artsyL Posted July 3, 2013 Share Posted July 3, 2013 I already tried it. Margaux has been very helpful, so I do everything s/he suggests. I was just wondering if there was something more theoretical to consider. Still working on it. Link to comment Share on other sites More sharing options...
artsyL Posted July 3, 2013 Share Posted July 3, 2013 Nope, nope, nope and nope. Is this as weird as i think it is? (single quotes): $country_id = mysqli_real_escape_string($coun); $q = "SELECT short_name FROM country WHERE country_id = '$country_id'"; (no quotes): $country_id = mysqli_real_escape_string($coun); $q = "SELECT short_name FROM country WHERE country_id = $country_id"; (double quotes): $country_id = mysqli_real_escape_string($coun); $q = "SELECT short_name FROM country WHERE country_id = '".$country_id."'"; (backticks): $country_id = mysqli_real_escape_string($coun); $q = "SELECT short_name FROM country WHERE country_id = `$country_id`"; Link to comment Share on other sites More sharing options...
Antonio Conte Posted July 4, 2013 Share Posted July 4, 2013 Are you expecting more than one row in the result set? Your current code will allow 1 row and fail on anything else. That if-statement won't likely run, so I'm betting that's the problem. !== 0 or > 0 should do the trick. If that IS the point however, add a LIMIT 1; to the end of your query. It'll force a single result. 1 Link to comment Share on other sites More sharing options...
artsyL Posted July 4, 2013 Share Posted July 4, 2013 This stops the error message, but now I'm getting a NULL row. It must not be pulling the info. When I use >0 the error message is still there. //get short_name variable $country_id = mysqli_real_escape_string($coun); $q = "SELECT short_name FROM country WHERE country_id = $country_id LIMIT 1"; $r = mysqli_query($dbc, $q); $num = mysqli_num_rows($r); if ($num !== 0) {//match was made //Get short_name $row = mysqli_fetch_assoc($r, MYSQLI_ASSOC); var_dump($row); }else { echo '<p>no match</p>'; } Link to comment Share on other sites More sharing options...
artsyL Posted July 4, 2013 Share Posted July 4, 2013 This change makes $country_id finally take on the $coun variable (the var_dump shows this), but now we are essentially back where we started (no point to having the second variable if the first will do) $country_id = $coun; var_dump($coun, $country_id); $q = "SELECT short_name FROM country WHERE country_id = $country_id LIMIT 1"; Link to comment Share on other sites More sharing options...
artsyL Posted July 4, 2013 Share Posted July 4, 2013 I ran this to check for errors: $vquery = mysqli_query($q) or die(mysqli_error() . "\n<br>$q"); This is my result: SELECT short_name FROM country WHERE country_id = 114 LIMIT 1 I ran the query in phpmyadmin and it worked: so how is this an error in PHP? Link to comment Share on other sites More sharing options...
HartleySan Posted July 4, 2013 Share Posted July 4, 2013 So you're saying that $country_id and $coun are both definitely 114, and when you run the following query in phpMyAdmin, you get some results back? SELECT short_name FROM country WHERE country_id = 114 LIMIT 1; What kind of error are you getting in your PHP script? If you echo mysqli_num_rows($r), what do you get? Just a quick heads-up, but mysqli_fetch_assoc($r, MYSQLI_ASSOC) won't work because mysqli_fetch_assoc only requires one argument, which is the results set. 1 Link to comment Share on other sites More sharing options...
artsyL Posted July 4, 2013 Share Posted July 4, 2013 Yes, that is what was happening, which is why I was so confused! I took your suggestion and changed to mysql_fetch_array($r) which finally outputs something useful. array(2) { [0]=> string(17) "Wallis and Futuna" ["short_name"]=> string(17) "Wallis and Futuna" } Now I just have to figure out how to turn that into a variable. Should I use EXTRACT? how would I do this here? by the way, the mysqli_real_escape_string seems to be causing some issues (mentioned above) what should I do? Thanks!!!! Link to comment Share on other sites More sharing options...
artsyL Posted July 4, 2013 Share Posted July 4, 2013 Finally got it figured out. This works! Thanks everyone! I'm still a little worried about having no mysql_real_escape_string, but I don't know what to do about it because when it's in there it doesn't work anymore. //get short_name variable $country_id = $coun; $q = "SELECT short_name FROM country WHERE country_id = $country_id LIMIT 1"; $r = mysqli_query($dbc, $q); $num = mysqli_num_rows($r); echo mysqli_num_rows($r); if ($num > 0) {//match was made //Get short_name $row = mysqli_fetch_array($r); $sn = $row['short_name']; }else { echo '<p>no match</p>'; } Link to comment Share on other sites More sharing options...
HartleySan Posted July 4, 2013 Share Posted July 4, 2013 You should definitely use mysqli_real_escape_string, or (my personal preference) prepared statements. Likely the reason mysqli_real_escape_string isn't working is because you aren't providing it with the DB connection object as the first argument. Try the following: mysqli_real_escape_string($dbc, $coun); // I'm assuming that $dbc is your DB connection object. Also, glad you figured it out. That's always a good feeling. 1 Link to comment Share on other sites More sharing options...
margaux Posted July 4, 2013 Share Posted July 4, 2013 That's great that you got it working. HartleySan is right, you need the db connection object as the first parameter for mysqli_real_escape_string. Sorry I forgot that in my earlier post I'm pretty certain this should work $country_id = mysqli_real_escape_string($dbc, $coun); $q = "SELECT short_name FROM country WHERE country_id = $country_id"; Assuming country_id is set up as the unique primary index on the table with auto_increment you don't strictly need the LIMIT 1 clause, but its worth putting in so the sql engine stops as soon as it finds a match. Whenever, I'm not sure about the syntax of a function I go to the php manual and look up the function. I struggle with its readability but I do usually find answers and if you scroll down the page, the examples are often very helpful. You probably found this a bit frustrating but you've learned alot in the process. Good luck with the rest of your project. 2 Link to comment Share on other sites More sharing options...
artsyL Posted July 5, 2013 Share Posted July 5, 2013 Wow! I managed to go a whole day without needing personal help! Thank you for the tips. I'm working specifically on security today, so I'll probably be "seeing" you on related thread soon. Link to comment Share on other sites More sharing options...
Recommended Posts