This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
I'm a new in PHP coding and this is one assignment that I have to do.
I have included DB Connect already in the file but these are codes I use in this assignment which is able to edit the job advertisement data.
This is advertisement table file.
$result = mysql_query("SELECT * FROM advertisement");
<TABLE border ='1'>
<table style="width:100%">
<tr>
<th>Advertisement ID</th>
<th>Position</th>
<th>Start Date</th>
<th>End Date</th>
<th></th>
<th></th>
</tr>
<?php
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){
echo "<TR>";
echo "<TD>".$row['Ad_ID']."</TD>";
echo "<TD>".$row['Position_Name']."</TD>";
echo "<TD>".$row['Start_date']."</TD>";
echo "<TD>".$row['End_date']."</TD>";
echo "<TD><a href='edit-advertisement.php?ad_id=".$row['Ad_ID']."'>Edit</a></TD>";
echo "<TD><a href='delete-advertisement.php?ad_id=".$row['Ad_ID']."'>Delete</a></TD>";
echo "</TR>";
}
?>
And this is edit-advertisement.php file.
$result = mysql_query("SELECT * FROM advertisement WHERE Ad_ID='".$_REQUEST['ad_id']."'");
$row = mysql_fetch_array($result, MYSQL_ASSOC);
<form name = 'edit-advertise-form' method = 'POST' action = 'confirm-edit-adv.php'>
<br >
<input type='hidden' name='ad_id' value='<?=$row['Ad_ID']?>'>
Advertisement ID : <?=$row['Ad_ID']?><br><br />
Position to be recruited : <input type = "Textbox" Name = "Pos_Name" value = '<?=$row['Position_Name']?>'><br><br>
Job Description: <br ><br /> <textarea name="Job_Des" rows="5" cols="40" value = '<?=$row['Ad_Job_Description']?>'> </textarea><br><br>
Job Qualification: <br ><br /> <textarea name="Job_Quali" rows="5" cols="40" value = '<?=$row['Ad_Job_Qualification']?>'> </textarea><br><br>
Skill required: <br ><br /> <textarea name="Skill_Req" rows="5" cols="40"value = '<?=$row['Ad_Skill_Required']?>'> </textarea><br><br>
Salary offer: <input type = "Textbox" Name = "Salary" value = '<?=$row['Position_Salary_Detail']?>'><br><br>
Start date :
<SELECT name='s_day'>
<?php
$i = 1 ;
while($i<=31) {
?>
<OPTION value = '<?php echo $i;?>' > <?php echo $i;?> </OPTION>
<?php $i++; }
?>
</SELECT>
<SELECT name='s_month' >
<?php
$month = array( 1=> JANUARY,FEBRUARY,MARCH,APRIL,MAY,JUNE,JULY,AUGUST,SEPTEMBER,OCTOBER,NOVEMBER,DECEMBER);
$i = 1;
foreach ($month as $m){
?>
<OPTION value = '<?php echo $i;?>' > <?php echo $m;?> </OPTION>
<?php
$i++;}
?>
</SELECT>
<SELECT name = 's_year'>
<?php
$curYear = getdate();
for($year = 2016 ; $year <= $curYear['year']; $year++){
?>
<OPTION value = '<?php echo $year;?>'> <?php echo $year;?> </OPTION>
<?php
}
?>
</SELECT>
End date -> Same as Start date
<input type = 'Submit' name = 'edit-adv' value = 'Update'><br><br>
<button onclick="goBack()">Back</button>
</form>
And finally the update function page
$ad_id = $_POST["ad_id"];
$pos_name = $_POST["Pos_Name"];
$job_des = $_POST["Job_Des"];
$job_qua = $_POST["Job_Quali"];
$skill_req = $_POST["Skill_Req"];
$salary = $_POST["Salary"];
$s_date = $_POST["s_year"].'/'.$_POST["s_month"].'/'.$_POST["s_day"];
$e_date = $_POST["e_year"].'/'.$_POST["e_month"].'/'.$_POST["e_day"];
$sql = ("UPDATE advertisement SET Position_Name = '".$pos_name."',
Ad_Job_Description = '".$job_des."', Ad_Job_Qualification =
'".$job_qua."', Ad_Skill_Required = '".$skill_req."',
Position_Salary_Detail = '".$salary."', Start_date = '".$s_date."',
End_date = '".$e_date."' WHERE Ad_ID = '".$ad_id."'");
Which I have no idea what is wrong in $sql line or what.
I tried to echo $sql and nothing is there so it means that no value in $sql right?
How to solve this problem?
Thank you in advance !!!
Ps. sorry for a long code post
in new version
Connection
$con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWD);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysqli_select_db($con, DB_NAME) or die('Could not select database.' . mysql_error());
and then like this update your db table
$qr = mysqli_query($con, "UPDATE advertisement SET Position_Name= '$pos_name',Ad_Job_Description= '$job_des' WHERE Ad_ID= '$ad_id' ");
Related
I have 3 php files in doing addition and deletion of medicine details. medicines detail are used to order drugs for each patient who comes for treatment. In order not to be a hassle, how do I prevent my application from needing to be reloaded with AJAX? The 3 files are: services.php , insertDetailMedicines.php and deleteDetail.php .
services.php
$data = mysqli_query($conn, "SELECT MAX(id_service) AS ids FROM tbl_services");
$final_data = mysqli_fetch_array($data);
$id1 = $final_data['ids'];
$id2 = substr($id1,3,3); //MR for Medical Record
$id3 = $id2 + 1;
$id4 = 'MR'.sprintf('%03s' , $id3); // <-- Auto generating unique id
<form method="POST" action="services.php">
<input type="hidden" name="id_medical_record" value="<?php echo $id4 ?>">
<select name="medicineName" id="medicineName" required>
<option value="">- Choose -</option>
<?php
$medicines = mysqli_query($conn, "SELECT * FROM tbl_medicines ORDER BY id_medicines ASC");
$m = mysqli_fetch_array($medicines);
while($m = mysqli_fetch_array($medicines)){ ?>
<option value="<?php echo $m['id_medicine'] ?>">
<?php echo $m['medicine_name'] ?>
</option>
<?php } ?>
</select>
<input type="text" name="qty_medicines" id="qty_medicines" value="1" required />
<button type="submit" name="add" style="cursor: pointer">ADD</button>
</form>
<table> <!--this is to display the drugs that have been added-->
<?php
$show_details = mysqli_query($conn, "SELECT * FROM tbl_detail_medicines LEFT JOIN tbl_medicines USING (id_medicine)");
$num = 1;
if(mysqli_num_rows($show_details) > 0)
{
while ($detail = mysqli_fetch_array($show_details))
{
?>
<tr>
<td>
<?php echo $num++.'.'; ?>
</td>
<td>
<?php echo $detail['medicine_name'] ?>
</td>
<td>
<?php echo $detail['qty'] ?>
</td>
<td>
<a href="deleteDetail.php?delete=<?php echo $detail['id'] ?>">
<b> X </b>
</a>
</td>
</tr>
<?php
}}
?>
</table>
insertDetailMedicines.php
<?php
if (isset($_POST['add'])) {
$idMR = $_POST['id_medical_record'];
$medicineName = $_POST['medicineName'];
$qty_medicines = $_POST['qty_medicines'];
$insert_detail = "insert into tbl_detail_medicines (id,id_service,id_medicine,qty)
VALUES
(null,'$idMR','$medicineName','$qty_medicines')";
if (mysqli_query($conn,$insert_detail)) {
//echo "inserting success!";
}
}
?>
deleteDetail.php
<?php
require 'koneksi.php';
if(isset($_GET['delete'])){$delete = mysqli_query($conn, "DELETE FROM tbl_detail_medicines WHERE id = '".$_GET['delete']."' ");
header('location:services.php');
}
?>
apppearance
I'm trying to update this database, and I've verified within this script that the update is completed, and that the $nw and $p variables are correct.
<?php
session_start();
$num = (int) $_SESSION["cart"];
$cart = $num + 1;
$_SESSION["cart"] = (string) $cart;
$nme = $_POST['nameofitem'];
$pst = $_SESSION["user"];
$db = new mysqli('localhost', 'spj916', "cs4501", 'spj916');
$query = "select * from Items where Items.Id = '$nme'";
$result = $db->query($query) or die ($db->error);
$item = $result->fetch_array();
$nw = $item[5] - 1;
$p = (int) $pst;
echo $p;
$query3 = "update Items set Quantity = '$nw' where Id = '$p'";
$db->query($query3) or die ("Invalid insert " . $db->error);
$query2 = "insert into Bought (Name, Cost, BuyerID) values ('$item[1]', '$item[4]', '$pst')";
$db->query($query2) or die ("Invalid insert " . $db->error);
header("Location: store.php");
?>
However, when it redirects to this script, it echoes the information as if it weren't updated. What is the problem?
<?php
session_start();
$db = new mysqli('localhost', 'spj916', "cs4501", 'spj916');
$user = $_SESSION["user"];
$pw = $_SESSION["pw"];
# determines number of items in cart to display
if (!isset($_SESSION["category"]))
$_SESSION["category"] = "Book";
if (isset($_POST["Ccategory"])) {
$cat = $_POST["Ccategory"];
$_SESSION["category"] = $cat;
}
if (!isset($_SESSION["cart"]))
$_SESSION["cart"] = "0";
$cart = $_SESSION["cart"];
?>
<!DOCTYPE html>
<html>
<?php # setting up table with items to buy ?>
<table border = "1" border-spacing = "5px" >
<caption><h2> UVA Bookstore 2.0</h2>
<p align=right> Items in cart: <?php echo $cart?> </p> <br />
<b><i>Welcome to the new and improved bookstore with a better selection than ever</i></b>
<br/><br/>
</caption>
<tr align = "center">
<th>Item</th>
<th>Description</th>
<th>Price</th>
<th>Number left</th>
<th>Buy</th>
</tr>
<?php
$category = $_SESSION["category"];
$query = "select * from Items where Items.Category = '$category'";
$result = $db->query($query) or die ($db->error);
$rows = $result->num_rows;
for ($i = 0; $i < $rows; $i++)
{
$row = $result->fetch_array();
?>
<form action="addtocart.php"
method="POST">
<tr align = "center">
<td>
<?php
echo $row[1];
?>
</td>
<td> <?php echo $row[3];?> </td>
<td> <?php echo $row[4];?> </td>
<td> <?php echo $row[5];?> </td>
<?php # sets up add to cart button that adds item to cart ?>
<td> <input type = "hidden" name ='nameofitem'
value= "<?php echo $row[0]?>">
<input type='submit' value='Add to Cart'> </input> </td>
</tr>
</form>
<?php
}
# form to check out and go to summary page ?>
<form action = "store.php"
method = "POST">
<tr align = "center"> <td>
<select name = "Ccategory">
<option value = "Book">Books</option>
<option value = "Music">Music</option>
<option value = "Car">Cars</option>
</select>
<input type = "hidden" name = "cat"> </td>
<td> <input type = "submit" value = "Switch Category"> </td>
</form>
<form action="summary.php"
method="POST">
<td> <input type = "submit" value = "Check out"> </td> </tr>
</table><br/>
</form>
</html>
Have you tried changing
$query3 = "update Items set Quantity = '$nw' where Id = '$p'";
to
$query3 = "update Items set Quantity = '$nw' where Id = $p";
The best way to determine if an UPDATE should work is to replace it with a SELECT containing the same WHERE clause. This way you can see what rows would be changed if you were to run the original query.
Otherwise, it seems to be the case that your changes in the current transaction are never committed. Is this the only script that has an issue with updates to the database? Please see the PHP manual for more information:
//mysqli::commit -- mysqli_commit — Commits the current transaction
bool mysqli::commit ([ int $flags [, string $name ]] )
A commit should be issued when you are done doing all updates that have dependencies (or for those that are atomic), however, you don't always have to commit depending on the configuration of your server. Also, it looks like your script has SQL injection vulnerabilities as other have mentioned. It would probably be best to use prepared statements or sanitize your inputs.
Trying to get the results from the Mysql to show up on the web page.
The process is that the user would select a make of a car and then it will show just that make in a table.
I've been trying different things but I cant seem to get it to show the results. As soon as I get rid of the WHERE statement in the sql query it shows all the cars/makes. I think the problem is in the sql statement or the if.
This is what I've got so far.
<HTML >
<head>
<title>Inventory</title>
</head>
<body>
<form method="get" action="TaskC.php">
Please select a make:
<select name = "make" >
<option value = "All">All</option>
<option value = "Toyota">Toyota</option>
<option value = "Holden">Holden</option>
<option value = "Ford">Ford</option>
<option value = "Nissan">Nissan</option>
</select> <br/>
<br/>
<input type="submit" value="Search" name="Search" />
<table width="600" border="1" cellpadding="1" cellspacing="1">
<tr>
<th>Make</th>
<th>Model</th>
<th>Price</th>
<th>Quantity</th>
<tr>
</form>
<?php
//error_reporting (E_ALL ^ E_NOTICE);
$dbConnect = mysqli_connect('xxxxxxxxx', 'xxxxxxxxx','xxxxxxxx')
or die("<p>The database server is not available.</p>");
$dbSelect = mysqli_select_db( $dbConnect,'xxxxxxxx_db' )
or die("<p>The database is not available.</p>");
$make = $_GET['make'];
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
$result = mysqli_query($dbConnect,$sqli);
if (isset($_GET['make']) )
{
while ($inventory = mysqli_fetch_assoc($result) )
{
echo "<tr>";
echo "<td>".$inventory['make']."</td>";
echo "<td>".$inventory['model']."</td>";
echo "<td>".$inventory['price']."</td>";
echo "<td>".$inventory['quantity']."</td>";
echo "</tr>";
}
}
mysqli_close($dbConnect);
?>
</body>
</HTML>
Hope you can help.
Thanks
There is an error in the query. It should be -
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
Edit
if (isset($_GET['make']) ){
$make = $_GET['make'];
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
$result = mysqli_query($dbConnect,$sqli);
while ($inventory = mysqli_fetch_assoc($result) )
{
echo "<tr>";
echo "<td>".$inventory['make']."</td>";
echo "<td>".$inventory['model']."</td>";
echo "<td>".$inventory['price']."</td>";
echo "<td>".$inventory['quantity']."</td>";
echo "</tr>";
}
}
The code below is for updating data in a MySQL table. It was written by pulling all the data from one query but I have tried to adapt it to pull data from two queries to improve the ordering. Now only some of the records update when the submit button is clicked and I'm not sure how to fix it.
The original code was:
if(isset($_POST['submit'])){
$password = $_POST['password'];
$total = $_POST['total'];
$park_id = $_POST['park_id'];
if($password=="****"){
for($i =1; $i<=$total; $i++){
$ride_id = $_POST['ride_id'.$i];
$name = $_POST['ride_name'.$i];
$type = $_POST['type'.$i];
$topride = $_POST['topride'.$i];
$info = $_POST['info'.$i];
$speed = $_POST['speed'.$i];
$height = $_POST['height'.$i];
$length = $_POST['length'.$i];
$inversions = $_POST['inversions'.$i];
$query = "update tpf_rides set name='$name',type='$type'";
if($topride!=""){$query .= ",top_ride=$topride";}
if($info!=""){$query .= ",info='$info'";}
if($height!=""){$query .= ",height=$height";}
if($length!=""){$query .= ",length=$length";}
if($speed!=""){$query .= ",speed=$speed";}
if($inversions!=""){$query .= ",inversions=$inversions";}
$query .= " where ride_id=".$ride_id." and park_id=".$park_id;
mysql_query($query);
}
header('location:index.php?msg=Successfully Updated.');
}else{
echo "Enter Correct Password.";
}
}
if(isset($_GET['id'])){
$id = $_GET['id'];
$sql = "select name from tpf_parks where park_id=".$id;
$result = mysql_fetch_array(mysql_query($sql));
echo '<h2>'.$result['name'].'</h2>';
$qry = "select * from tpf_rides where park_id=".$id;
$res = mysql_query($qry);
$no = mysql_num_rows($res);
$x = 0;
if($no>0){ ?>
<form action="" method="post">
<input type="hidden" value="<?=$no?>" name="total">
<input type="hidden" value="<?=$id?>" name="park_id">
<table> <?php
while($row = mysql_fetch_array($res)){ $x++;
echo '<input type="hidden" value="'.$row['ride_id'].'" name="ride_id'.$x.'">';
echo '<tr><td>Name : </td><td><input type="text" name="ride_name'.$x.'" value="'.$row['name'].'"></td></tr>';
echo '<tr><td>Type : </td><td><input type="text" name="type'.$x.'" value="'.$row['type'].'"></td></tr>';
echo '<tr><td>Top Ride : </td><td><input type="text" name="topride'.$x.'" value="'.$row['top_ride'].'"></td></tr>';
echo '<tr><td>Info : </td><td><input type="text" name="info'.$x.'" value="'.$row['info'].'"></td></tr>';
if($row['type']!="Roller Coaster"){
echo '<tr><td>Speed : </td><td><input type="text" name="speed'.$x.'" value="'.$row['speed'].'"></td></tr>';
echo '<tr><td>Height : </td><td><input type="text" name="height'.$x.'" value="'.$row['height'].'"></td></tr>';
echo '<tr><td>Length : </td><td><input type="text" name="length'.$x.'" value="'.$row['length'].'"></td></tr>';
echo '<tr><td>Inversions : </td><td><input type="text" name="inversions'.$x.'" value="'.$row['inversions'].'"></td></tr>';
}
echo '<tr><td colspan="2"><hr></td></tr>';
} ?>
<tr><td>Password :</td><td><input type="password" value="" name="password" id="password"></td></tr>
<tr><td></td><td><input onclick="return check()" type="submit" value="Save" name="submit"></td></tr>
</table>
</form>
<?php
}else{
echo "No Rides in this park.";
}
}else{
if(isset($_GET['msg'])){echo $_GET['msg'].'<br>';}
$qry = "select * from tpf_parks order by name";
$res = mysql_query($qry);
?>
Select Park : <select name="park" onChange="getdata(this.options[this.selectedIndex].value)">
<option value="">Select Park</option>
<?php
while($row = mysql_fetch_array($res)) { ?>
<option value="<?=$row['park_id']?>"><?=$row['name']?></option>
<? } ?>
</select>
<?php } ?>
and the new code where I altered the queries is here:
if(isset($_POST['submit'])){
$password = $_POST['password'];
$total = $_POST['total'];
$park_id = $_POST['park_id'];
if($password=="*****"){
for($i =1; $i<=$total; $i++){
$ride_id = $_POST['ride_id'.$i];
$name = $_POST['ride_name'.$i];
$type = $_POST['type'.$i];
$topride = $_POST['topride'.$i];
$info = $_POST['info'.$i];
$speed = $_POST['speed'.$i];
$height = $_POST['height'.$i];
$length = $_POST['length'.$i];
$inversions = $_POST['inversions'.$i];
$query = "update tpf_rides set name='$name',type='$type'";
if($topride!=""){$query .= ",top_ride=$topride";}
$query .= ",info='$info'";
if($height!=""){$query .= ",height=$height";}
if($length!=""){$query .= ",length=$length";}
if($speed!=""){$query .= ",speed=$speed";}
if($inversions!=""){$query .= ",inversions=$inversions";}
$query .= " where ride_id=".$ride_id." and park_id=".$park_id;
mysql_query($query);
}
header('location:index.php?msg=Successfully Updated.');
}else{
echo "Enter Correct Password.";
}
}
if(isset($_GET['id'])){
$id = $_GET['id'];
$sql = "select name from tpf_parks where park_id=".$id;
$result = mysql_fetch_array(mysql_query($sql));
echo '<h2>'.$result['name'].'</h2>';
$qry = "SELECT * FROM tpf_rides
WHERE park_id = $id AND type LIKE '%Roller Coaster%' ORDER BY name ASC";
$res = mysql_query($qry);
$qry2 = "SELECT * FROM tpf_rides
WHERE park_id = $id AND type NOT LIKE '%Roller Coaster%' ORDER BY name ASC";
$res2 = mysql_query($qry2);
$qry3 = "SELECT * FROM tpf_rides WHERE park_id = $id";
$res3 = mysql_query($qry2);
$no = mysql_num_rows($res3);
$x = 0;
$xx = 0;
if($no>0){ ?>
<form action="" method="post">
<input type="hidden" value="<?=$no?>" name="total">
<input type="hidden" value="<?=$id?>" name="park_id">
<table> <?php
while($row = mysql_fetch_array($res)){ $x++;
echo '<input type="hidden" value="'.$row['ride_id'].'" name="ride_id'.$x.'">';
echo '<tr><td>Name : </td><td><input type="text" name="ride_name'.$x.'" value="'.$row['name'].'"></td></tr>';
echo '<tr><td>Type : </td><td><input type="text" name="type'.$x.'" value="'.$row['type'].'"></td></tr>';
echo '<tr><td>Top Ride : </td><td><input type="text" name="topride'.$x.'" value="'.$row['top_ride'].'"></td></tr>';
echo '<tr><td>Info : </td><td><input type="text" name="info'.$x.'" value="'.$row['info'].'"></td></tr>';
echo '<tr><td>Speed : </td><td><input type="text" name="speed'.$x.'" value="'.$row['speed'].'"></td></tr>';
echo '<tr><td>Height : </td><td><input type="text" name="height'.$x.'" value="'.$row['height'].'"></td></tr>';
echo '<tr><td>Length : </td><td><input type="text" name="length'.$x.'" value="'.$row['length'].'"></td></tr>';
echo '<tr><td>Inversions : </td><td><input type="text" name="inversions'.$x.'" value="'.$row['inversions'].'"></td></tr>';
echo '<tr><td colspan="2"><hr></td></tr>';
}
while($row2 = mysql_fetch_array($res2)){ $xx++;
echo '<input type="hidden" value="'.$row2['ride_id'].'" name="ride_id'.$xx.'">';
echo '<tr><td>Name : </td><td><input type="text" name="ride_name'.$xx.'" value="'.$row2['name'].'"></td></tr>';
echo '<tr><td>Type : </td><td><input type="text" name="type'.$xx.'" value="'.$row2['type'].'"></td></tr>';
echo '<tr><td>Top Ride : </td><td><input type="text" name="topride'.$xx.'" value="'.$row2['top_ride'].'"></td></tr>';
echo '<tr><td>Info : </td><td><input type="text" name="info'.$xx.'" value="'.$row2['info'].'"></td></tr>';
echo '<tr><td colspan="2"><hr></td></tr>';
}
?>
<tr><td>Password :</td><td><input type="password" value="" name="password" id="password"></td></tr>
<tr><td></td><td><input onclick="return check()" type="submit" value="Save" name="submit"></td></tr>
</table>
</form>
<?php
}else{
echo "No Rides in this park.";
}
}else{
if(isset($_GET['msg'])){echo $_GET['msg'].'<br>';}
$qry = "select * from tpf_parks order by name";
$res = mysql_query($qry);
?>
Select Park : <select name="park" onChange="getdata(this.options[this.selectedIndex].value)">
<option value="">Select Park</option>
<?php
while($row = mysql_fetch_array($res)) { ?>
<option value="<?=$row['park_id']?>"><?=$row['name']?></option>
<? } ?>
</select>
<?php } ?>
After testing what is not getting amended, it is data from both the LIKE and NOT LIKE queries being skipped so perhaps a record count problem?
Any ideas what I have done wrong?
Are you sure your column type has value 'Roller Coaster' or not?
Sorry to post as an answer as I have no rights no comment.
I am trying to allow users to select restrictions from my database by using 3 drop down boxes. I have set them up and I have connected to my database. However, once the user hits the submit button, I can't get data to be displayed in a table. Here is my code:
<?php
require_once 'connection.php';
?>
<form action="stats.php" method ="post">
<input type="hidden" name="submitted" value="true" />
<fieldset>
<legend>
Specify Date, Month, and County
</legend>
<p>
<label for="year">
Please select a year
</label>
<select name= 'year'>
<?php
$query = "select distinct year from unemployed";
$result = $conn->query($query);
while($row = $result->fetch_object()) {
echo "<option value='".$row->year."'>".$row->year."</option>";
}
?>
</select>
</p>
<p>
<label for="month">
Please select a month
<label>
<select name= 'month'>
<?php
$query = "select distinct month from unemployed";
$result = $conn->query($query);
while($row = $result->fetch_object()) {
echo "<option value='".$row->month."'>".$row->month."</option>";
}
?>
</select>
</p>
<p>
<label for="location">
Please specify a location
</label>
<select name='select'>
<?php
$query = "select * from unemployed";
$result = $conn->query($query);
while ($finfo = $result->fetch_field()) {
echo "<option value='".$finfo->name."'>".$finfo->name."</option>";
}
?>
</select>
</p>
<input type ="submit" />
</fieldset>
</form>
<?php
if (isset($_POST['submitted'])) {
include('connection.php');
$gYear = $_POST["year"];
$gMonth = $_POST["month"];
$gSelect = $_POST["select"];
$query = "select $gSelect from unemployed where year='$gYear' and month='$gMonth'";
$result = $conn->query($query) or die('error getting data');
echo"<table>";
echo "<tr><th>Year</th><th>Time</th><th>$gSelect</th></tr>";
while ($row = $result->fetch_object()){
echo "<tr><td>";
echo $row['Year'];
echo "</td><td>";
echo $row['Month'];
echo "</td><td>";
echo $row['$gSelect'];
echo "</td></tr>";
}
echo "</table";
} // end of main if statement
?>
I can't get the data to be displayed in a table at all. I have tried multiple ways, but I am still getting errors. To ensure that I am connected to my database, I used var_dump($row) to make sure, and that worked okay. So that is not the problem. Does anyone have any idea what is wrong with my code?
When you retrieve the data from your result set you're fetching it as an object:
while ($row = $result->fetch_object()){
But when you come to display it, you refer to it as an array:
echo "<tr><td>";
echo $row['Year']; // array syntax.
You should be using object syntax:
echo "<tr><td>";
echo $row->Year; // object syntax.
If you check your error logs you should see a lot of messages to this effect.