Menu
Community /Pin to ProfileBookmark
@NogDogJan 25.2019 — #You say you're entering "all" in the URL but you're checking for "followee_all" in the code. _(EDIT: Oh, I see in a later post you corrected that.)_
On a side note, you're entering user input directly into your SQL, which is a recipe for disaster if someone attempts a SQL injection attack on your site. Either use the applicable escaping function for whichever database extension you're using, or use a prepared statement with a bound input parameter if using an extension that supports that (such as PDO or MySQLi).@NogDogJan 25.2019 — #Okay, let's start by telling us which database extension you are using (which might help me understand why you have double quotes instead of single quotes around the string literal within your query).
As far as your AND/OR issue, you can get rid of it entirely by converting the value to all lower-case in the comparison:
You could make the code DRYer with something like:
In any case, without some logging or debug output to see for sure the exact queries being used in each case, we may be missing something more basic in the query itself. ?
Why Query Fails To Pull All Data From Data Base ?
Hi,
I want to pull data from db, where sometimes all rows and sometimes rows matching given “username”.
Here is my code:
[code]
//Grab Username of who’s Browsing History needs to be searched.
if (isset($_GET[‘followee_username’]) && !empty($_GET[‘followee_username’]))
{
$followee_username = $_GET[‘followee_username’];
if($followee_username != “followee_all” OR “Followee_All”)
{
$query = “SELECT * FROM browsing_histories WHERE username = “$followee_username””;
$query_type = “followee_username”;
$followed_word = “$followee_username”;
$follower_username = “$user”;
echo “$followee_username”;
}
else
{
$query = “SELECT * FROM browsing_histories”;
$query_type = “followee_all”;
$followed_word = “followee_all”;
$follower_username = “$user”;
echo “all”;
}
}
When I specify a “username” in the query via the url:
browsing_histories_v1.php?followee_username=scottee_boy&page_number=1
I see result as I should. So far so good.
Now, when I specify “all” as username then I see no results. Why ? All records from the tbl should be pulled!
browsing_histories_v1.php?followee_username=followee_all&page_number=1
This query shouldv’e worked:
[code]
$query = “SELECT * FROM browsing_histories”;
Sign in
to post a comment11 Comments(s) ↴
0
@NogDogJan 25.2019 — #You say you're entering "all" in the URL but you're checking for "followee_all" in the code. _(EDIT: Oh, I see in a later post you corrected that.)_On a side note, you're entering user input directly into your SQL, which is a recipe for disaster if someone attempts a SQL injection attack on your site. Either use the applicable escaping function for whichever database extension you're using, or use a prepared statement with a bound input parameter if using an extension that supports that (such as PDO or MySQLi).
0
@NogDogJan 25.2019 — #Okay, let's start by telling us which database extension you are using (which might help me understand why you have double quotes instead of single quotes around the string literal within your query).As far as your AND/OR issue, you can get rid of it entirely by converting the value to all lower-case in the comparison:
<i>
</i>if(strtolower($followee_username) == 'followee_all')
{
// query for all records
}
You could make the code DRYer with something like:
<i>
</i>$query = "SELECT * FROM following_histories";
if(strtolower($followee_username) != 'followee_all')
{
$query .= "nWHERE followee_username = "$followee_username"";
}
In any case, without some logging or debug output to see for sure the exact queries being used in each case, we may be missing something more basic in the query itself. ?