERE product_name, product_comment IN ($query_keywords)"; $result=mysql_query($query); if(mysql_num_rows($result) > 0) { echo "results"; } else { echo "no results"; } Unfortunately, I get this ... Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in blah\blah\results.php on line 99 Please help me All comments greatly appreciated... I have a kind of search and react on my site. The user can search for a number in a column as below $search = mysqli_real_escape_string($link, $_POST["query"]); $query = "SELECT * FROM $table[$i] WHERE oemnr LIKE '".$search."%' ORDER BY model";
The code works fine but I want to expand the function to get match for other numbers also. The oemnr column today can be 12345 which shows up if the user type 12.... I want to expand the oemnr column as 12345/03124/34713, numbers separated with / or another character. If the user type 03... or 34... I want to find and show 12345 because it is on the same row and corresponds to the numbers on the same row. Is it possible to do in mysql? In php that kind of operation can be done with the explode function but I don't know how to use with mysql. Edited February 14 by jiggaI'm planning on storing RIPEMD-160 passphrase hash's raw binary data in MySQL as BINARY(20). Right now, I'm not sure if one of the following INSERT approach is more preferrable and more efficient: Approach (1) - Using mysqli::real_escape_string() ================================================= Code: [Select] $binhash = $mysqli->real_escape_string(hash('ripemd160', $passphrase, true)); $mysqli->query("INSERT INTO testtbl (Passphrase) VALUES ('" . $binhash . "')"); This approach saves hash() from converting raw binary data to hexadecimal format, but need to process and escape the binary string. Approach (2) - Using UNHEX() on MySQL ===================================== Code: [Select] $hexhash = hash('ripemd160', $passphrase); $mysqli->query("INSERT INTO testtbl (Passphrase) values (UNHEX('" . $hexhash . "'))"); This approach needs hash() to convert binary data to hexadecimal but no need for escaping the string and it put extra load on MySQL to convert the hexadecimal back to binary. Hi, I am trying to make some adjustments to uploadify.php which comes with the latest version of uploadify (3.0 beta), so that it works with a session variable that stores the login username and adds it to the path for uploads. Here is uploadify.php as it currently looks: Code: [Select] <?php session_name("MyLogin"); session_start(); $targetFolder = '/songs/' . $_SESSION['name']; // Relative to the root if (!empty($_FILES)) { $tempFile = $_FILES['Filedata']['tmp_name']; $targetPath = $_SERVER['DOCUMENT_ROOT'] . $targetFolder; $targetFile = rtrim($targetPath,'/') .'/'. $_FILES['Filedata']['name']; // Validate the file type $fileTypes = array('m4a','mp3','flac','ogg'); // File extensions $fileParts = pathinfo($_FILES['Filedata']['name']); if (in_array($fileParts['extension'],$fileTypes)) { move_uploaded_file($tempFile,$targetFile); echo '1'; } else { echo 'Invalid file type.'; } } echo $targetFolder; ?> I added Code: [Select] echo $targetFolder; at the bottom so that I could make sure that the string returned was correct, and it is, i.e. '/songs/nick'. For some reason though, uploads are not going to the correct folder, i.e. the username folder, but instead are going to the parent folder 'songs'. The folder for username exists, with correct permissions, and when I manually enter Code: [Select] $targetFolder = '/songs/nick';all works fine. Which strikes me as rather strange. I have limited experience of using php, but wonder how if the correct string is returned by the session variable, the upload works differently than with the manually entered string. Any help would be much appreciated. It's the last issue with a website that was due to go live 2 days ago! Thanks, Nick Hello all, I'm trying to change the end of a javascript call based on the end of the url string. The common part of all the url strings is sobi2Id=, I'm trying to do this with strstr but am having no luck. I'm new to php so my syntax knowledge is terrible! at the moment i've got Code: [Select] <?php $url = $_SERVER['REQUEST_URI']; $tag = strstr ($url, 'sobi2Id='); echo $tag; ?> but this returns an unexpected T_STRING, expecting ',' or ';' Can anyone debug this? I may well be being really silly! |
|||||||