I want to view all posts, all comments for each post at once. While I have no problems with displaying posts, displaying comments is already a problem. One post can have multiple comments, so I have no idea how to create a query to display this. I tried to use LEFT JOIN but it didn't help. I include a table schema below the code to make my problem easier to understand.
<?php foreach ($tweet->userData as $user)
{ ?>
<div class='col-xl-8' id='posty'>
<div class='row' id='time'>
<div class='btn-block d-flex justify-content-between'>
<div class='imie'>
<?php echo $user['autor'] ?>
</div>
<div class='czas'>
<?php echo $user['date_to_add'] ?>
</div>
</div>
</div>
<?php echo $user['comment'] ?>
<form action='' method='post' id="myForm">
<div class='row'>
<div class='col-12 col-xl-12 d-flex justify-content-between' id='icon'>
<button class='button2' name='dodaj_like' style="background-color: <?php if($user['like_color']==1){echo '#00FA9A';}else{echo 'black';} ?>" ><i class='fas fa-heart' ></i><input type='hidden' name='like' value="<?php echo $user['id']?>" /><span id="font"><?php echo $user['likes']?></span></button>
<button class='button2' name='dodaj_dislike' style="background-color: <?php if($user['dislike_color']==1){echo '#00FA9A';}else{echo 'black';} ?>"><i class='fas fa-heart-broken'></i><input type='hidden' name='dislike' value="<?php echo $user['id']?>"/><span id="font"><?php echo $user['dislikes']?></span></button>
<button class='button2' name='dodaj_comment' id="com" ><i class='far fa-comment-dots'></i><input type='hidden' name='comment' value="<?php echo $user['id']?>"/><span id="font">Comment</span></button>
<button class='button2' name='dodaj_share' style="background-color: <?php if($user['share_color']==1){echo '#00FA9A';}else{echo 'black';} ?>" ><i class='far fa-share-square' ></i><input type='hidden' name='share' value="<?php echo $user['id']?>"/><span id="font"><?php echo $user['shares'] ?></span></button>
</div>
</div>
</form>
<div class="row d-flex">
<div class="col-xl-12 bg-success ">
<form method="post">
<textarea id="form103" class="md-textarea form-control" rows="5" placeholder="Co słychać?" name="komentarz"></textarea>
<div>
<?php echo $aabbcc ?? '' ?>
</div>
<div class="button">
<button class="btn btn-danger mt-2" name='dodaj_comment'><input type='hidden' name='com' value="<?php echo $user['id']?>"/>Publikuj</button>
</div>
</form>
</div>
</div>
</div>
<?php } ?>
$id = $_GET['id'];
$session = $_SESSION['id'];
$sql = $this->database->connect()->prepare("SELECT post.id, CONCAT(first_name,' ', last_name) AS author, post.comment, post.date_to_add, post_comment.comment, post_comment.date_to_add FROM user JOIN post ON user.id = post.user_id LEFT JOIN post_comment ON post.user_id=post_comment.post_id where post.user_id = :user_id order by post.id DESC");
$sql->bindParam(':user_id',$id, PDO::PARAM_INT);
$sql->bindParam(':id',$session, PDO::PARAM_INT);
$sql->execute();
if($sql->rowCount())
{
$this->userData = [];
while ($row = $sql->fetch())
{
$this->userData[] = $row;
}
}
}
You can get the Comment form database for specific Post using post_id by selecting Comment Table:
$query="select * form post_comment where post_id=". $post_id;
here is the PHP Implementation :
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql_post = "SELECT * FROM post";
$result = $conn->query($sql_post );
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<br> post id: ". $row["id"]. " - <br> Post: ". $row["post"]<br>";
$comment_query=$conn->query("select * form post_comment where post_id=". $row["id"]);
if ($comment_query->num_rows > 0) {
// output data of each row
while($comment= $result->fetch_assoc()) {
echo " <p>Comment ".comment['comment']." </p>";
}
}
}
} else {
echo "0 results";
}
$conn->close();
Related
I am coding a website for an online university portal where I have a programs/courses page in which I am displaying the programs/courses on the page using data from the database in a PHP while-loop I have the enroll buttons also being displayed in that same while loop. but I'm having a bit of difficulty submitting the enroll buttons as when I click one of them all of them get submitted.
can anyone please let me know what I'm doing wrong here or if I have to use any javascript in this case!
<?php
session_start();
$con = mysqli_connect('localhost', 'root', '');
mysqli_select_db($con, 'htdatabase');
if ($con->connect_error) {
die("Connection failed: " . $con->connect_error);
}
$id = $_SESSION['userID'];
$sql = "SELECT * FROM programs";
$result = $con->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$i = '';
$progID = $row["progID"];
$name = $row["progName"];
$halfTime = $row["halfTDuration"];
$fullTime = $row["fullTDuration"];
$fee = $row["fee"];
$descrip = $row["description"];
$stringname = strval($name);
$spaceRemoved = str_replace(' ', '', $stringname);
?>
<div class="card-header" id="headingOne">
<h5 class="mb-0">
<?php echo "<button class='btn btn-link' type='button' data-toggle='collapse' data-target='#$spaceRemoved' aria-expanded='false' aria-controls='$spaceRemoved'> $name </button>"; ?>
</h5>
</div>
<?php echo "<div id='$spaceRemoved' class='collapse' aria-labelledby='headingOne' data-parent='#accordionExample'>"; ?>
<div>
<div class="ccard-body col-md-9">
<h6><?php echo $descrip; ?></h6>
<hr>
<h5>Duration:</h5>
<h6>Full time: <?php echo $fullTime; ?></h6>
<h6>Half time: <?php echo $halfTime; echo $i; ?></h6>
<hr>
<h5 style="display: inline-block;">Estimated fees: $</h5><h5 style="display: inline-block;"><?php echo $fee ?></h5>
</div>
<form action="programs.php" method="post">
<div id="enroll" class="col-md-3">
<?php
$sql1 = "SELECT * FROM userprograms WHERE userID = '$id' AND progID = '$progID'";
$result1 = $con->query($sql1);
if ($result1->num_rows > 0) {
echo '<div id="enrolled" name="enrolled">ENROLLED</div>';
} else {
if (isset($_POST["enroll"])) {
$enrollqry = "insert into userprograms (userID, progID) values ('$id' , '$progID')";
mysqli_query($con, $enrollqry);
}
echo "<button name='enroll'type='submit'>ENROLL</button>";
}
?>
</div>
</form>
</div>
</div>
<?php
}
} ?>
You can specify a value for the button. like
<button name='enroll' value="<?php echo $program_id?>" type='submit'>ENROLL</button>
Then when checking for $_POST['enroll'] check the value and also validate it before entry to db.
After clicking the submit button a browser will send a POST request to programs.php with a form data, that includes values of input & button tags.
<input type="submit" name="course1" value="42">Subscribe</input>
<input type="text" name="first_name" placeholder="Your name"/>
Will send
course1=42
first_name=...
So you should either give a unique name to each submit button to be able to distinguish them on the server-side, or set up distinct values, as #mohamed-jailam mentioned above.
My add_id is a primary key. I have displayed all the addresses from the same cus_id but with different add_id. I want to delete a specified row of address but when I press the delete button, the page refresh but no data was deleted. Please look at my codes, thank you.
These are the codes involved, and my db:
<?php
$cus_id = $_SESSION['id'];
//To show all the addresses with the same cus_id
$result2 = mysqli_query($connect, "SELECT * FROM customer_address WHERE cus_id='$cus_id'");
?>
<?php
if (isset($_GET['del'])) {
$add_id = $_GET["id"];
mysqli_query($connect, "DELETE FROM customer_address WHERE add_id='$add_id'");
}
?>
<?php
while ($row1 = mysqli_fetch_assoc($result2)) {
?>
<div class="addrow">
<div class="add_box">
<p id="name_row"><?php echo $row1['name']; ?> </p>
<p id="phone_row"><?php echo $row1['contact']; ?> </p>
<p id="add_row"><?php echo $row1['address']; ?></p>
</div>
<div class="btn_box">
<input type="button" name="editbtn" class="editbtn" value="Edit">
<input type="button" name="deletebtn" class="deletebtn" value="Delete">
<input type="button" name="defaultbtn" class="defaultbtn" value="Set As Default">
</div>
</div>
<?php
}
?>
<?php
if (isset($_GET['del'])) {
$add_id = $_GET["id"];
mysqli_query($connect, "DELETE FROM customer_address WHERE add_id='$add_id'");
echo ("<script>location.href = 'cus_address.php?msg=$msg';</script>");
}
?>
Firstly, you need to change from '$cus_id' to '".$cus_id."' because $cus_id is parameter.
<?php
$cus_id = $_SESSION['id'];
//To show all the addresses with the same cus_id
$sql = "SELECT * FROM customer_address WHERE cus_id='".$cus_id."'";
$result2 = mysqli_query($connect, $sql);
?>
When delete data, you need to add both cust_id and add_id on query follow as below:
<?php
if (isset($_GET['del']))
{
$cust_id = $_GET["id"];
$add_id = $_GET["add_id"];
mysqli_query($conn, "DELETE FROM customer_address WHERE add_id='".$add_id."' and cus_id='".$cust_id."'");
}
?>
Next, check data exist before looping and add "&add_id="
<?php
if(mysqli_num_rows($result2) > 0)
{
while($row1 = mysqli_fetch_assoc($result2))
{
?>
<div class="addrow">
<div class="add_box">
<p id="name_row"><?php echo $row1["name"]; ?> </p>
<p id="phone_row"><?php echo $row1["contact"]; ?> </p>
<p id="add_row"><?php echo $row1["address"]; ?></p>
</div>
<div class="btn_box">
<input type="button" name="editbtn" class="editbtn" value="Edit">
<input type="button" name="deletebtn" class="deletebtn" value="Delete">
<input type="button" name="defaultbtn" class="defaultbtn" value="Set As Default">
</div>
</div>
<?php
}
}else{
//Display... when no data have been found
}
?>
I would like to have a confirmation page where it can show what are the results of an updated form using php.
I have the edit.php form, and I also created an updated.php page, where I want to show the results of the edited rows.
edit.php
<?php
//get ID sent by GET collection
$parentID = $_GET['id'];
ob_start();
include('connection.php');
include('functions.php');
//query the database with client ID
$query = "SELECT * FROM users WHERE id='$parentID'";
$result = mysqli_query( $conn, $query );
//if result is returned
if( mysqli_num_rows($result) > 0 ) {
//we have data
//set some variables
while( $row = mysqli_fetch_assoc($result) ) {
$parentName = $row['p_name'];
$parentEmail = $row['email'];
$studentName = $row['s_name'];
$parentPhone = $row['phone'];
$notes = $row['notes'];
$parentDeposit = $row['deposit'];
$packageNotColl = $row['Package-NotCollected'];
$depositNotColl = $row['deposit-not-collected'];
}
} else {
$alertMessage = "<div class='alert alert-warning'>Nothing to see here.<a href='list.php'>Head back</a></div>";
}
// id update button was submitted
if( isset( $_POST['update'] ) ) {
//set variables
$parentName = validateFormData( $_POST['parentName'] );
$parentEmail = validateFormData( $_POST['parentEmail'] );
$studentName = validateFormData( $_POST['studentName'] );
$parentPhone = validateFormData( $_POST['parentPhone'] );
$notes = validateFormData( $_POST['notes'] );
$parentDeposit = validateFormData( $_POST['parentDeposit'] );
//create new database query result
$query = "UPDATE users
SET p_name = '$parentName',
email = '$parentEmail',
s_name = '$studentName',
phone = '$parentPhone',
notes = '$notes',
deposit = '$parentDeposit'
WHERE id ='$parentID'";
$result = mysqli_query( $conn, $query );
if( $result ) {
//redirect to client page with query string
header("Location: updated.php?alert=updatesuccess");
return $result;
} else {
echo "Error updating record: " . mysqli_error($conn);
}
}
if( isset( $_POST['delete'] ) ) {
$alertMessage = "<div class='alert alert-danger'>
<p>Are you sure you want to delete this profile? This action cannot be undone!</p><br>
<form action='". htmlspecialchars( $_SERVER['PHP_SELF'] ) ."?id=$parentID' method='post'>
<input type='submit' class='btn btn-danger btn-sm' name='confirm-delete' value='Yes, delete!'>
<a type='button' class='btn btn-default btn-sm' data-dismiss='alert'>Maybe not this time.</a>
</form>
</div>";
}
if( isset( $_POST['confirm-delete'] ) ) {
$query = "DELETE FROM users WHERE id='$parentID'";
$result = mysqli_query( $conn, $query );
if($result) {
header("Location: list.php?alert=deleted");
} else {
echo "Error deleting client: " . mysqli_error($conn);
}
}
mysqli_close($conn);
include('header.php');
?>
<h1>Edit Profile</h1>
<?php echo $alertMessage; ?>
<form action="<?php echo htmlspecialchars( $_SERVER['PHP_SELF'] ); ?>?id=<?php echo $parentID; ?>" method="post" class="row">
<div class="form-group col-sm-6">
<label for="parent-name">Parent Name</label>
<input type="text" class="form-control input-lg" id="client-name" name="parentName" value="<?php echo $parentName; ?>">
</div>
<div class="form-group col-sm-6">
<label for="parent-email">Email</label>
<input type="text" class="form-control input-lg" id="client-email" name="parentEmail" value="<?php echo $parentEmail; ?>">
</div>
<div class="form-group col-sm-6">
<label for="student-name">Student Name</label>
<input type="text" class="form-control input-lg" id="student-name" name="studentName" value="<?php echo $studentName; ?>">
</div>
<div class="form-group col-sm-6">
<label for="parent-phone">Phone #</label>
<input type="text" class="form-control input-lg" id="parent-phone" name="parentPhone" value="<?php echo $parentPhone; ?>">
</div><div class="form-group col-sm-6">
<label for="student-name">Notes</label>
<input type="textarea" class="form-control input-lg" id="notes" name="notes" value="<?php echo $notes; ?>">
</div>
<div class="form-group col-sm-6">
<label for="parent-deposit">Deposit</label>
<input type="text" class="form-control input-lg" id="parent-deposit" name="parentDeposit" value="<?php echo $parentDeposit; ?>">
</div>
<hr>
<div class="col-sm-12">
<hr>
<button type="submit" class="btn btn-lg btn-danger pull-left" name="delete">Delete</button>
<div class="pull-right">
Cancel
<button type="submit" class="btn btn-lg btn-success" name="update">Update</button>
<!-- Print -->
</div>
</div>
</form>
<hr>
<div>
<?php if($packageNotColl > 0) { ?>
<div class='col-sm-3 alert alert-danger'>Package not collected 2018: $<?php echo $packageNotColl; ?></div>
<?php } ?>
</div>
<?php
include('footer.php');
?>
updated.php
<?php
//get ID sent by GET collection
$parentID = $_GET['id'];
ob_start();
include('connection.php');
include('functions.php');
//query the database with client ID
$query = "SELECT * FROM users WHERE id='$parentID'";
$result = mysqli_query( $conn, $query );
mysqli_close($conn);
include('header.php');
?>
<table class="table table-striped table-bordered">
<tr>
<th>ID</th>
<th>Parent Name</th>
<th>Email</th>
<th>Student Name</th>
<th>Phone #</th>
<th>Notes</th>
<th>Deposit</th>
<th>Edit</th>
</tr>
<?php
if(isset($_GET['id'])) {
if(mysqli_num_rows($result) > 0) {
//we have data
//output the data
while( $row = mysqli_fetch_assoc($result) ) {
echo "<tr>";
echo "<td>" . $row['id'] . "</td><td>" . $row['p_name'] . "</td><td>" . $row['email'] . "</td><td>" . $row['s_name'] . "</td><td>" . $row['phone'] . "</td><td>" . $row['notes'] . "</td><td>" . $row['deposit'] . "</td>";
echo '<td><span class="glyphicon glyphicon-edit"></span></td>';
echo '</tr>';
}
} else { //if no entries
echo "<div class='alert alert-warning'>You have no clients!</div>";
}
}
?>
<?php
include('footer.php');
?>
The updated.php page shows the table, but does not include any sql query results.
header('Location: ...) returns the uri/url you provide to the browser, which then calls this page. any information your script had, when you called that redirection, is gone, since it's a different request.
Hence, you should add the id to the url you provide. Like
header('Location: /updated.php?id='.$parentID.'&alert=deleted');
However You really should prevent the sql injection that's just waiting to happen. PLEASE read up on how to prevent it, because your script is vulnerable to it. Your script is also vulnerable to XSS. Sanitize ALL externally provided data ($parentID = $_GET['id']; should at the very least be $parentId = intval($_GET['id']) to fight XSS).
This is my whole code....
I am facing the problem while replacing the %20 with - in url. I have tried many codes but failed. please help me out. I am attaching my full code. I am getting problem in
/">Visit
where i am displaying both id as well as firm name. I just want to show both id as well as firm name and they are separated by /
<?php
error_reporting("0");
$rowperpage =10 ;
#$select_city=$_GET['city'];
if(isset($_REQUEST['search'])){
$allcount_query = "SELECT count(*) as allcount FROM inventory_details";
$allcount_result = mysqli_query($conn, $allcount_query);
$allcount_fetch = mysqli_fetch_array($allcount_result);
$allcount = $allcount_fetch['allcount'];
$sql="SELECT * FROM inventory_details";
$search_item = mysqli_real_escape_string($conn, $_REQUEST['search_box']);
$sql .= " WHERE (firm_name LIKE '%$search_item%'";
$sql .= " OR catagory_name LIKE'%$search_item%'";
$sql .= " OR mobile_no LIKE'%$search_item%'";
$sql .= " OR product_key LIKE'%$search_item%')";
$sql .= " AND city='$select_city' AND status='0' ";
$sql .="ORDER BY today_date DESC limit 0,$rowperpage";
// $sql .= " ORDER BY catagory_name LIMIT 0,5";
// echo $sql;
if($_GET['search_box']==""){
$msg=include"error_msg.php";
}
else{
$fquery=mysqli_query($conn, $sql);
$totalrec=mysqli_num_rows($fquery);
if ($totalrec=='0'){
$msg=include"error_msg.php";
}
}
}
// if($selct_city=$_GET['city']){
// SELECT * FROM inventory_details WHERE city LIKE '%DELHI%' && catagory_name LIKE '%belts%'
// SELECT * FROM inventory_details WHERE firm_name='keyboard' OR catagory_name='keyboard' OR mobile_no='keyboard' OR city='keyboard' OR product_key='keyboard' && city="delhi"
// echo $sql . $fquery;
// SELECT * FROM inventory_details WHERE city='delhi' AND catagory_name like '%foot%' OR firm_name LIKE'%foot%' OR product_key like '%foot%' OR mobile_no like '%foot%'
// SELECT * FROM inventory_details WHERE city='Delhi' AND firm_name LIKE '%foot%' OR catagory_name LIKE'%foot%' OR mobile_no LIKE'%foot%' OR product_key LIKE'%foot%'
// // }
?>
<?php
?>
<!-- Brand and toggle get grouped for better mobile display -->
<!-- <div class="container">
<form class="navbar-form" role="search">
<div class="input-group col-md-12 col-xs-12 ">
<div class=" col-md-offset-7 col-md-5">
<select class="form-control select country" name="city" required="">please select city
<?php ;?>
</select>
<select class="form-control input-lg" placeholder="Search By Firm name,Category name,Mobile no....." name="search_box">
<option>select city</option>
<option>Delhi</option>
<option>Mumbai</option>
<option>Channai</option>
<option>Kolkata</option>
</select>
</div>
<div class="input-group-btn ">
</div>
<div class=" col-md-12">
<input type="text" class="form-control" placeholder="Just Type Anything..." name="search_box">
</div>
<div class="input-group-btn ">
<button class="btn btn-info" type="submit" name="search"><span class=""></span>search</button>
</div>
</div>
</form>
</div> -->
<?php
while($row=mysqli_fetch_assoc(#$fquery)){ //handle rows.
$id=$row['id'];
$catagory_name=$row['catagory_name'];
$firm_name=$row['firm_name'];
// $user_pass=md5($_POST ['user_pass']);
$city=$row ['city'];
$product_key=$row ['product_key'];
$firm_email=$row ['firm_email'];
$mobile_no=$row ['mobile_no'];
$phone_no=$row ['phone_no'];
$address=$row ['address'];
$Fax_no=$row ['Fax_no'];
$Website=$row ['Website'];
$product_key=$row['product_key'];
$sotime=$row ['sotime'];
$sctime=$row ['sctime'];
$Contact_person=$row ['Contact_person'];
$Contact_person_mobile=$row ['Contact_person_mobile'];
$colorname=$row ['colorname'];
$textcolor=$row ['textcolor'];
$compLogo=$row ['compLogo'];
////////////////////////////////////////
$banner=$row ['banner'];
if(empty($banner))
{
$banner="default.jpg";
}
?>
<div class="container post" id="post_<?php echo $id; ?>">
<div class="col-md-12 inv_data" style="background:<?php echo $colorname; ?>; color:<?php echo $textcolor; ?>;">
<div class="col-md-3">
<!-- <?php ?>
<img src="image/banner/<?php echo $banner; ?>" class="img_style"> -->
<?php
$imageArr = explode(',',$compLogo);
foreach ($imageArr as $k=>$val) { if($val!=""){
?>
<img class="mySlides" src="image/logo/<?php echo $val; ?>">
<?php
}}
?>
<img class="mySlides" src="image/logo/defualt.jpg">
</div>
<div class="col-md-7">
<h3><strong><?php echo strtoupper($firm_name); ?></strong></h3>
<strong></strong> <?php echo $product_key; ?><br>
<strong> <span class="glyphicon glyphicon-home"></span> </strong> <?php echo $address; ?><br>
<!-- <strong>Category : -</strong> <?php echo $catagory_name." , " . $product_key;?><br> -->
<!-- <strong>Phone no : -</strong> <?php echo $phone_no; ?>
<strong>Mobile no : -</strong> <?php echo $mobile_no; ?>
<br>
<strong> Whatsapp no : -</strong> <?php echo $Contact_person_mobile ; ?>
<strong> Contact Person : -</strong> <?php echo $Contact_person ; ?>
<br>
<strong>Email : -</strong> <?php echo $firm_email;?>
<strong>Timing : -</strong> <?php echo $sotime. " to ".$sctime?><br>
<strong>Website : -</strong> <?php echo $Website;?><br> -->
</div>
<div class="col-md-2">
<span> <br> <br> <br></span>
<button type="button" class="btn btn-info btn-lg">Visit</button>
<!--<a href="/jyp/<?php echo $id;?><?php echo $firm_name;?>"><button type="button" class="btn btn-info btn-lg">Visit</button>-->
</a>
</div>
</div>
</div>
<?php
}
?>
<?php
if(isset($_REQUEST['search'])){
?>
<h1 id="loadbtn"><span class="load-more">Load More</span></h1>
<input type="hidden" id="row" value="0">
<input type="hidden" id="cityname" name="cityname" value="<?php echo $city; ?>">
<input type="hidden" id="search_item" name="search_item" value="<?php echo $search_item; ?>">
<input type="hidden" id="all" value="<?php echo $allcount; ?>">
<?php
}
?>
The %20 gives a hint that the string is most probably Url Encoded (%20 is a single space character). So what you should probably be doing is trying to first Url Decode the string (then you will get the original string). Then afterwards you can remove/replace any characters that you do not want.
So in your question, you said you do not want %20 (a space) but a dash (-) instead. This could be achieved as follows...
<?php
error_reporting("0");
$rowperpage =10 ;
#$select_city=$_GET['city'];
if(isset($_REQUEST['search'])){
$allcount_query = "SELECT count(*) as allcount FROM inventory_details";
$allcount_result = mysqli_query($conn, $allcount_query);
$allcount_fetch = mysqli_fetch_array($allcount_result);
$allcount = $allcount_fetch['allcount'];
$sql="SELECT * FROM inventory_details";
$search_item = mysqli_real_escape_string($conn, $_REQUEST['search_box']);
$sql .= " WHERE (firm_name LIKE '%$search_item%'";
$sql .= " OR catagory_name LIKE'%$search_item%'";
$sql .= " OR mobile_no LIKE'%$search_item%'";
$sql .= " OR product_key LIKE'%$search_item%')";
$sql .= " AND city='$select_city' AND status='0' ";
$sql .="ORDER BY today_date DESC limit 0,$rowperpage";
// $sql .= " ORDER BY catagory_name LIMIT 0,5";
// echo $sql;
if($_GET['search_box']==""){
$msg=include"error_msg.php";
}
else{
$fquery=mysqli_query($conn, $sql);
$totalrec=mysqli_num_rows($fquery);
if ($totalrec=='0'){
$msg=include"error_msg.php";
}
}
}
// if($selct_city=$_GET['city']){
// SELECT * FROM inventory_details WHERE city LIKE '%DELHI%' && catagory_name LIKE '%belts%'
// SELECT * FROM inventory_details WHERE firm_name='keyboard' OR catagory_name='keyboard' OR mobile_no='keyboard' OR city='keyboard' OR product_key='keyboard' && city="delhi"
// echo $sql . $fquery;
// SELECT * FROM inventory_details WHERE city='delhi' AND catagory_name like '%foot%' OR firm_name LIKE'%foot%' OR product_key like '%foot%' OR mobile_no like '%foot%'
// SELECT * FROM inventory_details WHERE city='Delhi' AND firm_name LIKE '%foot%' OR catagory_name LIKE'%foot%' OR mobile_no LIKE'%foot%' OR product_key LIKE'%foot%'
// // }
?>
<?php
?>
<!-- Brand and toggle get grouped for better mobile display -->
<!-- <div class="container">
<form class="navbar-form" role="search">
<div class="input-group col-md-12 col-xs-12 ">
<div class=" col-md-offset-7 col-md-5">
<select class="form-control select country" name="city" required="">please select city
<?php ;?>
</select>
<select class="form-control input-lg" placeholder="Search By Firm name,Category name,Mobile no....." name="search_box">
<option>select city</option>
<option>Delhi</option>
<option>Mumbai</option>
<option>Channai</option>
<option>Kolkata</option>
</select>
</div>
<div class="input-group-btn ">
</div>
<div class=" col-md-12">
<input type="text" class="form-control" placeholder="Just Type Anything..." name="search_box">
</div>
<div class="input-group-btn ">
<button class="btn btn-info" type="submit" name="search"><span class=""></span>search</button>
</div>
</div>
</form>
</div> -->
<?php
while($row=mysqli_fetch_assoc(#$fquery)){ //handle rows.
$id=$row['id'];
$catagory_name=$row['catagory_name'];
$firm_name=$row['firm_name'];
// $user_pass=md5($_POST ['user_pass']);
$city=$row ['city'];
$product_key=$row ['product_key'];
$firm_email=$row ['firm_email'];
$mobile_no=$row ['mobile_no'];
$phone_no=$row ['phone_no'];
$address=$row ['address'];
$Fax_no=$row ['Fax_no'];
$Website=$row ['Website'];
$product_key=$row['product_key'];
$sotime=$row ['sotime'];
$sctime=$row ['sctime'];
$Contact_person=$row ['Contact_person'];
$Contact_person_mobile=$row ['Contact_person_mobile'];
$colorname=$row ['colorname'];
$textcolor=$row ['textcolor'];
$compLogo=$row ['compLogo'];
////////////////////////////////////////
$banner=$row ['banner'];
if(empty($banner))
{
$banner="default.jpg";
}
?>
<div class="container post" id="post_<?php echo $id; ?>">
<div class="col-md-12 inv_data" style="background:<?php echo $colorname; ?>; color:<?php echo $textcolor; ?>;">
<div class="col-md-3">
<!-- <?php ?>
<img src="image/banner/<?php echo $banner; ?>" class="img_style"> -->
<?php
$imageArr = explode(',',$compLogo);
foreach ($imageArr as $k=>$val) { if($val!=""){
?>
<img class="mySlides" src="image/logo/<?php echo $val; ?>">
<?php
}}
?>
<img class="mySlides" src="image/logo/defualt.jpg">
</div>
<div class="col-md-7">
<h3><strong><?php echo strtoupper($firm_name); ?></strong></h3>
<strong></strong> <?php echo $product_key; ?><br>
<strong> <span class="glyphicon glyphicon-home"></span> </strong> <?php echo $address; ?><br>
<!-- <strong>Category : -</strong> <?php echo $catagory_name." , " . $product_key;?><br> -->
<!-- <strong>Phone no : -</strong> <?php echo $phone_no; ?>
<strong>Mobile no : -</strong> <?php echo $mobile_no; ?>
<br>
<strong> Whatsapp no : -</strong> <?php echo $Contact_person_mobile ; ?>
<strong> Contact Person : -</strong> <?php echo $Contact_person ; ?>
<br>
<strong>Email : -</strong> <?php echo $firm_email;?>
<strong>Timing : -</strong> <?php echo $sotime. " to ".$sctime?><br>
<strong>Website : -</strong> <?php echo $Website;?><br> -->
</div>
<div class="col-md-2">
<span> <br> <br> <br></span>
<!-- there's the solution below -->
<?php
$firm_name = urldecode($firm_name); # decode the string (like converting %20 to a space character)
$firm_name = str_replace(' ', '-', $firm_name); # then replace any characters you don't want (like converting a space character to a -
$url = "category.php?edit=" . urlencode($id) . '/' . urlencode($firm_name);
?>
<button type="button" class="btn btn-info btn-lg">Visit</button>
<?php
// probably don't need these now.
$firm_name = urldecode($firm_name);
$firm_name = str_replace(' ', '-', $firm_name);
# are you missing a / here ???
$url = '/jyp/' . urlencode($id) . '' . urlencode($firm_name);
?>
<a href="<?php echo $url ?>"><button type="button" class="btn btn-info btn-lg">Visit</button>
</a>
</div>
</div>
</div>
<?php
}
?>
<?php
if(isset($_REQUEST['search'])){
?>
<h1 id="loadbtn"><span class="load-more">Load More</span></h1>
<input type="hidden" id="row" value="0">
<input type="hidden" id="cityname" name="cityname" value="<?php echo $city; ?>">
<input type="hidden" id="search_item" name="search_item" value="<?php echo $search_item; ?>">
<input type="hidden" id="all" value="<?php echo $allcount; ?>">
<?php
}
?>
You probably should encode whatever you echo to the browser using htmlspecialchars.
Disclaimer: The website where I was testing my PHP code gave the same result when using rawurldecode('hi%20you'); and urldecode('hi%20you');.
I am working on a video-hosting website in which user-uploaded videos (called "answers" as they will be made in response to requests for help in hobby-making) are put into a pending list for a web administrator to examine and decide whether to approve for public viewing or not.
All video records have a boolean piece of data called "approved" that is set to either true ('1') or false ('0').
What I'm having trouble with is the actual approval process. No matter what I do, I can never get to set on the video's "approved" status.
Here is the code I have written...
answer.php (Main video page)
<a class="btn btn-success btn-lg btn-block" href="<?php echo url_for('/approve.php?id=' . h(u($answer['id']))); ?>"><i class="mr-2 fas fa-check fa-2x"></i>Approve</a>
approve.php
if(!isset($_GET['id'])) {
redirect_to(url_for('/pending.php'));
}
$id = $_GET['id'];
if(is_post_request()) {
$answer = [];
$answer['id'] = $id;
$answer['approved'] = $_POST['approved'];
$result = approve_answer($id);
$_SESSION['message'] = '<div class="text-success">The answer was successfully approved and ready for public viewing.</div>';
redirect_to(url_for('/pending.php'));
} else {
$answer = find_answer_by_id($id);
$user = find_user_by_id($answer['user_id']);
}
?>
<?php $page_title = 'Confirm Approval'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>
<div class="container my-2">
<div class="my-2">
<a class="back-link my-2" href="<?php echo url_for('/answer.php?id=' . h(u($answer['id']))); ?>"><i class="mr-2 fas fa-arrow-circle-left fa-2x"></i> Back to Answer</a>
</div>
<div class="answer approve">
<h1>Confirm Approval</h1>
<p>Are you sure you want to approve this answer?</p>
<p class="item"><strong><?php echo h($answer['title']); ?></strong> by <emphasis><?php echo h($user['username']); ?></emphasis></p>
<p><italics><?php echo h($answer['content']); ?></italics>
<form action="<?php echo url_for('/approve.php?id=' . h(u($answer['id']))); ?>" method="post">
<div id="operations">
<input type="hidden" name="approved" value="1" />
<input class="btn btn-success btn-lg btn-block" type="submit" name="approved" id="approved" value="Confirm" />
</div>
</form>
</div>
</div><!-- container -->
function approve_answer (query_functions.php)
function approve_answer($answer) {
global $db;
$errors = validate_answer($answer);
if(!empty($errors)) {
return $errors;
}
$sql = "UPDATE answers SET ";
$sql .= "approved='" . db_escape($db, '1') . "', ";
$sql .= "WHERE id='" . db_escape($db, $answer['id']) . "' ";
$sql .= "LIMIT 1";
$result = mysqli_query($db, $sql);
// For UPDATE statements, $result is true/false
if($result) {
return true;
} else {
// UPDATE failed
echo mysqli_error($db);
db_disconnect($db);
exit;
}
}
So where have I gone wrong?
Replace below code to query.
$sql = "UPDATE answers SET ";
$sql .= "approved='" . db_escape('1') . "', ";
$sql .= "WHERE id='" . db_escape($answer['id']) . "' ";
$sql .= "LIMIT 1";
if(!isset($_GET['id'])) {
redirect_to(url_for('/pending.php'));
}
if(is_post_request()) {
$result = approve_answer($_POST['id']);
$_SESSION['message'] = '<div class="text-success">The answer was successfully approved and ready for public viewing.</div>';
redirect_to(url_for('/pending.php'));
} else {
$answer = find_answer_by_id($_GET['id']);
$user = find_user_by_id($answer['user_id']);
}
?>
<?php $page_title = 'Confirm Approval'; ?>
<?php include(SHARED_PATH . '/public_header.php'); ?>
<div class="container my-2">
<div class="my-2">
<a class="back-link my-2" href="<?php echo url_for('/answer.php?id=' . h(u($answer['id']))); ?>"><i class="mr-2 fas fa-arrow-circle-left fa-2x"></i> Back to Answer</a>
</div>
<div class="answer approve">
<h1>Confirm Approval</h1>
<p>Are you sure you want to approve this answer?</p>
<p class="item"><strong><?php echo h($answer['title']); ?></strong> by <emphasis><?php echo h($user['username']); ?></emphasis></p>
<p><italics><?php echo h($answer['content']); ?></italics>
<form action="<?php echo url_for('/approve.php?id=' . h(u($answer['id']))); ?>" method="post">
<div id="operations">
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input class="btn btn-success btn-lg btn-block" type="submit" name="approved" id="approved" value="Confirm" />
</div>
</form>
</div>
</div><!-- container -->
Query
$sql = "UPDATE answers SET ";
$sql .= "approved=1";
$sql .= "WHERE id='" . db_escape($db, $answer) . "' ";
You can try this code. I am still not sure where you are setting the value for $answer['user_id'] ? But this should solve your issue.