Drop down, results table not showing Mysql php - php

Trying to get the results from the Mysql to show up on the web page.
The process is that the user would select a make of a car and then it will show just that make in a table.
I've been trying different things but I cant seem to get it to show the results. As soon as I get rid of the WHERE statement in the sql query it shows all the cars/makes. I think the problem is in the sql statement or the if.
This is what I've got so far.
<HTML >
<head>
<title>Inventory</title>
</head>
<body>
<form method="get" action="TaskC.php">
Please select a make:
<select name = "make" >
<option value = "All">All</option>
<option value = "Toyota">Toyota</option>
<option value = "Holden">Holden</option>
<option value = "Ford">Ford</option>
<option value = "Nissan">Nissan</option>
</select> <br/>
<br/>
<input type="submit" value="Search" name="Search" />
<table width="600" border="1" cellpadding="1" cellspacing="1">
<tr>
<th>Make</th>
<th>Model</th>
<th>Price</th>
<th>Quantity</th>
<tr>
</form>
<?php
//error_reporting (E_ALL ^ E_NOTICE);
$dbConnect = mysqli_connect('xxxxxxxxx', 'xxxxxxxxx','xxxxxxxx')
or die("<p>The database server is not available.</p>");
$dbSelect = mysqli_select_db( $dbConnect,'xxxxxxxx_db' )
or die("<p>The database is not available.</p>");
$make = $_GET['make'];
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
$result = mysqli_query($dbConnect,$sqli);
if (isset($_GET['make']) )
{
while ($inventory = mysqli_fetch_assoc($result) )
{
echo "<tr>";
echo "<td>".$inventory['make']."</td>";
echo "<td>".$inventory['model']."</td>";
echo "<td>".$inventory['price']."</td>";
echo "<td>".$inventory['quantity']."</td>";
echo "</tr>";
}
}
mysqli_close($dbConnect);
?>
</body>
</HTML>
Hope you can help.
Thanks


There is an error in the query. It should be -
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
Edit
if (isset($_GET['make']) ){
$make = $_GET['make'];
$sqli = "SELECT * FROM inventory WHERE make = '" .$make. "'";
$result = mysqli_query($dbConnect,$sqli);
while ($inventory = mysqli_fetch_assoc($result) )
{
echo "<tr>";
echo "<td>".$inventory['make']."</td>";
echo "<td>".$inventory['model']."</td>";
echo "<td>".$inventory['price']."</td>";
echo "<td>".$inventory['quantity']."</td>";
echo "</tr>";
}
}

Related

Created a Select dropdown option from mysql db but I also want to add a select all option from the same form dropdown PHP

I have a simple form that is using a dropdown list to select a team member by position from a phpmyadmin db and using php in an index.php file.
This returns the rows perfectly and works great, however, I would like to also have the option in the same form to select all records from that table regardless
Here is the html form
<form id="main_select" action="view_members.php" method="POST">
<select name='main_select' required>
<option value="" disabled selected>Select staff position</option>
<option value="all">View All Members</option>
<option value="Professor">Professor</option>
<option value="Senior Lecturer">Senior Lecturer</option>
<option value="Reader">Reader</option>
<option value="Lecturer">Lecturer</option>
</select>
<input type="submit" value="View Selected Staff Members">
</form>
and here is the view_members.php that works perfectly when say a professor option is chosen
<?php
if (isset($_POST['main_select'])) {
$position = $_POST['main_select'];
$statement = "SELECT * FROM staff_members WHERE position = '$position'";
$result = mysqli_query($conn, $statement);
}
?>
<?php
echo '<table align="center" border="0" cellspacing="35" cellpadding="2" width="100%">';
echo "<thead><tr><th>ID</th><th>Name</th><th>Email</th><th>Position</th><th>Update</th>
<th>Action</th></tr></thead>";
while ($row = mysqli_fetch_assoc($result)) {
echo "<tr>";
echo "<td>{$row['id']}</td>";
echo "<td>{$row['name']}</td>";
echo "<td>{$row['email']}</td>";
echo "<td>{$row['position']}</td>";
echo "<td><a href='edit_member.php?id={$row['id']}'>Edit</a></td>";
echo "<td><a href='delete_member.php?id={$row['id']}'>Delete</a></td>";
echo "</tr>";
}
echo "</table>";
echo '<p>Back</p>';
?>
I then tried to add an else statement to look for "all" in the form and simply select all records but that returns nothing yet if I choose professor again it works ok? is there a way I can do this?
Here is the if else code I tried with
<?php
if (isset($_POST['main_select'])) {
$position = $_POST['main_select'];
$statement = "SELECT * FROM staff_members WHERE position = '$position'";
$result = mysqli_query($conn, $statement);
} else {
if (isset($_POST['main_select' == 'all'])) {
$statement = "SELECT * FROM staff_members";
$result = mysqli_query($conn, $statement);
}
}
any help would be greatly appreciated.
Thanks
David.

So thank you for your input guys, here is what I put together assuming this is still open to SQL injection?
<?php
if (isset($_POST['main_select'])) {
$position = $_POST['main_select'];
if ($position == "all") {
$statement = "SELECT * FROM staff_members";
} else {
$statement = "SELECT * FROM staff_members WHERE position = '$position'";
}
$result = mysqli_query($conn, $statement);
}
echo '<table align="center" border="0" cellspacing="35" cellpadding="2" width="100%">';
echo "<thead><tr><th>ID</th><th>Name</th><th>Email</th><th>Position</th><th>Update</th><th>Action</th></tr></thead>";
while ($row = mysqli_fetch_assoc($result)) {
echo "<tr>";
echo "<td>{$row['id']}</td>";
echo "<td>{$row['name']}</td>";
echo "<td>{$row['email']}</td>";
echo "<td>{$row['position']}</td>";
echo "<td><a href='edit_member.php?id={$row['id']}'>Edit</a></td>";
echo "<td><a href='delete_member.php?id={$row['id']}'>Delete</a></td>";
echo "</tr>";
}
echo "</table>";
echo '<p>Back</p>';
?>
However, it works and pulls in all records when "all" is selected

How to make data display in the table on my webpage once it's been input into my database?

I'm not sure how to describe it, so here's a video where I explain my problem.
I tried rearranging some of the code, as I do believe nothing is faulty, attempting to make sure that the table refreshes with the new data inside it, however every time I tried to place my code in a different order (executing the queries in different orders), it either functions differently than how I want it to function or it doesn't function at all.
Both queries do function separately, I'm just unsure why they're not working together.
Searchbar has the value seen inputted in the homepage on both my Search page and this page in question. However it was left blank for this page, which gave me the result of having the full table display which is what I wanted to happen. I'm just not sure how I can edit my code so, when submitted, it will display the newly added data.
My PHP:
<?php
$find = $_POST['searchbar'];
$host = "localhost";
$username = "FFF";
$pword = "L3FhqJNey8Op2qJY";
$database = "Project";
include 'includes/db.inc.php';
$Name2 = $_POST['Name'];
$YearOfRelease2 = $_POST['YearOfRelease'];
$Studio2 = $_POST['Studio'];
$Age2 = $_POST['Age'];
$Score2 = $_POST['Score'];
?>
My HTML:
<html>
<head>
<title>Add a Film - Films! Films! FILMS!</title>
</head>
<body>
<h1>Films! Films! FILMS!</h1>
<h2>Add a Film</h2>
<p>If you wish to add a film to our database, feel free to add data relating to the film in the respective boxes below. You should then refresh the page.</p>
<p>Add Film:</p>
<form method="POST" action="AddFilm.php">
<p>Name of Film: <input type="text" name="Name"></p>
<p>Year of Release: <input type="text" name="YearOfRelease"></p>
<p>Name of Studio: <input type="text" name="Studio"></p>
<p>Age Rating: <select name="Age" size="1">
<optgroup label="Select Age Rating">
<option value="U">U</option>
<option value="PG">PG</option>
<option value="12">12</option>
<option value="15">15</option>
<option value="18">18</option>
</optgroup>
</select></p>
<p>Review Score: <input type="text" name="Score"></p>
<p><input type="submit" name="submit" value="Submit and Refresh"></p>
</form>
<?php
echo "<h2>$output</h2>";
$query_string = "SELECT * FROM movies WHERE Name LIKE '%$find%' OR YearOfRelease LIKE '%$find%' OR Studio LIKE '%$find%' OR Age LIKE '%$find%' OR Score LIKE '%$find%'";
$query_string2 = "INSERT INTO movies (Name, YearOfRelease, Studio, Age, Score) VALUES ('$Name2', '$YearOfRelease2', '$Studio2', '$Age2', '$Score2');";
if ($result = $mysqli->query($query_string2)) {
$output2 = $Name2 ." has been added to the database.";
echo "<p>$output2</p>";
} else {
echo ("Error performing query: " . $mysqli->error() );
}
$result->close();
if ($result = $mysqli->query($query_string)) {
echo "<table border='1'>";
echo "<tr><th>FilmID</th><th>Name</th><th>YearOfRelease</th><th>Studio</th><th>Age</th><th>Score</th></tr>";
while ($row = $result->fetch_object())
{
$FilmID = $row->FilmID;
$Name = $row->Name;
$YearOfRelease = $row->YearOfRelease;
$Studio = $row->Studio;
$Age = $row->Age;
$Score = $row->Score;
$output ="<tr><td> $FilmID";
$output = $output . "<td> $Name";
$output = $output . "<td> $YearOfRelease";
$output = $output . "<td> $Studio";
$output = $output . "<td> $Age";
$output = $output . "<td> $Score </tr>";
echo "<p>$output</p>";
}
echo "</table>";
echo "<hr>";
echo '<p>Back to Home Page</p>';
$result->close();
} else {
echo ("Error performing query: " . $mysqli->error() );
}
$mysqli->close();
?>
</body>
</html>

Can i use AND operator 2 times in SQL?

So i been trying this for a week, which is the value inside the table is missing after i select submit button for the date
So when enter the this page it will display
'SELECT * FROM attendance WHERE lect_id = 'CS0198289' AND dateofupdate LIKE '%0%' AND codeofsubject = 'CSNB214' ORDER BY studname ASC'
which is it will display my lect_id, dateofupdate=0, and the code of subject. When I select the submit(SELECT) button which is to date it will become
'SELECT * FROM attendance WHERE lect_id = 'CS0198289' AND dateofupdate LIKE '%2019-01-23%' AND codeofsubject = '' ORDER BY studname ASC'
so can anyone help me? much appreciate
<?php
$connect = mysqli_connect ("localhost","root","","ubas")
or die("Cannot connect to server".mysqli_error($connect));
if (!isset($_POST['dates'])){
$_POST['dates']=0;
}
$id = #$_POST["lect_id"];
$codeofsubject = #$_POST['code'];
$display = "SELECT * FROM attendance WHERE lect_id = '$_SESSION[id]' AND dateofupdate LIKE '%".$_POST['dates']."%'
AND codeofsubject = '$codeofsubject' ORDER BY studname ASC";
echo $display;
$result = mysqli_query ($connect,$display)
or die ("Cannot view due to".mysqi_error($connect));
echo"<form role='form' method='post'>
<div class='form-group'>
<label>Date</label>
<input style='width:180px; display:inline' class='form-control' type='date' name='dates' id='dates'>
<button type='submit' style='display:inline' name='select'>Select</button>
</div>
</form>";
echo"
<form method = post action = updateattend.php>
<table width='100%' class='table table-striped table-bordered table-hover' id='dataTables-example'>
<thead>
<tr>
<th><center>Date</center></th>
<th><center>Student Name</center></th>
<th><center>Student ID</center></th>
<th><center>View</center></th>
<th><center>Attend Status</center></th>
</tr>
</thead>";
while($row = mysqli_fetch_array($result,MYSQLI_NUM))
{
$attendid = $row [0];
$studname = $row [1];
$studid = $row [2];
$lect_id = $row [3];
$codeofsubject = $row [4];
$date = $row [5];
$dateofenroll = $row [6];
$attendstatus = $row [7];
echo"<tbody>
<tr>
<td><center>$date</center></td>
<td><center>$studname</center></td>
<td><center>$studid</center></td>
<td align = center>
<a class ='btn-warning btn' href ='updatestud.php?id=".$row['2']."'>VIEW</a>
</td>";
echo"
<td align = center>
<select class = 'form-control' name = 'attendstatus[]'>
<option value='$attendstatus' selected>$attendstatus</option>";
if($attendstatus =="Attend")
{
echo "<option value='Not Attending'>Not Attending</option>
<option value='Not Attending with Reason'>Not Attending with Reason</option>";
}
elseif ($attendstatus =="Not Attending") {
echo"<option value='Attend'>Attend</option>
<option value='Not Attending with Reason'>Not Attending with Reason</option>";
}
else{
echo"<option value='Attend'>Attend</option>
<option value='Not Attending'>Not Attending</option>";
}
echo"</select>
</td>
</tr>
</tbody>";
}
?>
</table>

There is no limit of AND operator in SQL statement. You can use as many ANDs as you need but your logic should be correct in the sense of SQL statement.
For Example
SELECT something FROM something WHERE something=something AND something=something AND something=something AND something=something;
So, the part something=something becomes a separate logical statement that is separately evaluated from other something=something statements based on the AND operator. But keep in mind that the whole statement above is a single statement.

MySQL UPDATE function is not working [duplicate]

This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
Closed 6 years ago.
I'm a new in PHP coding and this is one assignment that I have to do.
I have included DB Connect already in the file but these are codes I use in this assignment which is able to edit the job advertisement data.
This is advertisement table file.
$result = mysql_query("SELECT * FROM advertisement");
<TABLE border ='1'>
<table style="width:100%">
<tr>
<th>Advertisement ID</th>
<th>Position</th>
<th>Start Date</th>
<th>End Date</th>
<th></th>
<th></th>
</tr>
<?php
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)){
echo "<TR>";
echo "<TD>".$row['Ad_ID']."</TD>";
echo "<TD>".$row['Position_Name']."</TD>";
echo "<TD>".$row['Start_date']."</TD>";
echo "<TD>".$row['End_date']."</TD>";
echo "<TD><a href='edit-advertisement.php?ad_id=".$row['Ad_ID']."'>Edit</a></TD>";
echo "<TD><a href='delete-advertisement.php?ad_id=".$row['Ad_ID']."'>Delete</a></TD>";
echo "</TR>";
}
?>
And this is edit-advertisement.php file.
$result = mysql_query("SELECT * FROM advertisement WHERE Ad_ID='".$_REQUEST['ad_id']."'");
$row = mysql_fetch_array($result, MYSQL_ASSOC);
<form name = 'edit-advertise-form' method = 'POST' action = 'confirm-edit-adv.php'>
<br >
<input type='hidden' name='ad_id' value='<?=$row['Ad_ID']?>'>
Advertisement ID : <?=$row['Ad_ID']?><br><br />
Position to be recruited : <input type = "Textbox" Name = "Pos_Name" value = '<?=$row['Position_Name']?>'><br><br>
Job Description: <br ><br /> <textarea name="Job_Des" rows="5" cols="40" value = '<?=$row['Ad_Job_Description']?>'> </textarea><br><br>
Job Qualification: <br ><br /> <textarea name="Job_Quali" rows="5" cols="40" value = '<?=$row['Ad_Job_Qualification']?>'> </textarea><br><br>
Skill required: <br ><br /> <textarea name="Skill_Req" rows="5" cols="40"value = '<?=$row['Ad_Skill_Required']?>'> </textarea><br><br>
Salary offer: <input type = "Textbox" Name = "Salary" value = '<?=$row['Position_Salary_Detail']?>'><br><br>
Start date :
<SELECT name='s_day'>
<?php
$i = 1 ;
while($i<=31) {
?>
<OPTION value = '<?php echo $i;?>' > <?php echo $i;?> </OPTION>
<?php $i++; }
?>
</SELECT>
<SELECT name='s_month' >
<?php
$month = array( 1=> JANUARY,FEBRUARY,MARCH,APRIL,MAY,JUNE,JULY,AUGUST,SEPTEMBER,OCTOBER,NOVEMBER,DECEMBER);
$i = 1;
foreach ($month as $m){
?>
<OPTION value = '<?php echo $i;?>' > <?php echo $m;?> </OPTION>
<?php
$i++;}
?>
</SELECT>
<SELECT name = 's_year'>
<?php
$curYear = getdate();
for($year = 2016 ; $year <= $curYear['year']; $year++){
?>
<OPTION value = '<?php echo $year;?>'> <?php echo $year;?> </OPTION>
<?php
}
?>
</SELECT>
End date -> Same as Start date
<input type = 'Submit' name = 'edit-adv' value = 'Update'><br><br>
<button onclick="goBack()">Back</button>
</form>
And finally the update function page
$ad_id = $_POST["ad_id"];
$pos_name = $_POST["Pos_Name"];
$job_des = $_POST["Job_Des"];
$job_qua = $_POST["Job_Quali"];
$skill_req = $_POST["Skill_Req"];
$salary = $_POST["Salary"];
$s_date = $_POST["s_year"].'/'.$_POST["s_month"].'/'.$_POST["s_day"];
$e_date = $_POST["e_year"].'/'.$_POST["e_month"].'/'.$_POST["e_day"];
$sql = ("UPDATE advertisement SET Position_Name = '".$pos_name."',
Ad_Job_Description = '".$job_des."', Ad_Job_Qualification =
'".$job_qua."', Ad_Skill_Required = '".$skill_req."',
Position_Salary_Detail = '".$salary."', Start_date = '".$s_date."',
End_date = '".$e_date."' WHERE Ad_ID = '".$ad_id."'");
Which I have no idea what is wrong in $sql line or what.
I tried to echo $sql and nothing is there so it means that no value in $sql right?
How to solve this problem?
Thank you in advance !!!
Ps. sorry for a long code post

in new version
Connection
$con = mysqli_connect(DB_HOST, DB_USER, DB_PASSWD);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysqli_select_db($con, DB_NAME) or die('Could not select database.' . mysql_error());
and then like this update your db table
$qr = mysqli_query($con, "UPDATE advertisement SET Position_Name= '$pos_name',Ad_Job_Description= '$job_des' WHERE Ad_ID= '$ad_id' ");

PHP mySQL select via html select

I'm trying to do a select from a table based on the post value of an HTML select box. I'm getting no results at all, I'm echoing out the post value no problem. The statement works on it's own but won't when I use the select form to populate it. This is just my test I will be adding other options to the dropdown box.
<?php
if(isset($_POST['value'])) {
if($_POST['value'] == 'Militaria') {
$query = "SELECT * FROM listings WHERE category1=Militaria";
}
else {
// query to get all records
$query = "SELECT * FROM listings";
}
}
$sql = mysql_query($query);
while ($row = mysql_fetch_array($query)){
echo 'Description:' . $row['description'];
}
mysql_close($con);
?>
Here is the html form I'm using, can anyone tell me where I'm going wrong, should I do it a different way etc, I'm new to php? Thanks!!
<form action='<?php echo $_SERVER['PHP_SELF']; ?>' method='post' name='form_filter' >
<select name="value">
<option value="all">All</option>
<option value="Militaria">Militaria</option>
</select>
<br />
<input type='submit' value = 'Filter'>
</form>

mysql_fetch_array() should receive resorce as a parameter. Try mysql_fetch_array($sql).

Quote around 'Militaria' and mysql_fetch_array($sql)
<?php
if(isset($_POST['value'])) {
if($_POST['value'] == 'Militaria') {
$query = "SELECT * FROM listings WHERE category1='Militaria'";
}
else {
// query to get all records
$query = "SELECT * FROM listings";
}
$sql = mysql_query($sql);
while ($row = mysql_fetch_array($sql)){
echo 'Description:' . $row['description'];
}
mysql_close($con);
}
?>
<form action='<?php echo $_SERVER['PHP_SELF']; ?>' method='post' name='form_filter' >
<select name="value">
<option value="all">All</option>
<option value="Militaria">Militaria</option>
</select>
<br />
<input type='submit' value = 'Filter'>
</form>

You have two mistakes in your php code.
1st : quote around Militaria. The query should be, $query = "SELECT * FROM listings WHERE category1='Militaria'";
2nd : mysql_fetch_array accepts executed query's result as parameter. It should be, $row = mysql_fetch_array($sql)
Final code:
<?php
if(isset($_POST['value'])) {
if($_POST['value'] == 'Militaria') {
$query = "SELECT * FROM listings WHERE category1 = 'Militaria'";
}
else {
// query to get all records
$query = "SELECT * FROM listings";
}
}
$sql = mysql_query($query);
while ($row = mysql_fetch_array($sql)){
echo 'Description:' . $row['description'];
}
mysql_close($con);
?>

Categories