-1

I have a bit of code that no longer works, it worked fine before was pushed to the new php I believe 7. This is the part of the code:

if($_POST[submit3]=="Spend WP" && ($_POST[name]<>NULL) && $_POST[action]    <>NULL){
      $query3 = "SELECT * FROM game_data  WHERE (log_name='$_POST[name]')";
      $result3 = mysqli_query($query3) or die ("Couldn't get character data.<br>".mysqli_error()."<br>");
      $data = mysqli_fetch_array($connection, $result3);

I can verify that that all three if conditions are met, and can get verification that it has valid answer for $_POST[name] from the form, but it always errors out that it couldn't get the character data.

Saral
  • 1,087
  • 1
  • 8
  • 18
Grand Poobah
  • 9
  • 3
  • you send the form data on same page itself? – Mohit Kumar Jun 02 '18 at 17:55
  • 2
    You're inviting SQL injection. Where do people learn to program this way ??? – Gerard H. Pille Jun 02 '18 at 17:57
  • Check this link for sql injection: https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – Mathias Jun 02 '18 at 18:02
  • Mohit - yes the data in this case "name" is sent from the form which is on the same page. If I add into the error to echo the name, it shows as expected. So it has the name but when it checks against the table it seems to not be able to find it. – Grand Poobah Jun 03 '18 at 20:59

1 Answers1

-1

You have to use the object oriented style in your database connection.

For instance

$mysqli = new mysqli("localhost", "user", "password", "database");
if($result = $mysqli->query($query)) {
  /* associative array */
  $data = $result->fetch_array(MYSQLI_ASSOC);
  echo $data['field'];
};

$mysqli->close();

Also, as mentioned, please check for SQL Injection.

More information on query, mysqli class, and how to fetch data

Valentin Sánchez
  • 131
  • 11
  • The database connection is there I just didn't include it, there is a different line where it calls for the connection information – Grand Poobah Jun 03 '18 at 21:01
  • I didn't say that you forgot to connect. What I suggested was to use the mysqli class and its methods instead of the functions `mysqli_query`, `mysqli_fetch_array`, etc. – Valentin Sánchez Jun 03 '18 at 21:09