SitePoint Sponsor

User Tag List

Results 1 to 5 of 5
  1. #1
    SitePoint Zealot
    Join Date
    Oct 2010
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Fetching data from mySQL Database using PHP - Not working

    I am trying to fetch data from a database but it seems not to work.

    This is the code:

    Code PHP:
    // Check if date already exists in the database
    $searchQuery = "SELECT * from services WHERE 'date' = '".$newDate."'";
    	// echo $searchQuery;
     
    $search = mysql_query($searchQuery);
    $row = mysql_fetch_array($search);
     
    echo $row['date'];

    When I echo the $searchQuery to check the syntax it is correct. I have copied and pasted it into phpMyadmin and run the query there and the result is found. However, for some reason it will not display on the web page. I don't know if this matters but when I run the query in phpMyAdmin - It says "Showing rows 0 - 0 ( 1 total, Query took 0.0007 sec)" - Does this matter?

    What could be wrong?

  2. #2
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,341
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by CBResources View Post
    I have copied and pasted it into phpMyadmin and run the query there and the result is found.
    no, you didn't, this query will not work in phpmyadmin either, not the way you wrote it here

    'date' is a string

    `date` is a qualified column name

    look carefully, there's a difference
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  3. #3
    SitePoint Zealot
    Join Date
    Oct 2010
    Posts
    167
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok - Thanks. That's working now.
    Perhaps you can help me with something else SQL Related... same project...

    I am collecting data from a form to insert into the database. This is how I fetch the data from the form:

    Code PHP:
    $originalDate = $_POST['date'];
    $newDate = date("Y-m-d", strtotime($originalDate));
    $howmany = $_POST['howmany'];
    $musicContemp = $_POST['music_contemp'];
    $musicReg = $_POST['music_reg'];
    $minister = $_POST['minister'];
    $topic = $_POST['topic'];
    $desc = $_POST['desc'];
    $forum = $_POST['forum_topic'];
    $presenter = $_POST['presenter'];
    $forumDesc = $_POST['forum_desc'];
    $religious = $_POST['religious_ed'];

    And this is how I build my query:

    Code PHP:
    $query = "INSERT INTO services (
    date, 
    number, 
    musicians_reg, 
    musicians_con, 
    minister, 
    topic, 
    topic_desc, 
    forum, presenter, 
    forum_secr, 
    religious) 
    VALUES (
    '" . $newDate . "',
    '" . $howmany . "',
    '" . $musicReg . "',
    '" . $musicContemp . "',
    '" . $minister . "',
    '" . $topic . "',
    '" . $desc . "',
    '" . $forum . "',
    '" . $presenter . "',
    '" . $forumDesc . "',
    '" . $religious . "')
    ";
     
    $update = mysql_query($query);
    if (! $update) exit(mysql_error());
    else echo '
    <div class="result-header">
    <span class="result-header">Sunday Services Form</span><br />
    </div>
    <div class="result">
    The details have been updated and will now appear on the website.
    </div>
    ';
    return $update;

    I need to know where in that code I use mysql_real_escape_string to make sure special characters entered into the form are escaped. When somebody enters something like "Let's see if this works" the query fails because it isn't escaped. I know I need to mysql_real_escape_string the values but I don't know where to put it.

  4. #4
    SQL Consultant gold trophysilver trophybronze trophy
    r937's Avatar
    Join Date
    Jul 2002
    Location
    Toronto, Canada
    Posts
    39,341
    Mentioned
    63 Post(s)
    Tagged
    3 Thread(s)
    Quote Originally Posted by CBResources View Post
    Perhaps you can help me with something else SQL Related... same project...
    sorry, what you're asking is only tangientially related to sql, it's actually a php question, and i'm sorry, i don't do php
    rudy.ca | @rudydotca
    Buy my SitePoint book: Simply SQL
    "giving out my real stuffs"

  5. #5
    Keeper of the SFL StarLion's Avatar
    Join Date
    Feb 2006
    Location
    Atlanta, GA, USA
    Posts
    3,748
    Mentioned
    73 Post(s)
    Tagged
    0 Thread(s)
    *pokes nose in, smelling PHP related stuff*

    mysql_real_escape_string may be used around any string (or variable) once the database connection has been established; however, the mysql_ library in PHP is being deprecated, and it is strongly advised you switch to mysqli_ or PDO, and in doing so, also change your query formation to use prepared statements; this will eliminate the need for escaping strings, as well as make your code more secure.
    Never grow up. The instant you do, you lose all ability to imagine great things, for fear of reality crashing in.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •