I have two tables in mysql
practice_sheets and parent_pin
And I want to use one select statement and get data from both tables.
I have tried
$result = mysqli_query($con,"SELECT * FROM practice_sheets AND parent_pin
WHERE student_name='$_SESSION[SESS_FIRST_NAME] $_SESSION[SESS_LAST_NAME]'");
and also:
$result = mysqli_query($con,"SELECT * FROM practice_sheets, parent_pin
WHERE student_name='$_SESSION[SESS_FIRST_NAME] $_SESSION[SESS_LAST_NAME]'");
I've never tried to do this before and the previous solutions are what I found searching.
Update
I think it would help if I included my full code. the table data is going into a table on my page. the student_name field from the practice_sheets and parents_student from parent_pin will be matched.
<?php
$con=mysqli_connect();
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM practice_sheets
WHERE student_name='$_SESSION[SESS_FIRST_NAME] $_SESSION[SESS_LAST_NAME]'");
$numrows = mysqli_num_rows($result);
if($numrows == 0) {
echo "<div class='alert alert-danger'>";
echo "No Entries, See your instructor for details.";
echo "</div>";
} else {
echo "<table class='mws-table table-striped table-hover'>";
echo "<thead align='center'>";
echo "<tr>";
echo "<th>Sheet Number</th>";
echo "<th>Total Minutes</th>";
echo "<th>Due Date</th>";
echo "<th>PIN</th>";
echo "<th>View</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody align='center'>";
while($row = mysqli_fetch_array($result)){
if ($row["total_min"]>=$row["required_min"]) {
echo "<tr class='success'>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['total_min'] . "</td>";
echo "<td>" . $row['due_date'] . "</td>";
echo "<td>" . $row['parent_pin'] . "</td>";
echo "<td> <a href='account/practiceSheets?id=" . $row["id"] . "&total_min=" . $row["total_min"] ."&due_date=" . $row["due_date"] ."&mon_min=" . $row["mon_min"] ."&tues_min=" . $row["tues_min"] ."&wed_min=" . $row["wed_min"] ."&thurs_min=" . $row["thurs_min"] ."&fri_min=" . $row["fri_min"] ."&sat_min=" . $row["sat_min"] ."&sun_min=" . $row["sun_min"] ."&name=" . $row["student_name"] ."&assignment=" . $row["assignment"] ."&required_min=" . $row["required_min"] ."'> <i class='icon-eye-open'> </i> </a> </td>";
echo "</tr>";
} else {
echo "<tr class='info'>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['total_min'] . "</td>";
echo "<td>" . $row['due_date'] . "</td>";
echo "<td>" . $row['parent_pin'] . "</td>";
echo "<td> <a href='account/practiceSheets?id=" . $row["id"] . "&total_min=" . $row["total_min"] ."&due_date=" . $row["due_date"] ."&mon_min=" . $row["mon_min"] ."&tues_min=" . $row["tues_min"] ."&wed_min=" . $row["wed_min"] ."&thurs_min=" . $row["thurs_min"] ."&fri_min=" . $row["fri_min"] ."&sat_min=" . $row["sat_min"] ."&sun_min=" . $row["sun_min"] ."&name=" . $row["student_name"] ."&assignment=" . $row["assignment"] ."&required_min=" . $row["required_min"] ."'> <i class='icon-eye-open'> </i> </a> </td>";
echo "</tr>";
}
}
echo "</tbody>";
echo "</table>";
mysqli_close($con);
}
?>
$result = mysqli_query($con,"SELECT *
FROM practice_sheets, parent_pin
WHERE student_name = parents_student
AND student_name='$_SESSION[SESS_FIRST_NAME] $_SESSION[SESS_LAST_NAME]'");
Use explicit names for WHERE statament, e.g.
$result = mysqli_query("SELECT student_name.practice_sheets FROM practice_sheets AND parent_pin WHERE student_name.practice_sheets = '{$_SESSION['SESS_FIRST_NAME']} {$_SESSION['SESS_LAST_NAME']}'");
MySQL will not AFAIK automatically check where the constraints are and rightly so considering that you may have conflicting names. Note that this is still pseudo code and you will need to change the fetched results accordingly. Usually it is considered to be good practice to also define explicitly the columns you wish to fetch, but otherwise you can use JOIN as well.
And to help writing shorter code, you can also use shorthands for the table names, e.g.
$result = mysqli_query("SELECT student_name.ps AS name, pin.pp AS pin FROM practice_sheets AS ps, parent_pin AS pp WHERE student_name.ps = '{$_SESSION['SESS_FIRST_NAME']} {$_SESSION['SESS_LAST_NAME']}'");
Update
You also have in your updated version an issue. You call mysqli_fetch_array, which returns an ordered (i.e. numbered) array. If you wish to use keyed, use mysqli_fetch_assoc.
And you are closing the MySQL connection at the moment only if the query was successful. Move mysqli_close outside of the brackets.
Related
<html>
<head>
<meta http-equiv = "content-type" content = "text/html; charset = utf-8" />
<title>Using file functions PHP</title>
</head>
<body>
<h1>Web Development - Lab05</h1>
<?php
require_once("settings.php");
$dbconnect = #mysqli_connect($host, $user, $pswd, $dbnm);
if($dbconnect->connect_errno >0)
{
die('Unable to connecto to database [' . $db->connect_error . ']');
}
$queryResult = "SELECT car_id, make, model, price FROM cars";
echo "<table width='100%' border='1'>";
echo "<tr><th>ID</th><th>Make</th><th>Model</th><th>Price</th></tr>";
//initiate array
$displayrow= mysqli_fetch_array($queryResult);
//initiate while loop to iterate through table
while($displayrow)
{
echo "<tr>";
echo "<td>" . $row['ID'] . "</td>";
echo "<td>" . $row['Make'] . "</td>";
echo "<td>" . $row['Model'] . "</td>";
echo "<td>" . $row['Price'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($dbconnect);
?>
</body>
</html>
This is doing my head in, I cannot figure out why it will not display the actual data apart from the Table header. No matter what I used.
I have tried mysqli_fetch_array, mysqli_fetch_row, mysqli_fetch_assoc but nothing works.
Help and explanation why it was not displaying the data would be much appreciated :)
First: You aren't running a query, you are only putting the query text in a variable. You need to use mysqli_query.
Second: You should add mysqli_fetch_array to the loop.
For example:
while($displayrow = mysqli_fetch_array($queryResult))
{
}
Otherwise you are only getting the first row.
Third: Array keys are case sensitive. There is no $row['ID'], as Jeribo pointed out, it is $row['car_id'] as referenced in your query. $row['Make'] is not the same as $row['make'].
Please Precision to names of field in Query ( car_id,make,...)
while($displayrow= mysql_fetch_assoc($queryResult) )
{
echo "<tr>";
echo "<td>" . $displayrow['car_id'] . "</td>";
echo "<td>" . $displayrow['make'] . "</td>";
echo "<td>" . $displayrow['model'] . "</td>";
echo "<td>" . $displayrow['price'] . "</td>";
echo "</tr>";
}
If you want to query outside you still have to set it in the loop:
$result = $db->query($queryResult)
while($row = $result ->fetch_assoc()){
...
}
a Good Tutorial is shown here: http://codular.com/php-mysqli
$row needs to be initialized so why don't you try:
while($row = mysqli_fetch_array($queryResult))
{
....
}
You have to get the result set first and then try fetching array from result set
<?php
require_once("settings.php");
$dbconnect = #mysqli_connect($host, $user, $pswd, $dbnm);
if($dbconnect->connect_errno >0)
{
die('Unable to connecto to database [' . $db->connect_error . ']');
}
$query = "SELECT car_id, make, model, price FROM cars";
$resultSet=mysqli_query($dbconnect,$query)
echo "<table width='100%' border='1'>";
echo "<tr><th>ID</th><th>Make</th><th>Model</th><th>Price</th></tr>";
//initiate array
$displayrow= mysqli_fetch_array( $resultSet);
//initiate while loop to iterate through table
while($displayrow)
{
echo "<tr>";
echo "<td>" . $row['ID'] . "</td>";
echo "<td>" . $row['Make'] . "</td>";
echo "<td>" . $row['Model'] . "</td>";
echo "<td>" . $row['Price'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($dbconnect);
?>
http://www.w3schools.com/php/func_mysqli_fetch_array.asp
I am trying to display a link in a php document. the data is stored in mysql. I have stored the url in the field course_url.
i can get the page to show the hyperlink asd a plain text but want it to show ashyperlink with "Click Here" anchor text. The coding i got so far is:
<?php
$con=mysqli_connect("localhost","root","","mentertraining");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "SELECT `coursedates`.`coursedate_id`,`coursedates`.`course_id`,`coursedates`.`date1`,`courses`.`course_title`,`courses`.`course_url`,`courses`.`no_of_days` FROM coursedates\n"
. "LEFT JOIN `mentertraining`.`courses` ON `coursedates`.`course_id` = `courses`.`course_id` LIMIT 0, 30 ";
$result = mysqli_query($con,$query);
echo "<table border='1'><tr><th>Course Title</th><th>Course Date</th><th>No of Days</th><th>Course URL</th></tr>";
while($row = mysqli_fetch_assoc($result))
{
$date = new DateTime($row['date1']);
$row['date1'] = $date->format('d/m/Y');
echo "<tr>";
echo "<td>" . $row['course_title'] . "</td>";
echo "<td>" . $row['date1'] . "</td>";
echo "<td>" . $row['no_of_days'] . "</td>";
echo "<td>""<a href=" . $row['course_url'] . >"'Click Her'"</a>""</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
Your echo is malformed on this line:
echo "<td>""<a href=" . $row['course_url'] . >"'Click Her'"</a>""</td>";
It should be:
echo "<td><a href='" . $row['course_url'] . "'>Click Here</a></td>";
You have used the wrong "' quotations
while($row = mysqli_fetch_assoc($result))
{
$date = new DateTime($row['date1']);
$row['date1'] = $date->format('d/m/Y');
echo "<tr>";
echo "<td>" . $row['course_title'] . "</td>";
echo "<td>" . $row['date1'] . "</td>";
echo "<td>" . $row['no_of_days'] . "</td>";
echo "<td><a href='" . $row['course_url'] ."'>Click Her</a></td>";
echo "</tr>";
}
I'm a new member of StackOverflow, and although I've been using the website for a long time, it's my first time posting a question, in a hope that someone will be able to help me. I'll start by saying that my knowledge of PHP and MySQL is basic, but what I'm trying to do isn't too complex in my opinion, so hopefully I won't be asking for much. I've done a lot of prior research, but I just couldn't find the right answer.
In short, this is what I'm trying to do:
I've got an html form, which upon submission writes data to a database, and then publishes a table on a separate html page. With each successful submission a new table gets generated and published, while the old one gets pushed underneath. This all works fine, and I've also implemented pagination so that only 5 tables are visible per page.
What I'd like to be able to do is allow people to ONLY view/display results (tables) based on a specific criteria, in this case "rating", by selecting a rating from a drop-down on the page where tables are published. Rating is one of the fields in my form which gets submitted to a database and then published in one of the rows in a table.
Below is the code which publishes tables. Thanks in advance for your help!
<?php
include('dbconnect.php');
mysql_select_db("vtracker", $con);
$result = mysql_query("SELECT * FROM userdata");
$age = "Age:";
$rating = "Rating:";
$country = "From:";
$name = "Name:";
while($row = mysql_fetch_array($result))
{
echo "<table id='mft_table' cellspacing='0'>";
echo "<tbody>";
echo "<tr>";
echo "<td class='row1'>" .$name . " " . $row['personsname'] . "</td>";
echo "<td rowspan='4'>";
echo "<div class='mft_column'>" . $row['mft'] . "</div>";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row2'>" . $country . " " . $row['nationality'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row3'>" . $age . " " . $row['personsage'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row4'>" . $rating . " " . $row['rating'] . "</td>";
echo "</tr>";
echo "</tbody>";
echo "<br>";
echo "</table>";
}
?>
for both true and false use can add thid in your code:
if($_POST['rating_dropdown']!='')
{
$temp_rating = $_POST['rating_dropdown'];
$query=mysql_query("SELECT * FROM userdata WHERE rating = '$temp_rating'");
}
else
{
$query=mysql_query("SELECT * FROM userdata");
}
Dunno if this works, it's just a hinch. haha.
It will see if the rating is true(not null), if it's true it will echo the results.
while($row = mysql_fetch_array($result))
{
if ($rating)
echo "<table id='mft_table' cellspacing='0'>";
echo "<tbody>";
echo "<tr>";
echo "<td class='row1'>" .$name . " " . $row['personsname'] . "</td>";
echo "<td rowspan='4'>";
echo "<div class='mft_column'>" . $row['mft'] . "</div>";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row2'>" . $country . " " . $row['nationality'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row3'>" . $age . " " . $row['personsage'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row4'>" . $rating . " " . $row['rating'] . "</td>";
echo "</tr>";
echo "</tbody>";
echo "<br>";
echo "</table>";
}
}
Once the dropdown gets selected and posted to your display page, use this code:
$temp_rating = $_POST['rating_dropdown'];
mysql_query("SELECT * FROM userdata WHERE rating = '$temp_rating'");
Keep in mind, however, that you should be using PDO or mysqli extension, not the mysql extension. According to PHP's website:
This extension is deprecated as of PHP 5.5.0, and will be removed in
the future. Instead, the MySQLi or PDO_MySQL extension should be used.
See also MySQL: choosing an API guide and related FAQ for more
information.
Another (basic) question here. I need to know how to use html forms to filter the results of a mysql query using PHP. I have been looking at w3schools and I can see how using $_POST on one page can output to another page. But I cannot see exactly how to put the $_POST into my query. For example I have one page as below:
<form action="orderlist.php" method="post">
OrderNo: <input type="int" name="order_no" />
<input type="Submit" />
</form>
This is a page where the user can enter an order_no and click submit, which links to the 'orderslist.php' page. On that page I have the following code:
$result = mysql_query("SELECT * FROM orders");
echo "<table border='5'>
<tr>
<th>order_no</th>
<th>ord_date</th>
<th>est_completion_date</th>
<th>status</th>
<th>invoice_date</th>
<th>inv_amount</th>
<th>name</th>
<th>fName</th>
<th>lName</th>
</tr>";
// -- Use 'while' to check each row in $result in turn:
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['order_no'] . "</td>";
echo "<td>" . $row['ord_date'] . "</td>";
echo "<td>" . $row['est_completion_date'] . "</td>";
echo "<td>" . $row['status'] . "</td>";
echo "<td>" . $row['invoice_date'] . "</td>";
echo "<td>" . $row['inv_amount'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['fName'] . "</td>";
echo "<td>" . $row['lName'] . "</td>";
echo "</tr>";
}
echo "</table>";
This outputs everything from 'orders' into a table, but I want it to only output the row with the order_no that the user entered on the previous page. How do I do this? Is it something like:
$result = mysql_query("SELECT * FROM orders WHERE order_no = $_POST[order_no]");
Thank a lot
For starters, you should switch to PDO or mysqli -- the mysql_* functions are in the process of deprecation.
On to your question: yes, that's how you do it, with a WHERE clause. However, it is very (very very very) insecure to concatenate a variable directly out of $_POST without sanitation.
That said, at a minimum you should do this:
mysql_query('SELECT * FROM orders WHERE order_no = '.mysql_real_escape_string($_POST[order_no]));
Another thing... don't use SELECT *. You should always list the columns you expect to get from the database -- that way, if there is a problem (like the columns have changed), the query can let you know. With SELECT * you get back a magical grab-bag of data -- you have no idea what it is, and more importantly, if it has the values your code relies on.
So, putting it together:
$pdo = new PDO("mysql:host=localhost;dbname=database", '-username-', '-password-');
$sth = $pdo->prepare('
SELECT
`order_no`,
`ord_date`,
`est_completion_date`,
`status`,
`invoice_date`,
`inv_amount`,
`name`,
`fName`,
`lName`
FROM
orders
WHERE
order_no = :order_no
');
$sth->execute(array(':order_no'=>$_POST[order_no]));
while ($order= $sth->fetch()) {
echo "<tr>";
echo "<td>" . $order->order_no . "</td>";
echo "<td>" . $order->ord_date . "</td>";
echo "<td>" . $order->est_completion_date . "</td>";
echo "<td>" . $order->status . "</td>";
echo "<td>" . $order->invoice_date . "</td>";
echo "<td>" . $order->inv_amount . "</td>";
echo "<td>" . $order->name . "</td>";
echo "<td>" . $order->fName . "</td>";
echo "<td>" . $order->lName . "</td>";
echo "</tr>";
}
Edit: One last note, the input you're using is not valid; type="int" is not a recognized input type. Here's a list of types for HTML 4, and a list for HTML 5:
As you can see, HTML 5 does have a new input type "number". It is not fully adopted, but if you wanted to use it:
<input type="number" name="order_no" />
Be aware, however, that not all browsers will restrict the input to numeric: http://caniuse.com/#feat=input-number
Documentation
mySql SELECT - http://dev.mysql.com/doc/refman/5.0/en/select.html
mysql_query (DEPRECATED) - http://php.net/manual/en/function.mysql-query.php
PDO - http://www.php.net/manual/en/book.pdo.php
PDO::prepare - http://www.php.net/manual/en/pdo.prepare.php
PDOStatement::fetch - http://www.php.net/manual/en/pdostatement.fetch.php
PDOStatement::execute - http://www.php.net/manual/en/pdostatement.execute.php
Without injection vulnerability (require 'mysql_connect' before) :
if(isset($_POST['order_no']))
{
$orderNo = mysql_real_escape_string($_POST['order_no']);
$result = mysql_query("SELECT * FROM orders WHERE order_no = $orderNo");
echo "<table border='5'>";
echo " <tr>";
echo " <th>order_no</th>";
echo " <th>ord_date</th>";
echo " <th>est_completion_date</th>";
echo " <th>status</th>";
echo " <th>invoice_date</th>";
echo " <th>inv_amount</th>";
echo " <th>name</th>";
echo " <th>fName</th>";
echo " <th>lName</th>";
echo " </tr>";
if(mysql_num_rows($result) == 0)
{
echo '<tr><td colspan="9">Order not found</td></tr>';
}
else
{
while($row = mysql_fetch_assoc($result))
{
echo "<tr>";
echo " <td>" . $row['order_no'] . "</td>";
echo " <td>" . $row['ord_date'] . "</td>";
echo " <td>" . $row['est_completion_date'] . "</td>";
echo " <td>" . $row['status'] . "</td>";
echo " <td>" . $row['invoice_date'] . "</td>";
echo " <td>" . $row['inv_amount'] . "</td>";
echo " <td>" . $row['name'] . "</td>";
echo " <td>" . $row['fName'] . "</td>";
echo " <td>" . $row['lName'] . "</td>";
echo "</tr>";
}
}
echo "</table>";
}
Try this:
$orderNumber = mysql_real_escape_string($_POST['order_no']);
$result = mysql_query("SELECT * FROM orders WHERE order_no = $orderNumber");
This takes the value of $_POST['order_no'] and somewhat sanitizes it. You then apply the value of $orderNumber to MySQL.
However, you're much better off using PDO or MySQLi. Both protect you (if used correctly) from SQL injection. Currenly, your code is VERY prone to SQL injection.
Your form should be something like this:
<form action="orderlist.php" method="post">
OrderNo: <input type="text" name="order_no" />
<input type="Submit" value="Submit"/>
</form>
To get any value that is typed by user in the form you should use type="text".
There is nothing like type="int" in standard HTML.
Don't get confused, the Input TYPE in HTML is not the same as one you use in Programming languages to declare Data type. Here TYPE is just to let the browser know that its a text field / Radio Button etc.
To understand Valid Input Types better read this w3.org recommendation on HTML forms.
On orderlist.php you can query to retrieve the required data:
if(isset($_POST['order_no'])) {
$orderNo = mysql_real_escape_string($_POST['order_no']);
$result = mysql_query("SELECT * FROM orders WHERE order_no = $orderNo");
while($row = mysql_fetch_array($result)) {
//code to print table.
}
}
Note:
This type of code is Vulnerable to easy attacks, and it is never recommended to put user input directly into SQL query, it should always be filtered first.
I have an admin area in an ecommerce website whereby the admin can view all users on the allusers.php page. The users are listed in a table with their personal information, however i have a 'view profile' button near each user whereby if you was to click on it, it would take you to another page where you can view that specific users past orders.
the following is the code i have for allusers.php:
<?php
$result = mysql_query("SELECT * FROM customers ")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>First Name</th><th>Surname</th><th>Address</th><th>E-Mail</th><th>Username</th><th>View Profile</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['surname']. "</td>";
echo "<td>" . $info['address1']. $info['address2']. $info['city']. $info['postcode']." </td>";
echo "<td>" . $info['email']. "</td>";
echo "<td>" . $info['username']. "</td>";
echo "<td>" . " <a href='view.php'>View</a> </td>";
}
}
echo "</tr>";
echo "</table>";
?>
the view.php page is as follows:
<?php
$result = mysql_query("SELECT * FROM order WHERE ......dont know what to enter here")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders For This Customer Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>Product</th><th>Quantities</th><th>Date</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['quantity']. "</td>";
echo "<td>" . $info['date']. " </td>";
}
}
echo "</tr>";
echo "</table>";
?>
I have a mysql database with the following fields & tables:
Customers - id, name, surname, address1, address2, city, postcode, email, username, password
Products - serial, name, description, price, picture
Order - id, name, quanitity, price, date, username
Thanks for any help provided
Your code lacks any sort of security mechanisms... This is very bad, especially in an e-commerce setting.
Excusing that, you would pass the username to the view page in the URL.
echo "<td>" . " <a href='view.php?user=" . $info['username'] . "'>View</a> </td>";
In your view page, you would get the parameter from the URL and include it with your query.
if (isset($_GET) && isset($_GET['user'])) {
$user = mysql_real_escape_string($_GET['user']);
} else {
header('Location: allusers.php');
exit(); // boot them back to the previous page.
}
$result = mysql_query("SELECT * FROM order WHERE username = '" . $user . "'")
A simple method could be the follow. Replace this line in alluser.php
echo "<td>" . " <a href='view.php'>View</a></td>";
with this one
echo '<td>View</td>';
and then, in your view.php have
if (isset($_GET['username']) && $_GET['username'] != '')
{
$username = mysql_real_escape_string($_GET['username']);
$result = mysql_query("SELECT * FROM order WHERE username = '$username'");
}
else
{
// No user specified. Do other statements
}
Please note the use of:
The user of the mysql_real_escape_string() function to protect from Sql injection (would be better the use of a prepared statements)
The use of the parameter username in the first page to pass the value of the username to the second page
The use of the $_GET global array to retrieve the parameter
Try this:
allusers.php
<?php
$result = mysql_query("SELECT * FROM customers ")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>First Name</th><th>Surname</th><th>Address</th><th>E-Mail</th><th>Username</th><th>View Profile</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['surname']. "</td>";
echo "<td>" . $info['address1']. $info['address2']. $info['city']. $info['postcode']." </td>";
echo "<td>" . $info['email']. "</td>";
echo "<td>" . $info['username']. "</td>";
echo "<td>" . " <a href='view.php?user={$info['username']}'>View</a> </td>";
}
}
echo "</tr>";
echo "</table>";
?>
view.php
<?php
$user = mysql_real_escape_string($_GET['user']);
$result = mysql_query("SELECT * FROM order WHERE user = '$user'")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders For This Customer Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>Product</th><th>Quantities</th><th>Date</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['quantity']. "</td>";
echo "<td>" . $info['date']. " </td>";
}
}
echo "</tr>";
echo "</table>";
?>