Anyone who can help on how to apply MariaDB: IF-THEN-ELSE Statement in PHP.
I want to query when the account type is Admin and he/she created the data in pre_registered table the Cancelled status also display in the list but if he/she is Admin but not the on who created the data it will not display on the list. If normal user is logged in the system, the Cancelled status will not be included in the list.
I have try the below query but did not work.
<?php
$account_type = getActiveAccountType($connect);
$query = "SELECT * FROM pre_registered WHERE ";
if ($account_type == 'Admin') {
$query .= "
IF registered_created_by != ".$_SESSION['account_id']." THEN
{
registered_status != 'Cancelled'
}
END IF;
";
} else if ($account_type == 'User') {
$query .= "
registered_status != 'Cancelled'
";
}
You want registered_status != 'Cancelled' in regardless of the user type, so include this in $query.
For the admin user, you want to include results with registered_created_by = $account_id. So in this PHP if branch. Because its an OR condition, it will be included regardless of the registered_status.
$query .= ' OR registered_created_by = ?'
When executing this query as a prepared query, pass $_SESSION['account_id'] as the value to be used in the query.
I am new to programming as well, but I hope this helps.
Try getting the results first and write a condition that checks if registered_created_by == $_SESSION['account_id'], then show the column if it does and hide if it doesnt.
Related
I have a problem in my code that maybe someone can check and point out the problem. I'm creating two webpages in php and I'm requesting variables from one page to another. As you see in the photo in my first page I have a drop list of values I successfully grab from a database. In the second page I want to print a list of matching items which are boats based on the choice the user select from the first page. Now from there I creating a sql query to first check that the user is not selected 'All' or not mixing 'All' with the provided choices. If either is not the case then the database field name is equal to the requested item and echo that to the screen. In second page I have successfully connected to the database. The problem is when testing my code, the screen is blank which means, my string is faulty. Thanks in advance. Here is my code
From what I can see here you're continuously overwriting the value of sqlStr instead of adding to it.
And you're missing $ before sqlStr
Try:
$sqlStr = "SELECT * FROM boats Where";
if($boatClass == 'All')
(
$sqlStr .= " AND 1=1";
)
else
{
'Class' = $boatClass;
}
if($boatMake == 'All')
(
$sqlStr .= " AND 1=1";
)
else
{
'Make' = $boatMake;
}
if($Year == 'All')
(
$sqlStr .= " AND 1=1";
)
else
{
'Year' = $Year;
}
if($used == 'All')
(
$sqlStr .= " AND 1=1";
)
else
{
'UsedOrNew' = $used;
}
A blank page means you have parsing errors. If you are working on a dev machine only, you can change the php.ini to display errors. By default it is off for security reasons.
Or you can check the error log, it gets populated every time a script with errors in it is run.
To find where your log file is, run a phpinfo script: http://php.net/manual/pt_BR/function.phpinfo.php and check for error_log.
If it is blank, then default locations for error log file:
linux + nginx is: /var/log/nginx/error.log
linux + apache is: /var/log/apache/error.log
Windows is likely to be in path/to/php/log/error-something.txt
Hope this helps,
I am new to programming and PHP, and am quite discouraged by my inability to get this code to work.
$query_uid2 = mysqli_query($db_conx,"SELECT * FROM table WHERE uid2 IS NOT NULL");
$query_uid3 = mysqli_query($db_conx,"SELECT * FROM table WHERE uid3 IS NOT NULL");
//the update queries
$q2 = mysqli_query($db_conx,"UPDATE table SET uid2='$var' WHERE uid1='$uid1'");
$q3 = mysqli_query($db_conx,"UPDATE table SET uid3='$var' WHERE uid1='$uid1'");
//I used mysqli_num_rows function to create 2 more variables for next step...
if ($q2_num > 0 && $q2 == TRUE) {
echo "success";
die();
} elseif ($q3_num > 0 && $q3 == TRUE) {
echo "success";
die();
}
My problem is that both if statements carry out, despite the fact that the query_uid is in fact not null.
I am trying to stop the second statement from running if the first statement conditional is true, is this possible?
I hope you can understand my question. I've been trying to figure this out for 2 weeks now, starting to feel hopeless. I can't find anything online or in my book explaining what I'm trying to do.
To explain it again, I don't want the second conditional to run, only the first one assuming it's true. Can someone give me a hint as to how this is possible? I've tried all I can.
If the first if is true, then what's in the elseif will not run. But when you assign the queries' results to those variables, they run before your conditions. The solution is simple, just run the queries inside the condition.
if (condition) {
mysqli_query(...);
}
Specifically for your situation:
if ($q2_num > 0) {
mysqli_query($db_conx,"UPDATE table SET uid2='$var' WHERE uid1='$uid1'");
echo "success";
die();
} elseif ($q3_num > 0) {
mysqli_query($db_conx,"UPDATE table SET uid3='$var' WHERE uid1='$uid1'")
echo "success";
die();
}
I am trying to create a PHP file to help search a table built in MySQL from a webpage. I have built the form, which allows the user to enter keywords into two of the search criteria and a drop-down menu for the third. However, I am having trouble with the PHP file itself. I have appeared to do something wrong and cant quite figure out what is going wrong. If anyone can spot an error in the code below I'd really appreciate the help.
Thanks.
// define variables and set to empty values
$Location = $Commemorating = "";
if (isset($_GET['Region']) && !empty($_GET['Region']))
{
$Region_name = $_GET['Region'];
if (empty($_GET["Location"]))
{
$Location = "";
}
else
{
$Location = ($_GET["Location"]);
}
if (empty($_GET["Commemorating"]))
{
$Commemorating = "";
}
else
{
$Commemorating = ($_GET["Commemorating"]);
}
$query = "SELECT Monument,
Location,
Commemorating,
Region,
FROM MONUMENTS
WHERE Region = '$Region'";
//..if a location is specified run this query
if ($Location != "")
{
$query .= " AND Location LIKE '%$Location%'";
}
//..and if a name is entered run this query
if ($Commemorating != "")
{
$query .= " AND Commemorating LIKE '%$Commemorating%'";
}
//..and if a region is specified run this query
if ($Region != "All")
{
$query .= " AND Region LIKE '$Region'";
}
$query_run = mysql_query($query);
}
$query = "SELECT Monument,
Location,
Commemorating,
Region,
Looks like you should strip list comma in field list from the query:
$query = "SELECT Monument,
Location,
Commemorating,
Region
Like this.
There is a bit misunderstanding since you check is Region is not empty, then query for items in given Region and then add another cause in case of Region is not 'All'. So if I run your code with Region = 'All' then the query will return only the items that have Region set to 'All', which sounds a bit odd (I'd say monuments are at a single region, isn't it?).
You also use LIKE while may simple use = since you add sibgle quotes (') around strings so it won't give you any 'wildcard' match but slow down the query. Another thing to do is to do some mysql escape function to be sure you won't get SQL code in one of your GET query.
May I also suggest to short your code a bit:
$Region_name = isset($_GET['Region']) ? trim($_GET['Region']) : '';
if ($Region_name) {
$Location = isset($_GET['Location']) ? trim($_GET['Location']) : '';
$Commemorating = isset($_GET['Commemorating']) ? trim($_GET['Commemorating']) : '';
$query = sprintf("SELECT
Monument,
Location,
Commemorating,
Region
FROM MONUMENTS
WHERE 1=1%s%s%s",
$Region!='All' ? "AND Region='".mysql_real_escape_string($Region)."'",
$Location ? "AND Location='".mysql_real_escape_string($Location)."'",
$Commemorating ? "AND Region = '".mysql_real_escape_string($Region)."'",
);
...etc...
I add 1=1 so I can easily add AND to the following causes without worry.
Use $Region_name instead of $Region in your query. I see you depend on user input (via $_GET). Make sure you sanitize user input: https://stackoverflow.com/a/3126175/1071063
The below code displays data from a table and then filters it depending on the results of two combo boxes. I am able to order the results by ID once the form is submitted, but not on initial load (where all are listed). I have tried $sql = "SELECT * FROM Places ORDER BY ID"; which works when the list loads but returns an error when the form is submitted. Hope that makes sense. Any ideas? Thanks!
// Default query
$sql = "SELECT * FROM Places";
// check if form was submitted
if (isset($_POST['area'])) {
$connector = 'where';
if ($_POST['area'] != 'All') {
$sql .= " where Area = '".$_POST['area']."' ORDER BY ID";
$connector = 'and';
}
if ($_POST['theme'] != 'All') {
$sql .= " $connector Theme = '".$_POST['theme']."' OR Theme2 = '".$_POST['theme']."'
ORDER BY ID";
}
}
Your ORDER BY ID clause must appear at the very end of your statement. If both $_POST['area'] and $_POST['theme'] are filled, you end up with a query like this:
SELECT ... WHERE Area = 'some area' ORDER BY ID AND Theme = 'some theme'
Add the ORDER BY bit as the last part of your query.
I think you are missing a default behavior statement. I.e. Your IF statement doesn't have an else clause. So you are checking for isset and if it is change the select query, but there is nothing to say IF ! isset SELECT query should be .... ORDER BY ID.
Also I would try echoing your SQL queries out each time you set / change a portion of it to understand exactly what is being sent to the DB.
Lastly I always check the mysql.general_log table for the last run queries to see what is actually happening at the DB end.
It looks like it is possible for $_POST['area'] != 'All' and $_POST['theme'] != 'All'. In that case you will be putting the ORDER BY clause in twice. That probably your problem.
So try this.
// Default query
$sql = "SELECT * FROM Places";
// check if form was submitted
if (isset($_POST['area'])) {
$connector = 'where';
if ($_POST['area'] != 'All') {
$sql .= " where Area = '".$_POST['area']."'";
$connector = 'and';
}
if ($_POST['theme'] != 'All') {
$sql .= " $connector Theme = '".$_POST['theme']."' OR Theme2 = '".$_POST['theme'] . "'";
}
if ( $_POST['area'] != 'All' || $_POST['theme'] != 'All' ) {
$sql .= ' ORDER BY ID';
}
}
Thanks for all your help, I have solved the problem at the server end anyway so no need for code. Thanks for bringing attention to the security issues, I had these in the back of my mind but wasn't sure how bad it was! If I change the code to PDO would it help greatly? I have already reduced the privileges of the user to minimal. Thanks again.
So i have this videosection, but i want to make a "sorting" option avaible for users.
Sorting Options: ALL (no WHERE in the sql statement), Videoklips (WHERE SCtry = 0), SC try (WHERE SCtry = 1)
Now, i know how to do it "my" way. I would have placed links on index.php:
?sort=video and ?sort=SCtry
Then make 2, if sort video, if sort sctry
and then duplicate the whole index.php right now(which displays everything) into the 2 if's and then just edit the SQL statement SELECT, with WHERE SCtry = '0' on ?sort=video, and WHERE SCtry = '1' on ?sort=SCtry.
Now, i KNOW how to sort out, but i want to code it in a smarter way (if it exists, of course), because this seems to be too much to duplicate the whole site and then just only change 1 line...
Example of what i ment with index.php, that i am going to duplicate:
<?php
$hent_meetup = mysql_query("SELECT * FROM member_film ORDER BY id DESC LIMIT 0,200") or die(mysql_error());
while($vis = mysql_Fetch_array($hent_meetup)) {
?>
without seeing example code, I can tell you this is an example of what I'd do.
<?
//all of the code before the SQL statement here...
$sql= ' SELECT `column` from `tablename`'; //or any other SQL that is appropriate before the conditional
if(isset($_GET['sort'])){
if($_GET['sort'] == 'video'){
$sql .= ' WHERE `SCtry` = 0';
}elseif($_GET['sort'] == 'SCtry'){
$sql .= ' WHERE `SCtry` = 1';
}
}
$sql .= ' ORDER BY `whatever`'; //or any other SQL that is appropriate after the conditional
//rest of code... no need for duplication
?>
edited as per OP request...