Jump to content

How To Provide Column name With $_SESSION Value ?


2020

Recommended Posts

Php Buddies,

Line 67:

$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE $_SESSION['search_column'] = ?";

I get error for the above:


Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting '-' or identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING) in C:\xampp\htdocs\test\select.php on line 67

 

How to fix this ?

 

Context:

	<?php
//include('error_reporting.php');
ini_set('error_reporting','E_ALL');//Same as: error_reporting(E_ALL);
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
require('conn.php');
?>
	<form name = "search" method = "POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<label for="keywords">Keywords:*</label>
<input type="text" name="keywords" id="keywords" placeholder="Input Keywords" required>
<br>
<label for="search_column">Search in ... ?</label>
<select name="search_column" id="search_column">
<option value="page_url">Page Url</option>
<option value="link_anchor_text">Link Anchor Text</option>
<option value="page_description">Page Description</option>
<option value="keyphrase">Keyphrase</option>
<option value="keywords">Keywords</option>
</select>
<br>
<label for="tos_agreement">Agree to TOS or not ? *</label>
<select name="tos_agreement" id="tos_agreement" required>
<option value="Yes">Yes</option>
<option value="No">No</option>
</select>
<br>
<input type="button" name="search_links" id="search_links" value="Search Links!">
<br>
<input type="reset">
<br>
</form>
	<?php
	if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    if(ISSET($_POST['search_links']))
    {
        if(ISSET($_POST['page_url']))
        {
            $_SESSION['search_column'] = $_POST['page_url'];
        }
        elseif(ISSET($_POST['link_anchor_text']))
        {
            $_SESSION['search_column'] = $_POST['link_anchor_text'];
        }
        elseif(ISSET($_POST['page_description']))
        {
            $_SESSION['search_column'] = $_POST['page_description'];
        }
        elseif(ISSET($_POST['keyphrase']))
        {
            $_SESSION['search_column'] = $_POST['keyphrase'];
        }
        elseif(ISSET($_POST['keywords']))
        {
            $_SESSION['search_column'] = $_POST['keywords'];
        }
        
        //Re-write the following 4 lines ...
        mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
        mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
       $conn->set_charset('utf8mb4'); //Always set Charset.
	        $query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE $_SESSION['search_column'] = ?";
	        $stmt = mysqli_stmt_init($conn);
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$_SESSION['search_column']);
            
            $result = mysqli_stmt_bind_result($stmt,$page_url,$link_anchor_text,$page_description,$keyphrase,$keywords);
            mysqli_stmt_execute($stmt);
            
            mysqli_stmt_fetch($stmt);
            
            while(mysqli_stmt_fetch($stmt))
            {
                echo "url"; echo "<br>";
                echo "anchor_text"; echo "<br>";
                echo "description"; echo "<br>";
                echo "keyphrases"; echo "<br>";
                echo "keywords"; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            echo "1. QUERY failed!";
        }
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'sssss',$_POST['page_url'],$_POST['link_anchor_text'],$_POST['page_description'],$_POST['keyphrases'],$_POST['keywords']);
            mysqli_stmt_execute($stmt);
            
            $result = mysqli_stmt_get_result($stmt);
            
            while($row = mysqli_fetch_array($result,mysqli_assoc))
            {
                $page_url = $row['page_url']; echo $page_url; echo "<br>";
                $link_anchor_text = $row['link_anchor_text']; echo $link_anchor_text; echo "<br>";
                $page_description = $row['page_description']; echo $page_description; echo "<br>";
                $keyphrases = $row['keyphrases']; echo $keyphrases; echo "<br>";
                $keywords = $row['keywords']; echo $keywords; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            die("2. QUERY failed!");
        }
    }
}
	
?>
	
Edited by 2020
Link to comment
Share on other sites

conn.php looks like this:

	$conn = mysqli_connect("localhost","root","","test");
$db_server = 'localhost';
$db_user = 'root';
$db_password = '';
$db_database = 'test';
$conn->set_charset('utf8mb4');//Always use Charset.
	if (!$conn)
{
    //Error Message to show user in technical/development mode to see errors.
    die("Database Error : " . mysqli_error($conn));
    
    //Error Message to show User in Layman's mode to see errors.
    die("Database error.");
    exit();
}
	?>
	

Link to comment
Share on other sites

PHP is getting confused about the single quotes in the SESSION variable. You could add curly brackets around the variable:

$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE {$_SESSION['search_column']} = ?";

Or you could utilize string concatenation:

$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE " . $_SESSION['search_column'] . " = ?";

 

Note that you want to validate the "search_column" variable. That way you prevent the query from potentially breaking if the column name is a reserved word or if the column name doesn't exist in the database table. You will also want to prevent things like SQL injection attacks.

Edited by cyberRobot
Added note
  • Thanks 1
Link to comment
Share on other sites

1 hour ago, cyberRobot said:

PHP is getting confused about the single quotes in the SESSION variable. You could add curly brackets around the variable:


$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE {$_SESSION['search_column']} = ?";

Or you could utilize string concatenation:


$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE " . $_SESSION['search_column'] . " = ?";

 

Note that you want to validate the "search_column" variable. That way you prevent the query from potentially breaking if the column name is a reserved word or if the column name doesn't exist in the database table. You will also want to prevent things like SQL injection attacks.

Nope! Neither these worked like you suggested as I still get the same error!

	$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE {$_SESSION['search_column']} = ?";
	 

 

$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE " . $_SESSION['search_column'] . " = ?";

 

Link to comment
Share on other sites

People,

See this:

<?php
//include('error_reporting.php');
ini_set('error_reporting','E_ALL');//Same as: error_reporting(E_ALL);
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
require('conn.php');
?>
	<form name = "search" method = "POST" action="">
<label for="keywords">Keywords:*</label>
<input type="text" name="keywords" id="keywords" placeholder="Input Keywords" required>
<br>
<label for="search_column">Search in ... ?</label>
<select name="search_column" id="search_column">
<option value="page_url">Page Url</option>
<option value="link_anchor_text">Link Anchor Text</option>
<option value="page_description">Page Description</option>
<option value="keyphrase">Keyphrase</option>
<option value="keywords">Keywords</option>
</select>
<br>
<label for="tos_agreement">Agree to TOS or not ? *</label>
<select name="tos_agreement" id="tos_agreement" required>
<option value="Yes">Yes</option>
<option value="No">No</option>
</select>
<br>
<input type="button" name="search_links" id="search_links" value="Search Links!">
<br>
<input type="reset">
<br>
</form>
	<?php
	if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    if(ISSET($_POST['search_links']))
    {
        if(ISSET($_POST['page_url']))
        {
            $_SESSION['search_column'] = $_POST['page_url'];
        }
        elseif(ISSET($_POST['link_anchor_text']))
        {
            $_SESSION['search_column'] = $_POST['link_anchor_text'];
        }
        elseif(ISSET($_POST['page_description']))
        {
            $_SESSION['search_column'] = $_POST['page_description'];
        }
        elseif(ISSET($_POST['keyphrase']))
        {
            $_SESSION['search_column'] = $_POST['keyphrase'];
        }
        elseif(ISSET($_POST['keywords']))
        {
            $_SESSION['search_column'] = $_POST['keywords'];
        }
        
        //Re-write the following 4 lines ...
        mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
        $conn = mysqli_connect("localhost","root","","test");
        $conn->set_charset('utf8mb4'); //Always set Charset.
	        //$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE $_SESSION['search_column'] = ?";
        $query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE {$_SESSION['search_column']} = ?";
        //$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE " . $_SESSION['search_column'] . " = ?";
        
        $stmt = mysqli_stmt_init($conn);
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$_SESSION['search_column']);
            
            $result = mysqli_stmt_bind_result($stmt,$page_url,$link_anchor_text,$page_description,$keyphrase,$keywords);
            mysqli_stmt_execute($stmt);
            
            mysqli_stmt_fetch($stmt);
            
            while(mysqli_stmt_fetch($stmt))
            {
                echo "url"; echo "<br>";
                echo "anchor_text"; echo "<br>";
                echo "description"; echo "<br>";
                echo "keyphrases"; echo "<br>";
                echo "keywords"; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            echo "1. QUERY failed!";
        }
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'sssss',$_POST['page_url'],$_POST['link_anchor_text'],$_POST['page_description'],$_POST['keyphrases'],$_POST['keywords']);
            mysqli_stmt_execute($stmt);
            
            $result = mysqli_stmt_get_result($stmt);
            
            while($row = mysqli_fetch_array($result,mysqli_assoc))
            {
                $page_url = $row['page_url']; echo $page_url; echo "<br>";
                $link_anchor_text = $row['link_anchor_text']; echo $link_anchor_text; echo "<br>";
                $page_description = $row['page_description']; echo $page_description; echo "<br>";
                $keyphrases = $row['keyphrases']; echo $keyphrases; echo "<br>";
                $keywords = $row['keywords']; echo $keywords; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            die("2. QUERY failed!");
        }
    }
}

?>

On your Xampp. See why you get no rows displayed. Error gone now.


Thanks!

Link to comment
Share on other sites

Where to start?

If those fields (page_url, link_anchor_text etc) all exist in the form then after the form is posted all those POSTed values will be set.

In particular, $_POST['page_url'] will be set so no others will be checked.

If $_POST['page_url'] is empty then your SESSION variable will be empty. It needs to contain a valid column name, hence your sql error.

You need to be setting the SESSION value to column name, not the content of the form field.

Link to comment
Share on other sites

12 hours ago, Barand said:

Where to start?

If those fields (page_url, link_anchor_text etc) all exist in the form then after the form is posted all those POSTed values will be set.

In particular, $_POST['page_url'] will be set so no others will be checked.

If $_POST['page_url'] is empty then your SESSION variable will be empty. It needs to contain a valid column name, hence your sql error.

You need to be setting the SESSION value to column name, not the content of the form field.

Before I read your reply, I spotted my error and fixed it to this:

	if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    if(ISSET($_POST['search_links']))
    {
        if(ISSET($_POST['search_column']))
        {
            $_SESSION['search_column'] = $_POST['search_column'];
        }
	

 

from this:

	if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    if(ISSET($_POST['search_links']))
    {
        if(ISSET($_POST['page_url']))
        {
            $_SESSION['search_column'] = $_POST['page_url'];
        }
        elseif(ISSET($_POST['link_anchor_text']))
        {
            $_SESSION['search_column'] = $_POST['link_anchor_text'];
        }
        elseif(ISSET($_POST['page_description']))
        {
            $_SESSION['search_column'] = $_POST['page_description'];
        }
        elseif(ISSET($_POST['keyphrase']))
        {
            $_SESSION['search_column'] = $_POST['keyphrase'];
        }
        elseif(ISSET($_POST['keywords']))
        {
            $_SESSION['search_column'] = $_POST['keywords'];
        }
	

 

But guess what, it still doesn't work ?

My columns match the options values:

	<label for="search_column">Search in ... ?</label>
<select name="search_column" id="search_column">
<option value="page_url">Page Url</option>
<option value="link_anchor_text">Link Anchor Text</option>
<option value="page_description">Page Description</option>
<option value="keyphrase">Keyphrase</option>
<option value="keywords">Keywords</option>
</select>
	

 

On the form, I select the option "keywords" and type "search" (keyword) and hit the "search" button.

On my "links" tbl, "test" db, there is a column "keywords" and a row "search".

hence, the exact match search should have yielded results.

 

Link to comment
Share on other sites

1 hour ago, Barand said:

Your $_POST values do not match what is posted.

Try a very simple piece of code from "Debugging 101"


echo '<pre>' . print_r($_POST, 1) . '</pre>';

so you can see what is being posted

Where to add it ?

I did it like this:

	if($_SERVER['REQUEST_METHOD'] === 'POST')
{cho '<pre>' . print_r($_POST, 1) . '</pre>';
	

I get nothing extra echoed.

Reality is, this not triggerring:

	if(ISSET($_POST['search_links'])
	

Because, I reckon, my button is invalid.

Button:

	<input type="button" name="search_links" id="search_links" value="Search Links!">
	

Now, I changed my button code to this:

	<button type="submit">Search</button>
	

 

Now how do I write the if ISSET since the button doesn;t have an id or name ?

This won't do would it ?

	if(ISSET($_POST['submit'])
	

or this ?

	if(ISSET($_POST['search'])
	

 

Tutorials show buttons can be either the 3:

 

1

	<button type="submit">Submit</button>
	

 

2

<button type="submit" value="submit">Search</button>
	

 

3

<input type="submit" value="Send Data">
	

 

Edited by 2020
Link to comment
Share on other sites

Barand,

 

Look at the img. Can you see ? :

db = test

tbl = links

col = keywords

Now, look at the "keywords" col entries. Can you see 2 entries ?:

search

money

That means, the "keywords" col has an entry: search.

Hence, on the html form, I selected "Keywords" option on the drop down so the "keywords" column gets (SELECTED) searched for the user's inputted keywords. Typed in "search". Clicked "Search" button.

Since there is an exact match for the keyword "search" then the script should have displayed a matching result from column "keywords". It displays nothing!

Note that, even though the drop down option is "Keywords" (the column to query), the:

value="keywords"

And so, "keywords" col will be searched. Not "Keywords" column. Note the capital "K" and small "k" we talking about here.

Look at the imgs.

One img shows what the form looks like before submission.

Other img shows what it looks like after submission. Showing you imgs so you see what my tbl entry looks like and what I am searching for in the db.

Latest code that fails:

	<?php
//include('error_reporting.php');
error_reporting(E_ALL);
ini_set('error_reporting',E_ALL);//Same as: error_reporting(E_ALL);
ini_set('display_errors','1');
ini_set('display_startup_errors','1');
require('conn.php');
echo __LINE__;
?>
	<form name = "search" method = "POST" action="">
<label for="keywords">Keywords:*</label>
<input type="text" name="keywords" id="keywords" placeholder="Input Keywords" required>
<br>
<label for="search_column">Search in ... ?</label>
<select name="search_column" id="search_column">
<option value="page_url">Page Url</option>
<option value="link_anchor_text">Link Anchor Text</option>
<option value="page_description">Page Description</option>
<option value="keyphrase">Keyphrase</option>
<option value="keywords">Keywords</option>
</select>
<br>
<label for="tos_agreement">Agree to TOS or not ? *</label>
<select name="tos_agreement" id="tos_agreement" required>
<option value="Yes">Yes</option>
<option value="No">No</option>
</select>
<br>
<button type="submit">Search</button>
<br>
<input type="reset">
<br>
</form>
	<?php
echo __LINE__;
if($_SERVER['REQUEST_METHOD'] === 'POST')
{
    echo __LINE__;
    if(ISSET($_POST['submit']))
    {
        echo __LINE__;
        if(ISSET($_POST['search_column']))
        {
            $_SESSION['search_column'] = $_POST['search_column'];
            echo $_SESSION['search_column'];
            echo __LINE__;
        }
        
        //Re-write the following 4 lines ...
        mysqli_report(MYSQLI_REPORT_ALL|MYSQLI_REPORT_STRICT);
        $conn = mysqli_connect("localhost","root","","test");
        $conn->set_charset('utf8mb4'); //Always set Charset.
	        //$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE $_SESSION['search_column'] = ?";
        $query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE {$_SESSION['search_column']} = ?";
        //$query = "SELECT page_url,link_anchor_text,page_description,keyphrases,keywords FROM links WHERE " . $_SESSION['search_column'] . " = ?";
        
        $stmt = mysqli_stmt_init($conn);
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'s',$_SESSION['search_column']);
            
            $result = mysqli_stmt_bind_result($stmt,$page_url,$link_anchor_text,$page_description,$keyphrase,$keywords);
            mysqli_stmt_execute($stmt);
            
            mysqli_stmt_fetch($stmt);
            
            while(mysqli_stmt_fetch($stmt))
            {
                echo "url"; echo "<br>";
                echo "anchor_text"; echo "<br>";
                echo "description"; echo "<br>";
                echo "keyphrases"; echo "<br>";
                echo "keywords"; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            echo "1. QUERY failed!";
        }
	        if(mysqli_stmt_prepare($stmt,$query))
        {
            mysqli_stmt_bind_param($stmt,'sssss',$_POST['page_url'],$_POST['link_anchor_text'],$_POST['page_description'],$_POST['keyphrases'],$_POST['keywords']);
            mysqli_stmt_execute($stmt);
            
            $result = mysqli_stmt_get_result($stmt);
            
            while($row = mysqli_fetch_array($result,mysqli_assoc))
            {
                $page_url = $row['page_url']; echo $page_url; echo "<br>";
                $link_anchor_text = $row['link_anchor_text']; echo $link_anchor_text; echo "<br>";
                $page_description = $row['page_description']; echo $page_description; echo "<br>";
                $keyphrases = $row['keyphrases']; echo $keyphrases; echo "<br>";
                $keywords = $row['keywords']; echo $keywords; echo "<br>";
                echo "|";
                echo "<br>";
            }
            
            mysqli_stmt_close($stmt);
            mysqli_close($conn);
        }
        else
        {
            die("2. QUERY failed!");
        }
        echo '<pre>' . print_r($_POST, 1) . '</pre>';
    }
}
echo __LINE__;
	?>
	

links.png

rows.png

form_before_button_click.png

form_after_button_click.png

Edited by 2020
Link to comment
Share on other sites

Someone pointed-out my mistakes and so I made these amendments:

Added at the top:

session_start();

Changed:

while($row = mysqli_fetch_array($result,mysqli_assoc))

to this:

while($row = mysqli_fetch_array($result,MYSQLI_ASSOC))

 

But still no, luck. Script yields no result from db!

Link to comment
Share on other sites

Issue SOLVED!

No one in this forum or another could figure out what the problem was. I got a handful of programmers in this forum and another that usually are able to help me but on this occassion everyone failed BUT one programmer on another forum who came across my thread last night or so! Some new guy to me. No offense to anyone here. Didn't come here to gloat but share my SOLUTION.

2 of my threads will be closed here and there soon thanks to him.
The issue was the buttons I was using weren't working. His button did.
Look at my current code. You will see his button (last button out of the 4) and a few (3) of my own above his. None of my buttons work. Test it for yourself!

I thought I will mention this in this forum so others can benefit.

The first 3 buttons are mine and a failure. The 4th one is his and a PASS:

	<button type="submit">Submit</button><br>
<button type="submit" value="submit">Submit</button><br>
<input type="submit" value="submit"><br>
<button name=submit value=" ">Submit</button><br>
	

Edited by 2020
Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.