开发者

Variable in a mysql query

for ($i=0; $i<$count; $i++) {
    $appid = $chk[$i];


    include "dbconnect.php";
    $selectquery = mysql_query("SELECT * FROM regform_admin WHERE tid = '$appid'");
    $fetch = mysql_fetch_array($selectquery);
    $tid = $fetch['tid']; $username = $fetch['username']; $c_month = $fetch['month']; $c_day =$fetch['day']; $c_year = $fetch['year'];
    $c_month2 = $fetch['month2']; $c_day2 =$fetch['day2']; $c_year2 = $fetch['year2']; 
    $pickup = "".$c_month."/".$c_day."/".$c_year."";
    $return = "".$c_month2."/".$c_day2."/".$c_year2."";
    $pickuploc = "".$fetch['开发者_高级运维pickupret']." "." ".$fetch['speclocation']."";
    $desti = "".$fetch['destination']." "." ".$fetch['location']."";
    $vehicle1 = $fetch['vehicle1'];
    $datesent = date("n j, Y; G:i"); ;
    $rand = rand(98765432,23456789);

    include "vehicledbconnect.php";
    $vquery = mysql_query("SELECT * FROM vehicletbl WHERE vehicle = '$vehicle1'");
            $getvquery = mysql_fetch_array($vquery);
            $maxcars = $getvquery['maxcars'];
            $carsleft = $getvquery['carsleft'];
            if ($carsleft == 0) {
            echo '
        <script language="JavaScript">
        alert("Cannot move reservation to Pending for payment status. No available vehicles left for this reservation.");
        </script>';

        echo "$vehicle1";

            }

Hi guys my problem here is that the $vehicle is not returning its values if it is inserted in a database query ($vquery = mysql_query("SELECT * FROM vehicletbl WHERE vehicle = '$vehicle1'");) but if it is echoed, it return its value. The logic here is that it will select all the values from vehicletbl wherein the value of any values in 'vehicle' column will be equal to the $vehicle1. Thanks for the help!


You've got ZERO error handling on your queries. Try adding some debugging to the query calls:

$result = mysql_query(...) or die(mysql_error());

The rest of the code is ugly, but looks "ok", so start looking at WHY you're not getting anything back from the queries.

Never ever assume a query succeeds.


try this to debug :

$sql = "SELECT * FROM vehicletbl WHERE vehicle = '" . $vehicle1 . "'";
$vquery = mysql_query($sql) or die(mysql_error() . "\n<br>$sql");

thats what i do to find errors in my sql.


Noob programmer ? Here are some things to know :

for ($i=0; $i<$count; $i++) {
    $appid = $chk[$i];

// Replaced By ...
foreach($chk as $appid){

http://php.net/manual/en/control-structures.foreach.php

// Include the file before the loop ! You're including 20 times your file, but you just need to do it once ! Another thing to know:
include_once("dbconnect.php");

http://php.net/manual/en/function.include-once.php

$desti = "".$fetch['destination']." "." ".$fetch['location']."";
// WHY ?? Isn't that easier to do this ?
$desti = $fetch['destination']."  ".$fetch['location'];

And security :

// Don't forget to escape your variables before putting it in mysql queries
$appid = mysql_real_escape_string($appid);
$selectquery = mysql_query("SELECT * FROM regform_admin WHERE tid = '$appid'");

Best way to defend against mysql injection and cross site scripting

There are other remarks, but try to improve those points first !

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜