<input type="text" name="question" required class="form-control" placeholder="Question" value=<?php
$emid = $_GET['key1'];
$sql = "SELECT * FROM posses_ques WHERE id = '$emid'";
$result = mysqli_query($connection, $sql);
if (mysqli_num_rows($result) > 0){
while ($row = mysqli_fetch_assoc($result)) {
echo $row['ques'];
}
} else {
echo "No Data Available";
}
?>
>
A tidier solution and one that does not allow SQL Injection Attack might be something like this
<?php
$sql = "SELECT * FROM posses_ques WHERE id = ?";
$stmt = $connection->prepare($sql);
$stmt->bind_param('i', $_GET['key1']):
$stmt->execute();
$result = $stmt->get_result();
$x = 0;
if ( $result->num_rows > 0 ){
while ($row = $result->fetch_assoc()) {
echo '<input type="text" name="question' . $x . '" value="' . $row['ques']. ' required class="form-control" placeholder="Question" ';
$x++;
}
} else {
echo "No Data Available";
}
Note also the unique name attribute. These need to be unique or you wont see all of them in the data returned to the scripts from a form
Related
I am trying to add a character before/after value in mysql query. but I can't make it work.
This is the part that doesn't work in my case:
$query = "select CONCAT ('.', DuRpt) as DuRpt, DaRpt from DDtb order by DATE DESC";
You can see the full code below. Any ideas why it doesn't work or can I get an alternative solution, please. thanks.
<div class="container">
<div class="left">
<?php
include ("etc/config.php");
$query = "select concat ('.', DuRpt) as DuRpt, DaRpt from DDtb order by DATE DESC";
$result = mysqli_query($link, $query);
if (!$result) {
$message = 'ERROR:' . mysqli_error($link);
return $message;
} else {
$i = 0;
echo '<form name="select" action="" method="GET">';
echo '<select name="mySelect" id="mySelect" size="44" onchange="this.form.submit()">';
while ($i < mysqli_field_count($link)) {
$meta =
mysqli_fetch_field_direct($result, $i);
echo '<option>' . $meta->name . '</option>';
$i = $i + 1;
}
echo '</select>';
echo '</form>';
}
?>
</div>
<div>
<?php
if(isset($_GET['mySelect'])) {
$myselect = $_GET['mySelect'];
$sql = "SELECT `$myselect` as mySelect from DDtb order by DATE DESC";
$result = mysqli_query($link, $sql);
if ($result->num_rows > 0) {
$table_row_counter = 3;
echo '<table>';
while($row = $result->fetch_assoc())
{
$table_row_counter++;
if ($table_row_counter % 30 == 1) {
echo '</table>';
echo '<table>';
}
echo "<tr><td>" . $row["mySelect"] . "</td></tr>";
}
}
}
echo '</table>';
mysqli_close($link);
?>
</div>
</div>
For the 2nd half of your code, you can do this:
note you won't need to concat anything in your initial query
if(isset($_GET['mySelect'])) {
// configure every option here, if there's not pre/postfix, use a blank string
$prepostfixes = [
'DuRpt' => ['.', '.'],
'DaRpt' => ['', ''],
];
$myselect = $_GET['mySelect'];
if (!isset($prepostfixes[$myselect])) {
die ('Unknown Select'); // this will prevent sql injection
}
$sql = "SELECT `$myselect` as mySelect from DDtb order by DATE DESC";
$result = mysqli_query($link, $sql);
if ($result->num_rows > 0) {
$table_row_counter = 3;
echo '<table>';
$prefix = $prepostfixes[$myselect][0];
$postfix = $prepostfixes[$myselect][1];
while($row = $result->fetch_assoc())
{
$table_row_counter++;
if ($table_row_counter % 30 == 1) {
echo '</table>';
echo '<table>';
}
echo "<tr><td>" . $prefix . $row["mySelect"] . $postfix . "</td></tr>";
}
}
}
Just update your code and remove the duplicate of DuRpt from it.
$query = "select concat ('.', DuRpt) as DuRpt from DDtb order by DATE DESC";
I have 6 input fields
<input type="text" class="form-control filter-width namef" placeholder="Product Name">
<input type="text" class="form-control filter-width brandf" placeholder="Brand Name">
<input type="text" class="form-control filter-width catf" placeholder="Category">
<input type="text" class="form-control filter-width sizef" placeholder="Size">
<input type="text" class="form-control filter-width pricef" placeholder="Price">
<input type="text" class="form-control filter-width invf" placeholder="Inventory">
each field is used to filter data. if all fields are filled then it is easy to querying data but I actually don't know using how many fields a user is going to filter. He may filter the data using only name, name and brand name, name and brand name and size, price and inventory. putting conditions using if, elseif and thinking of all possible combinations would be difficult and lengthy task.
is there any way to achieve this.
Here's my PHP:
$name = $_REQUEST['name'];
$brand = $_REQUEST['brand'];
$cat = $_REQUEST['cat'];
$size = $_REQUEST['size'];
$price = $_REQUEST['price'];
$inv = $_REQUEST['inv'];
if(!empty($name) AND !empty($brand) AND !empty($cat) AND !empty($size) AND !empty($price) AND !empty($inv) ||){
$sql = "SELECT * FROM products WHERE pname='$name' AND brand_name ='$brand' AND ptype = '$cat' AND psize= '$size' AND sprice = '$price' AND inventory='$inv'";
}
else{
}
$result = $conn->query($sql);
if($result->num_rows>0){
while($row=$result->fetch_assoc()){
$pid = $row['pid'];
$pname = $row['pname'];
$pbrand = $row['brand_name'];
$pcat = $row['ptype'];
$pinv = $row['inventory'];
$pprice = $row['sprice'];
$psize = $row['psize']; ?>
<tr id="<?php echo $pid; ?>" class="prod-details"><?php echo "<td>".$pid."</td><td>".$pname."</td><td>".$pbrand."</td>"."<td>".$pcat."</td>"."<td>".$psize."</td>"."<td>".$pprice."</td>"."<td>".$pinv."</td>"; ?></tr> <?php
}
}
Now I don't know what conditions to think and write inside else body
Try following code
<?php
$sql = "SELECT * FROM products WHERE 1=1 AND ";
foreach ($_REQUEST as $key => $value) {
$columnName = '';
switch ($key) {
case 'name':
$columnName = 'pname';
break;
case 'brand':
$columnName = 'brand_name';
break;
case 'cat':
$columnName = 'ptype';
break;
case 'cat':
$columnName = 'psize';
break;
case 'size':
$columnName = 'ptype';
break;
case 'inv':
$columnName = 'inventory';
break;
}
if (!empty($columnName) && !empty($value)) {
$sql .= " $columnName='$value' AND";
}
}
$sql = rtrim($sql, 'AND');
$result = $conn->query($sql);
if($result->num_rows>0){
while($row=$result->fetch_assoc()){
$pid = $row['pid'];
$pname = $row['pname'];
$pbrand = $row['brand_name'];
$pcat = $row['ptype'];
$pinv = $row['inventory'];
$pprice = $row['sprice'];
$psize = $row['psize']; ?>
<tr id="<?php echo $pid; ?>" class="prod-details"><?php echo "<td>".$pid."</td><td>".$pname."</td><td>".$pbrand."</td>"."<td>".$pcat."</td>"."<td>".$psize."</td>"."<td>".$pprice."</td>"."<td>".$pinv."</td>"; ?></tr> <?php
}
}
Also please correct me if I am wrong.
You could aggregate your query string. You may try the following-
$query = "";
if (!empty($name)) {
$query += " AND pname='$name'";
}
if (!empty($brand)) {
$query += " AND brand_name ='$brand'";
}
if (!empty($cat)) {
$query += " AND ptype = '$cat'";
}
if (!empty($size)) {
$query += " AND psize= '$size'";
}
if (!empty($price)) {
$query += " AND sprice = '$price'";
}
if (!empty($inv)) {
$query += " AND inventory='$inv'";
}
if($query != ""){
$sql = "SELECT * FROM products WHERE 1=1" . $query;
}else{
}
I have 3 tables:
people:
------------------------
peopleID,
firstname
peopletype:
------------------------
peopletypeID,
type
peoplepeopletype (junction table):
------------------------
peopleID,
peopletypeID
On the add form everything is fine, but I have problem to display checkboxes checked for the assigned peopletype
Here is my code.
Retrieve data from peoplepeopletype table :
/*PEOPLE TYPE ************* */
$stmt = $conn->prepare("SELECT * FROM peoplepeopletype WHERE peopleID=?");
// set parameters and execute
if ( !$stmt ) { echo "error"; }
else if ( !$stmt->bind_param('i', $_GET['peopleID']) ) { echo "error";}
else if ( !$stmt->execute() ) { echo "error"; }
else {
$result = $stmt->get_result();
while($row = $result->fetch_assoc()) {
$peopletypeIDfromdb = $row ['peopletypeID'];
echo $peopletypeIDfromdb; /*echo only for test purposes, but I don't know how to use this in the form */
}
} /* end else */
Display checkboxes :
<?php /*retrieve peopletype from db */
$sql = "SELECT * from peopletype";
$result = $conn->query($sql);
while($row = $result->fetch_assoc()) {
echo '<input required="required" type="checkbox" name="peopletypeID[]" value="' . $row["peopletypeID"] . '"';
if ($peopletypeIDfromdb = $row["peopletypeID"]) { /*problem is probably here*/
echo 'checked';
}
echo '>' . $row["type"];
}
?>
Thanks for your help!
If you can have multiple types attached to 1 person, you'll need to change the first loop to store all of them in an array. I store them as keys to have the minimum complexity of checking the existence of certain type in the future among the types assigned to the person.
$result = $stmt->get_result();
$types = array();
while($row = $result->fetch_assoc()) {
$types[$row ['peopletypeID']] = 1;
}
And then use it inside the second loop:
while($row = $result->fetch_assoc()) {
echo '<input required="required" type="checkbox" name="peopletypeID[]" value="' .
$row["peopletypeID"] . '" ';
if(isset($types[$row["peopletypeID"]]))
{
echo 'checked';
}
echo '>' . $row["type"];
}
I trying to do all my querys with prepared statements but is new for me and I have some troubles. This is first query and doesn't echo result from table. This is what I've done so far. May be is realy newbie question but is something completely new for me.
if(isset($_GET['joke_id'])){
$joke_id = $_GET['joke_id'];
$qry = $con->prepare("SELECT * FROM joke WHERE joke_cat = ?");
$qry->bind_param('i', $joke_id);
$qry->execute();
$result = $qry->get_result();
$result->fetch_array();
$result = mysqli_query($con, $qry) or die("Query failed: " . mysqli_errno($con));*/
$line = mysqli_fetch_array($result, MYSQL_BOTH);
if (!$line) echo '';
$previd = -1;
$currid = $line[0];
if (isset($_GET['id'])) {
$previous_ids = array();
do {
$previous_ids[] = $line[0];
$currid = $line[0];
if ($currid == $_GET['id']) break;
$previd = end($previous_ids);
$line = mysqli_fetch_array($result, MYSQL_BOTH);
} while ($line);
}
if ($line) {
echo "<div id=\"box\">";
echo nl2br($line['text']) . "<br /><br />";
echo "<div id=\"share\"><span class='st_facebook' displayText='Facebook'></span>
<span class='st_twitter' displayText='Tweet'></span>
<span class='st_googleplus' displayText='Google +'></span></div>";
echo '<br /><br /><br />';
echo "</div>";
}
else echo '<p>Empty category</p><br/>';
This is what I use right now before to try PDO and it's work with no problems.
qry = "SELECT * FROM joke WHERE joke_cat = '$joke_id'";
$result = mysqli_query($con, $qry) or die("Query failed: " . mysqli_errno($con));
$_GET['joke_id'] and $_GET['joke_cat'] is set ?
or try
$qry = $con->prepare("SELECT * FROM joke WHERE joke_cat =:joke_cat");
$qry->bindParam(':joke_cat', $_GET['joke_cat'], PDO::PARAM_STR);
$qry->execute();
$result = $qry->fetchAll();
I have a form on a page that posts a record id to a page I want to display that record on. The form is:
<form method="post" action="update.php">
<input type="hidden" name="sel_record" value="$id">
<input type="submit" name="update" value="Update this Order">
</form>
I have tested to see if $id is getting the correct value and it does. When it post to update.php it does not return any values. Any ideas? here is the update page code:
$sel_record = $_POST['sel_record'];
$result = mysql_query("SELECT * FROM `order` WHERE `id` = '$sel_record'") or die (mysql_error());
if (!$result) {
print "Something has gone wrong!";
} else {
while ($record = mysql_fetch_array($result)) {
$id = $record['id'];
$firstName = $record['firstName'];
$lastName = $record['lastName'];
$division = $record['division'];
$phone = $record['phone'];
$email = $record['email'];
$itemType = $record['itemType'];
$job = $record['jobDescription'];
$uploads = $record['file'];
$dateNeeded = $record['dateNeeded'];
$quantity = $record['quantity'];
$orderNumber = $record['orderNumber'];
}
}
you have not put the php tags <?php ?> inside the html
<input type="hidden" name="sel_record" value="<?php echo $id; ?>">
You should also try to define those variables outside of the while loop.
$id = '';
$result = mysql_query("SELECT * FROM `order` WHERE `id` = '$sel_record'") or die (mysql_error());
if (!$result) {
print "Something has gone wrong!";
} else {
while ($record = mysql_fetch_array($result)) {
$id = $record['id'];
}
}
Not a full example, but you get the idea.
You have to escape the string... and you can drop the single quotes around order and id.
Try:
$result = mysql_query("SELECT * FROM order WHERE id = '" . $sel_record . "'")
if $sel_record is a String, otherwise remove the single quotes:
...WHERE id = " . $sel_record)
You can also use functions sprintf and mysql_real_escape_string to format:
$query = sprintf("SELECT * FROM order WHERE id = '%s'",
mysql_real_escape_string($sel_record));