PHP & SQL: Query for a name using join

Question

I've come across an issue where my one query in PHP for my mySQL database is not returning anything. The query works when using the mySQL database, and I'm assuming in my php file, but does not print out anything, and returns as a false value. Any help or tips/tricks you can give me is appreciated, I haven't actively used SQL in about a year, and I'm trying to learn as much PHP as possible in a very limited amount of time, so my syntax is probably not correct. I know my database is connected.

The following code works further up in the program.

  $patIDQuery=("SELECT ID FROM patients WHERE usernam3='$myusername'");
  $patientID=mysqli_query($db, $patIDQuery);
  $row=mysqli_fetch_assoc($patientID);
  $user = $row['ID'];
  $_SESSION['myUserID']=$user;

In mySQL, this code works, and I am trying to get the same result.

SELECT medications.CLINNAME FROM medications RIGHT JOIN patientData ON patientData.medID=medications.medID WHERE patientData.ID='*the actual patient id*';

Code with an issue

<?php
        $clinNameQ=("SELECT * FROM medications RIGHT JOIN patientData ON 'patientData.medID'='medications.medID' WHERE patientData.ID='$user'");
        $clinName=mysqli_query($db,$clinNameQ);
        $rowClin=mysqli_fetch_assoc($clinName);
        $clinicalName=$rowClin['CLINNAME'];
        echo $clinicalName;
 ?>

I've been messing around with '' and "", but nothing seems to have been working. I'm wondering if there is an issue with backslashing, or if it is (what I think it is), an issue with the fetch.

Help is so much appreciated!

You have used single quotes around column names. I view that as a typographical error and vote to close. — Gordon Linoff, Apr 26 '17 at 01:31
@GordonLinoff Believe it or not, the only thing I must not have tried was removing the single quotes from the join-on statement, of which I know that I had tried that yesterday. Thanks for reminding me to check it! It works for the first case, now I have to build the rest of it. — Cassi O., Apr 26 '17 at 01:35
Remember to use back tics to quote column and table names, single or double quotes for values. — Sloan Thrasher, Apr 26 '17 at 01:45
**WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. — tadman, Apr 26 '17 at 02:32

score 0 · Answer 1 · edited May 23 '17 at 11:33

0

Seems a problem with quotes, https://stackoverflow.com/a/11321508/287948

Try

    $clinNameQ=("
         SELECT * 
         FROM medications RIGHT JOIN patientData 
              ON `patientData.medID`=`medications.medID` 
         WHERE patientData.ID='$user'
    ");

edited May 23 '17 at 11:33

Community

1
1

answered Apr 26 '17 at 01:38

Peter Krauss

13,174
24
167
304

score 0 · Answer 2 · answered Apr 26 '17 at 01:43

0

You can remove the ` quote from query string:

$clinNameQ = "SELECT * 
   FROM medications 
   RIGHT JOIN patientData ON patientData.medID=medications.medID
   WHERE patientData.ID='$user'";

answered Apr 26 '17 at 01:43

MaxZoom

7,619
5
28
44

PHP & SQL: Query for a name using join

2 Answers2