-1
if (isset($_POST[ "submit" ])) {
    $character = sanitize($_POST[ 'character' ]);
    $character = mysqli_real_escape_string($db, $character);
    $sql = "select user.ip FROM gamedata, user where gamedata.szName = '$character' and user.Name = gamedata.szAccountName";
    $result = mysqli_query($db, $sql) 
        or die('There was an error running the query ['.$db -> error.']');
    $row = mysqli_fetch_array($result, MYSQLI_ASSOC);
    if (mysqli_num_rows($result) == 1) {
        $sql2 = "select gamedata.szName FROM gamedata, user where gamedata.szAccountName = user.Name and user.ip = '".$row[ 'ip' ]."' ORDER BY gamedata.szName DESC LIMIT 100";
        $result2 = $db -> query($sql2);
        while ($row = mysqli_fetch_row($result2)) {
            print_r($row);
        }
    }

I'm having an issue with getting my results to display correctly and so far the only thing I can do to get any type of results is by using print_r($row); and I'm wanting the results to display in table rows.

The script is having a person enter a character's name and then it searches by that characters username in the user database and finds their IP address. It then looks for all accounts with the same IP address and displays characters that match those usernames.

I'm sorry if this has been asked already I've been searching for hours now and I can't figure out what I'm doing wrong. Any help would be greatly appreciated.

Barmar
  • 741,623
  • 53
  • 500
  • 612
Edenost
  • 21
  • 5
  • 1
    Please stop using comma based Implicit joins and use [Explicit `Join` based syntax](https://stackoverflow.com/questions/44917/explicit-vs-implicit-sql-joins) – Madhur Bhaiya Oct 04 '18 at 20:01
  • 2
    Also, your query is open to [SQL injection](https://stackoverflow.com/q/332365/2469308) related attacks. Even `mysqli_real_escape_string` [cannot completely safeguard](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string/12118602#12118602) against Injection. Please learn to use [Prepared Statements](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Madhur Bhaiya Oct 04 '18 at 20:05
  • 1
    Please, share the code you're having problems with. It seems the code yo'r sharing in the question is the one that prints out the results. Share the one you said doesn't show any results. – Dayron Gallardo Oct 04 '18 at 20:28
  • 1
    There are many tutorials on the web that show how to product an HTML table from SQL results. – Barmar Oct 04 '18 at 20:53
  • 1
    You don't need two queries, you can use a join to combine them into a single query. – Barmar Oct 04 '18 at 20:54

2 Answers2

0

You can try the code below. This is what I usually use:

    <table>
        <thead>
            <tr>
                <td>ID</td>
                <td>Username</td>
            </tr>
        </thead>
        <tbody>
            <?php while($row = mysqli_fetch_row($result2)){?>
            <tr>
                <td><?php echo $row["id"]; ?></td>
                <td><?php echo $row["username"]; ?></td>
            </tr>
            <?php } ?>
        </tbody>
        <tfoot>
            <tr>
                <td>ID</td>
                <td>Username</td>
            </tr>
        </tfoot>
    </table>

You can add a table column/cells for all your fields.

Ramon Henry
  • 49
  • 1
  • 8
0

I figured out what my problem was

while ($row = mysqli_fetch_array($result2)){
echo "".$row['szName'] . "<br>";

The code works exactly how I needed it to. I don't have to worry about injection as the site for this is restricted by IP address and double authentication.

Edenost
  • 21
  • 5