He guys,
I am fairly new to PHP and wondering how I could keep this "mysqli::query(): Empty query" warning away. The problem is, when I input either a comment OR a rating into my form (and not both), it seems that either 'comment' or the 'rating' query tries to run with an empty string, therefore it returns a warning.
How do I set it so that when a users chooses not to input a comment or a rating it does not throw back the warning ?
I tried doing this with:
//Check if comment is entered else set it to an empty string
if (isset($_POST['comments'])) {
$commentText = $conn->real_escape_string($_POST['comments']);
} else {
$commentText = "";
}
And then to check if it is an empty string, and if it is, only send the other query.
//If user enters either rate or comment (or both) send a query to table.
//Else only send the query with the users input which the user has entered.
if (($rate >= 1) && ($rate <= 5)) {
if ($commentText === "") {
$sqlrate = "INSERT INTO game_rating (rating, form_id) VALUES ('".$rate."','".$id."')";
}
else {
$sqlrate = "INSERT INTO game_rating (rating, form_id) VALUES ('".$rate."','".$id."')";
$sqlcomment = "INSERT INTO comments (comment, form_id) VALUES ('".$commentText."','".$id."')";
}
}
else {
$sqlcomment = "INSERT INTO comments (comment, form_id) VALUES ('".$commentText."','".$id."')";
}
But it did not work.
<!DOCTYPE html>
<?php
include("dbconnect.php");
error_reporting(E_ALL);
if(isset($_GET['id'])) {
$id = (int)$_GET['id'];
//Place all data out of the database, with the ID number retrieved out of the url in $result.
$game = $conn->query("SELECT * FROM beoordeling WHERE id = '" . $id . "'");
}
?>
<html>
<head>
<meta charset="UTF-8">
<title>Dusk Drive</title>
</head>
<body>
<?php
/*
*
* #ToDo: Make point system show avarage rating
*
* #ToDo: Create a webmaster page where you can add games to the list
* and automaticly create game page.
*
*/
//CommentList retrieves all comments with id = x.
$commentList = $conn->query("SELECT * FROM comments WHERE form_id = '" . $id . "'");
//While a row of data exists, put that row in $data as an associative array.
while($data = $game->fetch_assoc()) {
//Retrieve the file name from the database and place it in the <embed> tags as src="...".
echo "<embed width='800' height='512' src='" . $data['file'] . "'; type='application/x-shockwave-flash'></embed><br />";
}
//Echo the form with a text box and a rating box.
echo '<div id="game_form"><form method="POST">
<a>Leave a comment</a><br />
<input type="text" name="comments" />
<br /><a>Rate this game</a><br />
<select name="rategame">
<option value="">Select...</option>
<option value="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select>
<input type="submit" name="submit" value="submit" />
</form></div>';
//Create a table with all the comments
echo "<table>";
while($cdata = $commentList->fetch_assoc()) {
echo "<tr>";
echo "<td>" . $cdata["comment"] . "</td> <br /><br />";
echo "</tr>";
}
echo "</table>";
//Submit functionality
if (isset($_POST['submit'])) {
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//Check if comment is entered else set it to an empty string
if (isset($_POST['comments'])) {
$commentText = $conn->real_escape_string($_POST['comments']);
} else {
$commentText = "";
}
$rate = $_POST['rategame'];
echo $rate;
//If user enters either rate or comment (or both) send a query to table.
//Else only send the query with the users input which the user has entered.
if (($rate >= 1) && ($rate <= 5)) {
if ($commentText === "") {
$sqlrate = "INSERT INTO game_rating (rating, form_id) VALUES ('".$rate."','".$id."')";
$sqlcomment = ""; //Initializing to null to avoid error.
}
else {
$sqlrate = "INSERT INTO game_rating (rating, form_id) VALUES ('".$rate."','".$id."')";
$sqlcomment = "INSERT INTO comments (comment, form_id) VALUES ('".$commentText."','".$id."')";
}
}
else {
if ($commentText !== "") {
$sqlcomment = "INSERT INTO comments (comment, form_id) VALUES ('".$commentText."','".$id."')";
$sqlrate = ""; //initializing to null to avoid error.
}
}
//Check if query succeeded or return error
if (($conn->query($sqlcomment) === TRUE) || ($conn->query($sqlrate) === TRUE)) {
echo "<script type= 'text/javascript'>alert('Thank you! Your comment or vote has been received.');</script>";
}
else {
echo "<script type= 'text/javascript'>alert('Thank you for your vote and comment!);</script>";
}
//Close connection to free up resources.
$conn->close();
}
?>
</body>
</html>
Sincerly thanks for your help!
in else [part also check for $commentText
if ($commentText === "") {
$sqlrate = "INSERT INTO game_rating (rating, form_id) VALUES ('".$rate."','".$id."')";
}
if (($rate >= 1) && ($rate <= 5)) {
if ($commentText === "") {
$sqlrate = "INSERT INTO game_rating (rating, form_id) VALUES ('".$rate."','".$id."')";
$sqlcomment = "";//initializing to null to avoid error.
}
else {
$sqlrate = "INSERT INTO game_rating (rating, form_id) VALUES ('".$rate."','".$id."')";
$sqlcomment = "INSERT INTO comments (comment, form_id) VALUES ('".$commentText."','".$id."')";
}
}
else {
if ($commentText !== "") {// this is the condition before insert.
$sqlcomment = "INSERT INTO comments (comment, form_id) VALUES ('".$commentText."','".$id."')";
$sqlrate = "";initializing to null to avoid error.
}
}
Edit
if($sqlcomment) {
$conn->query($sqlcomment)
}
if($sqlrate) {
$conn->query($sqlrate)
}
Related
I'm trying to set a condition wherein if the 'filefield' is empty, it will skip the insert in DB as it is only an option and just proceed in inserting of 'name' and 'description' in the DB, which will never be empty.
<?php
include("connection.php");
if (isset($_POST['submit']))
{
$name = mysqli_real_escape_string($conn, $_POST['name']);
$description = mysqli_real_escape_string($conn, $_POST['description']);
if ($name == '' || $description == '' )
{
$error = 'ERROR: Please fill required fields!';
renderForm($name, $description);
}
else
{
if(!empty($_FILES['filefield'])){
if(isset($_FILES['filefield'])){
$file=$_FILES['filefield'];
$upload_directory='uploads/';
$ext_str = "gif,jpg,jpeg,mp3,tiff,bmp,doc,docx,ppt,pptx,txt,pdf";
$allowed_extensions=explode(',',$ext_str);
$ext = substr($file['name'], strrpos($file['name'], '.') + 1);
if (!in_array($ext, $allowed_extensions) )
{
echo '<script language="javascript">';
echo 'alert("file type not allowed for upload")';
echo '</script>';
exit();
}
$path=md5(microtime()).'.'.$ext;
if(move_uploaded_file($file['tmp_name'],$upload_directory.$path)){
$filefield = $_FILES["filefield"]["name"];
$path = $path."/".$filefield;
}
}
}
}
if (!empty($_FILES['filefield']) || !isset($_FILES['filefield'])) {
$query = "INSERT INTO `item`(`name`, `description`, `path`) VALUES ('$name','$description','$path')";
}
else {
$query = "INSERT INTO `item`(`name`, `description`) VALUES ('$name','$description')";
}
$result = mysqli_query($conn, $query);
if($result)
{
echo '<script language="javascript">';
echo 'alert("Success!")';
echo '</script>';
exit();
}
}
?>
I'm not sure how to proceed with the condition. Any help is highly appreciated.
First, close off all of your logic, including if(move_uploaded_file), so that the $query is competely outside of any conditionals. Then it's just a matters of checking whether the filefield was filled out or not. If it's not empty, your $query insert all three fields. If it is, your $query only inserts $name and $description.
This can be seen in the following (heavily cut-down) code:
/* Existing logic */
else
{
if (!empty($_FILES['filefield'])) {
if (isset($_FILES['filefield'])) {
if (move_uploaded_file($file['tmp_name'], $upload_directory.$path)) {
...
$path = $path."/".$filefield;
}
}
}
}
/* Modified logic */
if (!empty($_FILES['filefield']) || !isset($_FILES['filefield'])) {
$query = "INSERT INTO `item`(`name`, `description`, `path`) VALUES ('$name','$description','$path')";
}
else {
$query = "INSERT INTO `item`(`name`, `description`) VALUES ('$name','$description')";
}
$result = mysqli_query($conn, $query);
I have a form that saves 5 input values to an inventory in data base. The problem is, i need it to return an error message if "Value" is larger than "Buy_Value". Right now it prints the error message, but still submits the data to data base which is no use for me. Am I just using the function in the wrong place in the code?
if($_SERVER["REQUEST_METHOD"] == "POST"){
if(isset($_POST['ID'])&&isset($_POST['Name'])&&isset($_POST['Inventory_number'])
&&isset($_POST['Value'])&&isset($_POST['Buy_Value'])){
$ID=$_POST['ID'];
$Name=$_POST['Name'];
$Inventory_number=$_POST['Inventory_number'];
$Value=$_POST['Value'];
$Buy_Value=$_POST['Buy_Value'];
//echo "<p>".$ID." ".$Name." ".$Inventory_number."</p>";
include('config.php');
if ($Value > $Buy_Value) {
echo("The 'buy value' must be greater than 'value'");
}
$sql="INSERT INTO $mysql_database.`inventory`
(`id`, `Name`, `Inv_Nr`, `value`, `buy_value`)
VALUES ('$ID', '$Name', '$Inventory_number', '$Value', '$Buy_Value')";
$result=mysql_query($sql);
tab($sql);
mysql_close($bd);
}
}
function tab($sql){
if (!mysql_errno())
{
echo "<br />Data submitted";
}
else
{
echo "<br />Error: " . mysql_error();
}
}
?>
Use exit instead of echo for the following line
exit("The 'buy value' must be greater than 'value'");
put your database query execution in else part then it will not executed if below
if ($Value > $Buy_Value) {
condition is meet.
try this:
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (isset($_POST['ID']) && isset($_POST['Name']) && isset($_POST['Inventory_number'])
&& isset($_POST['Value']) && isset($_POST['Buy_Value'])
) {
$ID = $_POST['ID'];
$Name = $_POST['Name'];
$Inventory_number = $_POST['Inventory_number'];
$Value = $_POST['Value'];
$Buy_Value = $_POST['Buy_Value'];
//echo "<p>".$ID." ".$Name." ".$Inventory_number."</p>";
include('config.php');
if ($Value > $Buy_Value) {
echo("The 'buy value' must be greater than 'value'");
} else {
$sql = "INSERT INTO $mysql_database.`inventory`
(`id`, `Name`, `Inv_Nr`, `value`, `buy_value`)
VALUES ('$ID', '$Name', '$Inventory_number', '$Value', '$Buy_Value')";
$result = mysql_query($sql);
tab($sql);
mysql_close($bd);
}
}
}
function tab($sql)
{
if (!mysql_errno()) {
echo "<br />Data submitted";
} else {
echo "<br />Error: " . mysql_error();
}
}
I have a basic Form that submits data into a database and I want it to require certain fields to be submitted, so far it recongizes that the fields are empty, but it still submits regardless. I can't seem to find a solution..
Code
<?
// define variables and set to empty values
$asinErr = $qtyErr = $floorErr = $locErr;
$asin = $quantity = $floor = $location;
# this is processed when the form is submitted
# back on to this page (POST METHOD)
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (empty($_POST["asin"]))
{$asinErr = "ASIN is required";}
else
{$asin = addslashes($_POST["asin"]);}
if (empty($_POST["quantity"]))
{$qtyErr = "Quantity is required";}
else
{$quantity = addslashes($_POST["quantity"]);}
if (empty($_POST["floor"]))
{$floorErr = "Floor is required";}
else
{$floor = addslashes($_POST["floor"]);}
if (empty($_POST["location"]))
{$locErr = "Location is required";}
else
{$location = addslashes($_POST["location"]);}
# setup SQL statement
$sql = " INSERT INTO kiva_amnesty_log ";
$sql .= " (asin, quantity, floor, location, date) VALUES ";
$sql .= " ('$asin','$quantity','$floor','$location', now()) ";
#execute SQL statement
$result = mysql_query($sql, $cid);
# check for error
if (mysql_error()) { print "Database ERROR: " . mysql_error(); }
print "<h3><font color=red>New Amnesty Added - View it <a href=amnesty_log_summary.php>HERE</a></font></h3>";
}
?>
<form name="fa" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="POST">
<table>
<tr><td>ASIN:</td><td><input type="text" name="asin" id="asin"><span class="error">* <?php echo $asinErr;?></span></td></tr>
<tr><td>Quantity:</td><td><input type="text" name="quantity" id="quantity"><span class="error">* <?php echo $qtyErr;?></span></td></tr>
<tr><td>Floor:</td><td><select name="floor"><option value="1">Floor 1</option><option value="2">Floor 2</option></select><span class="error">* <?php echo $floorErr;?></span></td></tr>
<tr><td>KIVA Floor:</td><td><input type="radio" value="Yes" name="location">Yes<input type="radio" value="No" name="location">No</select><span class="error">* <?php echo $locErr;?></span></td></tr>
<tr><td><input type="submit" name="submit" id="submit" value="Submit Amnesty!"></td></tr>
</table>
</form>
Updated:
<?
// define variables and set to empty values
$asinErr = $qtyErr = $floorErr = $locErr = "";
$asin = $quantity = $floor = $location = "";
$lb_error = 0;
if ($_SERVER['REQUEST_METHOD'] == "POST")
{
if (empty($_POST["asin"])) {
$asinErr = "ASIN is required";
$lb_error = 1;
} else {
$asin = addslashes($_POST["asin"]);
}
if (empty($_POST["quantity"])) {
$qtyErr = "Quantity is required";
$lb_error = 1;
} else {
$quantity = addslashes($_POST["quantity"]);
}
if (empty($_POST["floor"])) {
$floorErr = "Floor is required";
$lb_error = 1;
} else {
$floor = addslashes($_POST["floor"]);
}
if (empty($_POST["location"])) {
$locErr = "Location is required";
$lb_error = 1;
} else {
$location = addslashes($_POST["location"]);
}
if($lb_error) {
continue;
}
# setup SQL statement
$sql = " INSERT INTO kiva_amnesty_log ";
$sql .= " (asin, quantity, floor, location, date) VALUES ";
$sql .= " ('$asin','$quantity','$floor','$location', curdate()) ";
#execute SQL statement
$result = mysql_query($sql, $cid);
# check for error
if (mysql_error()) { print "Database ERROR: " . mysql_error(); }
You want to check if you error variables are empty. If they are not, then break the script
ie
if(!empty($asinErr) || !empty($qtyErr) || !empty($floorErr) || !empty($locErr) ) {
break;
}
Something along these lines.
Check for the errors before you get to the point where you are writing to the database
Define at the top
$lb_error = 0;
Throughout your if/else checks for errors, if there is an error, assign the variable a 1
if (empty($_POST["asin"])) {
$asinErr = "ASIN is required";
$lb_error = 1;
} else {
$asin = addslashes($_POST["asin"]);
}
Then after you have completed all of these, do a check for errors and break if there are any
if($lb_error) {
break;
}
first time I've used this site .. I've had a good look around but I cant seem to find the answer to my question. It's been answered in other ways but not for what I want I think..
Image of the database table so it's easy to see: http://puu.sh/6BtmZ.png
So basically I've got a friends.php page that has an input field and submit button, you put a username in and press submit and I want it to send a request to that user; I've got that to work, the user can accept but it only places the "friend" into him. As in FRIENDA is friends with FRIENDB but on FRIENDB's page he isn't friends with FRIENDA .. I hope this makes sense.
I just basically want it so, you send a request and the person accepts it and BOTH parties can see each other as friends.
<?php
include 'core/init.php';
// check
protect_page();
include 'includes/templates/header.php';
$user_id = $user_data['user_id'];
if (empty($_POST) === false) {
$required_fields = array('username');
foreach($_POST as $key=>$value) {
if (empty($value) && in_array($key, $required_fields) === true) {
$errors[] = 'You need to enter a username to send a request!';
break 1;
}
}
if (empty($errors) === true) {
if (user_exists($_POST['username']) === false) {
$errors[] = 'Sorry, the username \'' . htmlentities($_POST['username']) . '\' doesn\'t exist.';
}
}
}
if (isset($_GET['success']) && empty($_GET['success'])) {
echo 'Friend request sent!';
} else {
if (empty($_POST) === false && empty($errors) === true) {
// add friend
$username = $_POST['username'];
$get_userid = mysql_query("SELECT `user_id` FROM `users` WHERE `username` = '$username'");
$row = mysql_fetch_array($get_userid);
$username_id = $row[user_id];
$user_id = $user_data['user_id'];
mysql_query("INSERT INTO `users_friends` (user_id, friends_with) VALUES ('$user_id', '$username_id')");
//redirect
header('location: friends.php?success');
//exit
exit();
} else if (empty($errors) === false) {
// output errors
echo output_errors($errors);
}
}
?>
<h1>Friends</h1>
<p>
<h2>Send a friend request:</h2>
<form id="friend_request" action="" method="POST">
<ul>
<li>Username: <input type="text" name="username"><input id="friend_request" type="submit"></li>
</ul>
</form>
</p>
<p>
<h2>Pending requests:</h2>
<?php
if(isset($_POST['decline'])){
$decline_id = $_POST['decline_friend_id'];
$decline_query = "DELETE FROM `users_friends` WHERE `id` = $decline_id";
$accept_result = mysql_query($decline_query);
}
if(isset($_POST['accept'])){
$accept_id = $_POST['accept_friend_id'];
$accept_query = "UPDATE `users_friends` SET `request_pending` = 0 WHERE `id` = $accept_id";
$accept_result = mysql_query($accept_query);
}
$result = mysql_query("SELECT * FROM `users_friends` WHERE `friends_with` = '$user_id' AND `request_pending` = 1");
while($requests_row = mysql_fetch_array($result)) {
$get_username = mysql_query("SELECT `username` FROM `users` WHERE `user_id` = '$requests_row[user_id]'");
$get_username_row = mysql_fetch_array($get_username);
$request_from = $get_username_row[username];
echo 'Request from: ' . $request_from . '<form id="decline" action="" method="POST">
<input type="hidden" name="decline_friend_id" value="' . $requests_row['id'] . '">
<input type="submit" value="Decline" name="decline">
</form>
<form id="accept" action="" method="POST">
<input type="hidden" name="accept_friend_id" value="' . $requests_row['id'] . '">
<input type="submit" value="Accept" name="accept">
</form>';
echo '<br />';
}
?>
</p>
<h2>Your friends:</h2>
<?php
$friends_result = mysql_query("SELECT * FROM `users_friends` WHERE `friends_with` = '$user_id' AND `request_pending` = 0");
while($friends_row = mysql_fetch_array($friends_result)) {
$get_username = mysql_query("SELECT `username` FROM `users` WHERE `user_id` = '$friends_row[user_id]'");
$get_username_row = mysql_fetch_array($get_username);
$friend = $get_username_row[username];
echo $friend . '<br />';
}
?>
</p>
<?php include 'includes/templates/footer.php'; ?>
Hopefully someone might be able to help? Thanks in advance!
What you probably want to do is insert both directions in the friends relationship once both friends have confirmed. So instead of doing this:
INSERT INTO `users_friends` (user_id, friends_with) VALUES ('$user_id', '$username_id')
You would do this:
INSERT INTO `users_friends` (user_id, friends_with) VALUES ('$user_id', '$username_id'),('$username_id','$user_id')
This would allow you to do the friend lookup in either direction.
What is unclear to me however is how you store pending friend requests in your database. So what you may ultimately need to do is to insert those relations in the DB and then simply update those DB records to change the value of an "accepted" flag once the friendship has confirmed.
If the structure of "users_friends" table looks like this:
me friends_with request_pending
to get the result (= if the user is your friend):
"SELECT * FROM `users_friends` WHERE (`friends_with` = '$user_id' AND `me`= `$me`) OR (`friends_with` = '$me' AND `me`= `$user_id `) AND `request_pending` = 0"
You check if the user is in friends_with where YOU are in me.. or if the user is in me and you're in friends_with
I'm working on a project where a user can click on an item. If the user clicked at it before , then when he tries to click at it again it shouldn't work or INSERT value on the DB. When I click the first item(I'm displaying the items straight from database by id) it inserts into DB and then when I click at it again it works(gives me the error code) doesn't insert into DB. All other items when I click at them , even if I click for the second, third, fourth time all of it inserts into DB. Please help guys. Thanks
<?php
session_start();
$date = date("Y-m-d H:i:s");
include("php/connect.php");
$query = "SELECT * FROM test ORDER BY `id` ASC LIMIT 3";
$result = mysql_query($query);
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$submit = mysql_real_escape_string($_POST["submit"]);
$tests = $_POST["test"];
// If the user submitted the form.
// Do the updating on the database.
if (!empty($submit)) {
if (count($tests) > 0) {
foreach ($tests as $test_id => $test_value) {
$match = "SELECT user_id, match_id FROM match_select";
$row1 = mysql_query($match)or die(mysql_error());
while ($row2 = mysql_fetch_assoc($row1)) {
$user_match = $row2["user_id"];
$match = $row2['match_id'];
}
if ($match == $test_id) {
echo "You have already bet.";
} else {
switch ($test_value) {
case 1:
mysql_query("UPDATE test SET win = win + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
case 'X':
mysql_query("UPDATE test SET draw = draw + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
case 2:
mysql_query("UPDATE test SET lose = lose + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
default:
}
}
}
}
}
echo "<h2>Seria A</h2><hr/>
<br/>Welcome,".$username."! <a href='php/logout.php'><b>LogOut</b></a><br/>";
while ($row = mysql_fetch_array($result)) {
$id = $row['id'];
$home = $row['home'];
$away = $row['away'];
$win = $row['win'];
$draw = $row['draw'];
$lose = $row['lose'];
echo "<br/>",$id,") " ,$home, " - ", $away;
echo "
<form action='seria.php' method='post'>
<select name='test[$id]'>
<option value=\"\">Parashiko</option>
<option value='1'>1</option>
<option value='X'>X</option>
<option value='2'>2</option>
</select>
<input type='submit' name='submit' value='Submit'/>
<br/>
</form>
<br/>";
echo "Totali ", $sum = $win+$lose+$draw, "<br/><hr/>";
}
} else {
$error = "<div id='hello'>Duhet te besh Log In qe te vendosesh parashikime ndeshjesh<br/><a href='php/login.php'>Kycu Ketu</a></div>";
}
?>
Your problem is here :
$match = "SELECT user_id, match_id FROM match_select";
$row1 = mysql_query($match)or die(mysql_error());
while ($row2 = mysql_fetch_assoc($row1)) {
$user_match = $row2["user_id"];
$match = $row2['match_id'];
}
You are not checking it correctly. You have to check if the entry in match_select exists for the user_id and the match_id concerned. Otherwise, $match would always be equal to the match_id field of the last inserted row in your database :
$match = "SELECT *
FROM `match_select`
WHERE `user_id` = '<your_id>'
AND `match_id` = '$test_id'";
$matchResult = mysql_query($match)or die(mysql_error());
if(mysql_num_rows($matchResult)) {
echo "You have already bet.";
}
By the way, consider using PDO or mysqli for manipulating database. mysql_ functions are deprecated :
http://www.php.net/manual/fr/function.mysql-query.php
validate insertion of record by looking up on the table if the data already exists.
Simplest way for example is to
$query = "SELECT * FROM match_select WHERE user_id = '$user_id'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0)
{
// do not insert
}
else
{
// do something here..
}
In your form you have <select name='test[$id]'> (one for each item), then when you submit the form you are getting $tests = $_POST["test"]; You don't need to specify the index in the form and can simply do <select name='test[]'>, you can eventually add a hidden field with the id with <input type="hidden" value="$id"/>. The second part is the verification wich is not good at the moment; you can simply check if the itemalready exist in the database with a query