I have a database and I want the user to be able to have an input into what comes out. i.e
Select from Table where example = user input from box **(input by the user)**
Im guessing what I need is a variable to hold the value that then goes into the statement. I know how to get the value from the input box with script but can I use it like:
select * From handover WHERE hdate = variable. However I am guessing someone is going to talk to me about security if its even possible.
<html><body>
<input>User input</input> //That needs to go into statement
<?php
include 'config.php';
$result = mysqli_query($con,"SELECT * FROM handover WHERE hdate = **user input**;");
echo "<table border='1'>
<tr>
<th>hdate</th>
<th>Delay</th>
<th>Health and Safety</th>
<th>Non Vsa</th>
<th>VSA</th>
<th>Dar</th>
<th>Other</th>
<th>Hour</th>
</tr>";
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['hdate'] . "</td>";
echo "<td>" . $row['hdelay'] . "</td>";
echo "<td>" . $row['hs'] . "</td>";
echo "<td>" . $row['nv'] . "</td>";
echo "<td>" . $row['vsa'] . "</td>";
echo "<td>" . $row['dar'] . "</td>";
echo "<td>" . $row['other'] . "</td>";
echo "<td>" . $row['hour'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
Any help is welcome and advice on the best language to use for this.
Kind Regards
Fintan
first of all, this question has nothing to do with javascript & ajax. so you can delete those tags.
you want to show/search data from mysql.
$result = mysqli_query($con,"SELECT * FROM handover WHERE hdate = '".$_POST['abc']."' ");
this is when you want to check if hdate column have exact data as user input ( $_POST['abc'] ).
and also don't forget to use mysqli_real_escape_string
you can learn common mysql pattern queries from here: http://dev.mysql.com/doc/refman/5.0/en/pattern-matching.html
Related
I am fairly new to working with PHP and WordPress. I tried exploring how to escape and sanitize, and I got a little confused along the way.
I'd like to echo out the contents of an entire table from the database. I am unsure whether there is a better way of both creating a table in a more structured way, and I can't figure out how to escape the data when I don't select specific data from the database. Maybe i'm just confused. Any help or pointers is highly appreciated.
I found the code somewhere on Stack Overflow, edited a little and tried to understand it. I understand it now, but I am still confused on where to go from here.
<?php
$results = $wpdb->get_results( "SELECT * FROM user"); // Query to fetch data from database table and storing in $results
if(!empty($results)) // Checking if $results have some values or not
{
echo "<table width='100%' border='0' id='userTable'>"; // Adding <table> and <tbody> tag outside foreach loop so that it wont create again and again
echo "<tbody>";
echo "<tr>"; // Adding rows of table inside foreach loop
echo "<th>E-mail</th>" . "<th>Fornavn</th>" . "<th>Efternavn</th>" . "<th>Registreret den</th>";
echo "</tr>";
foreach($results as $row){ //putting the user_ip field value in variable to use it later in update query
echo "<td colspan='3'><hr size='2'></td>";
echo "<tr>";
echo "<td>" . esc_attr($row->email) . "</td>" . "<td>" . $row->firstname . "</td>" . "<td>" . $row->lastname . "</td>" . "<td>" . $row->signuptime . "</td>"; //fetching data from user_ip field
}
echo "</tbody>";
echo "</table>";
}
?>
This part...
foreach($results as $row){
//putting the user_ip field value in variable to use it later in update query
echo "<td colspan='3'><hr size='2'></td>";
echo "<tr>";
echo "<td>" . esc_attr($row->email) . "</td>" . "<td>" . $row->firstname . "</td>"
. "<td>" . $row->lastname . "</td>" . "<td>" . $row->signuptime . "</td>";
//fetching data from user_ip field
}
...would product html like
{3 columns}{content}{3 columns end}{row start}
{column start}{content}{column end} * 4
{3 columns}{row start}
{column start}{content}{column end} * 4
{3 columns}{row start}
{column start}{content}{column end} * 4
etc
What you want in your loop is probably:
{row start}{4 columns}{content}{4 columns end}{row end}
{row start}{column start}{content}{column end} * 4{row end}
which would look like this:
foreach($results as $row){
//putting the user_ip field value in variable to use it later in update query
echo "<tr><td colspan='4'><hr size='2'></td></tr>";
echo "<tr><td>" . esc_attr($row->email) . "</td>" . "<td>" . $row->firstname . "
</td><td>" . $row->lastname . "</td>" . "<td>" . $row->signuptime . "</td></tr>";
//fetching data from user_ip field
}
In your SQL-statement on your first row: SELECT * FROM user , all fields are returned into the $results array of objects. If you want to specify which fields are returned you simply include them instead of the *, e.g. SELECT id, email, firstname, lastname FROM user
I have been looking all over to find out why this is happening, but to no avail. I have a 2-step process to update specific rows (to approve timesheets) in a mySQL database based off what checkboxes are checked. In the first screen, the user checks whichever checkboxes associated with the timesheet she or he wants to update. On the next screen, I display the rows associated with those checkboxes, a confirmation page - if you will. On this confirmation page, I successfully set and echo out an array that is simply a copy of the $_POST checkbox array, called 'approvebox'. Despite this, I seemingly cannot use this array anywhere outside of the "if($_POST)" block that it is created in.
Here is the code associated with creating the first page, where the user must check the checkboxes for each timesheet she/he wishes to approve:
if($_POST['submit']){
...
...
while ($row = mysqli_fetch_assoc($tblresults)){
echo "<tr>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['timesheetsid'] . "</td>";
echo "<td>" . $row['unixstamp'] . "</td>";
echo "<td>" . $row['total_hours'] . "</td>";
echo "<td>" . $row['coordinatorid'] . "</td>";
echo "<td>" . $row['status'] . "</td>";
echo "<td>(<a href='./currenttimesheets.php?timesheetsid=" . $row['timesheetsid'] . "'>View</a>)</td>";
echo "<td>       <input type='checkbox' name='approvebox[{$row['timesheetsid']}]' value='{$row['timesheetsid']}' /></td>";
echo "</tr>";
}
Here is the code in which I successfully set and echo the array that is a copy of the $_POST approvebox array. Also worth noting that I actually use the approvebox array from the if($_POST['submit']) block in a foreach loop to populate the resulting rows the user selected from the prior screen:
if($_POST['appove']){
...
...
foreach ($_POST['approvebox'] as $approvebox){
...
...
while($row = mysqli_fetch_assoc($tblresults)){
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['timesheetsid'] . "</td>";
echo "<td>" . $row['unixstamp'] . "</td>";
echo "<td>" . $row['total_hours'] . "</td>";
echo "<td>" . $row['coordinatorid'] . "</td>";
echo "<td>" . $row['status'] . "</td>";
echo "<td>(<a href='./currenttimesheets.php?timesheetsid=" . $row['timesheetsid'] . "'>View</a>)</td>";
echo "</tr>";
}
}
echo "</table>";
print_r($_POST);
$selectedtimesheets = array();
$selectedtimesheets2 = array_merge($selectedtimesheets, $_POST['approvebox']);
//$selectedtimesheets2 is successfully set to the $_POST array here
print_r($selectedtimesheets2);
Finally, here is the second if($_POST) block, in which I try to use the $selectedtimesheets2 array in, but to no success, it doesn't echo out anything:
if($_POST['accept']){
print_r($_POST);
//$selectedtimesheets2 does not get echoed out, despite being successfully set and echoed previously..
print_r($selectedtimesheets2);
echo $selectedtimesheets2;
It sounds like you are doing two requests. Whatever was in the superglobal _POST after the first request won't be in the next request.
To preserve data between requests, you can use PHP sessions.
You could do something like this: on first request, save that array into the session:
session_start();
$_SESSION["selectedtimesheets2"] = array_merge($selectedtimesheets,
$_POST['approvebox']);
Then in your next request, you can retrieve it:
$selectedtimesheets2 = $_SESSION["selectedtimesheets2"]
Does that make sense? This is very crude, I would suggest maybe using a framework like Symfony, Laravel or Lumen, depending on size of your project. HTTP requests have been abstracted and are much easier/safer to manipulate. Also have a look at the HTTP foundation package from Symfony.
shouldn't print_r($_POST); be print_r($_POST['approve']);
I have the below table in my site...
and what I want is that when i click on the read more link to redirect me to the page view_announcement.php and in this page to display me the whole data for this specific row.
For example, if we click on the link in the second row I want in the view_announcement.php to load all the data for this specific row.
My code in order to display this table is this...
<?php
$q = ($_GET['q']);
$con = mysqli_connect('localhost','root','smogi','project');
if (!$con) {
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,"project");
$sql="SELECT author,category,subject,content FROM announcements WHERE category = '".$q."'";
$result = mysqli_query($con,$sql);
echo "<table>
<tr>
<th>Author</th>
<th>Category</th>
<th>Subject</th>
<th>Content</th>
</tr>";
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['author'] . "</td>";
echo "<td>" . $row['category'] . "</td>";
echo "<td>" . $row['subject'] . "</td>";
echo "<td>" . 'Read More' . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
The view_announcement.php file doesn't contain any code yet because i dont know what to write.
One way to do it is to append a query variable to the "Read More" links. You'll probably need a unique identifier, such as an ID number, on your announements table. If you don't have one yet, I suggest adding one and setting it up to auto-increment.
You would want to modify your query to include the unique ID number:
$sql="SELECT id,author,category,subject,content FROM announcements WHERE category = '".$q."'";
Then you would modify the loop which prints your table out to include those unique IDs in the URL to view_announcement.php
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['author'] . "</td>";
echo "<td>" . $row['category'] . "</td>";
echo "<td>" . $row['subject'] . "</td>";
echo "<td>" . 'Read More' . "</td>";
echo "</tr>";
}
And in your file view_announcement.php, you would make another SQL query to get the full data for a specific row, like this:
$sql="SELECT * FROM announcements WHERE ID = '".$_GET['id']."'";
If you click any button, that redirects to view_announcement.php file, where you can get the subject values.
Use that subject values in your query to get all the details which relates to that subject.
I am building a website to list statistics for bowling tournaments over the last 24 years. Using the following code generates a long, single table showing all the data. I would like to put a break in the table when the $row['season'] value changes, i.e., from 1990-1991 to 1991-1992, and for each subsequent change of seasons and echo either an html horizontal line between seasons or put the value of the season from the database, i.e., 2013-2014 at the top of each table segment. After a week of searching the web haven't figured out an answer. Here's the code I have now. Needs to be mysqli.
$result = mysqli_query($conn,"SELECT * FROM members INNER JOIN scores ON members.id=scores.memberID WHERE format LIKE '%s%' ORDER BY year, STR_TO_DATE( month, '%b' ), format ASC;");
echo "<table border='0'>
<tr>
<th>Name</th>
<th>Hometown</th>
<th>Month</th>
<th>Year</th>
<th>Season</th>
<th>Center</th>
<th>Center City</th>
<th>Format</th>
</tr>";
foreach($result as $row) {
echo "<tr>";
echo "<td>" . $row['firstName'] . " ". $row['lastName'] . "</td>";
echo "<td>" . $row['hometown'] . "</td>";
echo "<td>" . $row['month'] . "</td>";
echo "<td>" . $row['year'] . "</td>";
echo "<td>" . $row['season'] . "</td>";
echo "<td>" . $row['center'] . "</td>";
echo "<td>" . $row['centerCity'] . "</td>";
echo "<td>" . $row['format'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($conn);
The answer is actually already given but it looks like your new with php so here is a smal example i hope its useful to you.
You need to insert some if statements to check if there is any change of year. same goes for any other checks you want to perform.
this is something you could do...
<?php
$lastYear = null;//you can also set the first year manually of course
foreach($result as $row) {
//set the first year
if($lastYear == null){$lastYear = $row['year'];}
//check if the year changed or not
if($lastYear == $row['year']){
//if the year didnt change... do something
}else{
//your year changed... do something different
$lastYear = $row['year']; //update your 'last'year
}
}
?>
I hope this will help you.
my id is not going through the url. my code is as follows
<?php
include 'library/connect.php';
$result = mysql_query("SELECT * FROM meetings ");
echo "<table border='1'><tr><th>Title</th><th>Chairman</th><th>Secretary</th><th>Terms of Reference</th><th>Named membership</th><th>Occurences</th><th>Book Room</th></tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['title']. "</td>";
echo "<td>" . $row['chairman']. "</td>";
echo "<td>" . $row['secretary']. "</td>";
echo "<td>" . $row['termsOfReference']. "</td>";
echo "<td>" . $row['named_membership']. "</td>";
echo "<td>" . $row['occurences']. "</td>";
?>
<td><font color="#CC3300">Book: room/date/time</font></td>
<?php
}
echo "</tr>";
echo "</table>";
include 'library/closedb.php';
?>
have you got any idea of what the problem can be?
where is $meeting_id set? seems to me like it should be $row['meeting_id'].
Where $meeting_id is defined?
It seems like you did a select but forgot to retrieve the meeting id.
Try to change the link to:
<a href ="secretary_booksRoom.php?meeting_id=<?php echo $row['meeting_id']; ?>">
In case you have column named meeting_id in your table of course.
<tr> tag need to be closed in the while loop
You need to define the $meeting_id variable before adding it to the URL, otherwise your link will simply be "secretary_booksRoom.php?meeting_id=". I am going to assume that your meetings table has an id column as a primary key. In your while loop, try declaring "$meetind_id = $row['your meeting id column']". This should get the meeting id and pass it to the URL.
Hope this helps.