0

My query is not working when I use the variable in the WHERE clause. I have tried everything. I echo the variable $res, it shows me the perfect value, when I use the variable in the query the query is not fetching anything thus mysqli_num_rows is giving me the zero value, but when I give the value that the variable contains statically the query executes perfectly. I have used the same kind of code many times and it worked perfectly, but now in this part of module it is not working.

Code:

$res = $_GET['res']; // I have tried both post and get
echo $res; //here it echos the value = mahanta
$query = "SELECT * FROM `seller` WHERE `restaurant` = '$res'"; // Here it contains the problem I have tried everything. Note: restaurant name is same as it is in the database $res contains a value and also when I give the value of $res i.e. mahanta in the query it is then working.
$z = mysqli_query($conn, $query);
$row2 = mysqli_fetch_array($z);
echo var_dump($row2); // It is giving me null
$num = mysqli_num_rows($z); // Gives zero

if ($num > 0) {
    while ($row2 = mysqli_fetch_array($z)) {
        $no = $row2['orders'];
        $id = $res . $no;
    }
}
else {
    echo "none selected";
}
karel
  • 5,489
  • 46
  • 45
  • 50
Uzair Rashid Tak
  • 23
  • 4
  • instead of '$res' use '".$res."' – ravishankar chavare Feb 25 '19 at 08:46
  • 7
    You should take the habit not to inject directly variables into SQL strings and use [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. Also, `echo var_dump()` is not really correct, you should either use `echo` or `var_dump` but not together like this. `var_dump` returns nothing so no need to echo it – Kaddath Feb 25 '19 at 08:49
  • 2
    Is `$conn` defined? Nothing in your logs? Nothing in `mysqli_error()`? – brombeer Feb 25 '19 at 08:51
  • $query ="SELECT * FROM `seller` WHERE `restaurant` = " . $res; only you are getting $res as string in your query as it's quotes are not organized to the query structure. – NomanJaved Feb 25 '19 at 08:52
  • 2
    You say you've used both `$_POST` and `$_GET`.. But which one do you send the data over? These are things you need to know before you can build your application - how do you receive the data. – Qirel Feb 25 '19 at 08:52
  • 1) @Ravishankar ... i have already used both used both of them , it didn't worked out . – Uzair Rashid Tak Feb 25 '19 at 10:03
  • @kadath issue is something different ! the error is not because of these things !! – Uzair Rashid Tak Feb 25 '19 at 10:08
  • @kerbolz yes man it is defined ! how is it working statically i think u have not read my question fully ! – Uzair Rashid Tak Feb 25 '19 at 10:10
  • @joel it doesn't work ! – Uzair Rashid Tak Feb 25 '19 at 10:13
  • @noman it is a string therefore i have to use it in ' ' – Uzair Rashid Tak Feb 25 '19 at 10:15
  • @qirel when i used get i have send data by get method n vise versa – Uzair Rashid Tak Feb 25 '19 at 10:16
  • $sql = "SELECT * FROM seller WHERE restaurant ='".$res."'"; – ravishankar chavare Feb 25 '19 at 10:30
  • @uzairrashid `$res` is a variable that contains string value. So you are using the variable name in your query not the string that is `mahanta`. So please correct your syntax. You may view your query by using `var_dump($query)` not by `var_dump($row2)` . Hope it will help you a lot. – NomanJaved Feb 25 '19 at 10:31
  • @NomanJavid yes noman ! tell me how will i use the value of $res in the query ? where am i wrong in my syntax ! as i have told u i have used the same way many times it is working there but not here in this part of code please help – Uzair Rashid Tak Feb 25 '19 at 10:39
  • 1
    @nomanJavid i used the var_dump($query) and it showed a lil space in $res value it as like ... restaurant = ' mahanta' that lil space before mahanta was creating all the problem !! now i got it where was the actual problem . thanku – Uzair Rashid Tak Feb 25 '19 at 10:49
  • @uzairrashid great.! if you need an answer I can format that for your question. So the other users may get help in future. – NomanJaved Feb 25 '19 at 11:39
  • yes please @nomanjaved. var_dump($query) was the key solution to my problem ! – Uzair Rashid Tak Feb 26 '19 at 06:50

2 Answers2

1

As discussed in the comment. By printing the query var_dump($query), you will get the exact syntax that you are sending to your database to query.

Debugging Tip: You can also test by pasting the var_dump($query) value in your database and you will see the results if your query is okay.

So update your query syntax and print the query will help you.

$query = "SELECT * FROM `seller` WHERE `restaurant` = '$res'";
var_dump($query);

Hope this will help you and for newbies in future, how to test your queries.

Suggestion: Also see how to write a mysql query syntax for better understanding php variables inside mysql query

NomanJaved
  • 1,324
  • 17
  • 32
-1

The problem is the way you're using $res in your query. Use .$res instead. In PHP (native or framework), injecting variables into queries need a proper syntax.

karel
  • 5,489
  • 46
  • 45
  • 50
Mwak
  • 106
  • 6