data not getting fetched

Question

I am using this code for fetching data from database , I am getting $data fetched properly but i am not getting data properly in this variable $seldata why is it so

<?php
    include_once("includes/connection.php");
    include_once("includes/session.php");
    //echo $_SESSION['uid'];
    $sql="SELECT * FROM employee WHERE eid = '{$_GET['id']}'";
    $result=mysql_query($sql);
    $data=mysql_fetch_array($result);
    echo "data".$data;
    $sel_valsql="select * FROM selected_candidate WHERE eid = '{$_GET['id']}'";
    $sresult=mysql_query($sel_valsql);
    $seldata=mysql_fetch_array($sresult);
    echo "seledata".$seldata;       
?>

You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jan 12 '13 at 08:03

score 1 · Answer 1 · edited May 23 '17 at 12:04

1

try this,

$sql = "SELECT * FROM employee WHERE eid = '" . $_GET['id'] . "'";

As a sidenote, the query is vulnerable with SQL Injection if the value(s) came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.

How to prevent SQL injection in PHP?

edited May 23 '17 at 12:04

Community

1
1

answered Jan 12 '13 at 08:00

John Woo

258,903
69
498
492

score 1 · Accepted Answer · answered Jan 12 '13 at 08:11

1

<?php
include_once("includes/connection.php");
include_once("includes/session.php");
//echo $_SESSION['uid'];
$sql="SELECT * FROM employee WHERE eid = '".$_GET['id']."'";
$result=mysql_query($sql);
$data=mysql_fetch_array($result);
echo "data".$data;
$sel_valsql="select * FROM selected_candidate WHERE eid = '".$_GET['id']."'";
$sresult=mysql_query($sel_valsql);
$seldata=mysql_fetch_array($sresult);
echo "seledata".$seldata;       
?>

Note: mysql_fetch_array() returns an array of results so you need to do print_r($seldata) in order to view the results.

answered Jan 12 '13 at 08:11

Nirmal Ram

48
1
7

I tried `print_r($seldata)`,but it is not showing me any result,but when i use `print_r($data)` i get the result properly fetched – raj Jan 12 '13 at 08:17
1

Try doing mysql_num_rows($sresult) and see if it gives any number greater than 0. If not then probably there is no matching record in the database. – Nirmal Ram Jan 12 '13 at 08:22

score 0 · Answer 3 · answered Jan 12 '13 at 08:04

0

Remove the single quote form the where condition i.e.

$sql="SELECT * FROM employee WHERE eid = {$_GET['id']}";

or do like this:

$sql = "SELECT * FROM employee WHERE eid = '" . $_GET['id'] . "'";

answered Jan 12 '13 at 08:04

J.K.A.

7,272
25
94
163

data not getting fetched

3 Answers3