SQLSTATE[HY093]: Invalid parameter number: parameter was not defined - php - php

I'm having a problem where I made a website and I can successfully add data to every Student which works fine, however I'm trying to make a page, where I can basically search for the City(város in my php document) they live in, and it lists me all of those students data. I can succesfully insert into "város", however when I try to read the data, it doesn't work.
The Error message I get is:
SELECT * FROM Diák WHERE város = :város
SQLSTATE[HY093]: Invalid parameter number: parameter was not defined
my code is:
<?php
require "../config.php";
require "../common.php";
if (isset($_POST['submit'])) {
if (!hash_equals($_SESSION['csrf'], $_POST['csrf'])) die();
try {
$connection = new PDO($dsn, $username, $password, $options);
$sql = "SELECT *
FROM Diák
WHERE város = :város";
$város = $_POST['város'];
$statement = $connection->prepare($sql);
$statement->bindParam(':város', $város, PDO::PARAM_STR);
$statement->execute();
$result = $statement->fetchAll();
} catch(PDOException $error) {
echo $sql . "<br>" . $error->getMessage();
}
}
?>
<?php require "../../../htdocs/test/public/templates/header.php";?>
<?php
if (isset($_POST['submit'])) {
if ($result && $statement->rowCount() > 0) { ?>
<h2>Találatok</h2>
<table>
<thead>
<tr>
<th>Oktatási_id</th>
<th>Vezeték név</th>
<th>Keresztnév</th>
<th>Évfolyam</th>
<th>Születési dátum</th>
<th>Város</th>
<th>Utca</th>
<th>Házszám</th>
<th>Irányítószám</th>
<th>Szak</th>
<th>Kar</th>
</tr>
</thead>
<tbody>
<?php foreach ($result as $row) : ?>
<tr>
<td><?php echo escape($row["oktatási_id"]); ?></td>
<td><?php echo escape($row["vezeték_név"]); ?></td>
<td><?php echo escape($row["kereszt_név"]); ?></td>
<td><?php echo escape($row["évfolyam"]); ?></td>
<td><?php echo escape($row["születési_dátum"]); ?></td>
<td><?php echo escape($row["város"]); ?></td>
<td><?php echo escape($row["utca"]); ?> </td>
<td><?php echo escape($row["házszám"]); ?> </td>
<td><?php echo escape($row["irányítószám"]); ?> </td>
<td><?php echo escape($row["szak"]); ?> </td>
<td><?php echo escape($row["kar"]); ?> </td>
</tr>
<?php endforeach; ?>
</tbody>
</table>
<?php } else { ?>
<blockquote>Nem találtunk diákot, aki ilyen Városban lakna. <?php echo escape($_POST['város']); ?>.</blockquote>
<?php }
} ?>
<h2>Városon alapuló keresés.</h2>
<form method="post">
<input name="csrf" type="hidden" value="<?php echo escape($_SESSION['csrf']); ?>">
<label for="város">Város</label>
<input type="text" id="város" name="város">
<input type="submit" name="submit" value="View Results">
</form>
Vissza a fő oldalra.
<?php require "../../../htdocs/test/public/templates/footer.php"; ?>


Apparently PDO doesn't understand named parameters that contain accented characters (I guess anything outside 7-bit ASCII). So change :város to :varos.

Related

How to only update 1 row instead of all the rows when clicking a button

I have a table containing multiple rows. Behind every row is a button you can click to update a column (baatinn) in the database from 0 to 1. However when you click the button it will update all the rows from 0 to 1 instead of the row you are clicking the button on. How do i make it so it will only update the row you are clicking on
Picture of database:
HTML:
<tr>
<th>Båt ut</th>
<th>Båt inn</th>
<th>Båtnr</th>
<th>Fornavn</th>
<th>Etternavn</th>
<th>Tid</th>
<th>Kr</th>
<th>Edit</th>
</tr>
PHP:
$sql = "SELECT utleid, inntid, baatnr, fornavn, etternavn, tid, kr, baatinn FROM utleie WHERE baatnr LIKE '%$sok%' or fornavn LIKE '%$sok%' or etternavn LIKE '%$sok%' or tid LIKE '%$sok%' ORDER BY id desc";
$result = $conn-> query($sql);
if ($result-> num_rows > 0) {
while ($row = $result-> fetch_assoc()) {
?>
<tr>
<td><?php echo $row["utleid"]; ?></td>
<td><?php echo $row["inntid"]; ?></td>
<td><?php echo $row["baatnr"]; ?></td>
<td><?php echo $row["fornavn"]; ?></td>
<td><?php echo $row["etternavn"]; ?></td>
<td><?php echo $row["tid"]; ?></td>
<td><?php echo $row["kr"]; ?></td>
<td><form method="post" action="innlevering.php">
<button name="edit" value="1">Edit</button>
</form></td>
</tr>
<?php
}
echo "</table>";
} else {
echo "0 results";
}
$conn-> close();
innlevering.php:
<?php
include_once 'dbconnect.php';
if ($_POST['edit']) {
$conn->query("UPDATE utleie SET baatinn=1");
}
?>

To help your injection problem, parameterize. It would be something like this (I use PDO, so you will want to double check):
/functions/getUtleie.php
function getUtleie($so, $conn)
{
$query = $conn->prepare("SELECT utleid, inntid, baatnr, fornavn, etternavn, tid, kr, baatinn FROM utleie WHERE baatnr LIKE ? or fornavn LIKE ? or etternavn LIKE ? or tid LIKE ? ORDER BY id desc");
$so = "%{$so}%";
$query->bind_param('ssss',$so, $so, $so, $so);
$result = $query->execute();
if($result->num_rows == 0)
return [];
while($row = $result->fetch_assoc()) {
$data[] = $row;
}
return $data;
}
Now, when you go to use it, include the function, then the key on the form is to make the id in a hidden field:
# Fetch the data
$result = getUtleie($so, $conn);
# If there are any results
if(!empty($result)): ?>
<table>
<?php foreach($result as $row): ?>
<tr>
<td><?php echo $row["utleid"] ?></td>
<td><?php echo $row["inntid"] ?></td>
<td><?php echo $row["baatnr"] ?></td>
<td><?php echo $row["fornavn"] ?></td>
<td><?php echo $row["etternavn"] ?></td>
<td><?php echo $row["tid"]; ?></td>
<td><?php echo $row["kr"]; ?></td>
<td>
<form method="post" action="innlevering.php">
<input type="hidden" name="action" value="update_utleie" />
<input type="hidden" name="utleid" value="<?php echo $row["utleid"] ?>" />
<input type="text" name="val" />
<input type="submit" value="Edit" />
</form>
</td>
</tr>
<?php endforeach ?>
</table>
<?php else: ?>
0 results
<?php endif ?>
After you submit the form, you will want to update using a WHERE clause:
<?php
include_once 'dbconnect.php';
# Check to make sure the form was submitted
if(!empty($_POST['action'] && $_POST['action'] == 'update_utleie') {
# Trim these. You should also check they aren't empty (especially the id)
$id = trim($_POST['utleid']);
$value = trim($_POST['val']);
$query = $conn->prepare("UPDATE `utleie` SET `baatinn` = ? WHERE `utleid` = ?");
$query->bind_param('si', $value, $id);
$query->execute();
}
Anyway, I haven't checked these scripts but it should be pretty close. Should at least point you in the right direction.

How to create timetable based on time

I am currently trying to do a monthly timetable.
and this is my coding 'table.php'
<table class="table table-striped table-bordered table-hover" id="dataTables-example">
<thead>
<tr>
<th>Date</th>
<th>8.00AM</th>
<th>9.00AM</th>
<th>10.00AM</th>
<th>11.00AM</th>
<th>12.00PM</th>
<th>1.00PM</th>
<th>2.00PM</th>
<th>3.00PM</th>
</tr>
</thead>
<tbody>
<tr class="odd gradeX">
<?php
$datequery="SELECT date FROM day ";
$resultdate = mysqli_query($con,$datequery);
while($row = mysqli_fetch_assoc($resultdate)) {
?>
<td><?php echo$row['date'] ;?></td>
<?php
$query="SELECT c_name,l_name,time FROM timetable
";
$result = mysqli_query($con,$query);
while($col = mysqli_fetch_assoc($result)) {
?>
<?php
if($_GET['time'==8]){?>
<td><?php echo $col["c_name"]; echo "<br>"; $col["l_name"];?></td>
<?php }?>
<?php
if($_GET['time'==9]){?>
<td><?php echo $col["c_name"]; echo "<br>"; $col["l_name"];?></td>
<?php }?>
<?php
if($_GET['time'==10]){?>
<td><?php echo $col["c_name"]; echo "<br>"; $col["l_name"];?></td>
<?php }?>
<?php
if($_GET['time'==11]){?>
<td><?php echo $col["c_name"]; echo "<br>"; $col["l_name"];?></td>
<?php }?>
<?php
if($_GET['time'==12]){?>
<td><?php echo $col["c_name"]; echo "<br>"; $col["l_name"];?></td>
<?php }?>
<?php
if($_GET['time'==13]){?>
<td><?php echo $col["c_name"]; echo "<br>"; $col["l_name"];?></td>
<?php }?>
<?php
if($_GET['time'==14]){?>
<td><?php echo $col["c_name"]; echo "<br>"; $col["l_name"];?></td>
<?php }?>
<?php
if($_GET['time'==15]){?>
<td><?php echo $col["c_name"]; echo "<br>"; $col["l_name"];?></td>
<?php }?>
<?php }?>
</tr>
<?php }?>
</tbody>
</table>
The problem now is that I cannot display 'c_name' and 'l_name' based on 'time'.
So I need an idea on how can I arrange it according to time.

Like already say Dan, you have an error with your condition with the time field
if($_GET['time' == 8])
this code will compare the string 'time' with the number 8 and return False. So your code will search the key False in your array. The good condition will be:
if($_GET['time'] == 8)
But you can avoid to check all value of the field time with a "where" clause in your SQL query. Instead make:
$query="SELECT c_name,l_name,time FROM timetable";
You can do something like this:
<?php
$query = mysqli_prepare($con, "SELECT c_name,l_name FROM timetable WHERE time = ?;");
//Here you 'replace' the '?' caracter by the value of the variable $_GET['time']
mysqli_stmt_bind_param($query, "d", $_GET['time']);
mysqli_stmt_execute($query);
mysqli_stmt_bind_result($query, $c_name, $l_name);
//here we fetch all returned rows by the sql query and display a line for each of them
while(mysqli_stmt_fetch($query)){
echo "<td> ".$c_name." <br> ".$l_name."</td>";
}
mysqli_stmt_close($query);
?>
Good practice would you sanitize your $_GET['time'] before binding it as a parameter for avoid SQL injection.
This will avoid to have many "if" for found the good entry. Your database will found more quickly the good entry than php.
For see more for prepare statement : http://php.net/manual/fr/mysqli.prepare.php
And for sanatize your parameter:
http://php.net/manual/fr/mysqli.real-escape-string.php
Hope this will help you.

Shouldn't those if statements look more like
if($_GET['time'] == 8) {
// do something
}
?

oracle select with php won't show

here's my code i don't know where i do wrong here
<?php
$conn=oci_connect("martin","123","localhost/XE");
If (!$conn)
echo 'Failed to connect to Oracle';
else
echo 'Succesfully connected with Oracle DB';?>
<table border="1">
<?php $stid = oci_parse($conn, "select*from MsNama");
oci_execute($stid);
while ($row =
oci_fetch_array(
$stid,
OCI_ASSOC+OCI_RETURN_NULLS)
) {?>
<tr>
<td><?php echo $row[0]; ?></td>
<td><?php echo $row[1]; ?></td>
<td><?php echo $row[2]; ?></td>
</tr>
<?php }?>
and here's my select on oracle database:
SQL> select * from MsNama
2 ;
NAMA ANGKA G
---------------------- -------- -
martin 1 m
this is what's it's look like
I changed the code with what i found on internet but still not working
<html>
<head><title>Oracle demo</title>
</head>
<body>
<?php
$conn=oci_connect("martin","123","localhost/XE");
If (!$conn)
echo 'Failed to connect to Oracle';
else
echo 'Succesfully connected with Oracle DB';
?>
<table border="1">
<?php $stid = oci_parse($conn, "select * from MsNama");
oci_execute($stid,OCI_DEFAULT);
while (oci_fetch($stid)) {
$empno = oci_result($stid, "NAMA");
$ename = oci_result($stid, "angka");
$job = oci_result($stid, "gender");
?>
<tr>
<td><?php echo $empno; ?></td>
<td><?php echo $ename;?></td>
<td><?php echo $job; ?></td>
</tr>
<?php }?>
</table>
</body>
</html>
i tried and always no result. nothing showing

oh my code not wrong but here's the code and it worked
<html>
<head><title>Oracle demo</title></head>
<body>
<?php
$conn=oci_connect("martin","123","localhost/XE");
If (!$conn)
echo 'Failed to connect to Oracle';
else
echo 'Succesfully connected with Oracle DB';
?>
<table border="1">
<?php $stid = oci_parse($conn, "select*from MsNama");
$r=oci_execute($stid);
while ($row = oci_fetch_array($stid, OCI_BOTH)) {?>
<tr>
<td><?php echo $row[0]; ?></td>
<td><?php echo $row[1]; ?></td>
<td><?php echo $row[2]; ?></td>
</tr>
<?php }?>
</table>
</body>
</html>
the problem that i forgot to commit so .-.there's no result i'm sorry

Prevent data from the same id to appear

I want to prevent amaun_caj , amaun_pelbagai , amaun_penalti , amaun_tunggakan from being repeated so if the id_akaun is the same the data will not appear, my code only works on amaun_caj, and for the rest, not a single data appear, what's the problem?
<?php
$i = 0; $id_akaun_old ="";
while($output = mysql_fetch_array($result)) {
$i++;
$id_akaun = $output["id_akaun"];
$lokasi = $output["lokasi"];
$amaun_caj = $output["amaun_caj"];
$amaun_tunggakan = $output["amaun_tunggakan"];
$amaun_penalti = $output["amaun_penalti"];
$amaun_pelbagai = $output["amaun_pelbagai"];
$jumlah_bayaran = $output["jumlah_bayaran"];
?>
<tr>
<td>
<?php echo $i; ?>
</td>
<td>
<?php echo $jenis; ?>
</td>
<td>
<?php echo $id_akaun;
?>
</td>
<td>
<?php echo $no_telefon; ?>
</td>
<td>
<?php echo $lokasi; ?>
</td>
<td align="center">
<?php
if($id_akaun != $id_akaun_old):
echo $amaun_caj;
$id_akaun_old = $id_akaun;
else: echo '';
endif;?>
</td>
<td align="center">
<?php
if($id_akaun != $id_akaun_old):
echo $amaun_pelbagai;
$id_akaun_old = $id_akaun;
else: echo '';
endif;?>
</td>
<td align="center">
<?php
if($id_akaun != $id_akaun_old):
echo $amaun_penalti;
$id_akaun_old = $id_akaun;
else: echo '';
endif;?>
</td>
<td align="center">
<?php
if($id_akaun != $id_akaun_old):
echo $amaun_tunggakan;
$id_akaun_old = $id_akaun;
else: echo '';
endif;?>
</td>
<td align="center">
<?php
if($id_akaun != $id_akaun_old):
echo $jumlah_bayaran;
$id_akaun_old = $id_akaun;
else: echo '';
endif;?>
</td>
<?php
}
?>

Using temporary variable $old_id_akaun might not be the best practice. If you still want to do it like that, i suggest you user ORDER BY id_akaun in your SQL syntax.
In my oppinion, you might get rid of temporary variable and follow these steps,
1. Create empty array outside your while loop. For the sake of easy
understanding, let's called it $list_id_akaun.
2. Inside your while loop, after you get $id_akaun, check whether $id_akaun
is inside $list_id_akaun
3. If not exists, insert it to $list_id_akaun and continue echoing your
table row
4. If exists, skip to the next row.

I don't know why you don't want to use a select distinct clause in this case, but just put them inside a container then check inside the loop:
<?php
$temp = array();
$i = 1;
while($output = mysql_fetch_array($result)):
$id_akaun = $output["id_akaun"];
$lokasi = $output["lokasi"];
$amaun_caj = $output["amaun_caj"];
$amaun_tunggakan = $output["amaun_tunggakan"];
$amaun_penalti = $output["amaun_penalti"];
$amaun_pelbagai = $output["amaun_pelbagai"];
$jumlah_bayaran = $output["jumlah_bayaran"];
?>
<tr>
<td><?php echo $i; $i++; ?></td>
<td><?php echo $jenis; ?></td>
<td><?php echo $id_akaun; ?></td>
<td><?php echo $no_telefon; ?></td>
<td><?php echo $lokasi; ?></td>
<?php if(!in_array($id_akaun, $temp)): ?>
<td><?php echo $amaun_penalti; ?></td>
<td><?php echo $amaun_tunggakan; ?></td>
<td><?php echo $jumlah_bayaran; ?></td>
<?php $temp[] = $id_akaun; ?>
<?php else : ?>
<td></td><td></td><td></td>
<?php endif; ?>
</tr>
<?php endhile; ?>

search multiple fields from a single table in php mysql

I have a table named current with several fields in that table like post, experience, company, etc.
I want to make a search having three select boxes one showing the posts from post field, 2nd showing the experience and 3rd showing the company from a single current table.
I want that if user selects from any one select field or from all it should search the respective data from the table and show the results only related to search.
For this I have written the code but its not working please help me in finding where did I went wrong, I cant understand.
It only shows data entered in post field but not in any other field.
My code goes here
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="">
<table>
<tr>
<?php
$ss=mysql_query("select * from current");
?>
<td><select name="post"><?php while($rr=mysql_fetch_array($ss))
{?><option value="<?php echo $rr['post'];?>"><?php echo $rr['post'];?></option><?php } ?></select></td>
<?php
$s11=mysql_query("select * from current");
?>
<td><select name="experience"><?php while($r11=mysql_fetch_array($s11))
{?><option value="<?php echo $r11['experience'];?>"><?php echo $r11['experience'];?></option><?php } ?> </select></td>
<td>
<?php
$sss=mysql_query("select * from current");
?>
<select name="company"><?php while($rrr=mysql_fetch_array($sss))
{?><option value="<?php echo $rrr['cname'];?>"><?php echo $rrr['cname'];?></option><?php } ?></select></td>
<td><input type="submit" name="search" value="Search" /></td>
</tr>
</table>
</form>
my search code goes here
<?php
include('Admin/config.php');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
if(isset($_REQUEST['search']))
{
$post = $_REQUEST['post'];
$ex = $_REQUEST['experience'];
$company = $_REQUEST['company'];
$query = "select * from current where post like '%$post%' or experience like '%$ex%' or cname like '%$company%' ";
$res1 = mysql_query($query);
while($rows = mysql_fetch_array($res1))
{
?>
<tr>
<td><?php echo $rows['date'];?></td>
<td><?php echo $rows['post'];?></td>
<td><?php echo $rows['qualification'];?></td>
<td><?php echo $rows['experience'];?></td>
<td><?php echo $rows['nop'];?></td>
<td><?php echo $rows['noj'];?></td>
<td><?php echo $rows['cname'];?></td>
<td><?php echo $rows['jloc'];?></td>
</tr><?php
}}
else
{
$s=mysql_query("SELECT * FROM current ORDER BY date DESC");
while($rows=mysql_fetch_array($s))
{
?>
<tr>
<td><?php echo $rows['date'];?></td>
<td><?php echo $rows['post'];?></td>
<td><?php echo $rows['qualification'];?></td>
<td><?php echo $rows['experience'];?></td>
<td><?php echo $rows['nop'];?></td>
<td><?php echo $rows['noj'];?></td>
<td><?php echo $rows['cname'];?></td>
<td><?php echo $rows['jloc'];?></td>
</tr>
<?php
}}
?>
</table>

<?php
include('Admin/config.php');
error_reporting(E_ERROR | E_WARNING | E_PARSE);
$ss=mysql_query("select `post`,`experience`,`cname` from current");
$filter = array();
while($rr = mysql_fetch_assoc($ss)) {
foreach ($rr as $key => $val) {
$filter[$key][] = $val;
}
}
$request = array('post' => '', 'experience' => '', 'cname' => '');
if (isset($_REQUEST['search']))
{
$request = array(
'post' => $_REQUEST['post'],
'experience' => $_REQUEST['experience'],
'cname' => $_REQUEST['cname'],
);
}
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" name="">
<table>
<tr>
<?php
foreach ($filter as $name => $value) {
?>
<td>
<select name="<?=$name?>">
<?
foreach ($value as $key => $val) {
?>
<option value="<?=$val?>"<?= $val === $request[$name] ? ' selected' : ''?>><?=$val?></option>
<?
}
?>
</select>
</td>
<?
}
?>
<td><input type="submit" name="search" value="Search" /></td>
</tr>
</table>
</form>
<table>
<?php
if(isset($_REQUEST['search']))
{
$where = '';
foreach ($request as $key => $val) {
if ($where !== '') {
$where .= ' OR ';
}
$where .= "`".$key."` like '%".$val."%' ";
}
$query = "select * from current where ".$where;
}
else
{
$query = "select * from current ORDER BY date DESC";
}
$res1 = mysql_query($query);
while($rows=mysql_fetch_array($res1))
{
?>
<tr>
<td><?php echo $rows['date'];?></td>
<td><?php echo $rows['post'];?></td>
<td><?php echo $rows['qualification'];?></td>
<td><?php echo $rows['experience'];?></td>
<td><?php echo $rows['nop'];?></td>
<td><?php echo $rows['noj'];?></td>
<td><?php echo $rows['cname'];?></td>
<td><?php echo $rows['jloc'];?></td>
</tr>
<?php
}
?>
</table>

Categories