What's wrong with this code? Rep Boost!

not working... need to get field name from table (mod_merch) and then get a result by matching with the location in table (infusion).

<?php
//Get product ID
$id = $_GET['aid'];

//connect to db
include 'redirect_dbconfig.php';
include 'redirect_dbopen.php';

//Get info about product from table
$sql = "SELECT * 
FROM mod_merch 
WHERE prod1 = '$id' or prod2 = '$id' or prod3 = '$id' or prod4 = '$id' or prod5 = '$id' or prod6 = '$id'";
$result = mysql_query($sql);
$r = mysql_fetch_array($result);

//Set a variable with the product name
$first = $r['fname'];
$last = $r['lname'];
$fieldname = $r['mysql_field_name($id)'];

//Search for a row with the product name
$sql = "SELECT * FROM $fieldname.infusion WHERE fname = '$first' and lname = '$last'";
$result = mysql_query($sql);
$rs = mysql_fetch_array($result);

//Print the $r variable
print_r($rs);

include 'redirect_dbclose.php';
?>

PHP:

 

Do you know where the problem is?

I woud start by checking the output after the first query/result to determine where the problem is.

Also, this script is completely open to SQL injection. You need to sanitise the GET variable to prevent someone from making an injection attack.

Something as simple as:
$id = (int)$_GET['aid'];
will prevent it assuming that the aid is always a number.

 

maybe
$fieldname=array_search($id, $r);
does what you want, pick the column (prod1....prod6) that contains the id?
http://nl3.php.net/manual/en/function.array-search.php

 

Juust, when replacing:

$fieldname = $r['mysql_field_name($id)'];

with:

$fieldname=array_search($id, $r);

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource on line 24
2

new code:

<?php
//Get product ID
$id = (int)$_GET['aid'];

//connect to db
include 'redirect_dbconfig.php';
include 'redirect_dbopen.php';

//Get info about product from table
$sql = "SELECT * 
FROM mod_merch 
WHERE prod1 = '$id' or prod2 = '$id' or prod3 = '$id' or prod4 = '$id' or prod5 = '$id' or prod6 = '$id'";
$result = mysql_query($sql);
$r = mysql_fetch_array($result);

//Set a variable with the product name
$first = $r['fname'];
$last = $r['lname'];
$fieldname=array_search($id, $r);

//Search for a row with the product name
$sql = "SELECT * FROM $fieldname.infusion WHERE fname = '$first' and lname = '$last'";
$result = mysql_query($sql);
$rs = mysql_fetch_array($result);

//Print the $r variable
print_r($rs);
echo "$fieldname";

include 'redirect_dbclose.php';
?>

PHP:

 

<?php
//Get product ID
$id = (int)$_GET['aid'];

//connect to db
include 'redirect_dbconfig.php';
include 'redirect_dbopen.php';

//Get info about product from table
$sql = "SELECT * 
FROM mod_merch 
WHERE prod1 = '$id' or prod2 = '$id' or prod3 = '$id' or prod4 = '$id' or prod5 = '$id' or prod6 = '$id'";
$result = mysql_query($sql);
$r = mysql_fetch_array($result);

//Set a variable with the product name
$first = $r['fname'];
$last = $r['lname'];
$fieldname = mysql_field_name($result, 0);

//Search for a row with the product name
$sql = "SELECT * FROM $fieldname.infusion WHERE fname = '$first' and lname = '$last'";
$result = mysql_query($sql);

echo "$fieldname";

include 'redirect_dbclose.php';
?>

PHP:

How can I manipulate: $fieldname = mysql_field_name($result, 0);

To be the field in which the 'id' is actually found?

 

<?php
//Get product ID
$id = (int)$_GET['aid'];

//connect to db
include 'redirect_dbconfig.php';
include 'redirect_dbopen.php';

//Get info about product from table
$sql = "SELECT * 
FROM mod_merch 
WHERE prod1 = '$id' or prod2 = '$id' or prod3 = '$id' or prod4 = '$id' or prod5 = '$id' or prod6 = '$id'";
$result = mysql_query($sql);
$r = mysql_fetch_array($result);

//Set a variable with the product name
$first = $r['fname'];
$last = $r['lname'];
$fieldnum=array_search($id, $r);
$fieldname = mysql_field_name($result, $fieldnum);

//Find value for where name & field meet
$sql = "SELECT * FROM $fieldname.infusion WHERE fname = '$first' and lname = '$last'";
$result = mysql_query($sql);

include 'redirect_dbclose.php';
?>

PHP:

 

//Search for a row with the product name
$sql = "SELECT * FROM $fieldname.infusion WHERE fname = '$first' and lname = '$last'";
$result = mysql_query($sql);

$output = mysql_fetch_array($result);

print_r($output);

PHP:

If there are multiple results returned you will need to loop through them.

//Search for a row with the product name
$sql = "SELECT * FROM $fieldname.infusion WHERE fname = '$first' and lname = '$last'";
$result = mysql_query($sql);

while($output = mysql_fetch_array($result)):

print_r($output);

endwhile;

PHP:

 

Actually, there will only be one result. But what you did gave me this:

Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource on line 26

did i structure: $fieldname.infusion correctly? Trying to tell it to only get result within that field

I really appreciate your help jestep!

 

editdamn I am too slow for you folk)

about mysql_field_name($id) : that counts the columns and returns the name of column($id), if you use $id=0 it returns the first column of the table.

array_search($id, $r) picks the first key from array $r where value=$id.

if mysql_fetch_array() returns a numeric ([1] => value) array
it can be forced to return an associative array ([fieldname] => value)
by specifiying mysql_fetch_array($sql, MYSQL_ASSOC)

$r = mysql_fetch_array($sql, MYSQL_ASSOC);
$first = $r['fname'];
$last = $r['lname'];
$fieldname = array_search($id, $r);

PHP:

that should work ?

 

Actually, that part works fine... if i do an echo "$fieldname" it outputs the correct field name. I'm having a problem with second part. Where I need to output the value where that field MEETS the fname/lname.


Basically I just want a echo "$result";... but that's not working

 

You will need to debug the query. That error means that the query failed.

if(!$result = mysql_query($sql)):

die(mysql_error());

endif;

 

man this sucks! That doesn't seem to work... it seems like it'd be so easy to just get the output from that query.

 

Check it out... I think I got it

<?php
//Get product ID
$id = (int)$_GET['aid'];

//connect to db
include 'redirect_dbconfig.php';
include 'redirect_dbopen.php';

//Get info about product from table
$sql = "SELECT * 
FROM mod_merch 
WHERE prod1 = '$id' or prod2 = '$id' or prod3 = '$id' or prod4 = '$id' or prod5 = '$id' or prod6 = '$id'";
$result = mysql_query($sql);
$r = mysql_fetch_array($result);

//Set a variable with the product name
$first = $r['fname'];
$last = $r['lname'];
$fieldnum=array_search($id, $r);
$fieldname = mysql_field_name($result, $fieldnum);

//Find value for where name & field meet
$sql = "SELECT $fieldname FROM infusion WHERE fname = '$first' and lname = '$last'";
$result = mysql_query($sql);
$rs = mysql_fetch_array($result);
$link = $rs["$fieldname"];
echo "$link";

include 'redirect_dbclose.php';
?>

PHP:

 

correct me where I go wrong :
* pick firstname/lastname + specific productfield
from mod_merch
where any of the product-fields contains the id
* pick records from infusion where firstname and lastname match
* echo the value in the corresponding productfield (prod1...prod6)

in that case :

$result = mysql_query("SELECT $fieldname FROM infusion WHERE fname = '$first' and lname = '$last'");
while($output = mysql_fetch_assoc($result)) {
 echo $output[$fieldname];
}

PHP:

should do it ?