Page 1 of 3

Creating a MYSQL query in a loop SEE LAST POST

Posted: Tue Aug 08, 2006 5:37 pm
by reecec
Hi all

Just another quick issue this time.]
Is it not possible to use mysql_fetch_row($result): when you have used a where clause in $result as i get the mysql_fetch_row(): error

sorry i dont know what its called where the function looks at the () var in the brackets

thanks reece

Posted: Tue Aug 08, 2006 5:50 pm
by feyd
code please.Image

Posted: Tue Aug 08, 2006 6:07 pm
by reecec
sorry wasnt sure if you needed to see the code

Code: Select all

$table=$_REQUEST['table'];

$result = mysql_query("select * from $table");


$searchquery='mysql_query("SELECT * FROM test ';
$i=0;
while ($i < mysql_num_fields($result)) {
$meta = mysql_fetch_field($result, $i);
$name=$meta->name;
$con = ( $field[$i]=='' ) ? '"' : "$name = $field[$i]";
    $finish = ( $i == 1) ? '")' : ' AND ';
    $searchquery .= "$con$finish";
    $i++;
} 
 echo $searchquery;


if ($searchquery) {
    echo "Searched $table";
} else {
    echo "Error Searching $table";
}

echo '<table border="1" cellspacing="0" cellpadding="0">';

while ($field=mysql_fetch_field($result)) {

echo "<th>";
echo "$field->name";
echo "</th>";
}
echo "<th>";
echo "Delete";
echo "</th>";



while ($row = mysql_fetch_row($searchquery)) {
echo "<tr>";
for ($i=0; $i<mysql_num_fields($searchquery); $i++) {
echo "<td>";
echo "$row[$i]";
echo "</td>";
}}

Posted: Tue Aug 08, 2006 6:31 pm
by feyd
In the code you've posted $searchquery is merely a string, not the result resource from MySQL. The output from your inner while loop will only be written out once with the current code. You may want to cache the results it creates. And finally, your code will generate invalid HTML.

Posted: Tue Aug 08, 2006 8:13 pm
by Jenk
.. and is also vulnerable to sql injection.

Posted: Sat Aug 12, 2006 5:41 am
by reecec
Hi thanks all for you replyes

but when i check the query it works and doesnt give an error and says sucsess


but even if i do a standard on a new script
mysql_fetch_rows
it works but as soon as i tell it what row to get using a WHERE is doesnt like it can i not use this to get a specific row


thanks reece

Posted: Sat Aug 12, 2006 9:03 am
by feyd
I have no clue what you just said.

Image

Posted: Sun Aug 13, 2006 12:41 pm
by reecec
sorry an example may help


this is fine

Code: Select all

$result=mysql_query("SELECT * FROM anytable");
$field=mysql_fetch_field($result)
but when a where clause is added it gives an error

Code: Select all

$result=mysql_query("SELECT * FROM anytable WHERE field=anything");
$field=mysql_fetch_field($result)

thanks reece

Posted: Sun Aug 13, 2006 12:53 pm
by feyd
  • Place backticks around database, table and field references.
  • Use quotes around strings.
  • Use database native types for numbers, dates and the like.

Posted: Sun Aug 13, 2006 3:06 pm
by reecec
thanks thats sorted it


reece

Posted: Mon Aug 14, 2006 10:53 am
by reecec
Hi all


as you know im trying to do a SQL query this is what it echos

mysql_query("SELECT * FROM test WHERE username = 'test' AND profile = 'test' ")
what would be wrong with this as it wont fetch fields with this query

thanks for your help reece

Posted: Mon Aug 14, 2006 10:55 am
by s.dot
try the mysql_error() function

Posted: Mon Aug 14, 2006 10:57 am
by feyd
You've forgotten the first bullet point I made already.

Posted: Mon Aug 14, 2006 11:07 am
by reecec
hi


i put them on the WHERE but not the db name so i added them like this
mysql_query("SELECT * FROM `test` WHERE 'username' = 'test' AND 'profile' = 'test' ")
but noting else changed is this what you mean

thanks reece

Posted: Mon Aug 14, 2006 11:11 am
by infolock
you are using ticks incorrectly in this query:
mysql_query("SELECT * FROM `test` WHERE 'username' = 'test' AND 'profile' = 'test' ")
instead, it should say this:

Code: Select all

$sql = mysql_query("SELECT * FROM `test` WHERE username = 'test' AND profile = 'test' ");
or even

Code: Select all

$sql = mysql_query("SELECT * FROM `test` WHERE `username` = 'test' AND `profile` = 'test' ");