very new to php and mysql so all help is greatly appreciated. I have tried to search the forums but not entirely sure specifically what I need to be searching for. I have a form which ask users to select a product and make a comment.
I need the information for a particular product to show on my product page instead of all of the information. (for example, I want the reviews for iPads to show on the ipad page)
This is the code that send the data to the database:
<?php
session_start();
include('connection.php');
$name=$_POST['name'];
$product=$_POST['product'];
$star=$_POST['star'];
$comment=$_POST['comment'];
mysql_query("INSERT INTO tt_review(name, product, star, comment)VALUES('$name', '$product', '$star','$comment')");
header("location: https://scm-intranet.tees.ac.uk/users/l1071039/tablet-takeover/index.html");
mysql_close($con);
?>
This is the current code to fetch the data onto my page:
<?php
include('connection.php');
$result = mysql_query("SELECT * FROM tt_review");
echo "<table border='1'>
<tr>
</tr>";
while($row = mysql_fetch_array($result)) //This function is calling the results variable and displaying them within the rows below
{
echo "<tr>"; //this code tells the page to output the table rows that are defined above
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['date'] . "</td>"; //each row is then executed using the table data function
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['star'] . "</td>";
echo "<td>" . $row['comment'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
This is a screenshot of the table on my webpage (as I say, I need it to only show the ipad reviews.
To select only one kind of product, you should add a where clause on your sql query:
SELECT * FROM tt_review WHERE product = 'Apple iPad'
You can give like this
"SELECT * FROM tt_review WHERE Product_name ='ipad'"
It will display only the information related to Ipad
Still If you dont understand please give me the name of the columns you used in the table
Firstly, mysql_* functions have been depreciated. Rather, use either PDO or MySQLi.
Secondly, your code is very vulnerable to SQL injection.
Thirdly, fix your select statement to the following:
SELECT * FROM tt_review WHERE product = 'ipad'
Related
I am complete newbie to PHP/SQL and all this stuff, also not really skilled with any kind of programming. My problem is that I am currently trying to pull out data from MySQL table on to website, but after finishing the code it pulls out all of the data from my table.
I would love to somehow get to pull out only data from specific table row, based on it's primary key. My current code looks like this.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "rainbow";
$link = mysqli_connect($servername, $username, $password, $dbname);
if($link === false){
die("ERROR: COuld not connect." . mysqli_connect_error());
}
$sql = "
SELECT name
, nick
, surname
, team
, country
, birthdate
, mouse
, dpi
, keyboard
, headset
FROM players
";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<table>";
echo "<tr>";
echo "<th>name</th>";
echo "<th>nick</th>";
echo "<th>surname</th>";
echo "<th>team</th>";
echo "<th>country</th>";
echo "<th>birthdate</th>";
echo "<th>mouse</th>";
echo "<th>dpi</th>";
echo "<th>keyboard</th>";
echo "<th>headset</th>";
echo "</tr>";
while ($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['nick'] . "</td>";
echo "<td>" . $row['surname'] . "</td>";
echo "<td>" . $row['team'] . "</td>";
echo "<td>" . $row['country'] . "</td>";
echo "<td>" . $row['birthdate'] . "</td>";
echo "<td>" . $row['mouse'] . "</td>";
echo "<td>" . $row['dpi'] . "</td>";
echo "<td>" . $row['keyboard'] . "</td>";
echo "<td>" . $row['headset'] . "</td>";
echo "</tr>";
}
echo "</table";
mysqli_free_result($result);
}
else {
echo "Ziadny vysledok a nic nefunguje";
}
}
mysqli_close($link);
?>
To be honest, I am not even sure if this is the right way to do it, but it works and it pulls the data into a HTML table which is not necessary for me, I just wanted to try it. Thanks for answers!
Let's suppose you have a page with this code:
<form action='page2.php' method='post'>
Inform a number:
<input type='text' name='number'>
<input type='submit' value='Send'>
</form>
Save the form above as page1.php
The file page2.php will contain the code that select one register from your table and show the result.
<?php
$id = $_POST["number"];
//The sql command will look like this:
$sql = "SELECT name, nick, surname, team, country, birthdate, mouse, dpi, keyboard, headset FROM players WHERE id = $id";
?>
A couple of things.
Firstly, You would typically keep some of your confidential stuff (database name, userid, password and server name in a separate file (eg. config.php) and you would "include" that file in this file... include ("config.php");
Secondly, in your $sql line you are selecting all of your columns individually and later in the 10 lines after your "while" statement you are selecting them again (for display). I would be calling the whole table in your $sql line with SELECT * from players and I would follow this with a WHERE. As a newbie, your basic retrive from batabase has 3 main words, SELECT (means go and get what you want and in most cases, grab it all with a *) FROM (the table you want to get it from, in your case the table is players) and WHERE (this is your selection criteria... id > 50...colour = "blue"... whatever you want). When pushing data to the DB you would use SET and UPDATE but when retrieving... SELECT, FROM, WHERE.
Your "while" statement will simply do your $sql statement (select, from, where) and return results until it runs out of records
Good luck Newbie
gri2a
Currently I have a query running that brings up all the contents of the 'products' table and the 'user' associated with the products. It prints on a table. I want to create a button, that brings up the entire records.
Please note that I must only be able to view the selected record only.. How would I go about this?
echo "<table border='1'>
<tr>
<th>user_id</th>
<th>user_name</th>
<th>selected_product</th>
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
echo "<td>" . $row['user_id'] . "</td>";
echo "<td>" . $row['user_name'] . "</td>";
echo "<td>" . $row['selected_product'] . "</td>";
So a button should appear for each record that is returned as a result. When I click this button another window should appear which shows the entire contents (for this record only) and the user associated.
How does the button know which record its associated with.
<a href="anotherpage.php?id=<?php echo $row['user_id']?>" ><button>View Details</button></a>
This will take you to another page.
Use get method tho get the id into php variable.
$userId = $_GET['id'];
And now use sql query to fetch all the data from the database for single user.
$userResult = mysql_query("SELECT * FROM userTable WHERE user_id = ".$userId);
I have a table with arrays pulling information from a database, I have linked the fix to be a hyperlink "click me for fix" I have entered the link to send the variable to a php that will use $GET to echoe the information.
code below , i am new to php and been racking brains . the only out put i get is Welcome . (done welcome to test if information was being passed)
<div id=list>
<?php
// Create connection
$con=mysqli_connect('172.16.254.111',"user","password","Faults"); //(connection location , username to sql, password to sql, name of db)
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//where statement in the sql syntax will select where in db to get infor, use AND to add another condition
$result = mysqli_query($con,"SELECT * FROM Fixes WHERE Product='Serv1U' AND Fault_type='Broadcast Manager'"); //this creates a variable that selects the database
//below is the echo statment to create the results in a table format, list collumn titles
echo "<table id=tables border='1'>
<tr>
<th>Products</th>
<th>Fault_type</th>
<th>Fault_Description</th>
<th>Fix</th>
</tr>";
//below is script to list reults in a table format, $row [row name on table]
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Product'] . "</td>";
echo "<td>" . $row['Fault_type'] . "</td>";
echo "<td>" . $row['Fault_Description'] . "</td>";
echo "<td>Click for Fix</td>"; //this is how you link into an echo, alsothe id=" hopefully means i can send ID information.
}
echo "</tr>";
echo "</table>";
// below closes the coonection to mysql
mysqli_close($con);
index.php:
Welcome <?php echo $_GET["Fix"]; ?>.
I'm lost. Any help is appreciated.
Thanks
?>
Is it just a typo here? $GET must be $_GET.
And it should be $row['Fix'] not $rows['Fix']! Note the 's'!
I'm having problems with SQL query that returns no results instead of the data from the tables.
I have two tables on my DB, one is for Products and the other is Basket. The idea is to take the product id's from the basket and retrieve all the rest of the data from the product table. This is what i did:
$sql = sprintf("SELECT * FROM Basket");
$result = mysql_query($sql, $link);
while ($row = mysql_fetch_array($result)) {
$my_id = $row["Id"];
$prod_s=sprintf("SELECT * FROM Products WHERE Id='%s'",$my_id) ;
$prod= mysql_fetch_array($prod_s);
echo "<td>" . htmlentities($prod["Name"],ENT_QUOTES,"UTF-8") . "</td>";
echo "<td>" . htmlentities($prod["Size"]) . "</td>";
.
.
.
The table is being created but all fields are empty.
Thank you!
First of all, your current code is vulnerable to second-level SQL injections: if one of the IDs in the database is a malicious string (e.g. the good old ; DROP DATABASE foo), you're screwed.
Now, your actual problem is that you're not actually sending the second query to the SQL server. You'll want to run mysql_query() on it and use the result handle with mysql_fetch_array. You're already doing it correctly with the initial query. Just do the same thing again.
Finally, you might want to know that all of this can be done in a single SQL query, using joins. You may want to ask your favourite search engine about those. Good luck!
I think you still have to add a mysql_query for prod_s.
$my_id = $row["Id"];
$prod_s=sprintf("SELECT * FROM Products WHERE Id='%s'",$my_id) ;
$prod_q=mysql_query($prod_s);
$prod= mysql_fetch_array($prod_q);
echo "<td>" . htmlentities($prod["Name"],ENT_QUOTES,"UTF-8") . "</td>";
echo "<td>" . htmlentities($prod["Size"]) . "</td>";
I am using a database that was already created and I can access, but do not have the permission to alter the database at all.
I am using the query
select last_count, query, job_id from twitterinblack46.job where job_id in ('.$job_id_all.') order by last_count desc;
to call three columns (last_count, query, and job_id) and display them in a table.
This query works as I want it to, but the only issue is the query column displays data with either a "%23","%40","%20", or "q=" in front of the desired data.
I need to figure out how to get rid of these strings before displaying the table.
Here is the while statement used to generate the table:
while($row = mysql_fetch_array($result)){
echo"<tr>";
echo "<td>" . $row["job_id"] . "</td>";
echo "<td>" . $row["last_count"] . "</td>";
echo "<td>" . $row['query'] . "</td>";
echo "<tr>";
}
echo "</table>";
I have created this query:
select replace(replace(replace(REPLACE(query,'%23', ''),'%40',''),'q=',''),'%20','') from job;
to get rid of these characters and it works perfectly as I need it, but how can I incorporate this query into my other $result before creating the table?
You can remove the offending strings when printing the table:
echo "<td>" . str_replace(array('%23', '%40', '%20"', 'q='), '', $row['query']) . "</td>";
(If you want to limit removal to only characters at the beginning of the string you can look at preg_replace)
$lst_search = array("%23", "%40", "%20", "q=");
$query = str_replace($lst_search, "", $row["query"]);
Then use $query in place of $row["query"] when creating the table.