Select id from one query and use it in another

Question

I have this code. In the first query I want it to select a pid. Then I want to somehow use the selected pid as WHERE in the second query. This do not work but I want it to work on this(the same) page. I have read about this on other forums but I still didn't fix it. Probably a small mistake somewhere.

 <?php ini_set('display_errors',1); error_reporting(E_ALL); if(mysqli_connect_errno()) { echo mysqli_connect_error(); } $loggedInUserId = $_SESSION['user_id']; $resu = mysql_query("SELECT pid FROM users WHERE id='$loggedInUserId';"); $ro = mysql_fetch_row($resu); $sql= "SELECT pid, project_name, image, image_type FROM project WHERE pid ='". $row["pid"]. "';"; $result = $mysqli->query($sql); if ($result->num_rows > 0) { while($row = $result->fetch_array()) { //$type= "Content-type:".$row['image_type']; //header ($type); echo "<form action='respodents.php' method='post'><button name='submit' id='projectbutton'> <div> <img src=pic.php?pid=".$row['pid']." width=100px height=100px/>"." <div id='project_name'>".$row['project_name']."</div>"." <input type='hidden' name='pid' value='".$row['pid']."'> <input type='hidden' name='project_name' value='".$row['project_name']."'> </div> </button></form>"; }} mysqli_close($mysqli); ?> 

Answer 1

With respect to the sql, perhaps this might work

SELECT `pid`, `project_name`, `image`, `image_type` 
    FROM `project` WHERE `pid` = ( 
        SELECT `pid` FROM `users` WHERE `id`='$loggedInUserId'
    );

The original code had a mix of mysql and mysqli functions with a further mix of Object Orientated and Procedural method calls. Whilst this wouldn't cause an error necessarily it is bad practise to do so. Below is all in a procedural style - it's not tested but it incorporates the two queries into one which should work ( famous last words )

Sidenote: That said - with mysqli you can take advantage of prepared statements which help mitigate against the threat of sql injection - it's quite straightforward to lean and use - so rather than embedding a variable in the sql you would use a placeholder and then bind a variable to that.

<?php
    ini_set('display_errors',1);
    error_reporting(E_ALL);

    /* db connection? */


    if( mysqli_connect_errno() ) echo mysqli_connect_error();
    else {

        $loggedInUserId = $_SESSION['user_id'];

        $sql="select `pid`, `project_name`, `image`, `image_type` 
            from `project` 
            where `pid` = ( 
                select `pid` from `users` where `id`='$loggedinuserid'
            );";

        $resu=mysqli_query( $mysqli, $sql );
        if( $resu ){

            $ro = mysqli_fetch_row( $resu );

            while( $row=mysqli_fetch_object( $resu ) ){

                echo "<form action='respodents.php' method='post'>
                        <button name='submit' id='projectbutton'><!-- you cannot re-use IDs, they MUST be unique! -->
                            <div> 
                                <img src'=pic.php?pid=".$row->pid."' width='100px' height='100px'/>
                                <div id='project_name'>".$row->project_name."</div><!-- you cannot re-use IDs, they MUST be unique! -->
                                <input type='hidden' name='pid' value='".$row->pid."'/>
                                <input type='hidden' name='project_name' value='".$row->project_name."'/>
                            </div>
                        </button>
                   </form>";

            }
        }
        mysqli_close( $mysqli );
    }
?>

Answer 2

$ro = mysql_fetch_row($resu);

$sql= "SELECT pid, project_name, image, image_type FROM project WHERE pid ='".      
$row["pid"]. "';";

$ro = mysql_fetch_row($resu); should be spelled $row not $ro . There's nothing in the variable you are calling in your SQL statement.

Also, your SQL Statement doesn't make much sense in terms of

$row["pid"], 

you are accessing a numerical array with mysql_fetch_row( http://php.net/manual/en/function.mysql-fetch-row.php ).

If anything, you want to do mysql_fetch_array or mysql_fetch_assoc, to fetch an associative array that you can access the "pid" data statement. The way you are doing it with fetch_row you want to access it numerical, ie,

$result = mysql_query("SELECT id,email FROM people WHERE id = '42'"); 
$row = mysql_fetch_row($result);

echo $row[0]; // 42
echo $row[1]; // the email value

The above is copied directly from the php mysql_fetch_row docs.

Edit:: http://php.net/manual/en/mysqli-result.fetch-row.php Mysqli Docs for fetch_row.

Answer 3

First of all, you should not be mixing mysql and mysqli. Let's use mysqli as mysql is deprecated.

I will assume that you don't need it to be in just one query since you never specified.

$result = mysqli_query("SELECT pid FROM users WHERE id='$loggedInUserId';");
while($row = mysqli_fetch_row($result))
{
    $pid = $row['pid'];
}

$sql= "SELECT pid, project_name, image, image_type FROM project WHERE pid ='". $pid. "';";

$result = $mysqli->query($sql);

Also, you really should learn to use prepared statements as they are a much safer.

Answer 4

I believe you have to change this code:

$resu = mysql_query("SELECT pid FROM users WHERE id='$loggedInUserId';");

to:

$resu = mysql_query("SELECT pid FROM users WHERE id='".$loggedInUserId."'");

And do not mix mysql and mysqli commands you can easly mess up you code that way.

Answer 5

This looks smelly

$ro = mysql_fetch_row($resu);

$sql= "SELECT pid, project_name, image, image_type FROM project WHERE pid ='". $row["pid"]. "';";

change $ro = mysql_fetch_row($resu); to $row = mysql_fetch_row($resu);