I have written this code, but it does not work and I cannot find any mistake. It filters data from mysql database. Below I pasted one code without $_post form and this works fine. But I need a filter due to the high volume of data.
`
include "db_connect.inc.php";
$sql = "SELECT versicherungsnamen, franchise, praemie FROM praemien";
$sql .= " where kanton = " . $_POST["kanton"]
. " and franchise = ". $_POST["franchise"];
$sql .= " order by praemie";
$res = mysqli_query($con, $sql);
$num = mysqli_num_rows($res);
if ($num==0) echo "Keine Datensätze gefunden";
while ($dsatz = mysqli_fetch_assoc($res))
echo $dsatz["versicherungsnamen"] . ", "
. $dsatz["praemie"] . "<br />";
mysqli_close($con);
?>
</body>
</html>`
But when i try this code without $_post option it works fine
<html>
<body>
<?php
include "db_connect.inc.php";
$res = mysqli_query($con, "SELECT versicherungsnamen, franchise, praemie FROM praemien");
while ($dsatz = mysqli_fetch_assoc($res))
{
echo $dsatz["versicherungsnamen"] . ","
.$dsatz["franchise"] . ","
.$dsatz["praemie"] . "<br />";
}
?>
</body>
</html>
before select replace post vars into separate variables then use this new vars in select query.
$kanton = $_POST['kanton'];
$franchise = $_POST['franchise'];
$sql = "SELECT versicherungsnamen, franchise, praemie FROM praemien where kanton = " . $kanton . " and franchise = ". $franchise. " order by praemie";
...
Related
I'm pretty new to php, so don't really know how to do much, but from what I've looked up, this should echo all values from the two fields.
<?php
$con = mysqli_connect('localhost', 'root', 'root', 'unityaccess');
if(mysqli_connect_errno())
{
echo "1: Connection failed"; //error code 1 = connection failed
exit();
}
$username = $_POST["name"];
$idcheckquery = "SELECT id FROM users WHERE username = '" . $username . "';";
$idcheck = mysqli_query($con, $idcheckquery) or die("7: ID check query failed"); //error code 8 = couldn't get user's id
$existingid = mysqli_fetch_assoc($idcheck);
$userid = $existingid["id"];
$itemfindquery = "SELECT itemid, equipped FROM inventory WHERE userid = '" . $userid ."';";
$itemfind = mysqli_query($con, $itemfindquery) or die("9: Couldn't find items");
while($row = $mysqli_fetch_assoc($itemfind)){
echo $row["itemid"] . ", " . $row["equipped"] . " ";
}
?>
I expect this to, when it is called in unity, to print a list of all the values in each list, but instead it doesn't echo anything.
The mysqli_fetch_assoc() function is being used as a variable ($). Just remove the dollar sign and it will work.
while($row = mysqli_fetch_assoc($itemfind)){
echo $row["itemid"] . ", " . $row["equipped"] . " ";
}
Also, try to use prepared statements to fight against SQL injections.
I am trying the approach of 'adding a log just before the php query'; in effort to achieve the ability to print a 'time stamp' when my mySQL database has been updated.
my queries look like this.
require_once('include/connect.php');
$q = $_GET['q'];
//echo $q;
//$plan=substr($q,0,4);
//$spec=substr($q,4);
list($plan, $ptype, $spec) = explode('_', $q);
//echo $plan . ", " . $spec;
//$query="SELECT vphp.tbl_provider_types.`TYPE` from coolDB.tbl_provider_types where vphp.tbl_provider_types.".$q." = 'Y';";
$query= "SELECT tbl_sourcespecheader.specID, coolDB.tbl_sourcespecheader.Specialty_Header from vphp.tbl_provider_types left join coolDB.tbl_sourcespecheader on coolDB.tbl_provider_types.ID = coolDB.tbl_sourcespecheader.TypeID where coolDB.tbl_provider_types.ID = " . $spec . " and coolDB.tbl_sourcespecheader." . $plan . " = 'Y';";
$result = mysqli_query($connection, $query);
//Populate result in HTML which will be returned via AJAX
echo "<h4>Please select from these " . $ptype . " specialties:</h4>";
echo "<select id='type' multiple='' name='specialty'><option selected="selected" value="nospec"></option>";
while($row = mysqli_fetch_array($result))
{
echo "<option value='" . $row['specID'] . "'><a href='#' id='" . $row['specID'] . "' onclick='getSelected(this.id);return false' style='text-decoration: none'>" . $row['Specialty_Header'] . "</a></option>";
}
echo "</select>";
//Close database connection
mysqli_close($connection);
Better use triggers. You need to create log table to be able to insert all data you needed. Below is the example.
DELIMITER $$
CREATE TRIGGER before_employee_update
BEFORE UPDATE ON employees
FOR EACH ROW
BEGIN
INSERT INTO employees_audit
SET action = 'update',
employeeNumber = OLD.employeeNumber,
lastname = OLD.lastname,
changedat = NOW();
END$$
DELIMITER ;
If you are using phpMyadmin. Go to that and find the trigger menu. There you can create triggers.
i try to write a website for library as an exercise. I have while loop to display all books in my database. If user is logged in and state(stan) of book(ksiazka) is free(Wolny) it shows button under book. After clicking it takes all free books to database and update their state as hired not only that one which user want. Here is the code, thanks.
$findbook2 ="select ksiazka.id_ksiazka, ksiazka.tytul, ksiazka.id_stan, autor.id_autor, autor.imie_autor, ksiazka.rok_wydania, autor.nazwisko_autor, stan.id_stan, stan.nazwa_stan FROM ((ksiazka inner join autor ON ksiazka.id_autor = autor.id_autor) inner join stan ON ksiazka.id_stan = stan.id_stan);";
$stan = mysqli_query($connect, $findbook2);
while($row = mysqli_fetch_array($stan))
{
echo "Tytuł:" . " " .$row['tytul']." ". "Autor:" . " " . $row['imie_autor']." ". $row['nazwisko_autor']. " ". "Rok wydania" . " ". $row['rok_wydania'] . " ". "Stan ". $row['nazwa_stan']. " ";
if(isset($_SESSION['id_czytelnik'])){
if($row['nazwa_stan']=='Wolny'){
echo '<form method = "GET" action = "ksiazki.php">';
echo '<input type = "submit" name = "submit" value = "Wypożycz"/>';
echo '</form>';
if(isset($_REQUEST['submit'])){
$id_czytelnik = $_SESSION['id_czytelnik'];
$id_ksiazka = $row['id_ksiazka'];
$data_oddania = date('Y-m-d', strtotime('+30 days'));
$wstaw_ksiazke = "INSERT INTO `wypozyczenie`(`id_wypozyczenie`, `id_czytelnik`, `id_ksiazka`, `id_pracownik`, `data_wypozyczenia`, `data_oddania`) VALUES ('','$id_czytelnik','$id_ksiazka',2,NOW(),'$data_oddania')";
if(mysqli_query($connect, $wstaw_ksiazke)){
$update = "Update ksiazka set id_stan = 3 where id_ksiazka = '$id_ksiazka'";
if(mysqli_query($connect, $update)){
echo "Wypozyczyłeś książkę";
}
}
}
}
}
echo "</br>";
}
Consider the statement if(isset($_REQUEST['submit'])) which is always true inside your while loop after clicking submit as it is not unset anyway.It causes repeated execution of a statement while the Array is not empty.
I'm comparing current data with updated data to check whether there are changes in information, and add the changes to a new table changes:
if (isset($_POST['submit']))
{
$sql = "SHOW COLUMNS FROM Employees";
$result = mysqli_query($con,$sql);
while($row = mysqli_fetch_array($result)){
$tempname = $row['Field'];
$sql2 = "UPDATE Employees SET ".$row['Field']."= '$_POST[$tempname]' WHERE AFNumber='".$_GET["af"]."'";
$result2 = mysqli_query($con,$sql2);
if ($con->query($sql2) === TRUE) {
} else {
echo "Error: " . $sql2 . "<br>" . $con->error;
echo '<script>swal("Error", "Something went wrong '.$con->error.'", "error");</script>';
}
$sqlOldData = "SELECT * FROM Employees WHERE AFNumber='".$_GET["af"]."' AND (".$row['Field']." NOT LIKE '".$_POST[$tempname]."')";
$result3 = $con->query($sqlOldData);
if ($result3->num_rows > 0) {
while($row3 = $result3->fetch_assoc()) {
$sql3 = "INSERT INTO Changes (Table, AFNumber, Attribute,DateChanged,HRUser,OldValue,NewValue)
VALUES ('Employees', '".$_GET["af"]."', '".$row["Field"]."', '".date('dd/m/Y HH:mm:ss')."', '$login_session', '.$row3[0]', '$_POST[$tempname]')";
if ($con->query($sql3) === TRUE) {
echo "New record created successfully";
} else {
echo "Error: " . $sql3 . "<br>" . $con->error;
}
}
} else {
echo "0 results";
}
}
Now i want to extract information about the changes such as date user ... And put them in a textarea tag in this form:
<textarea name="changes" rows="50" cols="59" disabled>
12/07/2015 - User:"Mike" Changed:"Actual Location" From: "blabla" to "bla"
</textarea>
But I'm not sure how to do this, any help please...
Without knowing much about your data (for example what AFNumber is) I would suggest simply querying everything from the Changes table, and displaying them in the desired form:
$changes = $con->query("SELECT * FROM Changes WHERE Table = 'Employees'");
if ($changes->num_rows > 0) {
echo '<textarea name="changes" rows="50" cols="59" disabled>' . "\n";
while ($row = $changes->fetch_assoc()) {
echo sprintf('%s - User:%s Chnaged:"%s" From: "%s" to "%s"',
$row['DateChanged'], $row['HRUser'], $row['Attribute'],
$row['OldValue'], $row['NewValue']) . "\n";
}
echo "</textarea>";
}
To display the data I simply use echo here, but using some template system shouldn't make much difference to the core concept of the solution.
From your comment, you have the following code :
$sql = "SELECT id, firstname, lastname FROM MyGuests";
$result = $conn->query($sql);
if ($result->num_rows > 0)
{
// output data of each row
while($row = $result->fetch_assoc())
{
echo "id: " . $row["id"]. " - Name: " . $row["firstname"]. " " . $row["lastname"]. "<br>";
}
}
else
{
echo "0 results";
}
$conn->close();
To get the information into a text area in the way you are doing, use:
echo '<textarea name="changes" rows="50" cols="59" disabled>id:' . $row['id' . ' - Name: ' . $row['firstname'] . ' ' . $row['lastname'] . '</textarea>';
<!doctype html>
<html>
<head>
<title>Pengubahan Data Pemain</title>
<style>
label {
float: left;
width: 100px;
}
</style>
</head>
<body>
<h1>Pengubahan Data Pemain</h1>
<?php
$kunci = isset($_GET["kunci"]) ?
trim($_GET["kunci"]) : "";
$pesan = isset($_GET["pesan"]) ?
trim($_GET["pesan"]) : "";
if ($kunci !== "") {
// Lakukan koneksi database
$koneksi = new mysqli("localhost", "root",
"syamsunisramani", "dbartt");
if (!$koneksi)
die("Koneksi gagal");
// Proses SQL
$sql = "SELECT * FROM pemain WHERE id_artt = '" .
$kunci . "';";
if ($hasil = $koneksi->query($sql))
if ($hasil->num_rows > 0) {
print("<form action=\"pemsimp.php\" method=\"post\">");
print("<fieldset>");
while ($baris = $hasil->fetch_array()) {
print("<p>\n");
print("<label>ID ARTT:</label>\n");
print("<input type=\"hidden\" name=\"id-artt\"");
print(" value=\"$kunci\">\n");
print("<input type=\"text\" name=\"kunci\"");
print(" value=\"$kunci\">\n");
print("</p>\n");
print("<p>\n");
print("<label>Nama Pemain:</label>\n");
print("<input type=\"text\" name=\"nama-pemain\"");
print(" value=\"$baris[1]\">\n");
print("</p>\n");
print("<p>\n");
print("<label>Klub Pemain:</label>\n");
print("<input type=\"text\" name=\"klub-pemain\"");
print(" value=\"$baris[2]\">\n");
print("</p>\n");
}
print("<input type=\"submit\" value=\"Simpan\">\n");
print("</fieldset>\n");
print("</form>\n");
}
else {
print("Data tidak ditemukan<br>");
$pesan = "";
}
else {
print("Gagal memproses. Kesalahan: " .
$koneksi->error . "<br>");
$pesan = "";
}
// Tutup koneksi
$koneksi->close();
}
else
print("Salah pemakaian");
// Tampilkan pesan kesalahan
if ($pesan !== FALSE)
print($pesan);
?>
</body>
</html>
//pemsimp.php
<?php
$id_artt = isset($_POST["id-artt"]) ?
trim($_POST["id-artt"]) : "";
$nama_pemain = $_POST["nama-pemain"];
$klub_pemain = $_POST["klub-pemain"];
if (empty($id_artt)) {
die("Salah pemanggilan");
}
// Lakukan koneksi database
$koneksi = new mysqli("localhost", "root",
"syamsunisramani", "dbartt");
if (!$koneksi)
die("Koneksi gagal");
// Proses SQL
$sql = "UPDATE pemain SET " .
"nama_pemain = '$nama_pemain', " .
"klub_pemain = '$klub_pemain', " .
"WHERE id_artt = '" . $id_artt . "';";
$pesan = "";
if ($hasil = $koneksi->query($sql))
$pesan = "Data pemain '$nama_pemain' telah disimpan";
else
$pesan = "Gagal menyimpan. Kesalahan: " . $koneksi->error;
// Tutup koneksi
$koneksi->close();
// Redirection
header("location: ubahpem.php?kunci=$id_artt&pesan=$pesan");
?>
-When I update the database 'dbartt' by entering 'nama_pemain' or klub_pemain value with new value.
-It shows the following error. Please fix my code.
-error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server -version for the right syntax to use near 'WHERE id_artt = '11:22:33:44:55:66'' at line 1
Change this
$sql = "SELECT * FROM pemain WHERE id_artt = '" . $kunci . "';";
to this,
$sql = "SELECT * FROM pemain WHERE id_artt = '" . $kunci . "'";
There are a few mistake that I found (an additional ',' and a ';') and I think that may be causing the problem.
Replace your query code like this
$sql = "UPDATE pemain SET " .
"nama_pemain = '$nama_pemain', " .
"klub_pemain = '$klub_pemain' " .
"WHERE id_artt = '" . $id_artt . "'";
Another thing is that make sure that the type of 'id_artt' column is in a format that can accept the values like "11:22:33:44:55:66"
Your where condition should be like this.
$sql = "SELECT * FROM pemain WHERE id_artt = '".$kunci ."' ";
You can write that this way...
$sql = "
UPDATE pemain
SET nama_pemain = '$nama_pemain'
, klub_pemain = '$klub_pemain'
WHERE id_artt = $id_artt;
";
The penultimate semi-colon isn't necessary but I like to include it so I can just copy and paste the echo into a MySQL CLI for testing.
with heredoc query
$sql = <<<SQL
UPDATE pemain
SET nama_pemain = '$nama_pemain'
, klub_pemain = '$klub_pemain'
WHERE id_artt = $id_artt
SQL;
If we decide it turns out to be turning on the ", / comma" sign. Because according to the request for renewal permission, there can be no commas before WHERE, the comma is only used if there are still data fields to be changed. Here's the correct script:
"UPDATE pemain SET " .
"nama_pemain = '$nama_pemain', " .
"klub_pemain = '$klub_pemain'" .
"WHERE id_artt = '" . $id_artt . "';";
or
"UPDATE pemain SET nama_pemain = '$nama_pemain', klub_pemain = '$klub_pemain' WHERE id_artt = '$id_artt'";