I'm having problems with SQL query that returns no results instead of the data from the tables.
I have two tables on my DB, one is for Products and the other is Basket. The idea is to take the product id's from the basket and retrieve all the rest of the data from the product table. This is what i did:
$sql = sprintf("SELECT * FROM Basket");
$result = mysql_query($sql, $link);
while ($row = mysql_fetch_array($result)) {
$my_id = $row["Id"];
$prod_s=sprintf("SELECT * FROM Products WHERE Id='%s'",$my_id) ;
$prod= mysql_fetch_array($prod_s);
echo "<td>" . htmlentities($prod["Name"],ENT_QUOTES,"UTF-8") . "</td>";
echo "<td>" . htmlentities($prod["Size"]) . "</td>";
.
.
.
The table is being created but all fields are empty.
Thank you!
First of all, your current code is vulnerable to second-level SQL injections: if one of the IDs in the database is a malicious string (e.g. the good old ; DROP DATABASE foo), you're screwed.
Now, your actual problem is that you're not actually sending the second query to the SQL server. You'll want to run mysql_query() on it and use the result handle with mysql_fetch_array. You're already doing it correctly with the initial query. Just do the same thing again.
Finally, you might want to know that all of this can be done in a single SQL query, using joins. You may want to ask your favourite search engine about those. Good luck!
I think you still have to add a mysql_query for prod_s.
$my_id = $row["Id"];
$prod_s=sprintf("SELECT * FROM Products WHERE Id='%s'",$my_id) ;
$prod_q=mysql_query($prod_s);
$prod= mysql_fetch_array($prod_q);
echo "<td>" . htmlentities($prod["Name"],ENT_QUOTES,"UTF-8") . "</td>";
echo "<td>" . htmlentities($prod["Size"]) . "</td>";
Related
Being a beginner in PHP, I have a table in a database which consists of 14 columns. I need to extract some of the columns through an 'href' link on another page. I am having a hard time trying to get the specific column ids for the specific column as I need the columns to be displayed as plain text separately on an html page.
So this is the fetch code to display columns 'A' and 'G' including two links in a table.
while($row=mysql_fetch_array($res))
{
echo "<tr>";
echo "<td>" . $row['A'] . "</td>";
echo "<td>" . $row['G'] . "</td>";
echo "<td>FASTA</td>";
echo "<td>Full Entry</td>";
echo "</tr>";
}
I am facing problems to get the columns A to M separately on the next php page of FullEntry.php and I need the data from the columns as plain text.
This is what I could come up with on FullEntry.php page.
$row = $_GET['rowid'];
<!--Here is where I need the multiple row ID's to get separate columnar data-->
echo $row;
?>
So How can use different id's for different columns from the original.php page to display results separately through the FullEntry.php page or If there can be any modifications with sql query as well. Help will be appreciated.
Any help would be appreciated.
Thank you in advance!
HereI have added a delimiter | bewteen $row reults like
echo "<td>Full Entry</td>";
And the result will be like Fullentry.php?rowid=a|b|c|d|e..... and you can access this by exploding the rowid.
$result = $_POST['rowid];
$result = explode("|",$result);
echo $result [0];
echo $result [1];...
very new to php and mysql so all help is greatly appreciated. I have tried to search the forums but not entirely sure specifically what I need to be searching for. I have a form which ask users to select a product and make a comment.
I need the information for a particular product to show on my product page instead of all of the information. (for example, I want the reviews for iPads to show on the ipad page)
This is the code that send the data to the database:
<?php
session_start();
include('connection.php');
$name=$_POST['name'];
$product=$_POST['product'];
$star=$_POST['star'];
$comment=$_POST['comment'];
mysql_query("INSERT INTO tt_review(name, product, star, comment)VALUES('$name', '$product', '$star','$comment')");
header("location: https://scm-intranet.tees.ac.uk/users/l1071039/tablet-takeover/index.html");
mysql_close($con);
?>
This is the current code to fetch the data onto my page:
<?php
include('connection.php');
$result = mysql_query("SELECT * FROM tt_review");
echo "<table border='1'>
<tr>
</tr>";
while($row = mysql_fetch_array($result)) //This function is calling the results variable and displaying them within the rows below
{
echo "<tr>"; //this code tells the page to output the table rows that are defined above
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['date'] . "</td>"; //each row is then executed using the table data function
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['star'] . "</td>";
echo "<td>" . $row['comment'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
This is a screenshot of the table on my webpage (as I say, I need it to only show the ipad reviews.
To select only one kind of product, you should add a where clause on your sql query:
SELECT * FROM tt_review WHERE product = 'Apple iPad'
You can give like this
"SELECT * FROM tt_review WHERE Product_name ='ipad'"
It will display only the information related to Ipad
Still If you dont understand please give me the name of the columns you used in the table
Firstly, mysql_* functions have been depreciated. Rather, use either PDO or MySQLi.
Secondly, your code is very vulnerable to SQL injection.
Thirdly, fix your select statement to the following:
SELECT * FROM tt_review WHERE product = 'ipad'
Currently I have a query running that brings up all the contents of the 'products' table and the 'user' associated with the products. It prints on a table. I want to create a button, that brings up the entire records.
Please note that I must only be able to view the selected record only.. How would I go about this?
echo "<table border='1'>
<tr>
<th>user_id</th>
<th>user_name</th>
<th>selected_product</th>
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
echo "<td>" . $row['user_id'] . "</td>";
echo "<td>" . $row['user_name'] . "</td>";
echo "<td>" . $row['selected_product'] . "</td>";
So a button should appear for each record that is returned as a result. When I click this button another window should appear which shows the entire contents (for this record only) and the user associated.
How does the button know which record its associated with.
<a href="anotherpage.php?id=<?php echo $row['user_id']?>" ><button>View Details</button></a>
This will take you to another page.
Use get method tho get the id into php variable.
$userId = $_GET['id'];
And now use sql query to fetch all the data from the database for single user.
$userResult = mysql_query("SELECT * FROM userTable WHERE user_id = ".$userId);
I am using a database that was already created and I can access, but do not have the permission to alter the database at all.
I am using the query
select last_count, query, job_id from twitterinblack46.job where job_id in ('.$job_id_all.') order by last_count desc;
to call three columns (last_count, query, and job_id) and display them in a table.
This query works as I want it to, but the only issue is the query column displays data with either a "%23","%40","%20", or "q=" in front of the desired data.
I need to figure out how to get rid of these strings before displaying the table.
Here is the while statement used to generate the table:
while($row = mysql_fetch_array($result)){
echo"<tr>";
echo "<td>" . $row["job_id"] . "</td>";
echo "<td>" . $row["last_count"] . "</td>";
echo "<td>" . $row['query'] . "</td>";
echo "<tr>";
}
echo "</table>";
I have created this query:
select replace(replace(replace(REPLACE(query,'%23', ''),'%40',''),'q=',''),'%20','') from job;
to get rid of these characters and it works perfectly as I need it, but how can I incorporate this query into my other $result before creating the table?
You can remove the offending strings when printing the table:
echo "<td>" . str_replace(array('%23', '%40', '%20"', 'q='), '', $row['query']) . "</td>";
(If you want to limit removal to only characters at the beginning of the string you can look at preg_replace)
$lst_search = array("%23", "%40", "%20", "q=");
$query = str_replace($lst_search, "", $row["query"]);
Then use $query in place of $row["query"] when creating the table.
I posted a couple days ago and I could not insert an additional record into a MySQL database I setup. I corrected the syntax, but the database will not update again. Basically, I have a couple forms in HTML that carry sessions over to the next pages until the PHP is processes on the final page to INSERT into the database. It worked twice (I have 2 records in the database now), but it won't insert any additional records. It worked fine a couple days ago. The only changes I made to anything was that I added a search feature that accesses the same database with the same user, but the connection is closed at the end of that script as well. Here is the code I am using to INSERT into the database (I know it isn't the best coding job, I'm still learning).
<?php
$con = mysql_connect("localhost","my_username","mypassword");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dgibbo1_imaging", $con);
// Here too, please mysql_real_escape_string() all parameters
mysql_query("INSERT INTO imaging (os,MAC,Model,AntiVirus,Browser,Email,Connectivity,Sound,Ports) VALUES ('".$_SESSION['imaging2']."','".$_SESSION['imaging3']."','".$_SESSION['imaging4']."','".$_SESSION['antivirus']."','".$_SESSION['browser']."','".$_SESSION['email']."','".$_SESSION['connectivity']."','".$_SESSION['sound']."','".$_SESSION['ports']."')");
OR die("Could not update: ".mysql_error());
mysql_close($con);
?>
The name of the database is imaging. The columns are setup as:
id (This is the primary key field)
os
MAC
Model
AntiVirus
Browser
Email
Connectivity
Sound
Ports
I just find it odd that it inserted records without any problems until I tried it again today. Is it possible that it has something to do with my code for the search?
The search is a simple form on another page and processes this form:
<?php
$con = mysql_connect("localhost","my_user","mypassword");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dgibbo1_imaging", $con);
// Always escape parameters injected into SQL queries
$result = mysql_query( "SELECT * FROM imaging WHERE MAC LIKE '%"
. mysql_real_escape_string ( $search, $con )
. "%'"
);
echo "<table border='1'>
<tr>
<th>MAC</th>
<th>Model</th>
<th>AntiVirus</th>
<th>Email</th>
<th>Browser</th>
<th>Connectivity</th>
<th>Sound</th>
<th>Ports</th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['MAC'] . "</td>";
echo "<td>" . $row['Model'] . "</td>";
echo "<td>" . $row['AntiVirus'] . "</td>";
echo "<td>" . $row['Email'] . "</td>";
echo "<td>" . $row['Browser'] . "</td>";
echo "<td>" . $row['Connectivity'] . "</td>";
echo "<td>" . $row['Sound'] . "</td>";
echo "<td>" . $row['Ports'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
Meanwhile, the search will pull up the 2 existing records successfully every time, but I can't add new records and I'm wondering if it has something to do with this.
Thanks for any suggestions. I know my syntax probably isn't the best, so any suggestions from this site are always appreciated.
Try creating a separate php file and hard coding the values into it. Run that and see what happens. your search form shouldnt interfere with another form.
edit any errors when using the form? any errors when inserting to another table?
I saw your post, and it all looks "right". What I'd suggest is to add some logging instead of DIE and look at what MySQL is saying about those insert statements:
$sql = "INSERT INTO imaging ....";
mysql_query($sql);
if(mysql_errno()) {
$message = mysql_error() . "\n" . $sql . "\n";
$fp = fopen('c:\mylogifle.txt', 'a');
fwrite($fp, $message);
fclose($fp);
}
AND...as everyone has mentioned, encode those strings - assuming that the SQL is actually being executed, and you "know" it works, there's a very high possibility that some punctuation in one of the values is interfering with the SQL, like an unexpected comma somewhere that confuses MySQL