Echo results from mysqli_Query

Question

I'm making a personal script for my own use, and I need to know how to echo the results from a mysqli_query. My code is as follows:

$conn = mysqli_connect($servername, $username, $password, $dbname);

if(isset($_POST['commercial'])){
if (isset($_POST['0'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
    $resultsd1 = mysqli_query($conn, $sql);
    echo $resultsd1;
}   
if (isset ($_POST['1'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 2 AND sent='a'";
    $resultsd2 = mysqli_query($conn, $sql);
    echo $resultsd2;
}   
if (isset($_POST['2'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 3 AND sent='a'";
    $resultsd3 = mysqli_query($conn, $sql);
    echo $resultsd3;
}
if (isset ($_POST['3'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 4 AND sent='a'";
    $resultsd4 = mysqli_query($conn, $sql);
    echo $resultsd4;
}
if (isset ($_POST['4'])){
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 5 AND sent='a'";
    $resultsd5 = mysqli_query($conn, $sql);
    echo $resultsd5;
}

}
?>

Sidenote: Your present code is open to [**SQL injection**](http://stackoverflow.com/q/60174/). Use [**`mysqli` with prepared statements**](http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php), or [**PDO with prepared statements**](http://php.net/pdo.prepared-statements), *they're much safer*. — Funk Forty Niner, Apr 21 '15 at 19:34
I understand, this isn't going onto a web server, it's just for my own personal use, so I'm not worried about security much. — tmello01, Apr 21 '15 at 19:34
Read any tutorial on using MySQL from PHP: you have to call a "fetch" function to get the row contents. — Barmar, Apr 21 '15 at 19:35
echo results or the records?? bcoz the result you are echoing is just a boolean which returns true when a query is fired successfully. — habib ul haq, Apr 21 '15 at 19:36
http://php.net/manual/en/mysqli.query.php --- http://stackoverflow.com/q/20875113/ — Funk Forty Niner, Apr 21 '15 at 19:36
@habibulhaq It's not a boolean, it's a `mysqli_result` object that you can call `mysqli_fetch_array()` on. — Barmar, Apr 21 '15 at 19:37
@Barmar I thought it always worked like that. thanks for the guidence. — habib ul haq, Apr 21 '15 at 19:39
@habibulhaq For update queries it returns a boolean, for select it returns a result. — Barmar, Apr 21 '15 at 19:39
@Barmar we have to call mysqli_fetch_array() to get the records from result object.. can you tell me what only this result object holds?? — habib ul haq, Apr 21 '15 at 19:42

score 10 · Accepted Answer · edited Jul 09 '21 at 10:07

10

If you want to output multiple rows

if (isset($_POST['0'])) {
 $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a'";
 $resultsd1 = mysqli_query($conn, $sql);

 while ($row = mysqli_fetch_assoc($resultsd1))
 {
    echo $row['email'];
 }
}

If only 1 row

if (isset($_POST['0'])){
 $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$_POST[article]' AND dripid = 1 AND sent='a' LIMIT 1";
 $resultsd1 = mysqli_query($conn, $sql);

 $row = mysqli_fetch_assoc($resultsd1);

 echo $row['email'];
}

edited Jul 09 '21 at 10:07

Dharman

30,962
25
85
135

answered Apr 21 '15 at 19:42

Kristapsv

558
5
15

You have used `mysql_fetch_row` and referred it as `$row['email']` Check out my edit! – RamC Jan 02 '18 at 13:27

score 0 · Answer 2 · answered Apr 21 '15 at 19:47

First of all as @fred-ii said, escape your post, there is also an error in your $_POST access, you are missing quotes around article key, and lastly use mysqli_fetch_assoc to acces your results:

...
if (isset($_POST['0'])) {
    $article = mysqli_real_escape_string($conn, $_POST['article']);
    $sql = "SELECT email FROM CommercialEmails WHERE articleid = '$article' AND dripid = 1 AND sent='a'";
    if ($resultsd1 = mysqli_query($conn, $sql)) {
        if ($row = mysqli_fetch_assoc($resultsd1)) {
            echo $row['email'];
        }
    }
}
...

score 0 · Answer 3 · answered Feb 16 '20 at 15:46

You can simply loop on the result object with foreach loop. If you want to fetch all the rows into a PHP variable you can use fetch_all().

$result = mysqli_query($conn, 'SELECT ...');
foreach($result as $row) {
    print_r($row);
    // do something with each row
}
// or
$result = $conn->('SELECT ...')->fetch_all(MYSQLI_ASSOC);
foreach($result as $row) {
    print_r($row);
    // do something with each row
}

However, in your case you should not be using mysqli_query() at all! This leaves you vulnerable to SQL injection. You must use parameter binding, which is available with prepared statements.

For example your fixed query would look like this:

$stmt = $con->prepare("SELECT email FROM CommercialEmails WHERE articleid = ? AND dripid = 1 AND sent = 'a' ");
$stmt->bind_param('s', $_POST['article']);
$stmt->execute();
$result = $stmt->get_result();
foreach ($result as $row) {
    print_r($row);
}

The difference is that my variable is not separate from the SQL, so there is no risk of injection. You should never allow any variable input directly in SQL query. Doing this properly is really not that difficult.

Also, you don't really need to repeat the code so much. You can parameterize dripid too and reduce the number of lines in your code.

Echo results from mysqli_Query

3 Answers3

Linked