You are viewing our Forum Archives. To view or take place in current topics click here.
I need help MYSQL
Posted:

I need help MYSQLPosted:

KLArcher
  • Junior Member
Status: Offline
Joined: Jan 24, 201311Year Member
Posts: 71
Reputation Power: 2
Status: Offline
Joined: Jan 24, 201311Year Member
Posts: 71
Reputation Power: 2
Hey, Im having a slight problem & require your assistance.

So im trying to grab some extra data from my MSQL database but im not having much success I cannot get the ID, Name or email

I have attached a file containing my code could you maybe take a look at it?

Attachment Not Working?

[ Register or Signin to view external links. ]


Thanks
Keenan
#2. Posted:
RapidzMoose
  • V5 Launch
Status: Offline
Joined: Mar 02, 201212Year Member
Posts: 49
Reputation Power: 1
Status: Offline
Joined: Mar 02, 201212Year Member
Posts: 49
Reputation Power: 1
The SQL is fine, but for your case, it's incorrect.
You need to use the "WHERE" clause.

So:
$query = mysql_query("SELECT * FROM users WHERE username = '{$username}'");

Let me know if you have any more problems buddy.
#3. Posted:
ObscureCoder
  • Resident Elite
Status: Offline
Joined: Jun 29, 201311Year Member
Posts: 211
Reputation Power: 13
Status: Offline
Joined: Jun 29, 201311Year Member
Posts: 211
Reputation Power: 13
RapidzMoose wrote The SQL is fine, but for your case, it's incorrect.
You need to use the "WHERE" clause.

So:
$query = mysql_query("SELECT * FROM users WHERE username = '{$username}'");

Let me know if you have any more problems buddy.

* clap, clap *
You've just posted outdated and insecure code. Well done, buddy.
#4. Posted:
bgd
  • New Member
Status: Offline
Joined: Nov 08, 201014Year Member
Posts: 40
Reputation Power: 1
Status: Offline
Joined: Nov 08, 201014Year Member
Posts: 40
Reputation Power: 1
ObscureCoder wrote
RapidzMoose wrote The SQL is fine, but for your case, it's incorrect.
You need to use the "WHERE" clause.

So:
$query = mysql_query("SELECT * FROM users WHERE username = '{$username}'");

Let me know if you have any more problems buddy.

* clap, clap *
You've just posted outdated and insecure code. Well done, buddy.


Does it really matter? He's trying to help. He's not even using PDO or anything so it's all outdated, but it doesn't matter.
#5. Posted:
RapidzMoose
  • V5 Launch
Status: Offline
Joined: Mar 02, 201212Year Member
Posts: 49
Reputation Power: 1
Status: Offline
Joined: Mar 02, 201212Year Member
Posts: 49
Reputation Power: 1
Thank you BILLYDEVOMERT. He clearly doesn't have a clue what he's talking about.

MySQL is outdated, but in this case, the OP is using it. Therefor, I'm not going to use MySQLite:
$query = $db->query("SELECT * FROM users WHERE username = '{$username}'");


That will throw out an error.
#6. Posted:
7en
  • Wise One
Status: Offline
Joined: Aug 16, 201212Year Member
Posts: 598
Reputation Power: 29
Status: Offline
Joined: Aug 16, 201212Year Member
Posts: 598
Reputation Power: 29
BILLYDEVOMERT wrote
ObscureCoder wrote
RapidzMoose wrote The SQL is fine, but for your case, it's incorrect.
You need to use the "WHERE" clause.

So:
$query = mysql_query("SELECT * FROM users WHERE username = '{$username}'");

Let me know if you have any more problems buddy.

* clap, clap *
You've just posted outdated and insecure code. Well done, buddy.


Does it really matter? He's trying to help. He's not even using PDO or anything so it's all outdated, but it doesn't matter.


He doesn't need to use PDO. mysql_* can be just as secure if you know what you're doing. If protecting client information isn't absolutely number one on your priority list, then you're a terrible developer.

As for you, "RapidzMoose", do you have any idea how annoying it is to be told you " don't know what you're talking about" by someone who clearly doesn't know what they're talking about? I guess you don't.


Last edited by 7en ; edited 1 time in total
#7. Posted:
iyop45
  • Prospect
Status: Offline
Joined: Apr 15, 201113Year Member
Posts: 614
Reputation Power: 83
Status: Offline
Joined: Apr 15, 201113Year Member
Posts: 614
Reputation Power: 83
RapidzMoose wrote Thank you BILLYDEVOMERT. He clearly doesn't have a clue what he's talking about.

MySQL is outdated, but in this case, the OP is using it. Therefor, I'm not going to use MySQLite:
$query = $db->query("SELECT * FROM users WHERE username = '{$username}'");


That will throw out an error.
It's not solely the fact that he's using outdated extensions but you're suggesting he use them in an insecure manner. The code you suggested on both occasions are vulnerable to SQL injection in the most blunt way and what's the point of using PDO if you're not going to even bother parameterizing your queries?

Also he doesn't need the WHERE clause if he wants all the results with no conditions:
[ Register or Signin to view external links. ]

( MySQLi extensions are not deprecated only mysql_ )


Last edited by iyop45 ; edited 1 time in total
#8. Posted:
7en
  • Wise One
Status: Offline
Joined: Aug 16, 201212Year Member
Posts: 598
Reputation Power: 29
Status: Offline
Joined: Aug 16, 201212Year Member
Posts: 598
Reputation Power: 29
iyop45 wrote
RapidzMoose wrote Thank you BILLYDEVOMERT. He clearly doesn't have a clue what he's talking about.

MySQL is outdated, but in this case, the OP is using it. Therefor, I'm not going to use MySQLite:
$query = $db->query("SELECT * FROM users WHERE username = '{$username}'");


That will throw out an error.
It's not solely the fact that he's using outdated extensions but you're suggesting he use them in an insecure manner. The code you suggested on both occasions are vulnerable to SQL injection in the most blunt way and what's the point of using PDO if you're not going to even bother parameterizing your queries?

( MySQLi extensions are not deprecated only mysql_ )


Haven't seen you in a while :3 this forum makes me want to kill myself.
#9. Posted:
RapidzMoose
  • New Member
Status: Offline
Joined: Mar 02, 201212Year Member
Posts: 49
Reputation Power: 1
Status: Offline
Joined: Mar 02, 201212Year Member
Posts: 49
Reputation Power: 1
iyop45 wrote
RapidzMoose wrote Thank you BILLYDEVOMERT. He clearly doesn't have a clue what he's talking about.

MySQL is outdated, but in this case, the OP is using it. Therefor, I'm not going to use MySQLite:
$query = $db->query("SELECT * FROM users WHERE username = '{$username}'");


That will throw out an error.
It's not solely the fact that he's using outdated extensions but you're suggesting he use them in an insecure manner. The code you suggested on both occasions are vulnerable to SQL injection in the most blunt way and what's the point of using PDO if you're not going to even bother parameterizing your queries?

( MySQLi extensions are not deprecated only mysql_ )

I know MySQLi is not deprecated. And I was only showing the basic way. I'm not going to into security because there is no point. He can figure that out himself, I'm sure he doesn't need me.

Now, stop getting so pathetically dramatic. I tried showing him the simplest way to solve his problem. If you want to correct me on the "Query" then go a head.
#10. Posted:
iyop45
  • Prospect
Status: Offline
Joined: Apr 15, 201113Year Member
Posts: 614
Reputation Power: 83
Status: Offline
Joined: Apr 15, 201113Year Member
Posts: 614
Reputation Power: 83
RapidzMoose wrote
iyop45 wrote
RapidzMoose wrote Thank you BILLYDEVOMERT. He clearly doesn't have a clue what he's talking about.

MySQL is outdated, but in this case, the OP is using it. Therefor, I'm not going to use MySQLite:
$query = $db->query("SELECT * FROM users WHERE username = '{$username}'");


That will throw out an error.
It's not solely the fact that he's using outdated extensions but you're suggesting he use them in an insecure manner. The code you suggested on both occasions are vulnerable to SQL injection in the most blunt way and what's the point of using PDO if you're not going to even bother parameterizing your queries?

( MySQLi extensions are not deprecated only mysql_ )

I know MySQLi is not deprecated. And I was only showing the basic way. I'm not going to into security because there is no point. He can figure that out himself, I'm sure he doesn't need me.

Now, stop getting so pathetically dramatic. I tried showing him the simplest way to solve his problem. If you want to correct me on the "Query" then go a head.

But you didn't solve the problem.

Adding the where clause was irrelevant, how are you sure he wanted a specific row from the table when he didn't specify at all what he wanted to achieve from his query? The query itself was perfectly valid in the first place and so that's all you can go by. The fact that he is using arrays to hold his results further enforces the fact that he wasn't expecting a single result, for which your first reply suggests you assumed he did.

@KLArcher
You need to run the sql statement through phpmyadmin and check the results returned are what you expect/want. If so then just parse through your script line by line and var_dump() each variable you're using/setting to see where your problem lies.

At this point nobody in the forum knows what your problem is and so nobody can help you, you really must be more specific.


Last edited by iyop45 ; edited 1 time in total
Jump to:
You are viewing our Forum Archives. To view or take place in current topics click here.