We Keep Coding

How to select certain term depending on search?

So I am wanting the user to be able to search by either keyword or ID number. If they search "test" right now for example it will pull all the entries with test which is what I want it to do for the keyword part of the search. However, I also want the user to be able to search my specific a specific ID# and just pulling that specific entry. I am unsure how I would go about doing this. I tried doing some sort of OR statement but it did not pull any entries.
Search box form
<div class ="search" id="browse">
<p> Find your appointment below or search by keyword</p>
<form id="" class="searchbar" action="searchAppt.php" method="get">
<input type="text" name="terms" size="40" class = "sbar" placeholder="Search by issue keyword or ID" oninput="validity.valid||(value='');"
onblur="if (this.value == '') {
this.value = 'Enter keyword or ID';
}"
onfocus="if (this.value == 'Enter keyword or ID') {
this.value = '';
}"/>
<button type="submit" class = "btn">Search</button>
</form>
</div>
searchAppt.php
if (filter_has_var(INPUT_GET, "terms")) {
$terms_str = filter_input(INPUT_GET, 'terms', FILTER_SANITIZE_STRING);
} else {
echo "There were no appointments found.";
include ('includes/footer.php');
exit;
}
//explode the search terms into an array
$terms = explode(" ", $terms_str);
$sql = "SELECT * FROM appointments WHERE 1";
foreach ($terms as $term) {
$sql .= " AND email = '". $_SESSION['email'] ."' AND issue LIKE '%$term%' OR id ='%term%'
";
}
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<br /><br /><center><h1>My Ticket(s)</h1><br />
<div class='table'>
<div class='tr'>
<div class='td'><b>Ticket #</b></div>
<div class='td'><b>Issue</b></div>
<div class='td'><b>Date</b></div>
<div class='td'><b>Ticket Details</b></div>
</div>";
// output data of each row
while($row = $result->fetch_assoc()) {
$starttimepast = strtotime($row["start_time"]); //converts date time received from MySQL into a string
$datepast = date("m/d/y", $starttimepast);
echo "<div class='tr'>
<div class='td'>".$row["id"]."</div>
<div class='td'>".$row["issue"]."</div>
<div class='td'>".$datepast."</div>
<div class='td'><form action='ticketdetails.php' method='post'>
<input type='hidden' name='id' value='".$row["id"]."'>
<input type='submit' value='Ticket Details'></form>
</div>
</div>";
}
echo "</div>";
echo "<br /><center><a href='myProfile.php'><h4>Go back to my profile</h4></a></center>";
include ('includes/footer.php');
} else {
echo "<br /> <br /><center><h3>Your search <i>'$terms_str'</i> did not match any appointments</h3></center>";
echo "<center><a href='myProfile.php'><h4>Go back to my profile</h4></a></center>";
echo "<br />";
exit;
}
?>
<?php
// clean up resultsets when we're done with them!
$query->close();
// close the connection.
$conn->close();

Perhaps it will help to explicitly group the terms:
$sql = "SELECT * FROM appointments WHERE email = '" . S_SESSION['email'] . "'";
$exprs = array();
foreach ($terms as $term) {
$exprs[] = "(issue LIKE '%$term%' OR id LIKE '%$term%')";
}
if (!empty($exprs)) {
$sql .= ' AND (' . join(' OR ', $exprs) . ')';
}
The result in this case will include records that matched any of the terms.
Note: It would be good to use a DB API like laravel/PDO/mysqli to simplify the query building and properly escape the values.

mysql query not getting values from database on selecting radio buttons

I have searched a long way for the result but still no success on this. I am trying to select radio button and hence showing its result on same page but my query somehow not getting records for the same. It says MySQL "QUERY EMPTY". Please let me know where am I doing wrong. Here is my code for that. A help would be highly appreciated.
PHP
<?php
include 'blocks/headerInc.php' ;
$errmsg = $module_id = $query = $date_from = $date_to = $sql1 = "";
//Search section start here
/*$sqlQuery = "SELECT * FROM tbl_user WHERE type =3 ";
if (isset($_REQUEST['submit'])) {
if (!empty($_REQUEST['date_from'])) {
$date_from = date("Y-m-d", strtotime($_REQUEST['date_from']));
}
if (!empty($_REQUEST['date_to'])) {
$date_to = date("Y-m-d", strtotime($_REQUEST['date_to']));
}
if (!empty($date_to) && empty($date_from)) {
$errmsg = "Please select valid date range.";
}
if (!empty($date_to) && (strtotime($date_from) > strtotime($date_to))) {
$errmsg = "Please select valid date range.";
}
if ($errmsg == '') {
if (!empty($date_to) && (strtotime($date_from) <= strtotime($date_to))) {
$sqlQuery .= " AND created_on BETWEEN '$date_from' AND '$date_to'";
}
$sqlQuery .= " order by id DESC";
}
$date_from = date("m/d/Y", strtotime($date_from));
$date_to = date("m/d/Y", strtotime($date_to));
$date_from = $date_from != '01/01/1970' ? $date_from : '';
$date_to = $date_to != '01/01/1970' ? $date_to : '';*/
if (isset($_POST['users']) && $_POST['users'] == 'approved') {
$sql1 = mysql_query("SELECT * FROM tbl_user WHERE type =3 and status = 1");
//$result = ($sql1);
while ($row = $sql1->fetch_assoc()) {
$users[] = $row;
}
} elseif (isset($_POST['users']) && $_POST['users'] == 'unapproved') {
$sql1 = mysql_query("SELECT * FROM tbl_user WHERE type =3 and status = 0");
//$result = mysql_query($sql1);
while ($row = $sql1->fetch_assoc()) {
$users[] = $row;
}
} elseif (isset($_POST['users']) && $_POST['users'] == 'all') {
$sql1 = mysql_query("SELECT * FROM tbl_user WHERE type =3");
//$result = mysql_query($sql1);
while ($row = $sql1->fetch_assoc()) {
$users[] = $row;
}
}
//}
?>
HTML:
<div class="container pagecontainer">
<!-- Static navbar -->
<div class="row row-offcanvas row-offcanvas-right">
<!--/.col-xs-12.col-sm-9-->
<div class="col-sm-3 col-md-3 sidebar" id="sidebar">
<div id="left_panel" class="clearfix left">
<?php include 'blocks/leftnavInc.php' ; ?>
</div>
</div>
<div class="col-xs-12 col-sm-9 page-right">
<div class="panel panel-primary">
<div class="panel-heading">Search Registered Candidate</div>
<div class="panel-body">
<div class="column col-sm-offset-0">
<?php if($errmsg!="") echo "<div class='error'>".ucwords($errmsg)."</div>"; ?>
<form class="form-horizontal" method="get" action="">
<div class="form-group">
<div class="col-md-6">
<div class="col-md-4">
<label for="username" class="control-label">Date From:</label>
</div>
<div class="col-md-8">
<div class="input-group date">
<input class="form-control datepicker" data-val="true" data-val-date="The field Dob must be a date." data-val-required="The Dob field is required." id="Dob" name="date_from" placeholder="Date From" type="text" value="<?php echo $date_from ; ?>" >
</div>
</div>
</div>
<div class="col-md-6">
<div class="col-md-4">
<label for="username" class="control-label">Date To:</label>
</div>
<div class="col-md-8">
<div class="input-group date">
<input class="form-control datepicker" data-val="true" data-val-date="The field Dob must be a date." data-val-required="The Dob field is required." id="Dob" name="date_to" placeholder="Date To" type="text" value="<?php echo $date_to ; ?>" >
</div>
</div>
</div>
</div>
<div class="form-group">
<div class="col-md-6">
<div class="col-md-8 text-left">
<button type="submit" name="submit" value="submit" class="btn btn-success"><i class="glyphicon glyphicon-floppy-disk"></i> Search</button>
<button type="reset" onClick="javascript:window.location.href='reportRegisteredUsers.php'" class="btn btn-danger"><i class="glyphicon glyphicon-ban-circle"></i> Cancel</button>
</div>
</div>
<div class="col-md-6">
<div class="col-md-4">
<label for="username" class="control-label"> </label>
</div>
<div class="col-md-8 text-right">
</div>
</div>
</div>
</form>
</div>
</div>
</div>
<div class="panel panel-primary">
<div class="panel-heading">Report:Registered Candidate</div>
<div class="panel-body">
<input type="radio" name="users" value="all" checked="checked"> All Candidates<br>
<input type="radio" name="users" value="approved"> Approved Candidates<br>
<input type="radio" name="users" value="unapproved"> Unapproved Candidates<br> </form>
<div class="column col-sm-offset-0">
<table id="example" class="table table-striped table-hover table-bordered dataTableReport dt-responsive nowrap" cellspacing="0" width="100%">
<thead>
<tr>
<th>S.No.</th>
<th>Email ID</th>
<th>SBI Employee ID</th>
<th>Name</th>
<th>Mobile No.</th>
<th>Date of Birth</th>
<th>Registration Date</th>
</tr>
</thead>
<tbody>
<?php
$sqr = $db->query($sql1);
//print_r($sqr);
//$i = 1 ;
//$sq = $db->query($sqlQuery);
$i = 1 ;
if($db->affected_rows > 0)
{
while($row=mysql_fetch_array($sqr))
{
extract($row);
?>
<tr>
<td><?php echo $i ; ?></td>
<td><?php echo $email ; ?></td>
<td><?php echo $employee_id ; ?></td>
<td><?php echo $first_name." ".$middle_name." ".$last_name ; ?></td>
<td><?php echo $mobile ; ?></td>
<td><?php if($dob !='1970-01-01'){echo date("d-m-Y", strtotime($dob)) ; }?></td>
<td><?php echo date("d-m-Y", strtotime($created_on)) ; ?></td>
</tr>
<?php $i++;}} ?>
</tbody>
</table>
</div>
</div>
</div>
<div>
<button type="reset" onClick="javascript:history.go(-1)" class="btn btn-danger"><i class="glyphicon glyphicon-ban-circle"></i> Go Back</button>
</div>
<!--/row-->
</div>
<!--/.sidebar-offcanvas-->
</div>
</div>
<?php include 'blocks/footerInc.php'; ?>

Does this need to be strictly PHP and MySQL? Can we include some JavaScript/jQuery? While this doesn't answer your question directly, I hope it helps.
For your issue, I would detect the change event of your radio field and fire off a quick jQuery $.post to process the selection.
When your JavaScript sends a POST request to your PHP, you would run your PHP logic and return (or echo) the result. This can then be "digested" by your JavaScript. Here is a simple/rough example using jQuery and PHP. Adapt to your needs:
<script>
// # on ready
$(function() {
// # current document - assumes you'll be submitting to self
var self = document.location.href;
// # when changing the user radios
$('input[type=radio][name=users]').change(function() {
// # grab the value of the radio and create a js array to post
var postData = {'users': $(this).val()};
// # post the postData to your PHP
$.post(self, postData).done(function(data, status, xhr) {
// # assumes you're returning JSON data
data = jQuery.parseJSON(data);
// # add your logic here
console.log('POST Response', data);
// # update an element with the returned data or response:
$('#example').before('<div>'+ data +'</div>');
});
});
});
</script>
Regarding your PHP code, as other users have suggested, you're using mysql_ functions that are no longer supported on modern versions of PHP. You're quickest and dirtiest adjustment, without rewriting everything, is to use mysqli_ functions (notice the additional 'i').
You're already listening for the $_POST['users'] parm, so the only addition I would recommend is to actually use that $users[] array. I could get into re-writing the PHP so it makes sense, but here is a quick adjustment to your existing code:
<?php
$users = array();
if(isset($_POST['users']) && $_POST['users'] == 'approved'){
$query = "SELECT * FROM tbl_user WHERE type = 3 AND status = 1";
} else if(isset($_POST['users']) && $_POST['users'] == 'unapproved') {
$query = "SELECT * FROM tbl_user WHERE type =3 and status = 0";
} else if (isset($_POST['users']) && $_POST['users'] == 'all') {
$query = "SELECT * FROM tbl_user WHERE type =3";
}
if ($result = $mysqli->query($query)) {
/* fetch associative array */
while ($row = $result->fetch_assoc()) {
$users[] = $row;
}
// # encode your $row array into JSON and echo for JavaScript
echo json_encode($users);
// # free result set
$result->free();
}
?>
While this isn't a complete solution, I hope it points you in the right direction.
A couple things to note - you'll need to adjust your MySQL connection code if you're to use mysqli_ functions. You'll also need to include jQuery (ideally from CDN) for that JavaScript to work (or you could rewrite it to not use a library like jQuery). This should return the results of your query to your JavaScript. The result should be available as "data" in your js. I've added a console.log so you can view the response in your inspector.
Good Luck!

Adding check in while loop entry

Here in this code I am accepting data as an array and inserting it in the database. As I am using while loop I am having multiple input fields with same name as you can see in the HTML code below. What I want to do is, I want to add a check that if two fields are same then echo error saying two fields cannot be the same else insert the data. I could do it if there were two different input fields for the data like if($field1 == $field2){ echo "Error!"; else insert data. But here the field is only one with is giving multiple fields in a while loop. How can I add this check?
HTML form code:
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<?php while($pro = $priq->fetch()){ extract($pro); ?>
<div class="row tbpad">
<div class="col-sm-3 col-xs-6">
<p><i class="fa fa-caret-right"></i> <?php echo $bk_title; ?></p>
</div>
<div class="col-sm-1 col-xs-1">
<div class="form-group">
<input type="text" class="form-control" name="priority[]" value="<?php echo $pr_priority; ?>">
<input type="hidden" class="form-control" value="<?php echo $bk_id; ?>" name="bkid[]">
</div>
</div>
</div>
<?php } ?>
<input type="submit" class="btn btn-orange" value="Set Priority" name="priority">
</form>
PHP code:
if(isset($_POST['priority'])){
$priority = (!empty($_POST['priority']))?$_POST['priority']:null;
$bkid = (!empty($_POST['bkid']))?$_POST['bkid']:null;
$iNumSets = count($priority);
for($i = 0; $i < $iNumSets; $i++){
$str = "INSERT INTO priorities(pr_book, pr_by, pr_priority)
VALUES('$bkid[$i]', '$sess', '$priority[$i]')";
$res = $PDO->prepare($str);
$res->execute();
if($res){
echo '<script>alert("Priority added successfully!");window.location = "view-order.php";</script>';
}else{
echo '<script>alert("Server Error! Please try back later.");window.location = "add-order.php";</script>';
}
}
}

Since $priority is an array which you get from $_POST['priority'], you could do the following:
$num_original = count($priority);
$num_unique = count(array_unique($priority));
if ($num_original != $num_unique) {
echo "One or more item were idendical!";
}
Also make sure you use mysql_real_escape_string() or similar methods on your $_POST input before you pass it into the SQL query. Otherwise your code is vulnerable to SQL injections!

Paginating my blog doesn't work

I'm trying to make a paginating blog using PHP, HTML, and MySQL. I wrote the code but for some reason the webpage shows up blank. What's wrong with my code? Chrome's console returns a 500 internal server error.
<div id="article">
<?php
include 'php/mysql_connect.php';
if(empty($_GET)){
$current_id = SELECT max(id) FROM posts;
}
else{
$current_id = mysql_safe_string($_GET['id']);
}
$result = mysql_safe_query('SELECT * FROM posts WHERE id=%s LIMIT 1',$current_id);
if(!mysql_num_rows($result)){
echo '<h2>No Posts Found</h2>';
exit;
}
$row = mysql_fetch_assoc($result)
echo '<h2>'.$row['title'].'</h2>';
echo '<div class="row">';
echo ' <div class="group1 col-sm-6 col-md-6">';
echo ' <span class="glyphicon glyphicon-pencil"></span><a data-toggle="collapse" data-target="#comments" class"collapsed">'.$row['num_comments'].' Comments </a>';
echo ' <span class="glyphicon glyphicon-time"></span>'.date('F j<\s\up>S</\s\up>, Y', $row['date']);
echo ' </div>';
echo '</div>';
echo '<br />';
echo '<p class="lead">'.n12br($row['body']).'</p>';
?>
<div id="comments" class="collapse" >
<div class="well">
<h4>Leave a comment</h4>
<?php echo '<form role="form" method="post" action="php/comment_add.php?id=($current_id)" class="clearfix">'; ?>
<div class="col-md-6 form-group">
<label class="sr-only" for="name">Name</label>
<input type="text" class="form-control" id="name" placeholder="Name" required />
</div>
<div class="col-md-6 form-group">
<label class="sr-only" for="email">Email</label>
<input type="email" class="form-control" id="email" placeholder="Email" required />
</div>
<div class="col-md-12 form-group">
<label class="sr-only" for="content">Comment</label>
<textarea class="form-control" id="content" placeholder="Comment" required></textarea>
</div>
<div class="col-md-12 form-group text-right">
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</form>
</div>
<br>
<?php
$result = mysql_safe_query('SELECT * FROM comments WHERE post_id=%s ORDER BY date ASC',$current_id);
echo ' <ul id="comments" class="comments">';
while($row = mysql_fetch_assoc($result)){
echo ' <li class="comment">';
echo ' <div id="inline" ><h4 style="display:inline;">'.$row['name'].'</h1><sup><p style="display:inline; font-size:10px;"> '.date('j-M-Y g:ia', $row['date']).'</p></sup></div>';
echo ' <em>'.n12br($row['content']).'</em>';
echo ' </li>';
echo ' </ul>';
}
?>
<hr>
</div>
</div>
<nav>
<ul class="pager">
<?php
$newer_id = IFNULL(mysql_safe_query('SELECT min(id) FROM posts WHERE id > $current_id ORDER BY id ASC LIMIT 1'),-1);
$older_id = IFNULL (mysql_safe_query('SELECT max(id) FROM posts WHERE id < $current_id ORDER BY id ASC LIMIT 1'),-1);
if($newer_id != -1){
echo '<li>Newer</li>';
}
if ($older_id != -1){
echo '<li>Older</li>';
}
?>
</ul>
</nav>
This is php/mysql_connect.php, which is supposed to prevent sql injection (i got this from a tutorial):
<?php
// mysql.php
function mysql_safe_string($value) {
$value = trim($value);
if(empty($value)) return 'NULL';
elseif(is_numeric($value)) return $value;
else return "'".mysql_real_escape_string($value)."'";
}
function mysql_safe_query($query) {
$args = array_slice(func_get_args(),1);
$args = array_map('mysql_safe_string',$args);
return mysql_query(vsprintf($query,$args));
}
function redirect($uri) {
header('location:'.$uri);
exit;
}
mysql_connect('localhost','(username)','(password)');
mysql_select_db('(database)');
From the logs I locate the failure which is:
Syntax error, unexpected 'max' (T_STRING) on line 6 (if(empty($_GET)){$current_id = SELECT max(id) FROM posts})

As other pointed out (and it should be immediately clear by the syntax error you are facing), your $current_id query is not being quoted. A good beginning is to fix the first block as such:
if(empty($_GET)) {
$current_id = "SELECT max(id) FROM posts;";
} else {
$current_id = mysql_safe_string($_GET['id']);
}

if(empty($_GET)){
$current_id = SELECT max(id) FROM posts;
}
no quotes around the sql is a mistake.

If your file is myfile.html and you don't have permission for embedded PHP it will not execute on the server.

ECHO specific row from specific column

Here is my situation:
I am building a multi language page where my language come out of MYSQL through a PDO statement. The language is selected through an ID inside my link.
For Example:
<div class="country"><a class="darkbrowntext" href="log?id=11111">
<div class="language"><p>Nederlands</p></div>
<div class="countryflag"><img src="images/Dutch.gif" width="220" height="145" alt="dutch"></div>
</a></div>
<div class="country"><a class="darkbrowntext" href="log?id=11112">
<div class="language"><p>English</p></div>
<div class="countryflag"><img src="images/english.gif" width="220" height="145" alt="french"></div>
</a></div>
On my log page i have the following code:
$languageid = (int) $_GET['id'];
if(isset($languageid)){
$_SESSION['languageid'] = $languageid;
}
else {
header('Location: error');
}
require('incl/connect.inc.php');
if(isset($languageid) && ($languageid == 11111)){
$column = 'language_nl';
}
elseif(isset($languageid) && ($languageid == 11112)){
$column = 'language_en';
}
$languagestmt = $db->prepare ("SELECT $column FROM attrib_language");
$languagestmt->execute();
$lrow = $languagestmt->fetch(PDO::FETCH_ASSOC);
If a have this table in my MYSQL:
ID language_nl language_en
1 Aanmelden Sign in
2 Afmelden Sign out
3 Naam Name
4 Voornaam First name
How will I be able to select the right thing in my array of my column to put it into the right labels see below. Do I have to work with foreach or do I have to change my fetch?
<div class="logtxt"><h3><?php echo $lrow['***********']; ?></h3></div>
<div class="logtxt"><h3><?php echo $lrow['***********']; ?></h3></div>
<label for="name" class="labelname"><?php echo $lrow['***********']; ?></label><input type="text" name="name" id="name" class="inputname" onclick="fncCheck();"/>
<label for="firstname" class="labelfirstname"><?php echo $lrow['***********']; ?></label><input type="text" name="firstname" id="firstname" class="inputfirstname" onclick="fncCheck();"/>

$languagestmt = $db->prepare ("SELECT ID,$column FROM attrib_language");
$lrow = $languagestmt->fetchAll(PDO::FETCH_COLUMN || PDO::FETCH_GROUP, 0);
<?php echo $lrow[1]; ?>
or
$languagestmt = $db->prepare ("SELECT language_en,$column FROM attrib_language");
$lrow = $languagestmt->fetchAll(PDO::FETCH_COLUMN || PDO::FETCH_GROUP, 0);
<?php echo $lrow['Sign In']; ?>
Whichever you prefer.

$res = $db->prepare ("SELECT a,b,c FROM my_table");
$res->execute();
while($row = $res->fetch(PDO::FETCH_ASSOC){
echo $row['a'] . $row['b'],$row['c'];
}
Notice the $row is an associative array where the members are the column names.

I suggest you print_r($lrow); or var_dump($lrow); to see your results in what shape or form. Also to have a cleaner view, echo "<pre>"; before it.

PDO::FETCH_ASSOC: returns an array indexed by column name as returned in your result set
So it should be:
<div class="logtxt"><h3><?php echo $lrow[$column][1]; ?></h3></div>
<div class="logtxt"><h3><?php echo $lrow[$column][2]; ?></h3></div>
<label for="name" class="labelname"><?php echo $lrow[$column][3]; ?></label><input type="text" name="name" id="name" class="inputname" onclick="fncCheck();"/>
<label for="firstname" class="labelfirstname"><?php echo $lrow[$column][4]; ?></label><input type="text" name="firstname" id="firstname" class="inputfirstname" onclick="fncCheck();"/>
However, if I were you I would store each of the translations in a different file (utf-8 encoded) instead of a database.