I have a table where user inserts data and the user id should be automatically added to the table which he is accessing.
$sql = "INSERT INTO leadinform (lead_compname,lead_add,lead_city,lead_compno,lead_cp,lead_cpd,lead_cpno,lead_cpemail,prodtype,prodmodel,value,clodate,uid) VALUES ('$leadname','$leadadd','$leadcity','$leadcompno','$leadcpname','$leadcpdesig', '$leadcpno','$leadcpmail','$prodtype', '$model','$value','$clodate') SELECT admin.uid FROM admin where admin.username = '$user_check' ";
This is the code I am using but it doesnt seem to work.
where am I wrong ?
Use this:
$sql = "INSERT INTO leadinform
(lead_compname,lead_add,lead_city,lead_compno,lead_cp,lead_cpd,lead_cpno,lead_cpemail,prodtype,prodmodel,value,clodate,uid)
SELECT '$leadname','$leadadd','$leadcity','$leadcompno','$leadcpname','$leadcpdesig', '$leadcpno','$leadcpmail','$prodtype', '$model','$value','$clodate', admin.uid
FROM admin
WHERE admin.username = '$user_check'"
And please check insert-select.
try this
$sql = "INSERT INTO leadinform (lead_compname,lead_add,lead_city,lead_compno,lead_cp,lead_cpd,lead_cpno,lead_cpemail,prodtype,prodmodel,value,clodate,uid)
VALUES ('$leadname','$leadadd','$leadcity','$leadcompno','$leadcpname','$leadcpdesig', '$leadcpno','$leadcpmail','$prodtype', '$model','$value','$clodate',(SELECT admin.uid FROM admin where admin.username = '$user_check' limit 1)) ";
Check this:
$sql_query = "INSERT INTO leadinform (lead_compname,lead_add,lead_city,lead_compno,lead_cp,lead_cpd,lead_cpno,lead_cpemail,prodtype,prodmodel,value,clodate,uid)
VALUES ('$leadname','$leadadd','$leadcity','$leadcompno','$leadcpname','$leadcpdesig', '$leadcpno','$leadcpmail','$prodtype', '$model','$value','$clodate',(SELECT admin.uid FROM admin where admin.username = '$user_check' limit 1)) ";
Require("dbconnect.php");//works is used on other another page
echo $Customer_id;//Displays correctly
Can anyone help?
First Check that use session variable is getting the data or not.
If the Customer id is of varchar then you are missing single inverted comma in where clause.
session_start();
$Customer_id = $_SESSION['id'];
Require("dbconnect.php");//works is used on other another page
$sql = "SELECT Job_id FROM Job";
$sql.= " WHERE Job_Customer_id = '$Customer_id'";
$stmt = $dbh->query($sql);
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$Job_id = $row['Job_id'];
echo $Customer_id;//Displays correctly
echo $Job_id;//Curently dose not display anything
Change the $sql.= line to this:
$sql.= " WHERE Job_Customer_id = '$Customer_id'"
with the ' around $Customer_id.
I don't understand this because I'm just getting into query's and php.
I'm trying to get the user's ID from the database and set that equal to a different users friendreq column.
Don't worry about me not escaping properly, this is only a test so I can practice! Thank you! (Although I'm not sure what escaping is, I'm going to do my research!)
$usernameID = "SELECT Id FROM Users WHERE Username = '$username'";
$sql = "UPDATE Users SET FriendReq = $usernameID WHERE Username = '$usernamebeingreq'";
$result = mysqli_multi_query($con, $usernameID, $sql);
if(!$result)
{
echo 'Failed';
}
else
{
echo 'Friend added!';
}
According to the PHP reference of mysqli_multi_query your two queries need to be concatenated with a semicolon. You're passing each query as its own parameter.
Use the following instead:
$result = mysqli_multi_query($con, $usernameID . "; " . $sql);
This will concatenate your two queries, so that it's the following:
SELECT Id FROM Users WHERE Username = '$username'; UPDATE Users SET FriendReq = $usernameID WHERE Username = '$usernamebeingreq'
I am trying to show specific information for my logged in users, i can call the user_name, but i have been able also to call info from the "website" entry which holds the html for the page, i need to be able to call "website" to each logged in user, i.e Susan (user_name) has the html showing when she logs in, BUT Barry (user_name) has the same html showing as susan, as it is being called from Susans row! Please help it is driving me mad!
Here is the code that is on the myaccount.php:
Welcome To <?php echo $_SESSION['user_name'];?>'s Account Page</strong>
<?php
if (isset($_GET['msg'])) {
echo "<div class=\"error\">$_GET[msg]</div>";
}
?>
<?php
$data = mysql_query("SELECT * FROM users") or die(mysql_error());
$info = mysql_fetch_array( $data );
Print "<b></b> ".$info['$website'] . " ";
?>
You have to add a WHERE clause to your query. If you have a field in your table called user_name it will be like this :
"SELECT * FROM users WHERE user_name = '" . $_SESSION['user_name'] . "'";
Note : You are using a deprecated (mysql_query) you should use rather (mysqli_query) which has different syntax
http://php.net/manual/en/mysqli.query.php
Have you tried
$data = mysql_query("SELECT * FROM users WHERE username='$_SESSION[user_name]'") or die(mysql_error());
I'm trying to learn how to dynamically generate a mysql query based on the form fields that a user chooses to fill with data. In-order to make the learning process as easy as possible I'm using a simple form with a field for the users first name and last name. The basic (non-dynamic) version of the code is as follows:
<html>
<head>
<title>Untitled</title>
</head>
<body>
<form method="post" name="test" action="dynamic_search.php">
<input type="text" name="first_name">
<input type="text" name="last_name">
<input type="submit" value="Submit">
</form>
<?php
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
include "link.php";
$query = "SELECT * FROM members " .
"WHERE first_name = '$first_name' " .
"AND last_name = '$last_name' ";
$result = mysql_query($query)
or die(mysql_error());
$row = mysql_fetch_array($result);
$member_id = $row['member_id'];
$member_first_name = $row['first_name'];
$member_last_name = $row['last_name'];
echo $member_id;
echo $member_first_name;
echo $member_last_name;
?>
</body>
</html>
What I need to be able to do is generate a query based on the data submitted. So if the user only enters their first name the query would read as :
$query = "SELECT * FROM members " .
"WHERE first_name = '$first_name' ";
But if the user enters both their first and last name the query would read as :
$query = "SELECT * FROM members " .
"WHERE first_name = '$first_name' " .
"AND last_name = '$last_name' ";
Any help (or if someone can point me towards a good tutorial) would be greatly appreciated!
Thanks!
You can use PHP to check the input and append to the query when necessary.
$query = "SELECT * FROM members ";
$query .= "WHERE first_name = '$first_name' ";
if($last_name!="")
$query .="AND last_name = '$last_name' ";
Remember to escape the strings my using real_escape_string
$first_name = mysql_real_escape_string($_POST['first_name']);
In case you want to check for the first name:
$query = "SELECT * FROM members ";
if($first_name!=""){
$query .= "WHERE first_name = '$first_name' ";
if($last_name!="")
$query .="AND last_name = '$last_name' ";
}
else{
if($last_name!="")
$query .="WHERE last_name = '$last_name' ";
}
First, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial. (Credit)
Second, a caution to always escape user input being included in an SQL statement. Prepared statements handles this for you automatically.
Having said that, the PHP logic that you're after is something like this:
<?php
$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
$first_name = $mysqli->real_escape_string($_POST['first_name']);
$last_name = $mysqli->real_escape_string($_POST['last_name']);
$sql = "SELECT * FROM members WHERE 1";
if (! empty($first_name)) {
$sql .= " AND first_name = '$first_name'";
}
if (! empty($last_name)) {
$sql .= " AND last_name = '$last_name'";
}
So if you want to generate MySQL queries based on form entries you might look into this functional generator below:
Php Sql Query Builder
https://github.com/nilportugues/php-sql-query-builder
This allows you to take your form results and its field names(or ids) and code it into the query builder to generate your requested query!
One bit of advice is to make sure that your field names match your table column names. This will make your process more seamless.
For example. In your case (assuming that your columns names match your form names and your table is named "members"):
<?php
use NilPortugues\Sql\QueryBuilder\Builder\GenericBuilder;
$builder = new MySqlBuilder(); // <-- use MySqlBuilder
$query = $builder->select()
->setTable('members')
->setColumns(['first_name','last_name','email']); // <-- Form names
echo $builder->write($query);
?>
This will output:
SELECT members.first_name, members.last_name, members.email FROM members
Wha la!
Did are many complex queries that you can generate on the developer's GitHub page.