[HELP : mysql_real_escape_string]

oh! Ok. I'm not entirely sure If i understood. You mean the "mysql_real_escape_string" shouldn't be applied here?

 

$result=sprintf("SELECT * FROM  idb1 WHERE username = '%s' AND password ='%s'", mysql_real_escape_string($userNm), mysql_real_escape_string($passWd));
if(mysql_num_rows ($result) == 0) {

 

$$result=sprintf("SELECT * FROM  idb1 WHERE username = '$userNM' AND password ='$passWd'");
if(mysql_num_rows ($result) == 0) {

[HELP : mysql_real_escape_string]

Thanks Thorpe!

Oops! I forgot to show the error... Here goes.

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/.../test.php on line 12

&err=Retry.

if(mysql_num_rows ($result) == 0) {

 

After I included "mysql_real_escape_string", it doesn't allow me to login (even with legitimate usernames and passwords). Have I done something wrong? or What might be the issue here?

[HELP : mysql_real_escape_string]

This code gives an error. Please help fix.

 

$mydb = mysql_connect("localhost","my_un","my_pw");
mysql_select_db("my_db");

$query =sprintf("SELECT * FROM  idb1 WHERE username = '%s' AND authority = 'Banned'", mysql_real_escape_string($userNm));
if(mysql_num_rows($query)) {
$login = "&err=Not allowed.";
echo($login);
} else {

$result=sprintf("SELECT * FROM  idb1 WHERE username = '%s' AND password ='%s'", mysql_real_escape_string($userNm), mysql_real_escape_string($passWd));
if(mysql_num_rows ($result) == 0) {
$login = "&err=Retry!!";
echo($login);
} else {
$row = mysql_fetch_array($result);
$userNm=$row['username'];
$passWd=$row['password'];
$login = "$userNm=" . $userNm . "$passWd=" . $passWd . "&err=Successful.";
echo($login);
}
}

[Shorthen this...]

Thanks Ken... I'll try to debug. I'll come back when I'm done.

 

Really appreciate your help. 

[Shorthen this...]

Hi Ken. Thanks.

 

When I run my script everything happens and update. But when I use yours it doesn't update. Any idea why? Do I have to do any adjustments to make it work?

[Shorthen this...]

Thanks Ken. I'm getting an error.

 

Parse error: syntax error, unexpected '[' in /home/.../test.php on line 22

count[$i] = count(array_intersect($ArrayU[$i],$ArrayM[$i]));

 

Also the array_intersect should match all 8 results from answers_db against all 8 results in results_db in the same order (answers_db first result should check results_db first result if it match, answers_db second result should check results_db second result if it match, etc...).

 

E.g.

answers_db ($ArrayU)

90, 20, 75, 90, 30,  90, 80, 51

 

results_db ($ArrayM)

95, 93, 95,  90, 90,  90, 90, 91

 

$countF = 2

 

[Shorthen this...]

oh! I see...  :-\

 

This is what happens in my script. It collects data from 2 different databases (8 fields from each database) then count the matching results and update another database with the count value. Below is the exact script. Please help me shorten this.

 

$VariableA = 'myname';
$queryU1 =  "SELECT * FROM answers_db WHERE username = '".$VariableA."'";
$resultU = mysql_query($queryU1);
$scoreU = mysql_fetch_assoc($resultU);
$userRa1 = $scoreU['rndAa'];
$userRa2 = $scoreU['rndAb'];
$userRa3 = $scoreU['rndAc'];
$userRa4 = $scoreU['rndAd'];
$userRa5 = $scoreU['rndAe'];
$userRa6 = $scoreU['rndAf'];
$userRa7 = $scoreU['rndAg'];
$userRa8 = $scoreU['rndAh'];

////
$VariableB = 'rndA';
$query1 =  "SELECT * FROM results_db WHERE rndx = '".$VariableB."'";
$result = mysql_query($query1);
$scoreM = mysql_fetch_assoc($result);
$winRa1 = $scoreM['inxa'];  
$winRa2 = $scoreM['inxb']; 
$winRa3 = $scoreM['inxc']; 
$winRa4 = $scoreM['inxd']; 
$winRa5 = $scoreM['inxe']; 
$winRa6 = $scoreM['inxf']; 
$winRa7 = $scoreM['inxg']; 
$winRa8 = $scoreM['inxh']; 

$ArrayU1 = array($userRa1);
$ArrayM1 = array($winRa1);
$ArrayU2 = array($userRa2);
$ArrayM2 = array($winRa2);
$ArrayU3 = array($userRa3);
$ArrayM3 = array($winRa3);
$ArrayU4 = array($userRa4);
$ArrayM4 = array($winRa4);
$ArrayU5 = array($userRa5);
$ArrayM5 = array($winRa5);
$ArrayU6 = array($userRa6);
$ArrayM6 = array($winRa6);
$ArrayU7 = array($userRa7);
$ArrayM7 = array($winRa7);
$ArrayU8 = array($userRa8);
$ArrayM8 = array($winRa8);

$count1 = count( array_intersect($ArrayU1, $ArrayM1) );
$count2 = count( array_intersect($ArrayU2, $ArrayM2) );
$count3 = count( array_intersect($ArrayU3, $ArrayM3) );
$count4 = count( array_intersect($ArrayU4, $ArrayM4) );
$count5 = count( array_intersect($ArrayU5, $ArrayM5) );
$count6 = count( array_intersect($ArrayU6, $ArrayM6) );
$count7 = count( array_intersect($ArrayU7, $ArrayM7) );
$count8 = count( array_intersect($ArrayU8, $ArrayM8) );
$countF = $count1+$count2+$count3+$count4+$count5+$count6+$count7+$count8;

mysql_query("UPDATE points_db SET mypoints=$countF WHERE username = '".$VariableA."'");
?>

[Coding help with 'Count']

Thank you thorpe!

[Coding help with 'Count']

It returns the TOTAL number of fields, I want only the number of fields which contain the word "APPROVED"

 

E.g.

The database only contain 2 fields with "APPROVED". Instead of 2 it always returns 8.

[Coding help with 'Count']

always returns the number of fields.

 

$Array1 = array($user1, $user2, $user3, $user4, $user5, $user6, $user7, $user8);
if (in_array('APPROVED', $Array1)) {
  echo count($Array1);

}

 

This did not work either.

$Array1 = array($user1, $user2, $user3, $user4, $user5, $user6, $user7, $user8);
echo count(in_array('APPROVED', $Array1));

 

 

[Shorthen this...]

this two lines is just copied from your code

Please ignore this. Sorry!

 

sasa - That code is awesome! Thank you. But it always echo 8 (not the value of the COUNT). Why is that? My previous code echo the COUNT correctly.

 

I appreciate your help.

[Coding help with 'Count']

Thanks thorpe!

[Coding help with 'Count']

yes.

[Coding help with 'Count']

How to get the count if any of this ($ArrayDrRes) contain the word "APPROVED"?

 

 

$Array1 = array($user1, $user2, $user3, $user4, $user5, $user6, $user7, $user8);
$Array2 = array('APPROVED');
$count3 = count( array_intersect($Array1, $Array2) );
echo $count3;

[Shorthen this...]

There is an error with this code.

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/.../test.php on line 10

 

Warning: mysql_fetch_assoc(): supplied argument is not a valid MySQL result resource in /home/.../test.php on line 15

 

 

$nextVar = 'roundx';
$lett = array(1 => 'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h');
$count = 0;
$queryU =  "SELECT * FROM one WHERE username = '".$Var."'";
$result = mysql_query($query);
$score = mysql_fetch_assoc($result);
//$usera1 = $score['round1'];
$nextVar = 'roundx';
$queryx =  "SELECT * FROM acs WHERE round1 = '".$nextVar."'";
$resultx = mysql_query($queryx);
$scorex = mysql_fetch_assoc($resultx);
//$win1 = $score['inxa'];  
for($i = 1; $i <= 8; $i++) $count += $score['round'.$i]==$score['inx'.$lett[$i]] ? 1 : 0;

echo $count;

[Shorthen this...]

Can someone help to write this code in a shorter way?

 

$Var = 'name';
$queryU =  "SELECT * FROM one WHERE username = '".$Var."'";
$result = mysql_query($query);
$score = mysql_fetch_assoc($result);
$usera1 = $score['round1'];
$usera2 = $score['round2'];
$usera3 = $score['round3'];
$usera4 = $score['round4'];
$usera5 = $score['round5'];
$usera6 = $score['round6'];
$usera7 = $score['round7'];
$usera8 = $score['round8'];

////
$nextVar = 'roundx';
$queryx =  "SELECT * FROM acs WHERE round1 = '".$nextVar."'";
$resultx = mysql_query($queryx);
$scorex = mysql_fetch_assoc($resultx);
$win1 = $score['inxa'];  
$win2 = $score['inxb']; 
$win3 = $score['inxc']; 
$win4 = $score['inxd']; 
$win5 = $score['inxe']; 
$win6 = $score['inxf']; 
$win7 = $score['inxg']; 
$win8 = $score['inxh']; 

////
$ArrayU1 = array($usera1);
$Arrayk1 = array($win1);
$ArrayU2 = array($usera2);
$Arrayk2 = array($win2);
$ArrayU3 = array($usera3);
$Arrayk3= array($win3);
$ArrayU4 = array($usera4);
$Arrayk4 = array($win4);
$ArrayU5 = array($usera5);
$Arrayk5 = array($win5);
$ArrayU6 = array($usera6);
$Arrayk6 = array($win6);
$ArrayU7 = array($usera7);
$Arrayk7 = array($win7);
$ArrayU8 = array($usera8);
$Arrayk8 = array($win8);

$count1 = count( array_intersect($ArrayU1, $Arrayk1) );
$count2 = count( array_intersect($ArrayU2, $Arrayk2) );
$count3 = count( array_intersect($ArrayU3, $Arrayk3) );
$count4 = count( array_intersect($ArrayU4, $Arrayk4) );
$count5 = count( array_intersect($ArrayU5, $Arrayk5) );
$count6 = count( array_intersect($ArrayU6, $Arrayk6) );
$count7 = count( array_intersect($ArrayU7, $Arrayk7) );
$count8 = count( array_intersect($ArrayU8, $Arrayk8) );
echo($count1+$count2+$count3+$count4+$count5+$count6+$count7+$count8);

[close]

Is this necessary?

mysql_close($link);

 

$query =  "SELECT * FROM db_one WHERE field1 = '".$MyVar."'";
$results = mysql_query($query);
while($line = mysql_fetch_array($results))
{
echo $line["a"].",,";
echo $line["b"].",,";
echo $line["c"].",,";
echo $line["d"].",,";
echo $line["e"].",,";
echo $line["f"].",,";
echo $line["g"].",,";
echo $line["h"].",,";
echo $line["i"].",,";
echo $line["j"].",,";
echo $line["k"].",,";
echo $line["l"].",,";
}

mysql_close($link);

[mysql_real_escape_string]

Thanks MXH

[mysql_real_escape_string]

<?php

$conn = mysql_connect("localhost","myusername","thepassword1");

mysql_select_db("mydataB", $conn);

 

$username = mysql_real_escape_string($_POST['username'], $conn);

$result = mysql_query("SELECT * FROM applicant WHERE username = '$username'");

 

if (mysql_num_rows($result) > 0){

$register = "&err=Not Available.";

echo($register);

} else {

$username = mysql_real_escape_string($_POST['username'], $conn);

$password = mysql_real_escape_string($_POST['password'], $conn);

$name = mysql_real_escape_string($_POST['name'], $conn);

$email = mysql_real_escape_string($_POST['email'], $conn);

$id = mysql_real_escape_string($_POST['id'], $conn);

 

mysql_query("INSERT INTO applicant (username, password, name, email, id) VALUES ('$username', '$password', '$name', '$email', '$id')");

$register = "Successful.";

echo($register);

}

?>

[mysql_real_escape_string]

It actually doesn't update my db.

 

intellix

print "$username ";
$username = mysql_real_escape_string($_POST['username'], $conn);
$result = mysql_query("SELECT * FROM applicant WHERE username = '$username'");
print "$username ";

 

before : shows the username

after: nothing

[mysql_real_escape_string]

The code updates the db when mysql_real_escape_string is not present.

 

When mysql_real_escape_string is included it always echo &err=Not Available.

 

Any idea what may the reason be?

 

 

[mysql_real_escape_string]

I'm getting some errors.

 

Warning: mysql_select_db(): supplied argument is not a valid MySQL-Link resource in /home/.../test.php on line 3

 

Warning: mysql_real_escape_string() expects parameter 2 to be resource, null given in /home/.../test.php on line 5

 

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/.../test.php on line 8

 

[mysql_real_escape_string]

Thanks MXH. 

[mysql_real_escape_string]

I just red few tutorials about  mysql_real_escape_string. Could someone check if this is correct?

 

<?php
$conn = mysql_connect("localhost","myusername","thepassword1");
mysql_select_db("mydataB", $db);

$result = mysql_query("SELECT * FROM applicant WHERE username = '$username'");

if (mysql_num_rows ($result) > 0){
$register = "&err=Not Available.";
echo($register);
} else {
$username = mysql_real_escape_string($_POST['username'], $db);
$password = mysql_real_escape_string($_POST['password'], $db);
$name = mysql_real_escape_string($_POST['name'], $db);
$email = mysql_real_escape_string($_POST['email'], $db);
$id = mysql_real_escape_string($_POST['id'], $db);

mysql_query("INSERT INTO applicant (username, password, name, email, id) VALUES ('$username', '$password', '$name', '$email', '$id')");
$register = "Successful.";
echo($register);
}
?>

[Server time]

Pikachu2000: Thank you sir!

 

BlueSkyIS: Ok - so your idea is different to mine on this.