-1

im trying to pass a variable, and i did work but not completly, i want to know if im doing it wrong or if what im trying to do cant be done thanks for help

After the id was passed: 

$stock_id = $_POST['id'];

i want to select rows from a table that contain this id

$sql_getinfo = "SELECT *
    FROM transac_user
    WHERE id=" .$stock_id;

$row_info = mysqli_fetch_array($sql_getinfo, MYSQLI_ASSOC);

$company_id = $row_info['company_id'];
$company_shares = $row_info['amount_bought'];
$company_price = $row_info['price_bought'];

and then delete the transaction

$sqldelete = "DELETE FROM transac_user WHERE id=".$stock_id;  
$result = mysqli_query($db, $sqldelete);

What i want to do, is passed the variable, get some info from the table where its id is equal, get those values and insert them in another table(theres update and insert codes after) and then delete the row.. The delete only works, but i cant get value for the first select statement. tried only the select statement, and it dont work

If you need anymore info, this is really important for me as this is for my final year project. thank you

aynber
  • 20,647
  • 8
  • 49
  • 57
Yoan De Chaton
  • 35
  • 6
  • 2
    do you actually run the query? mysqli_query($sql_getinfo);? calling mysqli_fetch_array on $sql_getinfo will not do anything. – Dimi Feb 08 '17 at 15:39
  • 2
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Feb 08 '17 at 15:41
  • For the fetch array, it is supposed to give me the values at this row? ive been using this code everywhere and it was working, getting the values from the row and storing them in variables. If im doing it wrong help please :) i tried get too, same, the values returned is blank – Yoan De Chaton Feb 08 '17 at 15:44
  • The code as provided will never, ever, work, anywhere. See @Dimi's comment for why. – Jonnix Feb 08 '17 at 15:47

1 Answers1

2

You did not execute the select statement

$stock_id = $_POST['id'];
$sql_getinfo = "SELECT * FROM transac_user WHERE id='$stock_id'";
$res=mysqli_query($db,$sql_getinfo);
$row_info = mysqli_fetch_array($res);
if($row_info){
    $company_id = $row_info['company_id'];
    $company_shares = $row_info['amount_bought'];
    $company_price = $row_info['price_bought'];
}
RiggsFolly
  • 89,708
  • 20
  • 100
  • 143
affaz
  • 1,226
  • 7
  • 23
  • Okay many thanks this worked :) 1 more question, i can directly use the $company_id in another select statement right? – Yoan De Chaton Feb 08 '17 at 16:15
  • yes..you can...good luck – affaz Feb 08 '17 at 16:16
  • `$sql_stockinfo = "SELECT *` `FROM company_tb` `WHERE id=" .$company_id;` `$result_comp = mysqli_query($db, $sql_stockinfo);` $row_stock = mysqli_fetch_array($result_comp); `$shares = $row_stock['sale'];` `$updatedshares = $company_shares + $shares;` `$updateshare = "UPDATE company_tb SET sale = `".$updatedshares." where id= ".$stock_id; ` `$resultshare = mysqli_query($db, $updateshare);` this is not working – Yoan De Chaton Feb 08 '17 at 16:21
  • where did `$company_shares` come from? – affaz Feb 08 '17 at 16:30
  • see the above answer these are the previous lines it comes from $row_info – Yoan De Chaton Feb 08 '17 at 16:35
  • put the above code in the if statement loop `if($row_info){` – affaz Feb 08 '17 at 16:38
  • https://scontent-mrs1-1.xx.fbcdn.net/v/t1.0-9/16473498_10154994226159500_1686361915721296700_n.jpg?oh=f46b2b5a7344a77f2bd798c3ac6e7cfd&oe=58FD5135 this is a screenshot of the code – Yoan De Chaton Feb 08 '17 at 16:50
  • what is the error now – affaz Feb 08 '17 at 17:09
  • Thanks to everyone :) it works now, i made some silly mistake on the $updateshare bad id, thank affaz and others :) – Yoan De Chaton Feb 08 '17 at 17:14