I'm trying to make an simple search engine, and the results are displayed fine as it is now. The only problem I have is I want it to be a little more presentable.
This is the code as it stands (I also have a another .php where it gets the searchval, searchfunction and jQuery)
<?php
mysql_connect ("localhost","root","xxxxxxx") or die ("Connectionissues");
mysql_select_db ("xxxxxxxx") or die("Can't find database");
$output = '';
if(isset($_POST['searchVal'])) {
$searchq = $_POST['searchVal'];
$searchq = preg_replace ("#^0-9a-z#^1"," ",$searchq);
$query = mysql_query("SELECT * FROM ds_OrderItem WHERE idProduct LIKE
'%$searchq%'") or die("Search incomplete!");
$count = mysql_num_rows ($query);
if($count == 0){
$output = 'Order have never been made before';
}else{
while($row = mysql_fetch_array($query)) {
$idproduct = $row['idProduct'];
$idorder = $row['idOrder'];
$title = $row['title'];
$qty = $row['qty'];
$output .= '<div> '.$idproduct.' '.$idorder.' '.$title.' '.$qty.'
</div>';
}
if($_POST['searchVal'] == NULL) {
$output = "";
}
}
}
echo ($output);
?>
To limit the searchresults I tried to make an if statement before the when statement like this:
if($count = <100){
$output = 'Too many results!';
And for the table I have tried various methods, and I always end up making the simple HTML table, but I cant get the search results to post within the four columns.
1st of all, you should really consider using PPS : Prepared Parameterized Statements. This will help Preventing SQL injection
if you want to limit and order, use the query, therefore, MySQL : LIMIT Query Optimization is useful.
For what you ask, use something like :
<?php
-> SELECT * FROM ds_OrderItem WHERE idProduct LIKE '%$searchq%' ORDER BY title ASC, quantity DESC LIMIT 20
// THIS IS NOT SAFE as you trust user data !!!
// then you have 20 results already ordered
// here, I used title alphabetical order + the most avalaible quantity, but you adapt it...
if ($result_of_num_rows > 0) { /* we have results */
echo"<table>"; // only raw, use a nicely formatted html output :)
while($row = mysql_fetch_array($query)) {
$idproduct = $row['idProduct'];
$idorder = $row['idOrder'];
$title = $row['title'];
$qty = $row['qty'];
echo"<tr>
<td> $idorder </td>
<td> $idproduct </td>
<td> $title </td>
<td> $qty </td>
</tr>";
}
echo"</table>";
}
else { echo"nothing yet !"; }
?>
much better would be making use of 'new' standard choosing an API and you have an example below that (I hope) will help you choose a new path :)
<?php
error_reporting(E_ALL); ini_set('display_errors', 1); /* PHP will help us */
/* connexion to db */
$mysqli = mysqli_connect("$host", "$user", "$pwd", "$db");
if (mysqli_connect_errno()) { echo "Error connecting to DB : " . mysqli_connect_error($mysqli); }
$param = "%{$_POST['searchq']}%";
$query = " SELECT idProduct, idOrder, title, qty FROM ds_OrderItem WHERE idProduct LIKE ? ORDER BY title ASC, quantity DESC LIMIT 20 ";
$stmt = $mysqli->prepare($query); /* prepare query */
$stmt->bind_param("s", $param); /* bind param wil sanitize */
print_r($stmt->error_list); /* check for error -> can be removed later */
print_r($stmt->get_warnings()); /* check for error -> can be removed later */
print_r($stmt->error); /* check for error -> can be removed later */
$results = $stmt->execute(); /* execute query */
$stmt->bind_result($idProduct, $idOrder, $title, $qty); /* bounded results */
$stmt->store_result();
if ($stmt->num_rows > 0) { /* we have results */
echo"<table>"; // start table
while($stmt->fetch()){ /* loop through results */
echo"<tr>
<td> $idOrder </td>
<td> $idProduct </td>
<td> $title </td>
<td> $qty </td>
</tr>";
}
echo"</table>";
}
else
{ echo"[ no data ]"; }
?>
Your possible solution is below and you can count variable and put condition in loop before closing while
<table>
<?php while($row = mysql_fetch_array($query)) {
$idproduct = $row['idProduct'];
$idorder = $row['idOrder'];
$title = $row['title'];
$qty = $row['qty'];
?>
<tr>
<td><?php echo $idproduct; ?></td>
<td><?php echo $idorder; ?></td>
<td><?php echo $title; ?></td>
<td><?php echo $qty; ?></td>
</tr>
<?php } ?>
</table>
Related
I don't know why it doesn't show up anything, I already tested my query and it is working in my phpmyadmin, but in my php code it does not work upon adding the AS keyword. My goal for this is to place a value to a variable coming from the SUM() keyword.
<?php
require_once "user-connect.php";
$user = $_SESSION['id'];
$sql = "SELECT SUM(total) AS sumz FROM cart WHERE userID = $user AND month(orderDate) = month(now()) AND day(orderDate) = day(now())";
$result = $link->query($sql);
if ($result->num_rows > 0) {
$row = $result->fetch_assoc();
echo $row['sumz'];
}
if (mysqli_query($link, $sql)) {
} else {
echo "Error: " . $sql . "" . mysqli_error($link);
} ?>
<table cellspacing="0">
<tbody>
<tr class="cart-subtotal">
<th>Cart Subtotal</th>
<td><span class="amount"><?php echo $row['sumz']; ?></span></td>
</tr>
You can use:
$sql = "SELECT SUM(total) FROM cart WHERE..."
And in HTML:
<td><span class="amount"><?php echo $row['SUM(total)']; ?></span></td>
Take a look at PHP fetch assoc guide.
while ($row = $result->fetch_assoc()) {
echo $row['sumz'];
}
An example of getting the SUM value
<?php
$sql="SELECT sum(amount) as total FROM table";
$result = mysqli_query($sql);
while ($row = mysqli_fetch_assoc($result)) {
echo $row['total'];
}
mysqli_close($con);
?>
I created a table which is updated through a form and each row gets assigned a specific number.
When viewing this table, I want to click on that assigned number and get a page where all the details of that row are displayed.
If I do $sql = "SELECT * FROM clients WHERE nif_id='114522';"; - where the nif_id is the assigned number - I get the values for that number, but I need it to change with every number in the table.
Any ideas?
UPDATE
This is the table code:
<div class="card card-body">
<table class="table">
<thead>
<tr>
<th>NIF</th>
<th>Nome</th>
<th>Apelido</th>
<th>Telemóvel</th>
<th>E-mail</th>
</tr>
</thead>
<tbody>
<?php
include_once '../includes/db.inc.php';
$sql = "SELECT * FROM clients ORDER BY nif_id ASC;";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$first = $row["prm_nome"];
$last = $row["apelido"];
$phone = $row['nmr_tlm'];
$email = $row['mail'];
$nif = $row['nif_id'];
echo '<tr>';
echo '<td>'.$nif.'</td>';
echo '<td>'.$first.'</td>';
echo '<td>'.$last.'</td>';
echo '<td>'.$phone.'</td>';
echo '<td>'.$email.'</td>';
echo '</tr>';
}
}
?>
</tbody>
</table>
</div>
You can use the get request parameters.
ex: www.myapp.com/table?id=3920393
add functionality in your PHP file as follows
if(isset($_GET["id"])){
$id = $_GET["id"];
$sql = "SELECT * FROM clients WHERE nif_id='".$id."';";
//make db call & display HTML
}
This is a very simple implementation and does not implement any security or SQL injection security. This was more of a conceptual answer as to how you can tackle your problem.
This is quite a common scenario for web-based systems.
<div class="card card-body">
<table class="table">
<thead>
<tr>
<th>NIF</th>
<th>Nome</th>
<th>Apelido</th>
<th>Telemóvel</th>
<th>E-mail</th>
</tr>
</thead>
<tbody>
<?php
include_once '../includes/db.inc.php';
$sql = "SELECT * FROM clients ORDER BY nif_id ASC;";
$result = mysqli_query($conn, $sql);
$resultCheck = mysqli_num_rows($result);
if ($resultCheck > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$first = $row["prm_nome"];
$last = $row["apelido"];
$phone = $row['nmr_tlm'];
$email = $row['mail'];
$nif = $row['nif_id'];
echo '<tr>';
echo '<td>'.$nif.'</td>';
echo '<td>'.$first.'</td>';
echo '<td>'.$last.'</td>';
echo '<td>'.$phone.'</td>';
echo '<td>'.$email.'</td>';
echo '</tr>';
}
}
?>
</tbody>
</table>
</div>
where the detail.php is another page to query specific details regarding the query nifid.
As a reminder, if the data type of the column is INT, there is no need to use single quotes to surround the value in the SQL statement.
Sample detail.php:
<?php
if(!isset($_GET['nifid']) || (int)$_GET['nifid'] <= 0) {
// Invalid or missing NIFID
header('Location: table.php');
}
include_once '../includes/db.inc.php';
$id = (int)$_GET['nifid'];
$sql = "SELECT * FROM clients WHERE nif_id=$id";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
// TODO: display the result in whatever way you like
?>
Hello my first question here, I have a bad of trouble getting this code to work or better said how to proceed.
I have 2 tables, table 1 holds a string separated by commas, after exploding the array I want to compare the strings to another table that holds product prices related to the string.
<?php
function packages()
{
global $db;
$query = "SELECT * FROM product_package WHERE package_id > 1; ";
$result = mysqli_query($db, $query) or die('<h3>Query failed</h3>');
$rowcount = mysqli_num_rows($result);
if ($rowcount < 1)
{
return;
}
else
{
while ($row = mysqli_fetch_array($result))
{
$singles = explode(',', $row["product_ids"]);
$query2 = "SELECT product_price FROM products WHERE product_id = $single; ";
$result2 = mysqli_query($db, $query2);
?>
<tr>
<td><?php echo $row["package_id"] ?></td>
<td><?php echo $row["package_name"] ?></td>
<td><?php echo $row["product_ids"] ?></td>
<td>
EDIT
</td>
<td>
<?php
foreach($singles as $single)
{
echo $single . '<br />';
}
?>
</td>
</tr>
<?php
}
}
}
?>
How do I echo the prices that are overlapping with $single?
I would like to have the freedom to place a row entry from my database wherever i' prefer in the page. Right now, the php code that I use is as follows (it is clean working code):
<html><head></head>
<body>
<?php
$db = mysql_connect("xxx","xxx","xxx") or die("Database Error");
mysql_select_db("caisafety",$db);
$id = $_GET['id'];
$id = mysql_real_escape_string($id);
$query = "SELECT * FROM `cert_rr` WHERE `id`='" . $id . "'";
$result = mysql_query($query);
echo $row['id']; while($row = mysql_fetch_array( $result )) {
echo "<br><br>";
echo $row['basic3'];
echo $row['basic2'];
echo $row['basic1'];
}
?>
</body>
</html>
I call id through the browser Eg. http://site.com/getid.php?id=10 . But I do not have the freedom to place my row entry within my html. For eg. like this:
<table><tr>
<td align="center">BASIC INFO 1: <?php echo $row['basic1']; ?></td>
<td align="center">BASIC INFO 2: <?php echo $row['basic2']; ?></td>
</tr></table>
I can place html within echo PHP tags but then I have to clean up my html and thats a lot of work. Retaining HTML formatting would be preferred. Any help or guidelines on this would be much appreciated.
<?php
$db = mysql_connect("xxx","xxx","xxx") or die("Database Error");
mysql_select_db("caisafety",$db);
$id = $_GET['id'];
$id = mysql_real_escape_string($id);
$query = "SELECT * FROM `cert_rr` WHERE `id`='" . $id . "'";
$result = mysql_query($query);
//you need to retrieve every row and save to an array for later access
for($rows = array(); $tmp = mysql_fetch_array($result);)
{
$rows[] = $tmp;
}
//now you can use the $rows array where every you want e.g. with the code from Zhube
?>
....
<table><?php foreach($rows as $r):
<td><?php echo $r['id'] ?></td><?php endforeach ?>
</table>
By
while($row = mysql_fetch_array( $result )) {
echo "<br><br>";
echo $row['basic3'];
echo $row['basic2'];
echo $row['basic1'];
}
you save only the last row
Instead of having your HTML tags as part of the PHP variable, do something like this instead:
<table><?php foreach($row as $r):?>
<td><?php echo $r['id'] ?></td><?php endforeach ?>
</table>
having trouble getting a script of mine to run correctly, I have 2 undefined index errors and an invalid argument supplied error that for the life of me I can't figure out why I'm getting. the 2 undefined index errors come from these lines.
if(!is_null($_GET['order']) && $_GET['order'] != 'courseTitle')
and
if (!is_null($_GET['page']))
and my invalid argument error is this
Warning: Invalid argument supplied for foreach() in
generated from this
<?php foreach ($books as $book) : ?>
my full code between the two classes is this.. any ideas of what I've done wrong? tearing my hair out over this.
index.php
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>Catalog</title>
</head>
<body bgcolor="white">
<?php
/////////////////////////////////////////////////
//connect to db
/////////////////////////////////////////////////
$dsn = 'mysql:host=localhost;dbname=book_catalog';
$username = "php";
$password = "php";
$db = new PDO($dsn, $username, $password);
//get data
if(!is_null($_GET['order']) && $_GET['order'] != 'courseTitle')
{
$thesort = $_GET['order'];
$query = "Select * FROM book
INNER JOIN course
ON book.course = course.courseID
ORDER BY ".$_GET['order'];
}
else
{
$thesort = "courseTitle";
$query = "Select * FROM book
INNER JOIN course
ON book.course = course.courseID
ORDER BY $thesort";
}
//if page is null go to first page otherwise query for correct page
if (!is_null($_GET['page']))
{
$query = $query." LIMIT ".($_GET['page']*8-8).", 8";
}
else
{
$query = $query." LIMIT 0, 8";
}
//query result
$books = $db->query($query);
//get number of overall rows
$query2 = $db->query("SELECT * FROM book");
$count = $db->query("SELECT Count(*) As 'totalRecords' FROM book");
$count = $count->fetch();
$count = $count['totalRecords'];
?>
<table border =" 1">
<tr>
<th bgcolor="#6495ed"><a href="?order=course">Course #</th>
<th bgcolor="#6495ed"><a href="?order=courseTitle">Course Title</th>
<th bgcolor="#6495ed"><a href="?order=bookTitle">Book Title</th>
<th bgcolor="#6495ed"></th>
<th bgcolor="#6495ed"><a href="?order=price">Price</th>
</tr>
<?php foreach ($books as $book) : ?>
<tr>
<td><?php echo $book['course']; ?></td>
<td><?php echo $book['courseTitle']; ?></td>
<td><?php echo $book['bookTitle']; ?></td>
<td><?php
$bookcourse = $book['course'];
$isbn = $book['isbn13'];
$booklink = "<a href=\"course.php?course=$bookcourse&isbn=$isbn\">";
echo $booklink ;?><img src='images/<?php echo $book['isbn13'].'.jpg'; ?>'></a></td>
<td><?php echo $book['price']; ?></td>
</tr>
<?php endforeach; ?>
</tr>
</table>
<?php
//paging function... not sure if it works correctly?
for ($j=1; $j <= ceil($count/8); $j++)
{ ?>
<a href=<?php echo "?page=".$j."&order=".$thesort; ?>><?php echo $j; ?></a>
<?php
}?>
</body>
</html>
**course.php**
<?php
//get data from index.php
$course = $_GET['course'];
$isbn = $_GET['isbn'];
//connect to db
$dsn = 'mysql:host=localhost;dbname=book_catalog';
$username = "php";
$password = "php";
$db = new PDO($dsn, $username, $password);
//get data
$query = "Select * FROM book, course, author, publisher
WHERE book.isbn13 = $isbn AND book.course = '$course' AND book.course = course.courseID AND book.bookID = author.bookID AND book.publisher = publisher.publisherID
ORDER BY book.bookID";
//query results
$books = $db->query($query);
//error troubleshooting
if (!$books) {
echo "Could not successfully run query ($query) from DB: " . mysql_error();
exit;
}
//count the number of rows in the result
$results = $books->fetchAll();
$rowCount = count($book);
//get data from results
foreach($results as $book){
$bookID = $book['bookID'];
$bookTitle = $book['bookTitle'];
$isbn = $book['isbn13'];
$price = $book['price'];
$desc = $book['description'];
$publisher = $book['publisher'];
$courseTitle = $book['courseTitle'];
$courseID = $book['courseID'];
$credits = $book['credit'];
$edition = $book['edition'];
$publishDate = $book['publishDate'];
$length = $book['length'];
$firstName = $book['firstName'];
$lastName = $book['lastName'];
}
if($numrows > 1)
{
foreach ($books as $book)
{
$authorArray[] = $book['firstName'] + ' ' + $book['lastName'];
}
}
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<title>CIS Department Book Catalog</title>
</head>
<body bgcolor=white">
<table border="0">
<tr>
<td>
<img src='images/<?php echo $isbn.'.jpg'; ?>'>
</td>
<td>
<?php
echo "For Course: $courseID $courseTitle ($credits)";
echo "</br>";
echo "Book Title: $bookTitle";
echo "</br>";
echo "Price: $price";
echo "</br>";
echo "Author";
if ($numResults > 1)
{
echo "s:";
for ($i = 0; $i < $numResults; $i++)
{
if ($i!=0)
echo ", $authorArray[i]";
else
echo $authorArrat[i];
}
}
else
echo ": $firstName, $lastName";
echo "</br>";
echo "Publisher: $publisher";
echo "</br>";
echo "Edition: $edition ($publishDate)";
echo "</br>";
echo "Length: $length pages";
echo "</br>";
echo "ISBN-13: $isbn";
?>
</td>
</tr>
<tr>
<td colspan="2">
<?php echo "Description: $desc"; ?>
</td>
</tr>
</table>
</body>
</html>
You should be using isset not is_null to keep it from warning about undefined variables.
$books is never defined It was defined, just incorrectly ... foreach needs it to be an array. You really don't need it anyway, fetch each row into the array with a while loop. (see my example below). You're also redefining $count several times in your query.
And like #Brad said. Use prepared statements and placeholders. Your database will end up hacked with your current code.
EDIT
Answer to your question. query() returns a statement handle. (I've defined it as $sth). fetch() returns a result which you need to pass one of the fetch mode constants (or define it by default earlier with $db->setFetchMode())
To get the books you need to have
$books = array();
$sth = $db->query($query);
while( $row = $sth->fetch(PDO::FETCH_ASSOC) ) {
$books[] = $row; // appends each row to the array
}
Here's how your code should look to get a count.
// you're not using the $query2 you defined ... just remove it
$sth = $db->query("SELECT Count(*) As 'totalRecords' FROM book");
$result = $sth->fetch(PDO::FETCH_ASSOC);
$count = $result['totalRecords'];
Take a look at:
http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers Looks like a good guide to give you an in-depth understanding of how to use PDO. Pay special attention to error handling and to prepared statements!