-1
<?php 

require_once "includes/db_connection.php";

$sqlCommand = "SELECT * FROM table1 WHERE questionId = $id";

$query = mysqli_query($db_connection, $sqlCommand) or die (mysqli_error());

$num_rows = mysqli_num_rows($query);

echo "Tabela sadrzi " . $num_rows . " redova.";

mysqli_free_result($query);

mysqli_close($db_connection); 
?>

With this type of code where I have WHERE questionId = $id statement it give me an error Undefinded index Id, and mysqli_error() expects exactly 1 parameter. I see that a lot of time, and somehow i fix a problem, but now i really don't now. I am new, still learning, but i really dont have idea. If i delete this WHERE questionId = $id it is working, its show me how many rows is it in there, but i need this with Where statement where it can show me, how many records is it for the specific ID.

bobouch
  • 57
  • 5

2 Answers2

0

There are two problems and two answers.

The first is you need to define $id. It's not defined anywhere on your page. If you are posting or getting the variable, then you would use:

$id = $_POST['id'];

or

$id = $_GET['id'];

depending on whether its get or post.

You should also sanitize any input coming from a user, never just accept it will be fine. One of the best ways to do that would be to filter it.

$id = filter_input(INPUT_POST, "id", FILTER_VALIDATE_INT);

That will return either an integer or FALSE if anything other than an int is in ID.

The second problem is your mysqli_error(). You need to pass the resource link in, so it should be:

$query = mysqli_query($db_connection, $sqlCommand) or die (mysqli_error($db_connection));
Styphon
  • 10,304
  • 9
  • 52
  • 86
0

As Fred said, You might have had a different PHP configuration, where request data is automatically predefined. Normally, you need to define the $id yourself:

<?php 

require_once "includes/db_connection.php";

# It might be ID or QUESTIONID or something similar
$id = $_POST['id'];
if ( !$id ) $id = $_GET['id'];

/* You can also add ' around your request,
to prevent error when the id is actually not present at all */
$sqlCommand = "SELECT * FROM table1 WHERE questionId = '$id'";

$query = mysqli_query($db_connection, $sqlCommand) or die (mysqli_error());

$num_rows = mysqli_num_rows($query);

echo "Tabela sadrzi " . $num_rows . " redova.";

mysqli_free_result($query);

mysqli_close($db_connection); 

?>

And don't forget to sanitize them before usage to prevent sql injections.

Community
  • 1
  • 1
Peon
  • 7,902
  • 7
  • 59
  • 100
  • Thanks for the mention. However, your `[id]`'s need to be `['id']` ;-) – Funk Forty Niner Jan 27 '14 at 13:57
  • And based on OP's [other question](http://stackoverflow.com/q/21239423/) it seems like the `$id` could be called `listaOdgovora`. But will sit and wait this one out. – Funk Forty Niner Jan 27 '14 at 13:59
  • Thanks for noticing that, but it is not a requirement, more like a suggestion for good practice. – Peon Jan 27 '14 at 13:59
  • It's usually best to wrap with quotes, unless it's an array. And in not doing so, it could be treated as an array. – Funk Forty Niner Jan 27 '14 at 14:01
  • @DainisAbols If you don't it throws a notice `use of undefined constant, assumed id`, so actually yes it is required. – Styphon Jan 27 '14 at 14:02
  • Using placeholders would solve the sanitization problem. – tadman Jan 27 '14 at 14:51
  • Fred-ii - look, there is two mysql tables - answers and question. I just want to show how many answers there is for every question and to show that in html table row called 'Number of answers'. – bobouch Jan 27 '14 at 15:07