<?php
$connect = mysqli_connect($hostname, $username, $password, $database);
$query = 'select stopname from greenline';
$result = mysqli_query($connect, $query);
?>
<html>
<body>
<form action="try.php" method="get">
<?php
echo "<select name='myselect'>";
while ($row1 = mysqli_fetch_array($result)):;
echo '<option value=" ' . $row1[0] . ' " name="row" >' . $row1[0] . '</option>';
endwhile;
echo "</select>";
?>
<input type="submit" name="submit"/>
</form>
<?php
if (isset($_GET['submit']))
{
$variable = $_GET['myselect'];
$query1 = 'select placeno from greenline where stopname = " ' . $variable . '"';
$result1 = mysqli_query($connect, $query1) or die(mysql_error());
$row2 = mysqli_fetch_assoc($result1);
echo "success";
$var = $row2['placeno'];
echo " this is $var";
} ?>
</body>
</html>
I have done as above in sublime.. it is not extract the variable value in our query.could you please give a solution.. $var is not being displayed
You have ; right after while. This makes your loop a no-op, basically.
Also remove : at the same place.
You have an extra space in the query:
$query1='select placeno from greenline where stopname = " '.$variable.'"';
^
Remove that space and it will work.
But it would be better if you used a prepared statement instad of substituting variables.
$stmt = mysqli_prepare($connect, 'select placeno from greenline where stopname = ?');
mysqli_stmt_bind_param($stmt, "s", $variable);
mysqli_stmt_execute($stmt);
mysqli_stmt_bind_result($stmt, $placeno);
mysqli_stmt_fetch($stmt);
echo "this is $placeno";
You're also adding extra spaces in the html:
echo '<option value=" ' . $row1[0] . ' " name="row" >' . $row1[0] . '</option>';
^ ^
Get rid of these spaces as well.
Related
This question already has answers here:
How to add a delete button to a PHP form that will delete a row from a MySQL table
(5 answers)
Closed 1 year ago.
I am new to php coding.
I am adding each row delete button, but it should not working.
This is my html code:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
$connection = mysql_connect('localhost', 'root','');
if (!$connection)
{
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db( "emp",$connection);
if (!$select_db)
{
die("Database Selection Failed" . mysql_error());
}
$sql = "SELECT * FROM venu ";
$result = mysql_query($sql) or die(mysql_error());
?>
<table border="2" style= " margin: 0 auto;" id="myTable">
<thead>
<tr>
<th>name</th>
<th>id</th>
<th>rollnumber</th>
<th>address</th>
<th>phonenumber</th>
</tr>
</thead>
<tbody>
<?php
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['rollnumber'] . "</td>";
echo "<td>" . $row['address'] . "</td>";
echo "<td>" . $row['phonenumber'] . "</td>";
echo "<td><form action='delete.php' method='POST'><input type='hidden' value='".$row["address"]."'/><input type='submit' name='submit-btn' value='delete' /></form></td></tr>";
echo "</tr>";
}
?>
</tbody>
</table>
</body>
</html>
This is my delete code:
<?php
$connection = mysql_connect('localhost', 'root','');
if (!$connection)
{
die("Database Connection Failed" . mysql_error());
}
$select_db = mysql_select_db( "emp",$connection);
if (!$select_db)
{
die("Database Selection Failed" . mysql_error());
}
error_reporting(0);
session_start();
$name = $_POST['name'];
$id = $_POST['id'];
$rollnumber = $_POST['rollnumber'];
$address = $_POST['address'];
$phonenumber = $_POST['phonenumber'];
if($name!='' and $id!='')
{
$sql = mysql_query("DELETE FROM 'venu' WHERE name='balaji'AND id='93'AND rollnumber='93'AND address='bangalore'AND phonenumber='1234567890'");
echo "<br/><br/><span>deleted successfully...!!</span>";
}
else{
echo "<p>ERROR</p>";
}
mysql_close($connection);
?>
I am trying to delete each row using a button, but it is not working.
In your html view page some change echo "<td><a href='delete.php?did=".$row['id']."'>Delete</a></td>"; like bellow:
<?php
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['rollnumber'] . "</td>";
echo "<td>" . $row['address'] . "</td>";
echo "<td>" . $row['phonenumber'] . "</td>";
echo "<td><a href='delete.php?did=".$row['id']."'>Delete</a></td>";
echo "</tr>";
}
?>
PHP delete code :
<?php
if(isset($_GET['did'])) {
$delete_id = mysql_real_escape_string($_GET['did']);
$sql = mysql_query("DELETE FROM venu WHERE id = '".$delete_id."'");
if($sql) {
echo "<br/><br/><span>deleted successfully...!!</span>";
} else {
echo "ERROR";
}
}
?>
Note : Please avoid mysql_* because mysql_* has beed removed from
PHP 7. Please use mysqli or PDO.
More details about of PDO connection http://php.net/manual/en/pdo.connections.php
And more details about of mysqli http://php.net/manual/en/mysqli.query.php
First you need to change your button like
echo "<td>Delete</td>";
this will send the ID of the row which you want to delete to the delete.php
Secondly you need to change a bit your delete.php currently is wide open for SQL injections. Try using MySQLi or PDO instead
if(isset($_GET['id'])) {
$id = $_GET['id'];
$stmt = $mysqli->prepare("DELETE FROM venu WHERE id = ?");
$stmt->bind_param('i', $id);
$stmt->execute();
$stmt->close();
}
Of course if you need to add more parameters in delete query you should pass them also with the button..
EDIT: Simple example for update record
You can put second button on the table like
echo "<td>Update</td>";
Then when you click on it you will have the ID of the record which you want to update. Then in update.php
if(isset($_GET['id'])) {
$id = $_GET['id'];
$stmt = $mysqli->prepare("UPDATE venu SET name = ?, rollnumber = ?, address = ? WHERE id = ?");
$stmt->bind_param('sisi', $name, $rollnumber, $address, $id);
$stmt->execute();
$stmt->close();
}
Here ( in update.php ) you can have form which you can fill with new data and pass to variables $name, $rollnumber, $address then post it to update part.
Something to start with: PHP MySqli Basic usage (select, insert & update)
change up your query to use the dynamic value entered by the user, right now it is hard coded in there.
session_start();
require_once 'conn.php';
class myClass extends dbconn {
public function myClassFunction(){
try {
$id = $_GET['id'];
if(isset($_GET['id'])) {
$sql = "DELETE FROM tablename WHERE id = ?";
$stmt = $this->connect()->query($sql);
$stmt->bind_param('i', $id);
header("location: ../filepath/index.php");
}
} catch (PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
}
}
This line is wrong, you need to set the WHERE clause to the data you get from the hidden input value
$sql = mysql_query("DELETE FROM 'venu' WHERE name='balaji'AND id='93'AND rollnumber='93'AND address='bangalore'AND phonenumber='1234567890'");
Should be:
$sql = mysql_query("DELETE FROM 'venu' WHERE address='"._POST['address']."'");
And in the little form you are using, change:
<input type='hidden' value='".$row["address"]."'/>
to:
<input type='hidden' name='address' value='".$row["address"]."'/>
Okay so I had been trying this for very long . But i couldn't succeed so i need your kind help .
In another file I had submitted my entries into databse with no problems .Now i created a file ppp.html file to help user update database .
here is ppp.html
<html>
<form action="l.php" method="post">
<input type ="text" name ="complaint">
<input type="text" name="dte"></input>
<input type="submit"></input>
</form>
</html>
I diverted the file to l.php .The function of l.php will be to show data from database . i have added one condition in query where category=$complaint .it works properly but now i need two conditions where category =$complaint and also where dte=$date
How to do that . Here is l.php file
<?php
$complaint = "";
if (isset($_POST['complaint'])) {
$complaint = $_POST['complaint'];
}
$dte = "";
if (isset($_POST['date'])) {
$dte = $_POST['date'];
}
mysql_connect("localhost", "root", "") or die("couldnt attack ");
mysql_select_db("site")or die('i surrender');
$query = ("SELECT * FROM site2 where category='$complaint'") or die("couldnt select");
$result = mysql_query($query) or die('hghyt');
while ($complaint = mysql_fetch_array($result)) {
echo"<td>" . '<br>' . $complaint['category'] . "</tr>";
echo "<td>" . '<br>' . $complaint['quantity'] . "</tr>";
echo "<td>" . '<br>' . $complaint['place'] . "</tr>";
echo "<td>" . '<br>' . $complaint['dte'] . "</tr>";
ECHO"<TR>" . "<A HREF='update.php?complaint=" . $complaint['category'] . "'>" . "UPDATE" . "</A>";
echo "<br/>";
ECHO"</table>";
}
?>
You add AND to the SQL statement. Like this:
("SELECT * FROM site2 where category='$complaint' AND dte='$dte'");
You should always escape or bind your variables in order to protect yourself from SQL injection.
For further reading about SQL injection: What is SQL injection?
You shouldn't even be using mysql_*.
Read this: Why shouldn't I use mysql_* functions in PHP?
Edit:
$query = "SELECT * FROM site2 where category='$complaint' AND dte='$dte'";
Just add AND to your WHERE conditions like this:
$query=("SELECT * FROM site2 WHERE category='$complaint'" AND dte='$dte'")
But you should use PDO.
$queryString ='';
$complaint = "";
if (isset($_POST['complaint'])) {
$complaint = $_POST['complaint'];
$queryString = "where category='$complaint'";
}
$dte = "";
if (isset($_POST['date'])) {
$dte = $_POST['date'];
if($queryString==""){
$queryString = "where dte='$dte'";
}else{
$queryString .= "and dte='$dte'";
}
mysql_connect("localhost", "root", "") or die("couldnt attack ");
mysql_select_db("site")or die('i surrender');
$query = ("SELECT * FROM site2 $queryString") or die("couldnt select");
I have written this code, but it does not work and I cannot find any mistake. It filters data from mysql database. Below I pasted one code without $_post form and this works fine. But I need a filter due to the high volume of data.
`
include "db_connect.inc.php";
$sql = "SELECT versicherungsnamen, franchise, praemie FROM praemien";
$sql .= " where kanton = " . $_POST["kanton"]
. " and franchise = ". $_POST["franchise"];
$sql .= " order by praemie";
$res = mysqli_query($con, $sql);
$num = mysqli_num_rows($res);
if ($num==0) echo "Keine Datensätze gefunden";
while ($dsatz = mysqli_fetch_assoc($res))
echo $dsatz["versicherungsnamen"] . ", "
. $dsatz["praemie"] . "<br />";
mysqli_close($con);
?>
</body>
</html>`
But when i try this code without $_post option it works fine
<html>
<body>
<?php
include "db_connect.inc.php";
$res = mysqli_query($con, "SELECT versicherungsnamen, franchise, praemie FROM praemien");
while ($dsatz = mysqli_fetch_assoc($res))
{
echo $dsatz["versicherungsnamen"] . ","
.$dsatz["franchise"] . ","
.$dsatz["praemie"] . "<br />";
}
?>
</body>
</html>
before select replace post vars into separate variables then use this new vars in select query.
$kanton = $_POST['kanton'];
$franchise = $_POST['franchise'];
$sql = "SELECT versicherungsnamen, franchise, praemie FROM praemien where kanton = " . $kanton . " and franchise = ". $franchise. " order by praemie";
...
I have a simple program that I am trying to implement some sort of pagination/capability to navigate through individual records in a MySQL database. The code itself calls a function that returns an associative array so that the records may be navigated sequentially in the case of non-sequential indices being made by deletes.
function getKeys($handle, $user, $password) {
try {
$conn = new PDO($handle,$user,$password);
$conn -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
echo "Error connectiong to database. Error: (" . $e -> getMessage() . ")";
}
$sql = "Select Workstation_ID from Workstation";
$result = $conn -> query($sql);
$resultArray = array();
while ( $row = $result -> fetch()) {
$resultArray[] = $row;
}
$conn = null;
return $resultArray; }
I am attempting to store the result from this function into a variable and from there try to increment that variable for use in an other function:
$Keys = getKeys($dsn,$un,$pw);
$i = 0;
$currID = $Keys[$i][0];
$row = getResultSet($dsn,$un,$pw,$currID);
I would then use the $row to display the current workstation :
echo "<hr class='viewHR'>";
echo "</br></br><div class='viewFormat'>";
echo "<form name = 'updateWorkstationForm' action ='updateWorkstation.php' method ='post'>";
echo "<b>Workstation Name:</b><br><input type = 'Textbox' name = 'pcName' value = '" . $row['Workstation_Name'] . "'/></br>";
echo "<b>Serial Number: </b><br> <input type = 'Textbox' name = 'SN' value = '" . $row['Serial_Number'] . "'/></br>";
echo "<b>Model</b></br>";
echo "<select name ='modelSelect'>";
echo "<option value = '".$row['Model_ID'] . "'>" . $row['Model'] . "</option>";
echo "</select></br>";
echo "<b>Department</b></br>";
echo "<select name ='DepartmentSelect'>";
echo "<option value = '".$row['Department_ID'] . "'>" . $row['Department'] . " </option>";
echo "</select></br>";
I was wondering if I was going about this completely wrong or how I would approach incrementing the array's index to display each record on a click of an anchor tag or button the whole file is as follows :
<html>
<body>
<div>
<?php
$un = "xxx";
$pw = "xxxxxx";
$dsn = "mysql:host=127.0.0.1;dbname=xxxxxxxxxxx";
$Keys = getKeys($dsn,$un,$pw);
$i = 0;
$currID = $Keys[$i][0];
$row = getResultSet($dsn,$un,$pw,$currID);
echo "<hr class='viewHR'>";
echo "</br></br><div class='viewFormat'>";
echo "<form name = 'updateWorkstationForm' action ='updateWorkstation.php' method = 'post'>";
echo "<b>Workstation Name:</b><br> <input type = 'Textbox' name = 'pcName' value = '" . $row['Workstation_Name'] . "'/></br>";
echo "<b>Serial Number: </b><br> <input type = 'Textbox' name = 'SN' value = '" . $row['Serial_Number'] . "'/></br>";
echo "<b>Model</b></br>";
echo "<select name ='modelSelect'>";
echo "<option value = '".$row['Model_ID'] . "'>" . $row['Model'] . "</option>";
echo "</select></br>";
echo "<b>Department</b></br>";
echo "<select name ='DepartmentSelect'>";
echo "<option value = '".$row['Department_ID'] . "'>" . $row['Department'] . "</option>";
echo "</select></br>";
echo "<b>Room</b></br>";
echo "<select name ='RoomSelect'>";
echo "<option value = '".$row['Room_ID'] . "'>" . $row['Room'] . "</option>";
echo "</select></br>";
echo "<b>Property Status</b> </br>";
echo "<select name = 'propertyStatus'>";
echo "<option value = '".$row['Property_Status_ID'] . "'>" . $row['Property_Status'] . "</option>";
echo "</select></br>";
if ($row['Property_Status'] != "Owned"){
echo "<b>Lease Company:</b> ";
echo "<select name = leaseSelect>";
echo "<option value = '" . $row['Lease_Info_ID'] ."'>Company:" . $row['Company'] . ", Start: " . $row['Start_Date'] . "End: " .$row['End_Date'] . "</option>";
echo "</select></br>";
}
echo "<b>Cart</b></br>";
echo "<select name ='cartSelect'>";
echo "<option value = '".$row['Cart_ID'] . "'>" . $row['Cart_Type'] . "</option>";
echo "</select></br>";
echo "<b>Workstation Comments: </b><br> <Textarea rows='5' cols='60' name = 'wsComments'> ". $row['Workstation_Comment'] . " </Textarea></br>";
echo "<b>Location Comments: </b><br> <Textarea rows='5' cols='60' name = 'locComments'> ". $row['Workstation_Comment'] . " </Textarea></br>";
echo "<input type = 'submit' value = 'Update' />";
echo "<input type = 'button' value = 'Cancel' onclick = 'location.reload(this);' />";
echo "</form>";
echo "</div>";
/*Function to return a parallel array. This is so that non-sequential records in the database may be described sequentially with the help of an array's indices*/
function getKeys($handle, $user, $password) {
try {
$conn = new PDO($handle,$user,$password);
$conn -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
echo "Error connectiong to database. Error: (" . $e -> getMessage() . ")";
}
$sql = "Select Workstation_ID from Workstation";
$result = $conn -> query($sql);
$resultArray = array();
while ( $row = $result -> fetch()) {
$resultArray[] = $row;
}
$conn = null;
return $resultArray;
}
function getResultSet($handle, $user, $password, $ID) {
$resultSet = "";
try {
$conn = new PDO($handle,$user,$password);
$conn -> setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(PDOException $e) {
echo "Error connectiong to database. Error: (" . $e -> getMessage() . ")";
}
$sql = "Select Workstation.Workstation_ID,Workstation.Model_ID,Workstation.Property_Status_ID,workstation.Lease_Info_ID, Workstation.Workstation_Name, Workstation.Serial_Number, Model.Model, Department.Department,Room.Room,Property_Status.Property_Status,Lease_Info.Start_Date,Lease_Info.End_Date,Lease_Info.Company,Lease_Info.Lease_Comment,Cart.Cart_Type,Workstation.Workstation_Comment,Workstation.Location_Comment from Workstation INNER JOIN Model ON Workstation.Model_ID = Model.Model_ID INNER JOIN Department ON Workstation.Department_ID = Department.Department_ID INNER JOIN Room ON Workstation.Room_ID = Room.Room_ID INNER JOIN Property_Status ON Workstation.Property_Status_ID = Property_Status.Property_Status_ID INNER JOIN Lease_Info ON Workstation.Lease_Info_ID = Lease_Info.Lease_Info_ID INNER JOIN Cart ON Workstation.Cart_ID = Cart.Cart_ID where Workstation_ID = :ID";
$pstmt = $conn -> prepare($sql);
if(!$pstmt) {
echo "Error preparing the statement. Error: (" . $conn -> ErrorInfo() . ")";
}
$pstmt -> bindParam(':ID', $ID);
try {
$pstmt -> execute();
}
catch(PDOException $e) {
echo "Failed to execute prepared Statement. Error: (" . $e -> getmessage() . ")";
}
$resultSet = $pstmt -> fetch();
return $resultSet;
$conn = null;
}
?>
</div>
</body>
</html>
Any criticism, insight, or pointers would be greatly appreciated.
You shouldn’t be fetching all records if you only intend to display a subset, or just one.
To paginate, use the LIMIT clause. So, if you split records into pages of ten, then to get the first page your query would be:
SELECT * FROM workstations LIMIT 0,10
Where the first number is the offset, and the second number is the number of records after the offset you wish to fetch. To fetch the second page, you’d change the limit clause to be LIMIT 10,10; to fetch the third page LIMIT 20,10, and so on. The PHP equation is:
$offset = (($page - 1) * $records_per_page);
The page value can come from a $_GET variable, like http://www.example.com/?page=1.
Secondly, if you’re only wanting to display one record, then fetch that one:
SELECT * FROM workstations WHERE id = ? LIMIT 1
Pass the ID via a $_GET parameter again, and use PDO to bind it to avoid SQL injection vulnerabilities:
<?php
$sql = "SELECT * FROM workstations WHERE id = :id LIMIT 1";
$sth = $db->prepare($sql);
$sth->bindParam(':id', $_GET['id'], PDO::PARAM_INT);
$sth->execute();
$row = $sth->fetchObject();
How can I get data from my database to show. I am not very experienced with PHP or MySQL.
I do not get an error message but no data shows so what am I doing wrong?
PHP
<?php
if(strlen(trim($_POST['search'])) > 0) {
$search = "%" . $_POST["search"] . "%";
$searchterm = "%" . $_POST["searchterm"] . "%";
mysql_connect ("cust-mysql-123-03", "", "");
mysql_select_db ("weezycouk_641290_db1");
if (!empty($_POST["search_string"]))
{
}
$query = "SELECT name,lastname,email FROM contact WHERE name LIKE '%$search%' AND
lastname LIKE '%$searchterm%'";
$result = mysql_query ($query);
echo mysql_error();
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
echo $row["name"];
echo $row["lastname"];
echo $row["email"];
} ?>
<?php echo $row["name"]; ?>
<br>
<?php echo $row["lastname"]; ?>
<br>
<?php echo $row["email"]; ?>
<?php
}
}
?>
It should be like this:
<?php
if(strlen(trim($_POST['search'])) > 0) {
mysql_connect ("cust-mysql-123-03", "", "");
mysql_select_db ("weezycouk_641290_db1");
$query = "SELECT name,lastname,email FROM contact WHERE name LIKE '%" . mysql_real_escape_string($_POST['search']) . "%' AND lastname LIKE '%" . mysql_real_escape_string($_POST['searchstring']) . "%'";
$result = mysql_query ($query);
echo mysql_error();
if ($result) {
while ($row = mysql_fetch_assoc($result)) {
echo $row["name"];
echo $row["lastname"];
echo $row["email"];
} ?>
<?php echo $row["name"]; ?>
<br>
<?php echo $row["lastname"]; ?>
<br>
<?php echo $row["email"]; ?>
<?php
}
}
?>
The mysql_real_escape_string is to prevent mysql injection which is a serious risk.
Make sure the query you are executing returns record(s). You can check this by adding an echo statement which will print the query in your screen. Copy that and run it againist the database.You can use any mysql front end tools(php myadmin,mysqlyog to run the query. If there is any error in the query, you can see that then.
$query = "SELECT name,lastname,email FROM contact WHERE name LIKE '%$search%' AND
lastname LIKE '%$searchterm%'";
//the below line will print the query on the screen
echo $query;
$result = mysql_query ($query);