I have a typical SQL query that returns results like this:
$result_acc_man = "SELECT * FROM mgap_management WHERE account_manager_id = '" . $_SESSION['account_manager_id'] . "' ORDER BY mgap_sales_pres";
$stmt = $pdo->prepare($result_acc_man);
$stmt->execute();
while($row_acc_man = $stmt->fetch(PDO::FETCH_ASSOC))
{
$salespres = $row_acc_man['mgap_sales_pres'];
$regvp = $row_acc_man['mgap_regional_vp'];
$areasales = $row_acc_man['mgap_area_sales_manager']
?>
<p class="asminfo"><span>Your ASM: <?php echo $areasales;?></span></p>
<p class="asminfo"><span >Your Regional VP: <?php echo $regvp; ?></span></p>
<p class="asminfo"><span >Your Sales President: <?php echo $salespres; ?></span></p>
<?php
}
?>
here are the column headers
<div id="viewheadaccept">
<span class="namecustaccept1">ACCOUNT NAME </span>
<span class="custaccept">ACCOUNT TYPE</span>
<span class="recoverycustaccept">OPPORTUNITY SIZE</span>
</div>
I need to add the ability to click on the column names and sort the data. Is there an easier way to accomplish this other than creating multiple linked pages with different queries that contain the sort?
Thanks!
You could provide a parameter to replace mgap_sales_pres. So send a orderBy parameter via the url stirng.
You would need to escape the variable for security. Normally this wouldn't be recommended, but since prepared statements can't inject variables into the ORDER BY clause, it's the only option for now.
For example mysql_real_escape_char($_GET['orderBy'])
Or if you are really paranoid you could use a switch case statement to check for a validate column name.
Related
This is the code which selects from DB and sets the image tag.
<div>
<?php $query = mysql_query("SELECT * FROM company where sn='1'");
while($rows = mysql_fetch_assoc($query)){
$logo = $rows['logo'];
$password = $rows['password'];
$phone = $rows['phone'];
}
?>
<img src="<?php echo $logo ?>"/>
</div>
When we get this and set on textarea then we want this query{which save in db} executed. and output show only Logo name.
But this time this show full query which save in db.
we want get this output on textarea:
<div><img src="logoname"/></div>
You are using mysql extension, which is deprecated. You should use mysqli instead.
The loop overwrites your variables ($logo, $password, $phone) in every iteration, so it makes no sense until you're fetching single row.
But if you're fetching single row, then you don't need a loop:
<?php
if ($r = mysqli_query($connection, "SELECT * FROM company WHERE sn = 1")) {
$company = mysqli_num_rows($r) ? mysqli_fetch_row($result)[0] : null;
mysqli_free_result($r);
}
?>
<img src="<?php echo empty($company) ? 'nophoto.png' : $company['logo']; ?>" />
Replace
SELECT * FROM company where sn='1'
With
SELECT * FROM company WHERE sn=1
If you take out the apostrophes, that might solve your problem since the value stored in your database is most likely not a string. Also you should have WHERE in capital letters.
Let me know if that answered your question! :)
I am a hobbyist programmer and stuck with php and sql
I have a website where I hope to allow different users to list their domains and websites for sale. I have an SQL database with the fields: id, domain and price. Now I added a column of data where "namer" is the field name.
I am trying to extract the field "namer" so it appears on the website but it won't work.
The problem starts at // PROBLEM AREA in the code and after that div it's okay.
<div class="domain_list_item_main_linear" style="font-family: 'Open Sans', Arial; width:98%;">
<div style="width:33%;float:left;">
<a href="<?php /*?><?php echo ConfigPeer::GetValue('website_folder'); ?>
<?php echo $domain->getCleanName(); ?><?php */?>https://www.afternic.com/domain/<?php echo urlencode($domain); ?>" class="moLPdomain" target="_blank">
<?php echo html_entity_decode($domain->getDivTipNameLinear(), ENT_QUOTES); ?></a>
<?php if(!$domain->getIsSold()): ?>
</div>
<div class="moLPprice" style="width:22%;float:left;margin-left:0px;">
<?php
// PROBLEM AREA
$eventid = $_GET['id'];
$namer = $_GET['namer'];
$result = mysql_query("SELECT $namer FROM `domain` WHERE `id` = '$eventid' ");
$row = mysql_fetch_array($result);
echo $row[$namer];
?> </div>
The problem is where you are using $namer.
The section after SELECT should contain the name of a column which contains the data you are trying to extract. Looking at your code, $namer isn't the name of the column, but some data that you are trying to match.
So the structure of the SQL should be like this:
SELECT column_name FROM table_name WHERE a_column_name = a_val;
I suggest you take a look at SQL SELECT statements, w3school's is a good place to start:
http://www.w3schools.com/php/php_mysql_select.asp
Edit:
You're SQL should look like this:
SELECT namer FROM domain WHERE id = $eventid;
If you want to get the 'namer' of the domain with that ID.
You're variable $namer must be storing any of the following words for your query to run:
id
domain
price
I'm trying to make this code work but I don't know why it won't. Basically I want it to display a name if the nickname column in the database is null. And if it's not null it should display the nickname. Also I'm somewhat noob so keep that in mind when responding.
$namn = mysql_query("SELECT name FROM Horseinfo WHERE name = '$somevariable'");
$nicknamn = mysql_query("SELECT nickname FROM Horseinfo WHERE name = '$somevariable'");
<? $row = mysql_fetch_array($nicknamn,$namn);
if(is_null($nicknamn)) {?>
<div style='font-size:18px; padding-bottom:3px; margin-top:0px;'>records for <? echo $row['name'];?></div>
<?} else {?>
<div style='font-size:18px; padding-bottom:3px; margin-top:0px;'>records for <? echo $row['nickname'];?></div>
<?}?>
Based on assumption I would say that your nickname column does not contain a database NULL value, rather it would be an empty string instead (this totally depends on the routine filling the Horseinfo table). You also only need one SQL query to fetch both name and nickname.
My suggestion would be to use empty() instead:
// try to use mysqli_* instead of mysql_* functions, mysqli_query() expects parameter 1 to be a database connection resource
$res = mysqli_query($connection, "SELECT name, nickname FROM Horseinfo WHERE name = '$somevariable'");
if ($res && mysqli_num_rows($res)>0) {
$row = mysqli_fetch_row($res);
$horseName= empty($row['nickname']) ? $row['name'] : $row['nickname'];
?>
<div style='font-size:18px; padding-bottom:3px; margin-top:0px;'>records for <? echo horseName;?></div>
<?php } ?>
am trying to create a search engine to enable users data search. I tried using like in the sql query and it works. Now i want to use mysql fulltext index as in the code below but its not displaying any data when search. my table is created as myislam with fulltext index enabled. below is the code
<?php
include('searchajax_db.php');
if($_POST) {
$q=mysql_real_escape_string($_POST['search']);
$sql_res=mysql_query("select * from articles WHERE MATCH(title,body) AGAINST ('$q')
order BY MATCH(title,body) AGAINST ('$q')");
//$sql_res=mysql_query("select id,title,body from articles where title like '%$q%' or body like '%$q%' ");
//
if($sql_res === FALSE) {
die(mysql_error()); // TODO: better error handling
}
while($row=mysql_fetch_array($sql_res)) {
$ut=$row['title'];
$ub=$row['body'];
$b_ust=''.$q.'';
$b_emb=''.$q.'';
$final_u = str_ireplace($q, $b_ust, $ut);
$final_e = str_ireplace($q, $b_emb, $ub);
?>
<div class="show" align="left">
<?php echo '<a data-role="button" data-transition="fade" data-icon="arrow-r" data-iconpos="right" data-inline="true" href=profile.php?id='.htmlentities($row["id"], ENT_QUOTES, "UTF-8") .' title="Click to Find ">'.'<font color=orange></font>'.''
?>
<?php echo '<font color=greenyellow>' ?>
<span class="name"><?php echo htmlentities($final_u, ENT_QUOTES, "UTF-8"); ?></span> <br/>
<?php echo htmlentities($final_e, ENT_QUOTES, "UTF-8"); ?><br/>
<?php echo '</font>' ?>
</div>
<?php }} ?>
You don't need to use MATCH everywhere. The WHERE condition is where you determine which rows are retrieved from the table. Right after SELECT is where you choose which columns from those rows are displayed. ORDER BY determines which column and direction the rows are sorted by.
This example would probably be sufficient:
SELECT title, body FROM articles WHERE MATCH(title,body) AGAINST ('$q') ORDER BY title ASC
I also will note that you should use prepared statements with PDO or MySQLi as it is better protection than using mysql_real_escape_string.
I'm new to PHP and pardon me for asking this very basic question. What I want to do is to display or view a page based on a specific record. For example, I have a home.php page which lists records of lessons. And when I click on a specific record, it will go a page named lesson.php . I have to view the relevant information/data from my dB of that specific lesson. I tried to use GET but I think it's not going to meet the requirement of my system.
This is what I've tried so far:
$qry1stQuarter = $conn->prepare("SELECT l.lesson_title FROM tbllessons as l
JOIN tblstudents as s
ON l.grade_level = s.grade_level
WHERE quarter_code = '1st'
AND s.grade_level=:grade_level");
$qry1stQuarter->execute(array(':grade_level' => $grade_level));
<div id="tabs-2">
<div id="accordion">
<h3><strong>Yunit 1</strong></h3>
<div>
<?php
for($i=0; $row = $qry1stQuarter->fetch(); $i++){
$lesson_title = $row['lesson_title'];
?>
<div id = "lessons">
<?php
echo "<a href = 'lesson_view.php'>$lesson_title </a>";?>
</div>
<?php
} // end of for loop
?>
</div> <!-- end of Yunit 1 -->
What is the best way to do this? Your help is pretty much appreciated. Thanks.
In your database, I assume you have an ID column. A typical way to do what you are asking is to use that ID as a GET parameter on a link, and then include that in your WHERE clause in your SQL statement.
Eg:
echo "<a href='lesson_view.php?id=$lesson_id'>$lesson_title</a>";?>
And then on your lesson_view.php page, your SQL has something like this:
SELECT * FROM tbllessons WHERE id = mysql_real_escape_string($_GET['id'])