stackoom
  简体   繁体   中英

Select returns empty result when injecting a variable in the query string

 原文  2014-11-03 12:04:04       php/ python/ mysql

Question

I try the following PHP code: 

$db = mysql_connect('localhost', 'root','');

mysql_select_db('mydatabase',$db);
$sql = 'SELECT id from user where name = \''.$my_name.'\'';
//$sql = 'SELECT id from user where name=\'Some Name \'';

echo $sql.'<br>';
$req=  mysql_query($sql) or die('Erreur SQL !<br>'.$sql.'<br>'.mysql_error()); 
$data = mysql_fetch_assoc($req);
mysql_close();
if($data) {
    echo 'id from database= '.$data['id'].'<br>';
    $id = $data['id'];
}

But it never enters on the if($data) statement. As you can see I try to print the sql request; and if I copy paste it to the mysql database, it returns the expected ID.

Note that the variable $my_name not empty and has the correct data. More strange, if I uncomment the line: 

//$sql = 'SELECT id from user where name=\'Some Name \'';

it works, and the data in $my_name is "Some Name "...

I make other request in my code, all work fine, except this one.

Last Note: the variable is taken from an extern python script: 

$command = escapeshellcmd('python /var/my_script.py '.$id_for python);
$my_name = shell_exec($command);
echo htmlspecialchars($my_name).'<br>';

So it seems to be something wong between data returns from the python script and the use of it in the mysql request...

EDIT

In Fact it should be an issue with python script. I cannot even insert the data in the database from python: 

import operator
import sys
import MySQLdb
from BeautifulSoup import BeautifulSoup, Comment, BeautifulStoneSoup
bugs = ""
username = "username";
password = "passwd#";
display = Display(visible=0, size = (800, 600))
display.start()
driver=webdriver.Chrome()
driver.get('somesite')
driver.find_element_by_name('ctl00$contextHolder$Login_name').send_keys(username)
driver.find_element_by_name('ctl00$contextHolder$Login_password').send_keys(password)
driver.find_element_by_name('ctl00$contextHolder$LoginButton').click()
display = Display(visible=0, size = (800, 600))
display.start()
driver=webdriver.Chrome()
driver.get('somesite')
driver.find_element_by_name('ctl00$contextHolder$Login_name').send_keys(username)
driver.find_element_by_name('ctl00$contextHolder$Login_password').send_keys(password)
driver.find_element_by_name('ctl00$contextHolder$LoginButton').click()

try:
    driver.get('https://somesite/SearchTicketPr.aspx')
    driver.find_element_by_name('ctl00$MainContent$SearchTickets$TB_TicketId').send_keys(sys.argv[1])
    driver.find_element_by_name('ctl00$MainContent$SearchTickets$B_Search').click()
    soup = driver.find_element_by_xpath("//*").get_attribute("outerHTML")
    reporter = soup.split('ctl00_MainContent_DG_TicketList_ctl03_L_EscalationFlg">')[1].split('</td><td>')[4]

    # We need to insert the reporter and mantis id directly in database
    #For Linux, this is a casual package (python-mysqldb). (You can use sudo apt-get install python-mysqldb in command line to download.)
    db = MySQLdb.connect(host="localhost", # your host, usually localhost
                     user="root", # your username
                      passwd="", # your password
                      db="myDB") # name of the data base

    # you must create a Cursor object. It will let
    #  you execute all the queries you need
    cur = db.cursor() 
    sql_req= "INSERT INTO ticket (number, username) VALUES ('" + sys.argv[1] + "', '" + reporter + "')"
    print sql_req
    # Use all the SQL you like
    cur.execute(sql_req)

    print reporter
<pre> <code> 
except:
    driver.quit()
    display.stop()
    raise

This prints the reported variable correctly, the printed sql request is well printed too. There is no error message, but the data are not inserted in the database.

It maybe something wrong with the encoding?

2 answers

solution1
 0  2014-11-03 12:13:06

Try this : 

...

$sql = "SELECT id from user where name = '".$my_name."'";

...

If the first line gives you an error because your $my_name var contain an illegal char or something like that, you should verify it before send it with the sql request.

solution2
 0  

That is because your query is wrong, please change this: 

 $sql = 'SELECT id from user where name = \''.$my_name.'\'';

To: 

 $sql = "SELECT id from user where name = '$my_name'";

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question If the result of a select query is empty (no rows) what does the variable hold? SQL query returns empty result Query returns empty result set Mysql “AS” returns empty result when using “UNION” mysql query Laravel query returns empty, Database returns result SELECT (with ? and $variable) returns empty array In opencart, a SELECT query gives an empty result when record is present in table Code returns empty string if variable is 0 Mysqli query returns empty string Query returns result for int not for string
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM