I'm having issues with making a page where only band members can access their own band pages.
Each band in my band table has four columns $bandm1 $bandm2 $bandm3 and $bandm4.
I tried to make a script that drew the session username, and then drew the band_id from the url, and that was successful. but when i tried:
the script didn't work. is it a problem with my AND/OR statements?
EDIT:
here's my full code:
$user = $_SESSION['user_name'];
$get_user = "
select *
from users
where user_name = '$user'
";
$run_user = mysqli_query($con,$get_user);
$row=mysqli_fetch_array($run_user);
$user_name = $row['user_name'];
if(isset($_GET['band_id'])) {
$band_id = mysqli_real_escape_string($con, $_GET['band_id']);
if (ctype_alnum($band_id)){
$q = "SELECT * FROM bands WHERE band_id = '$band_id' ";
$r = mysqli_query($con, $q);
if($r){
while($row=mysqli_fetch_array($r)){
$band_id = $row['band_id'];
$band_name = $row['band_name'];
}
}
}
?>
FROM bands
WHERE band_id = '$band_id'
and (bandm1 = $user_name) OR (bandm2 = $user_name)
OR (bandm3 = $user_name) OR (bandm4 = $user_name)
it works, BUT when i replace the select with:
SELECT * FROM bands WHERE band_id = '$band_id' and (bandm1 = $user_name) OR (bandm2 = $user_name) OR (bandm3 = $user_name) OR (bandm4 = $user_name)";
it stops working
Try adding parentheses to your query:
SELECT * FROM bands WHERE band_id = '$band_id' and ( (bandm1 = $user_name) OR (bandm2 = $user_name) OR (bandm3 = $user_name) OR (bandm4 = $user_name) )
Edit :
You probably need some quotes around these variables, not sure how your script is built, but something like this :
$query = "SELECT * FROM bands WHERE band_id = '".$band_id."' and ( bandm1 = '".$user_name."' OR bandm2 = '".$user_name."' OR bandm3 = '".$user_name."' OR bandm4 = '".$user_name."' )";
Related
if (isset($_POST['submitid'])) {
$itemid = $_POST['itemID'];
$cartno = mysqli_query($connection , "SELECT * FROM users");
while ($cartnorow = mysqli_fetch_assoc($cartno)) {
$existingcartno = $cartnorow['cartno'];
$existingtotal = $cartnorow['total'];
}
$updatecartno = $existingcartno + 1;
$updateprice = $itemlistprice+$existingcartno;
mysqli_query($connection ,
"UPDATE users SET cartno = '$updatecartno' WHERE id=1");
}
When I remove WHERE id = 1 it works fine.
I seriously need to update specific id thats why I need that WHERE id = 1.
We are trying to do a search form with 7 search criteria for a database with 8 attributes. But we only want to search one event at a time. This is the code I have so far and would like to display the searched information into the table. Any help to know where to look would bee appreciated.
<?php
include 'database_connector.php';
if(isset($_POST['submit'])){
$type = $_POST['type'];
$team1 = $_POST['team1'];
$team2 = $_POST['team2'];
$place = $_POST['place'];
$year = $_POST['year'];
$month = $_POST['month'];
$day = $_POST['day'];
$price = $_POST['price'];
$date = $year.'-'.$month.'-'.$day;
if($type)(
$result=mysqli_connect($con, "select * from Sports where `Event Type` = '$type'")
);
if($team1)(
$result1=mysqli_connect($con, "select * from Sports where `Team 1` = '$team1'")
);
if($team2)(
$result2=mysqli_connect($con, "select * from Sports where `Team 2` = '$team2'")
);
if($place)(
$result3=mysqli_connect($con, "select * from Sports where `Place` = '$place'")
);
if($date)(
$result4=mysqli_connect($con, "select * from Sports where `Date` = '$date'")
);
if($price)(
$result5=mysqli_connect($con, "select * from Sports where `Price` = '$price'")
);
}
?>
Use if/elseif/ to perform just one query, and assign the results to the same variable:
if ($type) {
$query = "select * from Sports where `Event Type` = '$type'";
} elseif ($team1) {
$query = "select * from Sports where `Team 1` = '$team1'";
} ...
} else {
die("You must fill in one of the search fields");
}
$result = mysqli_query($con, $query);
while ($row = mysqli_fetch_assoc($result)) {
// Code to display each row of results
}
Use same variable if you want to execute only one statement and if/elseif/
if($type){
$result=mysqli_connect($con, "select * from Sports where `Event Type` = '$type'")
}
elseif($team1){
$result=mysqli_connect($con, "select * from Sports where `Team 1` = '$team1'")
}
elseif($team2){
$result=mysqli_connect($con, "select * from Sports where `Team 2` = '$team2'")
}
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about programming within the scope defined in the help center.
Closed 9 years ago.
Improve this question
I need you to help me shorten this code. It works perfectly and everything. So I need not only a shorter way, but one that works just like this one does. I'm sort of new to PHP and I know there must be a shorter way to put this script. Here it is:
<?php $sqlMS = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '1'";
$queryMS = mysqli_query($connection ,$sqlMS);
$AdvisoryMS = mysqli_num_rows($queryMS);
$sqlMS2 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '2'";
$queryMS2 = mysqli_query($connection ,$sqlMS2);
$AdvisoryMS2 = mysqli_num_rows($queryMS2);
$sqlMS3 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '3'";
$queryMS3 = mysqli_query($connection ,$sqlMS3);
$AdvisoryMS3 = mysqli_num_rows($queryMS3);
$sqlMS4 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '4'";
$queryMS4 = mysqli_query($connection ,$sqlMS4);
$AdvisoryMS4 = mysqli_num_rows($queryMS4);
$sqlMS5 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '5'";
$queryMS5 = mysqli_query($connection ,$sqlMS5);
$AdvisoryMS5 = mysqli_num_rows($queryMS5);
$sqlMS6 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '6'";
$queryMS6 = mysqli_query($connection ,$sqlMS6);
$AdvisoryMS6 = mysqli_num_rows($queryMS6);
$sqlMS7 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '7'";
$queryMS7 = mysqli_query($connection ,$sqlMS7);
$AdvisoryMS7 = mysqli_num_rows($queryMS7);
$sqlMS8 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '8'";
$queryMS8 = mysqli_query($connection ,$sqlMS8);
$AdvisoryMS8 = mysqli_num_rows($queryMS8);
$sqlMS9 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '9'";
$queryMS9 = mysqli_query($connection ,$sqlMS9);
$AdvisoryMS9 = mysqli_num_rows($queryMS9);
$sqlMS10 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '10'";
$queryMS10 = mysqli_query($connection ,$sqlMS10);
$AdvisoryMS10 = mysqli_num_rows($queryMS10);
$sqlMS11 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '11'";
$queryMS11 = mysqli_query($connection ,$sqlMS11);
$AdvisoryMS11 = mysqli_num_rows($queryMS11);
$sqlMS12 = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '12'";
$queryMS12 = mysqli_query($connection ,$sqlMS12);
$AdvisoryMS12 = mysqli_num_rows($queryMS12);
You can vastly improve the efficiency of that code by using a single query:
$query = "SELECT MONTH(Date_Entered) AS month, COUNT(*) AS total FROM Visits WHERE Company_ID = $cid GROUP BY MONTH(Date_Entered)";
$result = mysqli_query($connection, $query);
while ($row = mysqli_fetch_assoc($result)) {
$AdvisoryMS[$row['month'] = $row['total'];
}
for ($i = 1; $i <= 12; $i++) {
$sql = "SELECT * FROM Visits WHERE Company_ID = $cid AND MONTH(Date_Entered) = '$i'";
$query = mysqli_query($connection ,$sql);
$AdvisoryMS[$i] = mysqli_num_rows($query);
}
This uses a for loop to loop $i through 1-12 and puts the number of rows in an array rather than 12 separate variables. For each result you access them through $AdvisoryMS[1-12]
Im trying to generate an array but not sure how to go about it.
I'm currently getting my data like so:
$query = mysql_query("SELECT * FROM users WHERE userEmail LIKE 'test#test.com'");
$row = mysql_fetch_array($query);
$query1 = mysql_query("SELECT * FROM categories");
while($row1 = mysql_fetch_array($query1)){
$query2 = mysql_query("SELECT * FROM usersettings WHERE userId = ".$row['userId']." AND usersettingCategory".$row1['categoryId']." LIKE 'y'");
$isyes = mysql_num_rows($query2);
if($isyes > 0){
$cat1 = mysql_query("SELECT * FROM shops WHERE shopstateId = 1 AND (categoryId1 = ".$row1['categoryId']." OR categoryId2 = ".$row1['categoryId']." OR categoryId3 = ".$row1['categoryId'].")");
$cat1match = mysql_num_rows($cat1);
if($cat1match > 0){
while($cat1shop = mysql_fetch_array($cat1)){
$cat1msg = mysql_query("SELECT * FROM messages WHERE shopId = ".$cat1shop['shopId']." and messagestateId = 1");
while($cat1msgrow = mysql_fetch_array($cat1msg)){
echo $cat1msgrow['messageContent']." - ".$cat1msgrow['messageCode'];
$cat1img = mysql_query("SELECT shopimagePath FROM shopimages WHERE shopimageId = ".$cat1shop['shopimageId']);
$imgpath = mysql_fetch_array($cat1img);
echo " - ".$imgpath['shopimagePath']."<br/>";
}
}
}
}
}
But this can cause duplicates when a user has all 3 of a shops categories picked in their preferences. I am trying to find a way to just pull the message ID out instead of the whole thing and put it into an array giving me, for example:
1,3,5,7,1,3,5,2,4,7,8
Then I can just run a separate query to say get me all messages where the ID is in the array, but i am unsure of the most constructive way to build such an array and examples of array from a while loop I have seen do not seem to be what I am looking for.
Is there anyone out there that can push me in the right direction?
Can't help with this code. But if you want an array from a query without duplicate result, you can use " select DISTINCT (id) " in your query or for more simple solution :
$id_arr = array();
$sql = mysql_query("select id from id_table");
while ($id_result = mysql_fetch_array($sql) {
$id = $id_result['id'];
if (!in_array($id, $id_arr)) {
$id_arr[] = $id;
}
}
I have found a much easier way to create the required result. I think at 6am after a hard night coding my brain was fried and I was making things a lot more complicated than I needed to. A simple solution to my issue is as follows:
$query = mysql_query("SELECT * FROM users WHERE userEmail LIKE 'test2#test2.com'");
$row = mysql_fetch_array($query);
$categories = "(";
$query1 = mysql_query("SELECT * FROM categories");
while($row1 = mysql_fetch_array($query1)){
$query2 = mysql_query("SELECT usersettingCategory".$row1['categoryId']." FROM usersettings WHERE userId = ".$row['userId']);
$row2 = mysql_fetch_array($query2);
if($row2['usersettingCategory'.$row1['categoryId']] == y){
$categories .= $row1['categoryId'].",";
}
}
$categories = substr_replace($categories ,")",-1);
echo $categories."<br />";
$query3 = mysql_query("SELECT * FROM shops,messages WHERE shops.shopId = messages.shopId AND messages.messagestateId = 1 AND (shops.categoryId1 IN $categories OR shops.categoryId2 IN $categories OR shops.categoryId3 IN $categories)");
while($row3 = mysql_fetch_array($query3)){
$query4 = mysql_query("SELECT shopimagePath FROM shopimages WHERE shopimageId = ".$row3['shopimageId']);
$row4 = mysql_fetch_array($query4);
echo $row3['messageContent']." - ".$row3['messageCode']." - ".$row4['shopimagePath']."<br />";
}
Been tinkering with my website, it is a seat booking website. Still in alpha testing really so not live to the public yet for obvious reasons.
However, I'm having a few problems with updating the values in my database.
I'll post the code and then explain the problem..
else {
$seatID = $_POST['form_submitted'];
$query1 = "SELECT seatTaken FROM SEATS WHERE seatNo = '$seatID'";
$result = mysql_query($query1);
while($row = mysql_fetch_array($result))
{
$taken = $row['seatTaken'];
}
$query2 = "SELECT passNo FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query2);
while($row = mysql_fetch_array($result))
{
$passno = $row['passNo'];
}
$query3 = "SELECT groupID FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query3);
while($row = mysql_fetch_array($result))
{
$groupno = $row['groupID'];
}
$query4 = "SELECT flightNo FROM PASSENGER WHERE username = '$loggedinuser'";
$result = mysql_query($query3);
while($row = mysql_fetch_array($result))
{
$flightno = $row['flightNo'];
}
// if ($taken = 0) {
$update = mysql_query("UPDATE PASSENGER SET seatNo = $seatID WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passNo', groupID = '$groupid' WHERE seatNo = '$seatID'");
// AND flightNo = '$flightno'"
echo '<meta http-equiv="refresh" content="5;url=http://www.mywebsite.com/">';
echo mysql_error();
//}
}
?>
Now the user will have selected their seat in the previous form hence the:
$seatID = $_POST['form_submitted'];
However, at the bottom in my queries, the only value that actually changes in the database when this PHP code is run is the boolean value of 'seatTaken', in that it does change from 0 (not occupied) to 1 (occupied).
The field passNo and groupID in my database DO NOT UPDATE as referenced here in these queries:-
$update = mysql_query("UPDATE PASSENGER SET seatNo = $seatID WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passNo', groupID = '$groupid' WHERE seatNo = '$seatID'");
Is anyone able to help? Many thanks!
Tom
Watch your variable naming and string quotation
When your looking for values in mysql, they usually need to be a string literal (add quotes).
And your other problem is your variable names:
$update = mysql_query("UPDATE PASSENGER SET seatNo = '$seatID' WHERE username = '$loggedinuser'");
$update2 = mysql_query("UPDATE SEATS SET seatTaken = 1, passNo = '$passno', groupID = '$groupno' WHERE seatNo = '$seatID'");
$passno vs $passNo
$groupid vs $groupno
You should also make sure you properly escape any input coming from the user http://php.net/manual/en/function.mysql-real-escape-string.php
One can't see in your code how do you generate the values of $groupid, $passNo, $seatID. Are those varaibles set when you do your update? (just echo the SQL code to see what query is being sent to your database)
Maybe you should try getting the variables from your post request, like $_POST['groupid'], if groupid is the name of the field in the form.