How do I get the "SELECT" to display the information from the database

Question

//trying to pull "username" from database to display with additional results. //displaying the username below work but using the "SELECT" nothing appears.

<?php

    require_once 'DBq/DBq.php';

    if(!$username = Input::get('user')) {
    Redirect::to('index.php');
     } else {
    $user = new User($username);
    if(!$user->exists()) {
       Redirect::to(404); 
    } else {
        $data = $user->data();
    }
    $qname = escape($user->data()->username);
?>

<p>First name: <?php echo escape($data->fname); ?></p>
<p>Last name: <?php echo escape($data->lname); ?></p>

<?php

//trying to display the results page user data. the "SELECT" is not working, but //not generating an error. IF i use just text "username = 'username';", then it //works.


    $sname = strval($qname);
    echo $sname. "</br>";
//$query = 'SELECT test_name, score, test_date_time FROM add_results WHERE       username = "` .$sname. `"';

    $result = mysql_query($query);


    if(!$result) die("Database access failed: ".mysql_error());
    $rows = mysql_num_rows($result);

    for ($j=0; $j<$rows; ++$j);{
    $row = mysql_fetch_row($result);

   for ($k=0; $k<$j; ++$k)
   echo "$row[$k]  ";

}

?>

When you get no output in PHP when output is otherwise expected, it's often due to a fatal error in the code. Always when developing and testing code, at the top of your script: `error_reporting(E_ALL); ini_set('display_errors', 1);` If you don't see your `die()` message and it errors at `mysql_query()`, it's quite possible you don't have the mysql extension enabled. It is not enabled on the newest PHP versions. — Michael Berkowski, Jan 29 '17 at 03:12
...because it was deprecated several years ago and no longer considered ok to use. Instead, modern alternatives are MySQLi, and better, PDO. See [How can I prevent SQL injectoin in PHP](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php#60496) for good examples on how to use both and the [PDO tutorial for MySQL developers](http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers) for a guide on using PDO in context of the old `mysql_*()` functions. — Michael Berkowski, Jan 29 '17 at 03:14
If this is your actual query - `$query = 'SELECT test_name, score, test_date_time FROM add_results WHERE username = "\` .$sname. \`"';` then you have a backtick/quote issue. Remove the backticks and put quotes outside the concatenation - `$query = 'SELECT test_name, score, test_date_time FROM add_results WHERE username = "'.$sname. '"';` — Sean, Jan 29 '17 at 03:26

How do I get the "SELECT" to display the information from the database

0 Answers0