Page 1 of 3
Creating a MYSQL query in a loop SEE LAST POST
Posted: Tue Aug 08, 2006 5:37 pm
by reecec
Hi all
Just another quick issue this time.]
Is it not possible to use mysql_fetch_row($result): when you have used a where clause in $result as i get the mysql_fetch_row(): error
sorry i dont know what its called where the function looks at the () var in the brackets
thanks reece
Posted: Tue Aug 08, 2006 5:50 pm
by feyd
code please.

Posted: Tue Aug 08, 2006 6:07 pm
by reecec
sorry wasnt sure if you needed to see the code
Code: Select all
$table=$_REQUEST['table'];
$result = mysql_query("select * from $table");
$searchquery='mysql_query("SELECT * FROM test ';
$i=0;
while ($i < mysql_num_fields($result)) {
$meta = mysql_fetch_field($result, $i);
$name=$meta->name;
$con = ( $field[$i]=='' ) ? '"' : "$name = $field[$i]";
$finish = ( $i == 1) ? '")' : ' AND ';
$searchquery .= "$con$finish";
$i++;
}
echo $searchquery;
if ($searchquery) {
echo "Searched $table";
} else {
echo "Error Searching $table";
}
echo '<table border="1" cellspacing="0" cellpadding="0">';
while ($field=mysql_fetch_field($result)) {
echo "<th>";
echo "$field->name";
echo "</th>";
}
echo "<th>";
echo "Delete";
echo "</th>";
while ($row = mysql_fetch_row($searchquery)) {
echo "<tr>";
for ($i=0; $i<mysql_num_fields($searchquery); $i++) {
echo "<td>";
echo "$row[$i]";
echo "</td>";
}}
Posted: Tue Aug 08, 2006 6:31 pm
by feyd
In the code you've posted $searchquery is merely a string, not the result resource from MySQL. The output from your inner while loop will only be written out once with the current code. You may want to cache the results it creates. And finally, your code will generate invalid HTML.
Posted: Tue Aug 08, 2006 8:13 pm
by Jenk
.. and is also vulnerable to sql injection.
Posted: Sat Aug 12, 2006 5:41 am
by reecec
Hi thanks all for you replyes
but when i check the query it works and doesnt give an error and says sucsess
but even if i do a standard on a new script
mysql_fetch_rows
it works but as soon as i tell it what row to get using a WHERE is doesnt like it can i not use this to get a specific row
thanks reece
Posted: Sat Aug 12, 2006 9:03 am
by feyd
I have no clue what you just said.

Posted: Sun Aug 13, 2006 12:41 pm
by reecec
sorry an example may help
this is fine
Code: Select all
$result=mysql_query("SELECT * FROM anytable");
$field=mysql_fetch_field($result)
but when a where clause is added it gives an error
Code: Select all
$result=mysql_query("SELECT * FROM anytable WHERE field=anything");
$field=mysql_fetch_field($result)
thanks reece
Posted: Sun Aug 13, 2006 12:53 pm
by feyd
- Place backticks around database, table and field references.
- Use quotes around strings.
- Use database native types for numbers, dates and the like.
Posted: Sun Aug 13, 2006 3:06 pm
by reecec
thanks thats sorted it
reece
Posted: Mon Aug 14, 2006 10:53 am
by reecec
Hi all
as you know im trying to do a SQL query this is what it echos
mysql_query("SELECT * FROM test WHERE username = 'test' AND profile = 'test' ")
what would be wrong with this as it wont fetch fields with this query
thanks for your help reece
Posted: Mon Aug 14, 2006 10:55 am
by s.dot
try the
mysql_error() function
Posted: Mon Aug 14, 2006 10:57 am
by feyd
You've forgotten the first bullet point I made already.
Posted: Mon Aug 14, 2006 11:07 am
by reecec
hi
i put them on the WHERE but not the db name so i added them like this
mysql_query("SELECT * FROM `test` WHERE 'username' = 'test' AND 'profile' = 'test' ")
but noting else changed is this what you mean
thanks reece
Posted: Mon Aug 14, 2006 11:11 am
by infolock
you are using ticks incorrectly in this query:
mysql_query("SELECT * FROM `test` WHERE 'username' = 'test' AND 'profile' = 'test' ")
instead, it should say this:
Code: Select all
$sql = mysql_query("SELECT * FROM `test` WHERE username = 'test' AND profile = 'test' ");
or even
Code: Select all
$sql = mysql_query("SELECT * FROM `test` WHERE `username` = 'test' AND `profile` = 'test' ");