how can I get the selected database into second page, And insert into another table.
Here is my first page :
<?php
session_start();
$result = mysqli_query($con,"SELECT * FROM qwerty
WHERE ID LIKE '$id' ");
while($row = mysqli_fetch_array($result))
{
echo "Name:" . $row['Fname'] . " " . $row['Lname'];
}
$_SESSION['fname']=$row['Fname'];
$_SESSION['lname']=$row['Lname'];
?>
Here is my second page:
<?php
session_start();
$sql="INSERT INTO login (Fname, Lname)
VALUES
('{$_SESSION['fname']}','{$_SESSION['lname']}')";
$sql="INSERT INTO login set
Fname='".$_SESSION['fname']."',
Lname='".$_SESSION['lname']."'";
Please look and try the following:
session_start();
$firstName = $_SESSION['fname'];
$lastName = $_SESSION['lname'];
$sql="INSERT INTO `login` (Fname, Lname) VALUES ('$firstName','$lastName')";
Also ensure that when you populate the sessions
while($row = mysqli_fetch_array($result))
{
echo "Name:" . $row['Fname'] . " " . $row['Lname'];
}
$_SESSION['fname']=$row['Fname']; //CHECK
$_SESSION['lname']=$row['Lname'];
that there are data assigned. Maybe add it in the loop. If you are looking for the last record it will be assinged anyway:
while($row = mysqli_fetch_array($result))
{
echo "Name:" . $row['Fname'] . " " . $row['Lname'];
$_SESSION['fname']=$row['Fname']; //CHECK
$_SESSION['lname']=$row['Lname'];
}
Related
if ($db_found) {
$result = mysql_query("SELECT *,
CAST(AES_DECRYPT(jmeno, 'usa2010') AS CHAR(50)) name,
CAST(AES_DECRYPT(prijmeni, 'usa2010') AS CHAR(50)) lastname,
FROM pacienti WHERE id='13'");
while ($row = mysql_fetch_array($result)) {
$together = $row['name'] . " " . $row['lastname'];
}
echo $together;
}
Variable $together is null, but should contain data from table.
screenshot of table output after sql request above
Try to write echo in loop
while ($row = mysql_fetch_array($result))
{
echo $together = $row['name'] . " " . $row['lastname'];
}
I have php generated table that displays data as follow;
ID Name
1 xxxx
2 xxxx
I would like to be able to click on ID number and display information associated with the ID on separate page
Ive got so far:
table.php
include("connection.php");
$con=mysql_select_db('fm', $con);
$query = "SELECT * FROM table ;
$result = mysql_query($query);
echo "<table>
<tr>
<th>ID</th>
<th>Location</th>
</tr>";
while($row = mysql_fetch_array($result)){
echo "<tr><td><a href='send.php?=" . $row['id'] . "'>" . $row['id'] . "</a></td><td>" . $row['location'] . "</td></tr>";
}
echo "</table>";
mysql_close();
?>
info.php
include ("connection.php");
$con=mysql_select_db('fm', $con);
$id=$_GET['id'];
$query = "SELECT * FROM table WHERE id=". $id;
$result = mysql_query($query) or die (mysql_error());
echo "<table>
<tr>
<th>ID</th>
<th>Property</th>
<th>Location</th>
<tr>";
while($row = mysql_fetch_array($result)){
echo "<tr><td>" . $row['id'] . "</td><td>" . $row['property'] . "</td></td>" . $row['location'] . "</td></tr>";
var_dump($row);
}
echo "</table>";
$result = mysql_query($sql);
mysql_close($con);
Any input will be appreciated
you have got a mistake here :
echo "<tr><td><a href='info.php?id=" . $row['id'] . "</td><td>" . $row['location'] . "</td></tr>";
you need to end the <a> element like this:
echo "<tr><td><a href='info.php?id=".$row['id']."'>".$row['id']."</a></td><td>" . $row['location'] . "</td></tr>";
Also you should use IF statement in the info.php because if you access it like :
info.php // without ?id=
you will have undefined variable $id. And its vulberable to mysql injection when you dont process the variable before using it in select.
You got mistake here in info.php in this line:
$result = mysql_query($query, $con);
it should look like this :
$result = mysql_query($query);
You got it right in table.php.
I would change the echo command like this
echo "<tr><td>{$row['id']}</td><td>{$row['property']}</td></td>{$row['location']}</td></tr>";
The double quotes will take care of the values of the variables.
I have already to find many ways to try, but I cannot do the insert/update/delete.
I still find the ways, so I hope someone can help me. Thank You!
<?php
$connection = mysql_connect('localhost', 'root', '123456'); //The Blank string is the password
mysql_select_db('album');
$query = "SELECT * FROM property"; //You don't need a ; like you do in SQL
$result = mysql_query($query);
echo "All property";
echo "<table>"; // start a table tag in the HTML
while($row = mysql_fetch_array($result)){ //Creates a loop to loop through results
echo "<tr><td>" ." Update_date: ". $row['Update_date'] . "</td><td>" ." Region: " .$row['Region'] . "</td></tr>"; //$row['index'] the index here is a field name
echo "<tr><td>" ." Street: " . $row['Street'] . "</td><td>" ." Building: " . $row['Building'] . "</td></tr>";
echo "<tr><td>" ." Unit: " . $row['Unit'] . "</td><td>";
echo "<tr><td>" ." Saleable_area: " . $row['Saleable_area']."</td><td>" ." Construction_area: " . $row['Construction_area'] . "</td></tr>";
echo "<tr><td>" ." Rent: " . $row['Rent'] . "</td><td>" ." Price: $" . $row['Price'] . "</td></tr>";
echo "<tr><td>" ." Contant_person: " . $row['Contant_person'] . "</td><td>" ." Contant_Num: " . $row['Contant_Num'] . "</td></tr>";
echo "<tr><td>" ." Layout: " . $row['Layout'] . "</td><td>" ." Decoration: " . $row['Decoration'] . "</td></tr>";
echo "<tr> <td>"."<a href=\photo.php>Photo</a>"."<tD><tR>";
echo "<tr> <td>";
echo "<tr> <td>";
echo "<tr> <td>";
echo "<tr> <td>";
echo "<tr> <td>";
}
echo "</table>"; //Close the table in HTML
mysql_close(); //Make sure to close out the database connection
?>
mysql is a deprecated extension. Use mysqli or PDO instead. Here is an example of statements -
$mysqli = new mysqli("example.com", "user", "password", "database");
//insert
$mysqli->query("insert into yourtable (field_first, field_second) values ('valueFirst', 'valueSecond')");
//update
$mysqli->query("update yourtable set field_first='valueFirst' where id=2");
//delete
$mysqli->query("delete from yourtable where id = 2");
$query = "INSERT INTO property VALUES(?, ?, ?)";
$result = mysql_query($query);
Note: Do not use mysql-* functions anymore as they are deprecated, better go for mysqli or PDO.
for more references please follow http://php.net/manual/en/mysqli.query.php
INSERT:
$title=$_POST['title'] ;
$author= $_POST['author'] ;
$name=$_POST['name'] ;
$copy=$_POST['copy'] ;
mysqli_query("INSERT INTO `example`(Title,Author,PublisherName,CopyrightYear)
VALUES ('$title','$author','$name','$copy')");
DELETE :
$id =$_REQUEST['BookID'];
mysqli_query("DELETE FROM example WHERE BookID = '$id'")
UPDATE
$title_save = $_POST['title'];
$author_save = $_POST['author'];
$name_save = $_POST['name'];
$copy_save = $_POST['copy'];
mysqli_query("UPDATE example SET Title ='$title_save', Author ='$author_save',
PublisherName ='$name_save',CopyrightYear ='$copy_save' WHERE BookID = '$id'")
For Update you try...
$query = "UPDATE property SET
`field_name1`='$update_value1',
`field_name2`='$update_value2'
WHERE id=$id ";
$result = mysql_query($query);
Insert Query
$ins="INSERT INTO `your_table_name` (`field_name1`,`field_name2`) VALUES ('value1','value2')";
$exe=mysql_query($ins);
Update Query
$update="UPDATE `table_name` SET `field_name1`='val1',`field_name2`='val2' WHERE `place_your condition`";
$exe_up=mysql_query($update);
Delete Query
$delete="DELETE `tbl_name` WHERE `place_your condition`";
$exe_del=mysql_query($delete);
Basically I am using the variable $shopid to recognise which shop has been chosen. I am now trying to create a comment system to enable each shop page to be commented on. My SELECT query is recognising $shopid and enabling me to use it, when I try to use the same variable in my INSERT, it simply posts 0.
<?php
database connection
session_start();
if (isset($_SESSION['logged'])){
$s_userID = $_SESSION['userID'];
$shopid = $_GET['page_id'];
$str_shops = '';
//bring shop data
mysqli_select_db($db_server, $db_database);
$query = "SELECT * FROM shops WHERE shopID = '$shopid'";
$result = mysqli_query($db_server, $query);
if (!$result) die("Database access failed: " . mysqli_error($db_server));
while($row = mysqli_fetch_array($result)){
$str_shops .= "<div class='result'><strong>" .
$row['image1'] . "<br><br>" .
$row['name'] . "</strong><br><br>" .
$row['address'] . "<br><br>" .
$row['website'] . "<br><br>" .
$row['openinghours'] . "<br><div class='justifytext'>" .
$row['more'] . "<br><br></div><strong>What do they sell?</strong><br><br><div class='justifytext'>" .
$row['sold'] . "<br><br></div></div>";
}
//post comment
mysqli_select_db($db_server, $db_database);
$comment = $_POST['comment'];
if ($comment != '') {
$query = "INSERT INTO comments (userID,shopID,comment) VALUES ('$s_userID', '$shopid', '$comment')";
mysqli_query($db_server, $query) or
die("Insert failed: " . mysqli_error($db_server));
$commentmessage = "Thanks for your comment!";
}
mysqli_select_db($db_server, $db_database);
$query = "SELECT * FROM comments";
$result = mysqli_query($db_server, $query);
if (!$result) die("Database access failed: " . mysqli_error($db_server)); $i = 0;
while($row = mysqli_fetch_array($result)){ $i++;
$str_comments.= "<p><div id='displaycomments'>" . $row['username']. ", " .
$row['commdate'] . ": <br>" .
$row['comment'] . "</div>";
}
}
echo $str_shops;
echo $commentmessage;
echo $str_comments;
mysqli_close($db_server);
?>
Can anyone see why this isn't working? I'm not getting an error, it is simply adding 0 to the shopID column in my table.
My guess would be that your shopID column would be of INT datatype and you are passing a string to it in your insert statement, thats why 0 is being stored.Try again by removing the single quotes around $shopid, like this-
INSERT INTO comments (userID,shopID,comment) VALUES ('$s_userID', $shopid, '$comment')"
^^^^^^^ remove the single quotes
<form method="post" action="oabtest.php?go" id="searchform">
<input type="text" name="name">
<input type="submit" name="submit" value="Search">
</form>
<p>A | B | C |D |E |F |G |H |I |J |K |L |M |N |O |P |Q |R |S |T |U |V |W |X |Y |Z </p>
<p>You may also search by Patrol.</p>
<form method="post" action="oabtest.php?go" id="searchform">
<input type="text" name="patrol">
<input type="submit" name="submit" value="Search">
</form>
<?php
//Include database connection details
require_once('config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect("localhost", "*****", "*****");
if (!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db("troop97_***");
if (!$db) {
die("Unable to select database");
}
if (isset($_POST['submit'])) {
if (isset($_GET['go'])) {
if (preg_match("/[A-Z | a-z]+/", $_POST['name'])) {
$name = $_POST['name'];
//-query the database table
$sql = "SELECT ID, First_Name, Last_Name FROM contact WHERE First_Name LIKE '" . mysql_real_escape_string($name) . "%' OR Last_Name LIKE '" . mysql_real_escape_string($name) . "%'";
//-run the query against the mysql query function
$result = mysql_query($sql);
//-count results
$numrows = mysql_num_rows($result);
echo "<p>" . $numrows . " results found for " . stripslashes($name) . "</p>";
//-create while loop and loop through result set
while ($row = mysql_fetch_array($result)) {
$First_Name = $row['First_Name'];
$Last_Name = $row['Last_Name'];
$ID = $row['ID'];
//-display the result of the array
echo "<ul>\n";
echo "<li>" . "" . $First_Name . " " . $Last_Name . "</li>\n";
echo "</ul>";
}
} else {
echo "<p>Please enter a search query</p>";
}
}
}
if (isset($_GET['by'])) {
$letter = $_GET['by'];
//-query the database table
$letter = mysql_real_escape_string($letter);
$sql = "SELECT ID, First_Name, Last_Name FROM contact WHERE First_Name LIKE '" . $letter . "%'
OR Last_Name LIKE '" . $letter . "%'";
//-run the query against the mysql query function
$result = mysql_query($sql);
//-count results
$numrows = mysql_num_rows($result);
echo "<p>" . $numrows . " results found for " . $letter . "</p>";
//-create while loop and loop through result set
while ($row = mysql_fetch_array($result)) {
$First_Name = $row['First_Name'];
$Last_Name = $row['Last_Name'];
$ID = $row['ID'];
//-display the result of the array
echo "<ul>\n";
echo "<li>" . "" . $First_Name . " " . $Last_Name . "</li>\n";
echo "</ul>";
}
}
if (isset($_POST['submit'])) {
if (isset($_GET['go'])) {
if (preg_match("/[A-Z | a-z]+/", $_POST['patrol'])) {
$patrol = $_POST['patrol'];
//-query the database table
$patrol = mysql_real_escape_string($patrol);
$sql = "SELECT ID, First_Name, Last_Name FROM contact WHERE Patrol LIKE '" . mysql_real_escape_string($patrol) . "%'";
//-run the query against the mysql query function
$result = mysql_query($sql);
//-count results
$numrows = mysql_num_rows($result);
echo "<p>" . $numrows . " results found for " . $patrol . "</p>";
//-create while loop and loop through result set
while ($row = mysql_fetch_array($result)) {
$First_Name = $row['First_Name'];
$Last_Name = $row['Last_Name'];
$ID = $row['ID'];
//-display the result of the array
echo "<ul>\n";
echo "<li>" . "" . $First_Name . " " . $Last_Name . "</li>\n";
echo "</ul>";
}
}
if (isset($_GET['id'])) {
$contactid = $_GET['id'];
//-query the database table
$sql = "SELECT * FROM contact WHERE ID=" . $contactid;
//-run the query against the mysql query function
$result = mysql_query($sql);
//-create while loop and loop through result set
while ($row = mysql_fetch_array($result)) {
$First_Name = $row['First_Name'];
$Last_Name = $row['Last_Name'];
$Home_Phone = $row['Home_Phone'];
$Cell_Phone = $row['Cell_Phone'];
$Work_Phone = $row['Work_Phone'];
$Email = $row['Email'];
$Home_Street = $row['Home_Street'];
$Home_City = $row['Home_City'];
$Home_State = $row['Home_State'];
$Home_Zip = $row['Home_Zip'];
$Troop_Role = $row['Troop_Role'];
$Patrol = $row['Patrol'];
//-display the result of the array
echo "<ul>\n";
echo "<li>" . $First_Name . " " . $Last_Name . "</li>\n";
echo (empty($Home_Phone)) ? '' : "<li>" . $Home_Phone . " Home</li>\n";
echo (empty($Cell_Phone)) ? '' : "<li>" . $Cell_Phone . " Cell</li>\n";
echo (empty($Work_Phone)) ? '' : "<li>" . $Work_Phone . " Work</li>\n";
echo "<li>" . "" . $Email . "</li>\n";
echo "<li>" . $Home_Street . "</li>\n";
echo "<li>" . $Home_City . ", " . $Home_State . " " . $Home_Zip . "</li>\n";
echo "<li>" . $Troop_Role . "</li>\n";
echo "<li>" . $Patrol . "</li>\n";
echo "</ul>";
}
}
}
}
SQL Injection Risk
If you ever use a value from a submitted form when interacting with a database, you should escape the content before doing so. In MySQL, the best function to do this is mysql_real_escape_string() PHP Manual
$sql="SELECT ID, First_Name, Last_Name FROM contact WHERE First_Name LIKE '" . mysql_real_escape_string( $name ) . "%' OR Last_Name LIKE '" . mysql_real_escape_string( $name ) ."%'";
Adding Fields to Search
If you are wanting to add an additional field, like "Department" to the search query, you simply have a field on the search form corresponding to it, and then adapt your SQL Search to have it included in the WHERE clause:
$sql="SELECT ID, First_Name, Last_Name
FROM contact
WHERE ( First_Name LIKE '" . mysql_real_escape_string( $name ) . "%'
OR Last_Name LIKE '" . mysql_real_escape_string( $name ) ."%' )
AND Department='" . mysql_real_escape_string( $department ) ."'";
Using One Field for Two Searches
If you wanted to use a single text field to perform the above search, you will need to decide on some kind of prefix for users to prefix the value for the second field with.
For instance, if we specify "in:" as a prefix to designate the Department, so a search for "John in:Radiology" would look for any person with a first, or last, name starting with "John" but only those in the "Radiology" department.
list( $name , $department ) = explode( ' in:' , $_POST['name'] , 2 );
instead of
$name = $_POST['name'];
LIKE Search Limitation
At the moment, your code will only search for First Names and/or Last Names which start with the entered value. You can make the search return either fields which simply contain (not just start with) the entered value by putting another "%" at the start of the search string:
$sql="SELECT ID, First_Name, Last_Name FROM contact WHERE First_Name LIKE '%" . $name . "%' OR Last_Name LIKE '%" . $name ."%'";
Full-Text Search
You may want to look at this tutorial - Using MySQL Full-text Searching. It covers the concepts of Full-Text Searching, will allows you to find one, or more, words submitted through a single field across multiple database fields.
Limit Returned Rows
Always a good idea to limit the number of rows you return for a search, whether you paginate or simply show X rows. Failing to do this would allow a malicious user to essentially scrape your whole database by simple searching for each letter of the alphabet.
Add your hypothetical field say search_field and then search for it with "SELECT * FROM contact WHERE search_field='search value' order by First_Name", don't forget to index on search_field if it is going to be a unique field like email. I hope the code you pasted above will not go into production. Do not trust user inputs and filter them properly before you used them in SQL queries, needless to say store db credentials and connection string in a separate file and include it.