This is my script and it's displaying a blank, I have no idea what the problem is. HELP!!!! #new to PHP
<?php include "connection.php";
// Get the ID from URL.
if(isset($_GET['id']));
$id = $_GET['id'];
$query="SELECT * FROM module WHERE id= '$id'";
$result= mysqli_query($m, $query);
while ($row = mysqli_fetch_array($result)){
$title=$row['title'];
$level=$row['level'];
$credits=$row['credits'];
$school=$row['school'];
echo $title. " " . $level. " " . $credits. "<br />";
}
?>
Error:
You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near 'WHERE id= 'Careers'' at line 1
One obvious problem here is that you've included an "end of statement" character being a semi-colon.
The semi-colon (if that isn't a typo), is doing just that, "ending" the statement.
if(isset($_GET['id']));
^ right there.
It should be a brace { for it instead and to read as:
if(isset($_GET['id'])){
and there should be a closing brace } for that conditional statement for it.
Sidenote: The semi-colon is considered a valid character in PHP, which won't throw you an error for it, should the GET array have a value.
However, you should check for errors for the rest of your code.
Add error reporting to the top of your file(s) right after your opening PHP tag
for example <?php error_reporting(E_ALL); ini_set('display_errors', 1); then the rest of your code, to see if it yields anything,
as well as or die(mysqli_error($m)) to mysqli_query().
While making sure you are indeed using the MySQLi_ API to connect with (different MySQL APIs do not intermix) and that the GET array has a value.
Here's a rewrite, and assuming a successful DB connection using the MySQLi_ API for it.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
if(isset($_GET['id'])){
$id = $_GET['id'];
} else{
echo "ID is not set. You need to investigate it.";
exit; // This will stop your script, dead in its tracks.
}
$query="SELECT * FROM module WHERE id= '$id'";
$result= mysqli_query($m, $query) or die(mysqli_error($m));
while ($row = mysqli_fetch_array($result)){
$title=$row['title'];
$level=$row['level'];
$credits=$row['credits'];
$school=$row['school'];
echo $title. " " . $level. " " . $credits. "<br />";
}
References:
http://php.net/manual/en/function.mysqli-connect.php
http://php.net/manual/en/mysqli.error.php
Edit:
Taken from comments:
"this is my query, $query="SELECT id, title module WHERE id= '$id'"; – user5579012 38 mins ago"
Link to that comment...
That isn't what was posted in your original question.
You posted SELECT * FROM module WHERE id= '$id'.
You have a syntax error here, being a missing comma after title.
It should read as:
$query="SELECT id, title, module WHERE id= '$id'";
All columns need to be seperated by commas but not the last one being module here.
Ensure everything is ok. Echo errors if possible.
<?php include "connection.php";
// Get the ID from URL.
if(isset($_GET['id'])){
$id = $_GET['id'];
$query="SELECT * FROM module WHERE id= '$id'";
$result= mysqli_query($m, $query);
if($result){ //query is ok
if(mysqli_num_rows($result) > 0){//check if a record exists
while ($row = mysqli_fetch_array($result)){
$title=$row['title'];
$level=$row['level'];
$credits=$row['credits'];
$school=$row['school'];
echo $title. " " . $level. " " . $credits. "<br />";
}
}else{ //no result found
echo "no results found!";
}
}else{ //some error in querying
echo mysqli_error($m);
}
}
?>
Related
I am using this SQL query in a link to retrieve data from database
<div class="nav-laptop">Laptop
and display it using
$sql = $_REQUEST['upit'];
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<div class='proizvodi'>";
// output data of each row
$result->data_seek(0);
while($row = $result->fetch_assoc()) {
echo "<div class='row'>";
foreach($row as $key => $value){
echo "<div class='" . $key . "'>" . $value . "</div>";
}
echo "</div>";
echo "<hr />";
}
echo "</div>";
}
else {
echo "<div class='search-query-none'><img src='index/no result.png' width='754' height='198' /></div>";
}
I realized this is very vulnerable and that I should use POST method to hide parameters from URL. I tried reading online forums, but I found nothing that would help me to convert this to POST way of retrieving data.
So, how do I use POST method to achieve the same result as I am achieving right now using GET?
This will give you a general idea on how to do this.
HTML form:
<form method="post" action="your_handler.php">
<input type = "text" name = "search_query">
<input type = "submit" name = "submit" value = "Search">
</form>
SQL/PHP and assuming a successful connection using the MySQLi API.
$conn = mysqli_connect("your_host", "user", "password", "db");
if (!$conn) {
echo "Error: Unable to connect to MySQL." . PHP_EOL;
echo "Debugging errno: " . mysqli_connect_errno() . PHP_EOL;
echo "Debugging error: " . mysqli_connect_error() . PHP_EOL;
exit;
}
if(isset($_POST['submit'])){
if(!empty($_POST['search_query'])){
$search_query = mysqli_real_escape_string($conn, $_POST['search_query']);
$result = mysqli_query($conn, "SELECT * FROM TABLE WHERE col = '$search_query' ");
if(!$result) { echo "Error: " . mysqli_error($conn); }
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
// perform what you want here
// and check for errors on your query
}
}
}
}
You can substitute SELECT * with the said columns also.
Ideally, a prepared statement is nice to work with.
http://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/pdo.prepared-statements (if you want to look into PDO).
Sidenote: Do not intermix different MySQL APIs such as mysqli_ with PDO. They just don't mix together.
Check for errors also against your query:
http://php.net/manual/en/mysqli.error.php
Add or die(mysqli_error($conn)) to mysqli_query().
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// Then the rest of your code
Sidenote: Displaying errors should only be done in staging, and never production.
Plus, make sure that no whitespace gets introduced into your input, otherwise your query may fail.
Use trim() against the input.
You don't need to use POST for a SELECT query. You can, but it's really better suited for INSERT / UPDATE / DELETE, things that actually change your data. A possible advantage to using a link like that for search results is that it can be saved, bookmarked, emailed, etc., where a form submission cannot. But you are right that putting your entire query into a link like that definitely is extremely vulnerable.
Instead of passing the entire query through the link, you can just pass the parameters, like this:
Laptop
Then in your display code you can use a prepared statement and safely bind the parameter:
$kategorija = $_GET['kategorija'];
$sql = 'SELECT Slika, Naziv, Opis, Cijena FROM Proizvodi
WHERE Kategorija=? ORDER BY Proizvodac';
$stmt = $conn->prepare($sql);
$stmt->bind_param("s", $kategorija);
$stmt->execute();
// etc.
I'm trying to update text I've selected and displayed in a TextArea to my database. The text is selected and displayed so nothing wrong with the connection.php. But when I change the text and press save it does not update the text in the database, however it shows that the data is stored in the variables $tekstArea and $tekstIDArea. Could anyone help me out?
Here is my code:
<?php
session_start();
include "connection.php";
?>
<?php
//Get Resulsts from database
$query = "SELECT * FROM tekst";
$result = mysqli_query($conn, $query);
while ($row = mysqli_fetch_array($result)) {
$tekstID = $row['tekstID'];
$text = $row['text'];
echo "<form method='POST' action=''>
<input name='tekstIDArea' value=" . $tekstID . ">
<br />
<textarea name='textArea' rows='20'>" . $text . "</textarea>
<br />
<button type='submit' name='submit' class='btn'>Save</button><br /><br />";
}
if (isset($_POST['submit'])) {
$tekstArea = $_POST['textArea'];
$tekstIDArea = $_POST['tekstIDArea'];
$sql = "UPDATE tekst SET 'text' = '$tekstArea'";
$res = mysqli_query($conn, $sql);
if(!$res)
{
echo "Could not update" . mysql_error() . "<br />";
echo $tekstArea . "<br />";
echo $tekstIDArea . "<br />";
}
mysqli_close($conn);
}
?>
Thanks in advance,
Ahnkheg
EDIT: Added form closing tag.
Changed mysql_error() to mysqli_error($conn).
"Okay, that fixed my error output! Thank you! The error I'm getting is: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ''text' = 'test'' at line 1. – Ahnkheg"
This line:
$sql = "UPDATE tekst SET 'text' = '$tekstArea'";
The text column has regular quotes and isn't the correct identifiers. This is a column and not a value.
Either use ticks:
$sql = "UPDATE tekst SET `text` = '$tekstArea'";
or remove them:
$sql = "UPDATE tekst SET text = '$tekstArea'";
Sidenote: Your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.
You also have a missing </form> tag. That will have adverse effects. You're also mixing with mysql_error(). That should be mysqli_error($conn).
Those different MySQL APIs do not intermix with each other.
I have multiple links on a page where each link is suppose to return a specific row of data from a database. When the link is clicked, the user is forwarded to another page where the info associated with that link is displayed. Here is the code:
//db connection: (using xampp)
mysql_connect('localhost', 'root', '');
mysql_select_db('db_name');
$sql = "SELECT * FROM user_input";
$records = mysql_query($sql);
//code:
<div>
$open_report = mtsql_fetch_assoc($records);
echo "Error Report# {$open_report['id']};
echo "<p>" .$open_report['comments'] . "</p>";
</div>
The problem is it always returns the same row of data. Each row in the db is associated with a link and when that link is clicked I want to return the associated row of data in the db. I think it may have to do with this line: $sql = "SELECT * FROM user_input"; but I'm not sure how to fix it. If anyone can help it would be greatly appreciated.
I have restructured my answer to give it a better flow. I also noticed you are using mysql_ not mysqli_ . You need to use mysqli_ as mysql is depreciated.
EDIT: This would be the page that displays all the error reports. You would want to output them in the form of a hyperlink that passes a GET parameter to the page that shows the details.
$sql = "SELECT ID, Description, etc, etc from reports";
$open_reports = mysqli_query($sql);
//error check here as well if ANY results were returned
while($row = mysqli_fetch_array($open_reports, MYSQLI_ASSOC)) {
echo ''' . $open_reports['Description'] . '';
}
This will give you links that look like
detailspage.php?id=1 detailspage.php?id=2
etc...
On the "detailspage.php" You can capture that ID and display dynamic information on that same page.
if (isset($_GET['ID'])){
$sql = "Select * from user_input where ID='" . $_GET['id'] . "'";
$records = mysqli_query($sql)
while($open_report = mysqli_fetch_array($records, MYSQLI_ASSOC)) {
echo "Error Report# " . $open_report['id'] . "<br/>";
echo "<p>" .$open_report['comments'] . "</p>";
}
}
I am still a beginner with php and MySQL. I am having trouble getting rows from my database to display in an html select drop down box. I have researched it and it seems like my code should be good. The campaigns table as a row titled name. This is the row I am wanting to echo into the drop down. The drop down shows, however there is no content in it. Not sure what I am missing here...
Here is the code
<?php
$con=mysqli_connect("localhost","username","password","db_name");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"SELECT * FROM campaigns");
echo '<select name="campaignChange">';
while ($row = mysql_fetch_array($query)) {
echo "<option value='" . $row['name'] ."'>" . $row['name'] ."</option>";
}
echo '</select>';
?>
You are mixing mysql and mysqli syntax.
You should change:
$query = mysql_query($con,"SELECT * FROM campaigns");
to:
$query = mysqli_query($con,"SELECT * FROM campaigns");
and:
while ($row = mysql_fetch_array($query)) {
to:
while ($row = mysqli_fetch_array($query)) {
By the way, you should add error handling. If you add this to the top:
mysqli_report(MYSQLI_REPORT_ALL);
mysqli will throw exceptions so you will always know what goes wrong exactly. As long as you use mysqli functions of course...
Ok, so I'm trying to make some simple code to display news articles from a MySQL server but all I get is a completely blank middle part of the page where the news articles are supposed to be. Here is the code:
<?
$query = "SELECT ID, header, content FROM news ORDER BY ID DESC";
$result = mysql_query($query);
while($row = mysql_fetch_array($result))
{
echo "<div class=\"newsItem\">";
echo "<h2>" . $row['header'] . "</h2>";
echo "<p>" . $row['content'] . "</p>";
echo "</div>";
}
?>
The problem seems to be with the while loop. If I write echo "WTF"; outside the loop it will show but if i write it inside it wont show. I'm not really good at PHP so I'm puzzled. ID is INT and Primary Key, header is VARCHAR(255) and content is TEXT. Any Ideas? Also the connect scrips works cuz I dont get error messages when it dies.
Try adding an error catch:
$query = "SELECT ID, header, content FROM news ORDER BY ID DESC";
$result = mysql_query($query) or die(mysql_error());
OR you have no results. so add somthing for that:
if(mysql_num_row($result) > 0){
while($row = mysql_fetch_array($result))
{
echo "<div class=\"newsItem\">";
echo "<h2>" . $row['header'] . "</h2>";
echo "<p>" . $row['content'] . "</p>";
echo "</div>";
}
}
else {echo 'no results';}
You either have no records in your news table or displaying warnings isn't enabled (slap)
There aren't any news in news table
One or more columns are missing
Table news does not exists
in your case, try to replace your 2nd line with
$query = "SELECT ID, content FROM news ORDER BY ID DESC";
You may have a database rights issue or your query may have an error but the error isn't being displayed.
If you don't have display_errors turned on in your php.ini, you should take a look in the web server error log file to see if an error is being logged when you connect to the MySql database.
You could also try:
ini_set('display_errors', 1);
At the top of your script which will force any database connection or query errors to be displayed in the resulting web page.
NOTE: This is a feature to support your development and should never be used on production systems.