tags:

views:

19

answers:

1
+1  Q: 

Unable to Select Record from Database

I am learning PHP and SQL, and I'm trying to figure out how to select a record from a database. I created a function called selectById()

Right now in the browser displayed is "Error:" but, no specific error was displayed.

 // function selectById --------------------------------------------------------------------
    function selectById($pUInput) {
        $sql = mysql_query("SELECT * FROM tblStudents 
                            WHERE id='$pUInput[0]'");

            if (!mysql_query($sql))
              {
              die('Error: ' . mysql_error());
              }
            echo "Record Selected";

    }

PHP Code: 

//Call function mainline

mainline();

// Declare the function mainline
function mainline() {

    $uInput = getUserInput();

    $connectDb = openConnect(); // Open Database Connection
    selectDb($connectDb); // Select Database
    doAction($uInput);
    //display();
    //closeConnect();

}

//Declare function getUserInput --------------------------------------------------------
function getUserInput() {

    echo "In the function getUserInput()" . "<br/>";

    // Variables of User Input
    $idnum = $_POST["idnum"];              // id (NOTE: auto increments in database)
    $fname = $_POST["fname"];             // first name
    $lname = $_POST["lname"];            // last name
    $major = $_POST["major"];           // major
    $year = $_POST["year"];            // year
    $action = $_POST["action"];       // action (select, insert, update, delete)

    $userInput = array($idnum, $fname, $lname, $major, $year, $action);

    return $userInput;
}

function doAction($pUserInput) {
    echo "In function doAction()" . "<br/>";

    if ($pUserInput[5] == "sel") {
        selectById($pUserInput);    

    } elseif ($pUserInput[5] == "ins") {
        insert($pUserInput);    
    }

}

// Create a database connection --------------------------------------------------------
function openConnect() {
    $connection = mysql_connect("localhost", "root_user", "password");
        echo "Opened Connection!" . "<br/>";

    if(!$connection) {
        die("Database connection failed: " . mysql_error());
    }

    return $connection;
}

// Select a database to ---------------------------------------------------------------- 
function selectDb($pConnectDb) {
    $dbSelect = mysql_select_db("School", $pConnectDb);
    if(!$dbSelect) {
        die("Database selection failed: " . mysql_error());
    } else {
    echo "You are in the School database! <br/>";   
    }

}

// function select ---------------------------------------------------------------------
function selectById($pUInput) {
    $sql = mysql_query("SELECT * FROM tblStudents 
                        WHERE id='$pUInput[0]'");

        if (!mysql_query($sql))
          {
          die('Error: ' . mysql_error());
          }
        echo "Record Selected";

}

// function insert -----------------------------------------------------------------------------
function insert($pUInput) {

    $sql="INSERT INTO tblStudents (first_name, last_name, major, year)
          VALUES
         ('$pUInput[1]','$pUInput[2]','$pUInput[3]', '$pUInput[4]')";


        if (!mysql_query($sql))
          {
          die('Error: ' . mysql_error());
          }
        echo "1 record added";
}



?>

SQL Syntax:

CREATE TABLE `tblStudents` (
  `id` int(11) NOT NULL AUTO_INCREMENT,
  `first_name` varchar(30) NOT NULL,
  `last_name` varchar(50) NOT NULL,
  `major` varchar(40) NOT NULL,
  `year` date NOT NULL,
  PRIMARY KEY (`id`)
)
+2  A: 

You are running a query on a query result. This will not work. You will need to use something along the lines of 

$sql = mysql_query("SELECT * FROM tblStudents 
                        WHERE id='" . $pUInput[0] . "'");

if (!$row = mysql_fetch_assoc($sql))

Which would assign $row an array value if the query did not fail. You may also want to filter the pUinput as well with mysql_real_escape_string as you do not necessarily know what it contains (or statically cast it to an integer).

EDIT

Added a bit extra information.

Brad F Jacobs  2010-08-31 21:54:24
@premiso thank you for the response. (i'm new to PHP and SQL, i'm trying to fully understand your answer.) So, the statement in the selectById() function will not actually select the record by that one statement alone--it needs the function mysql_fetch_assoc(). i'm just summarizing what i think i understand...
jc70  2010-08-31 22:07:03
Keep http://cwe.mitre.org/data/definitions/89.html in mind and take a look at http://docs.php.net/mysql_real_escape_string . Or even better use parametrized queries, see e.g. http://docs.php.net/pdo.prepared-statements
VolkerK  2010-08-31 22:09:46

related questions

What language do you use for Postgresql triggers and stored procedures?
Are Multiple DataContext classes ever appropriate?
Which tools do people use to create Data Dictionaries?
Any experiences with Protocol Buffers?
Mechanisms for tracking DB schema changes
How big can a MySQL database get before performance starts to degrade.
How do I index a database field
How does database indexing work?
How do I connect to a database and loop over a recordset in C#?
Editing database records by multiple users
Object Oriented vs Relational Databases
VFP .NET OLEdb provider does not work in Win 64-Bits. Help
Embedded Database for .net that can run off a network
Connect PHP to an AS/400
Swap unique indexed column values in database.
cx_Oracle - what is the best way to iterate over a result set?
cx_Oracle - How do I access Oracle from Python?
.NET Migrations Engine
Is there a version control system for database structure changes?
SQLite and XSD
How do I version my MS SQL database in SVN?
XSD DataSets and ignoring foreign keys
Flat File Databases in PHP
Throw Error In MySQL Trigger
Binary Data in MySQL