I am working on my website and I have a basic table to display members of people who have registered. I however don't want to display the Admin account on the table. Is there any way to exclude a username/id from the table in this case, the admin? Thanks in advanced, Josh
Here is my code for the member list table:
<?php
include("include/session.php");
/**
* displayUsers - Displays the users database table in
* a nicely formatted html table.
*/
function displayUsers(){
$levels = array('1'=>'Member','2'=>'Supporter','3'=>'Donor','4'=>'VIP','5'=>'Veteran','7'=>'Co-Founder','8'=>'Founder','9'=>'Admin');
//do_query
//loop results
$ulevel = mysql_result($result,$i,"userlevel"); $ulevel = $levels[$ulevel];
//continue loop
global $database;
$q = "SELECT username,userlevel,email,timestamp "
."FROM ".TBL_USERS." ORDER BY userlevel DESC,username";
$result = $database->query($q);
/* Error occurred, return given name by default */
$num_rows = mysql_numrows($result);
if(!$result || ($num_rows < 0)){
echo "Error displaying info";
return;
}
if($num_rows == 0){
echo "Database table empty";
return;
}
/* Display table contents */
echo "<table align=\"left\" border=\"1\" cellspacing=\"0\" cellpadding=\"3\">\n";
echo "<tr><td><b>Username</b></td><td><b>Level</b></td><td><b>Last Active</b></td></tr>\n";
for($i=0; $i<$num_rows; $i++){
$uname = mysql_result($result,$i,"username");
$ulevel = $levels[mysql_result($result,$i,"userlevel")];
$time = mysql_result($result,$i,"timestamp");
echo "<tr><td>$uname</td><td>$ulevel</td><td>$time</td></tr>\n";
}
echo "</table><br>\n";
}
?>
Just update your query:
$q = "SELECT username,userlevel,email,timestamp "
."FROM ".TBL_USERS." where userlevel<>'Admin' ORDER BY userlevel DESC,username";
If you use PDO library:
...
$adminLevel = 'Admin';
$q = "SELECT username,userlevel,email,timestamp "
."FROM ".TBL_USERS." where userlevel <> ? ORDER BY userlevel DESC,username";
$statement = $database->prepare($q);
$result = $statement->execute(array($adminLevel));
... // Go on with the rest of your code
You can modify this accordingly..
SELECT * FROM table WHERE level <> 'admin'
Related
I'm working on attendance base on login and logout, Is there a way I can make this code work, I'm having a problem on after successfully update the data it will go to another notepad and in there it has a select query that will display the image and basic info of user. But when I tried to logout it displays different user info and images.
Here is my code for php:
<?php
include_once ('connection.php');
if(isset($_POST['submit']))
{
$username2 = $_POST['username2'];
$password1= $_POST['password1'];
$time=date("H:i:s");
$sql = mysqli_query($conn,"SELECT tbl_visitor.Birthday,tbl_visitor.School_Company,tbl_visitor.Contact_number,tbl_visitor.Visitor_Address,tbl_visitor.image,tbl_visitor.Visitor_username,tbl_visitor.Visitor_id,tbl_visitor.Visitor_password,concat(Visitor_first_name,'',Visitor_last_name) as name,
tbl_visitor_form.Time_in,tbl_visitor_form.Time_out , tbl_visitor_form.Number FROM tbl_visitor LEFT JOIN tbl_visitor_form on tbl_visitor.Visitor_id = tbl_visitor_form.Visitor_id WHERE tbl_visitor.Visitor_username = '$username2' and tbl_visitor.Visitor_password = '$password1'
order by Number DESC limit 1");
$count = mysqli_num_rows($sql);
if ($count == 0) {
$_SESSION['error_message'] = "Incorrect username or password";
header("Location:logout.php?");
} else{
while ($row = mysqli_fetch_array($sql)) {
$username2 = $row['Visitor_username'];
$password1 = $row['Visitor_password'];
$name=$row['name'];
$id=$row['Visitor_id'];
$image=$row['image'];
if(empty($row['Time_in'])) {
header("location:visitorvalidate1.php");
} else if(empty($row['Time_out'])){
$InsertSql = "Update tbl_visitor_form set Time_out = '$time' where Visitor_username='$username2' and Visitor_password = '$password1' order by Number DESC limit 1 ";
$res = mysqli_query($conn, $InsertSql);
header("location:outsuccess.php?");
}else{
header("location:visitorvalidate1.php");
}
}
}
}
?>
here is my outsuccess.php:
<?php
include_once('connection.php');
$sql = "select Visitor_username, image, Visitor_name from tbl_visitor_form
order by Number DESC limit 1 ";
$result = mysqli_query($conn,$sql);
while( $row = mysqli_fetch_array($result)) {
$uname=$row['Visitor_username'];
$name=$row['Visitor_name'];
$image=$row['image'];
}
?>
the first query above is working but the second query in select has the problem, it selects different value after the update. for example, there is two user has already login user1 and user2 when I try to logout user1 it successfully updated but it displays the info of user2 instead of user1 on outsuccess.php. Hope you can help me fix this. Advance Thanks
I've created different pages for 20 different rows in my php code, please have a look-
if(isset($_GET['page']))
{
$page = $_GET['page'];
}
else
{
$page = '';
}
if($page=='' || $page==1)
{
$page1=0;
}
else
{
$page1=($page*20)-20;
}
$query="SELECT * FROM issued_books limit $page1,20";
if($did_query_exec=mysqli_query($conn,$query))
{
while($query_exec=mysqli_fetch_array($did_query_exec, MYSQLI_ASSOC))
{
$isret = $query_exec["Date_returned"];
$dateret = $query_exec["Date_returned"];
$dateis = $query_exec['Date_issued'];
//echoing the values here
}
}
$query = "SELECT * FROM `issued_books`";
$Result = mysqli_query($conn, $query);
$cou = mysqli_num_rows($Result);
$a = $cou/20;
echo "</br></br>";
$a = ceil($a);
echo 'Page ';
for($b=$a; $b>=1; $b--)
{
echo "<a href='return-books.php?page=$b' style='text-decoration:none'>$b </a>";
}
The above code creates the link for all the pages with row 1 of page 1 contains the first record inserted by me.
I wish to display the recent most created record in row 1 of page 1
any kinda help would be really appreciated, thanks :)
You have to add ORDER BY with DESC:-
$query="SELECT * FROM `issued_books` ORDER BY id DESC limit $page1,20";
And
$query = "SELECT * FROM `issued_books` ORDER BY id DESC";
Note:- change the column name in ORDER BY according to your wish.
Ok, so I am building on my first question here https://stackoverflow.com/questions/38102208/php-mysql-how-to-only-echo-links-with-search-bar-post-that-arent-already-echo
trying to only echo only usernames of people whose id is NOT in a mysql table called conversation along with a set id (the person who is signed in).
I echo the people who their id is user_two in a table conversation REGARDLESS if a search bar is posted here:
//$num = mysqli_query($con, "SELECT * FROM `pm_messages` WHERE user_from=".$account['id']."");
$numCon = mysqli_query($con, "SELECT * FROM `conversation` WHERE user_one=".$account['id']."");
$numrows = mysqli_num_rows($numCon);
while ($u = mysqli_fetch_assoc($numCon)) {
//get other users usernames to echo link
$getUserTwo = mysqli_query($con, "SELECT * FROM `accounts` WHERE id=".$u['user_two']."");
$s = mysqli_fetch_assoc($getUserTwo);
//echo $s['username'];
echo "<a href='message.php?id={$s['id']}'><li><img class = 'dmCircle' src = '../images/chatCircle.png'/>{$s['username']} </li></a>";
}
This works well, meaning only individuals who a conversation has been started with (a row exists for this user and the one signed in conversation table) are echoed in a link.
Problem comes here with the search bar because it echoes all individuals even if a conversation has been started, resulting in duplicates:
(notice the 2 khusteds)
This does not make sense because here I select the row in conversation where user_one is the signed in user and user_two is the second user and only echo a link if the result is FALSE (meaning there's no conversation):
if (isset($_POST['searchbarpm'])) {
//$sess->getUsers();
$dbh = mysqli_connect("localhost","username","password","sqlserver");
$query = $_POST['searchbarpm'];
$q = mysqli_query($dbh, "SELECT * FROM sqlserver.accounts WHERE username LIKE '%".$query."%'");
//display all the results
while($row = mysqli_fetch_assoc($q)) {
$checkConvo = mysql_query("SELECT 'id' FROM sqlserver.conversation WHERE user_one=".$user_id." AND user_two=".$row['id']."");
//only output users they dont have convo going with because theyre already printed!!!
if ($checkConvo==false && $row['id']!= $user_id) {
echo "<a href='message.php?id={$row['id']}'><li><img class = 'dmCircle' src = '../images/noChatCircle.png'/> {$row['username']}</li></a>";
}
}
}
But it looks like the query is always false because again, all users are echoed. Why is this happening? How can I only echo users not in conversation table with the signed in user (user_one)?
EDIT:
new code (sorry for screenshot); :
#IanH -
$con = mysqli_connect("localhost","username","password","sqlserver");
//$num = mysqli_query($con, "SELECT * FROM `pm_messages` WHERE user_from=".$account['id']."");
$numCon = mysqli_query($con, "SELECT * FROM `conversation` WHERE user_one=".$account['id']."");
$numrows = mysqli_num_rows($numCon);
while ($u = mysqli_fetch_assoc($numCon))
{
//get other users usernames to echo link
$getUserTwo = mysqli_query($con, "SELECT * FROM `accounts` WHERE id=".$u['user_two']."");
$s = mysqli_fetch_assoc($getUserTwo);
//echo $s['username'];
if(isset($_POST['searchbarpm'])){
//$sess->getUsers();
$dbh = mysqli_connect("localhost","username","password","sqlserver");
$query = $_POST['searchbarpm'];
$q = mysqli_query($dbh, "SELECT * FROM sqlserver.accounts WHERE username LIKE '%".$query."%'");
//display all the results
while($row = mysqli_fetch_assoc($q)){
if($row['id']!= $user_id && $row['id']!=$s['id']) { //only output users they dont have convo going with because theyre already printed!!!
echo "<a href='message.php?id={$row['id']}'><li><img class = 'dmCircle' src = '../images/noChatCircle.png'/> {$row['username']}</li></a>";
}
}
}
else {
echo "<a href='message.php?id={$s['id']}'><li><img class = 'dmCircle' src = '../images/chatCircle.png'/>{$s['username']} </li></a>";
}
}//
First of all, you need change the mysql_query( ... ) on line 9 of your second posted code block to mysqli_query( ... ), for API consistency and compatibility.
Also, you could have duplicate results if you are allowing multiple entries in the conversation table where users A and B can be entered as user1 = A, user2 = B in one conversation, and user1 = B, user2 = A in a different conversation.
Lastly, as Jay Blanchard said, you should use prepared statements to avoid SQL injection.
Hello what I want is to get the same $typeValue which I am displaying in a message and then display the data.
In the first page the code that I am display the message with a specific $typeValue is the below
//ALERT SYSTEM
$query2 = mysql_query("SELECT username, typeValue FROM sensors WHERE (sensorValue < min OR sensorValue > max) AND doctorStatus='0'");
$query3 = mysql_query("SELECT username FROM sensors WHERE (sensorValue < min OR sensorValue > max) AND doctorStatus='0'");
//$row3 = mysql_fetch_array($query3);
while($row = mysql_fetch_array($query2))
{
while($row3 = mysql_fetch_array($query3))
{
$p1 = mysql_num_rows(queryMysql("SELECT * FROM connected
WHERE username='$row3[0]' AND friend='$username'"));
$p2 = mysql_num_rows(queryMysql("SELECT * FROM connected
WHERE username='$username' AND friend='$row3[0]'"));
if (($p1 + $p2) > 1)
{
$alert_message= " <b><font color=red><p align='center'>User " . $row['username'] . " Has A Health Problem with his/her ".$row['typeValue']."</font></b>";
$link_address = "health_problem.php?view=".$row['username']."&typevalue=".$row['typeValue'];
?>
<?php echo $alert_message; ?>
<?php
}
}
}
And the code of the other page which I want to display this data
<?php
/**
* #author Nick Bourlai
* #copyright 2015
*/
include_once 'header.php';
$result = queryMysql("SELECT * FROM patient WHERE username='$username'");
if(mysql_num_rows($result))
{
$query = "UPDATE sensors SET status='1' WHERE status ='0' AND username='$username'";
mysql_query($query)or die(mysql_error());
}
else
{
$query = "UPDATE sensors SET doctorStatus='1' WHERE doctorStatus ='0' AND username='$view'";
mysql_query($query)or die(mysql_error());
}
$con = mysqli_connect('localhost','root','smogi','project');
if (!$con) {
die('Could not connect: ' . mysqli_error($con));
}
$view = ($_GET['view']);
$username2 =$_SESSION['username'];
$typeValue = ($_GET['typeValue']);
$sql="SELECT typeValue,unit,sensorValue,datetime FROM sensors WHERE username='$view' AND typeValue='$typeValue'";
$result = mysqli_query($con,$sql);
echo $view;
echo $typeValue;
echo "<table>
<tr>
</tr>";
while($row = mysqli_fetch_array($result)) {
echo "<tr> <b>Type: </b>";
echo stripslashes($row['typeValue']) . "<br/><b>Unit: </b>";
echo stripslashes($row['unit']) . "<br/><b>Value: </b>";
echo stripslashes($row['sensorValue']) . "<br/><b>Date: </b>";
echo stripslashes($row['datetime']) . "<br/>";
echo "--------------------------------------------------------------------------------------------------------------";
echo "<br/></tr>";
}
echo "</table>";
?>
So what I want is to get from the clicked link the specific row and display the data of this row in the other page.
#Fred-ii- by mistake i switch my language in the keyboard and you answer was correct , about the small V in the word please write it as an answer in order to accept it
As per requested:
Your GET value is using an lowercase v in the URL
health_problem.php?view=magda&typevalue=Temperature, rather than an uppercase V in relation to typeValue in the GET array $_GET['typeValue']
health_problem.php?view=magda&typeValue=Temperature
Variables are case-sensitive.
Plus, on top of what has already been stated by myself in comments, that different MySQL APIs do not intermix with each other. Use the same MySQL API from connection to query.
Footnotes:
Consider using mysqli with prepared statements, or PDO with prepared statements, they're much safer.
PHP variables and array keys are case sensitive. This line in your 2nd script
$typeValue = ($_GET['typeValue']);
should be
$typeValue = ($_GET['typevalue']);
I'm a bit of a newb to PHP and MySQL. I seem to be having an issue with something. How do I loop through an array, querying each value in the array until the query meets a certain condition.. In this case it would be that the number of rows returned from the query is less than five. Here is what I have:
$query1="SELECT UserID FROM Users where RefID='$userid'";
$result1=mysql_query($query1);
while ($row = mysql_fetch_array($result1, MYSQL_NUM) && $sql2querynum < '5')
{
echo ($row[0]);
echo "
";
$sql2 = "SELECT * FROM Users WHERE RefID=$row[0]";
$sql2result = mysql_query($sql2);
$sql2querynum = mysql_numrows($sql2result);
}
Problem is, for every value it echoes out, I get the following warning:
mysql_numrows(): supplied argument is not a valid MySQL result resource
Like I said, I'm a newb, so maybe I'm not even going about doing this the right way.
try this
$query1="SELECT UserID FROM Users where RefID='$userid'";
$result1=mysql_query($query1);
if(mysql_num_rows($result1)<5)
{
while ($row = mysql_fetch_array($result1))
{
echo ($row[0]);
echo "
";
$sql2 = "SELECT * FROM Users WHERE RefID=$row[0]";
$sql2result = mysql_query($sql2);
$sql2querynum = mysql_numrows($sql2result);
}
}
$query1="SELECT UserID FROM Users where RefID='$userid'";
$result1=mysql_query($query1);
while ($row = mysql_fetch_array($result1, MYSQL_NUM) && $sql2querynum < '5')
{
echo ($row[0]);
echo "
";
$sql2 = "SELECT * FROM Users WHERE RefID={$row[0]}";
$sql2result = mysql_query($sql2);
$sql2querynum = mysql_numrows($sql2result);
}
Use { } for variables in " " ... and why you are not using joins ?