0
<?php
$host='localhost';
$username='root';
$pwd='';
$db="singlover";


$con=mysqli_connect($host,$username,$pwd,$db) or die('Unable to connect');

if(mysqli_connect_error($con))
{
  echo "Failed to Connect to Database ".mysqli_connect_error();
}
$sql="SELECT * FROM users u, address a WHERE a.email=u.email AND a.country LIKE (SELECT country FROM address WHERE email = 'ta.....@gmail.com' );";
$result=mysqli_query($con,$sql);
if($result)
{
  while($row=mysqli_fetch_array($result))
  {
    $data[]=$row;
  }

  print(json_encode($data));
}
mysqli_close($con);
?>

I do need to pass the email in a POST method, I passed the email in the nested query as hard coded value it returns the true data but how I would be able to perform it?

<?php
$host='localhost';
$username='root';
$pwd='';
$db="singlover";

$email = $_POST["email"];

$con=mysqli_connect($host,$username,$pwd,$db) or die('Unable to connect');

if(mysqli_connect_error($con))
{
  echo "Failed to Connect to Database ".mysqli_connect_error();
}
$sql="SELECT * FROM users u, address a WHERE a.email=u.email AND a.country LIKE (SELECT country FROM address WHERE email = $email );";
$result=mysqli_query($con,$sql);
if($result)
{
  while($row=mysqli_fetch_array($result))
  {
    $data[]=$row;
  }

  print(json_encode($data));
}
mysqli_close($con);
?>

I have tried this script but it dosent return nothing. your help is much appreciated.

sheeno
  • 45
  • 5
  • 1
    Show us your form. – Jay Blanchard Aug 24 '17 at 17:39
  • Your code is open to SQL injection. What's the actual runtime value of the SQL query you're executing? Perhaps you need to enclose your string value in quotes? You never check for errors from the database, it's probably telling you what the problem is. And this problem can be avoided entirely by using prepared statements with query parameters instead of your SQL-injectable code. – David Aug 24 '17 at 17:41
  • After more closely examining the code... In your "working" example you surround the email address with single-quotes. In your "non working" example you don't. A string is still a string, you still need quotes. – David Aug 24 '17 at 17:42
  • OMG, school kids error. Thank you – sheeno Aug 24 '17 at 17:45
  • I would ask you for one more help, can I exclude the details of the user in the out put whose email I am passing to the query? – sheeno Aug 24 '17 at 17:47
  • @sheeno: You can output or not output whatever information you like. – David Aug 24 '17 at 20:17

0 Answers0