So i been trying this for a week, which is the value inside the table is missing after i select submit button for the date
So when enter the this page it will display
'SELECT * FROM attendance WHERE lect_id = 'CS0198289' AND dateofupdate LIKE '%0%' AND codeofsubject = 'CSNB214' ORDER BY studname ASC'
which is it will display my lect_id, dateofupdate=0, and the code of subject. When I select the submit(SELECT) button which is to date it will become
'SELECT * FROM attendance WHERE lect_id = 'CS0198289' AND dateofupdate LIKE '%2019-01-23%' AND codeofsubject = '' ORDER BY studname ASC'
so can anyone help me? much appreciate
<?php
$connect = mysqli_connect ("localhost","root","","ubas")
or die("Cannot connect to server".mysqli_error($connect));
if (!isset($_POST['dates'])){
$_POST['dates']=0;
}
$id = #$_POST["lect_id"];
$codeofsubject = #$_POST['code'];
$display = "SELECT * FROM attendance WHERE lect_id = '$_SESSION[id]' AND dateofupdate LIKE '%".$_POST['dates']."%'
AND codeofsubject = '$codeofsubject' ORDER BY studname ASC";
echo $display;
$result = mysqli_query ($connect,$display)
or die ("Cannot view due to".mysqi_error($connect));
echo"<form role='form' method='post'>
<div class='form-group'>
<label>Date</label>
<input style='width:180px; display:inline' class='form-control' type='date' name='dates' id='dates'>
<button type='submit' style='display:inline' name='select'>Select</button>
</div>
</form>";
echo"
<form method = post action = updateattend.php>
<table width='100%' class='table table-striped table-bordered table-hover' id='dataTables-example'>
<thead>
<tr>
<th><center>Date</center></th>
<th><center>Student Name</center></th>
<th><center>Student ID</center></th>
<th><center>View</center></th>
<th><center>Attend Status</center></th>
</tr>
</thead>";
while($row = mysqli_fetch_array($result,MYSQLI_NUM))
{
$attendid = $row [0];
$studname = $row [1];
$studid = $row [2];
$lect_id = $row [3];
$codeofsubject = $row [4];
$date = $row [5];
$dateofenroll = $row [6];
$attendstatus = $row [7];
echo"<tbody>
<tr>
<td><center>$date</center></td>
<td><center>$studname</center></td>
<td><center>$studid</center></td>
<td align = center>
<a class ='btn-warning btn' href ='updatestud.php?id=".$row['2']."'>VIEW</a>
</td>";
echo"
<td align = center>
<select class = 'form-control' name = 'attendstatus[]'>
<option value='$attendstatus' selected>$attendstatus</option>";
if($attendstatus =="Attend")
{
echo "<option value='Not Attending'>Not Attending</option>
<option value='Not Attending with Reason'>Not Attending with Reason</option>";
}
elseif ($attendstatus =="Not Attending") {
echo"<option value='Attend'>Attend</option>
<option value='Not Attending with Reason'>Not Attending with Reason</option>";
}
else{
echo"<option value='Attend'>Attend</option>
<option value='Not Attending'>Not Attending</option>";
}
echo"</select>
</td>
</tr>
</tbody>";
}
?>
</table>
There is no limit of AND operator in SQL statement. You can use as many ANDs as you need but your logic should be correct in the sense of SQL statement.
For Example
SELECT something FROM something WHERE something=something AND something=something AND something=something AND something=something;
So, the part something=something becomes a separate logical statement that is separately evaluated from other something=something statements based on the AND operator. But keep in mind that the whole statement above is a single statement.
Related
Here is my code. I have to print the whole state name in one column. if any value is there it should print some value in front of that state name otherwise it should print null or zero or empty in front of that state.. state is one table and asset_stage1 is another table. All state name should display on the selection of the date. attaching my current screenshot also. I have to match with state code if state code is there in the state and same state code value is present in asset stage1 it should display value otherwise it should display null
<div class="container">
<form action="<?php $_PHP_SELF ?>" method="POST">
<input type="date" name="timestamp" class="btn" placeholder="Enter date"/>
<input type="submit" name="search" class="btn" value="Search by date">
</form>
<table>
<tr>
<th>Date</th>
<th>State Name</th>
<th>Asset Download Stage1</th>
<th>Asset Download Stage2</th>
<br>
<?php
ini_set("display_errors","Off");
$pgcon = pg_connect("dbname=nrega host=localhost port=5432 user= postgres");
if(isset($_POST['search']))
{
$timestamp = $_POST['timestamp'];
//Stage 1
$query1 = " select count(*) as stage1, a.state_code,b.state_name,
timestamp::date from asset_stage1 a,states b where timestamp::date >= '$timestamp' and
a.state_code not in ('06') and a.state_code=b.state_code group by 2,3,4 order by b.state_name
";
//Stage 2
$query2 = "select count(*) as stage2, a.state_code,b.state_name, timestamp::date from asset_stage2 a,
states b where timestamp::date >= '$timestamp' and
a.state_code not in ('06') and a.state_code=b.state_code group by 2,3,4 order by b.state_name
";
// state_code
$query4 = "select distinct state_name, state_code from states order by state_name";
$result4 = pg_query($pgcon,$query4);
$m=0;
global $state_code;
while($row = pg_fetch_array($result4))
{
$state_name[$m]=$row ['state_name'];
$state_code[$m]= $row ['state_code'];
$m++;
}
$result = pg_query($pgcon,$query1);
$i=0;
while($row = pg_fetch_array($result))
{
if($state_code[$i] == $row['state_code'])
{
//echo $row['state_code'];
$stage1_count[$i]=$row ['stage1'];
}
else
{
$stage1_count[$i]=0;
}
$date_store[$i]=$row ['timestamp'];
$i++;
}
$result2 = pg_query($pgcon,$query2);
$j=0;
while($row = pg_fetch_array($result2))
{
if($state_code[$j] == $row['state_code']){
$stage2_count[$j]=$row ['stage2'];
}
else
{
$stage2_count[$j]= 0;
}
//$stage2_count[$j]=$row ['stage2'];
$j++;
}
$len= sizeof($state_name);
for($i=0;$i<=33;$i++)
{
?>
<tr>
<td><?php echo $timestamp;?></td>
<td><?php echo $state_name[$i];?></td>
<td><?php echo $stage1_count[$i];?></td>
<td><?php echo $stage2_count[$i];?></td>
</tr>
<?php
}
}
?>
</table></div>
For table asset_stage1:
SELECT state_name, count(*) FROM states, asset_stage1 WHERE states.state_code=asset_stage1.state_code GROUP BY state_name;
For table asset_stage2:
SELECT state_name, count(*) FROM states, asset_stage2 WHERE states.state_code=asset_stage2.state_code GROUP BY state_name;
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
I'm a new in PHP coding and this is one assignment that I have to do.
I have included DB Connect already in the file but these are codes I use in this assignment which is able to edit the job advertisement data.
This is advertisement table file.
$result = mysql_query("SELECT * FROM advertisement");
<TABLE border ='1'>
<table style="width:100%">
<tr>
<th>Advertisement ID</th>
<th>Position</th>
<th>Start Date</th>
<th>End Date</th>
<th></th>
<th></th>
</tr>
<?php
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){
echo "<TR>";
echo "<TD>".$row['Ad_ID']."</TD>";
echo "<TD>".$row['Position_Name']."</TD>";
echo "<TD>".$row['Start_date']."</TD>";
echo "<TD>".$row['End_date']."</TD>";
echo "<TD><a href='edit-advertisement.php?ad_id=".$row['Ad_ID']."'>Edit</a></TD>";
echo "<TD><a href='delete-advertisement.php?ad_id=".$row['Ad_ID']."'>Delete</a></TD>";
echo "</TR>";
}
?>
And this is edit-advertisement.php file.
$result = mysql_query("SELECT * FROM advertisement WHERE Ad_ID='".$_REQUEST['ad_id']."'");
$row = mysql_fetch_array($result, MYSQL_ASSOC);
<form name = 'edit-advertise-form' method = 'POST' action = 'confirm-edit-adv.php'>
<br >
<input type='hidden' name='ad_id' value='<?=$row['Ad_ID']?>'>
Advertisement ID : <?=$row['Ad_ID']?><br><br />
Position to be recruited : <input type = "Textbox" Name = "Pos_Name" value = '<?=$row['Position_Name']?>'><br><br>
Job Description: <br ><br /> <textarea name="Job_Des" rows="5" cols="40" value = '<?=$row['Ad_Job_Description']?>'> </textarea><br><br>
Job Qualification: <br ><br /> <textarea name="Job_Quali" rows="5" cols="40" value = '<?=$row['Ad_Job_Qualification']?>'> </textarea><br><br>
Skill required: <br ><br /> <textarea name="Skill_Req" rows="5" cols="40"value = '<?=$row['Ad_Skill_Required']?>'> </textarea><br><br>
Salary offer: <input type = "Textbox" Name = "Salary" value = '<?=$row['Position_Salary_Detail']?>'><br><br>
Start date :
<SELECT name='s_day'>
<?php
$i = 1 ;
while($i<=31) {
?>
<OPTION value = '<?php echo $i;?>' > <?php echo $i;?> </OPTION>
<?php $i++; }
?>
</SELECT>
<SELECT name='s_month' >
<?php
$month = array( 1=> JANUARY,FEBRUARY,MARCH,APRIL,MAY,JUNE,JULY,AUGUST,SEPTEMBER,OCTOBER,NOVEMBER,DECEMBER);
$i = 1;
foreach ($month as $m){
?>
<OPTION value = '<?php echo $i;?>' > <?php echo $m;?> </OPTION>
<?php
$i++;}
?>
</SELECT>
<SELECT name = 's_year'>
<?php
$curYear = getdate();
for($year = 2016 ; $year <= $curYear['year']; $year++){
?>
<OPTION value = '<?php echo $year;?>'> <?php echo $year;?> </OPTION>
<?php
}
?>
</SELECT>
End date -> Same as Start date
<input type = 'Submit' name = 'edit-adv' value = 'Update'><br><br>
<button onclick="goBack()">Back</button>
</form>
And finally the update function page
$ad_id = $_POST["ad_id"];
$pos_name = $_POST["Pos_Name"];
$job_des = $_POST["Job_Des"];
$job_qua = $_POST["Job_Quali"];
$skill_req = $_POST["Skill_Req"];
$salary = $_POST["Salary"];
$s_date = $_POST["s_year"].'/'.$_POST["s_month"].'/'.$_POST["s_day"];
$e_date = $_POST["e_year"].'/'.$_POST["e_month"].'/'.$_POST["e_day"];
$sql = ("UPDATE advertisement SET Position_Name = '".$pos_name."',
Ad_Job_Description = '".$job_des."', Ad_Job_Qualification =
'".$job_qua."', Ad_Skill_Required = '".$skill_req."',
Position_Salary_Detail = '".$salary."', Start_date = '".$s_date."',
End_date = '".$e_date."' WHERE Ad_ID = '".$ad_id."'");
Which I have no idea what is wrong in $sql line or what.
I tried to echo $sql and nothing is there so it means that no value in $sql right?
How to solve this problem?
Thank you in advance !!!
Ps. sorry for a long code post
in new version
Connection
$con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWD);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysqli_select_db($con, DB_NAME) or die('Could not select database.' . mysql_error());
and then like this update your db table
$qr = mysqli_query($con, "UPDATE advertisement SET Position_Name= '$pos_name',Ad_Job_Description= '$job_des' WHERE Ad_ID= '$ad_id' ");
Trying to get the results from the Mysql to show up on the web page.
The process is that the user would select a make of a car and then it will show just that make in a table.
I've been trying different things but I cant seem to get it to show the results. As soon as I get rid of the WHERE statement in the sql query it shows all the cars/makes. I think the problem is in the sql statement or the if.
This is what I've got so far.
<HTML >
<head>
<title>Inventory</title>
</head>
<body>
<form method="get" action="TaskC.php">
Please select a make:
<select name = "make" >
<option value = "All">All</option>
<option value = "Toyota">Toyota</option>
<option value = "Holden">Holden</option>
<option value = "Ford">Ford</option>
<option value = "Nissan">Nissan</option>
</select> <br/>
<br/>
<input type="submit" value="Search" name="Search" />
<table width="600" border="1" cellpadding="1" cellspacing="1">
<tr>
<th>Make</th>
<th>Model</th>
<th>Price</th>
<th>Quantity</th>
<tr>
</form>
<?php
//error_reporting (E_ALL ^ E_NOTICE);
$dbConnect = mysqli_connect('xxxxxxxxx', 'xxxxxxxxx','xxxxxxxx')
or die("<p>The database server is not available.</p>");
$dbSelect = mysqli_select_db( $dbConnect,'xxxxxxxx_db' )
or die("<p>The database is not available.</p>");
$make = $_GET['make'];
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
$result = mysqli_query($dbConnect,$sqli);
if (isset($_GET['make']) )
{
while ($inventory = mysqli_fetch_assoc($result) )
{
echo "<tr>";
echo "<td>".$inventory['make']."</td>";
echo "<td>".$inventory['model']."</td>";
echo "<td>".$inventory['price']."</td>";
echo "<td>".$inventory['quantity']."</td>";
echo "</tr>";
}
}
mysqli_close($dbConnect);
?>
</body>
</HTML>
Hope you can help.
Thanks
There is an error in the query. It should be -
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
Edit
if (isset($_GET['make']) ){
$make = $_GET['make'];
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
$result = mysqli_query($dbConnect,$sqli);
while ($inventory = mysqli_fetch_assoc($result) )
{
echo "<tr>";
echo "<td>".$inventory['make']."</td>";
echo "<td>".$inventory['model']."</td>";
echo "<td>".$inventory['price']."</td>";
echo "<td>".$inventory['quantity']."</td>";
echo "</tr>";
}
}
I have the following code that doesn't work. It doesn't work because it will do a query
WHERE column = ' * ', instead of WHERE column = *
I tried to think of a way to get it so it will do WHERE variable = 'var' if a variable is posted in the form and WHERE column = * if not posted, but I can't think of a way, and everything I tried is hacky or not working.
if(isset($_POST['variable'])){
$variable=$_POST['variable'];
}
else{$variable='*';}
$sql="SELECT * FROM table WHERE column = '$variable'";
EDIT, Here is the actual code:
<form method='post' action='policy.php?go'>
<input type='radio' name='gen' value='M'>Male
<input type='radio' name='gen' value='F'>Female
<select name='state'>
<option value='AK'>AK</option>
<option value='WY'>WY</option>
</select>
<input type='radio' name='logic' value='>'>Older Than
<input type='radio' name='logic' value='<'>Younger Than
<select name='age'>
<option value='5'>5</option>
<option value='11'>11</option>
<option value='17'>17</option>
<option value='65'>65</option>
</select>
<input type='submit' name='submit' value='Search'>
</form>
<?php
if(isset($_GET['go']) && isset($_POST['submit'])){
if(isset($_POST['state'])){
$state="'".mysql_real_escape_string( $_POST['state'] )."'";
}
else{ $state='*';}
if(isset($_POST['age'])){
$age=$_POST['age'];
//append to query string
}
if(isset($_POST['logic'])){
$log=$_POST['logic'];
//append to query string
}
else{$log='';}
if(isset($_POST['gen'])){
$gen="'".mysql_real_escape_string( $_POST['gen'] )."'";
}
else {$gen='*';}
echo "<table id='hor-minimalist-b' summary='Employee Pay Sheet' class='tablesorter'>
<caption>Age: ".$log." ".$age." Gender: ".$gen." </caption>
<thead>
<tr>
<th scope='col'>State</th>
<th scope='col'>Number</th>
</tr>
</thead>
<tbody>";
// (WHY IS THIS NOT WORKING?)
$sql = "SELECT SUM(num) AS sum, state,gen,age FROM `policy-ssi`
WHERE age $log $age AND gen = $gen
GROUP BY state
ORDER BY sum DESC";
$result = mysql_query($sql);
while ($row = mysql_fetch_assoc($result)) {
In MySQL, the wildcard character for strings is % rather than *. In order to match the field regardless of what's in it, change else {$gen='*';} to else {$gen='\"%\"';}
Also, in order to use the wildcard, your query should become
$sql = "SELECT SUM(num) AS sum, state,gen,age FROM `policy-ssi`
WHERE age $log $age AND gen LIKE $gen
GROUP BY state
ORDER BY sum DESC";
How can i start it? I know that i need to make an mysql query, but how to transform data, in options in the dropdown list. And remember, it's inside a form, to send the result from a MySQL table.
(EDIT)
I am working inside a printf That is what i want:
<?php ob_start();
include('/../../config.php');
if(isset($_POST['edit_id']) && !empty($_POST['edit_id'])) {
$edit_id = mysql_real_escape_string($_POST['edit_id']);
$result = mysql_query("SELECT username, password, nome, cidade, pais, base, isactive, admin, dov, checador, dinheiro, email, datanascimento, profissao, idivao, idvatsim, horas, rank FROM acars_users WHERE `id`='".$edit_id."'");
$resultdl = mysql_query("SELECT * FROM acars_hubs");
$data = mysql_fetch_array($result);
$dl = mysql_fetch_array($resultdl);
printf("<div align=\"center\">
<br><form method=\"post\" action=\"editar2.php\">
<p><font size=\"2\" face=\"Segoe UI, Arial, Helvetica, sans-serif\" align=\"center\">Modifique os campos que deseja para <strong>editar este membro.</font><br>
<br>
<table width=\"700\" border=\"0\" align=\"center\" >
<tr>
<td>Base Operacional:</td>
<td><label for=\"hub\"></label>
<select name=\"hub\">
<option>".$dl['name']."</option>
</select>
</td>
</td>
</tr>
</table></br></br>
<input name=\"edit_id\" value=\"$edit_id\" type=\"hidden\">
<input type=\"image\" src=\"img/Editar.PNG\" width='85' height='30'></form>
</form>
</table>
</div>
");
while ($data = mysql_fetch_array($result));
while ($dl = mysql_fetch_array($resultdl));
ob_end_flush();
?>
Do you mean something like this?
<select>
<?php while($row = mysql_query("SELECT * FROM table")){ ?>
<option><?=$row['column']; ?></option>
<?php } ?>
</select>
I've discovered the problem. My first $dl = mysql_fetch_array($resultdl, MYSQL_ASSOC); pulls the first row from the table. When I start while loop the mysql_fetch_array picks up with the next row. So, the solution is remove the first call. This is the final code:
<?php
include('../../../../../config.php');
if(isset($_POST['edit_id']) && !empty($_POST['edit_id'])) {
$edit_id = mysql_real_escape_string($_POST['edit_id']);
$result = mysql_query("SELECT * FROM acars_users WHERE `id`='".$edit_id."'");
$data = mysql_fetch_array($result);
$resultdl = mysql_query("SELECT * FROM acars_hubs");
printf("<div align=\"center\">
<form method=\"post\" action=\"actions/actions_editar.php\">
");
while ($dl = mysql_fetch_array($resultdl, MYSQL_ASSOC)){
printf("
<option value=".$dl["id"].">".$dl["name"]."</option>;
");
}
printf("
<input name=\"edit_id\" value=\"$edit_id\" type=\"hidden\">
<input type=\"image\" src=\"../../images/botao_editar.PNG\" width='85' height='30'></form>
");
?>