<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("dentalclinic") or die(mysql_error());
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE appointment SET appointmentstatusid='$_POST[appointmentstatusid]'";
mysql_query($UpdateQuery);
};
$sql = "SELECT * from appointment a join appointmentstatus s on (a.appointmentstatusid=s.appointmentstatusid) join patient p on (a.patientid=p.patientid)";
$query = mysql_query($sql) or die(mysql_error());
echo "<table border=1>
<tr>
<th>FIRST NAME</th>
<th>LAST NAME</th>
<th>APPOINTMENT STATUS</th>
<th>UPDATE</th>
</tr>";
while($record = mysql_fetch_array($query)){
echo "<form action=editstatus.php method=post>";
echo "<tr>";
echo "<td>"."<input type=text name=firstname value=".$record['firstname']."></td>";
echo "<td>"."<input type=text name=lastname value=".$record['lastname']."></td>";
echo "<td>";
$query2 = "SELECT * from appointmentstatus";
$result = mysql_query($query2);
echo "<select name=appointmentstatusid>";
while ($line = mysql_fetch_array($result)) {
echo "<option value=".$line['appointmentstatusid'].">";
echo $line['appointmentstatus'];
echo "</option>";
}
echo "</select>";
echo "</td>";
echo "<td>"."<input type=submit name=update value=update"."></td>";
echo "</tr>";
echo "</form>";
}
echo "</table>"
?>
every time i update appointmentstatusid of patient1, it affects the appointmentstatus of other patients(patient2,patient3...). i tried adding the code WHERE appointmentstatusid='$_POST[appointmentstatusid]' on the update but when i do, it wont update anymore.
You must have a valid and matching id(s) for the row(s) you're trying to affect. How you determine that is up to you. Then, do something like:
UPDATE table_name
SET column1=value1,column2=value2,...
WHERE some_column=some_value;
To update a specific record, your query should have a WHERE clause specifying what to update
$UpdateQuery = "UPDATE appointment SET appointmentstatusid='$_POST[appointmentstatusid]' WHERE `appointmentid` = 1";
Please Note: passing the $_POST[appointmentstatusid] variable directly from $_POST can make your code vulnerable for sql injections. try
$appointmentstatusid = (int) mysql_real_escape_string($_POST[appointmentstatusid]);
$UpdateQuery = "UPDATE appointment SET appointmentstatusid='".appointmentstatusid ."' WHERE `appointmentid` = $id";
OR practice using database abstraction libraries.
try this on line 6
$UpdateQuery = "UPDATE appointment SET willChangeColumn = 'newValueForThatColumn' WHERE appointmentstatusid=".$_POST['appointmentstatusid'];
Related
I am trying to get all values shown in a table from mysql but getting one .
I want to get the rows of the mysql table at in the last table mentioned in the code
////////Here is a desc of no use --- blah for just posting this question / as i am getting an error msg for giving more details information about this question /////////
////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
Here is the code:
$sql = 'SELECT
item_added
FROM
products_added
ORDER BY id';
$results = mysqli_query($conn, $sql);
if(mysqli_num_rows($results) < 1){
echo "No items";
}else{
$new_sql = 'SELECT
item_added,
quantity,
amount,
sum(amount) as items_total
FROM
products_added
where `username` = "'.mysqli_real_escape_string($conn, $_SERVER["REMOTE_ADDR"]).'"
ORDER BY id';
$resu = mysqli_query($conn, $new_sql);
}
?>
<table>
<thead>
<tr>
<td>Item</td>
<td>Qyt</td>
<td>Price</td>
<td>Action</td>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_assoc($resu)){
echo "<tr>";
echo "<td>" . $row['item_added'] . "</td>";
echo "<td>" . $row['quantity'] . "</td>";
echo "<td>" . $row['amount'] . "</td>";
echo "<td><a class=\"remove-from-cart\" href=\"\"><i class=\"fa fa-times\"></i></a></td>";
echo "</tr>";
}
?>
</tbody>
</table>
It looks like its because you're using an aggregate function SUM() without a GROUP BY. In the $new_sql query, try adding "GROUP BY item_added" right before "ORDER BY id".
I want to count all user records and display them in tables, I am trying this code code, It displays the record for one user only, I want to display records from all users.
$u=$_POST['userid'];
$result1 = mysqli_query($con,"SELECT COUNT(user_id) as total FROM table-name where user_id=$u");
echo "<table border='1'>
</tr>
<tr>
<th>User ID</th>
<th>count</th>
</tr>";
while($row = mysqli_fetch_array($result1))
{
echo "<tr>";
echo "<td>" . $u . "</td>";
echo "<td>" . $row['total'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
Try the following SQL Query:
SELECT `user_id`, COUNT(`user_id`) as `total` FROM `table-name` GROUP BY `user_id`;
Refer to the documentation of the GROUP BY clause.
Use below:
$result1 = mysqli_query($con,"SELECT COUNT(user_id) as total FROM table-name");
where clause use for filter the data.
refer http://www.w3schools.com/sql/sql_where.asp
Im trying to get the page to display all the comments associated with the page. However it is only returning the first comment in the list.
$commentIdQuery = "SELECT commentid FROM COMMENT_RECIPE WHERE RecipeID = '$recipeID[0]'";
$CID = mssql_query($commentIdQuery, $connection);
$commentID = mssql_fetch_row($CID);
$commentQuery = "SELECT UserID, Rating, Comment FROM COMMENTS WHERE CommentID = '$commentID[0]'";
And then to print it i have
while($row = mssql_fetch_row($commentQuery)){
echo "<td> $row[0] $row[1] $row[2]<br><br></td>";
}
Try JOINING both the queries -
$query = "SELECT COMMENTS.UserId, COMMENT.Rating, COMMENT.Comment,
COMMENT_RECIPE.commentid
FROM COMMENT INNER JOIN COMMENT_RECIPE ON
COMMENT.CommentID = COMMENT_RECIPE.commentid
WHERE COMMENT_RECIPE.RecipeID = '$recipeID[0]'
";
$execute = mssql_query($query, $connection);
echo "<table>";
echo "<tr>
<th>User Id</th>
<th>Rating</th>
<th>Comments</th>
</tr>";
while($row = mssql_fetch_row($execute))
{
echo "<tr>
<td>$row[0]</td>
<td>$row[1]</td>
<td>$row[2]</td>
</tr>";
}
echo "</table>";
<?php require_once('../includes/header.php');?>
<?php require_once('../includes/connection.php');?>
<?php include('../includes/get_username.php');?>
<?php
include('sanitise.php');
$month = sanitise($_GET['month']);
?>
<table id="contentbox">
<tr>
<td>
<?php
$color="1";
//view record
$qry = mysql_query("SELECT * FROM tbl_dv WHERE monthname(date_added) = '$month' ORDER BY dv_id DESC");
echo "<table class='dvr_table' id='alternatecolor' width='100%'>
<tr>
<th>DATE ADDED</th>
<th>CT</th>
<th>PAYEE</th>
<th>PARTICULAR</th>
<th>PM</th>
<th>VOUCHER NO.</th>
<th>NET</th>
<th>OBR NO.</th>
<th>";
//RESPO/Office
$sql = "SELECT respo FROM tbl_dv WHERE monthname(date_added) = '$month' GROUP BY respo";
$result = mysql_query($sql);
echo "<select name='respo'>
<option value=' ' disabled='disabled' selected='selected'>Select a RESPO/Office</option>";
while ($row = mysql_fetch_array($result)) {
echo "<option value='" . $row['respo'] . "'>" . $row['respo'] . "</option>";
}
echo "</th>
<th>ACCOUNT CODE</th>
<th>FPP CODE</th>
<th>DEDUCTION</th>
</tr>";
while ($row = mysql_fetch_array($qry)) {
$dv_id = $row['dv_id'];
if($color==1){
echo "<tr bgcolor='#ffffff'>
<td style='text-align:center;'>" .date_format(date_create($row['date_added']), 'm/d/y')." </td>
<td style='text-align:center;'>" .$row['cashtype']."</td>
etc.......
$color="2";
} else {
echo "<tr bgcolor='#ebeaea'>
<td style='text-align:center;'>" .date_format(date_create($row['date_added']), 'm/d/y')." </td>
<td style='text-align:center;'>" .$row['cashtype']."</td>
etc......
$color="1";
}
}
echo "</tr>";
?>
I Have all it work. Only 1 PROBLEM.. I CANNOT DISPLAY the selected RESPO/OFFICE. As I select the RESPO/OFFICE it will sort out the selected RESPO/OFFICE... What should I resvise my code or add code.. Please Help!
A few suggestions first:
mysql is depreciated and you should move to PDO prepared statements
or mysqli. You can consult the php manual for this.
comment your code, you are not able to follow along unless you read
from top to bottom.
Now onto your code:
<?php
// Start document with includes needed, header, connection, functions.
require_once('../includes/header.php');
require_once('../includes/connection.php');
include('../includes/get_username.php');
include('sanitise.php');
// Start with the month variable posted from $_GET, this will begin the initial display.
$month = sanitise($_GET['month']);
?>
<!-- Begin Table Display and Layout -->
<table id="contentbox">
<tr>
<td>
<?php // Open PHP Tag to get variables to display in the table
$color="1";
// Initial Query to get the data for the month passed by GET, ordering by dv_id.
$qry = mysql_query("SELECT * FROM tbl_dv WHERE monthname(date_added) = '$month' ORDER BY dv_id DESC");
// Format the table rows for display
echo "<table class='dvr_table' id='alternatecolor' width='100%'>
<tr>
<th>DATE ADDED</th>
<th>CT</th>
<th>PAYEE</th>
<th>PARTICULAR</th>
<th>PM</th>
<th>VOUCHER NO.</th>
<th>NET</th>
<th>OBR NO.</th>
<th>";
// Fill the SELECT option with all the RESPO/Office data
$sql = "SELECT respo FROM tbl_dv WHERE monthname(date_added) = '$month' GROUP BY respo";
$result = mysql_query($sql);
// Display the select with the newly populated content
echo "<select name='respo'>
<option value=' ' disabled='disabled' selected='selected'>Select a RESPO/Office</option>";
// While the result contains data we will display respo as a select option.
while ($row = mysql_fetch_array($result)) {
echo "<option value='" . $row['respo'] . "'>" . $row['respo'] . "</option>";
}
// Finish the table header
echo "</th>
<th>ACCOUNT CODE</th>
<th>FPP CODE</th>
<th>DEDUCTION</th>
</tr>";
// While we have data from the original query we will display it
while ($row = mysql_fetch_array($qry)) {
$dv_id = $row['dv_id']; // grab the dv_id
if($color==1){ // Setup color scheme
echo "<tr bgcolor='#ffffff'> // Color for the row
// Let's begin filling the table with data
<td style='text-align:center;'>" .date_format(date_create($row['date_added']), 'm/d/y')." </td>
<td style='text-align:center;'>" .$row['cashtype']."</td>
etc.......
$color="2";
} else {
echo "<tr bgcolor='#ebeaea'>
<td style='text-align:center;'>" .date_format(date_create($row['date_added']), 'm/d/y')." </td>
<td style='text-align:center;'>" .$row['cashtype']."</td>
etc......
$color="1";
}
}
echo "</tr>";
?>
After reviewing the above code it is clear that you haven't setup a query to filter the data that you are displaying based on the selected option.
Your first query:
// Initial Query to get the data for the month passed by GET, ordering by dv_id.
$qry = mysql_query("SELECT * FROM tbl_dv WHERE monthname(date_added) = '$month' ORDER BY dv_id DESC");
You could append a new variable for the selected option, expand your WHERE statement. WHERE monthname(date_added) = '$month' && respo = '$respo' and move this query after the select option so it has access to the value chosen by the select option. Lastly, unless you are going to use jQuery to deal with the select box changing values, you would need a submit button to show the state change for the select option.
Pseudo Code:
Check for Submit
Change value of the department in the query WHERE clause
Display the requested data
This should get you in the direction you need to go in order to achieve the desired result.
EDIT:
In the 3rd answer you posted:
$viewrecord = "SELECT * FROM tbl_dv WHERE respo='".mysql_real_escape_string($respo)."' AND year(date_added)='$year' GROUP BY date_added ";
You said it is not filtering by the month being passed in, you are not adding it into your query, specifically the WHERE clause. So it should be:
$viewrecord = "SELECT * FROM tbl_dv WHERE respo='".mysql_real_escape_string($respo)."' AND month(month_added)='$month' AND year(date_added)='$year' GROUP BY date_added ";
FINAL EDIT:
Your first issue stems from not sending the $_GET['date_added'] value to the view page, so you will never display anything. Properly format the select box and add the data for the RESP and Date data from the database:
echo "<option value='". $row['respo'] . "+". $row['date_added'] . "'>" . $row['respo'] . " (".$row['count(*)'].")</option>";
Now that we are passing the respo and the date string we can work with the data on the next page:
/* UNCOMMENT NEXT LINE FOR ERROR DETECTION */
//error_reporting( E_ALL );
/* GET THE ENTIRE STRING PASSED FROM THE SELECT OPTION */
$respo = $_GET['respo'];
/* EXPLODE THE DATA BY + SYMBOL TO GET THE DATA */
$data = explode("+", $respo);
/* FORMAT THE DATETIME FROM THE STRING TO A FRIENDLY FORMAT */
$month = date("m", strtotime($data[1])) . "<br />";
$year = date("Y", strtotime($data[1])) . "<br />";
This is how I choose to work with the data and get what I needed, so now the query would be:
$viewrecord = "SELECT * FROM tbl_dv WHERE respo='".mysql_real_escape_string($data[0])."' && year(date_added)='$year' && month(date_added)='$month' ";
This will only display the records for the RESPO and the date by year and month passed into the page via $_GET.
<?php require_once('../includes/header.php');?>
<?php
$respo = $_GET['respo'];
$month = (int) (!empty($_GET['date_added']) ? $_GET['date_added'] : date('m'));
$year = (int) (!empty($_GET['date_added']) ? $_GET['date_added'] : date('Y'));
//database call here
$viewrecord = "SELECT * FROM tbl_dv WHERE respo='".mysql_real_escape_string($respo)."' AND year(date_added)='$year' GROUP BY date_added ";
$result = mysql_query($viewrecord, $db) or die (mysql_error());
$num_result = mysql_num_rows($result);
{
echo "<table border='1' width='100%' style='border:1px solid silver' cellpadding='5px' cellspacing='0px'>
<tr bgcolor='#666666' style='color:#FFFFFF'>
<th>Date Encoded</th>
etc...... (header here)
while ($row = mysql_fetch_row($result)) {
echo '<tr>';
echo "<tr ><td align='center'>" .date_format(date_create($row[17]), "m/d/y")."</td>
etc...
}
mysql_close($db);
?>
This is the code i come up. This is just an alternative solution. But the problem with this solution is that. I won't display the record in MONTH as call. THe respo is working as I select the RESPO it will display the all RESPO I ask, but the problem is that it include all the previous months with the RESPO I select. When I just select the specific month only..
//RESPO/Office
**echo '<form action="view.php" method="post">';**
$byrespo = mysql_query("SELECT DISTINCT count(*), respo FROM tbl_dv WHERE monthname(date_added)='$month' GROUP BY respo");
echo "<select name='respo' onchange='this.form.submit()'>
<option value=' ' disabled='disabled' selected='selected'>Select a RESPO/Office</option>";
while ($row = mysql_fetch_array($byrespo)) {
echo "<option value='" . $row['respo'] . "'>" . $row['respo'] . " (".$row['count(*)'].")</option>";
}
echo "</select></form>";
I just rushing to came up with solution.. So I add a and I create another view.php
for some reason I cant seem to get the data to insert php and mysql.
I have a init.php with the connection string in, a order.php file and finaly a band_list.php.
I am having some problem getting the data in to database.
the database has 3 tables:
order it has id, order_id and band_id columns
users it has id, name and password columns
bands it has Band_id, name and stock columns
band_list.php has a band gig details in it shown to the user.
<?php
require 'core/init.php';
$Band_id = $_GET['id'];
$result = mysql_query("SELECT * FROM bands WHERE Band_id = $Band_id");
echo "<table border = '1'>
<tr>
<th>Band Name</th>
<th>Venue</th>
<th>Category</th>
<th>Stock</th>
<th>Add</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr><form name=\"myform\" action=\" order.php\" method=\"post\">";
echo "<td> <input name=\"band\" type=\"hidden\" value=\"". $Band_id."\" ></td>";
echo "<td>" .$row['Name']. "</td>";
echo "<td>" .$row['Venue']. "</td>";
echo "<td>" .$row['Category']. "</td>";
echo "<td>" .$row['Stock']. "</td>";
echo "<td><button>Buy Ticket</button></td>";
echo "<td><input type=\" submit\" value=\"Buy Ticket\"></td>";
echo "</tr> </form>";
}
echo "</table>";
?>
order.php has the query that is meant to send the data to the database
<?php
require 'core/init.php';
session_start();
$Band_id = $_REQUEST['Band_id'];
$user_id = $_SESSION['user_id'];
$sql = "INSERT INTO orders (band_id,user_id) VALUES($Band_id,$user_id)";
mysql_query ($sql, $linkme)
or die ("could not add to database");
?>
and the connection string is in a init file.
so the idea is when the user clicks buy ticket it gets the current Band_id and user_id and inserts them into the database table orders in to columns band_id and user_id.
This is not happing I am just getting my or die ("could not add to database"); string come up.
Is there a problem with the way I have done it?
<input name=\"band\" type=\"hidden\" value=\"". $Band_id."\" >
And you're trying to get POST variable "Band_id" (which does not exist)
$Band_id = $_REQUEST['Band_id'];
Should be
$Band_id = mysql_real_escape_string($_REQUEST['band']);
Other details:
In order.php, it's better to place "session_start()" at the
beginning (before anything)
Consider using mysqli or PDO instead of deprecated mysql
You could get band id with $_POST instead of $_REQUEST because your
form sends it with post method