#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    16
    Rep Power
    0

    Does anyone know where is the error?


    Hi there.

    I guess i'm doing the query well.

    Code:
    $test = mysql_query("SELECT email FROM usuarios where usuario = '" . $user . "'");
    $user = $_SESSION['user'];
    Code:
    <tr>
    <td><center><strong><a href="usuariopainel/usuario/mudarsenha.php">Change e-mail</a> (<font color="blue"><u><?php echo $test; ?></font></u>)</center></strong></td>
    </tr>
    Thanks.
  2. #2
  3. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Hi,

    sorry, but I can't make anything of that -- except that you're probably yet another victim of w3schools or similarly bad "tutorials".

    Please read this wiki on how to get away from the ancient mysql_ functions and write proper database code:
    http://wiki.hashphp.org/PDO_Tutorial...SQL_Developers
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    16
    Rep Power
    0
    Originally Posted by Jacques1
    Hi,

    sorry, but I can't make anything of that -- except that you're probably yet another victim of w3schools or similarly bad "tutorials".

    Please read this wiki on how to get away from the ancient mysql_ functions and write proper database code:
    http://wiki.hashphp.org/PDO_Tutorial...SQL_Developers
    I'm always receiving this

    Code:
    Change your e-mail (Resource id #11)
    The fk is resource?
  6. #4
  7. Did you steal it?
    Devshed Supreme Being (6500+ posts)

    Join Date
    Mar 2007
    Location
    Washington, USA
    Posts
    14,002
    Rep Power
    9398
    $test is not the email. It is a resource which you use to get the data from the results of the query.

    If you change your code to use PDO instead you'll fix the problem along the way.
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    Well ive been getting bashed for using these old mysql extensions as well. However your $test is not the email address. From other users statements it is advised to switch to either MySQLI or PDO rather than the old MySql Extension. However to correct your code from its current state without changing to the newer methods you should first make sure that $user is set before it is used. then you will need to fetch an array from the result of your query.

    PHP Code:
    $row=mysql_fetch_array('$test');
    $email=$row['EmailColumn']; 
    BUT apparently these are old methods and the people who posted before me know much more than i do so i would listen to them and switch to a newer method of querying your database from php.

    Originally Posted by requinix
    $test is not the email. It is a resource which you use to get the data from the results of the query.

    If you change your code to use PDO instead you'll fix the problem along the way.

    Comments on this post

    • requinix agrees : some members have made it their goal in life to yell at code involving mysql. don't mind them
  10. #6
  11. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by requinix
    some members have made it their goal in life to yell at code involving mysql. don't mind them
    requinix, you've been here for many years, so you should really know better. Making fun of people who try to help others on writing modern and secure PHP is pretty lame, and I find it surprising to hear that from a moderator of a PHP forum.

    There's a reason why some of us "made it their goal in life" to recommend modern database extensions as opposed to the "good old" mysql_ functions:
    • The old MySQL extension makes it hard to write secure code, and the people/tutorials still using it almost never get it right -- when you see mysql_query() being used, you're likely to see it in the context of
      mysql_query("SELECT * FROM users WHERE id = $_GET[id]") or die(mysql_error());
    • Prepared statements are by far the safest and most foolproof way to pass values to queries -- but the old extension doesn't have this feature. All it has to offer is mysql_real_escape_string() to escape every value by hand.
    • Being deprecated, the old MySQL extension will be removed sooner or later. So starting a new project with it might not be the best idea.
    • The old extension has no support whatsoever for advanced techniques (stored procedures, transactions)

    You may laugh about that, but some of us actually care about good code. If you don't, I wonder why you're here.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    Jacques,

    I definately appreciate that you pushed me in the right direction as far as pointing out that it will soon be discontinued; however, we also have to understand that most websites out their, most colleges, still teach mysql_query. While it is advisable to push them in the right direction to plan for the future so that like me where i have 20,000+ line php systems running old mysql extension, i am sure one day i will run an update on my PHP and find that my application is broken. Also we must look at the fact that most open source or commercial systems are written with these old queries.

    I do not mind the criticism but also keep in mind mysql_query is being phased out not dead yet.

    Originally Posted by Jacques1
    requinix, you've been here for many years, so you should really know better. Making fun of people who try to help others on writing modern and secure PHP is pretty lame, and I find it surprising to hear that from a moderator of a PHP forum.

    There's a reason why some of us "made it their goal in life" to recommend modern database extensions as opposed to the "good old" mysql_ functions:
    • The old MySQL extension makes it hard to write secure code, and the people/tutorials still using it almost never get it right -- when you see mysql_query() being used, you're likely to see it in the context of
      mysql_query("SELECT * FROM users WHERE id = $_GET[id]") or die(mysql_error());
    • Prepared statements are by far the safest and most foolproof way to pass values to queries -- but the old extension doesn't have this feature. All it has to offer is mysql_real_escape_string() to escape every value by hand.
    • Being deprecated, the old MySQL extension will be removed sooner or later. So starting a new project with it might not be the best idea.
    • The old extension has no support whatsoever for advanced techniques (stored procedures, transactions)

    You may laugh about that, but some of us actually care about good code. If you don't, I wonder why you're here.
  14. #8
  15. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    I'm aware that many books/tutorials still teach the old mysql_ functions and that there are many legacy applications around which cannot simply be rewritten. That's a fact we cannot change.

    But what we can change is when people have just started with PHP and only use the mysql_ functions because they've read a bad "tutorial" and don't know better. In this case I think we should definitely tell them to stay away from the old extension and use the modern ones right from the beginning.

    Sometimes this might come off as pretty rude, but that's because you see the same bad code from the same bad "tutorials" in almost every reply. It's like the same dog sh*tting in your front yard every day, and all you can do is clean it up.

    I didn't mean to attack you personally.
  16. #9
  17. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    It's alright. I personally enjoy being attacked. just take it as a learning experience. It was a bit of a shock to me mostly because are company is still pushing the old extension in are procedures which i now plan on addressing when i return to work. Is their any news of when this extension will be officially no longer supported by PHP?

    Originally Posted by Jacques1
    I'm aware that many books/tutorials still teach the old mysql_ functions and that there are many legacy applications around which cannot simply be rewritten. That's a fact we cannot change.

    But what we can change is when people have just started with PHP and only use the mysql_ functions because they've read a bad "tutorial" and don't know better. In this case I think we should definitely tell them to stay away from the old extension and use the modern ones right from the beginning.

    Sometimes this might come off as pretty rude, but that's because you see the same bad code from the same bad "tutorials" in almost every reply. It's like the same dog sh*tting in your front yard every day, and all you can do is clean it up.

    I didn't mean to attack you personally.
  18. #10
  19. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    They won't remove the functions soon, because they know this would kill many websites:
    http://marc.info/?l=php-internals&m=131031747409271&w=2

    Actually, our company also has a lot of legacy code with the old functions, but I'm not aware of any plans to change this. No customer would be willing to pay for a major rewrite without any visible outcome.

    So it's like with any other legacy code: It works as long as it has to work. For new projects, however, I'd definitely address this issue.
  20. #11
  21. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    luckily most legacy codes have their mysql queries inside of a function where the actual queries are only written in one file.

    Or at least i know osCommerse is like that as i have converted that to PDO to use with MsSql before.

    Originally Posted by Jacques1
    They won't remove the functions soon, because they know this would kill many websites:
    http://marc.info/?l=php-internals&m=131031747409271&w=2

    Actually, our company also has a lot of legacy code with the old functions, but I'm not aware of any plans to change this. No customer would be willing to pay for a major rewrite without any visible outcome.

    So it's like with any other legacy code: It works as long as it has to work. For new projects, however, I'd definitely address this issue.
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Location
    Visakhapatnam
    Posts
    11
    Rep Power
    0

    query


    Code:
    $test = mysql_query("SELECT email FROM usuarios where usuario = '" . $user . "'");
    $user = $_SESSION['user'];
    [code]

    in this query 'usuarios' might be the error.....usuarios used as column name and table name...might be name conflict...check once
  24. #13
  25. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,957
    Rep Power
    1046
    Originally Posted by mohnish
    in this query 'usuarios' might be the error.....usuarios used as column name and table name...might be name conflict...check once
    Apart from the fact that this thread is two weeks old: Have you read anything of what people said in this thread? There is no naming conflict, because the table is called "usuarios" with an "s" at the end, while the column is called "usuario" without an "s". I'm also pretty sure that you can give both a table and a column the same name.

    In fact, there isn't even a query error, because in #3 the OP said he is getting a MySQL resource. So he just didn't know that he had to actually fetch the value/row he wants (as stated in #4).
  26. #14
  27. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    165
    Rep Power
    18
    between that and him using $user before setting it's value. but i think it might be about time to close this thread
  28. #15
  29. Devshed Beginner (1000 - 1499 posts)

    Join Date
    Jan 2004
    Location
    New Springfield, OH
    Posts
    1,219
    Rep Power
    1469
    Originally Posted by portcitysoftwar
    between that and him using $user before setting it's value. but i think it might be about time to close this thread
    I tend to agree. Thread closed.
    Don't like me? Click it.

    Scripting problems? Windows questions? Ask the Windows Guru!

    Stay up to date with all of my latest content. Follow me on Twitter!

    Help us help you! Post your exact error message with these easy tips!

IMN logo majestic logo threadwatch logo seochat tools logo