I have been batting this around for a while and can not get the variables working for a search. Can connect fine and return results defined as a proper mssql_query and also am fine order by on variables etc but trying to get a text search implemented is not returning results not sure why.
<?php
$link = mssql_connect('SERV13\\RALSQL12', 'RA4joomla', 'Fenestron1');
if (!$link || !mssql_select_db('RALNHV', $link)) {
die('Unable to connect or select database!');
}else{
echo"";
}
if(isset($_REQUEST['submit'])){
$firstname=$_POST['FirstName'];
$surname=$_POST['Surname'];
$query = 'SELECT * FROM lEmployee WHERE FirstName LIKE '%".$firstname."%' OR Surname LIKE '%".$surname."%'';
$q=mssql_query($sql);
}
else{
$query = 'SELECT * FROM lEmployee';
$q = mssql_query($query);
}
?>
<form method="post">
<table width="200" border="1">
<tr>
<td>Name</td>
<td><input type="text" name="firstname" value="<?php echo $firstname;?>" /></td>
<td>Email</td>
<td><input type="text" name="surname" value="<?php echo $surname;?>" /></td>
<td><input type="submit" name="submit" value=" Find " /></td>
</tr>
</table>
</form>
<?php
// Check if there were any records
echo "<table class='table'>";
echo "<tr>";
echo "<th><a href='?orderBy=FirstName'>FirstName</a></th><th><a href='?orderBy=Surname'>Surname</a></th><th><a href='?orderBy=EmployeeNo'>Trigram</a></th><th>Office Phone</th><th>Mobile</th><th><a href='?orderBy=EmployeeJobTitle'>Job Title</a></th><th><a href='?orderBy=Name'>Base</a></th>";
echo "</tr>";
while ($row = mssql_fetch_array($query)) {
echo "<tr>";
echo "<td>" . '' . iconv("CP1252", "UTF-8", $row['FirstName']) . '' . "</td>";
echo "<td>" . '' . iconv("CP1252", "UTF-8", $row['Surname']) . '' . "</td>";
echo "<td>" . '' . $row['EmployeeNo'] . '' . "</td>";
echo "<td>" . '' . $row['Phone'] . '' . "</td>";
echo "<td>" . '' . $row['Mobile'] . '' . "</td>";
echo "<td>" . '' . $row['EmployeeJobTitle'] . '' . "</td>";
echo "<td>" . '' . $row['Name'] . '' . "</td>";
echo "</tr>";
}
echo "</table>";
?>
I am 100% agree with nickL you have some formating issue in your query try to replace your search query by this:
$firstname=$_POST['firstname'];
$surname=$_POST['surname'];
$query = "SELECT * FROM lEmployee WHERE FirstName LIKE '%".$firstname."%' OR Surname LIKE '%".$surname."%'";
$q=mssql_query($sql);
php is a case sensitive language your post variables name are wrong replace the code and try again, if not succeeded try echo $query and run it in query browser in sql server.
hope this will fix the issue.
Related
I cannot seem to get the value from my dropdown box which is using JQuery linked up to my database, into an SQL statement?
Where is the error?
Thanks
Here is my PHP:
<form action="" method="post">
<p class="timetable-p">Room code:
<select id="combobox" name="combobox">
<form action="" method="post"><?php
echo '<option class="option">Type/Select a room</option>';
while ($row = $res->fetchRow()) {
$code = $row['roomcode'];
$titles[] = $row['park'];
echo '<option class="option" name="codedrop">'.$code.'</option>';
}
?>
<input type="submit" value="subm" name="subm">
</form>
<?php
if( isset( $_POST['subm'] ) )
{
$codedropOption= $_POST['codedrop'];
$resql = "SELECT * FROM 'ROOMS' WHERE 'roomCode' LIKE '$codedrop%'";
$res1 = mysql_query($resql);
echo "<table>";
while($row = mysql_fetch_array($res1)){
echo "<tr><td>" . $row['roomCode'] . "</td>";
echo "<td>" . $row['Style'] . "</td><td>" . $row['dataProjector'] . "</td>";
echo "<td>" . $row['Whiteboard'] . "</td><td>" . $row['OHP'] . "</td>";
echo "<td>" . $row['wheelchairAccess'] . "</td>";
echo "<td>" . $row['lectureCapture'] . "</td>";
echo "<td><input type='radio' name='radioSelect' value= '". $row['roomCode']."'></td>";
}
echo "</table>";
}
?>
</form>
1) Remove name="codedrop" from <option> Like
echo '<option class="option">'.$code.'</option>';
N.B.: Only <select> bears the name attribute, not <option>.
2) Remove first <form>, it's of no use. And even, nested <form> are not allowed.
3) Change
$codedropOption= $_POST['codedrop'];
To
$codedropOption= $_POST['combobox'];
to not get
Undefined index: codedrop
4) Change
$resql = "SELECT * FROM 'ROOMS' WHERE 'roomCode' LIKE '$codedrop%'";
To
$resql = "SELECT * FROM ROOMS WHERE roomCode LIKE '$codedrop%'";
Use backtick in place of single quotes '.
5) Change
$resql = "SELECT * FROM 'ROOMS' WHERE 'roomCode' LIKE '$codedrop%'";
To
$resql = "SELECT * FROM ROOMS WHERE roomCode LIKE '$codedropOption%'";
Updated Code
<form action="" method="post">
<p class="timetable-p">Room code:
<select id="combobox" name="combobox">
<?php
echo '<option class="option">Type/Select a room</option>';
while ($row = $res->fetchRow()) {
$code = $row['roomcode'];
$titles[] = $row['park'];
echo '<option class="option">'.$code.'</option>';
}?>
</select>
<input type="submit" value="subm" name="subm">
</form>
<?php
if( isset( $_POST['subm'] ) )
{
$codedropOption= $_POST['combobox'];
$resql = "SELECT * FROM ROOMS WHERE roomCode LIKE '$codedropOption%'";
$res1 = mysql_query($resql);
echo "<table>";
while($row = mysql_fetch_array($res1)){
echo "<tr><td>" . $row['roomCode'] . "</td>";
echo "<td>" . $row['Style'] . "</td><td>" . $row['dataProjector'] . "</td>";
echo "<td>" . $row['Whiteboard'] . "</td><td>" . $row['OHP'] . "</td>";
echo "<td>" . $row['wheelchairAccess'] . "</td>";
echo "<td>" . $row['lectureCapture'] . "</td>";
echo "<td><input type='radio' name='radioSelect' value= '". $row['roomCode']."'></td>";
}
echo "</table>";
}
?>
I am using simple code to retrieve data from database table but not getting result it always shows "No Result found".
Table Structure
rollno Varchar(50) Primary Key,
name Varchar(100),
fname Varchar(100),
mname Varchar(100),
course Varchar(100),
duration Varchar(100),
address Varchar(100),
image blob.
HTML FORM CODE
<form name="input" action="q.php" target="display" method="post" >
Roll No: <input type="text" name="name">
<input type="submit" name="submit" value="Submit">
</form>
PHP CODE
<?php
if (isset($_POST['name'])) {
$con=mysqli_connect("mysql.1freehosting.com","u890130056_certi","samsungk2","u890130056_certi");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$name = htmlspecialchars($_POST['rollno']);
{
$result = mysqli_query($con,"SELECT * FROM certificate where rollno ='$name'");
if(mysqli_num_rows($result)>0){
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['rollno'] . "</td>";
echo "<td>" . $row['course'] . "</td>";
echo "<td>" . $row['duration'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['fname'] . "</td>";
echo "<td>" . $row['mname'] . "</td>";
echo "<td>" . $row['address'] . "</td>";
echo "<td>";?><img src="<?php echo $row["image"]; ?> " height="100" width="100"> <?php echo "</td>";
echo "</tr>";
}
}
else
{
echo "<tr><td colspan='4'> No Data Found , Please check your registration no. or contact the institute for clarification. ".$line.'</td></tr>';
}
mysqli_close($con);
}}
?>
name = htmlspecialchars($_POST['rollno']);
where are you getting this 'rollno??
i dont get why are you saving the result by posting['rollno'] because the name of your feild is 'name'.
change this line
$name = htmlspecialchars($_POST['rollno']);
to
$name = htmlspecialchars($_POST['name']);
I am trying to send the same email only to selected users. I am printing values from table and want to select specific users to send an email.
<form name="unos" action="mail-proizvodi.php" method="post">
<?
echo "<table border='5'>
<tr>
<th> </th>
<th>ID</th>
<th>NAZIV</th>
<th>ADRESA</th>
<th>DRZAVA</th>
<th>GRAD</th>
<th>EMAIL</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo '<td><input type="checkbox" name="email[]" value="' . $row['ID'] . '"></td>';
echo "<td>" . $row['ID'] . "</td>";
echo "<td>" . $row['NAZIV'] . "</td>";
echo "<td>" . $row['ADRESA'] . "</td>";
echo "<td>" . $row['DRZAVA'] . "</td>";
echo "<td>" . $row['GRAD'] . "</td>";
echo "<td>" . $row['EMAIL'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
<input type="submit" name="submit" value="submit">
</form>
my mail-proizvodi.php code
$mail=$_POST['email'];
echo "Dzenad catic";
$query= "SELECT `EMAIL` FROM `clanovi` WHERE ID='$mail[0]'";
if(sizeof($mail)>1)
{
for($i=1; $i<sizeof($mail); $i++)
{
$query.=" OR ID = '$mail[$i]' ";
}
}
$result=mysqli_query($con,$query);
while(FALSE!==($row=mysqli_fetch_row($result))) {
$bccfields[] = $row['EMAIL'];
}
echo sprintf("<a href=mailto:test#test.ba?bcc=%s />\n",
urlencode(implode(',',$bccfields)));
echo "Send" ;
Post I am receiving is an array. And when I do var_dump($mail) I get
array
0 => string '20' (length=2)
1 => string '30' (length=2)
Any help or advice is appreciated. Thanks in advance.
I am posting solution for the problem I had in case someone else face similar mistake.
$mail=$_POST['email'];
$query= "SELECT `EMAIL` FROM `clanovi` WHERE ID ='$mail[0]'";
if(sizeof($mail)>1)
{
for($i=1; $i<sizeof($mail); $i++)
{
$query.=" OR ID = '$mail[$i]' ";
}
}
$result=mysql_query($query);
if (!$result) {
echo "Could not successfully run query ($query) from DB: " . mysql_error();
exit;
}
if (mysql_num_rows($result) == 0) {
echo "No rows found, nothing to print so am exiting";
exit;
}
while(FALSE!==($row=mysql_fetch_assoc($result))) {
$bccfields[] = $row['EMAIL'];
}
echo sprintf("<a href=mailto:prodaja#alternativa.ba?bcc=%s />\n",
urlencode(implode(',',$bccfields)));
echo "Send" ;
mysql_free_result($result);
I am trying to filter my results using a series of dropdown boxes which are populated from other tables within the database, except for a primary option which is returned from the form as *
Currently the form submits the data as expected, but no results are returned. I suspect it is because the query is searching for * in the respective columns.
So the question is, can an asterisk be used as a wildcard in a WHERE statement?
And if not, how would I go about this instead?
offending code is included, i understand that using a $variable in a query is bad practice, but at this stage i'm searching for a functional solution, rather than production code.
cheers.
echo " <form method=\"post\" action=\"$self\">
<table>
<tr>
<th>ID</th>
<th>REGISTER</th>
<th>LOCATION</th>
<th>TYPE</th>
<th>CAPACITY</th>
<th>LENGTH</th>
<th>QTY</th>
<th>SERIAL#</th>
<th>CERT#</th>
<th>LAST INSPECTION</th>
<th>BY</th>
<th>DATE IN</th>
<th>DATE OUT</th>
<th>STATUS</th>
<th>NOTES</th>
</tr>";
?>
<!-- START OF FILTER ROW -->
<tr>
<td></td>
<td> <select name="register" id="register">
<option value="*">---</option>
<?php
$sql = "SELECT * FROM valid_registers";
foreach ($dbh->query($sql) as $row)
{
echo "<option value\"" . $row['register'] . "\">" . $row['register'] . "</option>";
}
?>
</select></td>
<td> <select name="location" id="location">
<option value="*">---</option>
<?php
$sql = "SELECT * FROM valid_locations";
foreach ($dbh->query($sql) as $row)
{
echo "<option value\"" . $row['location'] . "\">" . $row['location'] . "</option>";
}
?>
</select></td>
<td> <select name="type" id="type">
<option value="*">---</option>
<?php
$sql = "SELECT * FROM valid_types";
foreach ($dbh->query($sql) as $row)
{
echo "<option value\"" . $row['type'] . "\">" . $row['type'] . "</option>";
}
?>
</select> </td>
<td><input type="radio" name="capacity" id="cap_asc" value="cap_asc">
<
<input type="radio" name="capacity" id="cap_dec" value="cap_dec">
></td>
<td><input type="radio" name="length" id="length_asc" value="length_asc">
<
<input type="radio" name="length" id="length_des" value="length_des">
></td>
<td> </td>
<td> </td>
<td> </td>
<td><input type="radio" name="lastinsp" id="lastinsp_asc" value="lastinsp_asc">
<
<input type="radio" name="lastinsp" id="lastinsp_dec" value="lastinsp_dec">
></td>
<td> </td>
<td><input type="radio" name="datein" id="datein_asc" value="datein_asc">
<
<input type="radio" name="datein" id="datein_dec" value="datein_dec">
></td>
<td><input type="radio" name="dateout" id="dateout_asc" value="dateout_asc">
<
<input type="radio" name="dateout" id="dateout_dec" value="dateout_dec">
></td>
<td> <select name="status" id="status">
<option value="*">---</option>
<?php
$sql = "SELECT * FROM valid_status";
foreach ($dbh->query($sql) as $row)
{
echo "<option value\"" . $row['status'] . "\">" . $row['status'] . "</option>";
}
?>
</select> </td>
<td> </td>
<td><input type="submit" name="submit_filter" id="submit_filter" value="Filter"></td>
</tr>
<!--END OF FILTER ROW -->
<?
//get data from the db
if(isset($_POST['submit_filter'])) {
//fetch filter options
$register = $_POST['register'];
$location = $_POST['location'];
$type = $_POST['type'];
$status = $_POST['status'];
//prepare and execute the query
$sql = "SELECT * FROM register WHERE register=$reigster AND location=$location AND type=$type AND status=$status ";
}
else { $sql = "SELECT * FROM register"; }
foreach ($dbh->query($sql) as $row)
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['register'] . "</td>";
echo "<td>" . $row['location'] . "</td>";
echo "<td>" . $row['type'] . "</td>";
echo "<td>" . $row['capacity'] . "</td>";
echo "<td>" . $row['length'] . "</td>";
echo "<td>" . $row['qty'] . "</td>";
echo "<td>" . $row['serial'] . "</td>";
echo "<td>" . $row['cert'] . "</td>";
echo "<td>" . $row['lastinsp'] . "</td>";
echo "<td>" . $row['inspby'] . "</td>";
echo "<td>" . $row['datein'] . "</td>";
echo "<td>" . $row['dateout'] . "</td>";
echo "<td>" . $row['status'] . "</td>";
echo "<td>" . $row['notes'] . "</td>";
echo "<td><a href='" . $self . "?edit=" . $row['id'] . "'>Edit</a></td>";
//echo "<td><input type=\"submit\" name=\"edit\" id=\"edit\" value=\"Edit\" /></td>";
echo "<td><a href='" . $self . "?delete=" . $row['id'] . "'>Delete</a></td>";
//echo "<td><input type=\"submit\" name=\"delete\" id=\"delete\" value=\"Delete\" /></td>";
echo "</tr>";
}
echo "</table></form>";
}
No, the * is really only valid in the columns you select, not in the where clause.
The usual way to do this is to catch the * from the form and use that to modify the actual SQL statement by removing that part of the where clause altogether, something like (pseudo-code):
if param['userid'] == '*':
query = 'select name from users'
else:
query = 'select name from users where id = ?'
Although I have seen cases where parameterised queries needed a consistent number of parameters regardless of wild-carding (in some BIRT reports I've looked at where the query is modified dynamically but the parameter count is harder to change), so you would get something like:
if param['userid'] == '*':
query = 'select name from users where (id = ? or 1 = 1)'
else:
query = 'select name from users where id = ?'
That's a bit of a kludge but it's sometimes used to ease the developers workload. I'd rather do it the first way where possible.
To do that for multiple conditions, you can do something like:
joiner = " where "
query = "select something from mytable"
if param['userid'] != '*':
query = query + joiner + "user_id = '" + param['id'] + "'"
joiner = " and "
if param['age'] != '*':
query = query + joiner + "user_age = " + param['age']
joiner = " and "
if param['gender'] != '*':
query = query + joiner + "user_sex = '" + param['gender'] + "'"
joiner = " and "
keeping in mind that, unless you have already sanitised your param[] array values, you risk SQL injection attacks). I leave out the solution for that since it's irrelevant to the question at hand.
I am having problem in getting values from db. Iam new in php
I am using checkboxes to get values from database. Only checked values should be printed.
<form method="POST" action="gradoviexport.php" id="searchform">
<div id="GRADOVI BIH">
<h3>GRADOVI BOSNE I HERCEGOVINE</h3><hr/>
<input type="checkbox" name="gradovi[]" value="sarajevo"> Sarajevo
<input type="checkbox" name="gradovi[]" value="banovici"> Banovići
<input type="checkbox" name="gradovi[]" value="banjaluka"> Banja Luka
<input type="checkbox" name="gradovi[]" value="bihac"> Bihać
<input type="checkbox" name="gradovi[]" value="bileca"> Bileća
</div>
<div id="snimi">
<input type="submit" name="submit" value="EXPORT">
</div>
</form>
If Sarajevo is checked I want to print values from database. It does not have to be only one value checked If all values are checked it should print all values.
$con=mysqli_connect("$host","$username","$password", "$database");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//connecting to db
$variable=$_POST['grad'];
foreach ($variable as $variablename)
{
$sql_select="SELECT * FROM `clanovi` WHERE `GRAD` = $variablename " ;
$queryRes = mysql_query($sql_select);
print"$sql_select";
}
echo "<table border='5'>
<tr>
<th>IME</th>
<th>PREZIME</th>
<th>FIRMA</th>
<th>ADRESA</th>
<th>TELEFON</th>
<th>FAX</th>
<th>MOBITEL</th>
<th>EMAIL </th>
<th>WEB_STRANICA </th>
<th>GRAD </th>
<th>KATEGORIJA </th>
</tr>";
while($row = mysqli_fetch_array($queryRes))
{
echo "<tr>";
echo "<td>" . $row['IME'] . "</td>";
echo "<td>" . $row['PREZIME'] . "</td>";
echo "<td>" . $row['FIRMA'] . "</td>";
echo "<td>" . $row['ADRESA'] . "</td>";
echo "<td>" . $row['TELEFON'] . "</td>";
echo "<td>" . $row['FAX'] . "</td>";
echo "<td>" . $row['MOBITEL'] . "</td>";
echo "<td>" . $row['EMAIL'] . "</td>";
echo "<td>" . $row['WEB_STRANICA'] . "</td>";
echo "<td>" . $row['GRAD'] . "</td>";
echo "<td>" . $row['KATEGORIJA'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
Assume you posted gradovi[] array values to submitted page.
Submit page:
$grad = array();
$grad = $_POST['gradovi']; //get array value
$grad = implode(',',$grad); //convert it into comma separated string
//Insert it into data base
Getting from database:
//fetch the gradovi field from the db like below
echo $row['gradovi']; // print all values
or
$grad = explode(',',$row['gradovi']);
foreach($grad as $check) {
echo $check; //print one by one
}
There is few errors in your code.
There is no escaping of the string from POST data. Use mysqli_real_escape_string
There is an error in your while loop. You redefining mysql query result.
Fixed code:
//connecting to db
$variable=$_POST['grad'];
foreach($variable as $key => $val) {
$variable[$key] = mysql_escape_string($val);
}
$sql_select="SELECT * FROM `clanovi` WHERE `GRAD` IN ('" . implode("','", $variable) . "')" ;
$queryRes = mysql_query($sql_select);
print"$sql_select";