Need Help. I tried to show reader comments on my page. The comments are saved in a database (MySQL). I used printf(String, args1,args2) and put some css style on it. Strangely, the css works on the first comment only.
if ($conn = mysqli_connect("$servername", "$username", "$password", "$dbname")){
$sql = "SELECT * FROM kommentare ORDER BY datum DESC";
$ergebnis = mysqli_query($conn, $sql);
while ($zeile = mysqli_fetch_object($ergebnis)){
**$format = "<p><span id='ueberschrift'>%s<span/> <span id='writer'><a href='mailto:%s'>%s<a/> schrieb am:%s<span/><p/>
<p id='kommentare'>%s<p/><hr/>";
printf($format,
htmlspecialchars($zeile->ueberschrift),
urlencode($zeile->email),
htmlspecialchars($zeile->name),
htmlspecialchars(date("d.m.Y, H:i", $zeile->datum)),
nl2br(htmlspecialchars($zeile->kommentar))
);**
}
} else {
echo "Fehler: ". mysqli_connect_error(). "!";
}
#writer{
font-weight: normal;
float:right;
}
#ueberschrift {
font-weight: bold;
font-size: 14px;
}
float:right only works on the first comment (last row from database)
what have I done wrong? Here's an image of the page.
Try using
<span class ='ueberschrift'
<span class ='writer'
NOT
<span id ='ueberschrift'
<span id='writer'
Each id should be unique and only appear once per html document. Class can appear multiple times.
CSS would be:
.writer{
font-weight: normal;
float:right;
}
.ueberschrift {
font-weight: bold;
font-size: 14px;
}
https://css-tricks.com/the-difference-between-id-and-class/
Check your html closing tag, all your html closing tag is wrong.
Slash / is should be put after < so its like </tag>, except self-closing tag like <br /> , <hr /> , etc.
<span/> should be </span>
<a/> should be </a>
<p/> sholud be </p>
And here the completed of your code
if ($conn = mysqli_connect("$servername", "$username", "$password", "$dbname")){
$sql = "SELECT * FROM kommentare ORDER BY datum DESC";
$ergebnis = mysqli_query($conn, $sql);
while ($zeile = mysqli_fetch_object($ergebnis)){
**$format = "<p><span id='ueberschrift'>%s</span> <span id='writer'><a href='mailto:%s'>%s</a> schrieb am:%s</span></p>
<p id='kommentare'>%s</p><hr />";
printf($format,
htmlspecialchars($zeile->ueberschrift),
urlencode($zeile->email),
htmlspecialchars($zeile->name),
htmlspecialchars(date("d.m.Y, H:i", $zeile->datum)),
nl2br(htmlspecialchars($zeile->kommentar))
);**
}
} else {
echo "Fehler: ". mysqli_connect_error(). "!";
}
it might help you https://www.w3.org/TR/html5/syntax.html#end-tags
Related
This question already has answers here:
SELECT COUNT(*) AS count - How to use this count
(5 answers)
Closed 2 years ago.
I am sorry if this is a noob question, but I've been searching all over the internet for an answer and could find nothing that could solve my issue. Anyways, I've taken a look at the php documentation on mysqli_num_rows() (which is https://www.php.net/manual/en/mysqli-result.num-rows.php) since I am trying to find the amount of rows in a column. My table looks like this:
id | follower | followee
1 Xp10d3 IiBlurBeriI
2 IiBlurBeriI Xp10d3
In id number 1, the table shows that IiBlurBeriI has a follower of Xp10d3, and in id number 2 the table shows that Xp10d3 has a follower of IiBlurBeriI. I am trying to get all the subscribers where the username is equal to the profile that is being viewed. Anyways, I used the mysqli_num_rows() method to try and execute this but obviously it doesn't work. I don't get any MySQL errors whatsoever, but when viewing the amount of followers it is blank like this:
Username
followers.
following.
But I want it to look like this:
Username
5 followers.
2 following.
The rest of the MySQL that I used to view the profile worked fine; it was just the follower/following system that I had an issue with. My code is below:
<?php
session_start();
$servername = "localhost"; // Host name
$user = "xxxx"; // Mysql username
$pass = "xxxx"; // Mysql password
$dbname = "xxxx"; // Database name
$tbl_name = "forum_question"; // Table name
// Connect to server and select databse.
$conn = new mysqli($servername, $user, $pass, $dbname);
$userGet = $_GET['username'];
$userGetSQL = "SELECT USERNAME FROM data WHERE USERNAME='".$userGet."'";
$result = $conn->query($userGetSQL);
$userRow = $result->fetch_assoc();
$pfp = "SELECT PFP FROM data WHERE USERNAME = '".$_GET['username']."'";
$pfpresult = $conn->query($pfp);
$pfprow = $pfpresult->fetch_assoc();
$rank = "SELECT LEVEL FROM data WHERE USERNAME = '".$_GET['username']."'";
$rresult = $conn->query($rank);
$followers = "SELECT * FROM subscribers WHERE follower = '".$_GET['username']."'";
$fresult = $conn->query($followers);
$fcnt = $fresult->num_rows;
//echo "FOR TESTING PURPOSES! Followers query: " . $followers . ". Result: " . $fresult . ". num_rows: " . $fcnt . ".";
$following = "SELECT * FROM subscribers WHERE followee = '".$_GET['username']."'";
$ffresult = $conn->query($following);
$ffcnt = $ffresult->num_rows;
//echo "FOR TESTING PURPOSES! Following query: " . $following . ". Result: " . $ffresult . ". num_rows: " . $ffcnt. ".";
$desc = "SELECT DESCRIPTON FROM data WHERE USERNAME = '".$_GET['username']."'";
$descresult = $conn->query($desc);
$descRow = $descresult->fetch_assoc();
if (!isset($_SESSION['username']) && empty($_SESSION['username'])) {
echo 'You are not logged in! Go home to login!';
} else {
?>
<!DOCTYPE HTML>
<html>
<head>
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css">
<style>
body {
text-align: center;
font-family: sans-serif;
}
.card {
box-shadow: 0 4px 8px 0 rgba(0, 0, 0, 0.2);
max-width: 300px;
margin: auto;
text-align: center;
}
.title {
color: grey;
font-size: 18px;
}
.msg{
border: none;
outline: 0;
display: inline-block;
padding: 8px;
color: white;
background-color: #000;
text-align: center;
cursor: pointer;
width: 100%;
font-size: 18px;
}
a {
text-decoration: none;
font-size: 22px;
color: black;
}
.msg:hover, a:hover {
opacity: 0.7;
}
</style>
</head>
<body>
<button type="button" style="cursor:pointer">
Home
</button>
<br />
<?php
$check = mysqli_query($conn, "SELECT * FROM subscribers WHERE follower = '".$_SESSION['username']."' AND followee = '".$_GET['username']."'");
if (mysqli_num_rows($check) > 0) {
?>
<button type="button" style="cursor:pointer">
<a href='unfollow.php?username=<?php echo $userGet ?>'>Unfollow</a>
</button>
<?php
} else {
?>
<button type="button" style="cursor:pointer">
<a href='follow.php?username=<?php echo $userGet ?>'>Follow</a>
</button>
<?php
}
?>
<div class="card">
<?php
if ($pfprow['PFP'] == none.png) {
?>
<img src="<?php echo $pfprow['PFP'] ?>" id="pfp" style="width:100%" />
<?php
} else {
?>
<img src="pfp/<?php echo $pfprow['PFP'] ?>" id="pfp" style="width:100%" />
<?php
}
?>
<h1 id="username"><?php echo $_GET['username'] ?></h2>
<p id="title"><?php echo $rrow['LEVEL'] ?></p>
<p><strong><?php echo $fcount ?></strong> followers.</p>
<p><strong><?php echo $ffcount ?></strong> following.</p>
<div class="desc">
<?php
echo $descRow['DESCRIPTON'];
?>
</div>
<p><button class="msg"><i class="fa fa-envelope-o" aria-hidden="true"></i> Send Message</button></p>
</div>
</body>
</html>
<?php
}
exit();
?>
On a side note, yes I know my code is vulnerable to SQL injection. I am trying to learn how to use prepared statements (I am a new to PHP but have used HTML+CSS for a couple of years) so that I can change my code later on. I don't believe I have any INSERT statements so this should be fine.
Setting aside the SQL injection vulnerabilities that you already mentioned, if you want to know how many rows have, for example, follower = 'some_follower', do a COUNT instead:
SELECT COUNT(1) FROM subscribers WHERE follower = 'some_follower'
Because if you do a SELECT * FROM subscribers WHERE follower = 'some_follower' you are asking the DB to return all the results, while you just want to know the COUNT.
Example in PHP:
$result = $conn->query("SELECT COUNT(1) FROM subscribers WHERE follower = 'some_follower'");
$row = $result->fetch_row();
echo '#: ', $row[0];
I need to have a website that can echo out random names from a database, then fade them in and out smoothly. the code that i am using currently is refreshing the whole page and it makes the page flicker and the name change is not smooth.
<!doctype html>
<html><head><meta http-equiv=REFRESH CONTENT=15;url=index.php>
<title>Student Display</title></head>
<body>
<img src="U" width="499" height="128" alt=""/>
<center>
<span style="font-family: 'Lucida Grande', 'Lucida Sans Unicode', 'Lucida Sans', 'DejaVu Sans', Verdana, sans-serif; font-size: 72px; color: #013b6a;">
<p>
<p>
<p>
<?php
//delayed refresh
$db_host = "localhost:/test";
$db_user = "test";
$db_pwd = "password";
$database = "test";
$table = "Sheet1";
if (!mysql_connect($db_host, $db_user, $db_pwd))
die("Can't connect to database");
if (!mysql_select_db($database))
die("Can't select database");
// sending query
$result = mysql_query("SELECT * FROM {$table} ORDER BY RAND() LIMIT 0,1");
if (!$result) {
die("Query to show fields from table failed");
}
// Display the name and date
while($row = mysql_fetch_assoc($result))
{
echo $row['Firstname'] . " ";
echo " " . $row['Surname'] . " ";
echo "<br>";
echo " " . $row['Year'] . " ";
}
?>
</span>
</center>
</body></html>
You'll need to split the code that queries the database with the code that renders the page. You can use AJAX techniques to request a new name from the script that queries the database without a page reload, then use jQuery animation techniques to fade out the old value and fade in the new value.
I used tag inside php tag. When I run the code it appears as a link. But its not work as a link.It's mean that link is not clickable.
$data1 = mysql_query("SELECT * FROM image_upload INNER JOIN user_table
ON image_upload.user_id=user_table.user_id WHERE flag=1 ORDER BY timestamp DESC;")
or die(mysql_error());
//Puts it into an array
while($info = mysql_fetch_array($data1)){
//Outputs the image and other data
echo
'<div class="test" id='.$info['ID'].'>';
echo'<div class="username">'.$info['user_name'].'</div>';
echo'<div class="imagedisplay"><img src="uploads/'.$info['image'].'" width="230px" height=auto border="1px solid #"
-webkit-border-radius=" 20px"
-moz-border-radius= "20px"
border-radius="20px"
></div>';
echo'</div>';
}
?>
my css code is
div.test{
margin: 5px;
border: 1px solid #ffffff;
border-radius:8px;
height: auto;
width:250px;
float: left;
text-align: center;
background-color:#ffffff;
}
Can any one help me.
You have forgot to close tag on line #11
CODE
$data1 = mysql_query("SELECT * FROM image_upload INNER JOIN user_table
ON image_upload.user_id=user_table.user_id WHERE flag=1 ORDER BY timestamp DESC; ") or die(mysql_error());
//Puts it into an array
while($info = mysql_fetch_array($data1)){
//Outputs the image and other data
echo '<div class="test" id='.$info['ID'].'>';
echo '<div class="username">'.$info['user_name'].'</div>';
echo '<div class="imagedisplay"><img src="uploads/'.$info['image'].'" style="width:230px; height:auto; border:1px solid #000; border-radius:20px;"></div>';
echo '</div>';
}
?>
try following
while($info = mysql_fetch_array($data1)){
echo " <div class=\"username\"><a href=\"profile.php\" class=\"button\" title=\"\">".$info['user_name']."</div>";
}
It is probably due to the arrangement of your quotes. Try this clean version:
<?php
echo "<div class='username'>";
echo "<a href='profile.php' class='button' title=''>$info['user_name']</a>";
echo "</div>";
?>
echo '<div class="username">'.$info['user_name'].'</div>';
Try this...
Link should be close properly
'<div class="username">'.''.$info['user_name'].'</div>'.
I got this PHP code to display comments from database:
<?php
$con = mysql_connect("localhost","root","");
if (!$con){
die("cannot connect: " . mysql_error());
}
mysql_select_db("strek", $con);
$sql="SELECT * FROM comments";
$result=mysql_query($sql, $con);
while($row=mysql_fetch_array($result)){
$name=$row['name'];
$comment=$row['comment'];
echo $name. "<br>" .$comment;
echo"<br>";
}
?>
I'd like both name and comment to be aligned in the center and I'd like name to be BOLD.
Please help me how to do that.
"I'd like both name and comment to be aligned in the center and I'd like name to be BOLD. Please help me how to do that."
Since the OP already has double quotes in echo $name. "<br>" .$comment; in what I think is already working and needs to have it centered and in bold, the use of my code below is perfectly valid.
Consider the following:
echo "<div align='center'><b>" . $name. "<br>" .$comment . "</b></div>";
A working example:
<?php
$name = "John";
$comment = "This is a comment";
echo "<div align='center'><b>" . $name. "<br>" .$comment . "</b></div>";
?>
You could also make use of a stylesheet with either a DIV ID, and/or a CLASS.
For example:
echo "<div align='center' id='names_comments' class='centered bold_text'>" . $name. "<br>" .$comment . "</div>";
Then using CSS:
#names_comments {
font-family:Georgia;
font-size:12pt;
}
.centered bold_text {
text-align:center;
font-weight:bold;
}
Note: align='center' could be omitted, but it won't hurt to keep it.
while($row=mysql_fetch_array($result)){
<span style="display: block;">
<span style="font-weight: bold; width: 100px; display: inline-block;">
<?php echo htmlspecialchars($result['name'], ENT_QUOTES);?>
</span>
<span style="text-align: center; width: 200px; display: inline-block;">
<?php echo htmlspecialchars($result['comment'], ENT_QUOTES);?>
</span>
</span>
}
Function htmlspecialchars - convert special characters to HTML entities. With flag ENT_QUOTES escape quotes in order to avoid broke HTML code.
Try this.
while($row=mysql_fetch_array($result)){
<span style="text-align:center">
<b>
<?= $row['name']?>
</b>
<?= $row['comment']?>
</span>
}
I do not even know how to google this one...imagine it is something stupid...but any help would be great...
passing a variable when submitting a form...when echo the $_POST it is good...but when i put it into a php variable it is duplicated
<?
//list transactions by month
if ($_POST['m']=="yes"){
$table = $_POST['month'];
$_SESSION['table']=$_POST['month'];
$conn = mysql_connect("localhost", "mss_records", "3205") or die(mysql_error());
mysql_select_db('store_records', $conn) or die(mysql_error());
$result = mysql_query("SELECT * FROM $table");
while($row = mysql_fetch_array($result))
{
$id=$row['transaction'];
$date=$row['date'];
$time=$row['time'];
$paid=$row['payment'];
$total=$row['total'];
echo '<style type="text/css">
<!--
.list {
font-family: Georgia, "Times New Roman", Times, serif;
font-size: 12px;
color: #000;
padding: 2px;
border: 2px solid #009;
}
.view {
width: 100px;
}
-->
</style>
<div class="list">
<p><span style="color: #900">Transaction #</span>'.$id.'
<span style="color: #900">Date:</span>'.$date.'
<span style="color: #900">Time:</span>'.$time.'<span style="color: #900">
Paid By:</span>'.$paid.' <span style="color: #900">Total:</span>'
.number_format($total, 2).'
<form name="form1" method="post" action="find.php">
<label>
<input type="submit" name="view" id="view" value="'.$id.'">
</label>
</form>
</p>
</div>
<p></p>';
}
}
//view transaction after viewing by month
if (isset($_POST['view'])){
$conn = mysql_connect("localhost", "mss_records", "3205") or die(mysql_error());
mysql_select_db('store_records', $conn) or die(mysql_error());
$table = $_SESSION['table'];
echo "this is the number ".$_POST['view'];
$post=$_POST['view'];
echo "this is the post ".$post;
$result = mysql_query("SELECT * FROM $table WHERE transaction = '$post'")
or die(mysql_error());
while($row = mysql_fetch_array($result))
{
$items=$row['transaction'];
}
echo $items;
}
?>
after the user goes through the first selection and on the second window the output is...
this is the number 46this is the $post 4646
Your query is mysql_query("SELECT * FROM $table WHERE transaction = '$post'"). Therefore the value of $items=$row['transaction']; is also going to be 46. When you echo out everything without line breaks, it smashes everything together.
POST is not duplicating anything, you are just echoing $items directly after it.
Try this:
$table = $_SESSION['table'];
echo "this is the number ".$_POST['view']."<br /> \n";
$post=$_POST['view'];
echo "this is the post ".$post."<br /> \n";
$result = mysql_query("SELECT * FROM $table WHERE transaction = '$post'")
or die(mysql_error());
while($row = mysql_fetch_array($result))
{
$items=$row['transaction'];
}
echo $items;
}