for some reason I cant seem to get the data to insert php and mysql.
I have a init.php with the connection string in, a order.php file and finaly a band_list.php.
I am having some problem getting the data in to database.
the database has 3 tables:
order it has id, order_id and band_id columns
users it has id, name and password columns
bands it has Band_id, name and stock columns
band_list.php has a band gig details in it shown to the user.
<?php
require 'core/init.php';
$Band_id = $_GET['id'];
$result = mysql_query("SELECT * FROM bands WHERE Band_id = $Band_id");
echo "<table border = '1'>
<tr>
<th>Band Name</th>
<th>Venue</th>
<th>Category</th>
<th>Stock</th>
<th>Add</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr><form name=\"myform\" action=\" order.php\" method=\"post\">";
echo "<td> <input name=\"band\" type=\"hidden\" value=\"". $Band_id."\" ></td>";
echo "<td>" .$row['Name']. "</td>";
echo "<td>" .$row['Venue']. "</td>";
echo "<td>" .$row['Category']. "</td>";
echo "<td>" .$row['Stock']. "</td>";
echo "<td><button>Buy Ticket</button></td>";
echo "<td><input type=\" submit\" value=\"Buy Ticket\"></td>";
echo "</tr> </form>";
}
echo "</table>";
?>
order.php has the query that is meant to send the data to the database
<?php
require 'core/init.php';
session_start();
$Band_id = $_REQUEST['Band_id'];
$user_id = $_SESSION['user_id'];
$sql = "INSERT INTO orders (band_id,user_id) VALUES($Band_id,$user_id)";
mysql_query ($sql, $linkme)
or die ("could not add to database");
?>
and the connection string is in a init file.
so the idea is when the user clicks buy ticket it gets the current Band_id and user_id and inserts them into the database table orders in to columns band_id and user_id.
This is not happing I am just getting my or die ("could not add to database"); string come up.
Is there a problem with the way I have done it?
<input name=\"band\" type=\"hidden\" value=\"". $Band_id."\" >
And you're trying to get POST variable "Band_id" (which does not exist)
$Band_id = $_REQUEST['Band_id'];
Should be
$Band_id = mysql_real_escape_string($_REQUEST['band']);
Other details:
In order.php, it's better to place "session_start()" at the
beginning (before anything)
Consider using mysqli or PDO instead of deprecated mysql
You could get band id with $_POST instead of $_REQUEST because your
form sends it with post method
Related
I have code that takes values from a database that belong to a particular user.
<?php
$user = $_SESSION['username'];
$q = intval($_GET['q']);
$db = mysqli_connect('localhost', 'username', 'password', 'database_name');
$sql = "SELECT * FROM savedtimes WHERE username = '$user' AND session = '$q' ORDER BY timeid";
$result = mysqli_query($db, $sql);
//$SNo = I might need to put something over here which makes it show the order number.
echo "<table>
<tr>
<th>S.No.</th>
<th>time</th>
<th>Avg of 5</th>
</tr>";
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $SNo . "</td>";//This is the S.no column.
echo "<td>" . $row['value2'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
Now, while it is displaying these values in the order of a field called timeid, which is on auto increment, I want to have a column called S.No (only while displaying, not in the actual database), which orders them from 1 to the last number. Please note that I can't just use 'timeid', because I have multiple users, so the numbers won't be continuous. So basically, the order is that of 'timeid', but I want a column showing up with continuous numbers. How do I do this?
Declare a counter variable (with a value of 1) outside of the while() loop. Display it inside the loop and subsequently increment it at the end of the loop.
// your code
$SNo = 1;
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $SNo . "</td>";
echo "<td>" . $row['value2'] . "</td>";
echo "</tr>";
++$SNo;
}
// your code
So I have two pages. One shows all of the users who have filled out the form. On this page the ID is hyperlinked to the users individual page. On the individual page it should only show their individual information. When I do it, it still shows everyones information and I can't figure out how to change it.
This is my table for all the users.
<?php
//Establish the connection to the database server
$conn = mysql_connect("localhost","root", "MIS42520!$") or die (mysql_error());
//Tell the connection which database to user_error
mysql_select_db("assignment_3", $conn);
//Tell the database what you want, with an SQL statement
$sql = "select id, firstname, lastname, emailaddress from usertable";
//Run the sql statement against the connection
$result = mysql_query($sql, $conn) or die (mysql_error());
//Process the result set $result
print "<center><table id='adminTable' border=1>";
print "<tr><th>ID</th><th>First Name</th><th>Last Name</th> <th> Email Address</th> </tr>";
while($row = mysql_fetch_array($result)){
echo "<tr>";
echo "<td>{$row['id']}</td>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['emailaddress'] . "</td></tr>";
}
echo "</table></center>"; //Close the table
?>
My table for the single user is essentially exactly the same but I added the following on top
$id= $_GET['id'];
Change your $sql variable to this:
$sql = "select id, firstname, lastname, emailaddress from usertable where id='".htmlentities($_GET['id'])."'";
Well.. you need to change the statement for the page of the only one user i think
Try this
$sql = "select id, firstname, lastname, emailaddress from usertable where id =".$id;
And as #jay-blanchard say in the comment, try not to use deprecated methods/clases, use prepared statements here's the link to themysqli class
I have a problem with PHP and Mysql. PHP is acting very strange. This is my code
echo "<form action='scripts/leerling.php' method='post'>";
echo "Nieuwe Leerling: <br/><br/>";
echo "Naam<br/>";
echo "<input type='text' name='naam'/><br/><br/>";
echo "Leeftijd<br/><input type='number' name='leeftijd'/><br/><br/>";
echo "Ouder:<br/>";
echo "<select name='ouder'>";
$result2 = mysqli_query($con, "SELECT * FROM users WHERE group=3");
while($record2 = mysqli_fetch_array($result2)){
echo "<option value='" . $record2["id"] . "'>" . $record2["username"] . "</option>";
}
echo "</select><br/> <br/>";
echo "<input type='image' src='img/plus.png'/><span style='font-size: 11pt;'> Leerling Toevoegen</span>";
echo "</form>";
i think everyting is allright. I want to make a selectbox with variable options. Now comes the annoying part: if i change this:mysqli_query($con, "SELECT * FROM users WHERE group=3") To this:mysqli_query($con, "SELECT * FROM users WHERE id=3") it works! and i dont know why... My table of my database sure has a column named ID AND a column named group and they are both the datatype INT but ID is also A_I. I dont know if that matters...
Perhaps because GROUP is a reserved word in MySQL? Try this:
$result2 = mysqli_query( $con, "SELECT * FROM users WHERE 'group' = 3" );
I am creating a small part of intranet for my college using php with css and mysql. i have created a database called "mop" which is my college name. it consists of 2 tables - students(regno,name,dept,year) and staff(id,password,dept). i have made this form for staff login. after the login is made it checks for the id and password in the staff table and here is the php that thr above form refers to:
$myid = stripslashes($myid);
$mypassword = stripslashes($mypassword);
$myid = mysql_real_escape_string($myid);
$mypassword = mysql_real_escape_string($mypassword);
$sql="SELECT * FROM $tbl_name WHERE id='$myid' and password='$mypassword'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$_SESSION['myid'];
$_SESSION['mypassword'];
header("location:form3.php");
}
if the login is successful it goes to a menu with view/insert/delete student database option and based on the option it goes to the page accordingly. here is the view coding (for eg) of options:
<?php
$con=mysqli_connect("localhost","staff","123456","mop");
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM student");
echo "<table border='1'>
<tr>
<th>Register No</th>
<th>Name</th>
<th>Department</th>
<th>Class</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['regno'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['department'] . "</td>";
echo "<td>" . $row['class'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
now my problem is if a staff of particular dept say CSE or ECE logs in then the staff should be able to view only the students who are of the same dept(this should be done automatically and dept selection shouldnt be done through drop down lists or radio buttons or any other method). i have an idea but unable to implement it. the value of dept from staff table should be stored in some variable say $dept and in my view/insert/delete page i should be able to manipulate the query accordingly like $sql="select * from student where department=$dept";
i am unable to implement this. can anyone of u tell me how to do it?
is this possible? or any other work around for this??
Just put a session_start(); at the beginning of your PHP code and then
after
$result=mysql_query($sql);
put
$_SESSION['myDept'] = $result['dept']
This is the dept from staff table, it will be stored in the $_SESSION array.
This array have a session time live.
Then in each code ( this one or another PHP ), since you have putted a session_start(); you will have access to the $_SESSION array. So you will have acces to your "dept".
So you are able to make a SQL to select only the student in the staff dept.
i cannot get a row to delete as the id is not going through the url. its a simple error somewhere and i cannot find the solution after having a look around for an hour.
this page contains the information on a table:
<?php
$result = mysql_query("SELECT review, ratings, date, user FROM reviews")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Reviews Yet';
} else {
echo "<table border='0'><table width=100% border='6'><tr><th>Comments/Thoughts</th><th>Ratings</th><th>Date</th><th>User</th><th>Delete</th></tr>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['review']. "</td>";
echo "<td>" . $info['ratings']. " Stars</td>";
echo "<td>" . $info['date']. "</td>";
echo "<td>" . $info['user']. "</td>";
echo "<td>" . " <a href='deletereview.php?review_id=" . $info['review_id'] . "'>Delete</a> </td>";
echo "</tr>";
}
}
echo "</table>";
?>
it goes to deletereview.php which carries out the delete function:
<?php
session_start();
require_once '../includes/db.php';
$id = $_GET['review_id'];
$info = "DELETE FROM reviews WHERE review_id = '$id'";
mysql_query($info) or die ("Error: ".mysql_error());
echo "<h2>Review Deleted</h2>";
?>
any ideas guys?
You're not selecting the review_id in the query, so $info["review_id"] is always null.
Aside from the other answers, I'll say this:
Your database will get jacked if you do not sanitize your variables.
For instance, what happens if I pass review_id=' OR '1'='1?
DELETE FROM reviews WHERE review_id = '' OR '1'='1'
This query will delete everything in reviews.
mysql_real_escape_string() your $_GET and $_POST variables before using them in your MySQL.
You forgot to select the review_id.
$result = mysql_query("SELECT review_id, review, ratings, date, user FROM reviews")
You're not selecting review_id from the database but you use $info['review_id'] to set the ID on the URL. Just change your first line to:
$result = mysql_query("SELECT review_id, review, ratings, date, user FROM reviews")
Also you must escape the input with mysql_real_escape_string:
$id = mysql_real_escape_string($_GET['review_id']);
You have to select the review_id in the query. But also you have to check for some SQL injection, because with the GET request it's easy to delete all the table records.