0

I'm using this code here

<?php
error_reporting(1);
$servername = '127.0.0.1';
$username = '';
$password = '';
$dbname = 'splafpoo_users';
$conn = new mysqli($servername, $username, $password, $dbname);

if (mysqli_connect_errno()){
    printf("<b>Connection failed:</b> %s\n", mysqli_connect_error());
    exit;
} 

$key = '';

if(isset($_POST['key'])){
    $key = $_POST['key'];
}

$query = "SELECT * FROM users WHERE serial='$key'";
echo $query;

$result = $mysqli->query($query);
$row = $result->fetch_assoc();

echo $row;
?>

Running the query SELECT * FROM users WHERE serial='test' in phpMyAdmin returns the desired result however when trying to display the result using the code above nothing is displayed and I cannot figure out how. How do I display the result?

Improve this question
5
  • It's worth noting that your code is wide open to SQL injection. You should definitely use query parameters instead of executing user input as code. Commented Jan 3, 2017 at 17:44
  • Put the query inside your if statement so you do not run it if $key is not set. You're not getting any results because $key is set to blank and you have no records in your database where $key = ''; You are running this query: SELECT * FROM users WHERE serial='' instead of one where $key has a value. Commented Jan 3, 2017 at 17:46
  • @JayBlanchard I inserted the appropriate inside the IF statement and I do have a row that contains what I am looking for. To test I use a python script which sends the post request with the data 'key': 'test'. Here's a screenshot of my the query result in phpmyadmin i.imgur.com/n29UrK9.png Commented Jan 3, 2017 at 17:54
  • You manually set the variable to test but you're not checking $key inside your if condition. Commented Jan 3, 2017 at 18:13
  • WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use string interpolation or concatenation to accomplish this because you have created a severe SQL injection bug. NEVER put $_POST or $_GET data directly into a query, it can be very harmful if someone seeks to exploit your mistake. Commented Jan 3, 2017 at 18:23

2 Answers 2

Reset to default
1

You're gonna need a good old fashion while loop

while($row = $result->fetch_assoc()) {
    echo $row['WHATEVERCOLUMNITISYOUWANT'];
}

also this is most definitely a duplicate.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

If there was a row that matched the echo the OP has would work.
0

Use var_dump($row) instead of echo $row or you use echo with a key:
e.g. echo $row["user"]

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.