This question already exists:
php pdo search column array
Closed 8 years ago.
table name - animationmaster
column - animationdate ,type= varchar
column - animationno ,type= varchar
Data present in each column are like below..
animationno = 300,301
animationdate = 300 - 23-03-2015,301- 23-04-2015
When user search 300 then it display output 300-23-03-2015 from animationdate
When user search 301 then it display output 301-23-04-2015 from animationdate.
I have no idea is this possible..or not...and if yes...i really no guesses how to achieve this...thanks for any help...to find solution
plz help to get solution for this..array search
<?php
$q = $_GET['q'];
$city = $database->getRows("SELECT animationdate FROM animationmaster WHERE animationno = :animationno ", array(':animationno '=>"$q"));
$info = array();
foreach($city as $row)
{
$generat = $row['animationdate'];
$info[] = array('date' =>$generat);
}
echo json_encode($info);
?>
Try this for a database SELECT query based on user input using PDO:
<?php
$database= new PDO( "connection string goes here" );
$q = $_GET['q'];
$query=$database->prepare("SELECT animationdate FROM animationmaster WHERE animationno = :animationno");
$query->bindParam(':animationno', $q);
$query->execute();
$result = $query -> fetch();
echo json_encode($result);
?>
Related
How can i add something like this to my quizzer page indicator I've been searching and trying for a couple of days i couldn't figure this out.
total question
<?php
//total question
$db = new db;
$link = $db->dbconnect();
$iauid = $_SESSION["uid"];
$qizid = $_SESSION["qizid"];
$qry = "SELECT COUNT qcatid FROM AS total FROM tbcat";
$result = mysqli_query($link, $qry) or die (mysqli_error($link));
$row = mysqli_fetch_array($result);
echo $row['total'];
?>
<label id="numberIndicator">1</label>
<?php
page indicator
<script type="text/javascript">
//page indicator
function add() {
var quantity_temp = document.getElementById("numberIndicator").innerText;
var quantity_int = parseInt(quantity_temp, 10) + 1;
document.getElementById("numberIndicator").innerHTML = quantity_int.toString();
}
</script>
it should be like this
First of all, your query looks wrong:
$qry = "SELECT COUNT qcatid FROM AS total FROM tbcat";
Should be more like this (since COUNT is a function)
$qry = "SELECT COUNT(qcatid) total FROM tbcat";
Well, the simplest way starting from the code you posted would be something like this (in your PHP):
Question <label id="currentPageIndicator"><?=$currentPage?></label> of <label id="totalPageIndicator"><?=$row['total']?></label>
Where $currentPage would be assigned a default of 1 and would either be stored in session or would be calculated by current row selection from your query that fetches data or something in that direction.
I am having a problem in fetching records from database using php.But When I simply execute the following query into phpmyadmin sqls o it works but when I try to excute using php then its dipslaying error like this:
"undefined index experience.start"
$experience = "SELECT
experience.start,
experience.finish,
experience.isActive,
experience.title,
experience.nameOfOrgnization,
experienceprofessionnelle.organismeLogoURL,
description.details
FROM experience,description WHERE experience.ID_EP = description.ID_Description";
$result = $connection->query($experience);
while($row=$result->fetch_assoc()){
echo $row["experience.start"];
}
Try This
$experience = "SELECT
experience.start,
experience.finish,
experience.isActive,
experience.title,
experience.nameOfOrgnization,
experienceprofessionnelle.organismeLogoURL,
description.details
FROM experience,description WHERE experience.ID_EP = description.ID_Description";
$result = $connection->query($experience);
while($row=$result->mysqli_fetch_array()){
echo $row["experience.start"];
}
OR
$experience = "SELECT
experience.start,
experience.finish,
experience.isActive,
experience.title,
experience.nameOfOrgnization,
experienceprofessionnelle.organismeLogoURL,
description.details
FROM experience,description WHERE experience.ID_EP = description.ID_Description";
$result = $connection->query($experience);
while($row=$result->fetch_assoc()){
echo $row["start"];
}
you should use $row["start"] instant of $row["experiene.start"] as MYSQL return column name not a table.column name
This question already has answers here:
Reference - What does this error mean in PHP?
(38 answers)
mysqli_query() expects at least 2 parameters, 1 given in? [duplicate]
(3 answers)
Closed 4 years ago.
I wanted to create a search bar, Final.php is a display page for every event the user has inputted into the database but I want to add a search bar to query the list to find the result they want faster (the event names and four scores for each team). I don't understand where I have gone wrong, I hope someone can help.
<?php
$con = mysqli_connect("localhost", "id5052875_signuplogin", "Meganruby2") or die("cannot connect");
mysqli_select_db($con, "id5052875_signuplogin") or die ("couldnt connect");
$output = '';
//collect
if (isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
print("$searchq");
$query = mysqli_query($con, "SELECT * FROM event WHERE event name LIKE '%$searchq%'") or die("could not search");
$count = mysqli_num_rows($query);
echo($searchq);
if($count == 0 ) {
$output = 'There was no search';
}else {
while($row = mysqli_fetch_array($query)) {
$event = $row['event name'];
$num1 = $row['Score1'];
$num2 = $row['Score2'];
$num3 = $row['Score3'];
$num4 = $row['Score4'];
$output .= '<div> '.$event.' '.$num1.' '.$num2.' '.$num3.' '.$num4.'</div>';
}
}
}
?>
<form action="Final.php" method="post">
<input type = "text" name = "search" placeholder = "search for event.."/>
<input type = "submit" value = "search"/>
</form>
Your first condition, change
if ( isset( $_POST['event'] ) ) { to if ( isset( $_POST['search'] ) ) {
and
$searchq = $_POST['search']; to $searchq = $_POST['search'];
The name of the search text input is 'search', but for some reason, you are looking for event.
Also, please not that you are taking direct user input and inserting it into a DB query. Please be careful of SQL injection. This is a common question to check and learn more about preventing it.
The SQL's request give three results in PHPMyAdmin and in my code give only one result.
The SQL request must extract three lessons (id,title,year) of school and the PHP script must show all lessons with a link in another page.
Could you help me please ?
Thanks in advance
<?php
$requete_cours="SELECT ID_COURS, COURS.SIGLE, ANNEE FROM COURS, MODULE WHERE COURS.ID_MODULE = MODULE.ID_MODULE AND ID_PERSONNE = $userid";
//echo $requete_cours;
$res = mysqli_query($cxn, $requete_cours);
echo (mysqli_error ($cxn));
$tabLine = array();
while($ligne = mysqli_fetch_array($res)){
echo '<a href="professeur_absences.php?classe=\''.$ligne['ANNEE'].'\'cours=\''.$ligne['SIGLE'].'\'>';
echo $ligne['ANNEE'].' - '.$ligne['SIGLE'].'</a> <br/>';
//$tabLien[$ligne['ID_COURS']] = $ligne['ANNEE'];
}
//var_dump($tabLien);
$_SESSION['tabLien'] = $tabLien;
?
>
i am trying to display data based on wether data in a field is new. instead of showing only the data that is new it is showing all data. can someone point out my error. many thanks
<?php
include("../../js/JSON.php");
$json = new Services_JSON();
// Connect to MySQL database
mysql_connect('localhost', 'root', '');
mysql_select_db(sample);
$page = 1; // The current page
$sortname = 'id'; // Sort column
$sortorder = 'asc'; // Sort order
$qtype = ''; // Search column
$query = ''; // Search string
$new = 1;
// Get posted data
if (isset($_POST['page'])) {
$page = mysql_real_escape_string($_POST['page']);
}
if (isset($_POST['sortname'])) {
$sortname = mysql_real_escape_string($_POST['sortname']);
}
if (isset($_POST['sortorder'])) {
$sortorder = mysql_real_escape_string($_POST['sortorder']);
}
if (isset($_POST['qtype'])) {
$qtype = mysql_real_escape_string($_POST['qtype']);
}
if (isset($_POST['query'])) {
$query = mysql_real_escape_string($_POST['query']);
}
if (isset($_POST['rp'])) {
$rp = mysql_real_escape_string($_POST['rp']);
}
// Setup sort and search SQL using posted data
$sortSql = "order by $sortname $sortorder";
$searchSql = ($qtype != '' && $query != '') ? "where ".$qtype." LIKE '%".$query."%' AND new = 1" : '';
// Get total count of records
$sql = "select count(*)
from act
$searchSql";
$result = mysql_query($sql);
$row = mysql_fetch_array($result);
$total = $row[0];
// Setup paging SQL
$pageStart = ($page -1)*$rp;
$limitSql = "limit $pageStart, $rp";
// Return JSON data
$data = array();
$data['page'] = $page;
$data['total'] = $total;
$data['rows'] = array();
$sql = "select *
from act
$searchSql
$sortSql
$limitSql";
$results = mysql_query($sql);
while ($row = mysql_fetch_assoc($results)) {
$data['rows'][] = array(
'id' => $row['id'],
'cell' => array($row['id'], $row['slot'], $row['service'], $row['activity'], $row['department'], $row['company'], $row['address'], $row['user'], $row['item'], $row['filebox'], date('d/m/Y',strtotime($row['date'])), $row['quantity'], $row['type'], $row['new'])
);
}
echo $json->encode($data);
?>
You should debug SQL by looking at the SQL query, not at the PHP code that produces the SQL query. If you echo $sql and look at it, you'll probably see any syntax errors much more easily.
You can also copy & paste that SQL and try to execute it in the MySQL command tool, and see what happens, whether it gives the result you want, you can profile it or use EXPLAIN, etc.
You're using mysql_real_escape_string() for integers, column names, and SQL keywords (ASC, DESC). That escape function is for escaping only string literals or date literals. It's useless for escaping unquoted integers, column names, SQL keywords, or any other SQL syntax.
For integers, use (int) to typecast inputs to an integer.
For column names or SQL keywords, use a whitelist map -- see example in my presentation http://www.slideshare.net/billkarwin/sql-injection-myths-and-fallacies
You're not testing for error statuses returned by any of your functions. Most functions in ext/mysql return false if some error occurs. You should check for that after every call to a mysql function, and report errors if they occur.
You're selecting a database using a constant name sample instead of a quoted string "sample". This might be intentional on your part, I'm just noting it.
Also, this is not related to your errors, but you should really upgrade to PHP 5. PHP 4 has been end-of-lifed for over two years now.
after looking at the code again and all the suggestions i think i should be using an AND clause and not WHERE. for example the code
$searchSql = ($qtype != '' && $query != '') ? "where ".$qtype." LIKE '%".$query."%' AND new = 1" : '';
this is the WHERE clause? which basically translates to:
$sql = "select *
from act
$searchSql
$sortSql
$limitSql"; <- original code
$sql = "select *
from act
WHERE company LIKE '%demo%' AND new = 1
$sortSql
$limitSql";<-updated code
am i on the right track?