Please i have been trying to make search in php pdo but is not working when i search it will only show the current title i searched for.
I have been using MYSQL but is showing error at the top of my page but is searching very well like i wanted it to be please can someone convert this Mysql to PDO for me or MYSQLI but i prefer PDO because i understand it more
here is my PHP to get search using mysql
<?php require_once("_inc/dbcontroller.php"); $db_handle = new DBController();?>
<?php
if(isset($_GET['q'])){
$button = mysql_real_escape_string($_GET ['t']);
$search = mysql_real_escape_string($_GET ['q']);
$construct = "";
if(!$search)
echo 'The Query String field is required.';
else{
if(strlen($search)<=1)
echo 'The Query String is too short.';
else{
echo "You searched for <b>$search</b> <hr size='1'></br>";
mysql_select_db("your database name");
$search_exploded = explode (" ", $search);
foreach($search_exploded as $search_each){
$x =0; $x++;
if($x==1){$construct .="title LIKE '%$search_each%'";}
else {
$construct .="AND blog LIKE '%$search_each%' AND tags LIKE '%$search_each%'";
}
}
$construct ="SELECT * FROM blogtd WHERE $construct AND action = 'active'";
$run = mysql_query($construct);
$foundnum = mysql_num_rows($run);
if($foundnum==0)
echo "Sorry, there are no matching result for";
else{
echo "We've found match";
while($runrows = mysql_fetch_assoc($run)){
$title = $runrows ['title'];
$body = mysql_real_escape_string($runrows ['blog']);
?>
<div>
<?php
echo $title."<br/>";
echo $body;
?></div>
<?php
}
}
}
}
}
?>
Here is my db-controller and i saved it in a different folder _inc/dbcontroller.php
<?php
class DBController {
//include('Define.php');
private $host = "localhost";
private $user = "root";
private $password = "12345";
private $database = "ServerDBsclab";
function __construct() {
$db_conn = $this->connectDB();
if(!empty($db_conn)) {
$this->selectDB($db_conn);
}
}
function connectDB() {
$db_conn = mysql_connect($this->host,$this->user,$this->password);
return $db_conn;
}
function selectDB($db_conn) {
mysql_select_db($this->database,$db_conn);
}
function runQuery($query) {
$result = mysql_query($query);
while($row=mysql_fetch_assoc($result)) {
$resultset[] = $row;
}
if(!empty($resultset))
return $resultset;
}
function numRows($query) {
$result = mysql_query($query);
$rowcount = mysql_num_rows($result);
return $rowcount;
}
function updateQuery($query) {
$result = mysql_query($query);
if (!$result) {
die('Invalid query: ' . mysql_error());
} else {
return $result;
}
}
function insertQuery($query) {
$result = mysql_query($query);
if (!$result) {
die('Invalid query: ' . mysql_error());
} else {
return $result;
}
}
function deleteQuery($query) {
$result = mysql_query($query);
if (!$result) {
die('Invalid query: ' . mysql_error());
} else {
return $result;
}
}
}
$db_conn = null;
?>
Here is my php pdo that i tried to use but is not working please help me with this so it will work like the above code
<?php
if(isset($_GET['postid'])){
echo '<h5 style="color: #2f2f2f;">Search</h5><br/>';
$matchpost = $blog_title;
$button = mysql_real_escape_string($_GET['postid']);
$q = $blog_title;
$search_output = "";
// Prepare statement
$db_conn = new PDO('mysql:host='.DB_HOST.';dbname='.DB_NAME,DB_USERNAME,DB_PASSWORD);
$db_conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$search = $db_conn->prepare("SELECT * FROM `blogtd` WHERE `blog` LIKE ?");
$search->execute(array("%$q%"));
foreach($search as $s){
$id = $s["BID"];
$title = $s["blog"];
$body = substr($s["body"], 0, 50);
$search_output .= '<article>
<header><a href="'.$id.'">
<h5>'.$title.'</h5>
</a></header>
<p>'.$body.'...</p></article>';
}
echo $search_output;
}
?>
Its wat everyone is saying. Keep everything by 1 extension. If u use PDO, do everything in PDO. If u use mysqli. Do everything in mysqli. Never use mysql. (we live in 2016 now).
I'm only looking at your PDO code. It seems your missing some code how do you want to get your mysql data. Your don't fetch anything. I created a similar script for you that works a little different. Including my PDO class. Test it in your own server and check it that is working.
_inc/dbcontroller.php
<?php
class DBController{
private $conn;
public $error;
private $stmt;
public function __construct(){
$driver = 'mysql';
$host = 'localhost';
$port = 3306;
$user = 'user';
$pass = 'pass';
$db = 'mydb';
$dsn = $driver.':host='.$host.';port='.$port.';dbname='.$db;
// Set options
$options = array(
PDO::ATTR_PERSISTENT => true,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
);
try{
$this->conn = new PDO($dsn, $user, $pass, $options);
}
catch(PDOException $e){
$this->error = $e->getMessage();
}
}
public function error(){
return $this->stmt->errorInfo();
}
public function errorInfo(){
return $this->stmt->errorInfo();
}
public function prepare($query){
$this->stmt = $this->conn->prepare($query);
}
public function bind($param, $value, $type = null){
if(is_null($type)){
switch(true){
case is_int($value): $type = PDO::PARAM_INT; break;
case is_bool($value): $type = PDO::PARAM_BOOL; break;
case is_null($value): $type = PDO::PARAM_NULL; break;
default: $type = PDO::PARAM_STR;
}
}
$this->stmt->bindValue($param, $value, $type);
}
public function execute(){
return $this->stmt->execute();
}
public function rowCount(){
return $this->stmt->rowCount();
}
public function getOne(){
return $this->stmt->fetch(PDO::FETCH_OBJ);
}
public function getAll(){
return $this->stmt->fetchAll(PDO::FETCH_OBJ);
}
public function getAllObject(){
$result = new stdClass;
$count = 0;
while($row = $this->stmt->fetchObject()){
$count++;
$result->$count = $row;
}
return $result;
}
public function getLastInsertId(){
return $this->conn->lastInsertId();
}
public function free(){
$this->stmt = null;
}
}
Your call file
<?php
$search = filter_input(INPUT_GET, 'q');
$output;
if(!empty($search)){
require_once("_inc/dbcontroller.php");
$db_handle = new DBController();
$db_handle->prepare('SELECT * FROM blogtd WHERE blog LIKE :search');
$db_handle->bind(':search', '%'.$search.'%');
$db_handle->execute();
$output = $db_handle->getAll(); // This is the thing i'm missing in your script.
$db_handle->free();
}
if(!is_null($output)):
$html = '';
foreach($output as $i => $row){
$id = $row->BID;
$title = $row->blog;
$body = substr($row->body, 0, 50);
$html .= '
<article>
<header>
<h5>'.$title.'</h5>
</header>
<p>'.$body.'</p>
</article>';
}
echo $html;
else: ?>
<form id='searchform' method="GET" target="#">
<input type='text' name='q' value=''/>
<input type='submit' value='search'/>
</form><?php
endif;
Related
I have trouble understanding OOP...
Lets say I wanted to create a page that adds a new user to a database and wanted to work with classes.
For that scenario i'd create a form with a function.
There are forms for each CRUD functionality - renderHTMLFormAddUser() :
...
<form action="" method="POST" >;
<label>Shopname*</label><br>;
<input type="text" name="shopname" class="input_wide" required><br>;
<label>Username*</label><br>;
<input type="text" name="username" class="input_wide" required><br>;
<input type="submit" value="add" name="submit" >
...
a DataBaseConnector class:
class DataBaseConnector
{
protected $con;
public function __construct()
{
$this->con=mysqli_connect('mariaDB','root','123456','produktmuster');
}
public function getConnection()
{
return $this->con;
}
public function __destruct()
{
$this->con->close();
}
}
and a QueryDatabase class that requires the DataBaseConnector connection as a transfer parameter in its constructor:
class QueryDatabase
{
private $con;
public function __construct(DataBaseConnector $con)
{
$this->con = $con;
}
public function addUser($shopname,$username)
{
$sql = "INSERT INTO `brandportal_manager`( `Shopname`, `Username`) VALUES ($shopname,$username)";
$result = mysqli_query($this->con->connect(), $sql);
return $result;
}
To get the $_POST values in the QueryDatabase add User function, i'd need to declare variables like so:
$shopname= $_POST['shopname'];
$username= $_POST['username'];
But is there a better way to do so?
Like maybe renderHTMLFormAddUser()->'shopname'.
Im just trying to understand what is the cleanest way to code in this scenario.
Because using a function to render the forms the adduser.php would look something like this:
$createuserform=new Forms();
$createuserform->renderHTMLFormAddUser();
$shopname= $_POST['shopname']; // this is what confuses me, you'd have to look into the
$username= $_POST['username']; // renderHTMLFormAddUser() function to see the code
$db = new DataBaseConnector();
$query= new QueryDatabase();
$query->addUser($shopname,$username)
Should I just create an own page that posts the form to a page that then uses the data?
In the beginning i simply used no transfer parameters with the addUser function, and it started with declaring the $_POSTs:
$shopname= $_POST['shopname'];
$username= $_POST['username'];
$sql = "INSERT INTO `brandportal_manager`( `Shopname`, `Username`) VALUES ($shopname,$username)";
...
But I was told it was unsafe to do so - in that regard, I sanitize my data but for the sake of easier example i stripped away all the unnecessary code.
Should I take a completely different approach, just would like to know the cleanest way to add form input data into a database.
Well, there are many approaches to do this. You can also do my OOPs approach:
Make a define.php to set the constant variables & database connection variables:
define.php
define("DB_HOSTNAME", "localhost");
define("DB_USERNAME", "your_username");
define("DB_PASSWORD", "your_password");
define("DB_NAME", "your_databasename");
define("custom_variable", "custom_variable_value");
define("baseurl", "https://localhost/myproject/");
Then, make dbase.php, to create a dynamic SQL function:
You don't need to change this file. You just need to call this class. This file work as the core file of the system.
Dbase.php
<?php session_start();
date_default_timezone_set("Asia/Karachi");
require_once("define.php");
Class Dbase
{
private $Host = DB_HOSTNAME;
private $UserName = DB_USERNAME;
private $Password = DB_PASSWORD;
private $DBname = DB_NAME;
private $connDb = false;
public $LastQuery = null;
public $AffectedRows = 0;
public $InsertKey = array();
public $InsertValues = array();
public $UpdateSets = array();
public $id;
public function __construct()
{
$this->connect();
}
protected function connect()
{
$this->connDb = #mysqli_connect($this->Host, $this->UserName, $this->Password);
if (!($this->connDb)) {
die('Database Connection Failed.<br>' . mysql_error($this->connDb));
} else {
$Select = mysqli_select_db($this->connDb,$this->DBname);
if (!$Select) {
die('Database Selection Failed.<br>' . mysql_error($this->connDb));
}
}
mysqli_set_charset($this->connDb,'utf8');
}
public function close()
{
if (!mysqli_close($this->connDb)) {
die('Closing Connection Failed.<br>');
}
}
public function escape($value)
{
if (function_exists('mysql_real_escape_string')) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
$value = mysql_real_escape_string($value);
} else {
if (!get_magic_quotes_gpc()) {
$value = addcslashes($value);
}
}
return $value;
}
public function query($sql)
{
$query = $sql;
$result = mysqli_query($this->connDb,$sql);
// $this->displayQuery($result);
return $result;
}
public function displayQuery($result)
{
if (!$result) {
$output = 'Database Query Failed' . mysql_error($this->connDb) . '<br>';
$output .= 'Last Query was' . $this->LastQuery;
die($output);
} else {
$this->AffectedRows = mysqli_affected_rows($this->connDb);
}
}
public function fetchAll($sql)
{
$result = $this->query($sql);
$output = array();
while ($row = mysqli_fetch_assoc($result)) {
$output[] = $row;
}
// mysql_free_result($result);
return $output;
}
public function fetchOne($sql)
{
$output = $this->fetchAll($sql);
return $output;
// return array_shift($output);
}
public function prepareInsert($array = null)
{
if (!empty($array)) {
foreach ($array as $key => $value) {
$this->InsertKey[] = $key;
$this->InsertValues[] = $this->escape($value);
}
}
}
public function insert($table = null)
{
if (!empty($table) && !empty($this->InsertKey) && !empty($this->InsertValues)) {
$sql = "insert into '{$table}' ('";
$sql .= implode("','", $this->InsertKey);
$sql .= "') values ('";
$sql .= implode("','", $this->InsertValues);
$sql .= "')";
if ($this->query($sql)) {
$this->id = $this->lastId();
return true;
}
return false;
} else {
return false;
}
}
public function prepareUpdate($array = null)
{
if (!empty($array)) {
foreach ($array as $key => $value) {
$this->UpdateSets[] = "`{$key}` = '" . $this->escape($value) . "'";
}
}
}
public function update($table = null, $id = null, $whereId)
{
if (!empty($table) && !empty($id) && !empty($this->UpdateSets)) {
$sql = "update `{$table}` set";
$sql .= implode(",", $this->UpdateSets);
// $sql.="where id='".$this->escape($id)."'";
$sql .= "where '" . $whereId . "'='" . $this->escape($id) . "'";
return $this->query($sql);
} else {
return false;
}
}
public function lastId()
{
return mysqli_insert_id($this->connDb);
}
public function TotalNumberOfRecords($sql)
{
$result = $this->query($sql);
$output = mysqli_num_rows($result);
return $output;
}
public function GetServerInfo()
{
return mysqli_get_server_info();
}
}
Create a Query.php file. This file work as your model file as in MVC.
Query.php
<?php include "Dbase.php";
Class Query extends Dbase
{
public function __construct()
{
$this->connect();
date_default_timezone_set("Asia/Karachi");
}
public function getData($idlevelOne)
{
$sql = "SELECT * FROM `table` where level_one_id=$idlevelOne ORDER BY `sorting` ASC";
$result = $this->fetchAll($sql);
return $result;
}
/*For Insert & Edit, use this fucntion*/
public function editMember($email, $phone, $address, $city, $country, $zipcode, $id)
{
$sql = "UPDATE `members` SET `email` = '" . $email . "', `phone` = '" . $phone . "', `address` = '" . $address . "'
, `city` = '" . $city . "', `country` = '" . $country . "', `zip_code` = '" . $zipcode . "'
WHERE `id` = '$id'";
$result = $this->query($sql);
return $result;
}
}
Now, you just need to call the Query class in your PHP files to get the data.
<?php
include "Query.php";
$ObjQuery = new Query();
$ObjQuery->getData(1);
Pleassee help. I'm at a loss!! I am creating a blog site where the admin can edit and delete their post. However, when I pass my query:
Fatal error: Uncaught Error: Call to a member function query()
on null in C:\xampp\htdocs\tp02\TP2PHP\Posting.class.php:22
Stack trace:
'#0' C:\xampp\htdocs\tp02\TP2PHP\editardelete.php(15):
Posting->getData('SELECT * FROM b...')
'#1' {main} thrown in
C:\xampp\htdocs\tp02\TP2PHP\Posting.class.php on line 22
Plus a few undefine indexes.
Notice: Undefined index: titulo in C:\xampp\htdocs\tp02\TP2PHP\editardelete.php on line 10
Notice: Undefined index: contenido in C:\xampp\htdocs\tp02\TP2PHP\editardelete.php on line 11
Notice: Undefined property: Posting::$conn in C:\xampp\htdocs\tp02\TP2PHP\Posting.class.php on line 22
My guess is my connection. Please help Thank you
Posting.class.php
<?php
require_once 'conexion.php';
require_once 'BaseDato.class.php';
require_once 'Admin.class.php';
class Posting extends Connectdb {
public $titulo;
public $contenido;
public function __construct($titulo,$contenido) {
$this->titulo = $titulo;
$this->contenido = $contenido;
}
public function getData($query) {
$result = $this->conn->query($query);
if ($result == false) {
return false;
}
$rows = array();
while ($row = $result->fetch_assoc()) {
$rows[] = $row;
}
return $rows;
}
public function execute($query) {
$result = $this->conn->query($query);
if ($result == false) {
echo 'Error: cannot execute the command';
return false;
} else {
return true;
}
}
public function delete($id, $table) {
$query = "DELETE FROM blogtp_1 WHERE id = $id";
$result = $this->conn->query($query);
if ($result == false) {
echo 'Error: cannot delete id ' . $id . ' from table ' . $table;
return false;
} else {
return true;
}
}
/*public function escape_string($value)
{
return $this->conn->real_escape_string($value);
} */
}
?>
AND here is the other page xcalled editardelete.php :
<?php
// including the database connection file
require_once 'conexion.php';
include 'BaseDato.class.php';
include 'Posting.class.php';
//datos de la conexion
$conexion = mysqli_connect(DB_HOST, DB_USER, DB_PASS, DB_NAME);
session_start();
$titulo = $_POST['titulo'];
$contenido = $_POST['contenido'];
$posting = new Posting($titulo,$contenido);
//fetching data in descending order (lastest entry first)
$query = "SELECT * FROM blogtp_1 ORDER BY id DESC";
$result = $posting->getData($query);
//echo '<pre>'; print_r($result); exit;
?>
<html>
<head>
<title>Homepage</title>
</head>
<body>
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>titulo</td>
<td>contenido</td>
</tr>
<?php
foreach ($result as $key => $res) {
//while($res = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>".$res['titulo_del_post']."</td>";
echo "<td>".$res['contenido_del_post']."</td>";
echo "<td>Editar </td>";
}
?>
</table>
</body>
</html>
This is my connection class:
<?php
class Connectdb{
private $host;
private $user;
private $pass;
private $db;
protected function connect(){
$this->host = "localhost";
$this->user = "root";
$this->pass = "";
$this->db = "blog";
$conn = mysqli_connect($this->host, $this->user, $this->pass, $this->db);
return $conn;
}
}
?>
first we have to restructure your code.
Your connection class.
<?php
// error class just incase an error occured when trying to connect
class __errorClass
{
public function __call($meth, $args)
{
echo $meth . '() failed! Database connection error!';
}
}
class Connectdb{
private $host = "localhost";
private $user = "root";
private $pass = "";
private $db = "blog";
public function connect()
{
$conn = mysqli_connect($this->host, $this->user, $this->pass, $this->db);
if ($conn->errorCode == 0)
{
return $conn;
}
else
{
return new __errorClass();
}
}
}
?>
Next in you Posting Class.
<?php
require_once 'conexion.php';
require_once 'BaseDato.class.php';
require_once 'Admin.class.php';
class Posting{
public $titulo;
public $contenido;
private $conn;
public function __construct($titulo,$contenido) {
$this->titulo = $titulo;
$this->contenido = $contenido;
$db = new Connectdb();
$this->conn = $db->connect();
}
public function getData($query)
{
$result = $this->conn->query($query);
if ($result == false) {
return false;
}
$rows = array();
while ($row = $result->fetch_assoc()) {
$rows[] = $row;
}
return $rows;
}
public function execute($query)
{
$result = $this->conn->query($query);
if ($result == false) {
echo 'Error: cannot execute the command';
return false;
} else {
return true;
}
}
public function delete($id, $table)
{
$query = "DELETE FROM blogtp_1 WHERE id = $id";
$result = $this->conn->query($query);
if ($result == false) {
echo 'Error: cannot delete id ' . $id . ' from table ' . $table;
return false;
} else {
return true;
}
}
/*public function escape_string($value)
{
return $this->conn->real_escape_string($value);
} */
}
?>
Finally in your editardelete.php file.
<?php
// should keep session here!
session_start();
include 'BaseDato.class.php';
include 'Posting.class.php';
// for a quick check you can use this function
// would check for titulo in GET, POST and SESSION
function is_set($name)
{
if (isset($_POST[$name]))
{
return $_POST[$name];
}
elseif (isset($_GET[$name]))
{
return $_GET[$name];
}
elseif (isset($_SESSION[$name]))
{
return $_SESSION[$name];
}
else
{
return false;
}
}
// you have to check if titulo and contenido is set
// this would reduce error level to zero!
$result = [];
if ( is_set('titulo') && is_set('contenido'))
{
$titulo = is_set('titulo');
$contenido = is_set('contenido');
$posting = new Posting($titulo,$contenido);
//fetching data in descending order (lastest entry first)
$query = "SELECT * FROM blogtp_1 ORDER BY id DESC";
$result = $posting->getData($query);
//echo '<pre>'; print_r($result); exit;
}
?>
<html>
<head>
<title>Homepage</title>
</head>
<body>
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>titulo</td>
<td>contenido</td>
</tr>
<?php
if (count($result) > 0)
{
foreach ($result as $key => $res) {
echo "<tr>";
echo "<td>".$res['titulo_del_post']."</td>";
echo "<td>".$res['contenido_del_post']."</td>";
echo "<td>Editar </td>";
}
}
?>
</table>
</body>
</html>
I hope this helps. Happy coding vittoria!
So I've been stuck on this for quite a while, surprisingly the update and delete functions work just fine, however I cannot make the CREATE function work properly. Please have a look at it and tell me what I'm doing wrong
<-------------- Entire model for admin panel-------------->>>>>>>> Connection to DB is working fine---------->>>>>>>>>>>
<?php
include_once "Model.php";
class ModelPages extends Model {
public function get($key) {
$sql = "SELECT * from pages where page_key = '$key'";
$row = '';
$page = Null;
foreach ($this->pdo->query($sql) as $row) {
$page = $row;
}
// echo "<pre>";
// var_dump($page);
// exit;
return $page;
}
public function getAll() {
$statement = $this->pdo->prepare("SELECT * from pages Where Id > 3");
$result = $statement->execute();
$pages = array();
if($result) {
$pages = $statement->fetchAll(PDO::FETCH_ASSOC);
}
return $pages;
}
public function updatePage($params=array()) {
if (!is_array($params)) {
return 'Params should be an array';
}
if (isset($params['table'])) {
$tableName = $params['table'];
} else {
$tableName = 'pages';
}
$pageId = isset($params['page_key']) ? $params['page_key'] : null;
$pageTitle = isset($params['page_title']) ? $params['page_title'] : null;
$pageBody = isset($params['page_body']) ? $params['page_body'] : null;
if ($pageId == null) {
return 'No page id provided';
}
$sql = "UPDATE " . $tableName . " SET
title = :title,
body = :body
WHERE page_key = :page_key";
$statement = $this->pdo->prepare($sql);
$statement->bindParam(':title', $pageTitle, PDO::PARAM_STR);
$statement->bindParam(':body', $pageBody, PDO::PARAM_STR);
$statement->bindParam(':page_key', $pageId, PDO::PARAM_INT);
$result = $statement->execute();
return $result;
}
public function deletePage($pageId) {
// build sql
$sql = "DELETE FROM pages WHERE id = " . intval($pageId);
$statement = $this->pdo->prepare($sql);
$result = $statement->execute();
return $result;
}
public function createPage($params=array()){
if (!is_array($params)) {
return 'Params should be an array';
}
if (isset($params['table'])) {
$tableName = $params['table'];
} else {
$tableName = 'pages';
}
$page_key = isset($params['page_key']) ? $params['page_key'] : 'page_key';
$pageTitle = isset($params['page_title']) ? $params['page_title'] : 'page_title';
$pageBody = isset($params['page_body']) ? $params['page_body'] : 'page_body';
$sql = "INSERT INTO " . $tablename ." SET page_key=:page_key, title=:title, body=:body ";
// prepare query for execution
$statement = $this->pdo->prepare($sql);
// bind the parameters
$statement->bindParam(':page_key', $_POST['page_key']);
$statement->bindParam(':title', $_POST['title']);
$statement->bindParam(':body', $_POST['body']);
// specify when this record was inserted to the database
// Execute the query
$result = $statement->execute();
return $result;
}
}
<?php
include 'controllers/controller.php';
include 'models/Model.php';
include 'models/ModelPages.php';
<------------------------ADMIN CONTROller----------------------->>>>>>>>>>>>
class Admin extends Controller {
function __construct() {
// create an instance of ModelPages
$ModelPages = new ModelPages();
if(isset($_POST['page_key'])) {
// TODO: update DB
$tableData['page_body'] = $_POST['body'];
$tableData['table'] = 'pages';
$tableData['page_title'] = $_POST['title'];
$tableData['page_key'] = $_POST['page_key'];
$response = $ModelPages->updatePage($tableData);
if ($response == TRUE) {
header("http://188.166.96.184/workspace/marem/AAAAA/index.php?page=admin&success=true");
}
}
if(isset($_GET['page_key'])) {
// by default we assume that the key_page exists in db
$error = false;
$page = $ModelPages->get($_REQUEST['page_key']);
// if page key does not exist set error to true
if($page === null) {
$error = true;
}
// prepare data for the template
$data = $page;
$data["error"] = $error;
// display
echo $this->render2(array(), 'header.php');
echo $this->render2(array(), 'navbar_admin.php');
echo $this->render2($data, 'admin_update_page.php');
echo $this->render2(array(), 'footer.php');
} else {
// case: delete_page
if(isset($_GET['delete_page'])) {
$response = $ModelPages->deletePage($_GET['delete_page']);
if($response == TRUE) {
header("http://188.166.96.184/workspace/marem/AAAAA/index.php?page=admin&deleted=true");
}
}
}
//Get table name and make connection
if(isset($_POST['submit'])) {
$page_key = $_POST['page_key'];
$page_title = $_POST['title'];
$page_body = $_POST['body'];
$response = $ModelPages->createPage();
if($response=TRUE){
header("http://188.166.96.184/workspace/marem/AAAAA/index.php?page=admin&created=true");
}
}
}
// load all pages from DB
$pages = $ModelPages -> getAll();
// display
echo $this->render2(array(), 'header_admin.php');
echo $this->render2(array(), 'navbar_admin.php');
echo $this->render2(array("pages"=> $pages), 'admin_view.php');
echo $this->render2(array(), 'footer.php');
}
}
?>
Since you have if(isset($_POST['page_key']) on the top:
class Admin extends Controller {
function __construct() {
// create an instance of ModelPages
$ModelPages = new ModelPages();
if(isset($_POST['page_key'])) {
...
if ($response == TRUE) {
header("http://188.166.96.184/workspace/marem/AAAAA/index.php?
}
and it is used to call $response = $ModelPages->updatePage($tableData);
your code never reach the part with good values at the bottom:
if(!isset($_POST['page_key'])) {
...
$response = $ModelPages->createPage($tableData);
So my simple but not the best suggestion is use extra parameter when POST like action. so you can check:
if(isset($_POST['action']) && $_POST['action']=='update') {
...
} elseif (isset($_POST['action']) && $_POST['action']=='create') {
...
} etc...
hope this will help you for now :-)
$sql = "INSERT INTO " . $tablename ." SET page_key=:page_key, title=:title, body=:body ";
$tablename is not in scope when the statement above is executed. And you've got no error handling in the code.
I'm working through a PHP starter book I just got along with code. I am stuck on this one example and I have no idea what's going on. Can someone help explain what is going on?
This class seems to get instantiated and the default case is to list the posts recorded to a database:
<?php
require_once('../includes/admin.php');
$admin_posts = new Posts;
When the class gets called, the default case loads options to pass the id and action to the php file above, then it will parse and call another method. In my case, i'm trying to delete a post, but I keep getting an error that says object not found.
<?php
session_start();
require_once('database.php');
class Adminpanel{
public function __construct(){
$inactive = 600;
if (isset($_SESSION["kickstart_login"])) {
$sessionTTL = time() - $_SESSION["timeout"];
if ($sessionTTL > $inactive) {
session_unset();
session_destroy();
header("Location: http://".$_SERVER['SERVER_NAME']."/login.php?status=inactive");
}
}
$_SESSION["timeout"] = time();
$login = $_SESSION['kickstart_login'];
if(empty($login)){
session_unset();
session_destroy();
header('Location: http://'.$_SERVER['SERVER_NAME'].'/login.php?status=loggedout');
}else{
$this->ksdb = new Database;
$this->base = (object) '';
$this->base->url = 'http://'.$_SERVER['SERVER_NAME'];
}
}
}
class Posts extends Adminpanel{
public function __construct(){
parent::__construct();
if(!empty($_GET['action'])){
switch ($_GET['action']){
case 'create':
$this->addPost();
break;
default:
$this->listPosts();
break;
case 'save':
$this->savePost();
break;
case 'edit':
echo "string";
$this->editPosts();
break;
case 'delete':
$this->deletePost();
break;
}
}else{
$this->listPosts();
}
}
public function listPosts(){
$posts = $return = array();
$query = $this->ksdb->db->prepare("SELECT * FROM posts");
try {
$query->execute();
for($i=0; $row = $query->fetch(); $i++){
$return[$i] = array();
foreach($row as $key => $rowitem){
$return[$i][$key] = $rowitem;
}
}
}catch (PDOException $e) {
echo $e->getMessage();
}
$posts = $return;
require_once('templates/manageposts.php');
}
public function editPosts(){
echo "string";
}
public function addPost(){
require_once('templates/newpost.php');
}
public function savePost(){
$status= '';
$array = $format = $return = array();
if(!empty($_POST['post'])){
$post = $_POST['post'];
}
if(!empty($post['content'])){
$array['content'] = $post['content'];
$format[] = ':content';
}
if(!empty($post['title'])){
$array['title'] = $post['title'];
$format[] = ':title';
}
$cols = $values = '';
$i=0;
foreach($array as $col => $data){
if($i==0){
$cols .= $col;
$values .= $format[$i];
}else{
$cols .= ','.$col;
$values .= ','.$format[$i];
}
$i++;
}
try {
$query = $this->ksdb->db->prepare("INSERT INTO posts(".$cols.") VALUES (".$values.")");
for($c=0;$c<$i;$c++){
$query->bindParam($format[$c], ${'var'.$c});
}
$z=0;
foreach($array as $col => $data){
${'var' . $z} = $data;
$z++;
}
$result = $query->execute();
$add = $query->rowCount();
}catch (PDOException $e) {
echo $e->getMessage();
}
$query->closeCursor();
$this->db = null;
if(!empty($add) && $add > 0){
$status = array('success' => 'Your post has been saved successfully.');
$key = 'success';
}else{
$status = array('error' => 'There has been an error saving your post. Please try again later.');
$key = 'error';
}
header("Location: ".$this->base->url."/posts.php?status=".$key);
}
public function deletePost(){
echo "string";
// if(!empty($_GET['id']) && is_numeric($_GET['id'])){
// $query = "DELETE FROM `posts` WHERE id = ".$_GET['id'];
// $result = $this->db->query($query);
// $delete = $result->rowCount();
// $this->db = null;
// if(!empty($delete) && $delete > 0){
// header("Location: ".$this->base->url."/posts.php?delete=success");
// }else{
// header("Location: ".$this->base->url."/posts.php?delete=error");
// }
// }
}
}
class Comments extends Adminpanel{
public function __construct(){
parent::__construct();
if(!empty($_GET['action']) && $_GET['action'] == 'delete'){
$this->deleteComment();
}else{
$this->listComments();
}
}
public function listComments(){
$comments = $return = array();
$query = $this->ksdb->db->prepare("SELECT * FROM comments");
try {
$query->execute();
for($i=0; $row = $query->fetch(); $i++){
$return[$i] = array();
foreach($row as $key => $rowitem){
$return[$i][$key] = $rowitem;
}
}
}catch (PDOException $e) {
echo $e->getMessage();
}
$comments = $return;
require_once('templates/managecomments.php');
}
public function deleteComment(){
if(!empty($_GET['id']) && is_numeric($_GET['id'])){
$query = "DELETE FROM `comments` WHERE id = ".$_GET['id'];
$result = $this->db->query($query);
$delete = $result->rowCount();
$this->db = null;
if(!empty($delete) && $delete > 0){
header("Location: ".$this->base->url."/comments.php?delete=success");
}else{
header("Location: ".$this->base->url."/comments.php?delete=error");
}
}
}
}
$admin = new Adminpanel();
I'm writing a class and handful of functions to connect to the database and retrieve the information from the tables. I went through previous posts having similar titles, but most of them have written using mysql functions and I am using mysqli functions.
I want somebody who can go through this simple script and let me know where I am making my mistake.
This is my class.connect.php:
<?php
class mySQL{
var $host;
var $username;
var $password;
var $database;
public $dbc;
public function connect($set_host, $set_username, $set_password, $set_database)
{
$this->host = $set_host;
$this->username = $set_username;
$this->password = $set_password;
$this->database = $set_database;
$this->dbc = mysqli_connect($this->host, $this->username, $this->password, $this->database) or die('Error connecting to DB');
}
public function query($sql)
{
return mysqli_query($this->dbc, $sql) or die('Error querying the Database');
}
public function fetch($sql)
{
$array = mysqli_fetch_array($this->query($sql));
return $array;
}
public function close()
{
return mysqli_close($this->dbc);
}
}
?>
This is my index.php:
<?php
require_once ("class.connect.php");
$connection = new mySQL();
$connection->connect('localhost', 'myDB', 'joker', 'names_list');
$myquery = "SELECT * FROM list";
$query = $connection->query($myquery);
while($array = $connection->fetch($query))
{
echo $array['first_name'] . '<br />';
echo $array['last_name'] . '<br />';
}
$connection->close();
?>
I am getting the error saying that Error querying the Database.
Few problems :-
you don't die without provide a proper mysql error (and is good practice to exit gracefully)
fetch method is only FETCH the first row
mysqli have OO method, why you still using procedural function?
The problem is either this:
public function fetch($sql)
{
$array = mysqli_fetch_array($this->query($sql));
return $array;
}
or this:
while($array = $connection->fetch($query))
Because you are using the result from the query to query again. Basically, you are doing:
$r = mysqli_query($this->dbc, $sql);
$array = mysqli_fetch_array(mysqli_query($this->dbc, $r));
And you are getting an error, because $r is not a query string. When it's converted to a string, it's a "1" (from your other comment).
Try changing the function to (changed name of variable so you can see the difference):
public function fetch($result)
{
return mysqli_fetch_array($result);
}
or just call the function directly.
If you don't do your own db abstraction for learning php and mysql, you can use Medoo (http://medoo.in/).
It's a free and tiny db framework, that could save a huge work and time.
Obviously an error occurs on SELECT * FROM list you can use mysqli_error to find the error:
return mysqli_query($this->dbc, $sql) or die('Error:'.mysqli_error($this->dbc));
This will display the exact error message and will help you solve your problem.
Try to check this
https://pramodjn2.wordpress.com/
$database = new db();
$query = $database->select(‘user’);
$st = $database->result($query);
print_r($st);
class db {
public $server = ‘localhost';
public $user = ‘root';
public $passwd = ‘*****';
public $db_name = ‘DATABASE NAME';
public $dbCon;
public function __construct(){
$this->dbCon = mysqli_connect($this->server, $this->user, $this->passwd, $this->db_name);
}
public function __destruct(){
mysqli_close($this->dbCon);
}
/* insert function table name, array value
$values = array(‘first_name’ => ‘pramod’,’last_name’=> ‘jain’);
*/
public function insert($table,$values)
{
$sql = “INSERT INTO $table SET “;
$c=0;
if(!empty($values)){
foreach($values as $key=>$val){
if($c==0){
$sql .= “$key='”.htmlentities($val, ENT_QUOTES).”‘”;
}else{
$sql .= “, $key='”.htmlentities($val, ENT_QUOTES).”‘”;
}
$c++;
}
}else{
return false;
}
$this->dbCon->query($sql) or die(mysqli_error());
return mysqli_insert_id($this->dbCon);
}
/* update function table name, array value
$values = array(‘first_name’ => ‘pramod’,’last_name’=> ‘jain’);
$condition = array(‘id’ =>5,’first_name’ => ‘pramod!’);
*/
public function update($table,$values,$condition)
{
$sql=”update $table SET “;
$c=0;
if(!empty($values)){
foreach($values as $key=>$val){
if($c==0){
$sql .= “$key='”.htmlentities($val, ENT_QUOTES).”‘”;
}else{
$sql .= “, $key='”.htmlentities($val, ENT_QUOTES).”‘”;
}
$c++;
}
}
$k=0;
if(!empty($condition)){
foreach($condition as $key=>$val){
if($k==0){
$sql .= ” WHERE $key='”.htmlentities($val, ENT_QUOTES).”‘”;
}else{
$sql .= ” AND $key='”.htmlentities($val, ENT_QUOTES).”‘”;
}
$k++;
}
}else{
return false;
}
$result = $this->dbCon->query($sql) or die(mysqli_error());
return $result;
}
/* delete function table name, array value
$where = array(‘id’ =>5,’first_name’ => ‘pramod’);
*/
public function delete($table,$where)
{
$sql = “DELETE FROM $table “;
$k=0;
if(!empty($where)){
foreach($where as $key=>$val){
if($k==0){
$sql .= ” where $key='”.htmlentities($val, ENT_QUOTES).”‘”;
}else{
$sql .= ” AND $key='”.htmlentities($val, ENT_QUOTES).”‘”;
}
$k++;
}
}else{
return false;
}
$del = $result = $this->dbCon->query($sql) or die(mysqli_error());
if($del){
return true;
}else{
return false;
}
}
/* select function
$rows = array(‘id’,’first_name’,’last_name’);
$where = array(‘id’ =>5,’first_name’ => ‘pramod!’);
$order = array(‘id’ => ‘DESC’);
$limit = array(20,10);
*/
public function select($table, $rows = ‘*’, $where = null, $order = null, $limit = null)
{
if($rows != ‘*’){
$rows = implode(“,”,$rows);
}
$sql = ‘SELECT ‘.$rows.’ FROM ‘.$table;
if($where != null){
$k=0;
foreach($where as $key=>$val){
if($k==0){
$sql .= ” where $key='”.htmlentities($val, ENT_QUOTES).”‘”;
}else{
$sql .= ” AND $key='”.htmlentities($val, ENT_QUOTES).”‘”;
}
$k++;
}
}
if($order != null){
foreach($order as $key=>$val){
$sql .= ” ORDER BY $key “.htmlentities($val, ENT_QUOTES).””;
}
}
if($limit != null){
$limit = implode(“,”,$limit);
$sql .= ” LIMIT $limit”;
}
$result = $this->dbCon->query($sql);
return $result;
}
public function query($sql){
$result = $this->dbCon->query($sql);
return $result;
}
public function result($result){
$row = $result->fetch_array();
$result->close();
return $row;
}
public function row($result){
$row = $result->fetch_row();
$result->close();
return $row;
}
public function numrow($result){
$row = $result->num_rows;
$result->close();
return $row;
}
}
The mysqli_fetch_array function in your fetch method requires two parameters which are the SQL result and the kind of array you intend to return. In my case i use MYSQLI_ASSOC.
That is it should appear like this:
public function fetch($sql)
{
$array = mysqli_fetch_array($this->query($sql), MYSQLI_ASSOC);
return $array;
}
**classmysql.inc.php**
<?php
class dbclass {
var $CONN;
function dbclass() { //constructor
$conn = mysql_connect(SERVER_NAME,USER_NAME,PASSWORD);
//$conn = mysql_connect(localhost,root,"","");
if(!$conn)
{ $this->error("Connection attempt failed"); }
if(!mysql_select_db(DB_NAME,$conn))
{ $this->error("Database Selection failed"); }
$this->CONN = $conn;
return true;
}
//_____________close connection____________//
function close(){
$conn = $this->CONN ;
$close = mysql_close($conn);
if(!$close){
$this->error("Close Connection Failed"); }
return true;
}
function error($text) {
$no = mysql_errno();
$msg = mysql_error();
echo "<hr><font face=verdana size=2>";
echo "<b>Custom Message :</b> $text<br><br>";
echo "<b>Error Number :</b> $no<br><br>";
echo "<b>Error Message :</b> $msg<br><br>";
echo "<hr></font>";
exit;
}
//_____________select records___________________//
function select ($sql=""){
if(empty($sql)) { return false; }
if(!eregi("^select",$sql)){
echo "Wrong Query<hr>$sql<p>";
return false; }
if(empty($this->CONN)) { return false; }
$conn = $this->CONN;
$results = #mysql_query($sql,$conn);
if((!$results) or empty($results)) { return false; }
$count = 0;
$data = array();
while ( $row = mysql_fetch_array($results)) {
$data[$count] = $row;
$count++; }
mysql_free_result($results);
return $data;
}
//________insert record__________________//
function insert ($sql=""){
if(empty($sql)) { return false; }
if(!eregi("^insert",$sql)){ return false; }
if(empty($this->CONN)){ return false; }
$conn = $this->CONN;
$results = #mysql_query($sql,$conn);
if(!$results){
$this->error("Insert Operation Failed..<hr>$sql<hr>");
return false; }
$id = mysql_insert_id();
return $id;
}
//___________edit and modify record___________________//
function edit($sql="") {
if(empty($sql)) { return false; }
if(!eregi("^update",$sql)){ return false; }
if(empty($this->CONN)){ return false; }
$conn = $this->CONN;
$results = #mysql_query($sql,$conn);
$rows = 0;
$rows = #mysql_affected_rows();
return $rows;
}
//____________generalize for all queries___________//
function sql_query($sql="") {
if(empty($sql)) { return false; }
if(empty($this->CONN)) { return false; }
$conn = $this->CONN;
$results = mysql_query($sql,$conn) or $this->error("Something wrong in query<hr>$sql<hr>");
if(!$results){
$this->error("Query went bad ! <hr>$sql<hr>");
return false; }
if(!eregi("^select",$sql)){return true; }
else {
$count = 0;
$data = array();
while ( $row = mysql_fetch_array($results))
{ $data[$count] = $row;
$count++; }
mysql_free_result($results);
return $data;
}
}
function extraqueries($sql="") {
if(empty($sql)) { return false; }
if(empty($this->CONN)) { return false; }
$conn = $this->CONN;
$results = mysql_query($sql,$conn) or $this->error("Something wrong in query<hr>$sql<hr>");
if(!$results){
$this->error("Query went bad ! <hr>$sql<hr>");
return false; }
else {
$count = 0;
$data = array();
while ( $row = mysql_fetch_array($results))
{ $data[$count] = $row;
$count++; }
mysql_free_result($results);
return $data;
}
}
}
?>
**config.inc.php**
<?php
ini_set("memory_limit","70000M");
ini_set('max_execution_time', 900);
ob_start();
session_start();
error_reporting(E_ALL & ~E_NOTICE & ~E_DEPRECATED);
############################################
# Database Server
############################################
if($_SERVER['HTTP_HOST']=="localhost")
{
define("DB_NAME","DB_NAME");
define("SERVER_NAME","SERVER_NAME");
define("USER_NAME","USER_NAME");
define("PASSWORD","PASSWORD");
}
else
{
define("DB_NAME","DB_NAME");
define("SERVER_NAME","SERVER_NAME");
define("USER_NAME","USER_NAME");
define("PASSWORD","PASSWORD");
}
#############################################
# File paths
#############################################
// For the Database file path
include("system/classmysql.inc.php");
//For the inc folders
define("INC","inc/");
//For the Function File of the pages folders
define("FUNC","func/");
//For the path of the system folder
define("SYSTEM","system/");
$table_prefix = 'dep_';
################################################################
# Database Class
################################################################
$obj_db = new dbclass();
?>
**Function Page**
<?php
// IF admin is not logged in
if(!isset($_SESSION['session_id']))
{
header("location:index.php");
}
$backpage = 'page.php?type=staff&';
if(isset($_REQUEST['endbtn']) && trim($_REQUEST['endbtn']) == "Back")
{
header("location:".$backpage);
die();
}
// INSERT into database.
if(isset($_REQUEST['submit']) && trim($_REQUEST['submit']) == "Submit")
{
$pass = addslashes(trim($_REQUEST['password']));
$password = encrypt($pass, "deppro");
$username = addslashes(trim($_REQUEST['username']));
$sql = "select * from ".$table_prefix."users where `UserName` ='".$username."'";
$result = $obj_db->select($sql);
if(count($result) == 0)
{
$insert="INSERT INTO ".$table_prefix."users (`UserName`)VALUES ('".$username."')";
$sql=$obj_db->insert($insert);
$newuserid = mysql_insert_id($obj_db->CONN);
}
header("location:".$backpage."msg=send&alert=2");
die();
}
// DELETE record from database
if(isset($_REQUEST['action']) && trim($_REQUEST['action'])==3)
{
if(isset($_REQUEST['id']) && trim($_REQUEST['id']!=""))
{
$id = site_Decryption($_REQUEST['id']);
$sql_del = "Delete from ".$table_prefix."users where StaffID ='$id'";
$del = $obj_db->sql_query($sql_del);
header("location:".$backpage."msg=delete&alert=2");
die();
}
}
// UPDATE the record
$action=1;
if((isset($_REQUEST['action']) && trim($_REQUEST['action'])==2) && (!(isset($_REQUEST['submit']) && trim($_REQUEST['submit']) == "Submit")))
{
if(isset($_REQUEST['id']) && trim($_REQUEST['id']!=""))
{
$id = site_Decryption($_REQUEST['id']);
//$id = $_SESSION['depadmin_id'];
$sql = "select * from ".$table_prefix."users where StaffID ='$id'";
$result = $obj_db->select($sql);
if($result)
{
foreach($result as $row)
{
$title = stripslashes($row['StaffTitle']);
$action=2;
}
}
if(isset($_REQUEST['submit']) && trim($_REQUEST['submit']) == "Update")
{
$title = addslashes(trim($_REQUEST['title']));
$sql_upd ="UPDATE ".$table_prefix."users SET `StaffTitle` = '$title' WHERE StaffID ='$id'";
$result = $obj_db->sql_query($sql_upd);
$action=1;
header("location:".$backpage."msg=edited&alert=2");
die();
}
}
}
if(isset($_REQUEST['vid']) && trim($_REQUEST['vid']!=""))
{
$id = site_Decryption($_REQUEST['vid']);
$sql = "select * from ".$table_prefix."users where StaffID ='$id'";
$result = $obj_db->select($sql);
if($result)
{
foreach($result as $row)
{
$username = stripslashes($row['UserName']);
}
}
}
?>
<td class="center"><span class="editbutton"> </span> <span class="deletebutton"> </span> <a class="lightbox" title="View" href="cpropertyview.php?script=view&vid=<?php echo site_Encryption($sql[$j]['PropertyID']); ?>&lightbox[width]=55p&lightbox[height]=60p"><span class="viewbutton"> </span></a></td>