Is there something wrong with this Query? New to mysqli commands - mysqli

Is there something wrong with this query in mysqli? I converted it from mysql, worked perfectly then but now it doesn't
mysqli_query($con,"SELECT * FROM signed_out_students WHERE date = '$date6' AND time_in = '' order by time_out DESC");
This is how it fits into the actual code. I know that there is entries in the databse with the date of today but its not showing them? D:
else if (out == $display) {
date_default_timezone_set('NZ');
$date6 = date('d.m.Y');
$result4 = mysqli_query($con,"SELECT * FROM signed_out_students WHERE date = '$date6' AND time_in = '' order by time_out DESC");
echo '<table border="0">';
echo '<tr>';
echo '<td width="70px"><h2>Date</h2>';
echo '</td>';
echo '<td width="150px"><h2>Name</h2>';
echo '</td>';
echo '<td width="90px"><h2>Form Class</h2>';
echo '</td>';
echo '<td width="70px"><h2>Time Out</h2>';
echo '</td>';
echo '<td width="70px"><h2>Time In</h2>';
echo '</td>';
while($row4 = mysqli_fetch_array($result4))
{
echo '<tr>';
echo '<td><p>' . $row4['date'];
echo '</td>';
echo '<td><p>' . $row4['name'];
echo '</td>';
echo '<td><p>' . $row4['form_class'];
echo '</td>';
echo '<td><p>' . $row4['time_out'];
echo '</td>';
echo '<td><p>' . $row4['time_in'];
if ($row['time_in'] == "") { echo '-';}
echo '</td>';
}
echo '</table>';
}
Thanks guys!

Is there something wrong with this query in mysqli?
Yes, a lot.
You aren't checking for errors
You aren't using placeholders
You're using mysqli, while PDO have to be used instead.
Start here: https://stackoverflow.com/tags/pdo/info
Also, as a side note, your date have to be in 'Y-m-d' format.

remove the single quotes from the variable in the Query :
mysqli_query($con,"SELECT * FROM signed_out_students WHERE date = $date6 AND time_in = '' order by time_out DESC");

Related

Sql-injection error

I am trying to do SQL-injection attack on a local website on my localhost. I am trying to get all the products from product table using the wildcard ';-- but there seems to be some problem with the query. It's giving me this error
'Warning: mysqli_fetch_assoc() expects parameter 1 to be
mysqli_result, boolean given in C:\wamp64\www\tplus\products.php on
line 151'
Here is my PHP code
<?php
//$search_value = mysqli_real_escape_string($conn,$_GET['search']);
$search_value = $_GET['search'];
$result = mysqli_query($conn,"SELECT * FROM products where p_name LIKE '%".$search_value."%'");
while ($row = mysqli_fetch_assoc($result))
{
echo "<tr>";
echo "<td>";
echo $row['p_name'];
echo "</td>";
echo "<td>";
echo $row['p_price'];
echo "</td>";
echo "<td>";
echo $row['p_brand'];
echo "</td>";
echo "<td>";
echo $row['p_info'];
echo "</td>";
echo "</tr>";
}
?>
Try this
if (!$result) {
die(echo 'MySQL Error: ' . mysqli_error())
}
You need to check if
"SELECT * FROM products where p_name LIKE '%".$search_value."%'"
is a valid SQL statement.
The indication is that it is not - hence the error.
Perhaps output that string and check where the SQL statement is incorrect.

pg_fetch_assoc returning 1 after values

I am beginner in PHP, i am working with session and pg functions. So i want to return user's first name and last name from database(basically user's details) and display it to different page using session. and it is returning using pg_fetch_assoc() but the problem is like it is showing 1 after every value like (firstname 1), (lastname 1). How can i fix it. is there any other way to return values from database and display it and also use these values as conditions.
Thanks
Below is my code:
$login = trim($_POST['login']);
$pass = trim($_POST['pass']);
$result = pg_execute($conn, "login_query", array($login, hash(HASH_ALGO, $pass)));
$records = pg_num_rows($result);
if($records == 1){
$_SESSION['user_id'] = $login;
$row = pg_fetch_assoc($result);
$_SESSION['first_name'] = $row['first_name'];
$_SESSION['last_name'] = $row['last_name'];
$_SESSION['last_access'] = $row['last_access'];
$_SESSION['user_type'] = $row['user_type'];
//$_SESSION['details'] = $row;
pg_execute($conn, "update_query", array($login));
/* $_SESSION['output'] = $output();*/
$_SESSION['output'] = "Welcome back " . pg_fetch_result($result,0,"first_name") . pg_fetch_result($result,0,"last_name").'</br>';
$_SESSION['output'] .= "Our records show that your </br>" . "email address is " . pg_fetch_result($result,0,"email_address") . "</br>";
$_SESSION['output'] .= "and you last accessed our system: " . pg_fetch_result($result,0,"last_access") . "</br>";
header('location: ./user-dashboard.php');
}
here is var_dump($row); value:
array(9) { ["user_id"]=> string(20) "jdoe " ["password"]=> string(32) "179ad45c6ce2cb97cf1029e212046e81" ["user_type"]=> string(2) "c " ["email_address"]=> string(256) "jdoe#gmail.com " ["first_name"]=> string(128) "John " ["last_name"]=> string(128) "Doe " ["birth_date"]=> string(10) "1998-02-05" ["enrol_date"]=> string(10) "2017-01-01" ["last_access"]=> string(10) "2017-10-18" }
database
pg_fetch_assoc returns values OK. you can see it in result of var_dump($row); - see the ["last_name"]=> string(128) "Doe " - it has extra space - yes, but not 1. So another bit of code adds 1 after $row["last_name"] value.
<h1 class="floating-box" ><?php echo print_r($_SESSION['first_name'],True); ?></h1>
<h1 class="floating-box" ><?php echo print_r($_SESSION['last_name']); ?></h1>
<h1 class="floating-box" ><?php echo print_r($_SESSION['last_access']); ?></h1>
Sorry, i forgot to add true in print_r() function. Thanks for your help. #Vao Tsun

PHP - echo inside an echo

I have a PHP if/else statement. This is the code I'm trying to echo under an else condition.
<?php $locked = ForumData::is_topic_locked($post->topic_id);
if ($locked->topic_locked == 1) {echo '<td align="right"><font color="#FF0000">Topic Locked</font><td>';}
else {
echo '<td align="left"><img src="<?php echo SITE_URL?>/lib/skins/flyeuro/images/forums/t_reply.gif"/></td>'; }
?>
The bit I'm interested to echo is this.
<img src="<?php echo SITE_URL?>
If I try this... 'echo SITE_URL'
Parse error: syntax error, unexpected T_ECHO, expecting ',' or ';'
But this doesn't parse the image, and if I try parsing anything else, it's giving me parsing errors, which I can't fix?
How can I therefore produce an echo inside another echo?
why did you open a <?php tag again, you are already in echo line?
echo '<td align="left"><img src="'.SITE_URL.'/lib/skins/flyeuro/images/forums/t_reply.gif"/></td>';
and what is SITE_URL? Is that a variable, did you forget to put $?
echo prints out the string that you gave as parameter,
echo "foo";
As #hakre mentioned about it, . is used to concatenate strings.
$var = "foo"."bar"; //foobar
So you can use it in echo line,
$var = "foo"."bar"; //foobar
echo "foo "."bar ".$var // foo bar foobar
And It's not important weather variable defined as a string. It would be a constant variable.
define('SITE_URL', 'localhost:8080/phpvms');
echo "my website URL is ".SITE_URL; //my website URL is localhost:8080/phpvms
Remember:
<?php echo "View"; ?>
" and \
this!
Hope that's enough of a hint!#
Your problem is probably solved this way:
echo '<td align="left"><a href="',
url('Forum/create_new_post?topic_id=' . $post->topic_id . '&forum_id=' . $post->forum_id . '') ,
'"><img src="', SITE_URL,
#######################
'/lib/skins/flyeuro/images/forums/t_reply.gif"/></a></td>';
In PHP you can use constants quite like variables, e.g. to output them. You don't need to stack echoes inside each other or something.

Which is correct method to compare two dates in PHP?

I've following code to compare two dates in PHP,which one while be appropriate method
<?php
$var = date('d-m-Y',strtotime('29-05-2012'));
$var1 = date('d-m-Y',strtotime('27-06-2012'));
echo $var; //29-05-2012
echo $var1; //27-06-2012
if($var1 >= $var) //method 1
{
echo 'var1 is future date';
}
if(strtotime($var1) >= strtotime($var)) //method 2
{
echo 'var1 is future date(second if)';
}
?>
In above two methods,method-1 is not working,is it not a correct way to compare two dates in PHP ?
No, the first method is incorrect because $var1 and $var are strings, so you can't compare them like that.
However, strtotime() creates unix timestamps (integers), so you can and should compare them like that.
Just leave the date as string, and convert with strtotime in if ().
$a = '29-5-2012';
$b = '27-6-2012';
if (strtotime($a) >= strtotime($b)) {
echo "$a is future date.";
} else {
echo "$b is future date.";
}
// 27-6-2012 is future date.
Depending on you php version >= 5.3 you can try date_diff()
$time1 = strtotime('29-05-2012'); # <--- past
$time2 = strtotime('27-06-2012'); # <--- future
echo max($time1,$time2);
echo "<br />";
echo min($time1,$time2);
why not:
if (mktime(0,0,0,12,31,2012) > mktime(0,0,0,6,25,2011)) {
echo "12/31/2012 is after 6/25/2011";
}
$date1=date('d/m/y');
$tempArr=explode('_', '31_12_11');
$date2 = date("d/m/y", mktime(0, 0, 0, $tempArr[1], $tempArr[0], $tempArr[2]));

Read User Wall Post and others who posted on wall

I am new to the facebook graph API ,but I know the basics. Now I need help from you all about how to read user wall posts and others who posted on the wall of any user, with read_stream. But I don't know how to call it. I tried some way but I was able to read just the name and basic info. I need help in reading objects. Please help me!!!
<?php
define('FACEBOOK_APP_ID', 'xxxxxx');
define('FACEBOOK_SECRET', 'xxxxxx');
function get_facebook_cookie($app_id, $application_secret) {
$args = array();
parse_str(trim($_COOKIE['fbs_' . $app_id], '\\"'), $args);
ksort($args);
$payload = '';
foreach ($args as $key => $value) {
if ($key != 'sig') {
$payload .= $key . '=' . $value;
}
}
if (md5($payload . $application_secret) != $args['sig']) {
return null;
}
return $args;
}
$cookie = get_facebook_cookie(FACEBOOK_APP_ID, FACEBOOK_SECRET);
?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml"
xmlns:fb="http://www.facebook.com/2008/fbml">
<body>
<?php
echo 'Your Facebook ID: '.$cookie;
if ($cookie) {
//cookie is set, user is logged in
$user = json_decode(file_get_contents('http://graph.facebook.com/'.$cookie['uid']));
//Display the facebook user ID, name, gender and Facebook URL in the web browser
echo '<br />';
echo 'Your Facebook ID: '.$user->{'id'};
echo '<br />';
echo 'Your name: '.$user->{'name'};
echo '<br />';
echo 'Your gender: '.$user->{'gender'};
echo '<br />';
echo 'Your Facebook URL: '.$user->{'link'};
echo '<br />';
echo '<img src="http://graph.facebook.com/'.$user->{'id.'/picture" alt="'.$user-> {'name'}.'"/>';
echo '<br />';
echo '<fb:login-button autologoutlink="true"></fb:login-button>';
}
else
{
//user is not logged in, display the Facebook login button
echo '<h2>Facebook Application Test page</h2>';
echo '<br />';
echo' message somethng';
</body>
</html>
First of all you must take permission from your users
$url = "https://graph.facebook.com/oauth/authorize?"
."client_id=".$app_id."&"
."redirect_uri=http://apps.facebook.com/".$app_name."/&scope=read_stream";
<script language="javascript">window.open('<?php echo $url ?>', '_parent', '');</script>
Then you can get user's wall. There is an example here.
if(isset($_GET["code"])){
if(isset($_REQUEST['state']) == isset($_SESSION['state'])) {
$token_url = "https://graph.facebook.com/oauth/access_token?"
. "client_id=" . $app_id . "&redirect_uri=" . "http://apps.facebook.com/".$app_name."/"
. "&client_secret=" . $app_secret . "&code=" . $_GET["code"];
$response = #file_get_contents($token_url);
$params = null;
parse_str($response, $params);
$graph_url = "https://graph.facebook.com/".$user_id."/feed/?access_token=".$params['access_token'];
$user = json_decode(file_get_contents($graph_url));
foreach($user as $feeds)
{
foreach($feeds as $feed)
{
if(isset($feed->link))
{
echo $feed->link."<br>";
}
}
}
}
}