I have this working where it will copy the row, and then link the new row to the previous row.
Where my issue is, is in copying over the NULL values. When I run this all null values go into the new row as blank.
How would I get it to change the value to NULL if it was originally NULL?
$result = $mysqli->query("SELECT * FROM rdpricing WHERE psid = '$dupsid';");
if($result->num_rows >= "1"){
$count = $result->num_rows;
$cols = array();
$result = $mysqli->query("SHOW COLUMNS FROM rdpricing");
while ($r = $result->fetch_array(MYSQLI_ASSOC)) {
if (!in_array($r["Field"], array("rdpid", "psid", "rdold"))) { //Excluding these columns
$cols[] = $r["Field"];
}
}
// Build and do the insert
$result = $mysqli->query("SELECT * FROM rdpricing WHERE psid = '$dupsid';");
while ($r = $result->fetch_array(MYSQLI_ASSOC)) {
$insertSQL = "INSERT INTO rdpricing (" . implode(", ",$cols) . ", rdold) VALUES (";
$count = count($cols);
foreach($cols as $counter=>$col) {
**// This is where I Believe it needs to happen, and what I have attempted, and it is NOT working**
if(empty($r[$col]) || is_null($r[$col]) || $r[$col] == ""){
$r[$col] = NULL;
}
$insertSQL .= "'" . $mysqli->real_escape_string($r[$col]) . "'";
if ($counter < ($count - 1)) {
$insertSQL .= ", ";
}
} // END foreach
$insertSQL .= ", '".$r["rdpid"]."');";
$mysqli->query($insertSQL);
if ($mysqli->affected_rows < 1) {
printf("%s\n", $mysqli->error);
} else {
}
$new_id = $mysqli->insert_id;
$statement = $mysqli->prepare("UPDATE rdpricing SET `psid`=? WHERE `rdpid`=?");
$statement->bind_param('ss', $new_psid, $new_id);
// Execute the prepared query.
$statement->execute();
$statement->close();
}
}
Generated from info in the comments:
#reset/create before the foreach, create an empty array
$insertSQLValues=array();
#in the foreach do some on given type
if(is_null($r[$col])){#real null
$r[$col] = "null";
} else if (empty($r[$col]) || $r[$col] == ""){#empty values
$r[$col] = "''";
} else {#standart data
$r[$col] = "'".$mysqli->real_escape_string($r[$col])."'";
}
$insertSQLValues[]=$r[$col];
#later
$insertSQL .= implode(', ',$insertSQLValues).", '".$r["rdpid"]."');";
Hopefully you can merge that into your code.
Related
I need help with my PDO prepared statements.
I know my code is not sanitized and is probably open to a lot of hell, but first I need to overcome this error before I can move on to sanitize my code.
I am trying to write a prepared statement with the WHERE clause, and somehow it keeps giving me an error that I am using a string for a type boolean. But what boolean??
I added a few vardumps before the error. It is in the counting part of my code.
After which, I would also take some pointers on how to make prepared statements out of user input.
I know, it is dangerous, but perhaps I can sanitize all the inner_join, outer_join etc into allowed table names using a in_array after a database table and column name check.
The reason I need to allow this user input is that I am making a website where people can make their own queries to the database and retrieve whatever info they need. But they should only be able to SELECT. Not UPDATE or DROP!
<?php
// Select existing
require_once('ajaxDBQuery.php');
if(!isset($included)) {
$_GET = json_decode($_GET["json"], true);
} else {
$_GET = json_decode($json, true);
}
class GET extends ajaxDBQuery
{
function __construct() {
parent::__construct($_GET['db']);
// ------------------------------------------------
$page = 0;
if (isset($_GET['offset']) && !empty($_GET['offset'])) {
$page = filter_var($_GET['offset'], FILTER_SANITIZE_NUMBER_INT);
}
$per_page = 20;
if (isset($_GET['limit']) && !empty($_GET['limit'])) {
$per_page = filter_var($_GET['limit'], FILTER_SANITIZE_NUMBER_INT);
}
if(isset($_GET['where']) && !empty($_GET['where'])) {
$sqlcount = "SELECT count(*) AS total_records FROM {$_GET['from']['table']} WHERE :test";
$statement = $this->conn->prepare($sqlcount);
var_dump($sqlcount);
var_dump($statement);
var_dump($_GET['where']);
$statement->bindParam(':test', $_GET['where'], PDO::PARAM_STR);
$statement->execute();
} else {
$sqlcount = "SELECT count(*) AS total_records FROM {$_GET['from']['table']}";
$statement = $this->conn->prepare($sqlcount);
$statement->execute();
}
$row = $statement->fetch();
$total_records = $row['total_records'];
$total_pages = ceil($total_records / $per_page);
$offset = ($page) * $per_page;
// ------------------------------------------------
$sql = "SELECT ";
for($i = 0; $i < count($_GET['select']['columns']); $i++) {
if($i == 0) {
$sql .= "{$_GET['select']['columns'][$i]}";
} else {
$sql .= ", {$_GET['select']['columns'][$i]}";
}
}
//{$_GET['select']['columns'][0]}
$sql .= " FROM {$_GET['from']['table']}";
(isset($_GET['from']['as']) && ($_GET['from']['as']) !== "") ? $sql .= " AS {$_GET['from']['as']}" : $sql .= "";
(isset($_GET['inner_join']['table']) && ($_GET['inner_join']['table']) !== "") ? $sql .= " INNER JOIN {$_GET['inner_join']['table']}" : $sql .= "";
(isset($_GET['inner_join']['as']) && ($_GET['inner_join']['as']) !== "") ? $sql .= " AS {$_GET['inner_join']['as']}" : $sql .= "";
if(isset($_GET['inner_join']['on']) && ($_GET['inner_join']['on']) !== "") {
for($i = 0; $i < count($_GET['inner_join']['on']); $i++) {
if($i == 0) {
$sql .= " ON {$_GET['inner_join']['on'][$i]}";
} else {
$sql .= " AND {$_GET['inner_join']['on'][$i]}";
}
}
}
(isset($_GET['left_join']['table']) && ($_GET['left_join']['table']) !== "") ? $sql .= " LEFT JOIN {$_GET['left_join']['table']}" : $sql .= "";
(isset($_GET['left_join']['as']) && ($_GET['left_join']['as']) !== "") ? $sql .= " AS {$_GET['left_join']['as']}" : $sql .= "";
if(isset($_GET['left_join']['on']) && ($_GET['left_join']['on']) !== "") {
for($i = 0; $i < count($_GET['left_join']['on']); $i++) {
if($i == 0) {
$sql .= " ON {$_GET['left_join']['on'][$i]}";
} else {
$sql .= " AND {$_GET['left_join']['on'][$i]}";
}
}
}
(isset($_GET['left_outer_join']['table']) && ($_GET['left_outer_join']['table']) !== "") ? $sql .= " LEFT OUTER JOIN {$_GET['left_outer_join']['table']}" : $sql .= "";
(isset($_GET['left_outer_join']['as']) && ($_GET['left_outer_join']['as']) !== "") ? $sql .= " AS {$_GET['left_outer_join']['as']}" : $sql .= "";
if(isset($_GET['left_outer_join']['on']) && ($_GET['left_outer_join']['on']) !== "") {
for($i = 0; $i < count($_GET['left_outer_join']['on']); $i++) {
if($i == 0) {
$sql .= " ON {$_GET['left_outer_join']['on'][$i]}";
} else {
$sql .= " AND {$_GET['left_outer_join']['on'][$i]}";
}
}
}
(isset($_GET['where']) && ($_GET['where']) !== "") ? $sql .= " WHERE {$_GET['where']}" : $sql .= "";
(isset($_GET['order_by']) && ($_GET['order_by']) !== "") ? $sql .= " ORDER BY {$_GET['order_by']}" : $sql .= "";
(isset($_GET['direction']) && ($_GET['direction']) !== "") ? $sql .= " {$_GET['direction']}" : $sql .= "";
(isset($_GET['limit']) && ($_GET['limit']) !== "") ? $sql .= " LIMIT {$_GET['limit']}" : $sql .= "";
(isset($_GET['offset']) && ($_GET['offset']) !== "") ? $sql .= " OFFSET ".$_GET['offset'] * $_GET['limit']."" : $sql .= "";
$statement = $this->conn->prepare($sql);
$statement->execute();
// ------------------------------------------------
// set the resulting array to associative
$result = $statement->setFetchMode(PDO::FETCH_ASSOC);
$jsonArray = array();
//$jsonArray["totalrecords"] = $total_records;
$jsonArray["totalrecords"] = 1;
while ( ($row = $statement->fetch(PDO::FETCH_ASSOC) ) !== false) {
$jsonArray[] = $row;
}
// ------------------------------------------------
$this->return($jsonArray);
// ------------------------------------------------
}
private function return($jsonArray) {
header('Content-Type: application/json');
echo json_encode($jsonArray);
}
}
$query = new GET();
?>
OUTPUT:
string(56) "SELECT count(*) AS total_records FROM cb_cat WHERE :test"
object(PDOStatement)#3 (1) {
["queryString"]=>
string(56) "SELECT count(*) AS total_records FROM cb_cat WHERE :test"
}
string(27) "systemgrp BETWEEN 10 AND 19"
<br />
<b>Fatal error</b>: Uncaught PDOException: SQLSTATE[22P02]: Invalid text representation: 7 ERROR: invalid input syntax for type boolean: "systemgrp BETWEEN 10 AND 19" ...
Currently I use MySQLi and I try to convert all my MySQLi to PDO.
In MySQLi I have this code and it work very fine:
// connection string in MySQLi
if ($query = $connection->prepare("SELECT u.ID as ID,
u.Username as Username,
u.Firstname as Firstname,
u.Lastname as Lastname,
// ... many more
FROM Users u
INNER JOIN Gender g ON u.Gender = g.id
// ... many more
WHERE u.ID = ?")) {
$query->bind_param('s', $_SESSION['ID']);
$query->execute();
$metaResults = $query->result_metadata();
$fields = $metaResults->fetch_fields();
$statementParams = '';
foreach ($fields as $field) {
if (empty($statementParams)) {
$statementParams.="\$column['" . $field->name . "']";
} else {
$statementParams.=", \$column['" . $field->name . "']";
}
}
$statment = "\$query->bind_result($statementParams);";
eval($statment);
$query->store_result();
$affected = $query->num_rows;
// this request return me only ONE row
if ($affected == 1) {
while ($query->fetch()) {
foreach ($column as $key => $value) {
if ($key == "lookingFor") {
$row_tmb[$key] = formatLookingFor($value, $language, "");
} else {
$row_tmb[$key] = utf8_encode($value);
$row_tmb[$key] = $value;
}
}
$results[] = $row_tmb;
}
$query->free_result();
$query->close();
$profileData = $results[0];
// ... other code
}
This is return to my all column names and all 1 data row and I'm verry happy. So, I try to convert this code into PDO with new PDO code:
// good connection string without error in PDO code and the same query as you see up.
if ($query = $connection->prepare($sql)) {
$query->execute();
$metaResultsColNumber = $query->columnCount();
for ($i = 0; $i < $metaResultsColNumber; $i++) {
$metaResults[] = $query->getColumnMeta($i, ['name']);
}
var_dump($metaResults);
$fields = $metaResults->fetchColumn();
var_dump($fields);
$statementParams = '';
foreach ($fields as $field) {
if (empty($statementParams)) {
$statementParams.="\$column['" . $field->name . "']";
} else {
$statementParams.=", \$column['" . $field->name . "']";
}
}
$statment = "\$query->bind_result($statementParams);";
eval($statment);
$query->store_result();
$affected = $query->num_rows;
// TRACE
printf("SQL %d row(s) return", $affected);
if ($affected == 1) {
while ($query->fetch()) {
foreach ($column as $key => $value) {
if ($key == "lookingFor") {
$row_tmb[$key] = formatLookingFor($value, $language, "");
} else {
$row_tmb[$key] = utf8_encode($value);
}
}
$results[] = $row_tmb;
}
$query->free_result();
$query->close();
$profileData = $results[0];
And I can't obtain 1) the right column names 2) the data of the returning row
I try to read help into this site and PHP MySQL PDO documentation from many hours.
Do you look for something like that?
//Datastrucure
include("pdo_dbconnect.php");
$stmt = $db->prepare('select * from information_schema.columns where table_name = "' . $_SESSION[$fenster .'_tabelle'] . '" and table_schema = "' .$database.'"');
$stmt->execute();
$f = -1;
while ($data = $stmt->fetch()) {
$f += 1;
//pmsg($data['COLUMN_NAME'] . ' ' .$data['DATA_TYPE'] . ' ' . $data['CHARACTER_MAXIMUM_LENGTH']);
$_SESSION['_fieldName'][$f] = $data['COLUMN_NAME'];
$_SESSION['_fieldLenght'][$f] = $data['CHARACTER_MAXIMUM_LENGTH'];
$_SESSION['_extra'][$f] = $data['EXTRA'];
}
Below I have Php code that loops through an array and for each it checks if the value already exists in the database and if not, create it. The code itself is working but the loop itself can be insanely big, maximum of a couple tens thousand iterations.
How can I optimize this code? What to use and how to use. There should be a better way to insert this many times without looping through each individual.
foreach($arr as $value){
$checkID = mysqli_query($cenn, "SELECT item_id from items WHERE item_id = '$value'");
if (!$checkID) {
die("Query '$checkID' failed to execute for some reason");
}else{
if (mysqli_num_rows($checkID) > 0) {
$user = mysqli_fetch_array($checkID);
echo "item_id" . checkID . "exists already";
}
else{
echo "item_id: '$user_id' doesn't exist<br>";
$gw2Api = file_get_contents("https://api.guildwars2.com/v2/items/" . $user_id); //12452 30704
$gw2Api_result = json_decode($gw2Api,true);
/*Here would be some code to determine values that are being inserted*/
if (!array_key_exists("description",$gw2Api_result)) {
$description = 'No description available...';
} else{
if($gw2Api_result['description'] === ''){
$description = "No description available...";
} else {
$description = $gw2Api_result['description'];
}
}
$insertItem = "INSERT INTO items
(item_id, name, description,
AccountBindOnUse, AccountBound,
last_update
)
VALUES ('$user_id', '$gw2Api_result[name]', '$description',
'$AccountBindOnUse', '$AccountBound', CURRENT_TIMESTAMP)";
if ($cenn->query($insertItem) === true) {
echo "New record '$user_id' created successfully";
} else {
echo "Error: " . $sql . "<br>" . $cenn->error;
}
}
}
} // end foreach
The question: How to insert many values, new rows, into mysqli database as fast as possible.
Just use bulk insert.
Collect all the rows for insertion and pass it in one query.
echo 'hi';
if (!empty($arr)) {
echo 'ok';
$values = "'" . implode("', '", $arr) . "'";
$qExistingItemIds = mysqli_query($cenn, "SELECT item_id from items WHERE item_id IN($values)");
$existingItemIds = [];
while ($existingItemId = mysqli_fetch_array($qExistingItemIds)) {
$existingItemIds[] = $existingItemId['item_id'];
}
$arr = array_diff($arr, $existingItemIds);
$inserts = array();
$i = 0;
$ic = count($arr);
foreach ($arr as $value) {
$i++;
echo "item_id: $value doesn't exist<br>";
$gw2Api = file_get_contents("https://api.guildwars2.com/v2/items/" . $value); //12452 30704
$gw2Api_result = json_decode($gw2Api,true);
/*Here would be some code to determine values that are being inserted*/
if (!array_key_exists("description", $gw2Api_result)) {
$description = 'No description available...';
} else {
if ($gw2Api_result['description'] === '') {
$description = "No description available...";
} else {
$description = $gw2Api_result['description'];
}
}
$inserts[] = "
('$value', '$gw2Api_result[name]', '$description', '$AccountBindOnUse', '$AccountBound', CURRENT_TIMESTAMP)
";
if ($i == 50 OR $i == $ic) {
$inserts = implode(",", $inserts);
$insert = "
INSERT INTO items
(item_id, name, description, AccountBindOnUse, AccountBound, last_update)
VALUES
$inserts
";
if ($cenn->query($insert) === true) {
echo 'great';
echo "New records created successfully";
} else {
echo "Error: " . $sql . "<br>" . $cenn->error;
}
$ic -= 50;
$i = 0;
$inserts = array();
}
}
}
so now we have only 2 queries. not thousands
details about bulk insert:
http://www.geeksengine.com/database/data-manipulation/bulk-insert.php
If you use prepared statement you should reduce the round trips to the database server and only compile and optimise each query once instead of Number_of_inputs * 2 queries. This should reduce the workload.
I would be very interested to know by how much.
$sql = "SELECT item_id from items WHERE item_id = ?";
$db_select = $cenn->prepare($sql);
if ( ! $db_select ) {
echo $cenn->error;
exit;
}
$sql_insert = "INSERT INTO items
(item_id, name, description,
AccountBindOnUse, AccountBound, last_update)
VALUES (?, ?, ?, ?, ?, CURRENT_TIMESTAMP)";
$db_insert = $cenn->prepare($sql);
if ( ! $db_insert ) {
echo $cenn->error;
exit;
}
foreach($arr as $value){
$db_select->bind_param('i', $value);
$res = $db_select->execute()
if ( $res === FALSE ) {
echo $cenn->error;
exit;
}
if ($db_select->num_rows > 0) {
// dont bother fetching data we already know all we need to
$user = $db_select->free();
echo "item_id $value exists already";
} else {
echo "item_id: $value doesn't exist<br>";
$gw2Api = file_get_contents("https://api.guildwars2.com/v2/items/" . $value);
$gw2Api_result = json_decode($gw2Api,true);
if ( ! array_key_exists("description",$gw2Api_result)
|| $gw2Api_result['description'] === '') {
$description = 'No description available...';
} else{
$description = $gw2Api_result['description'];
}
$db_insert->bind_param('issss', $value, $gw2Api_result[name],
$description, $AccountBindOnUse,
$AccountBound)
if ($cenn->query($insertItem) === true) {
echo "New record $value' created successfully";
} else {
echo "Error: " . $sql_insert . "<br>" . $cenn->error;
}
}
} // end foreach
I am not able to figure out why all of my results are repetitions of the first values it returns.
This code returns the same ID and formatted date repeated over and over again; however, I was expecting it to read a value and then transform that value for each entry in the DB. Here is my code:
<?php
include('../includes/conn.inc.php');
$stmt = $mysql->prepare("SELECT id, endDate FROM TABLE ORDER BY id");
$stmt->execute();
$stmt->bind_result($id, $endDate);
while($row = $stmt->fetch()) {
$dataRow[] = array('id'=>$id,'endDate'=> $endDate);
};
foreach($dataRow as $i) {
$newEndDate = date('Y-m-d',strtotime($endDate));
$sql = 'UPDATE TABLE SET startDate = ? WHERE id= ? ';
$stmt = $mysql->stmt_init();
if ($stmt->prepare($sql)) {
$stmt->bind_param('si',$newEndDate, $id);
$OK = $stmt->execute();}
if ($OK) {
echo $id . " " . $newEndDate . "done <br/>";
} else {
echo $stmt->error;
}
$stmt->close();
};
In your foreach you are always using the last values that were set from the last $stmt->fetch()
Try:
foreach($dataRow as $i) {
$newEndDate = date('Y-m-d',strtotime($i['endDate']));
$id = $i['id'];
$sql = 'UPDATE TABLE SET startDate = ? WHERE id= ? ';
$stmt = $mysql->stmt_init();
if ($stmt->prepare($sql)) {
$stmt->bind_param('si',$newEndDate, $id);
$OK = $stmt->execute();
}
if ($OK) {
echo $id . " " . $newEndDate . "done <br/>";
} else {
echo $stmt->error;
}
$stmt->close();
};
use get_result();
$dataRow = array()
$stmt = $mysql->prepare("SELECT id, endDate FROM TABLE ORDER BY id");
$stmt->execute();
$result = $stmt->get_result();
while($row = $result->fetch_array()) {
$dataRow[$row['id']] = $row['endDate'];
}
and you don't populate your $endDate in the second loop
foreach($dataRow as $i => $endDate){
$newEndDate = date('Y-m-d',strtotime($endDate));
... // rest of your code
I have a html form tat my user can use to search through a table in my MYSQL database.
By default if you just hit go it will display the entire table, however I would like them to be able select certain fields and my php form to search via the fields that are filled in.
I seem to be unable to find a way of doing this without writing a seperate query for all 11 inputs in the different combinations they could be entered in, which comes out at a total of 76 queries..
If anyone has a way to simplify this I would love any advice.
I have tried just running a query with the AND operator but that doesnt work as some variables can be left empty and that will return no result, not sure if that is what is upposed to happen, but that is what is happening.
my html and php:
http://jsbin.com/oquwid/1/edit
PHP
$sql = "SELECT * FROM ".$tbl_name."
WHERE fname='".$fname."'
and lname='".$lname."'
and city='".$city."'
and phone='".$pohne."'
and interest_inet='".$internet."'
and interest_tv='".$television."'
and interest_voice='".$voice."'
and submission_ip='".$ip."'
and inquiry_handled='".$handled."'";
$result = mysql_query($sql);
echo "<table border='1'>";
echo "<tr>";
$i = 0;
while ($i < mysql_num_fields($result))
{
$meta = mysql_fetch_field($result, $i);
echo "<th>".$meta->name."</th>";
$i++;
}
while ($row = mysql_fetch_row($result))
{
echo '<tr>';
foreach($row as $item)
{
echo "<td>".$item."</td>";
}
echo '</tr>';
echo $row;
}
echo "</table>";
You could append parts to the query depending on which are filled in:
if(!empty($fname) || !empty($lname) || !empty($city) || etc.etc.) {
$sql = "SELECT * FROM $tbl_name WHERE ";
$queryParts = array();
if($fname != "") {
$queryParts[] = " fname='$fname'";
}
if($lname != "") {
$queryParts[] = " lname='$lname'";
}
etc.etc.
$sql .= implode(" AND ", $queryParts);
// do query, etc.
}
else {
// Don't do query if no parameters are specified
}
You also need to make sure that you escape all of your query parameters before you use them or risk having someone ravage your data.
The following uses loops to avoid duplicate code:
$fieldIsSpecified = false;
$queryFields = array('fname' => $fname, 'lname' => $lname, 'city' => $city, etc...);
foreach($queryFields as $column => $value) {
if(!empty($value){
$fieldIsSpecified = true;
break;
}
}
if($fieldIsSpecified) {
$sql = "SELECT * FROM $tbl_name WHERE ";
$queryParts = array();
foreach($queryFields as $column => $value) {
if(!empty($value)) {
$queryParts[] = " $column = '$value'";
}
}
$sql .= implode(" AND ", $queryParts);
// do query, etc.
}
else {
// Don't do query if no parameters are specified
}
The reason you're query isn't working if a value is not filled in, is probably because the query results in this (given first name is empty)
SELECT * FROM $tbl_name WHERE fname=''
And there probably isn't a user having no first name.
Further, you considered adding a flag per requested info, and on base of that either add or remove the needed part to the select part of the query ?
For example,
$sql = "SELECT * FROM $tbl_name WHERE ";
$queryChanged = false;
if (isset($fname)){
if (!empty($fname)){
$sql .= "fname='$fname' ";
$queryChanged=true;
}
}
if (isset($lname)){
if (!empty($lname)){
$sql .= ($queryChanged) ? " AND lname='$lname'" : "lname='$lname'";
$queryChanged = true;
}
}
... //Continue the logic
I'd recommend you to read this post about select * as well as this about user input and how to handle it
this is how i am going to have to do it
php:`
//if just lname is set
if(empty($start_date) && empty($end_date) && empty($fname) && isset($lname) && empty($city) &&
empty($internet) && empty($television) && empty($voice) && empty($phone) && empty($ip) &&
empty($handled) && empty($not_handled)){
$sql = "SELECT * FROM ".$tbl_name."
WHERE lname='".$lname."'";
$result = mysql_query($sql);
echo "<table border='1'>";
echo "<tr>";
$i = 0;
while ($i < mysql_num_fields($result))
{
$meta = mysql_fetch_field($result, $i);
echo "<th>".$meta->name."</th>";
$i++;
}
while ($row = mysql_fetch_row($result))
{
echo '<tr>';
foreach($row as $item)
{
echo "<td>".$item."</td>";
}
echo '</tr>';
}
echo "</table>";
exit();
}
//if just city is selected
if(empty($start_date) && empty($end_date) && empty($fname) && empty($lname) && isset($city) &&
empty($internet) && empty($television) && empty($voice) && empty($phone) && empty($ip) &&
empty($handled) && empty($not_handled)){
$sql = "SELECT * FROM ".$tbl_name."
WHERE city='".$city."'";
$result = mysql_query($sql);
echo "<table border='1'>";
echo "<tr>";
$i = 0;
while ($i < mysql_num_fields($result))
{
$meta = mysql_fetch_field($result, $i);
echo "<th>".$meta->name."</th>";
$i++;
}
while ($row = mysql_fetch_row($result))
{
echo '<tr>';
foreach($row as $item)
{
echo "<td>".$item."</td>";
}
echo '</tr>';
}
echo "</table>";
exit();
}
And etc... i am going to have to repeat this process until i cover all, 76 i believe, possibilites. thnkfully its just a lot of copy paste. thanks for the help everyone
First don't use MYSQL_*. Use PDO
Second, with your code, your are requiring all fields to be filled.
If you don't wanna do that then go this way:
You can use WHERE 1=1 , but it's not recommended !!!!!
$sql = "SELECT * FROM ".$tbl_name." WHERE confirm = '0' ";
$sql .= "AND fname = ".$fname."";
$sql .= "AND lname = ".$lname."";
$sql .= "AND city = ".$city."";
$sql .= "AND phone = ".$pohne."";
$sql .= "ORDER BY date DESC";
$result = mysql_query($sql);
echo "<table border='1'>";
echo "<tr>";
$i = 0;
while ($i < mysql_num_fields($result))
{
$meta = mysql_fetch_field($result, $i);
echo "<th>".$meta->name."</th>";
$i++;
}
while ($row = mysql_fetch_row($result))
{
echo '<tr>';
foreach($row as $item)
{
echo "<td>".$item."</td>";
}
echo '</tr>';
echo $row;
}
echo "</table>";