I'm trying to use form processing to make a specific database query. I set the form to $name and am trying to process $sql = "SELECT * FROM quotes WHERE qSymbol = $name ORDER BY qQuoteDateTime DESC"
What is the best way to do this?
<form action="post.php" method="post">
<span></span><input type = "text" value=" " name="boxy" />
<br/><input type="submit" name="submit" value="Enter" />
</form>
<?php
$name = $_POST['boxy'];
if(isset($_POST['boxy'])){
error_reporting(E_ALL ^ E_DEPRECATED);
$con = mysql_connect('...');
if (!$con){
die("Cannot connect : " . mysql_error());
}
mysql_select_db('quotesdb',$con);
$sql = "SELECT * FROM quotes WHERE qSymbol = '$name' ORDER BY qQuoteDateTime DESC";
$myData = mysql_query($sql,$con);
echo "<table border = 1>
<tr>
<th>Data</th>
<th>Last</th>
<th>Change</th>
<th>% Chg</th>
<th>Volume</th>
</tr>";
while ($record = mysql_fetch_array($myData)){
echo "<tr>";
echo "<td>" . $record['qQuoteDateTime'] . "</td>";
echo "<td>" . $record['qLastSalePrice'] . "</td>";
echo "<td>" . $record['qNetChangePrice'] . "</td>";
echo "<td>" . $record['qNetChangePct'] . "</td>";
echo "<td>" . $record['qShareVolumeQty'] . "</td>";
echo "</tr>";
echo "</table>";
mysql_close($con);
}
You will still need single quotes around the variable unless it's a number
$sql = "SELECT * FROM quotes WHERE qSymbol = '$name' ORDER BY qQuoteDateTime DESC";
Related
I have a table which displays
-Staff ID (Primary Key)
-Staff Name
-Staff Position
All the data loads in to my grid, the grid has an update button witch should let me to update it but it returns original result after clicking update.
<html>
<head>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "root", "");
if (!$conn){
die("Can not connect: " . mysql_error());
}
mysql_select_db("pizza_shop",$conn);
if (isset($_POST['submit']) && $_POST['submit'] == 'update'){
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
mysql_query($UpdateQuery);
}
$sql = "SELECT * FROM staff";
$myData = mysql_query($sql, $conn);
echo "<table border=1>
<tr>
<th>Staff Name<th>
<th>Staff Position<th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=#edit_staff.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name =staffname value=" . $record['StaffName'] ." </td>";
echo "<td>" . "<input type=text name =staffposition value=" . $record['Position'] ." </td>";
echo "<td>" . "<input type=hidden name=hiddenid value=" . $record['StaffID'] . "</td>";
echo "<td>" . "<input type=submit name = update values=Update" . "</td>";
echo "</form>";
}
echo "</table>";
$conn = null;
?>
</body>
</html>
You need to change your update query from
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
to
$UpdateQuery = "UPDATE staff SET StaffName='".$_POST['staffname']."', Position='".$_POST['staffposition']."' WHERE StaffID='".$_POST['hiddenid']."'";
What you were doing is $_POST[staffname] which must be like as $_POST['staffname'] and always try to check using error_reporting(E_ALL) function and need to check that your values are set or not
I'm trying to update a table given user input. Once the user hits submit on the form, I want the WHERE portion of my query to reflect the zip code entered by the user. Here is what I have so far, but it doesn't work. Any help would be greatly appreciated!
<form id="user-location" method="post" action="#">
<input id="addressInput" name="addressInput" type="text">
<input id="submit" onclick="searchLocations()" value="GO" type="button">
</form>
<?php
$con=mysqli_connect("localhost","######","######","######");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM Prospects WHERE zip = 'echo $_POST['addressInput']'");
echo "<table width='540' cellpadding='0' border='0' cellspacing='0'>
<tr>
<th>Under 4</th>
<th>5 - 9</th>
<th>10 - 14</th>
<th>15 - 17</th>
<th>18 - 20</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['cy_pop_04'] . "</td>";
echo "<td>" . $row['cy_pop_59'] . "</td>";
echo "<td>" . $row['cy_pop_1014'] . "</td>";
echo "<td>" . $row['cy_pop_1517'] . "</td>";
echo "<td>" . $row['cy_pop_1820'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
Change <input id="submit" onclick="searchLocations()" value="GO" type="button"> to <input id="submit" value="GO" type="submit" name="submit"> then use a conditional statement.
I.e.: if(isset($_POST['submit']))
Here is a prepared statement method.
The way you're doing it now (or intended to use), will leave you open to SQL injection.
<?php
$con=mysqli_connect("localhost","######","######","######");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_POST['submit'])){
$zip = $_POST['addressInput'];
if($query = $con->prepare("SELECT * FROM Prospects WHERE zip=?")){
$query->bind_param("s", $zip);
$query->execute();
}
echo "<table width='540' cellpadding='0' border='0' cellspacing='0'>
<tr>
<th>Under 4</th>
<th>5 - 9</th>
<th>10 - 14</th>
<th>15 - 17</th>
<th>18 - 20</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['cy_pop_04'] . "</td>";
echo "<td>" . $row['cy_pop_59'] . "</td>";
echo "<td>" . $row['cy_pop_1014'] . "</td>";
echo "<td>" . $row['cy_pop_1517'] . "</td>";
echo "<td>" . $row['cy_pop_1820'] . "</td>";
echo "</tr>";
}
echo "</table>";
} // closing brace for if(isset($_POST['submit']))
mysqli_close($con);
?>
Footnotes:
Do not do or use this:
WHERE zip = 'echo $_POST['addressInput']'
^^^^ ^ ^
It's always better using prepared statements when using mysqli_* functions.
Here is a tutorial on using prepared statements.
I am having problem in getting values from db. Iam new in php
I am using checkboxes to get values from database. Only checked values should be printed.
<form method="POST" action="gradoviexport.php" id="searchform">
<div id="GRADOVI BIH">
<h3>GRADOVI BOSNE I HERCEGOVINE</h3><hr/>
<input type="checkbox" name="gradovi[]" value="sarajevo"> Sarajevo
<input type="checkbox" name="gradovi[]" value="banovici"> Banovići
<input type="checkbox" name="gradovi[]" value="banjaluka"> Banja Luka
<input type="checkbox" name="gradovi[]" value="bihac"> Bihać
<input type="checkbox" name="gradovi[]" value="bileca"> Bileća
</div>
<div id="snimi">
<input type="submit" name="submit" value="EXPORT">
</div>
</form>
If Sarajevo is checked I want to print values from database. It does not have to be only one value checked If all values are checked it should print all values.
$con=mysqli_connect("$host","$username","$password", "$database");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//connecting to db
$variable=$_POST['grad'];
foreach ($variable as $variablename)
{
$sql_select="SELECT * FROM `clanovi` WHERE `GRAD` = $variablename " ;
$queryRes = mysql_query($sql_select);
print"$sql_select";
}
echo "<table border='5'>
<tr>
<th>IME</th>
<th>PREZIME</th>
<th>FIRMA</th>
<th>ADRESA</th>
<th>TELEFON</th>
<th>FAX</th>
<th>MOBITEL</th>
<th>EMAIL </th>
<th>WEB_STRANICA </th>
<th>GRAD </th>
<th>KATEGORIJA </th>
</tr>";
while($row = mysqli_fetch_array($queryRes))
{
echo "<tr>";
echo "<td>" . $row['IME'] . "</td>";
echo "<td>" . $row['PREZIME'] . "</td>";
echo "<td>" . $row['FIRMA'] . "</td>";
echo "<td>" . $row['ADRESA'] . "</td>";
echo "<td>" . $row['TELEFON'] . "</td>";
echo "<td>" . $row['FAX'] . "</td>";
echo "<td>" . $row['MOBITEL'] . "</td>";
echo "<td>" . $row['EMAIL'] . "</td>";
echo "<td>" . $row['WEB_STRANICA'] . "</td>";
echo "<td>" . $row['GRAD'] . "</td>";
echo "<td>" . $row['KATEGORIJA'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
Assume you posted gradovi[] array values to submitted page.
Submit page:
$grad = array();
$grad = $_POST['gradovi']; //get array value
$grad = implode(',',$grad); //convert it into comma separated string
//Insert it into data base
Getting from database:
//fetch the gradovi field from the db like below
echo $row['gradovi']; // print all values
or
$grad = explode(',',$row['gradovi']);
foreach($grad as $check) {
echo $check; //print one by one
}
There is few errors in your code.
There is no escaping of the string from POST data. Use mysqli_real_escape_string
There is an error in your while loop. You redefining mysql query result.
Fixed code:
//connecting to db
$variable=$_POST['grad'];
foreach($variable as $key => $val) {
$variable[$key] = mysql_escape_string($val);
}
$sql_select="SELECT * FROM `clanovi` WHERE `GRAD` IN ('" . implode("','", $variable) . "')" ;
$queryRes = mysql_query($sql_select);
print"$sql_select";
Guys I cant see why it is that my code will only Update the last row on the table. It will populate the entire HTML page with a table with the info from phpAdmin. I can then change this info, on the html page. It all works fine if there is only one record, anymore than one and it only takes effect on the last row. I am new to all this, so excuse the code, here it is......
<html>
<?php
$con = mysql_connect("localhost","root");
if(!$con){
die("Cant get there Bren: " . mysql_error());
}
mysql_select_db("Web_Data",$con);
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Vehicles SET Vehicle_Id='$_POST[Vehicle_Id]',
Registration='$_POST[Registration]',Make='$_POST[Make]',Model='$_POST[Model]',
Classification='$_POST[Classification]',Rental_Price='$_POST[Rental_Price]',
Current_Status='$_POST[Current_Status]',Mileage='$_POST[Mileage]'
WHERE Vehicle_Id='$_POST[hidden]'";
echo "<center> Vechicle Id '$_POST[hidden]' succesfully VEHICLE UPDATED </center>";
mysql_query($UpdateQuery, $con);
};
$sql = "Select * From Vehicles";
$myData = mysql_query($sql,$con);
echo" <center> <table border = 3>
<tr>
<th>Vehicle_Id</th>
<th>Registration</th>
<th>Make</th>
<th>Model</th>
<th>Classification</th>
<th>Rental_Price</th>
<th>Current_Status</th>
<th>Mileage</th>
</tr></center>";
while($record = mysql_fetch_array($myData)){
echo "<form action = UpdateWD.php method=post>";
echo "<tr>";
echo "<td>" . "<input type = text name = Vehicle_Id value=" . $record['Vehicle_Id'] . " </td>";
echo "<td>" . "<input type = text name = Registration value=" . $record['Registration'] . " </td>";
echo "<td>" . "<input type = text name = Make value=" . $record['Make'] . " </td>";
echo "<td>" . "<input type = text name = Model value=" . $record['Model'] . " </td>";
echo "<td>" . "<input type = text name = Classification value=" . $record['Classification'] . " </td>";
echo "<td>" . "<input type = text name = Rental_Price value=". $record['Rental_Price'] . " </td>";
echo "<td>" . "<input type = text name = Current_Status value=" . $record['Current_Status'] . " </td>";
echo "<td>" . "<input type = text name = Mileage value=" . $record['Mileage'] . " </td>";
echo "<td>" . "<input type = hidden name = hidden value=" . $record['Vehicle_Id'] . " </td>";
echo "<td>" . "<input type = submit name = update value= update" . " </td>";
echo "</from>";
}
echo"</table>";
mysql_close($con);
?>
<br><br><br>
<footer>
Copyright © 2013 ABU LTD
About -
Privacy Policy -
Contact Us
Logout
</footer> <!--footer-->
</html>
See here:
Use while loop to display all fetched records.
<?php
// Make a MySQL Connection
$sql = "Select * From Vehicles";
$myData = mysql_query($sql,$con) or die(mysql_error());
while($row = mysql_fetch_array($myData)){
echo $row['Vehicle_Id'];
}
?>
And mysql_query can't use multiple queries.
The easiest thing is to just run them separately. I believe you can do multi query but I haven't tried it.
Just get the idea how you can run multiple queries using foreach loop.
$updateArray = array(21=>300,23=>200,24=>100);
foreach($updateArray as $id=>$value)
{
$query = "UPDATE cart SET cart_qty='$value' WHERE cart_id = '$id'";
mysql_query($query,$link);// $link is specified above
}
here is my mistake
hours and hours and all it was
echo "<td>" . "<input type = 'submit' name = 'update' value= 'update'" . " />";
echo "</td>";
echo "</tr>";
echo "</form>";
had "form" spelt "from" & didnt close the </tr>
Question: What to do to fix my problem on handling the session because it is returning an incorrect value.
Situation: I'm having problem on this session variable from the table. I added data from database to a table using while loop. Here is my code:
<form action="edit2.php" method="get">
<?php
$link = mysql_connect("localhost", "root", "root");
mysql_select_db("ispot", $link);
$result4 = mysql_query("SELECT * FROM user_ispot", $link);
$num_rows = mysql_num_rows($result4);
$result = mysqli_query($con,"SELECT * FROM complaints");
echo "<table border='1'>
<tr>
<th>Id Number</th>
<th>Category</th>
<th>Problem</th>
<th>Date Reported</th>
<th>Complaint ID </th>
<th>Action</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td name=id_num>" . $row['id_number'] . "</td>";
$_SESSION['favcolor'] = "$row[id_number]";
echo "<td name=remarks>" . $row['remarks'] . "</td>";
echo "<td name=status>" . $row['status'] . "</td>";
echo "<td name=date>" . $row['date_reported'] . "</td>";
echo "<td>" . "<INPUT TYPE = text Name = cid VALUE = " . $row['complaint_id'] . ">" . "</td>";
echo "<td>" . "<INPUT TYPE = Submit Name = Submit1 VALUE =Edit>" . "</td>";
echo "</tr>";
}
echo "</table>" ;?>
And it looks like this:
As you can see, there is the edit button, where I can edit a specific row in the table.
When I press the edit button, this will show:
Notice that the User ID is wrong, what can I do to fix it? because the user id that is being post here was the last user_id that was inserted in the table.
And here is my code for the second image:
<b>Date:</b> <input type='text' name='today' placeholder='<?php echo $today ?>' disabled='disabled'> <br><br>
<b>User ID:</b> <input type='text' disabled='disables' name='userid' placeholder='<?php
//$comid = $_GET["cid"];
//echo $userid;
echo $_SESSION['userid'];
//$result = mysqli_query($con,"SELECT * FROM complaints WHERE id = XXX");
//$row = mysqli_fetch_assoc($result);
//print_r($row);
//$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
//$result2 = mysql_query("SELECT * FROM complaints", $link);
//while($row = mysql_fetch_assoc($result2))
//{
//echo $row['id_number'];
//}
?>'></br><br>
Any help would be appreciated. Thank you.
i replaced the button with a link, used it to pass the value when edit is clicked, catch the value with a get and it works for me.
in edit.php
echo "<td> <a href = 'edit2.php?id=$num_id'>Edit</a></td>";
in edit2.php
$id = $_GET['id'];
<b>User ID:</b> <input type='text' disabled='disables' name='userid' value = '<?php echo $id;?>'></input type>
$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
$result2 = mysql_query("SELECT * FROM complaints", $link);
You must use just one of them this rows. I think problem is the second row. This query not choose the "id" that is "comid".
Your first query row is enough:
$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);