Hi I am trying to create a dynamic php page, that changes with the id of the database row.
But till now I got this, but it doesn't show anything :-(
Have tried to find some answers from previous questions, but found nothing that helped my problem.
Anybody got any nice and simple tips how to do this??
<?php
if (isset($_GET['id'])) {
$id = $mysqli->real_escape_string($_POST['id']);
$q = "SELECT * FROM `opskriftreg` WHERE `id` = '$term' LIMIT 1;";
$q = $mysqli->query($q);
if (mysqli_num_rows($q) > 0) {
$result = mysqli_fetch_assoc($q);
echo "<div class=\"article\">".
"<div class=\"title\">".$result['title']."</div>".
"<div class=\"body\">".$result['description']."</div>".
"<div class=\"desc\">"."Kort beskrivelse: ".$result['description']."</div>".
"<div class=\"ingredients\">"."ingredienser: ".$result['ingredients']."</div>".
"<div class=\"amount\">"."amount: ".$result['amount']."</div>".
"<div class=\"guidance\">"."guidance: ".$result['guidance']."</div>".
"<div class=\"hour\">"."hour: ".$result['hour']."</div>".
"<div class=\"minutes\">"."minutes: ".$result['minutes']."</div>".
"<div class=\"laktose\">"."laktose: ".$result['laktose']."</div>".
"<div class=\"okologisk\">"."okologisk: ".$result['okologisk']."</div>".
"</div>";
}
else {
/* Article not found */
}
}
?>
Would love to learn another way to do this, if there are any more simple ones.
I only included the php code, and not my database connection. It works, I have tested it :-)
You have this:
$id = $mysqli->real_escape_string($_POST['id']);
$q = "SELECT * FROM `opskriftreg` WHERE `id` = '$term' LIMIT 1;";
So I suppose your query simply returns zero rows since you are discarding $_POST['id'] and possibly searching by a literal '$term' string an empty string.
echo "SELECT * FROM `opskriftreg` WHERE `id` = '$term' LIMIT 1;";
Notice: Undefined variable: term in D:\tmp\test.php on line 3
SELECT * FROM opskriftreg WHERE id = '' LIMIT 1;
To make it worse, you only run the query if a third variable exists:
if (isset($_GET['id'])) {
You have complete mess with variables
Condition use $_GET['id']
after that you arr using $id = .... $_POST['id']
and inside SQL you have id = '$term'
Try to be consistent in using variables. I can assume that you need to update your code to
if (isset($_GET['id'])) {
$statement = $mysqli->prepare("SELECT * FROM `opskriftreg` WHERE `id` = ? LIMIT 1");
$statement->bind_param('i', $_GET['id']); //Replace ? above with our input, specifying āiā meaning that we are passing one integer.
$statement->execute(); //Run the query
$result = $statement->get_result()->fetch_assoc();
// here goes your code
I haven't tested this, and I prefer PDO to mysqli, but it should get you closer.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
$id = isset($_GET['id']) ? $_GET['id'] : (isset($_POST['id']) ? $_POST['id'] : false);
if ($id) {
$stmt = $mysqli->prepare("SELECT * FROM `opskriftreg` WHERE `id` = ? LIMIT 1");
$stmt->bind_param('i', $id);
$stmt->execute();
$result = $stmt->get_result()->fetch_array(MYSQLI_ASSOC);
if ($result) {
echo "<div class=\"article\">".
"<div class=\"title\">".$result['title']."</div>".
"<div class=\"body\">".$result['description']."</div>".
"<div class=\"desc\">"."Kort beskrivelse: ".$result['description']."</div>".
"<div class=\"ingredients\">"."ingredienser: ".$result['ingredients']."</div>".
"<div class=\"amount\">"."amount: ".$result['amount']."</div>".
"<div class=\"guidance\">"."guidance: ".$result['guidance']."</div>".
"<div class=\"hour\">"."hour: ".$result['hour']."</div>".
"<div class=\"minutes\">"."minutes: ".$result['minutes']."</div>".
"<div class=\"laktose\">"."laktose: ".$result['laktose']."</div>".
"<div class=\"okologisk\">"."okologisk: ".$result['okologisk']."</div>".
"</div>";
}
else {
/* Article not found */
}
}
<?php
if (isset($_GET['id'])) {
$id = $mysqli->real_escape_string($_GET['id']);
$sql = "SELECT * FROM `opskriftreg` WHERE `id` = ? LIMIT 1;";
$stmt = $mysqli->prepare($sql);
$stmt->bind_param('s', $id);
$stmt->execute();
$res = $stmt->get_result();
if (mysqli_num_rows($res) > 0) {
while ($result = $res->fetch_array(MYSQLI_ASSOC)) {
echo "<div class=\"article\">".
"<div class=\"title\">".$result['title']."</div>".
"<div class=\"body\">".$result['description']."</div>".
"<div class=\"desc\">"."Kort beskrivelse: ".$result['description']."</div>".
"<div class=\"ingredients\">"."ingredienser: ".$result['ingredients']."</div>".
"<div class=\"amount\">"."amount: ".$result['amount']."</div>".
"<div class=\"guidance\">"."guidance: ".$result['guidance']."</div>".
"<div class=\"hour\">"."hour: ".$result['hour']."</div>".
"<div class=\"minutes\">"."minutes: ".$result['minutes']."</div>".
"<div class=\"laktose\">"."laktose: ".$result['laktose']."</div>".
"<div class=\"okologisk\">"."okologisk: ".$result['okologisk']."</div>".
"</div>";
}
}
else {
/* Article not found */
}
}
?>
I've assumed you want to use the $_GET variable instead of $term or $_POST.
Related
I attempt to get the result of a very simple query with the function query but nothing appears. If I execute the query in PHPMyAdmin, with the same data, I have a result.
There is my code :
$sql = "SELECT * FROM users WHERE email='$email'";
$response = $conn->query($conn, $sql);
The $conn variable is correct, I did an Insert with that.
$response is null. I can do an echo and there is nothing.
What can I do to solve this problem ? What can I check ?
Thank you very much.
You don't need to pass connection in query.
Solution:
$sql = "SELECT * FROM users WHERE email='$email'";
$response = $conn->query($sql);
while($res = $response->fetch_array()){
$name=$res['nameofuser']; //just an example
}
echo $name;
Real solution (prepare stmt):
$sql = "SELECT * FROM users WHERE email=?";
$response = $conn->prepare($sql);
$response->bind_param('s',$email);
if(!$response->execute()){
echo "Error query: " . $response->error . ".";
}
$result=$response->get_result();
while($res = $result->fetch_array()){
$name=$res['nameofuser']; //just an example
}
echo $name;
'Tips' add to real solution check if query is done.
After execute query . fetch the results
$stmt = $conn->prepare( "SELECT * FROM users WHERE email= ? ");
$stmt->bind_param("s", $email);
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows === 0) exit('No rows');
while($row = $result->fetch_assoc()) {
// your code
}
I'm creating a news website, and want to create a dynamic PHP page that will have the header and footer, and get the content itself (title and text) from the database by calling the article's id via the URL(like 'article.php?id=1'), so that there is no need for creating a new file for each article. However, I don't know what function should I use to make that work. Currently, the code is like this:
<?php
include "header.php";
$query = "SELECT title_article, subtitle_article, content_article FROM tb_article WHERE id_tb_article = 1";
$conn = mysqli_connect('127.0.0.1:3307', 'root', '', 'article') or die("error");
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo "<div class='titlediv'><h1 class='title'>" . $row["title_article"]. "</h1></div><div class='titlediv'><h3 class='title'>". $row["subtitle_article"]. "</h3></div><div class='textdiv'><p class='text'>" . $row["content_article"]. "</p></div><br>";
}
} else {
echo "Article not found";
}
include "footer.php";
?>
To get the id value from query string in URL, you can use the PHP's superglobal $_GET['id'].
To select a dynamic value from SQL using this value you must use prepared statements with parameter binding.
Your code with all the fixes would look more or less like this:
<?php
include "header.php";
$query = "SELECT title_article, subtitle_article, content_article FROM tb_article WHERE id_tb_article = 1";
// Enable mysqli error reporting and NEVER die()
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$conn = new mysqli('127.0.0.1:3307', 'root', '', 'article');
$conn->set_charset('utf8mb4'); // You should always specify the correct charset, which most of the time should be utf8mb4
// prepare -> bind -> execute -> get result
$stmt = $conn->prepare('SELECT title_article, subtitle_article, content_article
FROM tb_article
WHERE id_tb_article = ? ');
$stmt->bind_param('i', $_GET['id']);
$stmt->execute();
$result = $stmt->get_result();
if ($result->num_rows) {
// output data of each row
foreach ($result as $row) {
echo "<div class='titlediv'><h1 class='title'>" . htmlspecialchars($row["title_article"]). "</h1></div>";
echo "<div class='titlediv'><h3 class='title'>". htmlspecialchars($row["subtitle_article"]). "</h3></div>";
echo "<div class='textdiv'><p class='text'>" . htmlspecialchars($row["content_article"]). "</p></div><br>";
}
} else {
echo "Article not found";
}
include "footer.php";
Whenever output values into HTML context always do it via htmlspecialchars
You can use a GET method and the url look like 'article.php?id=2'.
<?php
include "header.php";
//use GET to get the id
$id = $_GET["id"];
// use .$id to concat to the query
$query = "SELECT title_article, subtitle_article, content_article FROM tb_article WHERE id_tb_article = ".$id;
$conn = mysqli_connect('127.0.0.1:3307', 'root', '', 'article') or die("error");
$result = mysqli_query($conn, $query);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo "<div class='titlediv'><h1 class='title'>" . $row["title_article"]. "</h1></div><div class='titlediv'><h3 class='title'>". $row["subtitle_article"]. "</h3></div><div class='textdiv'><p class='text'>" . $row["content_article"]. "</p></div><br>";
}
} else {
echo "Article not found";
}
include "footer.php";
?>
You want to look at the global variables $_GET and $_POST. In your example ('article.php?id=1') you will find the value of 'id' in $_GET['id'].
URL: article.php?id=42
echo $_GET['id']; // Outputs 42
Remember that anyone can change that value in the URL and even injecting malicious queries into your query. Its better to at least cast your id to an integer first and use always mysqli_real_escape_string() for URL given variables in the query.
URL: article.php?id=42;DROP TABLE tb_article
echo $_GET['id']; // Outputs "42;DROP TABLE tb_article", would delete your table when used directly
// Convert to an integer value
$id = intval($_GET['id']); // Returns 42
$query = "... FROM tb_article WHERE id_tb_article = ".mysqli_real_escape_string($id);
I'm new to PHP and SQL. I'm trying to make a rule so that it will only show certain information for certain pages. The code I'm using is
include 'dbh-login.php';
$id = $_GET['id'];
$i = 1;
while ($i != 100) {
$sql = "SELECT * FROM ui_off WHERE id='$i'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
if ($row['link'] = $id) {
echo $row['title']."<br>";
}
$i++;
}
The if statement seems to have no effect on weather the script echoes the title or not.
You are missing == assignment. Here is the working code.
$id = $_GET['id'];
$i = 1;
while ($i != 100) {
$sql = "SELECT * FROM ui_off WHERE id='$i'";
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
if ($row['link'] == $id) {
echo $row['title']."<br>";
}
$i++;
}
Your code does not make any sense.
You are using a while loop and looping in it 100 times just to check if 1 row have the given id.
Why don't you search directly for the id? Your code will be cleaner and you will free some memory on the server by deducting 100 queries each time the page is opened.
$id = $_GET['id'];
$sql = "SELECT * FROM ui_off WHERE id!='100' AND link='$id'" ;
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
if ($row['link'] != '') {
echo $row['title']."<br>";
}
Here is my code:
case 'records': $this-> get_records ($callParams[1]);
private function get_records($id)
{
$result = get_records_info ($id) ;
if(count($result) > 0)
$this->response($this->text/html($result), 200);
else
$this->response('',204);
}
function get_records_info (){
$result = mysql_query ("SELECT * FROM `records` ")
or die(mysql_error());
while($records = mysql_fetch_array( $result )) {
echo "<div>" .$records['records_name']. "</div>";
echo "<div>info:" .$records['w']. $records['l']. $records['d']. $records['k']."</div>";
echo "<div>info2:".$records['info2']."</div>";
}
}
Here is what I'm trying to do:
When you click on records is goes to domain.com/record/id and only displays the record of that id.
Here is what is happening:
I got it to work but I'm getting all the records in the database.
Your result is currently:
mysql_query ("SELECT * FROM `records` ")
This is going to grab all the records regardless. What you want is something like this:
mysql_query ("SELECT * FROM `records` WHERE `id` = '$id' ")
$id being the supplied id to fetch the record for.
Note: As stated in the comments, stay away from mysql_* functions as it is depreciated. Look into PDO or MySQLi :)
try this.... You are passing the id in function but not using thats why it is showing you all recrods, pass id in function function get_records_info ($id) then in query .
<?php
//case 'records': $this-> get_records ($callParams[1]);
case 'records': $this-> get_records ($id); //just pass the id of the user here
private function get_records($id)
{
$result = get_records_info ($id) ;
if(count($result) > 0)
$this->response($this->text/html($result), 200);
else
$this->response('',204);
}
function get_records_info ($id){
$result = mysql_query ("SELECT * FROM `records` where `id` = ' ".$id." ' ")
or die(mysql_error());
while($records = mysql_fetch_array( $result )) {
echo "<div>" .$records['records_name']. "</div>";
echo "<div>info:" .$records['w']. $records['l']. $records['d']. $records['k']."</div>";
echo "<div>info2:".$records['info2']."</div>";
}
}
?>
Hello im new to php but i cant make this dynamiclist to work here is the code..
<?php
if (isset($_GET['id'])) {
include "DocumentSystem/scripts/connect_to_mysql.php";
$id = preg_replace('#[^0-9]#i', '', $_GET['id']);
$dynamicList = "";
$sql = mysql_query("SELECT * FROM documents WHERE id='$id' LIMIT 1");
$documentCount = mysql_num_rows($sql); // count the output amount
if ($documentCount > 0) {
while($row = mysql_fetch_array($sql)){
$id = $row["id"];
$document_name = $row["document_name"];
$full_document = $row["full_document"];
$dynamicList .= '<div id="slidepic">
<img src="images/document_images/'.$id.'.jpg" width="550" height="350" />
<div id="slideshow">
<h1> '.$document_name.'</h1>
<br />
<p1>'.$full_document.'</p1>
</div>
</div>';
}
} else {
$dynamicList = "We have no documents listed in the database";
}
mysql_close();
?>
It is getting the correct id from the url but the query isnt working for me
thx for any answers!
Try
to usr mysql_fetch_array($sql,MYSQL_ASSOC)or mysql_fetch_assoc($sql) instead of mysql_fetch_array($sql)
By default mysql_fetch_array return non associative array.
Pay attention:
Do not SELECT * FROM table_name. It's better for performance to use SELECT column1, colum2 FROM table_name
Mysql module is deprecated. It's better to use PDO mysql module page MySQL API comparison
Please use you have get the query result
<?php
$con = mysql_connect("localhost","username","password");
mysql_select_db("your_database_name", $con);
$result = mysql_query("SELECT * FROM documents WHERE id = '$id' LIMIT 1");
while($row = mysql_fetch_array($result))
{
echo = $row["id"];
echo = $row["document_name"];
echo = $row["full_document"];
}
mysql_close($con);
?>