This code is correct, but I want it to show me the user list after logging in, and bring me users with the same profile under each column I wanted to search for a specific user.
I have 20 items in the code, but I have written only 2 items here.
.usersearch.php
require_once 'users.php';
<table class="table table-bordered table-striped table-hover stara">
<thead>
<tr>
<th>آیدی</th>
<th>نام</th>
<tr>
<tr>
<th>
<form action="usersearch.php" method="post" novalidate>
<input name="searchid" >
</form>
</th>
<th>
<form action="/usersearch.php" method="post" novalidate>
<input name="searchname">
</form>
</th>
<tr>
<?php while($user = $result-> fetch(PDO::FETCH_ASSOC )) { ?>
<tr class="bgyellow">
<th>
<?php echo $user['id'] ; ?>
</th>
<th>
<?php echo $user['name'] ; ?>
</th>
<th>
</tr>
<?php } ?>
</thead>
<tbody >
<?php while($row=$select_stmt->fetch(PDO::FETCH_ASSOC)){ ?>
<tr>
<td> <?php echo $row['id'] ; ?> </td>
<td> <?php echo $row['name'] ; ?> </td>
</tr>
<?php } ?>
</tbody>
</table>
.users.php
if(isset($_SESSION['user']) ) {
$db = new PDO("mysql:host=localhost;dbname=pasak", "root", "");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$select_stmt = $db->prepare("SELECT * FROM users");
$select_stmt->execute();
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if($_POST['searchid']){
$id=$_POST['searchid'];
$result = $db->prepare( "SELECT * FROM users WHERE id =:id");
$result->execute((compact('id')));
if($result ->rowCount() <1){
echo 'چنین کاربری وجود ندارد';
}
echo "</br>"; echo "</br>";
}
if($_POST['searchname']){
$name=$_POST['searchname'];
$result = $db->prepare( "SELECT * FROM users WHERE name =:name");
$result->execute((compact('name')));
if($result ->rowCount() <1){
echo 'چنین کاربری وجود ندارد';
}
echo "</br>"; echo "</br>";
}
}
<?php
$usn=$_GET['usn'];
$con=mysqli_connect('localhost','root','','library');
$sql="select count(*) from book_fine where usn='$usn'";
$res=mysqli_query($con,$sql);
$row=mysqli_fetch_array($res);
if($row[0]>0)
{
$sql="select * from book_fine where usn='$usn'";
$res=mysqli_query($con,$sql);
echo '<html><form><table class="table table-bordered">
<tr>
<th><input type="checkbox" name="check_all" id="check_all" value=""/></th>
<th>USN</th>
<th>Trans No</th>
<th>Acc No</th>
<th>category</th>
<th>description</th>
<th>issue_date</th>
<th>due_date</th>
<th>renewed</th>
<th>fine</th>
</tr>
';
while($row=mysqli_fetch_array($res)){
?>
<tr><td><input type="checkbox" name="selected_id[]" class="checkbox" value="<?php echo $usn; ?>"/></td>
<?php echo" <td>".$row[0]."</td>
<td>".$row[1]."</td>
<td>".$row[2]."</td>
<td>".$row[3]."</td>
<td>".$row[4]."</td>
<td>".$row[5]."</td>
<td>".$row[6]."</td>
<td>".$row[7]."</td>
<td>".$row[8]."</td>
</tr></form></html>";
}
echo "</table>";
}else{
echo "string";
}
?>
<?php include("header.php"); ?>
<?php
if (#$_POST['delete']=="Delete"){
$count=count($_POST['delbx']);
for($i=0;$i<$count;$i++){
$delete = "DELETE FROM admin WHERE a_id='".$_POST['delbx'][$i]."'";
$resulty = mysqli_query($conn, $delete) or die(mysql_error());
$select_delete = "SELECT `a_image` FROM admin WHERE a_id='".$_POST['delbx'][$i]."'";
$resultrowdy = $conn->query($select_delete);
$rowdy = $resultrowdy->fetch_assoc();
$path="admin/".$rowdy['a_image'];
echo $path;
unlink($path);
echo '<script>window.location="view_user.php"</script>';
}
} ?>
<div class="table-responsive">
<table class="table">
<caption>All Users</caption>
<?php
$sql = "SELECT a_id, a_name, a_phone, a_password, a_role, a_mail, a_image FROM admin";
$result = $conn->query($sql);
if ($result->num_rows > 0) {?>
<thead>
<tr>
<th><form action="view_user.php" method="post"><input name="delete" type="submit" id="delete" value="Delete"></th><th>S. No.</th> <th>Name</th> <th>Phone No.</th> <th>Mail Id</th> <th>Role</th> <th>Password</th> <th>Image</th>
</tr>
</thead>
<?php
while($row = $result->fetch_assoc()) { ?>
<tbody>
<tr>
<th scope="row">
<?php echo $row["a_id"]; ?>
</th>
<td align="center" bgcolor="#FFFFFF">
<input name="delbx[]" type="checkbox" id="delbx[]" value="<?php echo $row["a_id"]; ?>" />
</td>
<td>
<?php echo $row["a_name"]; ?>
</td>
<td>
<?php echo $row["a_phone"]; ?>
</td>
<td>
<?php echo $row["a_mail"]; ?>
</td>
<td>
<?php echo $row["a_role"]; ?>
</td>
<td>
<?php echo $row["a_password"]; ?>
</td>
<td>
<img src="admin/<?php echo $row["a_image"]; ?>" width="60" height="40">
</td>
<th>
Edit
</th>
</tr>
</tbody>
<?php
}
} else {
echo "0 results";
}?>
</table>
</form>
</div>
<?php include("footer.php"); ?>
The code I mention is not deleting the multiple images from the source folder but deleting the multiple data from database whereas I am trying to delete images from the source folder along with data please help thanks in advance
One of the problem is you are deleting the row and trying to select image column from the deleted row.. dont use user supplied variables directly in your query
your code should be
for($i=0;$i<$count;$i++){
$select_delete = "SELECT `a_image` FROM admin WHERE a_id='".$_POST['delbx'][$i]."'";
$resultrowdy = $conn->query($select_delete);
$rowdy = $resultrowdy->fetch_assoc();
$delete = "DELETE FROM admin WHERE a_id='".$_POST['delbx'][$i]."'";
if(mysqli_query($conn, $delete)){
$path="admin/".$rowdy['a_image'];
unlink($path);
echo '<script>window.location="view_user.php"</script>';
}
}
I have created a script that inserts some details into a form and and below it displays the values inserted in a table. There is a single mysql connection which should work. The insert and select from the advert table is not working! I dont seem to understand why. my table are created properly, there are no errors because i have checked it it anther code. Only this code is not working.
Can someone tell me why are the sql statements not working?
<?php
include('header.php');
session_start();
$user = $_SESSION['username'];
mysql_select_db("ladyjoy_fs", mysql_connect("localhost", "root", ""))or die(mysql_error());
$login=mysql_query("select * from user where user_name='$user'")or die(mysql_error());
$row=mysql_fetch_row($login);
$_SESSION['userid'] = $row[0];
?>
<body>
<?php
$users = mysql_query("select * FROM gcm_users")or die(mysql_error());
if ($users != false)
$no_of_users = mysql_num_rows($users);
else
$no_of_users = 0;
;
?>
<center>
</br>
</br>
<div id="container">
<div id="header">
<div class="alert alert-success"><label>Welcome Advertiser</label></div>
</div>
<table>
<thead>
<td>
<tr>Home | </tr>
<tr>My Advertisements | </tr>
<tr>My Account | </tr>
<tr>Logout | </tr>
</td>
</thead>
</table>
<br/>
<table class="table table-bordered">
<div class="alert alert-success">Creating New Notifications</div>
</table>
<div style="float:center;">
<h4>New Advertisement</h4>
<h5>No of Devices Registered: <?php echo $no_of_users; ?></h5>
<form id="form1" method="POST" onsubmit="return sendPushNotification()">
<label class="control-label" for="inputEmail">Title</label>
<input type="text" name="ad_title" id="ad_title" class="txt_title" placeholder="Notification Title">
<label class="control-label" for="inputEmail">Description</label>
<input type="text" name="ad_desc" id="ad_desc" class="txt_desc">
<label class="control-label" for="inputEmail">Picture</label>
<input type="text" name="ad_pic" id="ad_pic" placeholder="URL">
<label class="control-label" for="inputEmail">Location</label>
<input type="text" name="ad_location" id="ad_location" placeholder="Venue"><br/>
<input type="hidden" name="regId" value="<?php echo $_SESSION['userid'] ?>"/>
<button type="submit" id="add_supply" name="add_supply" class="btn btn-info">Send Notification</button>
</div>
</form>
<?php
if (isset($_POST['add_supply'])){
$title=$_POST['ad_title'];
$desc=$_POST['ad_desc'];
$url=$_POST['ad_pic'];
$location=$_POST['ad_location'];
$userid=$_POST['regId'];
$sql2 = "insert into advert (title,description,url,location,user_id) values('$title','$desc','$url','$location','$userid')";
mysql_query($sql2)or die(mysql_error());
}
?>
<br/>
<table cellpadding="0" cellspacing="0" border="0" class="table table-striped table-bordered" >
<thead>
<tr>
<th>Advertisement ID</th>
<th>Title</th>
<th>Description</th>
<th>Picture</th>
<th>Location</th>
</tr>
</thead>
<tbody>
<?php
$query=mysql_query("select * from advert where user_id = ".$_SESSION['userid']."")or die("Error at query : "+mysql_error());
while(($row=mysql_fetch_array($query))){
?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['title']; ?></td>
<td><?php echo $row['description']; ?></td>
<td><?php echo $row['url']; ?></td>
<td><?php echo $row['location']; ?></td>
</tr>
<?php } ?>
</tbody>
</table>
</center>
</body>
</html>
$query=mysql_query("select * from advert where user_id = '".$_SESSION['userid']."' ")or die("Error at query : "+mysql_error());
I think it is error in syntax. Please check it.
or you can try out this code ->
$user = $_SESSION["username"];
$res = "select * from user where user_name='$user'";
$result = mysql_query($res) or die("query fail to execute".mysql_error());
while($row= mysql_fetch_array($result))
{
$ac= $row['id'];
$a= ("select * FROM gcm_users WHERE user_id='$ac'");
$re = mysql_query($a) or die("wrong query".mysql_error());
while($row= mysql_fetch_array($re))
{
}
}
note->and yes as mention above your code is vulnerable to sql injection.
I am trying to get the id from each row in the table so that i'll be able to update each record in a form on a different page. I've been trying to, however, i'm only getting the first record from the table. Could someone provide some assistance please.
<div class="personnel_title">Personnel<br><hr>
<div class="addcontain">
<form method="post" action="">
<input type="button" name="addpersonnel" value="Add">
</form>
<div class="searchcontain">
<form method="post" action="HR_core_personnel.php">
<input type="text" id="search" name="search" placeholder="Search" /><br>
</form>
<div id="output">
</div>
</div>
</div>
<hr>
<?php
$query = "SELECT `fighterID`, `firstName`, `middleName`, `lastName`, `rank`.`rank`, `status`, `telephone1`, `telephone2`, `stationlocation`.`exactlocation`, `hireDate`, `workShift`
FROM `firefighterinfo`
JOIN `rank` ON `firefighterinfo`.`Rank_rankID` = `rank`.`rankID`
JOIN `stationlocation` ON `firefighterinfo`.`StationLocation_locationID` = `stationlocation`.`locationID`";
$result = mysql_query($query);
$num = mysql_num_rows($result);
mysql_close();
?>
<div class="results_table">
<table>
<thead>
<tr>
<th>Firefighter</th>
<th>Rank</th>
<th>Status</th>
<th>Home No.</th>
<th>Cell No.</th>
<th>Station</th>
<th>Hire Date</th>
<th>Shift</th>
<th></th>
</tr>
</thead>
<?php
$i = 0;
while($i < $num){
$f1 = mysql_result($result, $i, 'firstName');
$f2 = mysql_result($result, $i, 'middleName');
$f3 = mysql_result($result, $i, 'lastName');
$f4 = mysql_result($result, $i, 'rank');
$f5 = mysql_result($result, $i, 'status');
$f6 = mysql_result($result, $i, 'telephone1');
$f7 = mysql_result($result, $i, 'telephone2');
$f8 = mysql_result($result, $i, 'exactlocation');
$f9 = mysql_result($result, $i, 'hireDate');
$f10 = mysql_result($result, $i, 'workShift');
?>
<tbody id="table_body">
<tr>
<td>
<?php echo $f1; ?>
<?php echo $f2; ?>
<?php echo $f3; ?>
</td>
<td>
<?php echo $f4; ?>
</td>
<td>
<?php echo $f5; ?>
</td>
<td>
<?php echo $f6; ?>
</td>
<td>
<?php echo $f7; ?>
</td>
<td>
<?php echo $f8; ?>
</td>
<td>
<?php echo $f9; ?>
</td>
<td>
<?php echo $f10; ?>
</td>
<td>
<img src="images/Awicons-Vista-Artistic-Edit.ico" width="15" height="20" alt="Edit">
</td>
</tr>
</tbody>
<?php
$i++;
}
?>
</table>
</div>
</div>
#Farman left you a good answer, here's mine with some additions
reformated for my eyes
changed those ugly calls to mysql_result to something with better performance
assumes fighterID as the rightfull key
this is your script
<div class="personnel_title">Personnel<br><hr>
<div class="addcontain">
<form method="post" action="">
<input type="button" name="addpersonnel" value="Add">
</form>
<div class="searchcontain">
<form method="post" action="HR_core_personnel.php">
<input type="text" id="search" name="search" placeholder="Search" /><br>
</form>
<div id="output"></div>
</div>
</div>
<hr>
<?php
$query = "SELECT `fighterID`, `firstName`, `middleName`, `lastName`,
`rank`.`rank`, `status`, `telephone1`, `telephone2`,
`stationlocation`.`exactlocation`, `hireDate`, `workShift`
FROM `firefighterinfo`
JOIN `rank` ON `firefighterinfo`.`Rank_rankID` = `rank`.`rankID`
JOIN `stationlocation` ON `firefighterinfo`.`StationLocation_locationID` = `stationlocation`.`locationID`";
$result = mysql_query($query);
$num = mysql_num_rows($result);
mysql_close();
?>
<div class="results_table">
<table>
<thead>
<tr>
<th>Firefighter</th>
<th>Rank</th>
<th>Status</th>
<th>Home No.</th>
<th>Cell No.</th>
<th>Station</th>
<th>Hire Date</th>
<th>Shift</th>
<th> </th>
</tr>
</thead>
<?php
$c = array('fighterID','firstName','middleName','lastName','rank','status','telephone1','telephone2','exactlocation','hireDate','workShift');
while($r = mysql_fetch_assoc($result)) { ?>
<tbody id="table_body">
<tr>
<td><?php echo $r[$c[1]].' '.$r[$c[2]].' '.$r[$c[3]]; ?></td>
<td><?php echo $r[$c[4]]; ?></td>
<td><?php echo $r[$c[5]]; ?></td>
<td><?php echo $r[$c[6]]; ?></td>
<td><?php echo $r[$c[7]]; ?></td>
<td><?php echo $r[$c[8]]; ?></td>
<td><?php echo $r[$c[9]]; ?></td>
<td><?php echo $r[$c[10]]; ?></td>
<td>
<!-- the change made by #Farman Ullah is here -->
<a href="HR_core_updatepersonnel.php?fighterID=<?php echo $r[$c[0]]; ?>">
<img src="images/Awicons-Vista-Artistic-Edit.ico" width="15" height="20" alt="Edit">
</a>
</td>
</tr>
</tbody>
<?php } ?>
</table>
</div>
</div>
Feel free to ask any questions or add feedback