Why this code does not work?

Forum Moderators: coopster

Message Too Old, No Replies

Why this code does not work?

tpb101

11:37 am on Nov 30, 2015 (gmt 0)

I have the following code and it does not work, after adding the database connection and query part (everything before that is correct):



<?php
$param=$_GET['m'];
$param=str_replace("-", " ", $param);
$param=ucwords($param); 
echo $param; 
$host="localhost";
$username="user_name";
$password="password_here";
$database_name="database_name_here";
$link=mysqli_connect('host','username','password','database_name');
if (mysqli_connect_errno()) {
  printf("Connect failed: %s\n", mysqli_connect_error());
  exit();
}
$query=$mysqli_query($link, "SELECT column_name FROM table_name WHERE another_column_name='$param'");
echo $query; 
mysqli_close($link);
?>

I get the following error:

"Connect failed: Unknown MySQL server host 'host' (20)"

...and the code is correct according to PhpCodeChecker.com.

whitespace

12:43 pm on Nov 30, 2015 (gmt 0)

"Connect failed: Unknown MySQL server host 'host' (20)"

(Assuming your actual code contains the correct DB connection values)
You are not passing your connection variables to the mysqli_connect() function.

Incidentally, mysqli_query() is a function and should not have a $ prefix. (That will trigger an E_NOTICE - undefined variable.)

You'll get an E_NOTICE if $_GET['m'] is not defined. You should always check whether a URL param isset() first.

Your script is vulnerable to SQL injection. $param needs to be escaped or use SQL parameters (preferable).

RiDDi

12:31 am on Dec 30, 2015 (gmt 0)

$link=mysqli_connect('host','username','password','database_name');

change to

$link = mysqli_connect($host, $username, $password, $database_name);