PhP MySQL "WHERE" query returns null / is empty

Question

Ok, hi. So i was trying to create an Android App wich uses a MySQL database to generate a RecylerView. To get the Data i use a PhP file store on the same Server. But i wanted to extend the App a bit. And now if i call this Line: $query = 'SELECT * FROM items WHERE catid = "$catid"'; the result is empty.

The weird Thing is: If i enter the Query in PhPMyAdmin it shows me the correct Results.

Here is the Complete PHP-File (Database Login removed) (Annnd the mandatory disclaimer: I'm not fluent in English, so please excuse some typos c:)

EDIT: I think some People missunderstood: The Problem is not in Android.. I'm sure. And the "generate".. just ignore that i didnt know what other Word i could use.. So the Problem is only in the PHP File

<?php
$connection = mysqli_connect("","","","");

$type = $_GET["t"];

if($type == "categorys"){
    $query = "SELECT * FROM categorys";
}else{
    $catid = $_GET["id"];
    $query = 'SELECT * FROM items WHERE catid = "$catid"';
}

$result = mysqli_query($connection,$query);


while ($row = mysqli_fetch_assoc($result)) {
    $array[] = $row;
}

header('Content-Type:Application/json');
echo json_encode($array);
?>

*... uses a MySQL database to generate a RecylerView...* MySQL is not able "to generate" `RecylerView` as it knows nothing about Andorid platform — Selvin, Oct 09 '17 at 11:18
@Selvin I'm guessing this is the server side of a REST API, not dynamic generation of a `RecyclerView.Adapter` from a PHP script (which yes, would be impossible) — Michael Dodd, Oct 09 '17 at 11:20
So he should write "obtain data from MySQL using PHP as backend on Android platform and use RecylerView to show them" — Selvin, Oct 09 '17 at 11:22
I'm not the PHP king but if I recall correctly, using single quotes for a string will literally use the text you put into it instead of interpreting the variables. In that case, you're using the wrong quotes in your else part of the if-statement. And, as far as this code is concerned, `$catid` cannot have a value — 0xDEADC0DE, Oct 09 '17 at 11:22
First of all, look at http://bobby-tables.com and learn about SQL injection and how to prevent them. Right now your code is weidly open and at a high risk for SQL injection. Use prepared statements for queries with user inputs. — Twinfriends, Oct 09 '17 at 11:23
change this `'SELECT * FROM items WHERE catid = "$catid"'` to this `'SELECT * FROM items WHERE catid = $catid'` or `'SELECT * FROM items WHERE catid = '".$catid."'` and see. — S4NDM4N, Oct 09 '17 at 11:23
Try with remove the double quotes around the variable `$catid` and put double quotes arond the whole string — Sagar Jajoriya, Oct 09 '17 at 11:23
`$query = 'SELECT * FROM items WHERE catid = "$catid"';` need to be:- `$query = "SELECT * FROM items WHERE catid = '$catid'";` — Alive to die - Anant, Oct 09 '17 at 11:23

wast · Accepted Answer · 2017-10-09T11:37:33.290

1

Write it like this, with double-quotes:

$query = "SELECT * FROM items WHERE catid = $catid";

If catid is a string, then:

$query = "SELECT * FROM items WHERE catid = '$catid'";

Anyway, you should use prepared statement.

edited Oct 09 '17 at 11:37

answered Oct 09 '17 at 11:23

wast

878
9
27

score 0 · Answer 2 · answered Oct 09 '17 at 11:26

0

Try this:

$query = "SELECT * FROM items WHERE catid = '$catid'";

or:

$query = "SELECT * FROM items WHERE catid = '".$catid."'";

answered Oct 09 '17 at 11:26

Lamar

1,761
4
24
50

PhP MySQL "WHERE" query returns null / is empty

2 Answers2