Jump to content

[SOLVED] mysql_fetch_row


Onloac

Recommended Posts

I'm not sure what I'm doing wrong, but what I'm trying to do is check to see if if a row with X id already exsists within a table. I'm using the below code and it doesn't seem to be working. It shows whats in the else statement regardless if the item exsists or not. What am I doing wrong?

 

 

$cid = $_GET["cid"];
if (mysql_fetch_row($db->query("SELECT * FROM articles_category WHERE cid='$cid'")))
{  echo "Category does exsists"; )
else { echo "No Category with that ID exsists"; }

Link to comment
Share on other sites

I'd like of by saying that a serious security flaw right there lol sql injection easily done with that.

 

Secondly whats $db->query?

 

shouldnt it be like

 

$result = mysql_query("SELECT * FROM articles_category WHERE cid='$cid'", $link); 
if (mysql_fetch_row($result))
{  echo "Category does exsists"; )
else { echo "No Category with that ID exsists"; }

 

I dont think you could 1 line it.

replace mysql_fetch_row with mysql_num_rows...?

 

yes joel24 is correct num_rows is better then fetch_row if you want to do checks without accessing to much mysql data

Link to comment
Share on other sites

Please note I'm not using this code, I used it as an example to get my problem solved. $db->query works exactly like mysql_query() for me as its a function and works correctly and is not causing any problems. I've revised the code to:

$re = $db->query("SELECT * FROM articles_category WHERE cid='$cid'");
if (mysql_num_rows($re))
{  echo "Category does exsists"; }
else { echo "No Category with that ID exsists"; }

This doesn't seem to be working either. It's still outputting the else statement even if the row is there. What am I doing wrong?

 

BY THE WAY, i use mysql_escape_string ()... is that not enough to protect me from SQL injection? They can do it through the $cid correct?

Link to comment
Share on other sites

can you copy / paste your complete code?

 

everything there looks fine, your SQL statement isn't retrieving any rows...

before the line $re = $db->query( etc etc

put in

 

echo $cid;

exit();

 

and see what it echos...

 

if the echo $cid; is echoing the ID as it should be,

try change

$re = $db->query("SELECT * FROM articles_category WHERE cid='$cid'");

 

to

 

$re = $db->query("SELECT * FROM articles_category");

 

and execute the code (without the echo $cid; exit(); lines) and it should say "category does exist".. unless there are no rows in your articles_category table

 

 

Link to comment
Share on other sites

try this.

if it doesn't work try changing

$result = $db->query("SELECT * FROM articles_category WHERE cid='$cid'") or die(mysql_error());

to

$result = mysql_query("SELECT * FROM articles_category WHERE cid='$cid'") or die(mysql_error());

 

<?php 
         require 'global_header.php';
$cid = mysql_escape_string ($_GET["cid"]);
$result = $db->query("SELECT * FROM articles_category WHERE cid='$cid'") or die(mysql_error()); 
if (!mysql_num_rows($result)) {
echo "No Category with that ID exsists";
} else {
$row = $db->fetch_array($result);
?>
<form action="?mod=edit&cid=<?PHP echo $cid; ?>" method="post">
<table id="tablestyle">
<tr><td colspan="2" height="23" background="navbg.gif" class="nav" align="center"><b>Editing Category Details:</b></td>
<tr><td bgcolor="#E6E6E6">Category ID:</td><td bgcolor="#E6E6E6"><input type="text" name="upcid" size="30" value="<?PHP echo $row['cid']; ?>"></td></tr>
<tr><td bgcolor="#E6E6E6">Category Name:</td><td bgcolor="#E6E6E6"><input type="text" name="upcat" size="30" value="<?PHP echo $row['category']; ?>"></td></tr>
<tr><td colspan="2" align="center" bgcolor="#E6E6E6"><input type="submit" value="Submit"></td></tr>
<tr><td colspan="2" height="23" background="navbg.gif"></td></tr></table>
<?php
} //end if num rows
         require 'global_footer.php';
?>

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.