php help needed

can`t connect to my database using LIKE in my php script

Page 1 of 1

3 Replies - 1009 Views - Last Post: 17 November 2009 - 02:34 PM Rate Topic: -----

#1 copenhagen  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 90
  • Joined: 16-March 08

php help needed

Posted 15 November 2009 - 11:45 AM

Hi :)

I really hope that somebody out there can help me, cause I am going crazy :crazy:

My problem is that I sent a variable from my flash script to my php script, I then want my php script to find the column in my msql database that the variable from flash match in the database. I can however make it work if I hard code a string with the column name in the script, but that is not what I want. I have placed a lot of //////////(slashes) in the script, where I see the problem:
<?php
$_POST['action'] = 'listAll';
$_POST['username'] = 'dpowers';
// set sort order for results
$order = ' ORDER BY family_name, first_name, username, stadionNamedata';

// include the Database classes
require_once('../classes/database.php');

// escape quotes and apostrophes if magic_quotes_gpc off
foreach($_POST as $key=>$value) {
  if (!get_magic_quotes_gpc()) {
	$temp = addslashes($value);
	$_POST[$key] = $temp;
	}
  }

// Register new user if "action" is set to "register" in POST array
if ($_POST['action'] == 'register') {
  // check whether anyone already has the same username
  $unique = checkDuplicate($_POST['username']);
  if ($unique) {
	$db = new Database('localhost','flashadmin','fortytwo','phpflash');
	$sql = 'INSERT INTO users (first_name,family_name,username,pwd)
	   VALUES ("'.$_POST['first_name'].'","'.$_POST['family_name'].'",
	   "'.$_POST['username'].'","'.sha1($_POST['pwd']).'")';
	$result = $db->query($sql);
	if ($result) {
	  $created = 'Account created for '.$_POST['first_name'].' '.$_POST['family_name'];
	  echo 'duplicate=n&message='.urlencode($created);
	  }
	}
  }
elseif ($_POST['action'] == 'listAll' && $_POST['username'] != '') {
  // code for retrieving full list
  $sql = 'SELECT * FROM users WHERE username = '.$_POST['username']; ////////////////////////////////////////// (here I see the problem, but what do I do?).
  echo getUserList($sql);
  }
elseif ($_POST['action'] == 'find') {
  // code for search by name, etc
  }
elseif ($_POST['action'] == 'getDetails') {
  // get user details for updating
  }
elseif ($_POST['action'] == 'doUpdate') {
  // update record
  }
elseif ($_POST['action'] == 'doDelete') {
  // delete record
  }
elseif ($_POST['action'] == 'logout') {
  // logout code goes here
  }

// Check for duplicate use of username
function checkDuplicate($username, $user_id = 0) {
  $db = new Database('localhost','flashuser','deepthought','phpflash');
  $sql = "SELECT username FROM users WHERE username = '$username'";
  // add to SQL if user_id supplied as argument
  if ($user_id > 0) {
	$sql .= " AND user_id != $user_id";
	}
  $result = $db->query($sql);
  $numrows = $result->num_rows;
  $db->close();
  
  // if username already in use, send back error message
  if ($numrows > 0) {
	$duplicate = 'Duplicate username. Please choose another.';
	echo 'duplicate=y&message='.urlencode($duplicate);
	exit();
	}
  else {
	return true;
	}
  }
// gets a list of users
function getUserList($sql) {
  $db = new Database('localhost','flashuser','deepthought','phpflash');
  $result = $db->query($sql);
  $numrows = $result->num_rows;
  $userlist = "total=$numrows";
  $counter = 0;
  while ($row = $result->fetch_assoc()) {
	$userlist .= '&user_id'.$counter.'='.$row['user_id'];
	$userlist .= '&first_name'.$counter.'='.urlencode(stripslashes($row['first_name']));
	$userlist .= '&family_name'.$counter.'='.urlencode(stripslashes($row['family_name']));
	$userlist .= '&username'.$counter.'='.urlencode($row['username']);
	$userlist .= '&stadionNamedata'.$counter.'='.urlencode($row['stadionNamedata']);
	$counter++;
	}
  $db->close();
  return $userlist;
  }
?>



this is the output I am getting with above script:

Quote

error=MySQL+Error%3A+Unknown+column+%27dpowers%27+in+%27where+clause%27


I can get the output I want from the script, if I change the line:
$sql = 'SELECT * FROM users WHERE username = '.$_POST['username'];



with this:

$sql = "SELECT * FROM users WHERE username LIKE 'dpowers'";



then I get the output I want, which is:
total=1&user_id0=1&first_name0=David&family_name0=Powers&username0=dpowers&stadionNamedata0=vezenzi



but I want to replace the string ('dpowers') with a variable, that contains the string, from flash, but eventhough it seems very simple then nothing works, so please help me out :^:

Is This A Good Question/Topic? 0
  • +

Replies To: php help needed

#2 JackOfAllTrades  Icon User is offline

  • Saucy!
  • member icon

Reputation: 6066
  • View blog
  • Posts: 23,526
  • Joined: 23-August 08

Re: php help needed

Posted 15 November 2009 - 05:08 PM

$sql = 'SELECT * FROM users WHERE username = '.$_POST['username'];


The username is a string, so I would think you'd want to wrap the value in quotes:
$sql = 'SELECT * FROM users WHERE username = "'.$_POST['username'].'"';

Was This Post Helpful? 0
  • +
  • -

#3 felixtgomezjr  Icon User is offline

  • D.I.C Head
  • member icon

Reputation: 3
  • View blog
  • Posts: 68
  • Joined: 04-November 09

Re: php help needed

Posted 15 November 2009 - 08:48 PM

do you really want to use LIKE or "="?

if you want a query with variable, do this

$sql = "SELECT * FROM users WHERE username = '$var'"

for LIKE

$sql = "SELECT * FROM users WHERE username LIKE %'$var'%"

not much of a difference.

I hope this will help.
Was This Post Helpful? 0
  • +
  • -

#4 copenhagen  Icon User is offline

  • D.I.C Head

Reputation: 0
  • View blog
  • Posts: 90
  • Joined: 16-March 08

Re: php help needed

Posted 17 November 2009 - 02:34 PM

View Postfelixtgomezjr, on 15 Nov, 2009 - 07:48 PM, said:

do you really want to use LIKE or "="?

if you want a query with variable, do this

$sql = "SELECT * FROM users WHERE username = '$var'"

for LIKE

$sql = "SELECT * FROM users WHERE username LIKE %'$var'%"

not much of a difference.

I hope this will help.


I got it :)

Thanks :^:
Was This Post Helpful? 0
  • +
  • -

Page 1 of 1