PHP - Unable to echo $row

Question

I am trying to setup email notifications for a webform:

$query = "UPDATE email_tbl SET notified='".mysqli_real_escape_string($conn,$notified)."', reasoning='".mysqli_real_escape_string($conn,$reasoning)."' WHERE id='$id'";

$result=mysqli_query($conn, $query);

$query2 = "SELECT `or_user` FROM `usf_tbl` WHERE `id` = $id";

$result = mysqli_query($conn,$query2);

while ($row= mysqli_fetch_assoc($result))

$to = "example@email.com, $row[or_user]";
$subject = "Email Notification";
$message = "

<html>
<p>Email Notification for $row[or_user]</p>
</html>";

I am receiving the email as required, but the email doesn't contain the "or_user". However, the email is sent to the "or_user" as desired. Why won't it print the "or_user" in the actually email? Thanks in advance.

`$query2 = "SELECTED `or_user` FROM `usf_tbl` WHERE `id` = $id";` change to `select` — Ramesh S, Apr 27 '17 at 11:28
Your while-loop should use curly braces to keep control that not only the following row gets executed. — Per Enström, Apr 27 '17 at 11:30
@JohnTemple make it correct to = "example@email.com, ".$row["or_user"]; and $message = "
Email Notification for ".$row["or_user"]."
"; — lazyCoder, Apr 27 '17 at 11:31
Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) — RiggsFolly, Apr 27 '17 at 11:32
A while loop without `{}` will execute only the next line of PHP script after the while. So your while loop is running this `while ($row= mysqli_fetch_assoc($result)) $to = "example@email.com, $row[or_user]";` ___And thats all___ — RiggsFolly, Apr 27 '17 at 11:34

Ramesh S · Answer 1 · 2017-04-27T11:45:09.050

4

$query = "UPDATE email_tbl SET notified='".mysqli_real_escape_string($conn,$notified)."', reasoning='".mysqli_real_escape_string($conn,$reasoning)."' WHERE id='$id'";

$result=mysqli_query($conn, $query);

$query2 = "SELECT `or_user` FROM `usf_tbl` WHERE `id` = $id";

$result = mysqli_query($conn,$query2);

while ($row= mysqli_fetch_array($result))
{
     $to = "example@email.com, $row['or_user']";
     $subject = "Email Notification";
     $message = "

       <html>
            <p>Email Notification for". $row['or_user']."</p>
       </html>";
}

edited Apr 27 '17 at 11:45

answered Apr 27 '17 at 11:29

Ramesh S

841
3
15
35

Still doesn't print the or_user – Apr 27 '17 at 11:36
1

put `` – Ramesh S Apr 27 '17 at 11:38
1

Better. But as per another question, the while-loop really isn't necessary in this case since the query should only return one result. – Per Enström Apr 27 '17 at 11:50

score 2 · Answer 2 · answered Apr 27 '17 at 11:42

Use mysqli_num_rows to check weather query return result or not

$query2 = "SELECT `or_user` FROM `usf_tbl` WHERE `id` = $id";
$result = mysqli_query($conn, $query2);
$email = "";
$row_cnt = mysqli_num_rows($result);
if ($row_cnt > 0) {
    $row = mysqli_fetch_assoc($result);

//fetch data without using while loop

    $email = $row['or_user'];
    $to = "example@email.com, $email";// pass $email here
    $subject = "Email Notification";

// use sprintf to pass email into message as

$message = sprintf("<html>
<p>Email Notification for %s</p>
</html>", $email);
}//end if condition here

PHP - Unable to echo $row

2 Answers2