Why isn't this getting the correct info from my database?

Codes here !

Moderators: macek, egami, gesf

freedom
New php-forum User
New php-forum User
Posts: 5
Joined: Fri Jul 13, 2012 9:29 am

Why isn't this getting the correct info from my database?

Postby freedom » Fri Jul 13, 2012 9:31 am

Hi
I'm relatively new to this, so sorry if I'm posting in the wrong place.
I've got a table in my database which holds 4 things - id, time put in and user and message (for a basic chat-room style thing).
I'm trying to call these using a PHP page. But my page just gets returned blank when I put an argument in the address bar. I'm trying to call it so that only lines with a certain user in the user column get shown. My code is below - can anybody see what I am doing wrong?
The URL of the file is http://freedom-apps.co.uk/chat/messages.php. You see a load of entries - at the start, there is u m u m u m. U represents the user entered, m is the message. So I tried:
http://freedom-apps.co.uk/chat/messages.php?user=u
which returns an error. Any ideas?
My code is:

Code: Select all

<?php
header( 'Content-type: text/xml' );
mysql_connect( 'localhost:/var/lib/mysql/mysql.sock', 'freedom_ASAPPS', '********' );
mysql_select_db( 'freedom_chat_alpha' );
if ( $_REQUEST['user'] ) {
$result = mysql_query('SELECT * FROM chatitems WHERE user = '.
mysql_real_escape_string( $_REQUEST['user'] ).
' ORDER BY added LIMIT 50');
} else {
$result = mysql_query('SELECT * FROM chatitems ORDER BY added LIMIT 50' );
}
?>
<chat>
<?php
while ($row = mysql_fetch_assoc($result)) {
?>
<message added="<?php echo( $row['added'] ) ?>" id="<?php echo( $row['id'] ) ?>">
<user><?php echo( htmlentities( $row['user'] ) ) ?></user>
<text><?php echo( htmlentities( $row['message'] ) ) ?></text>
</message>
<?php
}
mysql_free_result($result);
?>
</chat>

Thanks,
Sam
Last edited by freedom on Sat Jul 14, 2012 8:55 am, edited 1 time in total.

johnj
php-forum Super User
php-forum Super User
Posts: 1805
Joined: Thu Mar 10, 2011 5:07 pm

Re: Why isn't this getting the correct info from my database

Postby johnj » Fri Jul 13, 2012 9:18 pm

do a var_dump($result) to see if data is getting fetched.

freedom
New php-forum User
New php-forum User
Posts: 5
Joined: Fri Jul 13, 2012 9:29 am

Re: Why isn't this getting the correct info from my database

Postby freedom » Sat Jul 14, 2012 1:02 am

johnj wrote:do a var_dump($result) to see if data is getting fetched.

Hi
I did that. I now get

Code: Select all

junk resource(2) of type (mysql result)
appended to the end of the contents when I go to messages.php in Safari.
Again, I get an error on line 23 when I do ?user=u
From what I've read, line 23 seems ok.
I was wondering if I have used the right syntax for saying when a variable = something.
I say:

Code: Select all

WHERE user = '.
        mysql_real_escape_string( $_REQUEST['user'] ).
        ' ORDER BY added LIMIT 50');

Is the '=' correct?

Sam

johnj
php-forum Super User
php-forum Super User
Posts: 1805
Joined: Thu Mar 10, 2011 5:07 pm

Re: Why isn't this getting the correct info from my database

Postby johnj » Sat Jul 14, 2012 5:59 am

rewrite that as, WHERE user = '$user';

and $user = mysql_escape_string($_REQUEST['user'])

johnj
php-forum Super User
php-forum Super User
Posts: 1805
Joined: Thu Mar 10, 2011 5:07 pm

Re: Why isn't this getting the correct info from my database

Postby johnj » Sat Jul 14, 2012 6:00 am

make sure that $_REQUEST['user'] has a value.

freedom
New php-forum User
New php-forum User
Posts: 5
Joined: Fri Jul 13, 2012 9:29 am

Re: Why isn't this getting the correct info from my database

Postby freedom » Sat Jul 14, 2012 6:59 am

johnj wrote:make sure that $_REQUEST['user'] has a value.

What do you mean by this line? Do you mean that I must always have an argument, or that in

Code: Select all

$_REQUEST['user']
, I can not replace 'user' with nothing.
Sam

freedom
New php-forum User
New php-forum User
Posts: 5
Joined: Fri Jul 13, 2012 9:29 am

Re: Why isn't this getting the correct info from my database

Postby freedom » Sat Jul 14, 2012 7:11 am

johnj wrote:rewrite that as, WHERE user = '$user';

and $user = mysql_escape_string($_REQUEST['user'])

Thanks for your help so far.
So, being as new as I am to this, I didn't completely understand what you meant. I referred to the book I have being learning from (Learning PHP, MySQL, and JavaScript: A Step-by-Step Guide to Creating Dynamic Websites) and decided this was correct:

Code: Select all

    $result = mysql_query('SELECT * FROM chatitems WHERE user = '$user';
        $user = mysql_escape_string($_REQUEST['user'])
        ORDER BY added LIMIT 50');

but it's still not! Now I get an error on line 6 (the 1st line of that code).
Any ideas? I wondered if it was to do with the '.' you are meant to use before and after inline expressions (see my previous code above).
Again, thanks for your help so far,
Sam

johnj
php-forum Super User
php-forum Super User
Posts: 1805
Joined: Thu Mar 10, 2011 5:07 pm

Re: Why isn't this getting the correct info from my database

Postby johnj » Sat Jul 14, 2012 8:32 am

rewrite it like this:

Code: Select all

$user = mysql_escape_string($_REQUEST['user']);

$result = mysql_query('SELECT * FROM chatitems WHERE user = '$user' ORDER BY added LIMIT 50');


freedom
New php-forum User
New php-forum User
Posts: 5
Joined: Fri Jul 13, 2012 9:29 am

Re: Why isn't this getting the correct info from my database

Postby freedom » Sat Jul 14, 2012 9:20 am

Thanks - I just referred back to my book and that was nearly it. It was missing the string concatenation operators. Should have had '.' on the insides of the '' around $user.
Or " instead of ' at the start of the results bit (got this from a StackOverflow article)
Thanks for the advice and help! Yet another forum I'm convinced to the quality of.

Sam


Return to “mySQL & php coding”

Who is online

Users browsing this forum: Google [Bot] and 1 guest