[RESOLVED] sql returning nil? but its not?
Results 1 to 8 of 8

Thread: [RESOLVED] sql returning nil? but its not?

  1. #1
    Junior Member
    Join Date
    Dec 2012
    Posts
    9

    resolved [RESOLVED] sql returning nil? but its not?

    So, I am trying to run an SQL query to get all the columns with a certain value:

    PHP Code:
    $tmpid $_GET["id"];
    $mehallyw intval($tmpid);
    echo(
    "The id of the alliance you are looking at is " $mehallyw);
    $myallyw mysql_fetch_array(mysql_query("SELECT * FROM `alliances` WHERE 'id'= '$tmpid'"));
    echo (
    mysql_error());
    echo(
    " And the name of the alliance is " $myallyw["Name"]); 
    I tripple checked the table and stuff, and I have gotten data from other tables in the database so its not that.. I was hoping I may have made a typo or something? Thanks.

    P.S. Yes, the id is being set in the URL bar.

  2. #2
    Pna lbh ernq guvf¿
    Join Date
    Jul 2004
    Location
    Kansas City area
    Posts
    19,413
    I'm lazy, so I'll just directly quote myself from a different thread in this forum:

    Quote Originally Posted by bradgrafelman View Post
    Here are a list of issues I see with the code snippet you posted (in no particular order):
    1. Stop Using the MySQL Extension!
    2. PHP Code:
      $memberid $_GET['rid']; 
      What if $_GET['rid'] doesn't exist? The answer is your code will generate an E_NOTICE level error message and then continue on as if it really did receive the information it expected.

      Instead, consider using isset() to first check if this data exists and, if not, handling the problem gracefully.
    3. User-supplied data should never be placed directly into a SQL query, else your code will be vulnerable to SQL injection attacks and/or just plain SQL errors. Instead, you must first sanitize the data such as by using a function like mysqli_real_escape_string() for string data (or casting for numeric data) or by using prepared statements.
    4. You never check to see if the SQL query was successfully executed and, if not, outputting and/or logging the MySQL error message to aid in debugging. You should always verify this before you attempt to access the result set.
    (In #2: pretend the "member" in "memberid" is actually "tmp", and drop the "r" from "rid".)

  3. #3
    Junior Member
    Join Date
    Dec 2012
    Posts
    9
    1. I know :c
    2. i am already handling that, i know it does exist. And i print it out to double check
    3. its not user supplied, an di use escape string on everything that is
    4. and i do output the mysql error, unless im doing that wrong. I dunno really how to use it.

  4. #4
    Pedantic Curmudgeon Weedpacket's Avatar
    Join Date
    Aug 2002
    Location
    General Systems Vehicle "Thrilled To Be Here"
    Posts
    21,862
    Perhaps if you explained what the problem you're having actually is? Your subject line is useless. You should at least describe what you're supposed to get and what you are getting. You have to do this because we're not sitting in the same room as you are looking at the same computer.

    And:
    Quote Originally Posted by POC0bob
    3. its not user supplied, an di use escape string on everything that is
    It is user-supplied, and it's not escaped: you're making sure that $mehallyw is an integer, but that's irrelevant, because you're using $tmpid in the query.
    THERE IS AS YET INSUFFICIENT DATA FOR A MEANINGFUL ANSWER
    FAQs! FAQs! FAQs! Most forums have them!
    Search - Debugging 101 - Collected Solutions - General Guidelines - Getting help at all

  5. #5
    Junior Member
    Join Date
    Dec 2012
    Posts
    9
    The reason im using $tempid is i was seeing if the fact that i was changing it to a number was the problem. The problem is, that I am running query, which higher in the code is check to see if id exists, as it is used to determine which page is shown, and will only make it this far if it is a number, and is not nil. But when the query returns, it doesn't give me any errors, but it doesn't return anything in the table, i am using $myallyw["Name"] to get the name value, which is in the table its getting 'alliances' but the echo only shows 'And the name of the alliance is ' no name after it, however it does show '$mehallyw' (i know, im really creative with the variable names .-.) what it is supposed to, the number. And the WHERE is correct as far as i know, there is a column in the table where id does equal the number in '$mehallyw' so I am not sure that when i am using either print_r() or echo() its not printing anything.

  6. #6
    Junior Member
    Join Date
    Dec 2012
    Posts
    9
    Here is a larger snippet of the code, with a few changes.

    PHP Code:
    <?php 
    $xw 
    mysql_query("SELECT * FROM `alliances` ORDER BY id");
    $tmpid =  mysql_real_escape_string($_GET["id"]);
    $mehallyw intval($tmpid);
    echo(
    "The id of the alliance you are looking at is " $mehallyw);
    $myallyw mysql_fetch_array(mysql_query("SELECT * FROM `alliances` WHERE 'id'= '$mehallyw'"));
    echo (
    mysql_error());
    echo(
    " And the name of the alliance is " $myallyw["Name"]);
    $xAw mysql_num_rows($xw);
    $xcw mysql_query("SELECT * FROM `alliancemembers` WHERE 'id'='$mehallyw'");
    $xAcw mysql_num_rows($xcw);?>

        <div class="leftcolumn" style="width: 97%; height: auto; border-radius: 15px; background-color: #0000FF; padding: 15px; /* [disabled]background-image: url(../images/bg.png); */ background-repeat: inherit;">
        <?php    if($_GET['id'] == ""){ ?> <?php ?>

          <td style="width: 11%; height: 120px; border-radius: 5px; background-color: #0094FF; color: white; float: left;">
          <center>
            <h3 class="whitetxt"><?php print_r($myallyw["Name"]); ?></h3>
          </center>
          <p><img src="/images/skins/<?php
    if ($user['Skin'] == '' || $user['Skin'] == '0'){
    print_r("Template.png");
    }else{
    print_r($je['Skin']);
    }
    ?>" width="100" height="100" /></p>
          <h2 class="whitetxt">Overview: </h2>
          <p class="whitetxt">Owner: <?php print_r($myallyw["Owner"]); ?></p>
          <p class="whitetxt">Alliance rank: <?php print_r($myallyw["level"]); ?></p>
          <p class="whitetxt">Number of members: <?php print_r($xAcw); ?> </p>
          <p class="whitetxt"><span class="whitetxt">Description: </span>      </p>
          <p class="whitetxt">
            <label for="allydesc"></label>
            <textarea name="allydesc" cols="45" rows="5" readonly="readonly" id="allydesc" style=" width:450px; background-color:#91CDFF; height: 250px;"><?php print_r($myallyw["Desc"]); ?></textarea>
          </p>
          <p class="whitetxt">Requires approval to join: <?php if($myallyw["reqact"]==1){ echo('yes');}else{echo("no");}?>
          </p>
    All the things like
    PHP Code:
    <p class="whitetxt">Owner: <?php print_r($myallyw["Owner"]); ?></p>
    Again, it just prints the text in HTML paragraph, everything in the <?php ?> is blank..

  7. #7
    Pedantic Curmudgeon Weedpacket's Avatar
    Join Date
    Aug 2002
    Location
    General Systems Vehicle "Thrilled To Be Here"
    Posts
    21,862
    Well, for a start, print_r is not what you want. That's for debugging. You want either print or echo.

    But more significantly, thanks to the quotes in your WHERE clause quotes, you're treating $tmpid (whatever it is) as a string and comparing it with the string 'id', not as an integer and not with the field id.
    THERE IS AS YET INSUFFICIENT DATA FOR A MEANINGFUL ANSWER
    FAQs! FAQs! FAQs! Most forums have them!
    Search - Debugging 101 - Collected Solutions - General Guidelines - Getting help at all

  8. #8
    Junior Member
    Join Date
    Dec 2012
    Posts
    9
    that worked! Thank you! Haha I guess I over looked that because I needed to use quotes a few times in the same code, and on a few other pages

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •