I have a form for adding events to each of my database tables.
In order for the data and time to be right I am using dropdown menus. However I am using 5 2 for the time and 3 for the date. In dream weaver on the second select statement it is highlighting it in yellow like I have an error. http://pastebin.com/NJB84hed
I would like to make sure this is also saving the id so that, the id can be posted in that table
$results=mysqli_query($con, "select * from Users where `userName` ='$username'");
$id = 'id_cust';
(1) You are missing a closing bracket } for your if(isset($_POST['insert'])){
if(isset($_POST['insert'])){
$artist = $_POST['artist'];
$place = $_POST['place'];
$hour = $_POST['hour'];
$minute = $_POST['min'];
$year = $_POST['year'];
$month = $_POST['month'];
$day = $_POST['day'];
$price = $_POST['price'];
$open = $_POST['open'];
$time = $hour.':'.$minute;
$date = $year.'-'.$month.'-'.$day;
$result=mysqli_query($con,"insert into Concert values('$id','$artist','$date','$time','$place','$price','$open')");
if($result)
{
echo 'Values updated successfully';
}
?>
Should be
if(isset($_POST['insert'])){
$artist = $_POST['artist'];
$place = $_POST['place'];
$hour = $_POST['hour'];
$minute = $_POST['min'];
$year = $_POST['year'];
$month = $_POST['month'];
$day = $_POST['day'];
$price = $_POST['price'];
$open = $_POST['open'];
$time = $hour.':'.$minute;
$date = $year.'-'.$month.'-'.$day;
$result=mysqli_query($con,"insert into Concert values('$id','$artist','$date','$time','$place','$price','$open')");
if($result)
{
echo 'Values updated successfully';
}
} // MISSING THIS CLOSING BRACKET
?>
(2) On line 73 you misspelled your select closing tag
</selct>
should be
</select>
(3) Also, I assume
$results=mysqli_query($con, "select * from Users where `userName` ='$username'");
$id = 'id_cust';
should be something like
$results=mysqli_query($con, "select * from Users where `userName` ='$username'");
$row = mysqli_fetch_array($result);
$id = $row['id_cust'];
Related
I have the following problem.
I want to set up a report button with Ajax, this passes certain variables like comment ID, creater from comment.
As I said I have implemented this with Ajax, so far all good.
I have as POST in another PHP file my PHP code.
I have a While loop in which I output all the data from the database.
Now I want to save and pass this data via SESSION, but this data is overwritten by the While loop every time, how do I fix this?
$stmt = $pdo->prepare("SELECT * FROM threadComments WHERE subThreadsID = ? ORDER BY created_at DESC ");
$stmt->execute([$page]);
while($row = $stmt->fetch()){
$createdComments = $row['created_at'];
$idComment = $row['id'];
$userlike = $row['userlike'];
$userid = $row['userid'];
$username = $row['username'];
$dateNow = date_create($createdComments, timezone_open('Europe/Berlin'));
$timeNow = time();
$seconds = strtotime($createdComments);
$diffSeconds = $timeNow - $seconds;
$date = date_format($dateNow, 'd.m.Y - H:i');
$statement = $pdo->prepare("SELECT userid, userImage FROM users WHERE userid = ?");
$statement->execute([$userid]);
$rowImages = $statement->fetch();
extract($rowImages);
$string = $row['threadContent'];
$string = convertHashtags($string);
HTML /////
$_SESSION['commentContent'] = $string;
$_SESSION['commentCreaterID'] = $row['userid'];
$_SESSION['commentID'] = $row['id'];
}
?>
Put them into an array in $_SESSION. Make it an associative array so you can get the data for a particular comment id with $_SESSION['comments'][$id]
$stmt = $pdo->prepare("SELECT * FROM threadComments WHERE subThreadsID = ? ORDER BY created_at DESC ");
$stmt->execute([$page]);
$_SESSION['comments'] = [];
while($row = $stmt->fetch()){
$createdComments = $row['created_at'];
$idComment = $row['id'];
$userlike = $row['userlike'];
$userid = $row['userid'];
$username = $row['username'];
$dateNow = date_create($createdComments, timezone_open('Europe/Berlin'));
$timeNow = time();
$seconds = strtotime($createdComments);
$diffSeconds = $timeNow - $seconds;
$date = date_format($dateNow, 'd.m.Y - H:i');
$statement = $pdo->prepare("SELECT userid, userImage FROM users WHERE userid = ?");
$statement->execute([$userid]);
$rowImages = $statement->fetch();
extract($rowImages);
$string = $row['threadContent'];
$string = convertHashtags($string);
HTML /////
$_SESSION['comments'][$row['id']] = [
'content' => $string,
'creatorID' => $row['userid'],
'commentID' => $row['id']
];
}
?>
I am getting SQL & URL injection vulnerabilities when I scan my website. This is the code I'm using:
if(isset($_GET["id"]))
{
if(!is_int($_GET["id"]) ==FALSE)
{
//redirect this person back to homepage
} else {
$sql = "SELECT * FROM workshop WHERE id=".trim($_GET['id']);
$result = mysql_query($sql);
$row = mysql_fetch_assoc($result);
$id = $row['id'];
$prod_name = $row['prod_name'];
$description = $row['description'];
$image1 = $row['image1'];
$image2 = $row['image2'];
$image3 = $row['image3'];
$pdfFileName = $row['pdfFileName'];
$publish = $row['publish'];
$workshop_date = $row['workshop_date'];
$workshop_date_end = $row['workshop_date_end'];
$course_desc = $row['course_desc'];
$attend = $row['attend'];
$trainer_detail = $row['trainer_detail'];
$location = $row['location'];
$dateValue = $row['workshop_date'];
$year = date('Y',strtotime($dateValue));
$month = date('F',strtotime($dateValue));
$day = date('d',strtotime($dateValue));
$dateValue1 = $row['workshop_date_end'];
$year1 = date('Y',strtotime($dateValue1));
$month1 = date('F',strtotime($dateValue1));
$day1 = date('d',strtotime($dateValue1));
}
}
How do I fix it?
The SQL injection problem is in this row:
$sql = "SELECT * FROM workshop WHERE id=".trim($_GET['id']);
You're applying the value from get directly into your query without escaping it.
Do this instead:
$id = mysql_real_escape_string(trim($_GET['id']));
$sql = "SELECT * FROM workshop WHERE id=$id";
Remember that you're using deprecated mysql_* functions, mysqli_* should be used instead. Consider updating your code.
I have a database table in which leave will be updated.
It has the following columns:
id | empno | startdate | enddate | status | duration
Now I have to calculate the leave in a given month and year where the month and year will come from user input. I have a code which will retrieve the no. of leaves in the given month if the leave entry is 1.
The problem is that if the user has taken leave more than 1 time, the function is calculating only the last row from database. Any help would be appreciated.
<?PHP
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "lms";
$conn = mysqli_connect($servername, $username, $password, $dbname);
$empid = (isset($_POST['empid']) ? $_POST['empid'] : '');
$month = (isset($_POST['month']) ? $_POST['month'] : '');
$month = "2015-sep";
$month1 = date('F', strtotime('$month'));
//echo $month1;
$year = date('Y',strtotime('$month'));
$monthStart = date("Y-m-1") . "<br/>";
$num = cal_days_in_month(CAL_GREGORIAN, date("m"), date("Y"));
$monthEnd = date("Y-m-".$num)."<br/>";
//echo "$num";
$months = date('M');
$years = date ('Y');
$leave = 0;
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT `startdate`, `enddate`,`duration` FROM `leaves` WHERE `employee` = '2' AND `status` = '3'
AND `startdate` > '01-09-2015' AND `enddate` < '30-09-2015' ";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$start = ($row['startdate']);
$end = ($row['enddate']);
$startcount = ['COUNT(`employee`)'];
//$durationlvs = ($row['duration']);
echo "sdate:$start,edate:$end</br>";
//echo "lvsdur:$durationlvs";
}
function getLeavesInPeriod($start, $end) {
$date = new DateTime($start);
$endDate = new DateTime($end);
$leaves = array();
while( $date <= $endDate ) {
$year = $date->format('Y');
$month = $date->format('M');
if(!array_key_exists($year, $leaves))
$leaves[$year] = array();
if(!array_key_exists($month, $leaves[$year]))
$leaves[$year][$month] = 0;
$leaves[$year][$month]++;
$date->modify("+1 day");
}
return $leaves;
}
$leaves = getLeavesInPeriod($start,$end);
$noofleaves=$leaves[$years][$months];
echo $noofleaves;
$conn->close();
}
?>
Just changed the SQL Query to
$sql = "SELECT SUM(DATEDIFF(LEAST(enddate, '2015-09-30'),
GREATEST(startdate, '2015-09-01'))+1) days
FROM leaves WHERE
startdate<='2015-09-30' AND enddate>='2015-09-01' AND employee='2'
AND status='1'";
ufff!!! got the result.
At the moment this code updates the user info in MYSQLTABLE1. What I also want done is user info to be copied to WMYSQLTABLE which I can do but I also want a code from MYSQLTABLE2 to be copied over into a column in WMYSQLTABLE as well. Here is the part I need changing:
$sql_insert2 = "INSERT INTO ".WMYSQLTABLE2."(ip,date,address)values
('','$ip','$date','$address')";
$res_insert2 = mysql_query($sql_insert2)or die(mysql_error());
//Need to also insert code from first row from column named 'codes' in MYSQLTABLE2.
Actual code, it's a bit messy at the moment and the if/else statements do the exact same at the moment. It works but I get the error " Column count doesn't match value count at row 1" because I cannot fill the last column with the code from MYSQLTABLE2.
<?php
include("includes/config.php");
include("includes/mysql.php");
include("amount.php");
if(isset($_POST['func']))
{
$address = $_POST['address'];
$ip = $_POST['ip'];
$date = $_POST['date'];
$time = $_POST['time'];
$price = $_POST['price'];
$increment = $_POST['increment'];
$id = $_POST['id'];
$num = 0;
$sql_check_address = "SELECT * FROM ".MYSQLTABLE1." WHERE address='$address'";
$res_check_address = mysql_query($sql_check_address)or die(mysql_error());
$num = mysql_num_rows($res_check_address);
$row = mysql_fetch_assoc($res_check_address);
if($num > 0)
{
$address = $row['address'];
$ip = $row['ip'];
$date = $row['date'];
$oldprice = $row['price'];
$id = $row['id'];
$newprice = $oldprice - $payAmount*200;
$newinc = $increment - 200;
$sql_update1 = "UPDATE ".MYSQLTABLE1." SET ip='$ip',date='$date',price='$newprice',increment='$newinc',address='$address' WHERE id='$id'";
$res_update1 = mysql_query($sql_update1)or die(mysql_error());
/////////////////Insert user info and copy code from MYSQLTABLE2 to WMYSQLTABLE2
$sql_insert2 = "INSERT INTO ".WMYSQLTABLE2."(ip,date,address)values
('','$ip','$date','$address')";
$res_insert2 = mysql_query($sql_insert2)or die(mysql_error());
}
else{
$address = $row['address'];
$ip = $row['ip'];
$date = $row['date'];
$oldprice = $row['price'];
$id = $row['id'];
$newprice = $oldprice - $payAmount*200;
$newinc = $increment - 200;
$sql_update = "UPDATE ".MYSQLTABLE1." SET ip='$ip',date='$date',price='$newprice',increment='$newinc',address='$address' WHERE id='$id'";
$res_update = mysql_query($sql_update)or die(mysql_error());
/////////////////Insert user info and copy code from MYSQLTABLE2 to WMYSQLTABLE2
$sql_insert2 = "INSERT INTO ".WMYSQLTABLE2."(ip,date,address)values
('','$ip','$date','$address')";
$res_insert2 = mysql_query($sql_insert2)or die(mysql_error());
e
}
}
Any help will be greatly appreciated.
The general form of the query would be:
$sql_insert = "INSERT INTO " . WMYSQLTABLE2 . "(code, ip, date, address)
SELECT code, '$ip', '$date', '$address'
FROM OtherTable
WHERE <put something here to select the row>";
I am trying to find out how many days between two date the code bellow is an example of what i am saying but it does not work all what i get in the database is 0
<?php
$hotel_name = $_POST['hotelName'];
$room_type = $_POST['roomType'];
//date From value
$dayfrom = $_POST['dayfrom'];
$monthfrom = $_POST['monthfrom'];
$yearfrom = $_POST['yearfrom'];
//date To value
$dayto = $_POST['dayto'];
$monthto = $_POST['monthto'];
$yearto = $_POST['yearto'];
$arivDate = sprintf('%04d-%02d-%02d', $yearfrom, $monthfrom, $dayfrom);
$depDate = sprintf('%04d-%02d-%02d', $yearto, $monthto, $dayto);
$child = $_POST['child'];
$adult = $_POST['adult'];
$days = $arivDate - $depDate;
//$sortedfromdate = strtotime($arivDate);
//$sortedtodate = strtotime($depDate);
$query = "INSERT INTO tempbooking( book_date, Ariv_date, dep_date, hotel_name
)VALUES(
CURDATE(), '{$arivDate}', '{$depDate}', '{$hotel_name}')";
if(mysql_query($query,$connection)){
$booking_id = mysql_insert_id();
}else{
die("The Booking was not successful". mysql_error());
}
$queryres="INSERT INTO ro_reservation( booking_id, children, adult, room_type, number_days
)VALUES(
{$booking_id}, {$child}, {$adult}, '{$room_type}',{$days})";
if(mysql_query($queryres,$connection)){
header("Location:index.php");
//echo" Reservation Inserted";
}else{
echo "Nothing was inserted in to the ro_reservation";
}
?>
$arivDate = strtotime("2012-01-01");
$depDate = strtotime("2012-08-14");
$datediff = abs($arivDate - $depDate)
echo floor($datediff/(60*60*24));