0

I am trying to show a user's data from my mysql table by selecting them by username using the following code, however it outputs 'no selection'. Important to note here that when I replace the '$username' by the real username from the database it works fine. Here is the complete code.

                      <?php 
            mysql_connect("localhost", "root", "")or die("cannot connect"); 
            mysql_select_db("my_databse")or die("cannot select DB"); 
             mysql_query("SET CHARACTER SET 'utf8';")or die(mysql_error());

       $username=$_POST['username']; 
       $username = mysql_real_escape_string($username); 

       $sql="SELECT * FROM cv_users WHERE username LIKE '$username'"; 
       $result=mysql_query($sql); 

       $count=mysql_num_rows($result); 

       if( mysql_num_rows( $result ) === 1 ){ 
        $row = mysql_fetch_assoc( $result ); 
        $email = $row[ 'email' ];
        $cv_txt = $row[ 'cv_txt' ];
         $cv_txt = mysql_real_escape_string($cv_txt); 
         } 
         else { 
        echo 'no selection'; 
          }
           ?>
          <?php 
           echo $row[ 'cv_txt' ]; 
          ?>
Improve this question
4
  • "complete code" inlcuding your connection? What is the username you're POSTING? Commented May 28, 2014 at 9:42
  • try to print $username before query !!! is its value correct ? Commented May 28, 2014 at 9:44
  • Can you please format your source code ? I haven't seen such a nightmare for ages :) Commented May 28, 2014 at 9:55
  • In fact I tried to echo the username before the sql query but it outputs nothing. I can't see what's wrong with it ? Commented May 28, 2014 at 10:15

5 Answers 5

Reset to default
2

Your problem is you are looking for 1 result and also you are adding an extra '' around the php string var you can remove this '.

Your current query : 

$sql="SELECT * FROM cv_users WHERE username LIKE '$username'";

This states that you will take everything where there is a username LIKE $username This is also incorrect as you are not considering the php var inside the string.

You could change this to 

$sql="SELECT * FROM cv_users WHERE username LIKE '".$username."'";

OR 

$sql="SELECT * FROM cv_users WHERE username = '".$username."'";

This will return 1 user if the username matches and if it does not match there will be no results at all.

This will clean up on the later : 

if( mysql_num_rows( $result ) === 1 ){

There is code duplication here when you are already defining $count as mysql_num_rows( $result.

Debugging should be done when running into issues like this, echoing the SQL query in your page then executing that directly into MySQL would produce the error for you.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

Your issue is that you are looking for an anything that matches the username supplied.

$sql = "SELECT * FROM cv_users WHERE username LIKE '$username'";

What you should be doing is fetching the data where the username is as supplied:

$sql="SELECT * FROM cv_users WHERE username = '{$username}'";

Now this would be done a whole lot easier with PDO (see footnotes)

$db = new PDO("...");
$statement = $db->prepare("SELECT * FROM cv_users WHERE username = :username");
$statement->execute(array(':username' => $username));
$row = $statement->fetch(); // Use fetchAll() if you want all results, or just iterate over the statement, since it implements Iterator

I won't spoon-feed you all the code, the rest is up to you in your implementation :)

Footnotes

The whole php mysql_* api is depreciated and you should avoid using it at all.

This extension is deprecated as of PHP 5.5.0, and is not recommended for writing new code as it will be removed in the future. Instead, either the mysqli or PDO_MySQL extension should be used. See also the MySQL API Overview for further help while choosing a MySQL API.

You should use either of the following two:

Improve this answer

2 Comments

+1 for PDO suggestion but mysqli_ might be a better upgrade solution given its similarities to mysql_
@Pogrindis touche on the suggestion. I'll leave it up to the OP to give the mysqli_* docs a read :)
1

you need to understand the difference between " and '.

Simply put, the text between " will be parsed by the PHP-interpreter, while text between ' will just be text.

In your example MYSQL will search for a user with the username '$username' instead of searching for the value of the variable $username.

But in your case $username needs to be in quotes, otherwise MYSQL won't work. And here is how you do it:

$sql="SELECT * FROM cv_users WHERE username LIKE '".$username."'";

Hope this helps.

Improve this answer

Comments

0

Are you sure php gets the username correctly? Maybe you can first try to echo the username(or debug), so you are certain you get the username.

Improve this answer

3 Comments

In fact I tried to echo the username before the sql query but it outputs nothing. I can't see what's wrong with it ?
So echo doesn't output the username?
Yes it didn't, but when I used $username=$_GET['username']; in stead of POST method it is now working fine. Thanks for all
0

It seemed that the problem is with the Post method, As I changet it to get it worked fine. Thanks for all of you

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.