0

I need some help with my PHP. I have a trouble with fetching the data from the database. I have hired a PHP developer who did not do his job properly that he have messed up the code which make it don't work so I need some help to fix the issue to get it working again.

When I try this:

//open the database File
$db = new SQLite3('myChannel.db');

if(!$db) 
{
  echo $db->lastErrorMsg();
} 
else 
{
   $channel_name = $_GET['channels'];

   $sql ="SELECT channel, title, start_date, stop_date, description FROM programs WHERE channel='$channel_name'";

   $results = $db->query($sql);

   while ($row = $results->fetchArray()) 
   {
     print_r($row);
   }

What happen with the code is it will not fetching the matched data from the database as it will not do anything. I think there is something wrong with the $sql variable.

What I'm expecting to do is I want to look for data in the database where I use the variable called $channel_name, then I want to fetch the matched data to output them in my PHP.

Can you please help me how I can fetch the matched data in the database?

Improve this question
27
  • Is this myChannel.db file in the same directory as the running code? Commented Jul 24, 2017 at 15:57
  • what is showing in your print_r()? is it showing some data or empty? Commented Jul 24, 2017 at 15:59
  • @GrumpyCrouton yes it is Commented Jul 24, 2017 at 16:06
  • @rowmoin it is showing nothing in print_r when i try it Commented Jul 24, 2017 at 16:06
  • In your database, the value exists what you are passing when you are trying to test? Commented Jul 24, 2017 at 16:10

1 Answer 1

Reset to default
-1

Try this code based on the SQLite PHP docs

class MyDB extends SQLite3 {
    function __construct() {
        $this->open('myChannel.db');
    }
}
$db = new MyDB();
if (!$db) {
    echo $db->lastErrorMsg();
} else {
    $channel_name = $_GET['channels'];
    $sql = "SELECT channel, title, start_date, stop_date, description FROM programs WHERE channel='{$channel_name}'";
    $results = $db->query($sql);
    while($row = $results->fetchArray(SQLITE3_ASSOC) ) {
        print_r($row);
    }
}

I changed a few things. I turned your database connection into a class, and I changed your while to include SQLITE3_ASSOC.

Warning: OP's code and as a result this answer has code that is vulnerable to SQL Injection!

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

@grumptycrouton you dont need the class MYDB function, you can use something is like $channel_name = $_GET['channels']; so the code you wrote is bad...
@RobertJones The thing you wrote has nothing to do with the database connection. I didn't change the way $channel_name was set. All I did was change the way the database is handled, based on the docs that I linked to, which I know works because I use it in a lot of applications.
You did not fix the SQL injection.
@CL. I wasn't attempting to, that's not part of the question. It's not my job to fix OP's security holes.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.