-7

help, cant access database. it can't direct me to my database cant use mysql_query for data retrieval. i think it's in my newly created database that the system can't find? but the hosting site gave me no choice to rename my database

db_connect.php

<?php

include_once 'psl-config.php';   // As functions.php is not included
$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);

?>

where i call my user and database. psl_config.php 

<?php
define("HOST", "localhost");     // The host you want to connect to.
define("USER", "xxx");    // The database username. 
define("PASSWORD", "xxx");    // The database password. 
define("DATABASE", "xxx");    // The database name.

define("CAN_REGISTER", "any");
define("DEFAULT_ROLE", "member");

define("SECURE", FALSE);  

?>

$name = $_SESSION ['username'];
$result = mysql_query(" select score1 from members where username = '$name'");

username is stated correctly. mysql query code line 14 is where the bug is.

<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';

sec_session_start();

if(!isset($_SESSION['username'])){
         header("Location: director.php");
    }



$name = $_SESSION ['username'];
$result = mysql_query(" select score1 from members where username = '$name'");


?>

i think it's in my newly created database that the system can't find? but the hosting site gave me no choice to rename my database

Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
rayah
  • 1
  • 1
  • 4
  • 3
    You're mixing `mysqli_` with `mysql_`. You're also sharing your credentials with us, which you should not do. – Jay Blanchard Sep 24 '14 at 19:58
  • 4
    Please, [don't use `mysql_*` functions in new code](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). *They are no longer maintained and are [officially deprecated](https://wiki.php.net/rfc/mysql_deprecation)*. See the [red box](http://uk.php.net/manual/en/function.mysql-connect.php)? Learn about [prepared statements](http://en.wikipedia.org/wiki/Prepared_statement) instead, and use [PDO](http://us1.php.net/pdo) or [MySQLi](http://us1.php.net/mysqli). [This article](http://php.net/manual/en/mysqlinfo.api.choosing.php) will help you decide which. – Jay Blanchard Sep 24 '14 at 19:59
  • can you help me fix it? im just new in coding and i g=have no idea what's the diff. – rayah Sep 24 '14 at 20:01
  • i'm using wamp server only – rayah Sep 24 '14 at 20:02
  • 2
    This question appears to be off-topic because it shows no prior research nor minimal understanding of the problem being solved – Marcin Orlowski Sep 24 '14 at 20:03
  • how can i use mysqli properly for data retrieval? – rayah Sep 24 '14 at 20:05
  • Start simply with a file that contains your credentials and connects to the database. – Jay Blanchard Sep 24 '14 at 20:06
  • 1
    When using `mysqli` you should be using parameterized queries and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation to accomplish this because you will create severe [SQL injection bugs](http://bobby-tables.com/). – tadman Sep 24 '14 at 20:08
  • okay it kind of worked but this showed up. – rayah Sep 24 '14 at 20:09
  • mysqli_query() expects at least 2 parameters, 1 given in /home/jvsclres/public_html/tutorials.php on line 14 – rayah Sep 24 '14 at 20:09
  • 2
    If you don't `exit;` after header location change, the script will go on... – Daniel W. Sep 24 '14 at 20:20
  • @rayah you should really start by taking a couple of tutorials and working through code organization and the basic syntax. Everything here is fairly disjointed and would require major rework to make it operational at which point you'll have a hundred more questions. – Jay Blanchard Sep 24 '14 at 20:21
  • @rayah Have you by chance consulted my answer below? It works. – Funk Forty Niner Sep 24 '14 at 22:31

2 Answers2

1

This line:

$result = mysql_query(" select...

it should be

$result = $mysqli->query("select...

and passing DB connection to the query.

using it as an object oriented style which is what your DB connection is.

$mysqli = new mysqli(HOST, USER, PASSWORD, DATABASE);

You are presently mixing MySQL APIs. Those two do not mix.

Use mysqli_ exclusively. Do not include any mysql_ functions anywhere in your code or included files. The same thing goes for required files.

I noticed you are using sec_session_start(). This is a function I have seen before. Make sure it is part of your included file, as I did not see any other mention of it in your posted code.

DanFromGermany made a good point about header

Place exit; after your header, otherwise your code will keep running:

header("Location: director.php");
  exit;

Here is an example of using a parametrized method:

$name = $_SESSION ['username'];

$stmt = $mysqli->prepare("select score1 from members where username = ?");

$stmt->bind_param('s', $name);

    if (!$stmt->execute()) {
    echo "Execute failed: (" . $stmt->errno . ") " . $stmt->error;
    }

Another example:

if($statement=$mysqli->prepare("select score1 from members where username = ?")){

 $name = $_SESSION ['username'];
 $statement-> bind_param("s", $name);

// Execute
 $statement-> execute();

// Bind results
 $statement-> bind_result($name);

// Fetch value
 while ( $statement-> fetch() ) {
 echo $name . "<br>";
 }

// Close statement
 $statement-> close();
 }

// Close entire connection
 $mysqli-> close();
Community
  • 1
  • 1
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
0

You can't mix mysqli and mysql. I highly recommend using mysqli (with the i) as mysql is being deprecated. Additionally it's compatible with PostgreSQL which many of us are switching to since Oracle took over Sun Microsystems.

John
  • 1
  • 13
  • 98
  • 177