I'm trying to retrieve dynamic query PHP pages. First page passing values of city or id next page by post method.
I know here sql injection can done.
but i m using in it on private network and every user session is tracked.
and table1 is protected.
Table looks like this:
TABLE1
-----------------------------------------------------
1 select * from tablename1 where ID = $id
2 select * from tablename1 where city = $city
2 select * from tablename1 where ID = $id and city = $city
-----------------------------------------------------
Now I run page contain code:
$id = $_POST["id"];
$city= $_POST["city"];
$tabledata = mysql_query("SELECT * FROM table1 ");
$a=mysql_fetch_row($tabledata );
$query_table=$a['1']; // retrieve sql query from table1 which stored in 2nd column
echo " $query_table"; // display query
$result = mysql_query($query_table);
while ($field = mysql_fetch_row( $result) )
{
echo "<td> $field[1] </td>";
}
Now, the problem is that I can't get results. $result is empty?
How pass $city or $id value to query?
But if I remove WHEREcondition from TABKE1 then it works well. So, how can I make for WHERE condition to pass parameters?
how can i do this . any other option here to call stored query on 1 table and process it on other page and oher table
The query in table1 should be like this
-----------------------------------------------------
1 select * from tablename1 where ID = '".$id."'
2 select * from tablename1 where city = '".$city."'
3 select * from tablename1 where ID = '".$id."' and city = '".$city."'
-----------------------------------------------------
and proceed further with your coding and it will show you the result.
OPTION 2:
Table 1:
-----------------------------------------------------
1 select * from tablename1 where ID =
2 select * from tablename1 where city =
-----------------------------------------------------
and change in php code like this
$query_table=$a['1']." '".$id."'" ;
or
$query_table=$a['2']." '".$city."'" ;
OPTION 3:
Table 1:
-----------------------------------------------------
1 select * from tablename1
-----------------------------------------------------
and change in php code like this
$query_table=$a['1']." where ID = '".$id."'" ;
or
$query_table=$a['1']." where ID = '".$id."' AND city = '".$city."' " ;
If you want the result with ID or City
mysql_query("SELECT * FROM table1 WHERE ID = '$id' OR city = '$city'");
and If you want with both mandatory
mysql_query("SELECT * FROM table1 WHERE ID = '$id' AND city = '$city'");
Related
I am fetching multiple rows from my data base like,
$query = "SELECT * FROM student_info where district = '".$admdistrict."' AND user_status = 'approved' ORDER BY id DESC";
$result = mysql_query($query) or die(mysql_error());
$delete = mysql_fetch_array($resultt);
$std_delete_array = explode(',', $delete['id']);
the value of id in database is like 4,5,6 in different rows but it is giving only first value 4.
Another array I am fetching is,
$query="SELECT * FROM events where id='$district'";
$showdata=mysql_query($query) or die(mysql_error());
$user=mysql_fetch_array($showdata);
$std_fulllist_array = explode(',', $user['std_list']);
the value in database is 4,5,6,8. But in single coloumn, so it is giving proper output. now I want to subtract $std_delete_array from $std_fulllist_array.
I am using following code,
$values = array_diff($std_fulllist_array, $std_delete_array);
which is only subtracting first value of $std_delete array.
strucutre of table student_info is
id ! name ! District
4 a panipat
5 b panipat
6 c panipat
strucutre of table events is
id ! district ! std_list
1 panipat 4,5,6
2 karnal 4,7,8
3 chandigarh 5,6,7
You are saying the value of id in database is like 4,5,6 in different rows
that means your table is look like
id district
-- ---------
4 abc
5 def
6 geh
8 ijk
so your first query is fetching multiple records.
EDIT
So your query would be
$ret_ = array();
$query = "SELECT * FROM student_info where district = '".$admdistrict."' AND user_status = 'approved' ORDER BY id DESC";
$result = mysql_query($query) or die(mysql_error());
if (mysql_num_rows($result) > 0) {
// output data of each row
while($row = mysql_fetch_array($result)) {
echo $row['id'];
$ret_[] = $row;
}
}
print_r($ret_);
I am having problems achieving the query to select data from a table in the db after a defined value has been met.
My code to do this is:
$fi = 'first_segment'
$im = popo.jpg
$sqls = "SELECT * FROM $fi,news_pictures
WHERE $fi.pi_id = news_pictures.pi_id
AND news_pictures.i_name = '$im'
GROUP BY news_pictures.id DESC";
I wasn't able to achieve the result with that query.
Basically, I want the query to confirm if news_pictures.i_name = '$im' and if true, return starts from the value of $im followed by other data in the table depending on news_pictures.id DESC.
The sample data and output:
Table news_pictures:
id i_name
-- ------
1 coco.jpg
2 lolo.jpg
3 popo.jpg
4 dodo.jpg
Since $im = popo.jpg, I want my query to display all values starting from popo.jpg with id DESC, i.e. popo.jpg, lolo.jpg, coco.jpg.
I got to solve the question with the help of a friend.
$fsqls = "SELECT * FROM $fi,news_pictures WHERE $fi.pi_id = news_pictures.pi_id AND news_pictures.i_name = '$im' GROUP BY news_pictures.id";
$rres = mysqli_query($connection, $fsqls) or print(mysqli_error($connection));
while($row = mysqli_fetch_assoc($rres))
{
$rnm = $row["id"];
}
$sqls = "SELECT * FROM news_pictures WHERE news_pictures.id <= $rnm ORDER BY news_pictures.id DESC";
table1:
id (autoincrement)
username
category
table2:
id (autoincrement)
itemname
category
I have 2 queries.
1 query one shows categories that a user (logged in) belongs to:
$sql = "SELECT * FROM table1 WHERE '$login_session' = username";
I can list each record:
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "category: " . $row["category"]. "<br>";
}
That works fine.
My 2nd query is dependent on the 1st query. I need to list all records from table2 where category belongs to in array category in previous query.
$sql2 = "SELECT * FROM table2 WHERE category = I DO NOT KNOW WHAT TO PUT HERE";
How do I write $sql2?
One method uses in:
SELECT *
FROM table2
WHERE category IN (SELECT category FROM table1 WHERE '$login_session' = username");
You can use IN()
$sql = 'SELECT * FROM table2 WHERE category IN ('"' . implode('","', $arrayOfCategories).'"')'
I want to fetch value Rows from single table.I want to fetch sub_id for specific id.
I achieved my require ment in 2 query.I want to do it in single query.I want to display result as Event,order history,Eent Ticket,calander
$sql="select * from table1 where roles like %admin% and sub_id='0'"
$sql1=mysql_query($sql);
while($fet=mysql_fetch_assoc($sql1))
{
$id=$fet['id'];
$query="select page_name from table1 where sub_id= '$id'";
.. ..
}
Use a JOIN
SELECT t1.id, t1.sub_id, t1.page_name, t2.page_name AS parent_page
FROM table1 AS t1
JOIN table1 AS t2 ON t1.sub_id = t2.id
WHERE t2.roles like '%admin%' AND t2.sub_id = '0';
DEMO
use this
$sql="select sub_id from table1 where id='".$id."' ";
After this, use results of this as below
$sql= "select * from table1 where roles like %admin% and sub_id in($ids)";
You dont need another query to get the value of page_name just use $fet['page_name']; you already get the data of page_name in your first query.
$sub_id = $fet['sub_id'];//
echo $sub_id;//
$page_name = $fet['page_name'];//You can get and use the value of page_name here
UPDATED
if you want Event,Order History,Event Ticket and Calander
then change your where to sub_id = '2' ordered by id ascending.
$sql="select * from table1 where roles like %admin% and sub_id='2' order by id asc"
$sql1=mysql_query($sql);
while($fet=mysql_fetch_assoc($sql1))
{
echo $fet['page_name'].'<br/>';//display the page_name
}
You can also use the single query for getting page_name:
SELECT page_name FROM table1
WHERE roles LIKE %admin%
AND sub_id = 2
you can get Event,Order History,Event Ticket,Calendar as:
$sql="SELECT page_name FROM table1
WHERE roles LIKE %admin%
AND sub_id = 2";
$sql1=mysql_query($sql);
$records = array();
while($fet=mysql_fetch_assoc($sql1))
{
$records[] = $fet['page_name'];
}
echo implode(",",$records); // Event,Order History,Event Ticket,Calendar
UPDATE 1:
use sub_id = 2 for getting all page_name related to Event MAnagement
Side note:
I suggest you to use mysqli_* or PDO, instead of mysql_* because mysql_* is deprecated in not available in PHP 7.
$sql="select sub_id from table1 where id='".$id."' ";
if thats what you want.
I'm currently working on a message board which only displays data if values in another table are set.
My 2 tables look like this:
tbsubscribers:
-subID (int)
-msg1 (tinyint)
-msg2 (tinyint)
-msg3 (tinyint)
-email (varchar)
tbmessage
-id (int)
-name (varchar)
-mitteilung (varchar)
-sender (varchar)
-datum (datetime)
The actual messages are in the tbmessage table and to check which messages the user wants to see there is the tbsubscribers table.
Now, I want to display the messages. So if a user subscribed to msg1 and msg2 (so the value of both are 1) it should select all the data from tbmessage which has the name 'msg1' and 'msg2'.
I know how to work with select in mysql but don't know how I could select multiple tables, and especially in this case I'm kind of confused how I would do this.
Any help would be appreciated
A simple join should work:
SELECT * FROM `tbsubscribers` s
RIGHT JOIN `tbmessage` tb ON (
CASE WHEN msg1 = 1 THEN name = 'msg1' END OR
CASE WHEN msg2 = 1 THEN name = 'msg2' END OR
CASE WHEN msg3 = 1 THEN name = 'msg3' END
)
I created a sqlfiddle here, which should demonstrate the functionality you're looking for.
I'm going to make some edits to clarify how you should do this, using both the query above, and another query if need be.
There are a few ways you can do this. Way #1:
<?php
/*
* If you already have username (email) in session,
* then you can do this:
*/
$query = "SELECT m.* FROM `tbsubscribers` s
RIGHT JOIN `tbmessage` m ON (
CASE WHEN msg1 = 1 THEN name = 'msg1' END OR
CASE WHEN msg2 = 1 THEN name = 'msg2' END OR
CASE WHEN msg3 = 1 THEN name = 'msg3' END
)
WHERE email = " . my_escape_string_function($_SESSION['username']);
/*
* If tbsubscribers has a '1' in msg1, then all msg1's are grabbed.
* If tbsubscribers has a '2' in msg2, then all msg2's are grabbed...etc
*/
//Set $rows equal to the result
return $rows;
?>
Way #2:
<?php
/*
* If you already have username (email) in session,
* then you can do this:
*/
$query = "SELECT * FROM `tbsubscribers` s
WHERE email = " . my_escape_string_function($_SESSION['username']);
/*
* Run this query, and fetch the entire userrow, and put into $user
* An alternative could be to just store the entire user array into
* $_SESSION, as you wont have to query the database twice.
*/
$tofetch = array();
for ( $i=1; $i<=3; $i++ )
{
//Let's check msg1, msg2, msg3
if ( $user['msg' . $i] )
{
$tofetch[] = "name = 'msg" . $i . "'";
}
}
/*
* If tbsubscribers has a '1' in msg1, and a '1' in msg2 then the array
* will look like this:
* array(
* 0 => "name = 'msg1'"
* 1 => "name = 'msg2'"
* )
*/
//Throw an exception if all 'msg1', 'msg2', and 'msg3' are all 0 (Otherwise the query will fail)
if ( empty($tofetch) ) {
throw new Exception("You're not subscribed to any messages.");
}
/*
* Now it's a simple query. $tofetch will be imploded, to form a nice
* where statement. Using the example above, it will look like:
* name = 'msg1' OR name = 'msg2'
*/
$query = "SELECT *
FROM `tbmessage`
WHERE " . implode(' OR ', $tofetch);
//Set $rows equal to the result
return $rows;