PostgreSQL query works but not with php - postgresql

I want to make a php query to a PostgreSQL database. I tested the query in the server and returns, but when I try it in php:
<?php
//Check the input
if (!isset($_POST['variable']))
echo "Address not selected";
$input = $_POST['variable'];
//$input = ucfirst(trim($_POST['variable']));
//echo $input;
$conn = pg_connect("host=localhost port=5432 dbname=geocoder user=postgres");
if (!$conn)
echo "Could not connect to server..";
$sql = "SELECT (addy).stateabbrev FROM geocode($input);";
$result = pg_query($conn, $sql);
if (!$result)
echo "Query did not executed..";
?>
I get that "Query did not executed..";
The string for the QUERY is taken from a html page using javascript.
In the error.log of Apache2 i get:
PHP Warning: pg_query(): Query failed: ERROR: syntax error at or near "Penn"\nLINE 1: SELECT (addy).stateabbrev FROM geocode(O
What can be the point here?

Sanitize the user supplied data:
$input = pg_escape_literal($conn, $input);
$sql = "SELECT (addy).stateabbrev FROM geocode($input);";

I managed to find the problem, which is the fact that $input variable from geocode() function, must be surrounded by single quotes:
geocode('$input')
:)

Related

TYPO3, Extbase: mysqli error message, commands out of sync

I try to update a really old extbase extension which is from another programmer. TYPO3-Version is 8.7.13
The following function in my Repository throws the error:
"Commands out of sync; you can't run this command now
Doctrine\DBAL\Driver\Mysqli\MysqliException thrown in file
/Volumes/web/src/typo3_src-8.7.13/vendor/doctrine/dbal/lib/Doctrine/DBAL/Driver/Mysqli/MysqliStatement.php in line 249."
And this ist the function:
Public Function delete($standort, $month)
{
$m = date('m',$month);
$y = date('Y',$month);
$sql = "
DELETE FROM mytable
WHERE standort = ".$standort." AND FROM_UNIXTIME( monat, '%m' ) = $m AND FROM_UNIXTIME( monat, '%Y' ) = $y ";
$query = $this->createQuery();
$query->statement($sql);
$query->execute(TRUE);
}
with $query->execute(FALSE); no error is thrown but the sql is not executed. With $query->execute(TRUE); the error appears but the sql will be executed.
Can anybody help?
Thanks!
What about changing this statement to Doctrine? You can find the documentation here: https://docs.typo3.org/typo3cms/CoreApiReference/8.7/ApiOverview/Database/BasicCrud/Index.html#delete-a-row

mysqli_query() expects parameter 1 to be mysqli error

I have a problem with my scripts I need to change minimal of 30 scripts to the "new" mysqli but its terrible I know some basics but now I'm complete lost...
The connection to the database is ok, but now I have this error with this kind of rule in the script.... can someone help me out so I can learn from it ?
$sql_email_check = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT email
FROM users WHERE email='$email' AND status='Alive'");
$sql_username_check = mysqli_query($GLOBALS["___mysqli_ston"],
"SELECT username FROM users WHERE username='$reg_username'");
Update 1:
I cleared the error from the first rule of the script, i saw something on google similair.
This was my script:
$sql_email_check = mysqli_query($GLOBALS["___mysqli_ston"], "SELECT email FROM users WHERE email='$email' AND status='Alive'");
And now this:
$sql_email_check = mysqli_query($con, "SELECT email FROM users WHERE email='$email' AND status='Alive'");
i replaced: $GLOBALS["___mysqli_ston"], with $con, $con i have already dentifyed in a other filte with the connection with db and included in this file Is this right and will it work ? the error's are disapearing but if it will work ?
This is how I do it...
$connection = new mysqli('database_name', 'user', 'password', 'table_name');
$email = 'emailAddressYouWantToLookUp';
$sql = "SELECT email FROM users WHERE email = '$email' AND status = 'Alive';";
$results = $connection->query($sql);
$emailFoundInDatabase = '';
if ($results->num_rows > 0) {
while($row = $results->fetch_assoc()) {
$emailFoundInDatabase = $row['email'];
};
};
echo $emailFoundInDatabase;
Close!
The solution was
replacing: $GLOBALS["___mysqli_ston"], with $con,
I have $con in a other file that makes a connection with the database and included in this script.
Also got a weird error about
i replaced that with:
and now all error's are gone and this script is working 100%
Thanks

Mysqli bind_result error

I am new to SQL and PHP. My goal is simple: Check if there is already an email adress stored in database. I am using following code:
$email = info#test.pl;
$conn = new mysqli("localhost", "root", "", "mysite"); // Create connection
if ($conn->connect_error) { // Check connection
die("Connection failed: " . $conn->connect_error);
}
$stmt = $conn->prepare("SELECT * FROM contacts WHERE email = ?");
$stmt->bind_param("s", $email);
$stmt->execute();
$stmt->bind_result($email);
$stmt->store_result();
$result = $stmt->num_rows;
echo $result;
Every time i get an error. It says i am using wrong numbers of parameters in bind_result. How it can be?
If you're new to all this, I would recommend using PDO instead of mysqli.
As for your error: you select * columns but bind only one.
You can change the query to select email, or do away with binding the resultset:
if all you want is to check for the presence of the email, all you need is the rowcount.

Zend fetchRow() not working

I'm trying to fetch a row with a where statement but for some reason it throws an error at me.
This is the line
$row = $this->getDbTable()->fetchRow("order = $order");
I've put a die(); before this line and it does die,
Then I've put a die(); after this line and the die() doesn't get executed but throws an error.
The error doesn't help me much it only says "An error occurred Application error", there's nothing in my php error log either.
Help!
Going by your comments, I would try doing the where part 'properly'? E.g.:
$select = $this->getDbTable()->select()->where('order = ?', $order);
$row = $this->getDbTable()->fetchRow($select);
What is the situation you are needing to select by order? Is there a primary key you can select by?
Update:
Given your comments, maybe use update directly:
$table = $this->getDbTable();
$data = array( 'order' => $order+1 );
$where = $table->getAdapter()->quoteInto('order = ?', $order);
$table->update($data, $where);

How can i find the sql query statement of insert() in Zend Framework?

How can i find the sql query statement in Zend Framework for insert(), like its done for db table select's. $select->__toString().
Try this which work for me:
$db = Zend_Db_Table_Abstract::getDefaultAdapter();
$db->getProfiler()->setEnabled(true);
$profiler = $db->getProfiler();
$lastID = ($this->insert($data));
$query = $profiler->getLastQueryProfile();
$params = $query->getQueryParams();
$sqlQuery= $query->getQuery();
foreach ($params as $par) {
$sqlQuery = preg_replace('/\\?/', "'" . $par . "'", $sqlQuery, 1);
}
echo $sqlQuery;
You can't extract it since it's executed right away, but the code exists in Zend_Db_Adapter_Abstract::insert() and possibly overwritten in some of the adapters.