display data from database of an HTML form - php

I am trying to display results from my database using PHP through an HTML form. Once the user clicks the submit button, based on what they enter in each field, results should be shown accordingly.
E.g. if I click on "Rooms" in my drop down menu, and when I specify a certain price in the text field for price and for the rest of the fields, anything related to what I searched should be displayed.
I was able to do it for the drop down menu, but I don't know how I can enter multiple values and when I click submit it generates the data accordingly.
Here's what I've done so far:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<form action="dropdown2.php" method="POST">
<select name="testing" type="text">
<option value="Choose">Choose type of stay</option>
<option value="Flat">Flat</option>
<option value="Room">Room</option>
<option value="Apartment">Apartment</option>
<option value="Villa">Villa</option>
</select>
<p></p>
<table>
<tr>
<td width="14%" class="label">Minimum Price MYR</td>
<td width="42%"><input type="text" name="textfield4" id="textfield4" class="text" /></td>
<td class="label">Maximum Price MYR</td>
<td><input type="text" name="textfield2" id="textfield2" class="text" /></td>
</tr>
<tr>
<td class="label">Bed Rooms</td>
<td>
<label>
<input type="text" name="search" id="textfield5" class="text smalltextarea" />
</label>
</td>
<td class="label">Bathrooms</td>
<td><input type="text" name="textfield3" id="textfield3" class="text" /></td>
</tr>
</table>
<p></p>
<input type="submit" value="Submit" name="submit">
</form>
<?php
mysql_connect("localhost", "root", "") or die("Error connecting to database: ".mysql_error());
mysql_select_db("test") or die(mysql_error());
if(isset($_POST['testing'])){
$query = $_POST['testing'];
$min_length = 3;
if(strlen($query) >= $min_length){
$query = htmlspecialchars($query);
$query = mysql_real_escape_string($query);
$raw_results = mysql_query("SELECT * FROM rooms
WHERE (`name` LIKE '%".$query."%') OR (`price` LIKE '%".$query."%') OR (`description` LIKE '%".$query."%')") or die(mysql_error());
if(mysql_num_rows($raw_results) > 0){
while($results = mysql_fetch_array($raw_results)){
echo "<p><h3>".$results['name']."</h3>"."RM " .$results['price']."</p>"."<p>".$results['description']."</p>";
}
}
else{
echo "No results";
}
}
else{
echo "Minimum length is ".$min_length;
}
}
?>
</body>
</html>
I'm new to PHP and MySQL... any help is appreciated!


first id say change the names to something a bit more reconcilable
also you are missing a name or description field not sure which one (since the names don't resemble the database fields)
replace mysql for pdo or mysqli i used pdo in this example
since if you upgrade to php 7 mysql functions are removed (like suggested in the comments above)
instead of the mysql real escape etc you can use a prepared statement
also what you were missing in the query were the other post fields like suggested in the comments for example how many bathrooms, the minprice, the maxprice etc (these fields are posted by the user but not used in the query)
you were using the same postfield for all of those values in your query
now based on your fields i am assuming for example if someone fills in minprice = 12 and descr = flat that the result both has to have a minimum price of 12 and a description like flat so you need to change the OR's you used in your query for AND's based on which field are filled in
here is a bit of an example on how to go about it:
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title></title>
</head>
<body>
<form action="" method="POST">
<select name="description" type="text">
<option value="Choose">Choose type of stay</option>
<option value="Flat">Flat</option>
<option value="Room">Room</option>
<option value="Apartment">Apartment</option>
<option value="Villa">Villa</option>
</select>
<p></p>
<table>
<tr>
<td width="14%" class="label">Minimum Price MYR</td>
<td width="42%"><input type="text" name="minprice" id="textfield4" class="text" /></td>
<td class="label">Maximum Price MYR</td>
<td><input type="text" name="maxprice" id="textfield2" class="text" /></td>
</tr>
<tr>
<td class="label">Bed Rooms</td>
<td>
<label>
<input type="text" name="bedrooms" id="textfield5" class="text smalltextarea" />
</label>
</td>
<td class="label">Bathrooms</td>
<td><input type="text" name="bathrooms" id="textfield3" class="text" /></td>
</tr>
</table>
<p></p>
<input type="submit" value="Submit" name="submit">
</form>
<?php
$minDescriptionLength = 3;
if(isset($_POST['description'])) {
$descr = $_POST['description'];
if(strlen($descr) >= $minDescriptionLength) {
$connectionConfigArr = array('host' => 'localhost', 'dbname' => 'test', 'user' => 'root', 'password' => '');
// here we are making the database connection,
// first param = connection string, second param = user, third param = password
$dbh = new PDO(
'mysql:host=' . $connectionConfigArr['host'] . ';dbname=' . $connectionConfigArr['dbname'],
$connectionConfigArr['user'],
$connectionConfigArr['password']
);
$bindParamArr = array();
//since we check this one in the start i assumed it's required so we can use it in the base for the query
$query = 'SELECT * FROM rooms WHERE `description` LIKE :descr ';
//here for each extra field that is filled in we basicaly are going to add it to the query string
//and we push the value to the bindParamArray which will after we added the query add the values safely to the query
if(isset($_POST['minprice']) && $_POST['minprice']) {
$query .= 'AND `price` > :minprice ';
array_push($bindParamArr, array('field' => ':minprice', 'value' => $_POST['minprice'], 'type' => PDO::PARAM_INT));
}
if(isset($_POST['maxprice']) && $_POST['maxprice']) {
$query .= 'AND `price` < :maxprice ';
array_push($bindParamArr, array('field' => ':maxprice', 'value' => $_POST['maxprice'], 'type' => PDO::PARAM_INT));
}
if(isset($_POST['bathrooms']) && $_POST['bathrooms']) {
$query .= 'AND `bathrooms` = :bathrooms ';
array_push($bindParamArr, array('field' => ':bathrooms', 'value' => $_POST['bathrooms'], 'type' => PDO::PARAM_INT));
}
if(isset($_POST['bedrooms']) && $_POST['bedrooms']) {
$query .= 'AND `bedrooms` = :bedrooms ';
array_push($bindParamArr, array('field' => ':bedrooms', 'value' => $_POST['bedrooms'], 'type' => PDO::PARAM_INT));
}
//we still need to push the description to the array
array_push($bindParamArr, array('field' => ':descr', 'value' => '%' . $descr . '%', 'type' => PDO::PARAM_STR));
//here we prepare the query
$stmt = $dbh->prepare($query);
//here we bind the params safely
foreach($bindParamArr as $bParam) {
$stmt->bindParam($bParam['field'], $bParam['value'], $bParam['type']);
}
$stmt->execute();
//use this to get the amount of rows the query returned
$rowCount = $stmt->rowCount();
if($rowCount > 0) {
//we loop through the stmt fetch function which will iterate through the resultset
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo "<p><h3>".$row['name']."</h3>"."RM " .$row['price']."</p>"."<p>".$row['description']."</p>";
}
}
else {
echo "No results";
}
}
else {
echo "Minimum length is ".$minDescriptionLength;
}
}
?>
</body>
</html>

Related

search page not displaying any results

please assist
I have created a search page to query the database, when the submit button is selected, no data is populated into the grid and there is no error message or notice that gives me an indication of where the issue is. Please assist.
Here is the code:
<?php
if(isset($_POST['submit']))
{
$txtLastName = $_POST['txtLastName'];
$txtidnumber = $_POST['txtidnumber'];
$txtMedicalAidNumber = $_POST['txtMedicalAidNumber'];
//connect to the database
$db = mysql_connect
("server", "username", "password") or die ('I cannot connect to the database because: ' . mysql_error());
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
$mydb = mysql_select_db("mediouqp_login");
if($txtLastName != '' && $txtidnumber != '' && $txtMedicalAidNumber != '')
{
$sql = "SELECT last_name, id_number, medical_id_number FROM patient WHERE last_name LIKE '%" . $txtLastName . "%' OR id_number LIKE '%" . $txtidnumber ."%'";
}
else
{
$sql = "SELECT last_name FROM patient ORDER BY last_name DESC";
}
$result = mysql_query($sql);
}
if($result)
{
if(mysql_num_rows($result) > 0)
{
echo 'Total records found are- '.mysql_num_rows($result);
}
else
{
echo "No records found.";
}
}
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="style2.css">
</head>
<body>
<ul>
<li>PATIENT DETAILS
<li>REPORTS</li>
<li>ADMINISTRATOR</li>
<li>DOWNLOADS</li>
</ul>
<div class="headerTitle">
<h1 id="mainHeader">search patient details</h1>
</div>
<form action="search_patient.php" method="post" name="frm_search" id="frm_search">
<table>
<tr>
<td class="Label" id="lname">Last Name
</td>
<td class="Field">
<input type ="lastname" name ="txtLastName" ></input>
<span id="spnLastName"></span>
</td>
</tr>
<tr>
<td class="Label" id="lname">ID Number
</td>
<td class="Field">
<input type ="lastname" name ="txtidnumber" ></input>
<span id="spnIdNumber"></span>
</td>
</tr>
<tr>
<td class="Label" id="lname">Medical Aid Number
</td>
<td class="Field">
<input type ="medicalaidnumber" name ="txtMedicalAidNumber" ></input>
<span id="spnMedicalaidNumber"></span>
</td>
</tr>
<tr>
<td class="Label">
</td>
<td>
<input type="submit" id="btnSearchPatient" value="Submit"></input>
<input type = "button" onClick="window.location='create_patient.php';" value="Create Patient" /></input>
</td>
</tr>
</table>
</form>
<br/>
<br/>
<table id="tblpatient" class="Grid">
<tr class="Header">
<td> </td>
<td> </td>
<td> </td>
<td>Last Name</td>
<td>ID Number</td>
<td>Medical Aid</td>
</tr>
<?php
if($result)
{
while($row = mysql_fetch_array($result))
{
$last_name = $row['last_name'];
$id_number = $row['id_number'];
$medical_id_number = 0;//$row['medical_id_number'];
?>
<tr>
<td> </td>
<td> </td>
<td> </td>
<td><?php echo $last_name;?></td>
<td><?php echo $id_number;?></td>
<td><?php echo $medical_id_number;?></td>
</tr>
<?php
}
}
?>
</table>
</body>
</html>

Note: This extension(mysql) was deprecated in PHP 5.5.0, and it was removed in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be used along with prepared statements.
As per the code you have written it will be submitting the data but what you have written under this statement will never Work.
if(isset($_POST['submit'])){// Codes Inside this}
Reason this code will not work
Your Submit button is not having the name which you have given in the isset($_POST['submit']).
You mist add the name to the submit button which you have in your code.
Replace your Submit button as i have provided by adding the name to it and changing the button code style.
Replace:
<input type="submit" id="btnSearchPatient" value="Submit"></input>
With:
<input type="submit" id="btnSearchPatient" name="submit" value="Submit" />
After all the above steps that has been provided ensure the note below in order the data comes as not expected.
Note: If you need to execute the statement perfect you first put echo to the select statement that you have coded and break the execution over there. You will find the SQL statement over to the browser and you copy that echoed statement into the SQL section of the DB created in the Phpmyadmin and check whether your code executed well. If so you got the required output that you can remove the echo and exit statement and you can proceed.

How do I update mysql table using pdo and multiple arrays?

I've got a list of form fields in an html table. This page is designed to allow someone to modify multiple records at once...using an update query. Because I have multiple customer records present, I need to update based on the record Id. I thought that I was supposed to create a composite array then update the database by pointing to the various key, value pairs, but nothing seems to work...all help is appreciated..hoping its a small typo I'm not catching:
....SQL to pull data (works)...
echo "<form action='#' method='POST' >";
echo "<center><table>";
echo "<tr><th> Email Address </th> <th>Created On</th><th> Ip Address</th><th> Front of Card</th><th> Back of Card</th><th> Last 4 of Card</th><th> Decision</th><th> Notes (for Reject)</th>";
foreach ($customer as $row){
echo '<tr><input type="hidden" name="record[]" value='.$row[' id '].'/>
<td>'.$row["email"].' </td>
<td>'.$row["created_on"].'</td>
<td>'.$row["ip_address"].'</td>
<td>
<img class="fixed" src="imgReader.php?img='.$row[" card_front "].'"/>
</td>
<td>
<img class="fixed" src="imgReader.php?img='.$row[" card_back "].'"/>
</td>
<td><input type="number" name="last4[]" value="" /></td>
<td><select name="decision[]">
<option value="PENDING">Pending</option>
<option value="APPROVED">Approved</option>
<option value="DENIED">Denied</option>
<option value="DUPLICATE">Duplicate</option></select></td>
<td><input type="textarea" rows="5" name="notes[]" value="" /></td>
</tr>';
if ($_POST){
$last4 = $_POST["last4"];
$status = $_POST["decision"];
$notes = $_POST["notes"];
$ids = $_POST["record"];
$tableSet = array('last4' => $last4,
'decision' => $status,
'notes' => $notes,
'ids' => str_replace('/','', $ids)
);
var_dump($tableSet);
foreach( $tableSet as $i) {
$updateUserData = $db->prepare("UPDATE cards SET `last_4_cc` = :l4cc, `status` = :status, `notes` = :notes WHERE `id` = :record");
$updateUserData->execute([
':l4cc' => $i[$tableSet["last4"]],
':status' => $i[$tableSet["decision"]],
':notes' => $i[$tableSet["notes"]],
':record' => $i[$tableSet["ids"]]
]);
}
}
?>

How can I insert multiple records in mysql using php at once with one query dynamicaly?

I have an invoice module. There I have fields for items purchased. I am using ajax/jQuery to add new rows when user want to add. Now my question is that how can I add all records in database using PHP, I know how to enter one record but don't know how to add multiple records when we don't know how much records we want to insert. Here is the code,
<html>
<head>
<title>Document</title>
<script src="js/jquery-1.11.2.min.js"></script>
<script type="text/javascript">
$("#insert-more").click(function () {
$("#JTable").each(function () {
var tds = '<tr>';
jQuery.each($('tr:last td', this), function () {
tds += '<td>' + $(this).html() + '</td>';
});
tds += '</tr>';
if ($('tbody', this).length > 0) {
$('tbody', this).append(tds);
} else {
$(this).append(tds);
}
});
});
</script>
</head>
<body>
<form name="items" method="post">
<table id="JTable" style="margin-left:50px;">
<thead>
<th class="tblfldname">Product</th>
<th class="tblfldname">Quantity</th>
<th class="tblfldname">Price</th>
</thead>
<tbody>
<tr>
<td>
<select name="pname[]" class="pname" style="padding:4px; width:150px;">
<option></option>
</select>
</td>
<td>
<input type="text" name="qty[]" style="width:150px; padding:4px;" />
</td>
<td>
<input type="text" name="price[]" class="price" style="width:150px; padding:4px;" />
</td>
</tr>
</tbody>
<input type="submit" name="submit" />
</table>
</form>
Add New Row
</body>
</html>
P.S. All new generated rows's fields have same name.

You can just iterate through pname and do one query for each element:
$pname = $_POST['pname'];
$qty = $_POST['qty'];
$price = $_POST['price'];
for ($i = 0; $i < count($pname); $i++) {
$name = mysqli_escape_string ($conn, $pname[$i]);
$quantity = intval($qty[$i]);
$prc = doubleval($price[$i]);
$sql = "insert into bla(name, qty, price) values('{$name}', {$quantity}, {$prc})";
$conn->query($sql);
}
Of course, you have to check if the values make sense... and remember, [] are not XHTML-compliant, it's a PHP thing.

INSERT INTO `table`(`field0`, `field1`, `field2`)
VALUES
('value0forfield0', 'value0forfield1', 'value0forfield2'),
('value1forfield0', 'value1forfield1', 'value1forfield2'),
('value2forfield0', 'value2forfield1', 'value2forfield2'),
('value3forfield0', 'value3forfield1', 'value3forfield2');
When you don't know how many records there will be you can do:
$query = "INSERT INTO `table`(`field0`, `field1`, `field2`) ";
$query .= "VALUES ";
foreach($record as $row)
{
$query .= "('".$row['field0']."', '".$row['field1']."', '".$row['field2']."'),";
}
$query = preg_replace("/\,$/", ";", $query);

By naming your input fields the way you have, there can be data validation problems if one of those fields are left unanswered. IMO it would be better to name your fields something like:
<select name="dataset[0]['pname']>...</select>
<input type="text" name="dataset[0]['qty'] ..... >
<input type="text" name="dataset[0]['price'] ..... >
<select name="dataset[1]['pname']>...</select>
<input type="text" name="dataset[1]['qty'] ..... >
<input type="text" name="dataset[1]['price'] ..... >
and so forth, then on your posted to page, iterate through your $_POST like:
foreach($_POST["dataset"] as $rcd){
$name = $rcd["pname"];
$qty = $rcd["qty"];
$price = $rcd["price";
..... do whatever db stuff needs to be done ....
}

Inserting multiple rows into MySQL at once

I am trying to submit a table full of information at once, and cannot find the answer. It has no problem submitting one set of information to the DB, but i need to insult between 1 and 50 of the same value at once. Here is an example:
We are recording lap times, therefore we need to be able to fill in a table on a web app, with loads of names, and event times. Therefore, we will need to add loads of SQL entries at once.
I have tried just copy and pasting the form info, but this results in a blank set of data in phpmyadmin.
Here is the code:
<?php
$host = "localhost";
$databasename = "pe_results";
$databaseusername = "root";
$databasepassword = "";
$conn = mysql_connect("$host", "$databaseusername", "$databasepassword");
mysql_select_db("$databasename", $conn);
if (isset($_POST['Name'])) {
$Name = $_POST['Name'];
}
if (isset($_POST['Short'])) {
$Short = $_POST['Short'];
}
if (isset($_POST['Med'])) {
$Med = $_POST['Med'];
}
if (isset($_POST['Long'])) {
$Long = $_POST['Long'];
}
if (isset($_POST['VLong'])) {
$VLong = $_POST['VLong'];
}
if (isset($_POST['Extreme'])) {
$Extreme = $_POST['Extreme'];
}
if (isset($_POST['LJump'])) {
$LJump = $_POST['LJump'];
}
if (isset($_POST['HJump'])) {
$HJump = $_POST['HJump'];
}
if (isset($_POST['Shotputt'])) {
$Shotputt = $_POST['Shotputt'];
}
if (isset($_POST['Discuss'])) {
$Discuss = $_POST['Discuss'];
}
if (isset($_POST['Javelin'])) {
$Javelin = $_POST['Javelin'];
}
if (isset($_POST['Date'])) {
$Date = $_POST['Date'];
}
if (isset($_POST['Year'])) {
$Year = $_POST['Year'];
}
$i = count($Name);
for ($i=0;$i<10;$i++) {
$n = $Name[$i];
$s = $Short[$i];
$me = $Med[$i];
$lng = $Long[$i];
$slng = $VLong[$i];
$ext = $Extreme[$i];
$ljump = $LJump[$i];
$hjump = $HJump[$i];
$shot = $Shotputt[$i];
$disc = $Discuss[$i];
$jav = $Javelin[$i];
$date = $Date[$i];
$year = $Year[$i];
//and so on with more variable...
$sql="INSERT INTO results_main (`Name`, `Short`, `Med`, `Long`, `Vlong`, `Extreme`, `LJump`, `HJump`, `Shotputt`, `Discuss`, `Javelin`, `Date`, `Year`)
VALUES ('$n', '$s', '$me', '$lng', '$slng', '$ext', '$ljump', '$hjump', '$shot', '$disc', '$jav', '$date', '$year')";
}
$result = mysql_query($sql) or die(mysql_error ());;
if($result){
echo"<br/>Everythings been saved";
echo "<BR>";
echo "<a href='index.php'>Back to the main page</a>";
}
else {
echo $result = mysql_query($sql,$conn) or die (mysql_error ());
}
// close connection
mysql_close($conn);
?>
Also find HTML below
<?php
// Create connection
$con=mysqli_connect("127.0.0.1","root","","pe_results");
// Check connection
if (mysqli_connect_errno($con))
{
echo "Uh oh, tell chris that " . mysqli_connect_error() . "NO DATA WILL BE SAVED";
}
?>
<div id="1" >Results</div>
<div id="2">Record</div>
<div id="3">Overview</div>
<div id="4">Blank</div>
<form name="input_primary" action="process.php" method="post">
<font color="#FFFFFF"><strong>Date:</strong></font><input name="Date" type="date" />
<font color="#FFFFFF"><strong>Year:</strong></font><select name="Year">
<option value="7">Year 7</option>
<option value="8">Year 8</option>
<option value="9">Year 9</option>
<option value="10">Year 10</option>
<option value="11">Year 11</option>
<option value="12">Year 12</option>
<option value="13">Year 13</option>
</select>
<input type="submit" value="Save results!" name="submit" />
<table width="200" border="1px solid black" id="maintab">
<tr>
<th scope="col">Name</th>
<th scope="col">100m</th>
<th scope="col">200m</th>
<th scope="col">400m</th>
<th scope="col">800m</th>
<th scope="col">1500m</th>
<th scope="col">Long Jump</th>
<th scope="col">High Jump</th>
<th scope="col">Shotputt</th>
<th scope="col">Discus</th>
<th scope="col">Javelin</th>
</tr>
<tr>
<td>
<input name="Name" type="text" />
</td>
<td>
<input name="Short" type="text" size="10px" />
</td>
<td>
<input name="Med" type="text" size="10px" />
</td>
<td>
<input name="Long" type="text" size="10px" />
</td>
<td>
<input name="VLong" type="text" size="10px" />
</td>
<td>
<input name="Extreme" type="text" size="10px" />
</td>
<td>
<input name="LJump" type="text" size="10px" />
</td>
<td>
<input name="HJump" type="text" size="10px" />
</td>
<td>
<input name="Shotputt" type="text" size="10px" />
</td>
<td>
<input name="Discuss" type="text" size="10px" />
</td>
<td>
<input name="Javelin" type="text" size="10px" />
</td>
</tr>

If I understood your Question right what you wanna do is name the fields with a []
So
<select name="Year">
Becomes
<select name="Year[]">
Then you'll be able to loop through the submitted values, example:
foreach($_POST['Year'] as $k=>$v){
echo $v." - This is the value";
echo $k." - This is the key";
}
EDIT:
(string)$insert;
if(is_array($_POST['Year'])){
foreach($_POST['Year'] as $k=>$v){
$insert .= "(".$_POST['Name'][$k].", ".$_POST['Short'][$k].", ".$_POST['Med'][$k].", ".$_POST['Long'][$k].", ".$_POST['VLong'][$k].", ".$_POST['Extreme'][$k].", ".$_POST['LJump'][$k].", ".$_POST['HJump'][$k].", ".$_POST['Shotputt'][$k].", ".$_POST['Discuss'][$k].", ".$_POST['Javelin'][$k].", ".$_POST['Date'][$k].", ".$_POST['Year'][$k]."),";
}
$insert = substr_replace($insert ,0,-1);
}else{
$insert .= "($_POST['Name'], $_POST['Short'], $_POST['Med'], $_POST['Long'], $_POST['VLong'], $_POST['Extreme'], $_POST['LJump'], $_POST['HJump'], $_POST['Shotputt'], $_POST['Discuss'], $_POST['Javelin'], $_POST['Date'], $_POST['Year'])";
}
$sql="INSERT INTO results_main
(`Name`, `Short`, `Med`, `Long`, `VLong`, `Extreme`, `LJump`, `HJump`, `Shotputt`, `Discuss`, `Javelin`, `Date`, `Year`)
VALUES
".$insert;
This should do the trick to get everything into only one query instead of doing multiple queries for each row

Add brackets [] to ALL your names in your html-form (where it makes sense). The bracket [] tells that elements are treated as dynamic arrays.
In your html-form, do something like this:
<form name="input_primary" action="process.php" method="post">
<font color="#FFFFFF"><strong>Date:</strong></font><input name="Date" type="date" />
<font color="#FFFFFF"><strong>Year:</strong></font><select name="Year">
<option value="7">Year 7</option>
<option value="8">Year 8</option>
<option value="9">Year 9</option>
<option value="10">Year 10</option>
<option value="11">Year 11</option>
<option value="12">Year 12</option>
<option value="13">Year 13</option>
</select>
<input type="submit" value="Save results!" name="submit" />
<table width="200" border="1px solid black" id="maintab">
<tr>
<th scope="col">Name</th>
<th scope="col">100m</th>
<th scope="col">200m</th>
<th scope="col">400m</th>
<th scope="col">800m</th>
<th scope="col">1500m</th>
<th scope="col">Long Jump</th>
<th scope="col">High Jump</th>
<th scope="col">Shotputt</th>
<th scope="col">Discus</th>
<th scope="col">Javelin</th>
</tr>
<?php
//Repeat element inside loop 10 times
for($i=0;$i<10;$i++) {
?>
<tr>
<td>
<input name="Name[]" type="text" />
</td>
<td>
<input name="Short[]" type="text" size="10px" />
</td>
<td>
<input name="Med[]" type="text" size="10px" />
</td>
<td>
<input name="Long[]" type="text" size="10px" />
</td>
<td>
<input name="VLong[]" type="text" size="10px" />
</td>
<td>
<input name="Extreme[]" type="text" size="10px" />
</td>
<td>
<input name="LJump[]" type="text" size="10px" />
</td>
<td>
<input name="HJump[]" type="text" size="10px" />
</td>
<td>
<input name="Shotputt[]" type="text" size="10px" />
</td>
<td>
<input name="Discuss[]" type="text" size="10px" />
</td>
<td>
<input name="Javelin[]" type="text" size="10px" />
</td>
</tr>
<?php
}
?>
</table>
</form>
And in your PHP code do something like this:
//Create initial query for sql-insert.
$sql="INSERT INTO results_main (`Name`, `Short`, `Med`, `Long`, `Vlong`, `Extreme`, `LJump`, `HJump`, `Shotputt`, `Discuss`, `Javelin`, `Date`, `Year`) VALUES ";
$date = $Date; //Do like this if date-element is only occur once (at top) (then no need for brackets)
$year = $Year; //Do like this if year-element is only occur once (at top) (then no need for brackets)
$cnt = count($Name);
for ($i=0;$i<$cnt;$i++) {
//Use mysql_escape_string to escape strings (when needed) BEFORE adding to the $sql.
$n = $Name[$i];
$s = $Short[$i];
$me = $Med[$i];
$lng = $Long[$i];
$slng = $VLong[$i];
$ext = $Extreme[$i];
$ljump = $LJump[$i];
$hjump = $HJump[$i];
$shot = $Shotputt[$i];
$disc = $Discuss[$i];
$jav = $Javelin[$i];
//Insert each row separated with a comma
$sql .= "('$n', '$s', '$me', '$lng', '$slng', '$ext', '$ljump', '$hjump', '$shot', '$disc', '$jav', '$date', '$year'),";
}
$useQuery = substr($sql, 0, -1); //Delete last comma
$result = mysql_query($useQuery); //Do the actual insert
then of course, read up on PDO instead of using mysql_query etc. Do this soon because mysql_* functions like this are deprecated and will be removed in the future. PDO is a better alternative because it's oop, it's safer and more flexible. Start from here... http://www.php.net/manual/en/intro.pdo.php

Storing your data across multiple arrays is unsafe because its so easy to get out of order and cause errors. Instead store data into an associative array like this:
$people = array();
$people[] = array('Name' => $name, 'Short' => $short ....);
The above code creates and array of arrays and the inner arrays are associative arrays so you can use the following syntax to get the name of the first person:
$people[0]['Name'];
Everything stays together and if certain values arn't set for certain people it will not seep into the other peoples records.
I see you were using POST variables. The above associative array can be easily passed around with ajax (if thats what your using, just an option) by using json_encode and json_decode. This helps preserve data structures when your passing it through multiple languages.
Lastly to insert a large number of records I would suggest a PDO statement as one ofthe easiest and cleanest way to do this. Check out a great tutorial here http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/
Hope this helps, good luck!

PHP to see if password matches and if so, submit its data

im new to php and learning quite fast. i have a form which allows the user to update his/her security question and also requires the user to enter his/her reference number in order to go ahead with the change.
my code for the form is as follows:
<form action="securityupdated.php" method="post">
<table width="80%" border="0">
<tr>
<td><label for="secret_question">Secret Question</label></td>
<td><span id="spryselect1">
<select name="secret_question" id="secret_question">
<option selected="selected">Please Select Your Secret Question</option>
<option id="secret_question" value="What Is Your Mothers Maiden Name?">What Is Your Mothers Maiden Name</option>
<option id="secret_question" value="What Was The Name Of Your First Pet?">What Was The Name Of Your First Pet</option>
<option id="secret_question" value="What Was Your First Car?">What Was Your First Car</option>
<option id="secret_question" value="What Is Your Favourite Colour?">What Is Your Favourite Colour</option>
</select>
<span class="selectRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="secret_anwser">Your Anwser</label></td>
<td><br /><span id="sprytextfield1">
<input type="text" name="secret_anwser" id="secret_anwser" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td><br /><label for="password">Your Reference</label>
</td>
<td><br />
<span id="sprytextfield2">
<input type="text" name="ref" id="ref" />
<span class="textfieldRequiredMsg">*</span></span></td>
</tr>
<tr>
<td> </td>
<td><br /><input name="" type="submit" value="Update" /></td>
</tr>
</table>
</form>
my php script is as follows:
<?php
$secret_question = mysql_real_escape_string($_REQUEST['secret_question']);
$secret_anwser = mysql_real_escape_string($_REQUEST['secret_anwser']);
$sql= "UPDATE public SET secret_question = '$secret_question', secret_anwser = '$secret_anwser' WHERE active = 'activated' AND ni = '". $_SESSION['ni']."'";
if (!mysql_query($sql))
{
die('Error: ' . mysql_error());
}
else
{
echo '<hr /><h3 align="center">Security Question Has Been Updated</h3><hr />';
}
?>
what i dont know is how to code it so that it can check if the ref entered by the user matches with my ref field in my database and if so then it should go ahead with the update and if not, it should ask the user to enter his password again?

I'm not a believer in "security questions", but i suppose adding password check would be reasonable, since if someone does get to this point, he might block the real user from requesting password restoration, if thats what you are using it for. So yep, use mysql_fetch_row to get password (I hope it is sha1 hash?) and compare it to whatever user enters (add new password field)
HTML:
<tr>
<td><label for="password_check">Your password</label></td>
<td><input type="text" name="password_check" id="password_check" /></td>
</tr>
And php:
$result = mysql_query("SELECT `password` FROM public WHERE ni = '". $_SESSION['ni']."'");
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$row = mysql_fetch_row($result);
if(strlen($row[0])>0 && $row[0]==sha1($_POST['password_check'])){
.. your existing update code goes here
}

<?php
if(isset($_POST['submit'])){
$ref_number = $_POST['reference_number'];
$query = "SELECT * FROM table_name WHERE reference_number = 'ref_number'";
$result = mysql_query($query);
$output = mysql_num_rows($result);
if($output > 0){
//Proceed in registration or whatever you want to do here
}else{
echo "<script type='text/javascript'>alert('Please put your whatever again')</script>";
}
}
?>
Part of your form
<input type='text' name='reference_number'><br />
<input type='submit' name='submit' value='Submit'>;

Do you have one ref number for everyone or just a single ref?
If every user has its own ref:
$Result = mysql_query("SELECT * FROM table WHERE user_id = 'user_id' AND ref_number = '$Ref_Number'");
Or if there is only one ref number:
$Result = mysql_query("SELECT * FROM table WHERE ref_number = '$Ref_Number'");
If the ref number provided equals the one in the database, then you'll get a row back.
if (mysql_num_rows($Result) != 0)){
// your update code
} else {
// present password form
}
If you have only one ref-number for everyone it might be more interesting to just store that value in a variable.
$Query = mysql_query("SELECT * FROM table");
$R = mysql_fetch_array($Result);
$RealRef_number = $R['ref_number'];
if ($_POST['Ref_number'] == $RealRef_number){
// proceed to updating
} else {
// they were not equal..
}

Categories