i dont know what i'm doing wrong i'm trying to get all the fields from a
specific row by user name i'm using php and i got the connection string down
and i made a query like this:
$query = mysql_query("SE LECT * FROM <DBname> WHERE name = $_POST[user]");
the variable $_POST[user] was passed to the php code from a previous html
form i get the error:
Unknown column '<username here>' in 'where clause'
the <username here> part shows whatever i typed in my previous form as a
user name
i'm guessing i'm using the wrong syntax and i cant find any help on it
perhaps some one could explain this to me and point me to a site or manual
on this sort of thing. i treid php.net but they have mostly different
functions i couldnt find this one there
TIA
~ K.R 8 2338
Kamil wrote: i dont know what i'm doing wrong i'm trying to get all the fields from a specific row by user name i'm using php and i got the connection string down and i made a query like this:
$query = mysql_query("SE LECT * FROM <DBname> WHERE name = $_POST[user]");
the variable $_POST[user] was passed to the php code from a previous html form i get the error: Unknown column '<username here>' in 'where clause'
the <username here> part shows whatever i typed in my previous form as a user name
i'm guessing i'm using the wrong syntax and i cant find any help on it perhaps some one could explain this to me and point me to a site or manual on this sort of thing. i treid php.net but they have mostly different functions i couldnt find this one there
TIA ~ K.R
It needs to be in quotes.
Steve
.oO(Kamil) i dont know what i'm doing wrong i'm trying to get all the fields from a specific row by user name i'm using php and i got the connection string down and i made a query like this:
$query = mysql_query("SE LECT * FROM <DBname> WHERE name = $_POST[user]");
Some things:
1) Do a google for "PHP SQL injection" and then never use form-submitted
data directly in a query again, you're risking your db and server!
SQL Injection http://www.php.net/manual/en/securit...-injection.php
2) The username is a string, it has to be single-quoted in the query.
The missing quotes are what causes error, because MySQL treats the
submitted username as a column name instead of a value.
i'm guessing i'm using the wrong syntax and i cant find any help on it perhaps some one could explain this to me and point me to a site or manual on this sort of thing. i treid php.net but they have mostly different functions i couldnt find this one there
The error is caused by MySQL, not PHP. Have a look at (or better
download) the MySQL manual.
10.1.1 Strings http://dev.mysql.com/doc/mysql/en/String_syntax.html
10.2 Database, Table, Index, Column, and Alias Names http://dev.mysql.com/doc/mysql/en/Legal_names.html
HTH
Micha
"Kamil" <oz******@tampa bay.rr.com> wrote in message
news:Vv******** **********@torn ado.tampabay.rr .com... i dont know what i'm doing wrong i'm trying to get all the fields from a specific row by user name i'm using php and i got the connection string
down and i made a query like this:
$query = mysql_query("SE LECT * FROM <DBname> WHERE name = $_POST[user]");
the variable $_POST[user] was passed to the php code from a previous html form i get the error: Unknown column '<username here>' in 'where clause'
$sql = sprintf("SELECT * FROM %s WHERE name = '%s'",
$dbname, $_POST[user]);
echo $sql;
$result = mysql_query($sq l);
if(! $result || mysql_error() || mysql_num_rows( $result) < 1)
{
echo "Unable to find records [$sql] : " . mysql_error() . "<br>\n";
}
*** Kamil escribió/wrote (Sat, 02 Oct 2004 06:02:29 GMT): "SELECT * FROM <DBname> WHERE name = $_POST[user]"
What I've found to be wrong:
1) FROM clause needs a table name, not a database name
2) Strings in SQL must be quoted (single quotes)
3) You must escape single quotes within strings to avoid SQL injection and syntax errors
4) Associative arrays use a string as an index, not a constant
It shold be:
"SELECT * FROM table_name WHERE name='" . mysql_escape_st ring($_POST['user']) . "'"
--
-+ Álvaro G. Vicario - Burgos, Spain
+- http://www.demogracia.com (la web de humor barnizada para la intemperie)
++ Las dudas informáticas recibidas por correo irán directas a la papelera
-+ I'm not a free help desk, please don't e-mail me your questions
--
.oO(Alvaro G. Vicario) *** Kamil escribió/wrote (Sat, 02 Oct 2004 06:02:29 GMT): "SELECT * FROM <DBname> WHERE name = $_POST[user]"
What I've found to be wrong:
[...] 4) Associative arrays use a string as an index, not a constant
The above is correct (simple) PHP syntax. Quoting the index there would
cause a parse error. When using complex (curly) syntax or accessing the
array outside a string then you're right.
Micha
"Kamil" <oz******@tampa bay.rr.com> wrote in message
news:Vv******** **********@torn ado.tampabay.rr .com... i dont know what i'm doing wrong i'm trying to get all the fields from a specific row by user name i'm using php and i got the connection string
down and i made a query like this:
$query = mysql_query("SE LECT * FROM <DBname> WHERE name = $_POST[user]");
the variable $_POST[user] was passed to the php code from a previous html form i get the error: Unknown column '<username here>' in 'where clause'
the <username here> part shows whatever i typed in my previous form as a user name
i'm guessing i'm using the wrong syntax and i cant find any help on it perhaps some one could explain this to me and point me to a site or manual on this sort of thing. i treid php.net but they have mostly different functions i couldnt find this one there
TIA ~ K.R
thanks for all the help i looked up all those sites an dlearned a thing or
two but it still didnt help me... i know about the risk to th server and DB
but i'm not worried, noone knows about this DB and i'm not plnin to use it
anywhere its just for my own practice. I'm still having problems but i think
i DID make some progress heres whats going on now...
what I did to test what is going on is I put my query string in an echo
satement and the literal string that comes out that is used in the query is
this:
SELECT * FROM `table` WHERE `name` = "<user>" LIMIT 1
i copied and pasted this exact string into PHPMyAdmin and replaced <user>
with a real user name in my table and it did pull the record, but now my PHP
gives this error:
Warning: Wrong parameter count for mysql_query() in <directory> on line 12
any ideas?? i'm really confused
I noticed that Message-ID:
<Bm************ *******@tornado .tampabay.rr.co m> from Kamil contained the
following: Warning: Wrong parameter count for mysql_query() in <directory> on line 12
any ideas?? i'm really confused
Er..you don't show us that bit of code...
--
Geoff Berrow (put thecat out to email)
It's only Usenet, no one dies.
My opinions, not the committee's, mine.
Simple RFDs http://www.ckdog.co.uk/rfdmaker/
"Kamil" <oz******@tampa bay.rr.com> wrote in message
news:Bm******** ***********@tor nado.tampabay.r r.com... "Kamil" <oz******@tampa bay.rr.com> wrote in message news:Vv******** **********@torn ado.tampabay.rr .com... i dont know what i'm doing wrong i'm trying to get all the fields from a specific row by user name i'm using php and i got the connection string down and i made a query like this:
$query = mysql_query("SE LECT * FROM <DBname> WHERE name = $_POST[user]");
the variable $_POST[user] was passed to the php code from a previous html form i get the error: Unknown column '<username here>' in 'where clause'
the <username here> part shows whatever i typed in my previous form as a user name
i'm guessing i'm using the wrong syntax and i cant find any help on it perhaps some one could explain this to me and point me to a site or manual on this sort of thing. i treid php.net but they have mostly different functions i couldnt find this one there
TIA ~ K.R
thanks for all the help i looked up all those sites an dlearned a thing or two but it still didnt help me... i know about the risk to th server and DB but i'm not worried, noone knows about this DB and i'm not plnin to use it anywhere its just for my own practice. I'm still having problems but i think i DID make some progress heres whats going on now...
what I did to test what is going on is I put my query string in an echo satement and the literal string that comes out that is used in the query is this:
SELECT * FROM `table` WHERE `name` = "<user>" LIMIT 1
i copied and pasted this exact string into PHPMyAdmin and replaced <user> with a real user name in my table and it did pull the record, but now my PHP gives this error:
Warning: Wrong parameter count for mysql_query() in <directory> on line 12
any ideas?? i'm really confused
The message means what it says. The manual tells you what parameters the
mysql_query() function requires, and you have obviously gone and given it
something which is completely different. I suggest you learn to read.
--
Tony Marston http://www.tonymarston.net This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics |
by: pancho |
last post by:
Greetings, I need help configuring/building PHP3 with MySQL as a DSO
on a Solaris 8 box - this module is needed to host some existing
sites I will be migrating
Note. I built PHP4 from source and it loads without an error.
When I try t run "apachectl configtest" I get the following error:
--
Cannot load /usr/local/apache/libexec/libphp3.so into server: ld.so.1:
/usr/local/apache/bin/httpd:
fatal: relocation error: file...
|
by: root |
last post by:
hi there,
I've tried to install mysql-3.23.55.tar.gz but failed. Firstly, I've
created directory /home/users/mysql and add group for mysql. Those are the
command that I've used previously:
shell>groupadd mtsqlid
shell>mkdir /home/users
shell>useradd -d /home/users/mysql -s /bin/false -g mysqlid mysqlid
|
by: Richard Gabriel |
last post by:
Hi everyone,
Since we upgraded to MySQL 4.0.13 from 3.23, we have been getting table
corruption often. It happens about twice per week (with about 500
queries per second average). I have even set up a cron to run
mysqlcheck every hour to try to do some damage control. The biggest
problem is that once the table is corrupted, it seems to be locked.
Well, no clients can read from it. Once repaired, just one record is
usually lost for...
|
by: Ryan Schefke |
last post by:
------=_NextPart_000_0077_01C34C8B.2B90C960
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
..I just sent this out to the win32 distribution list but no one has
replied.can someone on this list please help? The issue should be
trivial for experienced MySQL users, I'm just a novice, thanks!
|
by: Mark Adams |
last post by:
I really need some help with this. MySQL will not start on boot despite
everything I've done to make sure that it is set to do so.
When I start it as root from a terminal with "/usr/bin/mysqld_safe
--skip-grant-tables &" I show several mysqld procs. and one mysqld_safe,
but I can't connect:
# ps -aux| grep mysql
Warning: bad syntax, perhaps a bogus '-'? See http://procps.sf.net/faq.html
root 3650 0.0 0.1 2276 664 ? S ...
| |
by: baustin75 |
last post by:
Posted: Mon Oct 03, 2005 1:41 pm Post subject: cannot mail() in ie
only when debugging in php designer 2005
--------------------------------------------------------------------------------
Hello,
I have a very simple problem but cannot seem to figure it out. I have a
very simple php script that sends a test email to myself. When I debug
it in PHP designer, it works with no problems, I get the test email. If
|
by: Mark |
last post by:
the Following bit of code doesn't work.
It seems to respond to the second, starting with 'add iif statement
for Good Practice', but not to the first, starting 'add iif statement
for archived'
Help me to sort this out, it has taken me almost a week to wade
through and it still won't work.
Select Case Forms("frmForce").OpenArgs
|
by: trihanhcie |
last post by:
I m currently working on a Unix server with a fedora 3 as an os
My current version of mysql is 3.23.58. I'd like to upgrade the version
to 5.0.18.
After downloading from MYSQL.COM the package on the site, I made :
rpm -i MySQL-server-5.0.18-0.i386.rpm
then i have errors that relate to many conflicts. I cannot figure out
why -and- cannot upgrade. Please Help !
|
by: Extremest |
last post by:
I have a loop that is set to run as long as the arraylist is > 0.
at the beginning of this loop I grab the first object and then
remove it. I then go into another loop that checks to see if there
are more objects that match the first object that i grabbed. If
they match then I put them in an array. I would like to remove each
match from the arraylist as I find them to speed things up and so
that they don't get checked again. If I try...
|
by: DarkGiank |
last post by:
Hi, im new to csharp and im trying to create a class that can change the application database without no rewriting all connection code... but cause some reason it is not working... it tells me that im not creating the object but im doing it,,, please help im a newbie to c#
using System;
using System.Collections.Generic;
using System.Text;
using System.Data;
using System.Data.SQLite;
using MySql.Data;
using MySql.Data.MySqlClient;
using...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
| |
by: jinu1996 |
last post by:
In today's digital age, having a compelling online presence is paramount for businesses aiming to thrive in a competitive landscape. At the heart of this digital strategy lies an intricately woven tapestry of website design and digital marketing. It's not merely about having a website; it's about crafting an immersive digital experience that captivates audiences and drives business growth.
The Art of Business Website Design
Your website is...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
|
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: isladogs |
last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM).
In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules.
He will explain when you may want to use classes instead of User Defined Types (UDT). For example, to manage the data in unbound forms.
Adolph will...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
| |
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| |