I want to make a table with all chat messages that have been send to the server.
I got the table working but now i want to get when i click a user name like 'demo' it shows all chat messages that have been send by 'demo'
Im using this table: http://almsaeedstudio.com/AdminLTE/pages/tables/data.html
How do i get when i click like the username 'demo' a bootstrap alert box pops up with all the by user send messages appear? I mean like 'USERNAME GET FROM TABLE SHOUTS SHOUT_NAME=DEMO' and it shows all messages.
How do i do that?
Disabled form fields do NOT submit with the rest of the form:
<textarea name="shout_name" class="form-control" disabled><?php echo etc...
^^^^^^^^^^
You don't show how/where you define $shout and $shout_name, but most likely you're not validating the form input at all, and are almost certainly vulnerable to sql injection attacks.
You haven't defined the variable for $shout_name, only for:
$shout = mysqli_real_escape_string($dbc, $_POST['shout']);
where you may have meant to use or meant to add it:
$shout_name = mysqli_real_escape_string($dbc, $_POST['shout_name']);
in relation to (null, '$shout', NOW(), '$shout_name')
which is why after adding error reporting (as stated in comments between you and I), have received an undefined variable warning.
Also make sure you have initialized the session with session_start(); since you are using sessions.
Try printing $shout_name. Maybe your $_POST is incorrect.
You seem to be grabbing $_POST['shout'] into your $shout variable, but then using a $shout_name variable for the insert. Try:
$shout_name = mysqli_real_escape_string($dbc, $_POST['shout']);
Try this field with a standard post. Turn it into an input and see if it works. It could be a number of things. However try and get something in the database and build on that. If you can't get a standard one in you know there there is a problem elsewhere with your code.
Related
I am trying to register a button click on my website using PHP.The click downloads a file to client's machine. Database connection was tested before and it works fine. I just need to register that click into DB. Here is my code, could you guide me through?
echo '<div id="fdbox1"><h2>Details</h2><p> Download full details in PDF format ('.$file_size.')</p></div>';
if(isset($_GET['dl']))
{
$server = "xx.xxx.xx.xxx";
$dbusername = "xxxx";
$dbpassword = "xxxx";
$database = "xxxx";
$dbcon = new mysqli($server,$dbusername,$dbpassword, $database);
$userid = $_SESSION['suserid'];
$date_downloaded = date('Y-m-d H:i:s');
$sql = "INSERT INTO external_activity (
userid,
saleid,
activity,
date_register,
) VALUES (
'".$userid."',
'".$ref_no."',
'".'Downloaded file'."',
'".$date_downloaded."'
)";
$dbcon->query($sql);
$dbcon->close();
}
If using jquery is an option, you could create a "register_click.php", paste the if(isset($_GET['dl'])) stuff inside and call it via ajax using an onclick listener that you will have to create and bind to the anchor.
You could do it with POST data instead of GET.
$i = 0;
if $_POST['submit'] {
$i++;
$number_of_times_clicked = $number_of_times_clicked_stored_into_database + $i;
}
After that restore the new value back into the database. If you really want the onclick you need javascript. PHP is unable to check when a button is clicked, since the code only works once when the page is loaded.
This is too long for a comment.
The & in your code might give you some problems, I said "might". If so, then consider changing those to & (ampersands).
Should it be the case, then you could change:
echo '<div id="fdbox1"><h2>Details</h2><p> Download full details in PDF format ('.$file_size.')</p></div>';
to:
echo '<div id="fdbox1"><h2>Details</h2><p> Download full details in PDF format ('.$file_size.')</p></div>';
Then you will need to check and see if each GET array is is set/not empty with isset() and !empty().
References:
http://php.net/manual/en/function.isset.php
http://php.net/manual/en/function.empty.php
I only see if(isset($_GET['dl'])) as a single array, so it's unsure as to how you're wanting to fetch the other GET arrays in your URL and if you did set those.
Your present code (if it's the full code), will throw a few notices about certain variables not being defined.
For example, the if(isset($_GET['dl'])) and using the other GET arrays, would look like this:
if( isset($_GET['f']) && !empty($_GET['l']) && !empty($_GET['dl']) ){
// do something inside here
}
You also need to make sure that the session was indeed started with session_start(); and to be included inside all files using sessions.
Reference:
http://php.net/manual/en/function.session-start.php
This is usually the first line under the opening PHP tag.
<?php
session_start();
// rest of your code
The $userid = $_SESSION['suserid']; needs to have a value/equal something, so that is unknown as to whether or not there is indeed a value for it.
Error reporting will be of help here for you, as will checking for errors against your query.
References:
http://php.net/manual/en/function.error-reporting.php
http://php.net/manual/en/mysqli.error.php
You also have a trailing comma in date_register, < and that needs to be removed, as I already stated in comments.
That alone would have thrown a syntax error.
The use of '".'Downloaded file'."' is unclear. If you just want to insert the Downloaded file as a string, then you can just place it inside single quotes 'Downloaded file' and do:
$sql = "INSERT INTO external_activity (
userid,
saleid,
activity,
date_register
) VALUES (
'".$userid."',
'".$ref_no."',
'Downloaded file',
'".$date_downloaded."'
)";
Make sure that the date_register column type is DATE and not VARCHAR or other format. Although VARCHAR would not throw an error, it's best to use MySQL's built-in dating functions; that column's type is unknown.
Now, make sure that the userid column is not an AUTO_INCREMENT'ed column, otherwise your code will fail.
If the ultimate goal here is to "UPDATE" that userid column, then use just that, UPDATE:
http://dev.mysql.com/doc/refman/5.7/en/update.html
You also need to make sure that all columns' types are correct and have a length long enough to accomodate the incoming data and that there are no characters that MySQL will complain about, such as apostrophes.
Escaping those with a prepared statement will ensure that it doesn't throw/cause a syntax error and is something you should be using in order to help prevent against an SQL injection and you are open to one right now.
References:
https://en.wikipedia.org/wiki/Prepared_statement
https://en.wikipedia.org/wiki/SQL_injection
This is the best way that I can offer for the question, given the information left in the question.
Again; check for errors. That is one of the most important things that needs to be done during the development of your code.
How do you set a $GET variable?
Hi i have done this before, but my method is a bit hit and miss so i was wondering what is the correct way to do this.
My url is:
Franchise-Details.php?Franchise=Enfield/status=Driver
And i want to set the Franchise name and staff status as a variable as i will be using them continuously throughout my webpage.
This is what i have done:
$admin_status = mysqli_real_escape_string($dbc,$_GET['status']);
$fr_Area = mysqli_real_escape_string($dbc, $_GET['Franchise']);
But it does not work. No error messages, just shows nothing if i try to apply it, for example echo $fr_area;. If i change the get to session it works. But i want to use get.
I have also tried:
if (isset($_GET['status'])){
$admin_status = mysqli_real_escape_string($dbc,$_GET['status']);
}
if (isset($_GET['Franchise'])){
$admin_status = mysqli_real_escape_string($dbc,$_GET['Franchise']);
}
How can i improve this
I am trying to retrieve user inputs from a previous page using the URL. I have the following code on the previous page which sends the username and account status via the URL.
header("location: pagename.php?user=$username&status=$status");
On 'pagename.php' I have the following code which stores the values in local variables and echos them for my benefit.
if(isset($_GET['user'], $_GET['status'])){
$user = mysqli_real_escape_string($con, $_GET['user']);
$status = mysqli_real_escape_string($con, $_GET['status']);
echo $user.' - '. $status;
}
While, elswhere, this method works perfectly for retrieving 5 values form the URL, on this occasion I am failing to retrieve the status and it echoes the following 'username - ' You can see an image of the output for better understanding. I would much appreciate your assistance in helping me retrieve the status from the URL using PHP.
http://www.awesomescreenshot.com/image/378892/c50c452d8597f2ac29970a6a21bfcc62
Having tried var_dump($_GET) I get the following result:
I just realised that the issue lied with the naming of the variable $status, which incidentally happened to be the same name used in my login session and because I was not logged in it did not get the account status. I fixed the issue by simply renaming the variable.
Let's say I have sugarcrm cases where I know what the case id and or number is.
I want to use email to sms to send to the techs what their work is. So, the link that needs to be sent must have the id and number in it. I want to send them to a simple PHP page that just has a dropdown menu with the two options accept and complete.
so if they receive the sms, they click on the link, it takes them to the page where they click on dropdown to accept the case.
Updating from the PHP is easy: it's just an update my sql query. I need to know how to send header or info in the link that the tech receives.
something like http://tech.com/caseupdate.php?case_number?case_id
so I can use that case number/id when updating
You need something like this:
Each variable in the query string should be separated by an & as +War10ck said
i.e:
http://tech.com/caseupdate.php?case_number=[num]&case_id=[id]
Then in your PHP you can get those variables using $_GET[].
<?php
if(isset($_GET['case_number']) && isset($_GET['case_id'])) {
$casen = (int) $_GET['case_number']; // assuming you need an Int value
$caseid = (int) $_GET['case_id'];
/* do your MySQL thing here now with $casen and $caseid */
}
?>
Dont know if this is right but got it working by doing the following
<input type="hidden" name="casen" value=<?php echo $casen;?>>
Thank you all for your help.
This si an excellent site for newbis to learn and get help in a direction to solve issues.
I need something simple; I have page where a user clicks an author to see the books associated with that author. On my page displaying the list of books for the author, I want a simple HTML title saying: 'The books for: AUTHORNAME'
I can get the page to display author ID but not the name. When the user clicks the link in the previous page of the author, it looks likes this:
<?php echo $row['authorname']?>
And then on the 'viewauthorbooks.php?author_id=23' I have declared this at the start:
$author_id = $_GET['author_id'];
$authorname = $_GET['authorname'];
And finally, 'The books for: AUTHORNAME, where it says AUTHORNAME, I have this:
echo $authorname
(With PHP tags, buts its not letting me put them in!) And this doesnt show anything, however if I change it to author_id, it displays the correct author ID that has been clicked, but its not exactly user friendly!! Can anyone help me out!
You could pull the author_id from the query string as you did using $_GET but beware you will need to validate what is coming through by the query. I hope you can see that without validation how bad of a security hole this is.
I am at work at the moment, but this is a quick example that should give you what you need without sanitizing your query.
$id = intval($_GET['author_id']);
// of course, perform more validation checks
// just don't assume its safe.
$sql = "SELECT authorname FROM authors_tb WHERE author_id=" . $id;
$result = mysql_query($sql);
while($row = mysql_fetch_array($result)) {
echo "The books for: " . $row['authorname'];
}
The reason why your approach wasn't working was because you utilize the $_GET URL parameter passing for author_name where you weren't supplying the parameters in the URL, just the author_id.
You don't send it in the query string, thus you can't get it from the $_GET array.
Just request it from the database using id.
An important note: Always use htmlspacialchars() when you display the data, coming from the client side.
This is because you do not define the author name in your get.
You should make the following your url:
<?php echo $row['authorname']?>
Or rather select the data from the database again, on the new page, using the ID you retrieved from the URI.
Author name won't be in $_GET. As your code stands, you only use it as the link title. It is no where in the address. Try this instead:
<?php echo $row['authorname']?>
It would be better to re-request it from the database using the author_id though.
EDIT:
To explain the problem in more detail. You have two pages, the new.php page and the viewauthorbooks.php page. You're sending users from the new page to the view page using the link you posted, right?
The problem with that is, your link assigns one variable in get. Here's the query string it would generate:
viewauthorbooks.php?author_id=13
What that will do is send the user to viewauthorbooks and place the value '13' in the $_GET variable: $_GET['author_id']. That is why the author_id is there and displays on viewauthorbooks. However, authorname is never passed to viewauthorbooks, it isn't in $_GET['authorname'] because you never set $_GET['authorname']. If you want it to be in $_GET, then you need your query string to look like this:
viewauthorbooks.php?author_id=13&authorname=bob
You can accomplish that using the new HTML code for the link I posted above. Look at it closely, there's a key difference from the one you have now.
However, it is generally discouraged to pass data through GET, because the query string is displayed to the user and it leaves you open to injection attacks. A better way to do this would be to use the author_id you are already passing to viewauthorbooks.php to retrieve the authorname from the database again. You can use the same code you used on the new.php page.