I have a table set up called Modules, that once a user is logged in it brings up the modules related to that user, this works fine. At the side of each module in the table I have a lessons link. once the user clicks on that I want it to display the lessons based on the module ID.
Any help would be great full.
My Module code in case I need to add something to it is as follows;
<?
include('../inc/security.inc.php');
authorise();
// Include databse connection file
include('../inc/connection.inc.php');
// Connect to the database
connect();
$userID = $_SESSION['userID'];
$sql = "SELECT * FROM tblModule WHERE userID = '$userID'" ;
$result = #mysql_query($sql) or die(mysql_error());
?>
and displaying the module table as follows;
<?php
// run a while loop through all records and create a new row for each one
while ($record = mysql_fetch_object($result))
{
?>
<table class="myTable">
<th class="col">Module ID</th>
<th class="col">Module Title</th>
<th class="col">Module Description</th>
<th class="col">User ID</th>
<th class="col">Manage</th>
</tr>
<tr class="row">
<td class="cell"><?php echo $record->moduleID; ?></td>
<td class="cell"><?php echo $record->moduleTitle; ?></td>
<td class="cell"><?php echo $record->moduleDescription; ?></td>
<td class="cell"><?php echo $record->userID; ?></td>
<td class="cell">Lessons</td>
</tr>
</table>
<?
}
// clean up after ourselves by cleating $result and closing the database connection
mysql_free_result($result);
mysql_close();
?>
Then so far in the lesson table i have;
<?
include('../inc/security.inc.php');
authorise();
// Include databse connection file
include('../inc/connection.inc.php');
// Connect to the database
connect();
$moduleID = $_SESSION['moduleID'];
$sql = "SELECT * FROM tblLessons WHERE moduleID = '$moduleID'" ;
$result = #mysql_query($sql) or die(mysql_error());
?>
With the result been displayed as;
<?php
// run a while loop through all records and create a new row for each one
while ($record = mysql_fetch_object($result))
{
?>
<table class="myTable">
<th class="col">LessonID</th>
<th class="col">Lesson Number</th>
<th class="col">Lesson Description</th>
<th class="col">ModuleID</th>
<th class="col">Lesson Plan ID</th>
<th class="col">Manage</th>
</tr>
<tr class="row">
<td class="cell"><?php echo $record->lessonID; ?></td>
<td class="cell"><?php echo $record->lessonNumber; ?></td>
<td class="cell"><?php echo $record->lessonDescription; ?></td>
<td class="cell"><?php echo $record->moduleID; ?></td>
<td class="cell"><?php echo $record->lessonPlanID; ?></td>
</tr>
</table>
<?
}
// clean up after ourselves by cleating $result and closing the database connection
mysql_free_result($result);
mysql_close();
?>
You're passing the moduleID as a query string variable to lessons.php, but in lessions.php you're looking for it in session data.
$moduleID = $_SESSION['moduleID'];
Try:
$moduleID = isset($_GET['moduleID']) ? $_GET['moduleID'] : false;
if ( $moduleID ) {
$sql = sprintf('SELECT * FROM tblLessons WHERE moduleID = %d', $moduleID);
$result = #mysql_query($sql) or die(mysql_error());
} else {
// No moduleID, so show an error message, redirect user, or the like
}
Note that I'm using sprintf so that $moduleID is converted to a digit. The code you're using - passing the value directly to MySQL - is dangerous. Google: "sql injection".
If $moduleID can in fact be a string, then you need to take extra steps to ensure that the data is sanitized before being passed to MySQL, e.g.
$moduleID = isset($_GET['moduleID']) ? $_GET['moduleID'] : false;
if ( $moduleID ) {
$sql = sprintf("SELECT * FROM tblLessons WHERE moduleID = '%s'", mysql_real_escape_string($moduleID));
$result = #mysql_query($sql) or die(mysql_error());
} else {
// No moduleID, so show an error message, redirect user, or the like
}
You should also consider switching to PDO, as the mysql_ functions are depreciated. PDO is a much easier, safer way to interact with MySQL.
Related
i build a project about online shop and there is a page in the admin dashboard that show the information about the orders that coming from the users ..there is many tables
there is orders table with Order.php class.
there is products table with Product.php class.
there is orderdetails table with OrderDetails.php class ..in this table there is
id,order_id,product_id.
every thing is working well put i can't show the $product['name'] and $product['price']
because $orderDet return null value , I don't know how to catch the id from orderdetails table to use it to get the product table data .
the getOne function from class OrderDetails.php
//get one
public function getOne($id){
$query="SELECT * FROM `orderdetails`
WHERE `id` = '".$id."'";
$result=$this->connect()->query($query);
$orderdetails=null;
if($result->num_rows == 1)
{
$orderdetails = $result->fetch_assoc();
}
return $orderdetails;
}
Orders.php where i show the the customer's information and the orders they buy for the admin
<?php
session_start();
require_once 'classes/product.php';
require_once 'classes/Order.php';
require_once 'classes/Orderdetails.php';
require_once 'classes/Category.php';
require_once 'inc/header.php';
$ord=new Order;
$ordDet=new OrderDetails;
$prod=new Product;
$orders=$ord->getAll();
if(!isset($_SESSION['id']))
{
header('location:Login.php');
die();
}
?>
<div class="container">
<div class="row">
<div class="col-lg-12">
<table class="table">
<thead>
<tr>
<th>Customer Name</th>
<th>Customer Email</th>
<th>Customer Phone</th>
<th>Customer Address</th>
<th>Product Name</th>
<th>Product Price</th>
</tr>
</thead>
**the problem is here**
<?php
foreach($orders as $order)
{
$orderDetails=$ordDet->getOne($order['order_id']);
//var_dump($orderDetails);
$product=$prod->getOne($orderDetails['product_id']);
?>
<tbody>
<tr>
<td scope="row"><?php echo $order['customerName']; ?></td>
<td><?php echo $order['customerEmail']; ?></td>
<td><?php echo $order['customerPhone']; ?></td>
<td><?php echo $order['customerAddress']; ?></td>
<td><?php echo $product['name']; ?></td>
<td><?php echo $product['price']; ?></td>
</tr>
</tbody>
<?php } ?>
</table>
</div>
</div>
</div>
<?php require_once 'inc/footer.php';?>
that is an image when i make var_dump($orderDetails)
Try the following.
$query = "SELECT * FROM `orderdetails` WHERE `id` != ''";
// or $query = "SELECT * FROM `orderdetails` WHERE `id` != 0";
$result = $con->query($query);
while($row = $result->fetch_assoc()){
$id = $row["id"];
echo "<h3>id is now $id</id>";
}
// The following line is where your problem lies
$query = "SELECT * FROM `orderDetails` WHERE `order_id` != ''";
/* I assume you know the best way to handle the following part */
$result = $con->query($query);
echo $result[0]["order_id"]; // or $result["order_id]
As an advice you need to have a way to select only new orders that you have not processed. You would not want your selection to include orders you have handled each time you want to get new data from the table.
i have a website project, where customers will need to search and the results will display, so i have done all that, but the problem is when a search results comes up,if there's more than 1 row,it dublicate the results on the same row,here are the code.
<h1 style="font-family:calibri;color:#13CC0D;text-align:center;">BODABODA SEARCH RESULTS</h1>
<table cellpadding="1" cellspacing="1" id="resultTable">
<thead>
<tr>
<th style="border-left: 1px solid #C1DAD7"> Region</th>
<th> District </th>
<th> Ward </th>
<th> Street</th>
<th> Driver Name </th>
<th>Identification Type</th>
<th>Identification Number</th>
<th>Motorcycle Type</th>
<th>Motorcycle Reg No</th>
<th>Phone Number</th>
</tr>
</thead>
<?php
$conn = mysqli_connect('localhost', 'efalococ_calcia', '*ad4#zNQ=nfN') or die('can not connect to the server'.mysqli_error);
mysqli_select_db($conn, 'efalococ_safirii');
if(isset($_POST['search'])){
$query = $_POST['region'];
$query1 = $_POST['district'];
$query2 = $_POST['ward'];
$query3 = $_POST['street'];
$results = mysqli_query($conn,"SELECT * FROM bodaboda WHERE (`region` LIKE '%".$query."%') && (`district` LIKE '%".$query1."%') && (`ward` LIKE '%".$query2."%') && (`street` LIKE '%".$query3."%')") or die(mysql_error());
if(mysqli_num_rows($results) >0){
while($row = mysqli_fetch_array($results)){
echo "<td>".$row['Region']."</td>" ;
echo "<td>".$row['District']."</td>";
echo "<td>".$row['Ward']."</td>";
echo "<td>".$row['Street']."</td>";
echo "<td>".$row['DriverName']."</td>";
echo "<td>".$row['IdentificationType']."</td>";
echo "<td>".$row['IdentificationNumber']."</td>";
echo "<td>".$row['MotorcycleType']."</td>";
echo "<td>".$row['MotorcycleRegNo']."</td>";
echo "<td>".$row['PhoneNumber']."</td>";
}
}else{
echo '<span style="color:red;font-family:cursive;font-size:14px;">No results found, Please Modify your search </span> Click here'.mysqli_error($conn);
}
}
?>
</table>
And the results shows like this!
Can you please help on that? any idea?
You just need to use the <tr> for every row.
The tag defines a row in an HTML table.
Learn more about HTML tr tag
while($row = mysqli_fetch_array($results)) {
echo "<tr>";
echo "<td>".$row['Region']."</td>" ;
echo "<td>".$row['District']."</td>";
echo "<td>".$row['Ward']."</td>";
echo "<td>".$row['Street']."</td>";
echo "<td>".$row['DriverName']."</td>";
echo "<td>".$row['IdentificationType']."</td>";
echo "<td>".$row['IdentificationNumber']."</td>";
echo "<td>".$row['MotorcycleType']."</td>";
echo "<td>".$row['MotorcycleRegNo']."</td>";
echo "<td>".$row['PhoneNumber']."</td>";
echo "</tr>";
}
I am building a Wordpress plugin and trying to sort my database tables by last name, first name, address etc when someone clicks on the title of the column.
I am unsure why but when I click a column title link, I get the following message:
"Sorry, you are not allowed to access this page." My filename is lead_db.php.
I have also tried to enter /admin.php?page=lead-db-editor-handler which is what the url reads on the page when I open it in the backend; this brings me to a 404 when I click to sort. I have been at this for hours now and can not figure it out or find the answer online. Does anyone know where I am going wrong? Thanks in advance!
<table border="1">
<tr>
<th data-sort-initial='descending'><a>ID</a></th>
<th>Registered Date</th>
<th>Last Name,
First Name</th>
<th>Address 1</th>
</tr>
<?php
$sql = "SELECT * FROM wp_client_info";
if ($_REQUEST['sort'] == 'id')
{
$sql .= " ORDER BY id";
}
elseif ($_REQUEST['sort'] == 'time')
{
$sql .= " ORDER BY time";
}
elseif ($_REQUEST['sort'] == 'last_name')
{
$sql .= " ORDER BY last_name";
}
elseif($_REQUEST['sort'] == 'first_name')
{
$sql .= " ORDER BY first_name";
}
?>
<?php
$result = mysql_query($sql) or die (mysql_error())
while($row = mysql_fetch_array($result)){
?>
<tr>
<td><?php echo $row['id'] ?></td>
<td><?php echo $row['time'] ?></td>
<td><?php echo $row['last_name'], ", ",$row['first_name'] ?></td>
<td><?php echo $row['address_1'] ?></td>
</tr>
<?php
}
mysql_close();
?>
</table>
My idea is to click 'Delete' link and it will pass the id to another PHP page (deleteSession.php), and then execute the query in deleteSession.php. but I couldn't seems to get the id from manageSession.php
In manageSession.php,
<table align='center' border='1' cellpadding='5' cellspacing='0'>
<tr>
<th>Session Id</th>
<th>Type</th>
<th>Date & Time</th>
<th>Venue</th>
<th>Pax</th>
<th>Delete</th>
<th>Edit</th>
</tr>
<?php
$sql = "SELECT booking_id, booking_types, dates_sessions, venue_available, room_count FROM bookings_available ORDER BY dates_sessions asc";
$result = mysqli_query($link, $sql) or die(mysqli_error($link));
//mysqli_close($link);
while ($row = mysqli_fetch_array($result)) {
?>
<tr>
<td><?php echo $row['booking_id']; ?></td>
<td><?php echo $row['booking_types']; ?></td>
<td><?php echo $row['dates_sessions']; ?></td>
<td><?php echo $row['venue_available']; ?></td>
<td><?php echo $row['room_count']; ?></td>
<td><input type="button" value="Delete"/></td>
<td><input type="button" value="Edit"/></td>
</tr>
<?php } ?>
</table>
In deleteSession.php,
<?php
include "dbFunctions.php";
include "manageSession.php";
//$sql = "SELECT booking_id, booking_types, dates_sessions, venue_available, room_count FROM bookings_available";
//$result = mysqli_query($link, $sql) or die(mysqli_error($link));
$bookingId = filter_input(INPUT_GET, 'booking_id');
$deleteQuery = "DELETE FROM bookings_available WHERE booking_id = '$bookingId'";
?>
I think in deleteSession.php file code should be as follows.
$bookingId = filter_input(INPUT_GET, 'id');
OR
$bookingId = $_GET['id'];
Because you are passing get parameter as follows.
deleteSession.php?id=
And also keep anchor as follows.
Delete
In the deleteSession.php you can try and replace:
$bookingId = filter_input(INPUT_GET, 'booking_id');
with the below code:
$bookingId = $_REQUEST['id'];
Finally at the last line you have to execute the query which is stored in $deleteQuery variable, which is not executed yet by using below code:
$qry = mysql_query("DELETE FROM bookings_available WHERE booking_id = '$bookingId'");
//will show you error if not able to delete
if(!$qry)
die("Error: ".mysql_error());
Added this at line 3 and it works:
mysqli_select_db($link ,$DB);
Because in the code I have not selected the mysql database and also the query was not executing as the first parameter $link was missing.
Hope some one can help me out here, i guess am not calling my functions right.
Am trying to retrieve some data from my database and have a delete link attached to each items being retrieved, so that when ever i click on delete, it will delete that particular item which have the delete function.
My Code to retrieve items from database are as follows.
<?php
$con = mysql_connect("localhost","root","");
mysql_select_db("uloaku", $con);
$count = 1;
$y = mysql_query("SELECT * FROM transaction");
if(mysql_num_rows($y) != 0){
echo "<table bgcolor=\"white\" width=\"1000\" bordercolor=\"grey\" border=\"5\" >";
echo "<tr>
<td align=\"center\">No</td>
<td align=\"center\">Date</td>
<td align=\"center\">Current Balance</td>
<td align=\"center\">Avaliable Balance</td>
<td align=\"center\">Account Status</td>
<td align=\"center\">Delete Account</td>
</tr>";
while ($z = mysql_fetch_array($y, MYSQL_BOTH)){
echo "<tr>
<td align=\"center\">".$count++."</td>
<td align=\"center\">".$z[1]."</td>
<td align=\"center\">".$z[2]."</td>
<td align=\"center\">".$z[3]."</td>
<td align=\"left\" width=\"300\">".$z[4]."</td>
<td>delete</td>
</tr>";
}
echo "</table>";
}
?>
And my code to delete
<?php
session_start();
$con = mysql_connect("localhost","root","");
mysql_select_db("uloaku", $con);
$id = $_GET['id'];
$sql = mysql_query("DELETE FROM transaction WHERE id='$id' LIMIT 1") or die (mysql_error());
header("Location: vacct.php");
?>
I know am missing out the logic here and hope somebody can direct me or show me the easy way out. at the moment i can successfully retrieve my items from the data base my only problem is to be able to apply the delete function each time the delete button is tapped.
You have to pass the id when you click on the delete link:
<a href=\"delete.php?id=$z[theIdKey]\">
Use the below code.I have added validation and encryption
<?php
$con = mysql_connect("localhost","root","");
mysql_select_db("uloaku", $con);
$count = 1;
$y = mysql_query("SELECT * FROM transaction");
if(mysql_num_rows($y) != 0){
echo "<table bgcolor=\"white\" width=\"1000\" bordercolor=\"grey\" border=\"5\" >";
echo "<tr>
<td align=\"center\">No</td>
<td align=\"center\">Date</td>
<td align=\"center\">Current Balance</td>
<td align=\"center\">Avaliable Balance</td>
<td align=\"center\">Account Status</td>
<td align=\"center\">Delete Account</td>
</tr>";
while ($z = mysql_fetch_array($y, MYSQL_BOTH)){
echo "<tr>
<td align=\"center\">".$count++."</td>
<td align=\"center\">".$z[1]."</td>
<td align=\"center\">".$z[2]."</td>
<td align=\"center\">".$z[3]."</td>
<td align=\"left\" width=\"300\">".$z[4]."</td>
<td>delete</td>
</tr>";
}
echo "</table>";
}
?>
code to delete
<?php
session_start();
$con = mysql_connect("localhost","root","");
mysql_select_db("uloaku", $con);
$id = base64_decode($_GET['id']);
if(!empty($id)){
$sql = mysql_query("DELETE FROM transaction WHERE id='$id' LIMIT 1") or die (mysql_error());
}
header("Location: vacct.php");
?>
<td>delete</td>
How are you passing the id to delete to your delete.php script?
Change:
<td>delete</td>
to:
<td>delete</td>
if $z[0] is the ID.
In your delete.php, make sure you also escape the word "transaction" using backtick:
DELETE FROM `transaction` WHERE id=123
this is because "transaction" is a reserved mysql keyword.
Please also read on SQL Injections.