Jump to content

help displaying record info


Go to solution Solved by Jacques1,

Recommended Posts

Hi all.

I am really battling with stupid things, and I can not see my errors. I am trying to display records from my db, but to no avail. Please can someone see my error...


My conn code is as follows:

$proId = $_GET['profileId'];
$postId = $_POST['postedId'];

$servername = "localhost";
$username = "findo_aniuser";
$password = "111lmx333AO!";
$dbname = "findo_animals";

// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);

$sql = "SELECT * FROM codeinfo WHERE uniCode='".$proId."' OR uniCode='".$postId."'";
$result = $conn->query($sql);
//echo $sql;


and in my page, all I am trying to do is show a record, but I am getting no results. I have checked my query on phpmysql and it is returning a recordset!?

Trying to display my result on the page with the following. Again, your help is much appreciated


<?php echo $row["uniCode"]; ?>
Edited by RobDgital
Link to comment
Share on other sites

  • Solution

First the standard decontamination procedure:

  • Your code has SQL injection vulnerabilities all over the place. Not only can this be used to compromise your database or even the entire server. It also leads to syntax errors with perfectly valid input. Learn to use prepared statements.
  • Your error handling is messed up. First you dump your connection error straight on the website, which is really helpful for attackers and very irritating for legitimate users. Then you just stop checking for errors altogether. Learn how to enable exceptions and then let PHP handle them.
  • mysqli is actually a poor choice. It's a cumbersome low-level interface for people who read the manual, and we all know this doesn't work for PHP programmers. If you can, switch to PDO. It's far more programmer-friendly and supports many different database systems, not just MySQL.
  • You have no input validation whatsoever. You don't check the request method, you don't check if the parameters are actually present, you don't check if their values make sense. This makes the application extremely fragile and difficult to debug, because invalid values aren't caught and may have all kinds of unexpected effects. Maybe the application crashes at some point, maybe it continues but doesn't do what it should. You never know. Learn to validate all input.


If you're still having trouble, post the full code (leaving out the relevant fetch parts is rather silly) in code tags (not this custom colored text stuff) and with a concrete error message.

  • Like 1
Link to comment
Share on other sites

The dumping of the is only for when in dev stages, if i put it live, i delete this


You should delete it all together. It doesn't make any sense to clutter your code with echo statements which don't even include all relevant information and then delete everything.


You're reinventing the square wheel. PHP already has an error reporting mechanism which works in all environments and doesn't require any code changes. If you want to see the error during development, you enable display_errors in your php.ini. If you want to log the errors in production, you enable log_errors.


By the way, the usernames in this forum are the blue text on the grey bar. You're RobDgital, I'm Jacques1.

Link to comment
Share on other sites

This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.