This question already exists:
How can i edit the search and pagination because i don't want it to be echoed?
Closed 7 years ago.
I have this search with pagination, the search function is working fine and the pagination is also working fine but my real problem is that I don't know how to merge those two. Every time I try to search, the search result is showing but the pagination is not functioning normal. Please someone help me about this issue. I don't know where to start.
I have this code:
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("region_survey", $con);
$sql="SELECT * FROM municipality";
if(isset($_POST['search'])){
$search_term=mysql_real_escape_string($_POST['search_box']);
$sql .= " WHERE province_id LIKE '%{$search_term}%' ";
}
$query=mysql_query($sql) or die (mysql_error());
?>
<form name="search_form" method="POST" action="">
Search:<input type="text" name="search_box" value="" />
<input type="submit" name="search" value="search the table" />
</form>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
//Include the PS_Pagination class
include('ps.php');
//Connect to mysql db
$conn = mysql_connect('localhost','root','');
if(!$conn) die("Failed to connect to database!");
$status = mysql_select_db('region_survey', $conn);
if(!$status) die("Failed to select database!");
$sql = 'SELECT * FROM municipality';
//Create a PS_Pagination object
$pager = new PS_Pagination($conn, $sql, 15, 17);
//The paginate() function returns a mysql result set for the current page
$rs = $pager->paginate();
?>
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
//Count total number of records after search
mysql_select_db("region_survey", $con);
if(isset($_POST['search'])){
$search_term=mysql_real_escape_string($_POST['search_box']);
$sql="SELECT * FROM municipality WHERE province_id LIKE '%$search_term%'";
}
$result = mysql_query($sql, $con);
$row = mysql_num_rows($result);
echo "Total Number: ";
echo $row;
?>
<table border="1" cellpadding="0" cellspacing="0" id="resultTable">
<tr>
<th> <strong>ID</strong> </th>
<th> <strong>Province ID</strong> </th>
<th> <strong>Municipality Name</strong> </th>
</tr>
<?php
while($row = mysql_fetch_array($query))
{
?>
<tr>
<td> <?php echo $row["id"]; ?> </td>
<td> <?php echo $row["province_id"]; ?></td>
<td> <?php echo $row["municipality_name"]; ?></td>
<td><input name="selector[]" type="checkbox"
id="checkbox[]" value="<?php echo $row['id'];?>"></td>
<td>Edit </td>
</tr>
<?php
}
?>
</table>
<?php
//Display the navigation
//echo $pager->renderFullNav();
echo '<div style="text-align:center">'.$pager->renderFullNav().'</div>';
?>
</body>
</html>
Pages will have URL like example.com/search/term/?page=2 (or example.com/search.php?term=xyz&page=2, doesn't matter if you redirect URLs or not).
In PHP then will be something like:
$pagelimit = 10; // records per page
$page = isset($_GET['page']) ? (int)$_GET['page'] : 1; // set current page
And LIMIT with OFFSET in your SQL query:
$sql = "SELECT *
FROM municipality
WHERE province_id LIKE '%$search_term%'
LIMIT " . ($page - 1) * $pagelimit . ", " . $pagelimit;
Related
I am beginner to php.I want to select the department from the options and after the selection of the department, I want to display the roll no in the next drop down box belong to that department. Help me by providing some ideas related to my questions.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<title>Untitled Document</title>
</head>
<body>
<?php include('C:\wamp\www\fms\background.php'); ?>
<?php include('C:\wamp\www\fms\adminmenu.php'); ?>
<?php
if (isset($_POST['delete'])) {
$con = mysql_connect("localhost", "root", "");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
$cid = $_POST['cid'];
$sql = "DELETE from addpassenger WHERE rno='$rno'";
mysql_select_db('fms');
$retval = mysql_query($sql, $con);
if (!$retval) {
die('Could not delete data: ' . mysql_error());
}
echo "Deleted data successfully\n";
mysql_close($con);
} else {
?>
<p></p>
<p></p>
<p></p>
<p></p>
<center>
<form method="post">
<table width="344" border="0" cellspacing="1" cellpadding="2">
<tr>
<td>SELECT THE DEPARTMENT</td>
<td><?php
$con = mysql_connect("localhost", "root", "") or die(mysql_error());
$db = #mysql_select_db("fms", $con) or die(mysql_error());
$str = "select dept from addpassenger";
$res1 = #mysql_query($str);
echo '<select name="dept">';
echo '<option selected="----------"></option>';
while ($row = mysql_fetch_array($res1)) {
echo '<option value="' . $row['dept'] . '">' . $row['dept'] . '</option>';
}
echo '</select>';
?></td>
</tr>
<tr>
<td width="208">SELECT THE ROLL NO</td>
<td width="125">
<?php
$con = mysql_connect("localhost", "root", "") or die(mysql_error());
$db = #mysql_select_db("fms", $con) or die(mysql_error());
$str = "select rno from addpassenger ";
$res1 = #mysql_query($str);
echo '<select name="rno">';
echo '<option selected="----------"></option>';
while ($row = mysql_fetch_array($res1)) {
echo '<option value="' . $row['rno'] . '">' . $row['rno'] . '</option>';
}
echo '</select>';
?>
</select>
</td>
</tr>
<tr>
<td width="208"></td>
<td></td>
</tr>
<tr>
<td width="208"></td>
<td>
<input name="delete" type="submit" id="delete" value="Delete">
</td>
</tr>
</table>
</form>
</center>
<?php
}
?>
</body>
</html>
select rno from addpassenger
needs to have a where clause which selects based on previous selection
I'm having the problem to pull out data from my database through a search field. I'm trying to protect my searchfield against Sql injection at the same time. Adding data to my database is working fine, and I think i did fine safetywise. Yet, pulling the data out seems to be harder.
All i'm trying to achieve is getting all the data from the person. I'm looking for "Bart" in my search field, so show me all the data from all the Barts in my database.
This is my HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>title</title>
<link rel="stylesheet" href="style.css">
<link href='http://fonts.googleapis.com/css?family=Raleway:200' rel='stylesheet' type='text/css'>
<script src="script.js"></script>
</head>
<body>
<table class="table_form">
<form method="POST" action="test.php">
<tr>
<td>Voornaam: </td><td><input type="text" name="Voornaam"></td>
</tr>
<tr>
<td>Achternaam: </td><td><input type="text" name="Achternaam"></td>
</tr>
<tr>
<td>Adres: </td><td><input type="text" name="Adres"></td>
</tr>
<tr>
<td>Discipline: </td><td><input type="text" name="Discipline"></td>
</tr>
<tr>
<td>Graad: </td><td><input type="text" name="Graad"></td>
</tr>
<tr>
<td>Voeg toe aan databank: </td><td><input type="submit" name="Adddb" value="Bevestigen"></td>
</tr>
</form>
</table>
<table class="table_form">
<form method="POST" action="test.php">
<tr>
<td>Zoeken</td><td><input type="text" name="Voornaam" /></td>
</tr>
<tr>
<td>Bevestigen</td><td><input type="submit" name="zoeken" /></td>
</tr>
</form>
</table>
<div class="field">
<?php
require_once 'isset.php';
?>
</div>
</body>
</html>
This is the PHP
<?php
require_once 'login.php';
$db_con= new mysqli($db_host, $db_username, $db_password, $db_database);
$db_con->set_charset("utf8");
if($db_con->connect_error) die ("(" . $db_con->connect_error . " Error during connection");
if(isset($_POST['Adddb'])){
$stmt = $db_con->prepare("INSERT INTO customers (Voornaam, Achternaam, Adres, Actief, Discipline, graad) VALUES(?,?,?,NOW(),?,?)");
$stmt->bind_param("sssii",$voornaam, $achternaam, $adres, $discipline,$graad);
$voornaam = $_POST['Voornaam'];
$achternaam = $_POST['Achternaam'];
$adres = $_POST['Adres'];
$discipline = $_POST['Discipline'];
$graad = $_POST['Graad'];
$stmt->execute();
echo "New records created successfully";
$stmt->close();
$db_con->close();
}
if(isset($_POST['zoeken'])){
$stmte = $db_con->prepare="SELECT * FROM customers WHERE Voornaam = (?)";
$stmte->bind_param("s", $zoeknaam);
$zoeknaam = $_POST['Voornaam'];
$stmte->execute();
echo $zoeknaam;
}
?>
Am i wrong to think that i'm not fetching something? And that is the reason i'm not getting anything?
EDIT ------>
Edited version as suggested below: Errors are gone but no results show up:
<?php
require_once 'login.php';
$db_con= new mysqli($db_host, $db_username, $db_password, $db_database);
$db_con->set_charset("utf8");
if($db_con->connect_error) die ("(" . $db_con->connect_error . " Error during connection");
if(isset($_POST['zoeken'])){
$zoeknaam = $_POST['Zoek']; // declare the input here
$stmte = $db_con->prepare("SELECT * FROM customers WHERE Voornaam = ?");
$stmte->bind_param("s", $zoeknaam); // then use inside here
$stmte->execute();
$rows = $stmte->num_rows;
for($i=0; $i < $rows; $i++){
$row=mysqli_fetch_array($stmte, MYSQLI_ASSOC);
echo $row['Voornaam'] . '<br/>';
}
/*if($stmte->num_rows > 0) {
$results = $stmte->get_result();
while($row = $results->fetch_assoc()) {
echo $row['Achternaam'] . '<br/>';
// and other columns
}*/
}
?>
You should fetch the results properly by using ->get_result(). After that, you would be able to use ->fetch_assoc(). Example:
$zoeknaam = $_POST['Voornaam']; // declare the input here
$stmte = $db_con->prepare("SELECT * FROM customers WHERE Voornaam = ?");
$stmte->bind_param("s", $zoeknaam); // then use inside here
$stmte->execute();
if($stmte->num_rows > 0) {
$results = $stmte->get_result();
while($row = $results->fetch_assoc()) {
echo $row['Voornaam'] . '<br/>';
echo $row['Achternaam'] . '<br/>';
// and other columns
}
}
If unfortunately, you do not have mysqlnd in your environment (if ->get_result() turns out the be Call to undefined method). Here's another way:
$zoeknaam = $_POST['Voornaam'];
$stmte = $db_con->prepare("SELECT * FROM customers WHERE Voornaam = ?");
$stmte->bind_param("s", $zoeknaam);
$stmte->execute();
// get all columns
$meta = $stmte->result_metadata();
while ($field = $meta->fetch_field()) {
$params[] = &$row[$field->name];
}
call_user_func_array(array($stmte, 'bind_result'), $params);
while ($stmte->fetch()) {
echo $row['Voornaam'] . '<br/>';
echo $row['Achternaam'] . '<br/>';
}
I am stuck on creating a dropdown list that is connected to another php page. I have used a sql query to list the staffNames but i need them to have the value of staffID. I have connected the page task7.php (which has a query that displays purchase information of a given staffID), so once the user clicks on a name then clicks submit, that persons order information should be displayed.Currently I am able to view the drop down list, select a name, but when i click submit the table only has field names with an empty table. HERES MY CODE:
<?xml version="1.0" encoding="utf-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-
strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Prac 2 Task 9</title>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "twa291", ".......");
mysql_select_db("factory291", $conn)
or die ('Database not found ' . mysql_error() );
?>
<form method="get" action="task7.php">
<select name="list" id="list" size="12">
<?php
$sql = "SELECT staffID, staffName FROM staff";
$result = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
while ($row = mysql_fetch_array($result)){
$title=$row["staffName"];
$id=$row["staffID"];
echo "<option value= ".$id.">".$title."</option>";
}
?>
<input type="submit" value="Submit" method="get">
</select>
</form>
<?php
mysql_close($conn); ?>
</body>
</html>
HERE IS MY task7.php FILE:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Prac 2 Task 3</title>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "twa291", "......");
mysql_select_db("factory291", $conn)
or die ('Database not found ' . mysql_error() ); ?>
<?php
$staffid= $_GET["staffID"];
?>
<?php
$sql = "SELECT orderID, orderDate, orderDate, shippingDate, staffName FROM purchase,
staff
WHERE staff.staffID='$staffid'";
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
?>
<table border="1" summary="Staff Orders">
<tr>
<th>Order ID</th>
<th>Order Date</th>
<th>Shipping Date</th>
<th>Staff Name</th>
</tr>
<?php
while ($row = mysql_fetch_array($rs)) { ?>
<tr>
<td><?php echo $row["orderID"]?></td>
<td><?php echo $row["orderDate"]?></td>
<td><?php echo $row["shippingDate"]?></td>
<td><?php echo $row["staffName"]?></td>
</tr>
<?php }
mysql_close($conn); ?>
</table>
</body>
</html>
You have wrapped unwanted string with " "
<?php
$sql = "SELECT staffID, staffName FROM staff";
$result = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
while ($row = mysql_fetch_array($result))
{
$title=$row["staffName"];
$id=$row["staffID"];
echo "<option value= '.$id.'>".$title."</option>";
}
?>
?php
$staffid= $_GET["list"];
?>
<?php
$sql = "SELECT orderID, orderDate, orderDate, shippingDate, staffName FROM purchase,
staff
WHERE staff.staffID='$staffid'";
?>
So I'm currently working with a form where the admin can select multiple users from the database via a tickbox system, then change the welcome message or general message to a client when they log in:
<?php
session_start();
include_once("isadmin.php");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Update Client Message</title>
<link href="loginmodule.css" rel="stylesheet" type="text/css" />
</head>
<body>
<?php
if( isset($_SESSION['ERRMSG_ARR']) && is_array($_SESSION['ERRMSG_ARR']) && count($_SESSION['ERRMSG_ARR']) >0 ) {
echo '<ul class="err">';
foreach($_SESSION['ERRMSG_ARR'] as $msg) {
echo '<li>',$msg,'</li>';
}
echo '</ul>';
unset($_SESSION['ERRMSG_ARR']);
}
?>
<form id="updateform" name="updateform" method="post" action="updateexec.php">
<table width="500" border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<th width="200">Select User</th>
<td>
<?php
require_once('config.php');
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
$useruploadids = mysql_query("SELECT member_id, firstname, lastname FROM members");
while ($row = mysql_fetch_assoc($useruploadids)) {
$userid = $row['member_id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
?>
<input type="checkbox" name="userid_<?php echo $userid ?>" value="y" /><?php echo $firstname ?><?php echo $lastname ?><br />
<?php } ?>
</td>
</tr>
<tr>
<th>Message For Client </th>
<td>
<textarea input name="otherdeets" type="textarea" class="textfield" id="otherdeets" style="width: 356px; height: 176px">
</textarea>
</td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="Submit" value="Update" /></td>
</tr>
</table>
</form>
</body>
</html>
So this is the form, and it works fine, it calls all users from the database and displays them in tickbox fasion.
I can only assume my issue is in the exec script:
<?php
echo( "<pre>" );
print_r( $_POST );
echo( "</pre>" );
include ("config.php");
$tbl_name="members";
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
//This gets all the other information from the form
$update = $_POST['otherdeets'];
$id = $_POST['userid'];
// Cycle through each member and check that it needs to be added to the db
$useruploadids = mysql_query( "SELECT member_id FROM members" );
while ($row = mysql_fetch_assoc($useruploadids))
{
// Check that the member was sent from the last form
if( isset( $_POST['userid_'.$row['member_id']] ) && $_POST['userid_'.$row['member_id']] == "y" )
{
// update data in mysql database
$sql="UPDATE $tbl_name SET otherdeets='$update' WHERE id='$id'";
$result=mysql_query($sql);
}
}
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='admin-welcome.php'>Admin Home</a>";
}
else {
echo "ERROR";
}
?>
When I run the script it simply says:
Array
(
[userid_1] => y
[otherdeets] => Blah Blah
[Submit] => Update
)
ERROR
Any idea what is wrong? Knowing my luck it would probabaly be a spelling mistake
Thank you
Hey your query is wrong there should be where condition with appropriate column name i.e. "member_id"
And one more thing
you are fetching the $id = $_POST['userid']; which is an error as there is no value exist with that key
rather you do in the if condition before doing the update query, i.e.
$id = $POST['userid'.$row['member_id']];
Still in the learning process of mysql and php. I have a mysql database with 1 table. I simply want a search box that the user can input a company name (Best Buy for example) and then it will output a list of the products bought at Best Buy with price and all that stuff from the database. EDIT: The ERROR im receiving is "Query failed: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Resource id #3' at line 1
Resource id #3 "
<html>
<head>
<title>Search the Database</title>
</head>
<body>
<form action="index.php" method="post">
Search: <input type="text" name="vendor" /><br />
<input type="submit" name="submit" value="Submit" />
</form>
</body>
</html>
<?php
$mysql_host = 'localhost';
$mysql_user = 'user_name';
$mysql_pass = '12345';
$Name = "user_db";
$Table = "table1";
mysql_connect ($mysql_host, $mysql_user, $mysql_pass, $Name) or die ('Error connecting to mysql');
mysql_select_db("$Name") or die ("unable to select DB");
echo $_POST['vendor'];
$vendor2 = $_POST['vendor'];
$sqlquery = mysql_query("Select * From $Table WHERE `purchases`.`vendorname` LIKE '%$vendor2%';");
$result = mysql_query($sqlquery) or die('Query failed: ' . mysql_error() . "<br />\n$sqlquery"); ;
$number = mysql_num_rows($result);
?>
<table cellspacing=0 cellpadding=4 border=1>
<tr>
<th>Vendor</th>
<th>Product</th>
<th>DateOrdered</th>
<th>Cost</th>
</tr>
<?php
for($counter = 0; $counter < mysql_num_rows($result); $counter++) {
?>
<tr>
<td><?php echo mysql_result($result,$counter,"vendorname")?></td>
<td><?php echo mysql_result($result,$counter,"product")?></td>
<td><?php echo mysql_result($result,$counter,"date")?> </td>
<td><?php echo mysql_result($result,$counter,"price1")?> </td>
</tr>
<?php
}
?>
</table>
<?php
?>