-5

Been trying to figure this out for hours, and can't figure out solutions from any other questions or resources I've seen. Tried countless other methods but this is the most recent attempt, what am I missing?

session_start();
$email = $_SESSION["email"];
echo $email;

$sqlget = "SELECT clubID FROM users WHERE email = '$email'";
$sqldata = mysqli_query($link, $sqlget) or die('error');
echo $sqldata;

Very new to SQL and PHP, help much appreciated!

Liam Bell
  • 25
  • 6
  • 1
    Don't concatenate PHP variables into SQL queries, you open your code to critical [SQL injection vulnerabilities](https://stackoverflow.com/questions/601300/what-is-sql-injection). Use [prepared statements](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) instead. – esqew Aug 18 '20 at 15:49
  • 1
    Try this - https://phpdelusions.net/mysqli_examples/prepared_select. – waterloomatt Aug 18 '20 at 15:54
  • Also, turn on error reporting - https://stackoverflow.com/a/21429652/296555. – waterloomatt Aug 18 '20 at 15:55
  • Did you make a connection to the database before trying to use it in the query? I mean where do you set `$link`, not in the code you show us – RiggsFolly Aug 18 '20 at 16:00
  • Basically I think you need to [Read this section of the PHP Manual](https://www.php.net/manual/en/book.mysqli.php) – RiggsFolly Aug 18 '20 at 16:01
  • Does this answer your question? [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) – Dharman Aug 18 '20 at 17:03

1 Answers1

-1
  1. first thing i did escaping the string that's going to be passed to the query to prevent SQL Injection but this might help but not giving you full protection consider using prepared statement's.
  2. you are trying to output the mysqli_query() result as a string you cannot do that you have to fetch the data from the result to some kind of array then fetch it using while loop. to fetch those data you need mysqli_fetch_assoc() function.
  3. feel free to change the column name to whatever you want from clubID to clubName for example if you have column name named clubName you can also put them side by side if you want to output all column data but in your select statement you have to fetch * data to be able to do that any way copy and paste the following code and let us know what happens. {}this is to be able to use single qoute in the double qoute to fetch the data from the array if you don't do that the variable won't expand.

.

<?php
    session_start();
    $email = mysqli_real_escape_string($link,$_SESSION["email"]);
    echo $email;
    $sqlget = "SELECT clubID FROM users WHERE email = '$email'";
    $sqldata = mysqli_query($link, $sqlget) or die('error');
    while($sqloutput=mysqli_fetch_assoc($sqldata)){
        echo "{$sqloutput['clubID']}</br>";
    }
?>
waanofii.tech
  • 311
  • 1
  • 12