0

I have very simply problem, but i do not found solution. I call from server a PHP script /sqlphp/ajodbquery.php?ID="+kuljettajaid and it should return to me List[] with values.

If use this script SELECT all values, everything is fine, but when i will try use WHERE with variable, so it not work.

a part of PHP script is here:

$username = $_POST['ID'];

//creating an array for storing the data 
$heroes = array(); 
 
//this is our sql query 
$sql = "SELECT ID, LAHETTAJAID, VASTAANOTTAJAID, PURKUAIKA FROM AJOJARJESTELY WHERE KULJETTAJAID='$username'";

 
//creating an statment with the query
$stmt = $conn->prepare($sql);
 
//executing that statment
$stmt->execute();
 
//binding results for that statment 
$stmt->bind_result($ID, $LAHETTAJAID, $VASTAANOTTAJAID, $PURKUAIKA);
 
//looping through all the records
while($stmt->fetch()){
 
 //pushing fetched data in an array 
 $temp = [
 

    'id'=>$ID,
     'l'=>$LAHETTAJAID,
     'vastaanottaja'=>$VASTAANOTTAJAID,
     'purkuaika'=>$PURKUAIKA

 ];

If someone can find solution, thank you for support.

M. Eriksson
  • 13,450
  • 4
  • 29
  • 40
Heikki Turunen
  • 11
  • 2
  • 1
    First of all, check what value is in the $username by printing the whole $sql. secondly you should run the same sql through your workbench or phpMyAdmin etc... perhaps there are no values matching the $username in KULJETTAJAID or are you mistyping something or looking for a column that's not there? also I see you are using fetch()? I recommend using mysqli with mysqli_fetch_assc or PDO MySql here is an example for the former : https://www.w3schools.com/php/func_mysqli_fetch_assoc.asp – Shlomtzion Sep 19 '21 at 19:22
  • 1
    **Warning!** You're open to [SQL injection attacks](https://owasp.org/www-community/attacks/SQL_Injection)! Read [how to prevent SQL injection in PHP](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) by using prepared statements with bound parameters instead of injecting variables directly into your queries. It's not just about security. If your data contains, for example, a single quote `'`, your query will break. – M. Eriksson Sep 19 '21 at 20:01

0 Answers0