-2

I am having a problem with my SQL query: I am using several MySQL queries, for example:

$sql = "SELECT * FROM lz".$ac." WHERE class='".$class."'";
$db_erg = mysqli_query( $conn, $sql );
if ( ! $db_erg )
{
  die('Error: ' . mysqli_error());
}

And this works without any problem. But now below the code example, I want to check if the value in another table exits. But the query gives me an error:

$sqlproject ="SELECT * FROM `lz".$ac."project` WHERE `id`='".$zeile[id]."' AND `quartal`='".$quart."'";
        echo $sqlprojekt; // To see if the sql statement is ok --> it is
    
        $pro_erg = mysqli_query( $conn, $sqlprojekt );
        if (!$pro_erg ){echo 'Error:';}
        if($pro_erg->num_rows >0) { echo "Table exists";}

I can not find my mistake... The top code example works, why does my code with $prog_erg does not work???

The SQL statement seems to be ok, if I use it directly in PHPMyAdmin it shows me the values I need.

Maybe someone sees my mistake?

GreenXL
  • 19
  • 3
  • Let the database tell you what the *actual* error is: http://php.net/mysqli_error – deceze May 30 '22 at 12:33
  • *"does not work"* as in you got an error? the output wasnt what you expected? can you show the generated sql (`sqlprojekt`)? also, mandatory psa: please use prepared statement to avoid sql injection. – Bagus Tesa May 30 '22 at 12:33
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 30 '22 at 14:20
  • I do not get any error from mysqli_error. The SQL statements works, because when I am using phpmyadmin I can test the sql statement like: SELECT * FROM `lz2223project` WHERE `id`='1331' AND `quartal`='q1' ... and this gives my a column. – GreenXL May 30 '22 at 17:07
  • If you don’t get an error, then there’s no error…!? – deceze May 30 '22 at 17:27
  • There must be an error, because the if (!$pro_erg ){echo 'error') ;} is triggered and my page says error. Furthermore the if($pro_erg->num_rows is not triggered although it should.. – GreenXL May 30 '22 at 18:38
  • Then there should also be a `mysqli_error`. – deceze May 30 '22 at 19:26

0 Answers0