0

I am currently trying to get an mysqli_query to execute, however when I run it I am told that the query has failed. I am not sure what the problem is, because my php file is connecting to the database server. Below is my code:

<html>
<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">

<link rel="icon" href="../img/favicon.ico">
<link href="css/custom.css" rel="stylesheet" type="text/css" />

<title>Assignment 8: Building a "LAMP" Website for your MySQL Data</title>
</head>
<body>
<div id="container">
    <header>
        <h1><mark>"LAMP" Website for MYSQL Movie Databse<mark></h1>
    </header>

    <section>
    <p>Please include the following notes on your page along with an introduction to the data for your user: 1. The source for your data. Is this meant to be a user-based system? or will the data come from downloads? Are the current data test data only? 2. Write at least one paragraph to describe your project. 3. Write at least one paragraph to describe your project. You might wish to refer to our class discussion on specifications for ideas.</p>

        <?php
            /* Connecting and selecting database */
            include ('/home/as7695/db_files/db_config.php');

            $db_link = new mysqli($db_server, $db_user, $db_password, $db_name);
            if ($db_link->connect_errno) {
            print( "Failed to connect to MySQL: (" .$db_link->connect_errno . ") ".$db_link->connect_error);
            }
            print("<p>Connection: ".$db_link->host_info . "<br />\n");
            print( nl2br("Connected successfully\n"));

            /* Setting variables */
            $nationality = $_POST['nationality'];
            $genre = $_POST['genre'];
            $limit = $_POST['limit'];
            $sortkey = $_POST ['sortkey'];

            /* Performing SQL query using criteria supplied by the user on the HTML form */
            $query = "SELECT CONCAT (movies.title, ' (', movies.release_year, ')') AS Title, CONCAT (movies.rating) AS Rating, CONCAT (directors.first_name, ' ', directors.last_name) AS Director, GROUP CONCAT (actors.first_name, ' ', actors.last_name separator ', ') AS Actors, CONCAT (movies.description) AS Description
            FROM movies
            INNER JOIN directors ON movies.directorID = directors.directorID
            INNER JOIN movie_actors ON movies.movieID = movie_actors.movieID
            INNER JOIN actors ON movie_actors.actorID = actors.actorID
            INNER JOIN movie_genres ON movies.movieID = movie_genres.movieID
            INNER JOIN genres ON movie_genres.genreID = genres.genreID
            WHERE directors.nationality = '$nationality' AND genres.genre_name = '$genre'
            GROUP BY movies.movieID
            ORDER BY movies.release_year '$sortkey'
            LIMIT '$limit'";

            /* Store result as a variable and see how many records are returned */
            $result = mysqli_query($db_link,$query) or die("Query failed : " . mysqli_error());

            /* Closing connection */
            mysqli_close($db_link);
        ?>
    </section>
</div>
</body>
</html>
Manfred Radlwimmer
  • 13,257
  • 13
  • 53
  • 62
Attiyya Settle
  • 1
  • 2
  • Please post code, errors or textual output here as plain-text, not as images that can be hard to read, can’t be copy-pasted to help test code or use in answers, and are hostile to those who use screen readers. You can edit your question to add the code in the body of your question. Use the `{}` button to format any blocks of code, or indent with four spaces for the same effect. – tadman Apr 27 '17 at 23:18
  • 1
    Okay, thank you. I have made the changes! – Attiyya Settle Apr 27 '17 at 23:25
  • 1
    Please read this question (and associated answers) to learn how to prevent SQL injection: http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php . The code you have shared is incredibly insecure. – Scopey Apr 27 '17 at 23:29
  • 1
    **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Apr 27 '17 at 23:57
  • One thing to consider is using the object-oriented calling approach to avoid mistakes like you've made here with calling `mysql_error()` by accident. That should be `mysqli_error()`, a difference of one character. In the object-oriented style that's `$db_link->error` which is obviously a lot different and far harder to overlook. – tadman Apr 27 '17 at 23:58
  • MySQL's errors, if you can get them using the right method, are usually extremely precise as to the nature of your mistake. Look carefully at the error and check the syntax you're using versus the documentation to be sure you're doing it correctly. – tadman Apr 27 '17 at 23:59
  • After changing mysql_error() to mysqli_error, i recieved the following error message --> Warning: mysqli_error() expects exactly 1 parameter, 0 given in /web/as7695/assignments/database/settle_attiyya_assignment8/assignment8.php on line 52 Query failed : – Attiyya Settle Apr 28 '17 at 00:05
  • `mysqli_error($db_link)` because it expects the connection – Jay Blanchard Apr 28 '17 at 01:58

0 Answers0