problem with fetching my mysqli query

[dazzclub]

Hello everyone,

 

I have this waring on my page

 

----------------------------

Warning: mysqli_query() [function.mysqli-query]: Couldn't fetch mysqli in .....line 115

----------------------------

 

here is line 115 along with the some lines above and below

 

----------------------------------------------

<?php

if ((isset($_POST['mc_name'])) AND (isset($_POST['batch_code'])) AND (isset($_POST['time'])))

{

$mc_name=$_POST['mc_name'];

$batch_code=$_POST['batch_code'];

$time=$_POST['time'];

}

if ((isset($_POST['mc_name'])) AND (isset($_POST['batch_code'])) AND (isset($_POST['time'])))

{

line 115 -----> $address = mysqli_query($connection, "SELECT address FROM address_photos WHERE mc_name='$mc_name' AND batch_code='$batch_code' AND time='$time'")or die(mysqli_error($connection));

$address = mysqli_fetch_array($address);

$address = $address['address'];

echo '<img src ="';

echo $address;

echo '" alt="calibrated coupons photographs" width="100%"/>';

}

 

?>

----------------------------------------------

 

 

Any help would be great....in the meantime i will try to echo out the query to see whats happening aswell.

 

cheers

Darren

 

[Wolphie]

It should be:

 

$query = sprintf("SELECT `address` FROM `address_photos` WHERE `mc_name` = '%s' AND `batch_code` = '%s' AND `time` = '%s'",
  mysql_real_escape_string($mc_name),
  mysql_real_escape_string($batch_code),
  mysql_real_escape_string($time)
);

$result = mysql_query($query) or trigger_error(mysql_error());

 

 

 

[dazzclub]

Hi there,

 

Thanks for getting back to me. I will read upon sprintf.

 

 

cheers

Dazzclub

[Wolphie]

Oh, you don't have to use sprintf(), I just use it because I think it cleans up long queries.

[dazzclub]

Hi there,

 

I have read upon sprintf and it seems to make sense use this when dealing with the variables i have.

 

i dont need to use mysqli_real_escape string and what is posted are only categories available from the drop down menu.

 

ive looked at your example an tried to inlcude it in my script.

 

when i refreshed the page now errors came up so i thought you may have solved it but sadly it does work how i intended  it to be.

 

here is the whole script, hopefully this will give you a clear idea of what im working with and where i am going wrong.

 

----------------------------
<?php
if (isset($_GET['mc_name']))	
{$mc_name=$_GET['mc_name'];}

$querypaint=mysqli_query($connection, "SELECT DISTINCT mc_name FROM paint INNER JOIN paintuser_relation ON paint.paint_id=paintuser_relation.paint_id WHERE user_id='$user_id'")or die(mysqli_error($connection)); 

// We display the second list only if the first one has already been selected
if(isset($mc_name) and strlen($mc_name) > 0)
{
$querybatch=mysqli_query("SELECT DISTINCT batch_code FROM address_photos WHERE mc_name = '$mc_name'")or die(mysqli_error()); 
$querytime=mysqli_query("SELECT DISTINCT time FROM address_photos WHERE mc_name ='$mc_name'");
}
else
{
$querybatch=mysqli_query($connection, "SELECT DISTINCT mc_name FROM address_photos")or die(mysqli_error()); 
} 

echo "<form method=post action='coupons-photographs.php'>";

//first dropdown list 
echo "<select name='mc_name' onchange=\"reload(this.form)\"><option value=''>Select paint</option>";
while($selectionpaint = mysqli_fetch_array($querypaint)) 
{ 
if($selectionpaint['mc_name'] == $mc_name)
	{
	echo "<option selected value='$selectionpaint[mc_name]'>$selectionpaint[mc_name]</option>"."<BR>";
	}
else
	{
	echo  "<option value='$selectionpaint[mc_name]'>$selectionpaint[mc_name]</option>";
	}
}
echo "</select>";


//second dropdown list 
echo "<select name='batch_code'><option value=''>Select batch</option>";
while($selectionbatch = mysqli_fetch_array($querybatch)) 
{ 
echo  "<option value='$selectionbatch[batch_code]'>$selectionbatch[batch_code]</option>";
}
echo "</select>";

//third dropdown list
echo "<select name='time'><option value=''>Select time</option>";
while($selectiontime = mysqli_fetch_array($querytime)) 
{ 
echo  "<option value='$selectiontime[time]'>$selectiontime[time]</option>";
}
echo "</select>";
mysqli_close($connection);
?>
<p>
	<input type="submit" value="submit" />
	</p>
	</form>
	</div>		
	<?php
//THIS IS WHERE I TRIED TO INCORPORATE YOUR EXAMPLE
if ((isset($_POST['mc_name'])) AND (isset($_POST['batch_code'])) AND (isset($_POST['time'])))
	{
	$mc_name=$_POST['%s'];
	$batch_code=$_POST['%s'];
	$time=$_POST['%s'];
	}
if ((isset($_POST['%s'])) AND (isset($_POST['%s'])) AND (isset($_POST['%s'])))
{
$address = sprintf("SELECT address FROM address_photos WHERE mc_name= '%s' AND batch_code='%s' AND time='%s'");
$return = @mysqli_query ($connection, $address) or die(mysqli_error($connection). "<p>with query: $address");
//$result = mysqli_query ($connection, $query)or die(mysql_error() . "<p>With query:<br>$query");
$address = mysqli_fetch_array($address, $connection);
$address = $address['address'];
echo '<img src ="';
echo $address;
echo '" alt="calibrated coupons photographs" width="100%"/>';
}

?>	
----------------------------

 

thanks for your help so far

[Wolphie]

You should use mysql_real_escape_string() with any query you use that includes POST/GET variables. It helps prevent SQL injections by escaping data.

[DarkWater]

@dazzclub:  You can easily modify POST data from a drop-down...or any POST data for that matter.  Trust nothing in your PHP script.  At all.

 

And you have:

$querypaint=mysqli_query($connection, "SELECT DISTINCT mc_name FROM paint INNER JOIN paintuser_relation ON paint.paint_id=paintuser_relation.paint_id WHERE user_id='$user_id'")or die(mysqli_error($connection));

When it should be:

$querypaint=mysqli_query("SELECT DISTINCT mc_name FROM paint INNER JOIN paintuser_relation ON paint.paint_id=paintuser_relation.paint_id WHERE user_id='$user_id'", $connection)or die(mysqli_error($connection));

 

For all of them.