-4

I want to select email address from DB to send a email. Following is my query that I have made.

$userID=$_SESSION['userID'];

$select_query = mysql_query("SELECT * FROM employee WHERE emp_id = '$userID'");
$select_sql = mysql_fetch_array($select_query);
$name=$select_sql['manager_name'];

$select_query1 = mysql_query("SELECT email FROM employee WHERE employee.name='$name'");
$select_sql1 = mysql_fetch_array($select_query1);
$email=$select_sql1['email'];

But $select_query1 return "NULL Invalid address:" instead of the correct value. I could not found the problem with this. Please help !

Chathurika
  • 419
  • 2
  • 6
  • 18
  • 1
    Hello! Chathurika, If your name not found in database then how they give you data???? you are already your email in the variable: `$select_sql['email']` – Murad Hasan May 30 '16 at 08:38
  • add `session_start()` function at top of the page. – Shailesh Katarmal May 30 '16 at 08:40
  • @Chathurika watch out for the quotes, `'` is not the right one to use to parse the php values accordingly, i forgot the name of that symbol – Anonymous Duck May 30 '16 at 08:40
  • is your name variable returning value? Do you have the corresponding email address in the row which you are fetching? – Megan Fox May 30 '16 at 08:41
  • 5
    1st of all **stop using mysql_* methods, they are deprecated and unsafe!**. 2nd: did you do a `var_dump` to check the values you are feeding into the query? And what does the query return? – Peon May 30 '16 at 08:41
  • Did you make sure the first query returns the right value, before adding it to the `$select_query1`? And you should probably check out this post: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php . Cause you have some SQL injection vulnerabilities over here. – Erik van de Ven May 30 '16 at 08:41
  • @Chathurika add session_start() at top of page if you didn't use this than $_SESSION['userID'] will be empty. – Passionate Coder May 30 '16 at 08:43
  • All are fine. The problem with the $select_query1, How it return "NULL Invalid address:" when I check the variable by using var_dump – Chathurika May 30 '16 at 08:45
  • 1
    It doesn't make sense but you should write **WHERE manager_name='$name'"** – Ravi Hirani May 30 '16 at 08:47
  • Just print **$select_sql** and you will get all data. – Ravi Hirani May 30 '16 at 08:50

1 Answers1

1

You are using $_SESSION['userID'] to get all data from table employee so instead of doing two queries simply try this 

 $empID = $_SESSION['userID'];
 $query = mysql_query("SELECT * FROM employee WHERE emp_id=$empID");
 $result = mysql_fetch_array($query);
 $email = $result['email'];
dod29
  • 105
  • 7
  • Well as far as I can tell from the queries, she tries to get the manager of the person from the first query, in the second query. So this is not returning the same results exactly. But `SELECT email FROM employee WHERE employee.name IN ( SELECT manager_name FROM employee WHERE emp_id=$empID)` should work. – Erik van de Ven May 30 '16 at 08:50
  • I did also from this way, still remain the problem – Chathurika May 30 '16 at 08:57
  • @Chathurika please check your database connection because query seems perfect. – kiran gadhvi May 30 '16 at 09:17