Filter MySQL Table Search - php

I am trying to set up a PHP MySQL search script which will let me print the content of my membership MySQL database table and then filter the results using different criteria.
The following fields are used in my MySQL table:
committee_id
rank
last_name
first_name
sex
address
email
phone_number
active_status
I want 2 ways to filter the data:
1) using using a drop down with all the available rank i can filter the results by rank of member.
2) using a drop down with all the available active_status you can filter the results by active status only.
I have set up my search form successfully, and printed all MySQL Table contents, Only the search by position part is filtering my result, but not the active_status, the filter part is a challenge. here is my html table and search script:
<?php include("./includes/connnect.php");?>
<!DOCTYPE HTML>
<html>
<body>
<table>
<thead>
<tr>
<td>ID</td>
<td>position</td>
<td>Last Name</td>
<td>First Name</td>
<td>Sex</td>
<td>Address</td>
<td><strong>Email</td>
<td><strong>Phone Number</td>
<td>Status</td>
</tr>
</thead>
<tbody>
<?php
if ($_REQUEST["position"]<>'') {
$search_position = " AND position='".mysql_real_escape_string($_REQUEST["position"])."'";
}
if ($_REQUEST["status"]<>'') {
$search_status = " AND status='".mysql_real_escape_string($_REQUEST["status"])."'";
}
else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE committee_id>0".$search_position.$search_status;
}
$sql_result = mysql_query ($sql, $connection ) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
while ($row = mysql_fetch_assoc($sql_result)) {
?>
<tr>
<td><?php echo $row["committee_id"]; ?></td>
<td><?php echo $row["rank"]; ?></td>
<td><?php echo $row["last_name"]; ?></td>
<td><?php echo $row["first_name"]; ?></td>
<td><?php echo $row["sex"]; ?></td>
<td><?php echo $row["address"]; ?></td>
<td><?php echo $row["email"]; ?></td>
<td><?php echo $row["phone_number"]; ?></td>
<td><?php echo $row["active_status"]; ?></td>
</tr>
<?php
}
} else {
?>
<tr><td colspan="5">No results found.</td>
<?php
}
?>
</tbody>
</table>
</body>
</html>
I would appreciate any suggestions to get this going.
Thanks.


That is because when there is $_REQUEST["status"] the variable SQL is not setted as you put it on the else statement
if ($_REQUEST["status"]<>'') {
$search_status = " AND status='" .
mysql_real_escape_string($_REQUEST["status"])."'";
}
else { /// this is your problem
$sql = "SELECT * FROM ".$SETTINGS["data_table"]."
WHERE committee_id>0".$search_position . $search_status;
}
Put the $sql out of the else and take the else out.


Thank you Jorge your solution worked. But I got the same result with these elseif statements:
if ($_REQUEST["position"]<>'') {
$search_position = " AND position='".mysql_real_escape_string($_REQUEST["position"])."'";
}
if ($_REQUEST["status"]<>'') {
$search_status = " AND status='".mysql_real_escape_string($_REQUEST["status"])."'";
}
if ($_REQUEST["position"]<>'' and $_REQUEST["status"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]."
WHERE position = '".mysql_real_escape_string($_REQUEST["position"])."'
AND status = '".mysql_real_escape_string($_REQUEST["status"])."'";
}else if ($_REQUEST["position"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE position = '".mysql_real_escape_string($_REQUEST["position"])."'".$search_city;
}else if ($_REQUEST["status"]<>'') {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE status = '".mysql_real_escape_string($_REQUEST["status"])."'".$search_position;
}else {
$sql = "SELECT * FROM ".$SETTINGS["data_table"]." WHERE committee_id>0".$search_position.$search_status;
}
I shall have to convert these to mysqli or pdo as advised.

Related

Loading current user from database

So I have a table named realtimeusage it contains ID, KWH, UnitValue, AccessTIME I want to fetch usage only for the Current user by his "id" any suggestion for my code
<?php
session_start();
require_once('connect.php');
$_SESSION['id'] = $id;
// For display Current user realtimeusage
$displayquery = "SELECT * ";
$displayquery .= "FROM realtimeusage WHERE `id` = '".$_SESSION['id']."'";
$displayresult = mysqli_query($connection, $displayquery);
if (!$displayresult){
die("database query failed");
}
?>
the table to fetch data:
<table>
<thead>
<tr>
<th> AccountID</th>
<th> KWH</th>
<th>UnitValue</th>
<th>AccessTIME</th>
</tr>
</thead>
<tbody>
<?php
while ($rows= mysqli_fetch_assoc($displayresult)) {
?>
<!--id-->
<td><?php echo $rows["ID"]; ?></td>
<!--User name-->
<td><?php echo $rows["KWH"]; ?></td>
<!--Full name-->
<td><?php echo $rows["UnitValue"]; ?></td>
<!-- Roles-->
<td><?php echo $rows["AccessTIME"]; ?></td>
</tbody>
<?php } ?>
</table>
when I run this code it shows all usage in the table
<?php
session_start();
require_once('connect.php');
$username = $_SESSION['username'];
$roles = $_SESSION['roles'];
// For display realtimeusage
$displayquery = "SELECT * ";
$displayquery .= "FROM realtimeusage";
$displayresult = mysqli_query($connection, $displayquery);
if (!$displayresult){
die("database query failed");
}
?>

From where are you getting the value of id? I guess id is in $_SESSION['id'], if user is logged in, and to use that id you need to change the assignment statement as
$id=$_SESSION['id'];
And use $id in query
$displayquery .= "FROM `realtimeusage` WHERE `id` = '".$id."'";

How to print every all values with its categories

I have a page that gives me info from database.
Date - notes - account_type
In account_type I have 3 types of account PS: A - B - C.
$Qdaily_entriesD = mysqli_query($connect, "SELECT * FROM daily_entries ORDER BY account_type DESC");
while ($showRowGeneral = mysqli_fetch_assoc($Qdaily_entriesD))
{
?>
<tr>
<td><?php echo $showRowGeneral['account_type'];?></td>
<td><?php echo $showRowGeneral['riyal'];?></td>
<td><?php echo $showRowGeneral['dollars'];?></td>
</tr>
<?php
}
I want when I print the values it came out with different urls for each account_type.
Like: accounts.php?type=A , B or C
This is what i have tried
<?php
$Qdaily_entriesD = mysqli_query($connect, "SELECT * FROM daily_entries ORDER BY account_type DESC");
while ($showRowGeneral = mysqli_fetch_assoc($Qdaily_entriesD))
{
if ($showRowGeneral['account_type'] == 'b')
{
?>
<tr>
<td><?php echo $showRowGeneral['account_type'];?></td>
<td><?php echo $showRowGeneral['riyal'];?></td>
<td><?php echo $showRowGeneral['dollars'];?></td>
</tr>
<?php
}
}
?>
<tr><td colspan='3'><a href='?type=A'>A</a>, <a href='?type=B'>B</a> or <a href='?type=C'>C</a></td></tr>
but how to achieve this?
Thanks advanced.

Have you tried to use $_GET ?
Read this for more info https://www.w3schools.com/php/php_forms.asp
In your code you want to use it like so,
if ($showRowGeneral['account_type'] == $_GET['type'])

If you want to have a link for each line :
$Qdaily_entriesD = mysqli_query($connect, "SELECT * FROM daily_entries ORDER BY account_type DESC");
while ($showRowGeneral = mysqli_fetch_assoc($Qdaily_entriesD))
{
?>
<tr>
<td><?echo $showRowGeneral['account_type'];?></td>
<td><?echo $showRowGeneral['riyal'];?></td>
<td><?echo $showRowGeneral['dollars'];?></td>
<td>your text</td>
</tr>
<?
}

How to retrieve data from database and display it in table

I am using WordPress and the global class $wpdb in order to retrieve data from MySQL database and display the results in a table.
I have 4 dropdown list that allow the user to select the required inputs then based on the selected inputs the system display all the related data for the user selection.
When I try to run the code it display error:
Notice: Array to string conversion
first part of code :
<?php
/*
Template Name: search info
*/
get_header();
?>
<?php
// code for submit button ation
global $wpdb,$_POST;
//variables that handle the retrieved data from mysql database
if(isset($_POST['site_name']))
{
$site_name=$_POST['site_name'];
}
else { $site_name=""; }
if(isset($_POST['owner_name']))
{
$owner_name=$_POST['owner_name'];
}
else { $owner_name=""; }
if(isset($_POST['Company_name']))
{
$company_name=$_POST['Company_name'];
}
else { $company_name=""; }
if(isset($_POST['Subcontractor_name']))
{
$Subcontractor_name=$_POST['Subcontractor_name'];
}
else { $Subcontractor_name="";}
$site_id = ['siteID'];
$equipment_type = ['equipmentTYPE'];
$lat=['latitude'];
$long=['longitude'];
$height = ['height'];
$owner_contact = ['ownerCONTACT'];
$sub_contact = ['subcontractorCONTACT'];
$sub_company = ['subcontractorCOMPANY'];
if(isset($_POST['query_submit']))
{
//query to retrieve all related info of the selected data from the dropdown list
$query_submit =$wpdb->get_results ("select
site_info.siteID,site_info.siteNAME ,site_info.equipmentTYPE,site_coordinates.latitude,site_coordinates.longitude,site_coordinates.height ,owner_info.ownerNAME,owner_info.ownerCONTACT,company_info.companyNAME,subcontractor_info.subcontractorCOMPANY,subcontractor_info.subcontractorNAME,subcontractor_info.subcontractorCONTACT from `site_info`
LEFT JOIN `owner_info`
on site_info.ownerID = owner_info.ownerID
LEFT JOIN `company_info`
on site_info.companyID = company_info.companyID
LEFT JOIN `subcontractor_info`
on site_info.subcontractorID = subcontractor_info.subcontractorID
LEFT JOIN `site_coordinates`
on site_info.siteID=site_coordinates.siteID
where
site_info.siteNAME = `$site_name`
AND
owner_info.ownerNAME = `$owner_name`
AND
company_info.companyNAME = `$company_name`
AND
subcontractor_info.subcontractorNAME = `$Subcontractor_name`
");
?>
<table width="30%" >
<tr>
<td>Site Name</td>
<td>Owner Name</td>
<td>Company Name</td>
<td>Subcontractor Name</td>
</tr>
<tr>
<td><?php echo $site_name ; ?></td>
<td><?php echo $owner_name ; ?></td>
<td><?php echo $company_name ; ?></td>
<td><?php echo $Subcontractor_name ; ?></td>
<td><?php echo $site_id ; ?></td>
<td><?php echo $equipment_type ; ?></td>
<td><?php echo $lat ; ?></td>
<td><?php echo $long ; ?></td>
<td><?php echo $height ; ?></td>
<td><?php echo $owner_contact ; ?></td>
<td><?php echo $sub_contact ; ?></td>
<td><?php echo $sub_company ; ?></td>
</tr>
</table>
<?php } ?>
The second part of code is for retrieve data from database and includes it in the dropdown list.
I will appreciate any help.

You can get rid of the "Array to string conversion" error quite easy.
In these lines, you are creating arrays:
$site_id = ['siteID'];
$equipment_type = ['equipmentTYPE'];
$lat=['latitude'];
...
$sub_company = ['subcontractorCOMPANY'];
...which you later are trying to echo. You simply can't echo arrays.
Just change the above to be strings instead:
$site_id = 'siteID';
$equipment_type = 'equipmentTYPE';
$lat = 'latitude';
...
$sub_company = 'subcontractorCOMPANY';
Note: As others already pointed out, your code is wide open to SQL Injections. You should really escape your data, before using it in any queries.

<table border="1">
<tr>
<th>Firstname</th>
<th>Lastname</th>
<th>Points</th>
</tr>
<?php
global $wpdb;
$result = $wpdb->get_results ( "SELECT * FROM myTable" );
foreach ( $result as $print ) {
?>
<tr>
<td><?php echo $print->firstname;?></td>
</tr>
<?php }

How to create dynamic links for the dynamic posts in MySQL and PHP

I'll try to explain the problem straight away. I have one HTML form which takes input just like a comment form and it saves the xyz data into a MySQL database using PHP. Now, what I want is to create and display links for those comments on a page.
I mean the comments which have been saved including the user's email and name, should be opened by clicking a link.
I don't want to display all the details on a single page from the database for all the users. There should be a page on which links are shown, when a user click a link, the full post should be displayed in next page.
There is not something which I know about this process. Please help me out.

// $rows = set of result from your database query
foreach($rows as $row){
echo '<a'
. ' href="my_link_to_display_comment?id='.$row['id'].'">'
. 'Comment from '.$row['user_name']
. '</a>';
}

First a page to display all the links like the below example -
$result = mysql_query("SELECT * FROM calendar WHERE sort_month='11'");
while($row = mysql_fetch_array($result))
{echo
"".$row['event_name'].""
;}
and then in event.php(the next page after clicking link)
$id = $_GET['id'];
$sql = "select * from calendar where id = $id";
$result = mysql_query($sql, $con);
if ($result){
$row = mysql_fetch_row($result);
$title = $row[12];
$content = $row[7];} ?>
<?php echo $title ?>
<?php echo $content ?>

If you want to show details of a single user just do this.
You can make a search box by using a form.
eg. like if I want to display a details of a student, I will search him by using his roll number and run these queries.
<?php //to search student
require_once './secure.inc.php';
$status = 0;
if(isset($_POST['submit'])){
$roll_number = $_POST['roll_number'];
$query = "select * from students where roll_number=$role_number";
require_once '../includes/db.inc.php';
$result = mysql_query($query);
if(mysql_num_rows($result)==1){
$status = 1;
$row = mysql_fetch_assoc($result); //mysql_fetch_array - both numeric and key index
}else{
$status=2;
}
}
?>
//to display
<?php } else if($status==1) { ?>
<table>
<tbody>
<tr>
<td>Roll Number : </td>
<td><?php echo $row['roll_number']; ?></td>
</tr>
<tr>
<td>Name : </td>
<td><?php echo $row['name']; ?></td>
</tr>
<tr>
<td>Gender : </td>
<td><?php echo $row['gender']; ?></td>
</tr>
<tr>
<td>Email : </td>
<td><?php echo $row['email']; ?></td>
</tr>
<tr>
<td>Mobile Number : </td>
<td><?php echo $row['mobile_number']; ?></td>
</tr>
<tr>
<td>Course : </td>
<td><?php echo $row['course']; ?></td>
</tr>
</tbody>
</table>
<?php } ?>

how can use two select option on php search

My code is working right but i have a problem , i can search by the first select option only and the second select option didn't work, the first select option ($_REQUEST["area"]<>'')" and "
($_REQUEST["area"]<>'') is working good but i can fetch only by the
firs select option i write it and else give me error and when change
those i have the same problem, so i want to using two select option to
filter my search.
<?php
if ($_REQUEST["string"]<>'') {
$search_string = " AND (name LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%' OR
specialization LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%' OR
address LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%' OR
telephone LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%' OR
time LIKE '%".mysql_real_escape_string($_REQUEST["string"])."%'
)";
}
if ($_REQUEST["area"]<>'') {
$search_area = " AND location_id='".mysql_real_escape_string($_REQUEST["area"])."'";
}
if ($_REQUEST["category"]<>'') {
$search_category = " AND cate_id='".mysql_real_escape_string($_REQUEST["category"])."'";
}
else {
$sql = "SELECT * FROM informations WHERE id>0".$search_string.$search_area.$search_category;
}
$sql_result = mysql_query ($sql) or die ('request "Could not execute SQL query" '.$sql);
if (mysql_num_rows($sql_result)>0) {
while ($row = mysql_fetch_assoc($sql_result)) {
?>
<tr>
<td><?php $sel_cate2 = "SELECT title FROM categories where id = ".$row['cate_id']." ";
$done_cate2 = mysql_query($sel_cate2);
$get2 = mysql_fetch_array($done_cate2);
echo $get2["title"]; ?></td>
<td><?php $sel_cate2 = "SELECT location FROM locations where id = ".$row['location_id']." ";
$done_cate2 = mysql_query($sel_cate2);
$get2 = mysql_fetch_array($done_cate2);
echo $get2["location"]; ?></td>
<td><?php echo $row["name"]; ?></td>
<td><?php echo $row["specialization"]; ?></td>
<td><?php echo $row["address"]; ?></td>
<td><?php echo $row["telephone"]; ?></td>
<td><?php echo $row["time"]; ?></td>
</tr>
<?php
}
} else {
?>
<tr><td colspan="5">No results found.</td>
<?php
}
?>
</table>

Categories