I have created a table with a mix of SQL, HTML and PHP.
See code:
<table>
<tr>
<th>Activated by:</th>
<th>Serialnumber:</th>
<th>Timestamp:</th>
<th>Total consumed energy in kWh:</th>
<th>Total bought enery in kWh:</th>
<th>Energy left in kWh:</th>
</tr>
<?php
if ($serialresult) {
while ($serialrow = mysqli_fetch_assoc($serialresult)) {
$serialnumbers = $serialrow['serial_number'];
$sql = "SELECT * FROM Smartmeterlist WHERE serial_number='$serialnumbers'";
$statsresult = mysqli_query($connection, $sql);
if ($statsresult) {
while ($statsrow1 = mysqli_fetch_assoc($statsresult)) {
$sql = "SELECT * FROM timeframe WHERE times = (SELECT MAX(times) FROM timeframe WHERE serial_number='$serialnumbers')";
$statsresult = mysqli_query($connection, $sql);
if ($statsresult) {
while ($statsrow = mysqli_fetch_assoc($statsresult)) {
echo "<tr><td>" . $statsrow1['activated_by'] . "</td> <td>" . $serialnumbers . "</td><td>" . $statsrow['times'] . "</td><td>" . $statsrow['consumed_energy'] . "</td><td>" . $statsrow['bought_energy'] . "</td><td>" . $statsrow['diff_energy'] . "</td></tr>";
}
}
}
}
}
}
}
?>
Below I create a form to execute an action:
<div class="page-content">
<form action="includes/distributeenergy.inc.php" method="POST">
<input type="Number" step="0.01" name="serial_number"
placeholder="Serial number"> <br> <input type="Number" step="0.01"
name="distribute_energy" placeholder="Assign your energy"> <br>
<div class="row">
<input class="btn" type="submit" name="DE-btn" id="DE-btn"
value="Distribute">
</div>
</form>
</div>
In the table are so called serial numbers of electronic devices.
I want to be able to click on a serial number (hyperlink or similar) and the serial number is used directly as an input for the form. So it is inserted into the "search bar".
Is there a simple way to realize this? Thanks a lot
Related
$query = "SELECT * FROM Employee";
$res = $conn->query($query);
echo("<b>Employee</b><br><br>");
if ($res->num_rows > 0) {
while ($row = $res->fetch_assoc()) {
echo "<tr><td>" . $row['empID']
. "</td><td>" . $row['empFirstName']
. "</td><td>" . $row['empLastName']
. "</td><td>" . $row['empDept']
. "</td><td>" . $row['empPhone']
. "</td><td>" . $row['empEmail']
. "</td><td>" . $row['empAddress']
. "</td></tr>";
}
echo "</table>";
} else {
echo "0 result";
}
/* close connection */
$conn->close();
?>
</body>
</html>
This is currently how each table is setup. As of right now, each table is a separate link on the homepage. At the bottom of the home page, there is a textbox with a submit and clear button. My issue is, how exactly do I go about typing in any query I desire and have it return the results of the query submitted?
Updated 8:17PM:
Textbox portion of homepage.
<b>Ad-hoc Query:</b><br><br>
<form action="querybox.php" method="post">
<table>
<tr>
<td align = right>
<strong>Please enter your query here<br></font></strong>
</td>
<td>
<input type=text size=130 maxlength=280 name="query">
</td>
</tr>
<tr>
<td align = right>
<input type=reset value="Clear">
</td>
<td>
<input type=submit value="Submit">
</td>
</tr>
</table>
</form>
i want to edit my data in database called simple_stall with table order_detail...currently i have done a page that shows a list of data with No Name Ordered_Item Quantity. When user click the No, they'll be redirected to a new page that shows only the data of that he clicked.
Now, when user click on Edit button, they'll be redirected to a new page called update_info.php. Here is a form to change Name Ordered_Item and Quantity...but now when i click update order button, it will update all rows to be the data that user just put in...
What i want is to UPDATE only the data of that No that user click
this is the code
order_detail.php
<?php
include_once 'dbh.php';
$query = "SELECT * FROM order_detail"; //You don't need a ; like you do in SQL
$result = mysqli_query($connection, $query);
echo "<table border = 1px>"; // start a table tag in the HTML
while($row = mysqli_fetch_array($result))
{
$no = $row['No'];
//Creates a loop to loop through results
echo "<tr><td style = 'width:30px;'>" . "<a href='view_more.php?no=$no'>" .$row['No'] . "</td>
<td style = 'width:30%;'>" . $row['Name'] . "</td>
<td style = 'width:30%;'>" . $row['Ordered_Item'] . "</td>
<td>" . $row['Quantity'] . "</td></tr>"; //$row['index'] the index here is a field name
}
echo "</table>"; //Close the table in HTML
echo "<button type='button'><a href='./index.php'>Back</a></button>";
view_more.php
if (isset($_GET['no']))
{
include_once 'dbh.php';
$no = $_GET['no'];
$query = "SELECT * FROM order_detail WHERE No = '$no'";
$result = mysqli_query($connection, $query);
echo "<table border = 1px>"; // start a table tag in the HTML
while($row = mysqli_fetch_array($result))
{
//Creates a loop to loop through results
echo "<tr><td style = 'width:30px;'>" . $row['No'] . "</td>
<td style = 'width:30%;'>" . $row['Name'] . "</td>
<td style = 'width:30%;'>" . $row['Ordered_Item'] . "</td>
<td>" . $row['Quantity'] . "</td></tr>"; //$row['index'] the index here is a field name
}
echo "</table>"; //Close the table in HTML
echo "<button type='button'><a href='./update_info.php?no=$no'>Edit</a></button>";
echo "<button type='button'><a href='#'>Delete</a></button>";
echo "<button type='button'><a href='./order_detail.php'>Back</a></button>";
mysqli_close($connection);
update_info.php
<form action="update_data.php" method="POST">
<div>
<input type="text" name="NewName" placeholder="Name">
</div>
<div>
<input type="text" name="NewOrder" placeholder="Order">
</div>
<div>
<input type="text" name="NewQuantity" placeholder="Quantity">
</div>
<div>
<button type="submit" name="submit">Update Order</button>
</div>
</form>
update_data.php
if(isset($_POST['submit']))
{
include_once 'dbh.php';
$update = "UPDATE order_detail SET Name='$_POST[NewName]', Ordered_Item='$_POST[NewOrder]', Quantity='$_POST[NewQuantity]' ";
if (mysqli_query($connection, $update))
{
header("Location: ./order_detail.php");
exit();
}
else
{
header("Location: ./order_detail.php?update=failed");
exit();
}
}
Specify which order you want to update
look at the HTML and SQL I have change
<form action="update_data.php" method="POST">
<div>
<input type="text" name="NewName" placeholder="Name">
</div>
<div>
<input type="text" name="NewOrder" placeholder="Order">
</div>
<div>
<input type="text" name="NewQuantity" placeholder="Quantity">
</div>
<div>
<input type="hidden" name="No">
<!-- Specify which order you want to update -->
<button type="submit" name="submit">Update Order</button>
</div>
</form>
update_data.php
if(isset($_POST['submit']))
{
include_once 'dbh.php';
$update = "UPDATE order_detail SET
Name='$_POST[NewName]',
Ordered_Item='$_POST[NewOrder]',
Quantity='$_POST[NewQuantity]'
WHERE No = {$_POST['No']} ";
// add where clause in sql to specify which you want to update
if (mysqli_query($connection, $update))
{
header("Location: ./order_detail.php");
exit();
}
else
{
header("Location: ./order_detail.php?update=failed");
exit();
}
}
Use prepared statement, it is safer
Add the Where clause and pass your id whose value you want to edit.Have a look at code below
if(isset($_POST['submit']))
{
include_once 'dbh.php';
$update = "UPDATE order_detail SET Name='$_POST[NewName]', Ordered_Item='$_POST[NewOrder]', Quantity='$_POST[NewQuantity]' WHERE No='$_GET[no]' ";
if (mysqli_query($connection, $update))
{
header("Location: ./order_detail.php");
exit();
}
else
{
header("Location: ./order_detail.php?update=failed");
exit();
}
}
add a hidden input with the value of $no to your update_info.php like this
<form action="update_data.php" method="POST">
<input type="hidden" name="no" value="<?php $_GET['no']; ?>" />
<div>
<input type="text" name="NewName" placeholder="Name">
</div>
<div>
<input type="text" name="NewOrder" placeholder="Order">
</div>
<div>
<input type="text" name="NewQuantity" placeholder="Quantity">
</div>
<div>
<button type="submit" name="submit">Update Order</button>
</div>
</form>
and then change your sql query in update_data.php to be like this
"UPDATE order_detail SET Name='$_POST[NewName]', Ordered_Item='$_POST[NewOrder]', Quantity='$_POST[NewQuantity]' where = {$_POST['no']} ";
by using this code i can now fetch pro_price table but i need multiple column saerch. this is my working code for an solo column, but i need to fetch two column more from that table. How i can i do that. please help
Database name: auction
Table name : addproduct
Column names : pro_price, pro_code, hsn_code
This is my code,
if(isset($_REQUEST['search'])){
$pro_price = $_REQUEST['pro_price'];
foreach ($_REQUEST['pro_price'] as $pro_price) {
$statearray[] = mysql_real_escape_string($pro_price);
}
$states = implode ("','", $statearray);
$sql = "SELECT * FROM addproduct WHERE pro_price IN ('$states'))";
$result = mysql_query($sql) or die(mysql_error());
if (mysql_num_rows($result) == 0)
{
echo "Sorry, but we can not find an entry to match your query...<br><br>";
}
else
{
echo "<table border='1' width='900' class='srchrslt'>
<tr class='head'>
<td>pro_name</td>
<td>pro_brand</td>
<td>hsn_code</td>
<td>pro_tax2</td>
<td>pro_tax3</td>
</tr>";
while($row = mysql_fetch_assoc( $result ))
{
echo "<tr>";
echo "<td>" . $row['pro_name'] . " </td>";
echo "<td>" . $row['pro_brand'] . " </td>";
echo "<td>" . $row['hsn_code'] . " </td>";
echo "<td>" . $row['pro_tax2'] . " </td>";
echo "<td>" . $row['pro_tax3'] . " </td>";
echo "</tr>";
}
echo "</table>";
}
}
please help...and thank you
You do a SELECT *, which returns all columns in a table. In your case, it seems there's only a single column, so either you need to add additional columns to the table, or alternatively, you need to figure out whether perhaps you have not been granted permissions to see all columns in the table.
UPDATE:
It seems what you really want to do is add additional search criteria. This would mean your query would become something like the following:
SELECT * FROM addproduct WHERE pro_price IN ('$states') OR pro_code IN ('$codes')
For that to work, you would have to do what you already with the selected prices (i.e. store them i a variable called $states). In the SQL line above, I assume you store the selected values of the codes in a similar variable called $codes.
The full code with this addition would be something like tis:
if(isset($_REQUEST['search'])){
$pro_price = $_REQUEST['pro_price'];
$pro_code = $_REQUEST['pro_code'];
foreach ($_REQUEST['pro_price'] as $pro_price) {
$statearray[] = mysql_real_escape_string($pro_price);
}
foreach ($_REQUEST['pro_code'] as $pro_code) {
$codesarray[] = mysql_real_escape_string($pro_code);
}
$states = implode ("','", $statearray);
$codes = implode ("','", $codesarray);
$sql = "SELECT * FROM addproduct WHERE pro_price IN ('$states') OR pro_code IN ('$codes')";
Note that I'm not a PHP coder, so it is entirely possible the code can be optimized. I just wanted to show you what I think would work.
At last I got the solutions to my question. Thanks to #SchmitzIT who had supported me. Iam posting the code for further candidates.
index.php
<form name="search" method="post" action="searchplant">
<table width="900" border="1" class="srch">
<tr class="head"><td>Pro Price</td></tr>
<tr>
<td>
<input type="checkbox" value="250" name="pro_price[]">250<br />
<input type="checkbox" value="80" name="pro_price[]">80<br />
<input type="checkbox" value="50" name="pro_price[]">50<br />
<input type="checkbox" value="40" name="pro_price[]">40<br />
<input type="checkbox" value="299" name="pro_price[]">299<br />
<td>
</tr>
<tr class="head"><td>hsncode</td></tr>
<tr>
<td>
<input type="checkbox" value="101101" name="hsn_code[]">101101<br />
<input type="checkbox" value="101102" name="hsn_code[]">101102<br />
<input type="checkbox" value="101103" name="hsn_code[]">101103<br />
<input type="checkbox" value="101104" name="hsn_code[]">101104<br />
<input type="checkbox" value="101105" name="hsn_code[]">101105<br />
<td>
</tr>
<tr class="head"><td>procode</td></tr>
<tr>
<td>
<input type="checkbox" value="101" name="pro_code[]">101<br />
<input type="checkbox" value="102" name="pro_code[]">102<br />
<input type="checkbox" value="103" name="pro_code[]">103<br />
<input type="checkbox" value="104" name="pro_code[]">104<br />
<input type="checkbox" value="105" name="pro_code[]">105<br />
<td>
</tr>
<tr><td colspan="3" align="Right">
<input type="submit" name="search" value="Search" /></td></tr>
</table>
</form>
</div><!-- end service-->
<div id="media" class="group">
search.php
if(isset($_REQUEST['search']))
{
$pro_price = $_REQUEST['pro_price'];
$pro_code = $_REQUEST['pro_code'];
$hsn_code = $_REQUEST['hsn_code'];
foreach ($_REQUEST['pro_price'] as $pro_price) {
$statearray[] = mysql_real_escape_string($pro_price);
}
foreach ($_REQUEST['pro_code'] as $pro_code) {
$codesarray[] = mysql_real_escape_string($pro_code);
}
foreach ($_REQUEST['hsn_code'] as $hsn_code) {
$hsnarray[] = mysql_real_escape_string($hsn_code);
}
$states = implode ("','", $statearray);
$codes = implode ("','", $codesarray);
$hsn = implode ("','", $hsnarray);
$sql = "SELECT * FROM addproduct WHERE pro_price IN ('$states') OR pro_code IN ('$codes') OR hsn_code IN ('$hsn')";
//Now we search for our search term, in the field the user specified
$result = mysql_query($sql) or die(mysql_error());
//This counts the number or results - and if there wasn't any it gives them a little message explaining that
if (mysql_num_rows($result) == 0)
{
echo "Sorry, but we can not find an entry to match your query...<br><br>";
}
else
{
echo "<table border='1' width='900' class='srchrslt'>
<tr class='head'>
<td>pro_name</td>
<td>pro_brand</td>
<td>hsn_code</td>
<td>pro_price</td>
<td>pro_code</td>
</tr>";
//And we display the results
while($row = mysql_fetch_assoc( $result ))
{
echo "<tr>";
echo "<td>" . $row['pro_name'] . " </td>";
echo "<td>" . $row['pro_brand'] . " </td>";
echo "<td>" . $row['hsn_code'] . " </td>";
echo "<td>" . $row['pro_price'] . " </td>";
echo "<td>" . $row['pro_code'] . " </td>";
echo "</tr>";
}
echo "</table>";
}
}
Just change the database name, table name, column name and values according to your data.
Hope you find this useful
Script Page is working nicely. When I select the multiple options in next dashboard page, no records display. Please fix this problem. I think the selected value cannot recognize in dashboard page
Script.php
<?php include("connection.php") ?>
<form id="script" name="script" action="dashboard.php" method="post">
<strong>Choose Script Name : </strong><select name="script[]" id="select3" multiple=multiple style="margin: 20px;width:300px;">
<?php
$result = $conn->query("select script_name from script_details ORDER BY script_name");
while ($row = $result->fetch_assoc()) {
unset($script_name);
$script_name = $row['script_name'];
echo '<option value="' . $id . '">' . $script_name . '</option>'; // Generated From database
}
?>
</select>
<input type="submit" name="submit" id="button" value="View Dashboard" />
</form>
Dashboard.php
<table border="1">
<tr align="center">
<th>Number </th> <th>Script Name</th> <th> Date</th>
</tr>
<?php
include("connection.php");
$select = $_POST['script'];
$selects = "SELECT * FROM script_details where script_name='$select'";
$result = $conn->query($selects);
echo "<table>";
while ($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["id"] . "</td><td>" . $row["script_name"] . "</td></tr>" . "</td><td>" . $row["date"] . "</td></tr>";
}
echo "</table>";
[This is script page Image. Selecting option from script_details database. Field name : script_name.][1]?>
This is Dashboard page. when selecting script2, script3 option. Doesnot show record for selected items.
Firstof all your code is sql vulnerable
In Scrip you didn't define values of options in <select> tag. define value first and for this you need to fetch is from database
Script.php
<?php include("connection.php") ?>
<form id="script" name="script" action="dashboard.php" method="post">
<strong>Choose Script Name : </strong>
<select name="script[]" id="select3" multiple=multiple style="margin: 20px;width:300px;">
<?php
$result = $conn->query("select id, script_name from script_details ORDER BY script_name");
while ($row = $result->fetch_assoc()) {
unset($script_name);
$script_name = $row['script_name'];
$id = $row['id'];
echo '<option value="' . $id . '">' . $script_name . '</option>'; // Generated From database
}
?>
</select>
<input type="submit" name="submit" id="button" value="View Dashboard" />
</form>
In dashboard do proper markup
Dashboard.php
<table border="1">
<tr align="center">
<th>Number </th> <th>Script Name</th> <th> Date</th>
</tr>
<?php
include("connection.php");
$select = $_POST['script'];
$ids = "'" . implode("','", $select) . "'";
$selects = "SELECT * FROM script_details WHERE id IN ($ids)";
$result = $conn->query($selects);
while ($row = $result->fetch_assoc()) {
echo "<tr>"
. "<td>" . $row["id"] . "</td>"
. "<td>" . $row["script_name"] . "</td>"
. "<td>" . $row["date"] . "</td>"
. "</tr>";
}
?>
</table>
I would approach it in the following way:
$scriptsArr = $_POST['script'];
$scriptsStr = implode(',', $scriptsArr);
$selects = "SELECT * FROM script_details where script_name IN ($scriptsStr)";
I've split it to few variables so you can understand the process.
Hope I could help!
I hope your understand is not safe at all, I would suggest you will read a bit more about prepared statements:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
I have a form to be filled from a user. Please have a look at this link
https://s3-eu-west-1.amazonaws.com/danielestopponi.com/images/form.png
The only field to be filled is the quantity.
All the other fields are taken from a database which depends on the department the user has per attribute.
$con = mysqli_connect($hostdb,$userdb,$passwdb,$dbTEST);
if (mysqli_connect_errno()) {
echo "Impossibile connettersi a MySQL: " . mysqli_connect_error();
}
$sql_descr = "SELECT info.id_infostore_descr AS idinfo, info.supplier AS supplier, info.type AS type, info.descr AS descr, dg.descr AS dgroup, d.dept_descr AS dept\n"
. "FROM infostore_descr AS info\n"
. "INNER JOIN dept_group AS dg ON info.infostore_dept_group = dg.id_dept_group\n"
. "INNER JOIN dept_assoc AS da ON dg.id_dept_group = da.id_dept_group\n"
. "INNER JOIN dept AS d ON d.id_dept = da.id_dept\n"
. "WHERE da.id_dept = " . $id_dept . "\n"
. "GROUP BY descr\n"
. "ORDER BY supplier AND type";
$results_descr = mysqli_query($con, $sql_descr) or die(mysql_error());
if (!$results_descr) {
echo "Error: " . mysqli_error($con) . " - Contact the administrator";
} else {
$row_descr = mysqli_fetch_array($results_descr,MYSQLI_ASSOC);
$num_row = mysqli_num_rows($results_descr);
}
mysqli_close($con);
Then I have the form
<form name="infostore" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']); ?>" role="form">
<fieldset>
<legend>Insert information</legend>
<table class="table">
<tr>
<th>Supplier</th>
<th>Type</th>
<th>Description</th>
<th>Dept Group</th>
<th>Dept Descr</th>
<th>Quantity</th>
</tr>
<?php
while ($row_descr = mysqli_fetch_array($results_descr,MYSQLI_ASSOC)) {
$array_sql_insert = array();
echo "<tr>";
echo "<td>" . $row_descr['supplier'] . "</td>";
echo "<td>" . $row_descr['type'] . "</td>";
echo "<td>" . $row_descr['descr'] . "</td>";
echo "<td>" . $row_descr['dgroup'] . "</td>";
echo "<td>" . $row_descr['dept'] . "</td>";
echo "<td>";
echo '<div class="form-group">';
echo "<input class='form-control' type='number' name='qty[]' id='idqty' required placeholder='Insert Quantity' value='<?php echo $value; ?>'>";
echo '</div>';
echo '</td>';
echo '</tr>';
}
?>
</table>
</div>
</div>
<div class="row">
<hr></hr>
</div>
<div class="row">
<div class="col-xs-12">
<div class="form-group">
<div class="col-xs-1">
<label for="submit">Submit</label>
<input class="btn btn-success" type="submit" name="submit" value="Invia" id="submit">
</div>
<div class="col-xs-1 col-xs-offset-7">
<label for="reset">Reset</label>
<input class="btn btn-danger" type="reset" name="reset" value="Reset" id="reset">
</div>
</div>
</div>
</div>
</fieldset>
</form>
What i need is to INSERT INTO table "infostore" all the entries submitted by the user.
The user must fill all the row, but each user may have a different amount of row. Which row the user can see is decided by me with the SQL query you have seen above.
The problem is that the field it must be sent come from different source: associative array, Session and POST
I think I understood how i should do it but i'm completely lost because i dont understand how to put togheter the information.
I thought to create an associative array with the field i need which are:
$_SESSION['id_dept'], $row_descr['id_infostore_descr'], $_POST['qty']
Then I thought to do the SQL query
INSERT INTO infostore(id_dept,id_infostore_descr,qty) VALUE array[..string..]
where
array[($_SESSION['id_dept'], $row_descr['id_infostore_descr'], $_POST['qty']) , ($_SESSION['id_dept'], $row_descr['id_infostore_descr'], $_POST['qty']) ....and so on for each row submitted.]
I'm completely lost because i don't know how to put all togheter these different sources.
I solved!!!
This is the trick that did the magic. If somebody can give advice if it could have been done better, You are welcome!
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST") {
$qty = $_POST['qty'];
//I create an array with all the value i have to upload and then transform it into a string
$i=-1;
$array_insert_string = array();
mysqli_data_seek($results_descr,0);
//I dont understand why if id dont do the data_seek qui above
//the above while doesn't start from position 0, as if something make it moving forward
while ($row_descr = mysqli_fetch_array($results_descr,MYSQLI_ASSOC)) {
$i++;
//I create the string and push each one into the array
$string = "(" . $_SESSION['id_dept'] . ", " . $row_descr['idinfo'] . ", " . $qty[$i] . ")";
array_push($array_insert_string, $string);
}
//I aggregate all the value of the array into one total string
$string_total = implode(", ", $array_insert_string);
//reset for the next while below
mysqli_data_seek($results_descr,0);
}
// non serve la funzione clean_data poichè l'input è solo numerico
// verifica il form e se tutte le condizioni sono rispettate
// allora invia il form al database
if (isset($_POST['submit'])) {
$con = mysqli_connect($hostdb,$userdb,$passwdb,$dbTEST);
if (mysqli_connect_errno()) {
echo "Impossibile connettersi a MySQL: " . mysqli_connect_error();
}
// escape variables for security
function escape($array) {
global $con;
return mysqli_real_escape_string($con, $array);
}
//array_map consente di applicare una funzione a tutti gli elementi di un array
//sicurezza superflua ma sempre meglio
$qty = array_map("escape", $qty);
if (!mysqli_query($con, "INSERT INTO infostore (id_dept, id_infostore_descr, qty) VALUES " . $string_total)) {
die ("Error: " . mysqli_error($con));
}
mysqli_close($con);
}
?>