Not able to get from date - php

if i enter two different values i am getting the date to_date value in from_date value
$to_date=$_POST['date'];
$from_date=$_POST['date'];
$query="SELECT * FROM reports WHERE date BETWEEN $from_date AND $to_date";
$query_run = mysql_query($query);
$qty= 0;
while ($num = mysql_fetch_assoc ($query_run)) {
$qty += $num['amount'];
}
echo $qty;
what is the right way to do

First of all, use mysqli_* or PDO, because mysql_* is deprecated and closed in PHP 7.
In your code you need to use quotes around $from_date and $to_date.
One more thing, if your start and end date is same than don't know why are you using BETWEEN, you can just simply use =.
Here is the complete example of your code by using MYSQLi Object Oriented:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$to_date = $conn->real_escape_string($_POST['date']);
//$from_date = $conn->real_escape_string($_POST['date']);
$sql = "SELECT * FROM reports WHERE date = '$to_date'";
$result = $conn->query($sql);
$qty = 0;
if ($result->num_rows > 0) {
/* fetch associative array */
while ($row = $result->fetch_assoc()) {
$qty += $row['amount'];
}
echo $qty;
}
else
{
echo "No record found";
}
$conn->close();
?>
Also note that, if this query is just for getting total amount no other use, than you can use your query like:
SELECT SUM(amount) FROM reports WHERE date = '$to_date'
Update:
As per Mr. Magnus suggested, here is the basic example of Prepared Statements.
From the Manual: The user input is automatically quoted, so there
is no risk of a SQL injection attack.
<?php
$sql = "SELECT * FROM reports WHERE date = ?";
$stmt = $conn->prepare($sql);
if ($stmt->execute(array($_POST['date']))) {
while ($row = $stmt->fetch()) {
// your stuff
}
}
?>

Related

How to use ? in URL?

I am trying to figure out a way to have one PHP page to display all of my blog post but have the URL decide what post is requested from that database. Something kind of like this: localhost/bolg/posts.php?pid=1 In my database I have it set up to where each post has an ID associated with it. So what I want is something that put the pid=1 and put it in the MySQL code. Here is the PHP code of the post.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, title, content, date FROM posts where id =3";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<h1> ". $row["title"]. "</h1>". $row["content"]. "" . $row["date"] . "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
Assuming you enter example.com?pid=10 in the browser address bar, you can capture that variable pid using the $_GET (docs) array which PHP automatically fills for you when a page is called with a querystring.
Using your existing code as a start point you can
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test";
if (isset($_GET['pid'])) {
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
$sql = "SELECT id, title, content, date FROM posts where id = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param('i', $_GET['pid']);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows > 0) {
// output data of each row
// while looop is not necessary, you are only returning one row
$row = $result->fetch_assoc();
echo "<h1> ". $row["title"]. "</h1>". $row["content"]. "" . $row["date"] . "<br>";
}
$conn->close();
} else {
echo "0 results";
}
Notice I took the liberty of amending your database access code to use prepared and parameterised query and binding the values to avoid SQL Injection Attack. You should always use this technique in the future

mysql result into php array

I'm trying to convert the result that i'm getting from mysql to a php array
can anyone helps me
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "women";
$conn = new mysqli($servername, $username, $password, $dbname);
$id=$_GET['id'];
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT DAY(ADDDATE(`dateDebutC`, `dureeC`)) AS MONTHS,
DAY(ADDDATE(ADDDATE(`dateDebutC`, `dureeC`),`dureeR`))AS DAYS
FROM normalW
where id = '$id'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
foreach($new_array as $array){
echo $row['DAYS'].'<br />';
echo $row['MONTHS'].'<br />';
}
} else {
echo "0 results";
}
$conn->close();
?>
Problem solved Thank you guys
To answer your question you must first declare the new array
$new_array = array();
Then loop through your query results to populated the array
while ($row = $result->fetch()) {
$new_array[] = $row;
}
But as one of the comments mentioned you really should be using prepared statements to protect yourself from sql injection.
$stmt = $mysqli->prepare("SELECT DAY(ADDDATE(`dateDebutC`, `dureeC`)) AS MONTHS, DAY(ADDDATE(ADDDATE(`dateDebutC`, `dureeC`),`dureeR`)) AS DAYS FROM normalW where id = ?");
/* bind parameters i means integer type */
$stmt->bind_param("i", $id);
$stmt->execute();
$new_array = array();
while($row = $stmt->fetch()) {
$new_array[] = $row;
}

How can I stop this from looping?

I am trying to echo the data once in one field. However it is looping and i'm not sure what to change to make it echo once. Does anyone know how? Here is the code:
<?php
$email = $_POST['email'];
$servername = "localhost";
$username = "root";
$password = "";
$dbName = "users";
//Make Connection
$conn = new mysqli($servername, $username, $password, $dbName);
//Check Connection
if(!$conn){
die("Connection Failed. ". mysqli_connect_error());
}
$sql = "SELECT `profilepicurl` FROM users WHERE `email`='".$email."'";
$result = mysqli_query($conn ,$sql);
if(mysqli_num_rows($result) > 0){
//show data for each row
while($row = mysqli_fetch_assoc($result)){
echo $row['profilepicurl'];
}
}
?>
Thanks!
This is quite simple!
Change while($row = mysqli_fetch_assoc($result)){ to $row = mysqli_fetch_assoc($result){
Remove the while() loop and the braces:
if ( mysqli_num_rows($result) > 0 ) {
//show data for each row
$row = mysqli_fetch_assoc($result);
echo $row['profilepicurl'];
}
The correct way to stop a loop is using break:
if(mysqli_num_rows($result) > 0){
//show data for each row
while($row = mysqli_fetch_assoc($result)){
echo $row['profilepicurl'];
break;
}
}
Although, if you just need 1 value, you can remove the while loop and use only:
$row = mysqli_fetch_assoc($result);
echo $row['profilepicurl'];
Notes:
Your script is unsafe due to the possibility of sql injection, make sure you read how can i prevent sql injection in php.

Adding different values together from same table

I have a table. In that table, there is are two fields called to and amount. I need to display the sum of amount of all rows where to value is equal to a particular value. (Say 34). How to achieve this?
Code I have done so far
$result = mysql_query("SELECT * FROM transactions WHERE to = '34'")or die(mysql_error());
while($row = mysql_fetch_array( $result )) { echo $row['amount']; } ?>
The above code gives the individual amount value of each row. But what I want is the sum of these values.
The Database
Use SUM to add all the amounts and echo it
$result = mysql_query("SELECT SUM(amount) as amounts FROM transactions WHERE to = '34'")or die(mysql_error());
while($row = mysql_fetch_array( $result )) { echo $row['amounts']; } ?>
I suggest you to use mysqli_* or PDO because mysql_* is deprecated and not available in PHP 7.
Here is the complete example of your code by using MYSQLi Object Oriented:
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT SUM(amount) as amounts FROM transactions WHERE to = 34";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo $row['amounts']. "<br>";
}
}
else
{
echo "0 results";
}
$conn->close();
?>

extracting an array from a database in php

im currently trying to extract a table from my database (articles) and the table article and put it in an array but im not sure weather or not it wokred because i dont know how to print an array. i was following this link.
http://phpscriptarray.com/php-arrays-tutorials-tour/how-to-extract-mysql-database-data-into-php-array-variable.php
<?php
$servername = "localhost";
$username = "username";
$password = "password";
// create connection
$conn = new mysqli($servername, $username, $password);
// check connection
if ($conn->connect_error){
die("connection failed: " . $conn->connect_error);
}
// connect to DB
$db_selected = mysqli_select_db('article', $conn);
if (!$db_selected){
die("can't use article : " .mysqli_error());
}
// extract databases table to PHP array
$query = "SELECT * FROM `articles`";
$result = mysqli_query($query);
$number = mysql_numrows($result);
$article_array = array();
$x = 0
while($x < $number)
{
$row = mysqli_fetch_array($result);
$artic = $row['name'];
$amount = $row['quantity'];
$article_array[$artic] = $amount;
$x++;
}
echo count($article_array);
//echo "hello";
<?
even the echo hello wont work and im not sure if i was supposed to put a name and quantity in:
$artic = $row['name'];
$amount = $row['quantity'];
You are mixing object oriented with procedural style. Your query and loop should look like this:
$query = "SELECT * FROM `articles`";
$result = $conn->query($query);
$article_array = array();
while($row = $result->fetch_array(MYSQLI_ASSOC)){
$artic = $row['name'];
$amount = $row['quantity'];
$article_array[$artic] = $amount;
}
http://php.net/manual/en/mysqli.query.php
Also your PHP closing tag is faulty - should be ?> or omitted.

Categories