I have this code. In the first query I want it to select a pid. Then I want to somehow use the selected pid as WHERE in the second query. This do not work but I want it to work on this(the same) page. I have read about this on other forums but I still didn't fix it. Probably a small mistake somewhere.
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
if(mysqli_connect_errno())
{
echo mysqli_connect_error();
}
$loggedInUserId = $_SESSION['user_id'];
$resu = mysql_query("SELECT pid FROM users WHERE id='$loggedInUserId';");
$ro = mysql_fetch_row($resu);
$sql= "SELECT pid, project_name, image, image_type FROM project WHERE pid ='". $row["pid"]. "';";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_array()) {
//$type= "Content-type:".$row['image_type'];
//header ($type);
echo "<form action='respodents.php' method='post'><button name='submit' id='projectbutton'>
<div>
<img src=pic.php?pid=".$row['pid']." width=100px height=100px/>"." <div id='project_name'>".$row['project_name']."</div>"."
<input type='hidden' name='pid' value='".$row['pid']."'>
<input type='hidden' name='project_name' value='".$row['project_name']."'>
</div>
</button></form>";
}}
mysqli_close($mysqli);
?></div>
With respect to the sql, perhaps this might work
SELECT `pid`, `project_name`, `image`, `image_type`
FROM `project` WHERE `pid` = (
SELECT `pid` FROM `users` WHERE `id`='$loggedInUserId'
);
The original code had a mix of mysql and mysqli functions with a further mix of Object Orientated and Procedural method calls. Whilst this wouldn't cause an error necessarily it is bad practise to do so. Below is all in a procedural style - it's not tested but it incorporates the two queries into one which should work ( famous last words )
Sidenote: That said - with mysqli you can take advantage of prepared statements which help mitigate against the threat of sql injection - it's quite straightforward to lean and use - so rather than embedding a variable in the sql you would use a placeholder and then bind a variable to that.
<?php
ini_set('display_errors',1);
error_reporting(E_ALL);
/* db connection? */
if( mysqli_connect_errno() ) echo mysqli_connect_error();
else {
$loggedInUserId = $_SESSION['user_id'];
$sql="select `pid`, `project_name`, `image`, `image_type`
from `project`
where `pid` = (
select `pid` from `users` where `id`='$loggedinuserid'
);";
$resu=mysqli_query( $mysqli, $sql );
if( $resu ){
$ro = mysqli_fetch_row( $resu );
while( $row=mysqli_fetch_object( $resu ) ){
echo "<form action='respodents.php' method='post'>
<button name='submit' id='projectbutton'><!-- you cannot re-use IDs, they MUST be unique! -->
<div>
<img src'=pic.php?pid=".$row->pid."' width='100px' height='100px'/>
<div id='project_name'>".$row->project_name."</div><!-- you cannot re-use IDs, they MUST be unique! -->
<input type='hidden' name='pid' value='".$row->pid."'/>
<input type='hidden' name='project_name' value='".$row->project_name."'/>
</div>
</button>
</form>";
}
}
mysqli_close( $mysqli );
}
?>
$ro = mysql_fetch_row($resu);
$sql= "SELECT pid, project_name, image, image_type FROM project WHERE pid ='".
$row["pid"]. "';";
$ro = mysql_fetch_row($resu); should be spelled $row not $ro. There's nothing in the variable you are calling in your SQL statement.
Also, your SQL Statement doesn't make much sense in terms of
$row["pid"],
you are accessing a numerical array with mysql_fetch_row(http://php.net/manual/en/function.mysql-fetch-row.php).
If anything, you want to do mysql_fetch_array or mysql_fetch_assoc, to fetch an associative array that you can access the "pid" data statement. The way you are doing it with fetch_row you want to access it numerical, i.e.,
$result = mysql_query("SELECT id,email FROM people WHERE id = '42'");
$row = mysql_fetch_row($result);
echo $row[0]; // 42
echo $row[1]; // the email value
The above is copied directly from the php mysql_fetch_row docs.
Edit:: http://php.net/manual/en/mysqli-result.fetch-row.php Mysqli Docs for fetch_row.
First of all, you should not be mixing mysql and mysqli. Let's use mysqli as mysql is deprecated.
I will assume that you don't need it to be in just one query since you never specified.
$result = mysqli_query("SELECT pid FROM users WHERE id='$loggedInUserId';");
while($row = mysqli_fetch_row($result))
{
$pid = $row['pid'];
}
$sql= "SELECT pid, project_name, image, image_type FROM project WHERE pid ='". $pid. "';";
$result = $mysqli->query($sql);
Also, you really should learn to use prepared statements as they are a much safer.
I believe you have to change this code:
$resu = mysql_query("SELECT pid FROM users WHERE id='$loggedInUserId';");
to:
$resu = mysql_query("SELECT pid FROM users WHERE id='".$loggedInUserId."'");
And do not mix mysql and mysqli commands you can easly mess up you code that way.
This looks smelly
$ro = mysql_fetch_row($resu);
$sql= "SELECT pid, project_name, image, image_type FROM project WHERE pid ='". $row["pid"]. "';";
change $ro = mysql_fetch_row($resu); to $row = mysql_fetch_row($resu);