how to insert a php variable in a sql query? - php

now i have two drop down lists, one is for name and the other is time. I want when the user clicks on the desired name in the first dropdown box, the time displayed in the second drop box should belong to the name choosed in the first dropdown box.
$con=mysqli_connect("localhost","root","123","fyp");
$query1 = mysqli_query($con,"SELECT fname FROM lecturer");
echo "Select lecturer:<select name= 'fname'>";
$name = 'fname';
$name = mysql_real_escape_string($name);
while($row=mysqli_fetch_array($query1))
{
echo "<option value='". $row['fname']."'>".$row['fname']. '</option>';
}
echo '</select>';
$con=mysqli_connect("localhost","root","123","fyp");
$query3 = mysqli_query($con,"SELECT stime FROM studbooking WHERE lecname is '$name'");
echo "Select Booking time:<select name= 'stime'>";
while($row=mysqli_fetch_array($query3))
{
echo "<option value='". $row['stime']."'>".$row['stime']. '</option>';
}
echo '</select>';
how to use php variables in sql query?


You can use mysqli->bind_param for this.
mysqli::bind_param
Example
$statement = $mysqli->prepare("SELECT stime FROM studbooking WHERE lecname=?");
$statement->bind_param('s', $name);
$statement->execute();
$result = $statement->get_result();
while ($row = $result->fetch_assoc()) {
print_r($row);
}


Change:
$name = mysql_real_escape_string($name);
to:
$name = mysqli_real_escape_string($con, $name);
You can't use mysql functions with a mysqli connection, and vice versa.

Related

PDO subquery using variable within a loop

I am trying to write a query within a While loop using a dynamic variable but can't seem to get it working correctly. I am new to PDO so I'm not 100% if this is even the correct way to go about doing this. The connection to the database ($db) works fine, and the query runs fine without the second $STH2 lines. Please help :)
<?php
//This will list player info so the user can get the correct player ID
$STH = $db->query('SELECT id, name, tag from wdlTeams');
//Setting the fetch mode
$STH->setFetchMode(PDO::FETCH_ASSOC);
//Create listbox object and populates options with team names
echo "<select name='teamID'>";
while($row = $STH->fetch()) {
$id = $row['id'];
$name = $row['name'];
$tag = $row['tag'];
$seasonId = $row['seasonId'];
$STH2 = $db->prepare('SELECT name from wdlSeasons where id=$seasonId');
$STH2->execute();
$seasonName = $STH2->fetchColumn();
echo "<option value='$id'>$tag - $name ($seasonName)</option>";
echo "<br />";
}
echo "</select>";
?>
I have also tried changing to
$STH2 = $db->prepare("SELECT 'name' from 'wdlSeasons' where id='$seasonId'");
but with no luck

Try this:
$STH2 = $db->prepare('SELECT name from wdlSeasons where id=:id');
$STH2->bindParam(':id', $seasonId);
$STH2->execute();

Why is my drop down list not populating with the table data?

WHy is my drop down list not populating with the table data? (dropdown box is empty)
And what is used to display data upon selection of an item in that drop down - is it a "VIEW" (please do provide a study link so I can learn)
My Code
<?php
$con=mysqli_connect("localhost","root","","ismat_db");
//check connection
if(mysqli_errno($con))
{
echo "Can't Connect to mySQL:".mysqli_connect_error();
}
else
{
echo "Connected to mySQL</br>";
}
//$query = 'SELECT FirstName FROM persons';
//$result = mysqli_query($con,$query);
$query = mysqli_query($con,"SELECT 'FirstName' FROM persons");
//print_r($query);
//echo '<select name="FirstName">';
echo "<select name= 'FirstName'>";
//while($row=mysqli_fetch_array($result))
while($row=mysqli_fetch_array($query))
{
echo $row;
//echo "<option value='".$row['FirstName']."'>".'</option>';
}
echo '</select>';
?>

You had 2 errors:
I pointed the first in the comment: to print an option you must use this code:
echo "<option value='". $row['FirstName']."'>".$row['FirstName']
. '</option>';
The second is in your SQL: you are not selecting the FirstName field from the database, but a string 'FirstName' instead. That's why it is printed twice as you said. Use this SQL to get the field:
$query = mysqli_query($con,"SELECT FirstName FROM persons");
Also usually people put an id of the record and not a field, that may have possible duplicates into the value of an <option>. So, I would have used:
echo "<option value='". $row['id']."'>".$row['FirstName']
. '</option>';
selecting the id from the database together with first name.

Try this:
echo "<option value='".$row['FirstName']."'>".$row['FirstName']."</option>";
Also seems that you are having an issue with the database query. Swap your while loop with the following and see if it works
if ($result = $mysqli->query($query)) {
while ($row = $result->fetch_assoc()) {
echo "<option value='".$row['FirstName']."'>".$row['FirstName']."</option>";
}
$result->free();
}

Select field and retrieve corresponding id

I'm searching a way to retrieve an ID corresponding to a 'select' without execute any other query when I select an item from Database:
I use the select item in a form.
Here is the way I select some names from a table from Database:
$sql = "SELECT ID, Name,Surname FROM Table;";
$result = mysql_query($sql);
if(!$result) die ('Unable to run query:'.mysql_error());
$la = "<SELECT name='names'>";
$la .= "<OPTION selected='selected' disabled='disabled' >Choose a name</OPTION>";
while(list($id, $name) = mysql_fetch_row($result)) {
$selectnames .= "<OPTION >$name</OPTION>";
}
$selectnames .= "</SELECT>";
I want to know the ID corresponding to the '$selectnames' I select from a form,
Thanks!

You need to set the value of the option to $id:
while(list($id, $name) = mysql_fetch_row($result)) {
$selectnames .= "<OPTION value='$id'>$name</OPTION>";
}
And then when the form is posted you can check $_POST['names'] to get the ID. As you might have noticed, if you don't specify the value then $_POST['name'] will contain the $name value rather than the $id value.

how to insert an hidden field value along side with a checkbox in to the database

i am new here but i have a problem in inserting the id and the value of the checkboxes into my database here is the code of the form:
<?php
include('db.php');
$sql = "select * from sheet1 order by course_level asc";
$r = mysqli_query($dbc,$sql) or die(mysqli_error($dbc));
$co = '';
while($row = mysqli_fetch_array($r)) {
$co .= '<tr><td>'.$row['course_level'].'</td><td><input name="courses[]"
type= "checkbox" value = "'.$row['course_code'].'">'.$row['course_code'].'
</td> <td>'.$row['course_title'].'</td><td>'.$row['course_lecturer'].'
</td><input type=hidden name=cid[] value="'.$row['cid'].'">
</tr>';
}
?>
And this is the action code:
<?php
include('db.php');
if(isset($_POST['courses']))
echo 'lie';
else
echo 'true';
foreach($_POST['courses'] as $row=>$id){
$courses=$id;
$cid = $_POST['cid'][$row];
$sql = "insert into selected_courses values ('','$courses','$cid')";
$r = mysqli_query($dbc,$sql);
}
if($r)
echo 'done';
?>
thanks a lot.

You have several problems here, the main one being you are attempting to store two different reference values to the same row (course_code and cid) in your selected_courses table. You should really only store the primary key (cid?).
I'd suggest dropping the course_code column from your selected_courses table, remove the hidden input and structure your checkbox like this
<input type="checkbox"
name="courses[]"
value="<?php echo htmlspecialchars($row['cid']) ?>">
Then your INSERT query simply becomes
// Forget mysqli, move to PDO
$stmt = $dbc->prepare('INSERT INTO selected_courses (cid) VALUES (?)');
$stmt->bindParam(1, $cid);
foreach ($_POST['courses'] as $cid) {
$stmt->execute();
}

Display only queried ID+row PHP/MySQL

I have my data stored in a MySQL table, which includes an auto_increment ID number (unique) for each new row.
I'd like users to be able to get a certain ID number, using the $_GET function.
eg. User loads http://mysite.com/id.php?id=123
Page displays ID number 123 along with the row.
echo $row['id'];
echo "<table>";
echo "<tr> <th>Unit</th> <th>Message</th> <th>Date</th> </tr>";
while($row = mysql_fetch_array( $result )) {
echo "<tr><td>";
echo $row['title'];
echo "</td><td>";
echo $row['description'];
echo "</td><td>";
echo $row['pubDate'];
echo "</td></tr>";
}
echo "</table>";
echo "</center>";
I'm stuck as to where I put the $_GET bit.
Thanks :)

You should append it to your query (using intval to avoid SQL injection) like this:
// use the id in your WHERE clause, convert it to an integer to avoid sql injections
$query = 'SELECT fields FROM table WHERE id = ' . intval($_GET['id']);
$result = mysql_query($query);
$row = mysql_fetch_row($result);
... do stuff with $row ...

Firstly, your code does not make much sense, since you use $row before it was defined.
Secondly, $result isn't defined at all, and it should be, for example like this:
$id = intval($_GET['id']);
$result = mysql_query("SELECT FROM table WHERE id = '$id'");
And now you know how and where to use $_GET['id'].

Dont waste your time doing the comparison afterwards, you'll save yourself alot of time by adding it to the original query
$id = intval($_GET['id']);
$query = "SELECT whatever FROM table WHERE id=$id";

$id = $_GET['id'];
$id = mysql_real_escape_string($id);
$query = "SELECT * FROM `Table` WHERE `id`='" . $id . "'";
$res = mysql_query ($query);
$exist = mysql_num_rows($res);
if ($exist) {
$row = mysqlfetch_assoc($res);
...
}

Categories