Honesty Rocks! truth rules.

Changing A Value From A Textbox or something. dont exactly how to explain.

HOME      >>       Programming



I am trying to do the following:
A user type his name in a textbox, and press the submit button.
Then, another file checks if the name exist in the database. if it does, the code will select the id from the database where the username is (SELECT id from username where username='$textboxvalue')

This is the code I am using:

<?phpsession_start();require "database.php";$to=$_POST['message_to'];$ck_reciever = mysql_query("SELECT username FROM user WHERE username = '".$to."'");$to_id = mysql_query("SELECT id FROM user WHERE username = '".$to."'");die($to_id ."<br>".$ck_reciever."<br>".$to);?>

but when i try to echo all these variables (die(blabla))this is what I get:

Resource id #5Resource id #4

anyone who knows what might be wrong?

Thanks //Feelay


No idea what's up with your code that's making it not work, but on a fairly important issue I notice you're not doing any kind of escaping on the posted variable. Even if it's a simple mysql_real_escape_string(), it should stop a large portion of problems with people managing to insert horrible little bits of code in to your queries. :)


mysql_query doesn't return an exact value, but a resource ID. You need to use mysql_result in order to extract the desired data from a resource ID.


I've never used mysql_result in my own codes, because I have no idea how it works. Any help ?


try something like:

$ck_reciever = mysql_query("SELECT username FROM user WHERE username = '".$to."'");$row = mysql_fetch_array($ck_reciever);if ($row[0] == null) { //error or no result returned } else { //do what you want with the result. $row[0] should be the returned id }

When you use the mysql query it returns an item that you need to turn into useable data unless I'm completely off base. I haven't used php in awhile but I think thats sort of what you should look at doing


should I change the "0" to the column name?


should I change the "0" to the column name?

For this case, you don't have to. [0] here refers to the first column of result you're returning. If in later stages, you start retrieving more columns of data, you might want to consider using the column name like ['id'] or ['username'] and so forth. Using text as index will compromise a little bit on speed. But it won't be noticeable until you start accessing hundreds of column per page. The alternative is to use constant. Declare constant with representative name and assign number to it, then use it to refer to your column, it's similar to using numbers directly, just that it's less confusing. E.g. $row[tablename_id], where tablename_id = 0.

Using constant and using number has an disadvantage, you need to take note of it when you change your query in the later stage, like retrieving more columns, or if you're using "*" to retrieve all the columns, the code will break when you update your table structures.