We Keep Coding

php - for loop takes only the first value from mysql result

In this code I'm trying to create as many modal boxes as the rows of my query result. This works! Then I want to fill these modal boxes with as many checkboxes as the number $row['seats_no'] from database. Here we have a problem..in every modal box it creates the same amount of checkboxes as the first one. What I mean is that the $row['seats_no'] has the number from the first row in every row.
<?php
session_start();
if(!isset($_SESSION['name']) && !isset($_SESSION['email']) && !isset($_SESSION['id']) && !isset($_SESSION['cash'])){
header("location: Start.php");
}
$name=trim($_SESSION['name']);
$email=trim($_SESSION['email']);
$dbc = mysqli_connect("localhost","root","","my_db");
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
mysqli_query($dbc,"SET NAMES 'utf8'");
mysqli_query($dbc,"SET CHARACTER SET 'utf8'");
if (isset($_POST['buy']) && isset($_POST['consert_id'])){
$q = "SELECT ticket_id, section, cost, seats_no FROM tickets INNER JOIN concert ON tickets.consert_id=concert.concert_id WHERE concert.concert_id=".$_POST['consert_id'];
//ticket_id, concert_id, section, cost, seats_no, concert_id,concert_name, date, place, category, description
$r = mysqli_query($dbc,$q);
$num= mysqli_num_rows($r);
$q1 = "SELECT * FROM concert WHERE concert_id=".$_POST['consert_id'];
$r1 = mysqli_query($dbc,$q1);
$first = mysqli_fetch_assoc($r1)
?>
<!DOCTYPE html>
<html>
<title>Seats</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://www.w3schools.com/w3css/4/w3.css">
<link type="text/css" rel="stylesheet" href="seats_style.css">
<body>
<div style="z-index:1;position:fixed;">
<ul>
<li>E-Viva</li>
<li>Ανανεωση υπολοιπου</li>
</ul>
</div>
<div class="background">
<div class="transbox">
<div class="w3-container">
<img src="https://s3-us-west-2.amazonaws.com/s.cdpn.io/199011/concert.png">
<h1><?=$first['concert_name']?></h1>
<div style="left:0;"><?=$first['date']?></div>
<div style="right:0;"><?=$first['place']?></div>
<p><?=$first['description']?></p>
<?php
while ($row = mysqli_fetch_array($r)) {
?>
<div style="margin-left:5em;padding:5px;"><?=$row['section']?></div>
<div style="margin-left:5em;padding:5px;">Τιμή <?=$row['cost']?>€</div>
<div style="margin-left:5em;padding:5px;"><button onclick="document.getElementById('id01').style.display='block'" class="w3-button w3-black">Κράτηση</button></div>
<div id="id01" class="w3-modal" background="black">
<div class="w3-modal-content">
<div class="w3-container">
<span onclick="document.getElementById('id01').style.display='none'" class="w3-button w3-display-topright">×</span>
<p><h2>Διαλεξε τις θεσεις που θες</h2></p>
<form action="buy.php" method="post">
<table>
<?php
$num=0;
for($j=1; $j<=10; $j++){
echo "<tr>";
for($i=1; $i<= $row['seats_no']/10; $i++){
$num++;
echo "<td><input class='seat' type=\"checkbox\" name=\"s[]\" id=\"".$num."\" value=\"".$num."\"><label for=\"".$num."\">".$num."</label><input type='hidden' name='ticket_id' value='".$row['ticket_id']."'><input type='hidden' name='cost' value='".$row['cost']."'></td>";
}
echo "</tr>";
}
echo "</table><input class=\"ok\" type=\"submit\" name=\"ok\" value=\"Κράτηση\"></form></div></div></div><br>";
}
}
mysqli_free_result($r1);
mysqli_free_result($r);
mysqli_close($dbc);
?>
</div>
</div>
</div>
</body>
</html>
here are the results i get from executing my query at phpMyAdmin
Here are the buttons I create to open the modals
And here is the modal from the last button i clicked that in the database shows it should be 60 checkboxes but it shows 180

Κατερίνα,
Try to change the while ($row = mysqli_fetch_array($r)) {...} with a foreach loop,
like as foreach( mysqli_fetch_array($r) as $row ) {....}
Just a thought.
Also, you close one bracket too soon, remove one before the first mysqli_free_result($r1) and close it after the closing html tag </html> at the end of the file.
Also, as #tadman said, do some research and use parameterized queries. Your code it's very prone to MySQL Injections and you will face several problems. As far as i can see that page has to do with payments, or pre-payment.
Anyways, i hope i helped you.
Καλή επιτυχία ;)

Changing HTML menubar based on php session properties?

So, I have a MySQL database that list users as managers or employees. I want to change the menubar that they see based on the properties. I did have all this done in php, but when going through a re-design I thought about putting it in html files, but I can't quite figure out how this should work.
Here is the php code that I was using to do the operation in the file menubar2.php:
<?php
$email = $_SESSION['logname'];
$results = "SELECT email FROM manager_list WHERE email = '$email'";
$results = mysqli_query($cxn, $results) or die("Query died: query");
$numrows = mysqli_num_rows($results);
if ($numrows == 0)
{
echo"<div id='menu'>";
echo"<ul>";
echo"<li><a href='index2.php'>Quick Review</a></li>";
echo"<li><a href='myPerformance.php'>My Peformance</a></li>";
echo"<li><a href='myGoals.php'>My Goals</a></li>";
echo"<li><a href='sHelp.php'>Help</a></li>";
echo"</ul>";
echo"</div>";
}
if ($numrows > 0)
{
echo"<div id='menu'>";
echo"<ul>";
echo"<li><a href='index2.php'>Quick Review</a></li>";
echo"<li><a href='myPerformance.php'>My Peformance</a></li>";
echo"<li><a href='myGoals.php'>My Goals</a></li>";
echo"<li><a href='toolsManager.php'>Manager Tools</a></li>";
echo"<li><a href='sHelp.php'>Help</a></li>";
echo"</ul>";
echo"</div>";
}
?>
And here is where I was using it (index.html)
<?php
include('sessionauth.php');
?>
<!DOCTYPE html>
<html>
<head>
<title>TinyEval</title>
<link href="style.css" rel="stylesheet" type="text/css" media="screen" />
</head>
<body>
<div id="wrapper">
<?php
include('header2.php');
include('menubar2.php');
?>
<!-- begin #page -->
<div id="page">
<div id="content">
<div class="post">
<h2 class="title">Frequently Asked Questions</h2>
<div class="entry">
<p>How do I fix my headers?</p>
</div>
</div>
</div>
</div>
<div style="clear: both;"> </div>
<!-- end #page -->
</div>
<?php include('footer2.php'); ?>
</body>
</html>
Is there a way I can do this without the include for the menubar2.php - that is, put it all in the html file itself, but without having to use all the echo statements?
Sorry for the newb question, but I'm driving myself batty trying to figure out how html and php/MySQL all tie together.
Thanks!

This approach is solid, so long as you name your index file index.php. PHP was originally an HTML templating language, and using it like this with includes for portions of the page is perfectly correct. You could put that code directly into index.php, but using includes makes your code more reusable. Also, here is simpler and more DRY way to alter the menu when you get more than 0 rows back:
$numrows = mysqli_num_rows($results);
//these lines get echoed in both cases
echo "<div id='menu'>";
echo "<ul>";
echo "<li><a href='index2.php'>Quick Review</a></li>";
echo "<li><a href='myPerformance.php'>My Peformance</a></li>";
echo "<li><a href='myGoals.php'>My Goals</a></li>";
if ($numrows > 0) {
echo "<li><a href='toolsManager.php'>Manager Tools</a></li>";
}
echo "<li><a href='sHelp.php'>Help</a></li>";
echo "</ul>";
echo "</div>";
To expand just a bit further on PHP - it's a server-side language, meaning it does not run in the user's browser like Javascript. When the browser requests a page that ends in PHP, the server runs the script, prints out the results (usually as HTML) and gives the browser only the rendered output. In this case, even though your main index.php and the includes all have php scripts in them, what appears in the browser is the output of the script only.

What's wrong with this simple php code querying a database and displaying results?

This is simply additional functionality for an assignment where I have created a water level monitor device. All I want the web page to do is display a couple of SQL results. However, none of the PHP in the page seems to run at all. I have tested the SQL statements and they work fine so it is definitely my PHP. Any help would be appreciated, cheers!
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='cs' lang='cs'>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv='Content-Language' content='cs' />
<link rel="stylesheet" href="styl.css" type="text/css" />
<title>Flood Detector</title>
<?php
error_reporting(E_ALL); ini_set('display_errors', 1);
$con=mysqli_connect("");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
</head>
<body>
<div id="header">
<h2>Flood Detector</h2>
<ul id="menu-top">
<li>Home</li>
<li>Records</li>
</ul>
</div>
<div id="contain">
<div id="left">
<h1>Welcome</h1>
<p> Your water levels are currently <?php
$sql = "SELECT BODY FROM sms ORDER BY ID DESC LIMIT 1";
$result = mysqli_query($con, $sql)
or die(mysqli_error($con));
while($row = mysqli_fetch_array($result)){
print_r($row);
?></p>
<br>
<br>
<p> Your water has reached dangerous levels <?php
if ($dangerresult = mysqli_query($con, "SELECT * FROM sms WHERE BODY = ' warning'")) {
$count = mysqli_num_rows($dangerresult);
echo $count;
}
?>
times
</p>
</div>
<div class="cleaner"></div>
</div>
</body>
</html>

Firstly, you need to pass DB connection to your queries.
You also have a space in ' warning' so that may cause problems; remove it 'warning' if you're not getting results with my answer/code below.
$sql = "SELECT BODY FROM sms ORDER BY ID DESC LIMIT 1";
$result = mysqli_query($con,$sql);
echo $result;
Sidenote: I don't know why you're doing echo $result; so you may need to elaborate on that.
Or try something like:
while($row = mysqli_fetch_array($result))
{
echo "Your water levels are currently " . $row['BODY'];
echo "<br>";
}
and $mysqli_query that is a function not a variable.
In regards to mysqli_num_rows(), try using it this way, since you want to check if num_rows() does return a value as per the word you're looking for, being "warning".
$dangerresult = mysqli_query($con, "SELECT * FROM sms WHERE BODY = ' warning'");
$count = mysqli_num_rows($dangerresult);
if($count > 0){
echo $count;
}
else{
echo "Empty.";
}
Edit:
Or try:
$dangerresult = mysqli_query($con, "SELECT * FROM sms WHERE BODY = 'warning'");
$count = mysqli_num_rows($dangerresult);
if($count > 0){
echo $count;
}
else{
echo "Empty.";
}
while($row = mysqli_fetch_array($dangerresult))
{
echo "Your water levels are currently " . $row['BODY'];
echo "<br>";
}
Also add or die(mysqli_error($con)) to all the mysqli_query() and error reporting.
Plus, in regards to SQL injection, use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

There's many problems with that code.
First, you need to pass your $con arround, the mysqli_query function needs to know what connection you're referring to, check the manual page for mysqli_query().
Then there's also the line if ($dangerresult = $mysqli_query(..., where you're referring to mysqli_query as a variable.
Also,
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
Is lacking a closing bracket, so the rest of the script is only executed in case of error (and it's a syntax error too).

You did not use mysqli_select_db and mysqli_fetch_array function to fetch data. Please try this :
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns='http://www.w3.org/1999/xhtml' xml:lang='cs' lang='cs'>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8" />
<meta http-equiv='Content-Language' content='cs' />
<link rel="stylesheet" href="styl.css" type="text/css" />
<title>Flood Detector</title>
<?php
$con=mysqli_connect("*****************","*********","********","***********");
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
?>
</head>
<body>
<div id="header">
<h2>Flood Detector</h2>
<ul id="menu-top">
<li>Home</li>
<li>Records</li>
</ul>
</div>
<div id="contain">
<div id="left">
<h1>Welcome</h1>
<p> Your water levels are currently <?php
$sql = "SELECT BODY FROM sms ORDER BY ID DESC LIMIT 1";
$result = mysqli_query($sql);
//echo $result;
while($row = mysqli_fetch_array($result)){
print_r($row);
}
?></p>
<br>
<br>
<p> Your water has reached dangerous levels <?php
if ($dangerresult = mysqli_query("SELECT * FROM sms WHERE BODY = ' warning'")) {
$count = mysqli_num_rows($dangerresult);
echo $count;
}
?>
times
</p>
</div>
<div class="cleaner"></div>
</div>
</body>
</html>

Get data using variable from query string?

I hope the title I used here was understandable...
I have a database with two columns: ward_id and ward_name.
I wish to create dynamic pages for each ward and have the ward_name show in the page title. I have created a header.php file which I am including.
I am passing the id through the URL using ....?wid={$row['ward_id']} which is working fine when I create other queries that use that id to get data from the database.
However the problem I am having is that the page refuses to display the ward_name as the page title. I expected something like this to work:
$wardid = $_GET['wid'];
$query = "SELECT ward_name, ward_id FROM wards WHERE ward_id=$wardid";
$result = mysql_query($query);
while ($row=mysql_fetch_array($result))
{
$pagetitle = "$row['ward_name']";
}
But it doesn't, I have tried so many variations on the above I can't possibly remember them all now so I really hope someone can help me... Here is the code as it currently stands:
Header Page:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta charset="utf-8">
<title><?php echo $pagetitle; ?></title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<div class="wholepage">
<div class="headlinewrapper">
<div class="headline">
<h1></h1>
<h2></h2>
</div>
</div>
<div class="headlinesidewrapper">
<div class="headlineside">
<p>shv jsfj sjnsf jnsf nsnf nj njsfn
njfjn sfns njf njnsf njs dgbjn dn jnd njjn dd d d nj njd njnd njd nn djndj njd</p>
</div>
</div>
<div class="topnavigation">
<ul>
<li>Home</li>
<li>Boroughs</li>
<li>Wards</li>
</ul>
</div>
<div class="sidebar">
</div>
<div class="mainpagewrapper">
Dynamic page:
<?php
$pagetitle = "Hello";
include ('header.php');
?>
<div class="mainpage">
<div class="infobox">
</div>
<?php
require('mysqli_connect.php');
mysql_select_db('onetwom2_london');
$wardid = $_GET['wid'];
$query = "SELECT ward_name, ward_id FROM wards WHERE ward_id=$wardid";
$result = mysql_query($query);
while ($row=mysql_fetch_array($result))
{
echo "<div class=\"boroughlist\"><p>{$row['ward_name']}</p></div>" ;
}
$pagetitle = $result;
?>
<div class="clear">
</div>
</div>
</div>
</div>
</body>
</html>
So I just want to know how/if it is possible to match the id passed through the URL to the ward_id stored on the database and then have the page title display the ward_name linked to that id. I apologise if this is a really easy question, I have spent hours trying to work this out and I am completely stumped! (the code I posted above is just the end result of 5 hours of frustration so please appreciate I have tried hard before asking you for help :) )

You should step through the problem to see where it goes awry, var-dump $pagetitle in the while loop. See what is being stored if it comes out as NULL you are not retrieving anything from the DB and there is an issue with either Query. if it has the correct variable the problem is with your PHP. Var_dump $pagetitle in your header.php file to be sure it is getting the correct variable.
Let me know the outcome and I can help you from there
<?php
$wardid = $_GET['wid'];
$query = "SELECT ward_name, ward_id FROM wards WHERE ward_id=$wardid";
$result = mysql_query($query);
while ($row=mysql_fetch_array($result))
{
$pagetitle = "$row['ward_name']";
//Step Through The Problem
var_dump($pagetitle);
}
include ('header.php');
?>
<div class="mainpage">
<div class="infobox">
</div>
<?php
require('mysqli_connect.php');
mysql_select_db('onetwom2_london');
$wardid = $_GET['wid'];
$query = "SELECT ward_name, ward_id FROM wards WHERE ward_id=$wardid";
$result = mysql_query($query);
while ($row=mysql_fetch_array($result))
{
echo "<div class=\"boroughlist\"><p>{$row['ward_name']}</p></div>" ;
}
$pagetitle = $result;
?>
<div class="clear">
</div>
</div>
UPDATED - Try This
<?php
require('mysqli_connect.php');
mysql_select_db('onetwom2_london');
$wardid = $_GET['wid'];
$query = "SELECT ward_name, ward_id FROM wards WHERE ward_id=$wardid";
$result = mysql_query($query);
while ($row=mysql_fetch_array($result))
{
$pagetitle = $row['ward_name'];
//Step Through The Problem
var_dump($pagetitle);
}
include ('header.php');
?>
<div class="mainpage">
<div class="infobox">
</div>
<?php
$result2 = mysql_query($query);
while ($row2=mysql_fetch_array($result2))
{
echo "<div class=\"boroughlist\"><p>{$row2['ward_name']}</p></div>" ;
}
?>
<div class="clear">
</div>
</div>

Do yourself a favor and use some ORM or library that gives you parameterized queries.
This code opens you right up for SQL-injection attacks:
$wardid = $_GET['wid'];
$query = "SELECT ward_name, ward_id FROM wards WHERE ward_id=$wardid";

First of all, avoid using double quotes as much as possible. Use single ' quotes instead. Double quotes makes php look for variables in the string which will be parsed. Using single quotes, any variables in the string will be echo'd as plain text, increasing overall performance.
So,
instead of
$pagetitle = "$row['ward_name']";
you want to use
$pagetitle = $row['ward_name'];
The same here:
echo "<div class=\"boroughlist\"><p>{$row['ward_name']}</p></div>";
should be changed into:
echo '<div class="boroughlist"><p>'.$row['ward_name'].'</p></div>';
Using single quotes makes \" also obsolete, making the code more readable and it'll be easier to write.
 
For working with databases in PHP I recommend you to work with a MySQLi Class. Have a look at https://github.com/ajillion/PHP-MySQLi-Database-Class . It's easy to implement and the learning curve is low.
MySQLi is the successor of MySQL (which is deprecated by now). With MySQLi prepared statements got introduced which make your queries containing (user) input save against SQL Injection. PDO would be even better, but it's harder to use.
Regarding $wardid = $_GET['wid'];: Make sure the value is being interpreted as integer. So try this:
$wardid = (int) $_GET['wid']; // type cast to integer aka Type Juggling
$query = 'SELECT ward_name, ward_id FROM wards WHERE ward_id=`'.$wardid.'` LIMIT 1';
Notice the LIMIT 1. This limits the query to one result, making it perform better as it stops right after it has found a result.
Good luck on your way learning more about SQL and PHP :-)
Edit:
According to a comment from the questioner, I want to add a rewritten example of the code given in the question:
<?php
// I'll demonstrate how to use the MySQLi Class
require_once('mysqlidb.php');
// Connect to the database
$db = new Mysqlidb('host', 'username', 'password', 'databaseName');
// Get the wid from the uri
$wardid = $_GET['wid'];
// Fetch the page title from the db
$result = $db->where('ward_id', $wardid)->get('wards', 1);
$pagetitle = $result['ward_name'];
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title><?php echo $pageTitle; ?></title>
<link rel="stylesheet" href="style.css">
</head>
<body>
<!-- A templating engine like smarty would make things easier -->
<section class="whole-page">
<div class="headline-wrapper">
<div class="headline">
<h1></h1>
<h2></h2>
</div>
</div>
</section>
<div class="headline-sidewrapper">
<div class="headline-side">
<p>Lorem ipsum...</p>
</div>
</div>
<nav class="top-navigation">
<ul>
<li>Home</li>
<li>Boroughs</li>
<li>Wards</li>
</ul>
</nav>
<aside class="sidebar"></aside>
<section class="mainpage-wrapper">
<!-- Dynamic page part - I recommend using a separate template that will be included here -->
</section>
</body>
</html>
This is a basic example using the MySQLi Database Class. I recommend you to use a template engine like smarty to make jobs like this easier. Also consider reading 'Separation of concerns'.

Making Variables Global in PHP?

Need to make $courseInfo and $row global so that they can be used for printing the row details in the header DIV.
Don't have a clue how to do this. Any help would be great.
<?php
// Get Course ID From Link
$ID = mysql_real_escape_string($_REQUEST['ID']);
// Check the Course ID exists
$courseCheck = mysql_query("SELECT * FROM Courses WHERE CourseID = '".$ID."'");
if (mysql_num_rows($courseCheck) == 1) {
$checkMember = mysql_query("SELECT * FROM CourseMembers WHERE CourseID = '".$ID."' AND UserID = '".$_SESSION['UserID']."'");
if (mysql_num_rows($checkMember) == 1) {
?>
<html>
<head>
<!-- Style Sheets -->
<link rel="stylesheet" href="style/reset.css" type="text/css" media=screen />
<link rel="stylesheet" href="style/style.css" type="text/css" media=screen />
</head>
<body>
<?php
if ($_SESSION['LoggedIn'] == 1){
$courseInfo = mysql_query("SELECT * FROM Courses WHERE CourseID = '".$ID."'");
$row = mysql_fetch_assoc($courseInfo);
?>
<div id="container">
<div id="side">
<?php include("lib/sidebar.php"); ?>
</div>
<div id="main">
<div id="mainbox">
<div id="header"><b><?php echo $row['CourseName']; ?></b></div>
<p>Hello world, this is a test.</p>
</div>
</div>
</div>
<div class="clear"></div>
<?php
}
else {
echo "Not logged in.";
}
}
else {
echo "You are not a member of this Course";
}
}
else {
echo "No Course Found";
}
?>
</body>

I think they're already global. "PHP does not have a block-level scope."

You could store them in session variables, similarly to your $_SESSION['LoggedIn']

You could also use php variable $GLOBALS for making your variables visible in all scopes but I would not recommend it for this kind of task. Also, beware - $GLOBALS contains superglobals like $_POST and $_GET, you should keep that in mind, when ie. iterating over it. Furthermore - when you can access $_GET and $_POST in functions, that have smaller scope you still have to use $GLOBALS to access custom ones.
Example for this kind behaviour:
<?php
error_reporting(-1);
$GLOBALS['_customVar'] = 'foobar';
$GLOBALS['_GET']['id'] = 'myId';
function myFnc() {
echo $_customVar;
}
function myFnc2() {
echo $_GET['id'];
}
myFnc();
myFnc2();
?>