Posted: Wed Oct 11, 2006 11:36 am
Seems like were having some technical issues with quotes.. bear with me.
A community of PHP developers offering assistance, advice, discussion, and friendship.
http://forums.devnetwork.net/
Code: Select all
$sql = 'SELECT * FROM '. $mysql['prefix'] .'users` WHERE `username`= \''. mysql_real_escape_string($_SESSION['username']).'\'';
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
$user_folder = $row['user_folder'];
$id = $row['id'];
$sql2 = "SELECT count(*) FROM results WHERE id= $id";
$result2 = mysql_query($sql2) or die(mysql_error())
// etc ...
}Code: Select all
echo \'phpbb hates me\';don't use a proxy thenJcart wrote:Something goofy with my proxy adding in extra slashes.
Code: Select all
$sql = 'SELECT * FROM '. $mysql['prefix'] .'users` WHERE `username`= \''. mysql_real_escape_string($_SESSION['username']).'\'';
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
$user_folder = $row['user_folder'];
$id = $row['id'];
$sql2 = "SELECT count(*) FROM results WHERE user_id=$id";
$results2 = mysql_query($sql2) or die(mysql_error())
// etc ...
}Code: Select all
<?php
$sql = 'SELECT * FROM '. $mysql['prefix'] .'users` WHERE `username`= \''. mysql_real_escape_string($_SESSION['username']).'\'';
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
$user_folder = $row['user_folder'];
$id = $row['id'];
$sql2 = "SELECT count(*) FROM results WHERE user_id=$id";
$results2 = mysql_query($sql2) or die(mysql_error());
// etc ...
}
?>Code: Select all
error_reporting = E_ALL
; Print out errors (as a part of the output). For production web sites,
; you're strongly encouraged to turn this feature off, and use error logging
; instead (see below). Keeping display_errors enabled on a production web site
; may reveal security information to end users, such as file paths on your Web
; server, your database schema or other information.
display_errors = On
; Even when display_errors is on, errors that occur during PHP's startup
; sequence are not displayed. It's strongly recommended to keep
; display_startup_errors off, except for when debugging.
display_startup_errors = On
; Trace mode. When trace_mode is active (=On), warnings for table/index scans and
; SQL-Errors will be displayed.
mysql.trace_mode = OnCode: Select all
You have <?=$results2?> results waiting for you.Jcart wrote:$sql2 = "SELECT count(*) as `count` FROM results WHERE user_id=$id";
(once again excuse my extra quotes, proxy screwing things up.)
Firstly, notice how I have aliased the count command because it will be easier to reference it once we have fetched it.
Secondly, you have to run $result2 through mysql_fetch_assoc(), and then do something with variable.
Thirdly, once you have fetched the result, your count will be available as the column `count`
Please read the mysql docs on select statements and fetching.
Must be the statementYou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'username`= 'steve'' at line 1
But I don't know why.$sql = 'SELECT * FROM '. $mysql['prefix'] .'users` WHERE `username`= \''. mysql_real_escape_string($_SESSION['username']).'\'';
$result = mysql_query($sql) or die(mysql_error());
Code: Select all
<?php
$sql_table = $mysql['prefix'] .'users';
$sql_username = mysql_real_escape_string($_SESSION['username']);
$query = "SELECT
id
FROM
$sql_table
WHERE
username='$sql_username'";
$result = mysql_query($query) or die(mysql_error() . ': '. $query);
while ($row = mysql_fetch_array($result)) {
$user_folder = mysql_real_escape_string($row['user_folder']);
$id = (int)$row['id'];
$query = "SELECT
count(*)
FROM
results
WHERE
user_id=$id";
$results2 = mysql_query($query) or die(mysql_error() . ': '. $query);
// ...
}
?>Code: Select all
You have <?=$results2?> surveys in the Results Center. Please wait while we load your information. If you are not automatically redirected within 3 seconds, please <a href="../results/<?=$user_folder?>">click here</a>.That query was missing an opening tick for the table name. Just FYI...volka wrote:Must be the statementYou have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near 'username`= 'steve'' at line 1But I don't know why.$sql = 'SELECT * FROM '. $mysql['prefix'] .'users` WHERE `username`= \''. mysql_real_escape_string($_SESSION['username']).'\'';
$result = mysql_query($sql) or die(mysql_error());