FRIHOST FORUMS SEARCH FAQ TOS BLOGS COMPETITIONS
You are invited to Log in or Register a free Frihost Account!


problem with SQL





ChrisCh
Hey there. I'm trying 2 write a script that returns a person's email address when you enter their username (for admin purposes), but it doesn't want to work Sad Here's what i've done so far:

Code:
<?php
   $db_user = ***;
   $db_pass = ***;
        $useratt = $POST['username'];

   //connect to the DB and select the database
   $connection = mysql_connect('localhost', $db_user, $db_pass) or die('Database is temporarily unavailable. Please try again later.');
   mysql_select_db('***', $connection) or die('Database is temporarily unavailable. Please try again later.');

   //set up the query
   $query = "SELECT email_address FROM users
         WHERE user_name='$useratt'";
         
   //run the query
   $result = mysql_fetch_object(mysql_query($query, $connection)) or die('Error!');
print $result->email_address;
die('');
?>


It just shows Error! whenever I try and submit anything to it. I tried changing the Error! bit to die(mysqlerror()); , but it didn't show any errors - instead a blank screen.

So does anyone know what's wrong with this? Smile
shamil
Make sure there exists users table having fieldnames email_address, user_name. And update $query to
Code:
$query = "SELECT email_address FROM users
         WHERE user_name='".$useratt."'";
.
Or try other working query to make sure u have error in ur query.
hexkid
ChrisCh wrote:
It just shows Error! whenever I try and submit anything to it. I tried changing the Error! bit to die(mysqlerror()); , but it didn't show any errors - instead a blank screen.


Increase the error level reporting.
Code:
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

   $db_user = ***;
// ...


And correct any Notices and Warnings that show up.
ChrisCh
shamil wrote:
Make sure there exists users table having fieldnames email_address, user_name. And update $query to
Code:
$query = "SELECT email_address FROM users
         WHERE user_name='".$useratt."'";
.
Or try other working query to make sure u have error in ur query.


I changed the query and it still comes up blank. And yes, I do have a database with the right tables and colums...

hexkid wrote:
ChrisCh wrote:
It just shows Error! whenever I try and submit anything to it. I tried changing the Error! bit to die(mysqlerror()); , but it didn't show any errors - instead a blank screen.


Increase the error level reporting.
Code:
<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');

   $db_user = ***;
// ...


And correct any Notices and Warnings that show up.


I added the error bit at the top and it gave this error:
Quote:
Notice: Undefined variable: POST in (filename) on line 12


I've never had to declare or initialise POST before... Do you have to declare it first before using it in this situation?
ChrisCh
Actually don't worry about it - I found the cause! the POST variable has to be written as $_POST, not $POST as I had it Smile

Thanks hexkid for showing how increase error reporting... I'll keep that in mind in future!
hexkid
ChrisCh wrote:
Thanks hexkid for showing how increase error reporting... I'll keep that in mind in future!

You're very welcome Smile


Now that you have your script working, maybe it would be nice to make it stronger.

Q: What happens if somebody's username is Mc'Donalds?
A: The SELECT command will break (unless magic_quotes_gpc is on)!

The $query variable
Quote:
$query = "SELECT email_address FROM users WHERE user_name='$useratt'";
will become SELECT email_address FROM users WHERE user_name='Mc'Donalds' and MySQL will not like the stray quote there.

I don't like to rely on the PHP configuration (whether or not I can change it), so I always test for magic quotes and act accordingly
Code:
// ...
$useratt = (get_magic_quotes_gpc()) ? ($_POST['username']) : (mysql_real_escape_string($_POST['username']));
// ...
rohan2kool
hexkid wrote:

I don't like to rely on the PHP configuration (whether or not I can change it), so I always test for magic quotes and act accordingly
Code:
// ...
$useratt = (get_magic_quotes_gpc()) ? ($_POST['username']) : (mysql_real_escape_string($_POST['username']));
// ...


The php manual describes a function that does essentially the same (you'd like to rather call that a sub-routine) that does it for all the REQUEST arrays. Just have a look:

Code:

<?php
if (get_magic_quotes_gpc()) {
    function stripslashes_deep($value)
    {
        $value = is_array($value) ?
                    array_map('stripslashes_deep', $value) :
                    stripslashes($value);

        return $value;
    }

    $_POST = array_map('stripslashes_deep', $_POST);
    $_GET = array_map('stripslashes_deep', $_GET);
    $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
}
?>
Related topics
have problem on my sql
I can't upload my Database SQL script ! Helllppppp!!!!
Forum Problem
SQL
SQL and PHP
Sql Error: 1017. Missing all the indexes files of phpbb
How to edit SQL files?
MySql to SQL
.sql problem
phpBB problem
MySQL problem :'(
SQL error on my site
phpmyadmin upload problem
Problem with my SQL Server (not Frihost)
Strange SQL cursor problem. Pls do not ignore if can help.
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2011 Frihost, forums powered by phpBB.