How do I compare input to mysql data with php/sql?
Question
I'm new to working with PHP and a mySQL DB. I"m trying to make a user input there user name(UN) to enter this one part of my site. I have a mySQL DB(test) with a users table called "test". I know that I'm connecting ok, because I tested it by creating a simple page to open the DB and list all the users(from the UN field), or select a specific one. I then created a page called "input.php" for a test of getting input. As seen here>
<html>
<body>
<form action="test.php" method="get">
UN: <input type="text" name="U">
<input type="submit">
</form>
</body>
</html>
The input from above goes to "test.php" below where it is checked with current data in my DB.
<?php
$hostname = "test.db.some#.somehost.com";
$username = "test";
$dbname = "test";
$password = "password";
$usertable = "test";
$yourfield = "UN";
mysql_connect($hostname, $username, $password) OR DIE ("Unable to
connect to database! Please try again later.");
mysql_select_db($dbname);
$query = "SELECT * FROM $usertable WHERE $yourfield = $_GET["U"]";
$result = mysql_query($query);
if ($result) {
while($row = mysql_fetch_array($result)) {
$name = $row["$yourfield"];
echo "Hello: $name<br>";
}
}
else {
echo "User dosen't exit!";
}
mysql_close();
?>
And this is the error I get> *Parse error: syntax error, unexpected '"', expecting T_STRING or T_VARIABLE or T_NUM_STRING in /home/content/81/11107981/html/test.php on line 20*
I know I'm close, but I want the cigar. ;)
4 answers
solution1
1 2013-05-17 23:25:39
I think the problem is that you don't escape the quotes in the query:
Try the following:
$u = $_GET['u'];
$query = "SELECT * FROM $usertable WHERE $yourfield = " . $u;
solution2
1 2013-05-17 23:30:59
mysql_* are deprecated. You should avoid them.
Change
mysql_connect($hostname, $username, $password) OR DIE ("Unable to
connect to database! Please try again later.");
to
$connection = mysql_connect($hostname, $username, $password) OR DIE ("Unable to
connect to database! Please try again later.");
,
$query = "SELECT * FROM $usertable WHERE $yourfield = $_GET["U"]";
to
$query = "SELECT * FROM $usertable WHERE $yourfield = '".$_GET["U"]."'";
And
mysql_close();
to
mysql_close($connection);
solution3
0 2013-05-17 23:31:46
You should write the query like this instead:
$query = "SELECT * FROM $usertable WHERE $yourfield = '" . $_GET["U"] . "'";
Or you can write it like this:
$query = "SELECT * FROM $usertable WHERE $yourfield = '{$_GET["U"]}'";
solution4
0 2013-05-18 05:05:36
your first problem is solved but here is the solution to your second problem along with the help to convert this code to mysqli
<?php
$hostname = "test.db.some#.somehost.com";
$username = "test";
$dbname = "test";
$password = "password";
$usertable = "test";
$yourfield = "UN";
$connect = mysqli_connect($hostname, $username, $password) OR DIE ("Unable to
connect to database! Please try again later.");
mysqli_select_db($dbname);
/* You can combine the above two lines in oen in mysqli by giving db name as fourth parameter
mysqli_connect($hostname, $username, $password, $dbname)
*/
$query = "SELECT * FROM $usertable WHERE $yourfield = $_GET["U"]";
$result = mysqli_query($query);
$rowSelected = mysqli_num_rows($result);
if ($rowSelected ) {
while($row = mysqli_fetch_array($result)) {
$name = $row["$yourfield"];
echo "Hello: $name<br>";
}
}
else {
echo "User dosen't exit!";
}
mysqli_close($connect);
?>
mysql_query or mysqli_query will return the resource .. and that will be true irrespective of whether rows are fetched or not ..what you need to check if there is any data that is being fetched in actual .. so use mysqli_num_rows(mysqli version of mysql_num_rows)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.