I'm trying to delete a row from a MySQL table using PHP. I have visited many pages already but I can't find a reason why I can't make it work.
Contacts.php
require_once "functions.php";
$db = new DatabaseConnection();
$user = new AddressBook($db->pdo);
<table>
<tr>
<th>Nombre</th>
<th>Telefono</th>
<th>Direccion</th>
<th>Email</th>
</tr>
<?php
$i=0;
$contactos=$user->verContactos();
foreach($contactos as $conts){
$i++;
?>
<tr>
<td><?php echo $conts['nombre']; ?></td>
<td><?php echo $conts['telefono']; ?></td>
<td><?php echo $conts['direccion']; ?></td>
<td><?php echo $conts['email']; ?></td>
<td>Borrar</td></tr>
</tr>
<?php } ?>
</table>
delete.php
<?php
if (isset($_GET['id']) && is_numeric($_GET['id']))
{
$id = $_GET['id'];
$result = mysql_query("DELETE FROM contacts WHERE id=$id")
or die(mysql_error());
header("Location: contacts.php");
}
else
{
header("Location: contacts.php");
}
?>
I know you're gonna say mysql is not useful anymore. In my web system I have this part using a function and PDO extension.
It doesn't matter if I use this example or my version using PDO, I cannot get the id. I just get something like this:
http://localhost/agenda/borrar.php?id <- Missing ID
The id field in database is called 'id'. I think the problem may be the use of $_GET but I can't find it.
This:
<td>Borrar</td></tr>
Needs to be this:
<td>Borrar</td></tr>
And this:
$result = mysql_query("DELETE FROM contacts WHERE id=$id")
Needs to be this:
$result = mysql_query("DELETE FROM contacts WHERE id=" . intval($id))
Related
So, I have this working code to click on a link for showing details from one row of a database on another page in input text boxes.:
<?php
foreach ($allCentrifuge as $list) {
$id = $list['id'];
?>
<tr>
<td><?php echo $list['experiment'] ?></td>
<td><?php echo $list['project_name'] ?></td>
<td><?php echo $list['project_date'] ?></td>
<td>Details</td>
</tr>
<?php
}
?>
And this function to get those details:
public function fetchCentrifuge()
{
$uid = $_GET['id'];
try {
$stmt = $this->dbconn->prepare("SELECT * FROM centrifuge WHERE id = ?");
$stmt->execute(array($uid));
return $stmt->fetchAll();
}
So, obvious from all the subjects I read, this is dangerous to SQL injection. But how do I use this code with prepared statements? I can't seem to get it work with the id placeholder.
Looks good as is. You could additionally cast your input var to INT.
(int)$_GET['id'] or intval($_GET['id'])
i am trying to print out this table from phpmyadmin to my html/php page as a normal table. this is my coding for the page
Any help would be appreciated
Thanks
Looks like You were Using PDO , and all of a sudden you jump into old data fetching technique using mysql_*
My advice is to stick with PDO structure . SO you have to some little things
on line 6 use
$stmt->rowCount();
to get user row
then use
$data = $stmt->fetchAll();
to get database rows , You'll get an object .
Now You just need to loop through object for example
foreach ( $data as $rows ){
echo $rows->users;
}
Try this code:
<?php
$db = new mysqli("localhost", "root", "", "hangman");
?>
<table border="1">
<tr>
<td>User</td>
<td>Score</td>
</tr>
<tr>
<?php
$sql = "SELECT * FROM usernames";
$result = $db-query($sql);
while($row = mysqli_fetch_assoc($result)) {
?>
<td><?php echo $row['users']; ?></td>
<td><?php echo $row['Scores']; ?></td>
<?php
}
?>
</tr>
</table>
give me a comment if any errors.
I am developing a document management system, so far I'm able to log in and upload documents based on the user that's logged in. I've also managed to construct the code so it captures the records assigned to that user and display them in a table. So I am able to log in as different users and see what I've uploaded as them users individually. However, the only problem is that the script is only pulling out one row of data for each users, when there are multiple instances in the database. See the code below:
<!-- start of php code to query and display documents -->
<?php
$sql = mysqli_query($conn, "SELECT upload.personalid, upload.file, upload.type, upload.size, person.personalid FROM upload inner join person on upload.personalid=person.personalid where person.username='$uname '") or die (mysqli_error($conn));
$filedata= ($sql) ? mysqli_fetch_array($sql) : false;
{
if($filedata){
?>
<tr>
<td><?php echo $filedata['file'] ?></td>
<td><?php echo $filedata['type'] ?></td>
<td><?php echo $filedata['size'] ?> Bytes</td>
</tr>
<?php
}
else {
echo 'No files found';
}
}
?>
<!-- end of php code to query and display documents -->
This all works fine, I just want it to display all the rows of data assigned to the logged in user, instead of one. How do I do this?
Thanks,
Sohail.
You're close. You need a while loop. Replace
$filedata= ($sql) ? mysqli_fetch_array($sql) : false;
if($filedata){
With
while($filedata = mysqli_fetch_array($sql)) {
You can change it so that you loop through each returned record like this:
<?php
$sql = mysqli_query($conn, "SELECT upload.personalid, upload.file, upload.type, upload.size, person.personalid FROM upload inner join person on upload.personalid=person.personalid where person.username='$uname '") or die (mysqli_error($conn));
if (mysqli_num_rows($sql) > 0) {
while ($filedata = mysqli_fetch_array($sql)) {
?>
<tr>
<td><?php echo $filedata['file']; ?></td>
<td><?php echo $filedata['type']; ?></td>
<td><?php echo $filedata['size']; ?> Bytes</td>
</tr>
<?php
}
} else {
echo 'No files found';
}
?>
I am creating a PHP shopping cart linked to SQL database, from a tutorial i am following.
The code below SHOULD display all my products, however I believe that the
$id = intval($_GET['id']);
section is messing it up. The SKU's of the products are Varchar, not integers, so I am lead to believe that this is causing the problem with "intval". Is there another datatype I can insert that will display my products again?
<?php
if (isset($_GET['action']) && $_GET['action'] == "add")
{
$id = intval($_GET['id']);
if(isset($_SESSION['cart'][$id]))
{
$_SESSION['cart'][$id]['quantity']++;
}
else
{
$sql2 = "SELECT * FROM products WHERE SKU={$id}";
$query2 = mysql_query($sql2);
if(mysql_num_rows($query2) != 0)
{
$row2 = mysql_fetch_array($query2);
$_SESSION['cart'][$row2['SKU']] = array("quantity => 1, "price" => $row['price']);
}
else
{
$message = "This product id is invalid";
}
}
}
?>
<h2 class="message"><?php if(isset($message)){echo $message; ?></h2>
<h1>Product Page</h1>
<table>
<tr>
<th>Name</th>
<th>Description</th>
<th>Price</th>
<th>Action</th>
</tr>
<?php
$sql = "SELECT * FROM products ORDER BY SKU ASC";
$query = mysql_query($sql)or die(mysql_error());
while($row = mysql_fetch_assoc($query))
{
?>
<tr>
<td><?php echo $row['name']; ?></td>
<td><?php echo $row['Description']; ?></td>
<td><?php echo "£" . $row['price']; ?></td>
<td>Add to Cart</td>
</tr>
<?php
}
?>
</table>
You are missing an ending quote here:
$_SESSION['cart'][$row2['SKU']] = array("quantity" => 1, "price" => $row['price']);
You're also missing a } sign
<h2 class="message"><?php if(isset($message)){echo $message; } ?> </h2>
Check the docs for intval() and you'll see that this method returns 0 when the variable isn't an integer.
if you're looking to search for this, you can just change the line to:
$id = $_GET['id'];
to get the variable as a string
However there are two things to bear in mind with this:
This is liable to lead to sql injection vulnerabilities if not treated properly in your code
The mysql_ functions are deprecated, and shouldn't be used in new code... there're a number of good tutorials and debates on the matter... use PDO or mysqli
So I have 3 tables I wish to join.
I am building an app i Codeigniter and I have 3 tables
Client:
-id
-phone_number
-hospital_id
-smc_status
-testing_center_id
Hospital
-id
-name
Testing_center
-id
-name
In the model,I have this:
public function get_clients()
{
if($slug === FALSE)
{
$this->db->select('clients.*');
$this->db->from('clients');
$this->db->join('hospital', 'clients.id = hospital.id');
$this->db->join('testing_center', 'clients.id = testing_center.id');
$query = $this->db->get();
return $query->result_array();
}
$query = $this->db->get_where('clients');
return $query->row_array();
}
In the view I have:
<tbody>
<?php foreach ($clients as $client_item): ?>
<tr>
<td><?php echo $client_item['phone_number'] ?></td>
<td><?php echo $client_item['smc_status'] ?></td>
<td><?php echo $client_item['hospital_id'] ?></td> //i wish to have the hospital name here
<td><?php echo $client_item['testing_center_id'] ?></td> //i wish to have the testing center name here
<td><?php echo $client_item['language'] ?></td>
<td>View</td>
</tr>
<?php endforeach ?>
</tbody>
But that is because I have failed to show the hospital name and the testing center name on the third and fourth td. How can I go about that? I tried a few techniques that just did not seem to work for some reason. Please advise
You're only selecting the values from the clients table. You need to select the columns from the other tables as well
$this->db->select('clients.id,
clients.phone_number,
clients.smc_status,
clients.language,
hospital.name AS hospital_name,
testing_center.name AS testing_center_name');
Then you can access them by
<?php echo $client_item['hospital_name'] ?>
<?php echo $client_item['testing_center_name'] ?>
EDIT: Also you shouldn't use SELECT *, which clients.* is doing. Updated my code.
What happens if you try this:
$this->db->join('hospital', 'hospital.id = clients.id');
$this->db->join('testing_center', 'testing_center.id = clients.id');
instead of this:
$this->db->join('hospital', 'clients.id = hospital.id');
$this->db->join('testing_center', 'clients.id = testing_center.id');
also check
client*s* and client if they are the same everywhere
And also change as Nerd proposed:
$this->db->select('clients.*');
to:
$this->db->select('*');
It sholud be like this
$this->db->join('hospital', 'clients.hospital_id = hospital.id');
$this->db->join('testing_center', 'clients.testing_center_id = testing_center.id');