i have a troubles with my code.
I have html table in index.php (php, mysql)..this:
<?php
require ('../../inc/config.inc.php');
require ('../../inc/ini.php');
mysql_set_charset('utf8');
$sql = "SELECT * FROM {$cfg['tbl_dily']}";
$result = mysql_query($sql)or die(mysql_error());
echo "<table class=\"vypis\">";
echo "<h1 id=\"vypis\">Nabídka náhradních dílů</h1>\n";
$i = 0; //defaultní hodnota pro obarvení řádku
//start cyklu pro výpis z tbl_dily
while ($row = mysql_fetch_array($result)){
//přístup ke sloupcum tbl_dily
$part_id =$row['part_id'];
$img150 =$row['img150'];
$nazevdilu =$row['nazev'];
$vyrobce =$row['vyrobce'];
$model =$row['model'];
$cena =$row['cena'];
//start --- coloring every 2nd row of table
$i=1-$i;
$trclass="radek".$i;
//end --- coloring every 2nd row of table
echo "<tr class=\"".$trclass."\">\n";
if($img150 == null){ // podmínka pro existenci fotografie produktu
echo "<td class=\"img150\"> <img class=\"obrazek\" src=\"fotoneni.gif\"/> </td>\n";
}
else {
echo "<td class=\"img150\"> <img class=\"obrazek\" src=\"".$img150."\"/> </td>\n";
}
echo "<td class=\"nazevdilu\">".$nazevdilu."</td>\n";
echo "<td class=\"modely\">".$vyrobce." ".$model."</td>\n";
if($cena == 0){ //podmínka pro existenci přesné ceny produktu nebo "dohodou"
echo "<td class=\"cena\">dohodou</td>\n";
}
else{
echo "<td class=\"cena\">".$cena." Kč"."</td>\n";
}
echo "</tr>\n";
}
//konec cyklu pro výpis z tbl_dily
echo "</table>\n";
?>
So I have linked out part_id with no problems. Problems shows when I want to see detail of some product. My detail.php looks like this now:
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="cs" lang="cs">
<head>
<?php
require ('../../inc/config.inc.php');
require ('../../inc/ini.php');
mysql_set_charset('utf8');
$part_id=$_GET['part_id'];
$data = mysql_query("SELECT * FROM {$cfg['tbl_dily']} WHERE part_id='$part_id'") or die(mysql_error());
while ($detail = mysql_fetch_array($data)){
$id =$detail['part_id'];
}
?>
<title><?php $id; ?></title>
</head>
<body>
<div class="detail">
<span id="detail_id">Výpis nabídky id <?php $id; ?></span>
<div class="detail_foto">
</div>
<div class="detail_info">
</div>
</div>
</body>
</html>
I need to help at least with getting part_id number in page title of detail.php. I dont understand so much how $_GET works..I hope you somebody show me how-to..
THANKS for helping me out:))
Your explanation is not terribly nice. You should maybe edit the Question and explain where the problem is at. But for now, let me just explain '$_GET'
'$_GET' is a way to deliver Data from one PHP Script to another. You can find them in almost every Formular. As you can see in the Code below, there is a simple way that sends Data to an "action.php" - the attribute "method" is for telling the formular what you want to do. You should maybe take a look at both options because GET displays the data you want to deliver in the link. Your user could start manipulating that which would be a very unsafe thing in your case because you work with mysql-Databases. Also you should take a look at Mysql String escaping.
Back to the topic: The HTML below would redirect $_GET['name'] AND $_GET['age'] to the action.php where you can work with those.
<form action="action.php" method="get">
<p>Your ame: <input type="text" name="name" /></p>
<p>Your age: <input type="text" name="age" /></p>
<p><input type="submit" /></p>
</form>
Related
I've changed the code following people advices but my delete button doesn't work. The empID is a VARCHAR, not an INT
The way i wanted it to be done when i search a string of letters i would get a list of employees containing that string, then choose some checkboxes and when button is pressed they'd get deleted from the DB and the list of not chosen would still stay on that page.
Thanks in advance for any help!!!
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<title>Delete Record</title>
<link rel="stylesheet" href="style1.css" />
<style>dialog{margin-left:100px}
select { font-size:24px;}</style>
</head>
<body>
<div class="header">
<h2>List of the employees with the name entered</h2>
</div>
<form name="action_form" action="" method="post" />
<div class="input-group">
<input type="text" name="name" placeholder="Employee name" />
</div>
<button type="submit" class="btn" name="submit">SEARCH</button>
<?php
require('db.php');
$errors = array();
if(isset($_POST["name"])&&!empty($_POST["name"]))
{
$name=$_POST['name'];
$sqlResult=mysqli_query($con, "SELECT * FROM Employee WHERE empName LIKE '%$name%'");
if (mysqli_num_rows($sqlResult) > 0)
{
echo "<table>";
while($row=mysqli_fetch_assoc($sqlResult))
{
echo "<tr>";
echo "<td>"; ?><input type= 'checkbox' name='num[]' value='<?php echo $row['empID'] ?>'/><?php echo "</td>";
echo "<td>".$row['empID']."</td>";
echo "<td>".$row['empName']."</td>";
echo "<td>".$row['deptNo']."</td>";
echo "<td>".$row['addCounty']."</td>";
echo "<td>".$row['salary']."</td>";
echo "</tr>";
}
echo "</table>";
}
if(isset($_POST['delete'])&&(!empty($_POST['num'])))
{
$list = array();
$list = $_REQUEST['num'];
foreach($list as $delID)
{
$sqlResult = mysqli_query($con,"DELETE FROM employee WHERE empID LIKE '$delID'");
}
}
}
?>
<div class="input-group">
<label>Please choose the person from the list below</label>
</div>
<div class="input-group">
<button type="submit" class="btn" name="delete">FIRE SELECTED</button><br><br>
<button type="reset" class="btn" name="reset">RESET</button><br><br>
Back to the Menu
</div>
</form>
</body>
</html>
Try this :
if(isset($_POST["name"])&&!empty($_POST["name"]))
{
$name=$_POST['name'];
$sqlResult=mysqli_query($con, "SELECT * FROM Employee WHERE empName
LIKE '%$name%'")
}
The reason for the error (Undefined variable $name) is because you are only setting $name in your "if" statement when $_POST['name'] is set, but you are running the line:
$sqlResult = mysqli_query($con, "SELECT * FROM Employee WHERE empName LIKE '%$name%'");
every time the page is loaded. Because you have used $name in the SQL string, but it isn't always declared, you get the error.
I'm finding your code a little hard to read, but I think you probably just want to put the mysqli_query() line inside the "if" statement.
if(isset($_POST['name'] && !empty($_POST['name'])) {
$name = $_POST['name'];
$sqlResult = mysqli_query($con, "SELECT * FROM Employee WHERE empName LIKE '%$name%'");
}
Looks like you should wrap the $delId in "%"
So your delete query should look like this:
$sqlResult = mysqli_query($con,"DELETE FROM employee WHERE empID LIKE '%$delID%'")
Also bear in mind that the like statement will delete any row where the id is like any other id. You might consider changing this to:
$sqlResult = mysqli_query($con,"DELETE FROM employee WHERE empID = '$delID' ")
Another thing to keep in mind is that you should consider using parameterized queries to prevent sql injection. Read thise for more details:
What is parameterized query?
Main objective for this post is to open up a can of worms. I would like to get some advise on what is the best way/ most efficient way to search a phpmyadmin database.
I am just starting to learn PHP. Main goal is to be able to write my own search databases as that has always interested me. I played around with some code to build a basic search database and have it working now.
Below is the code I used. I would guess as it is my first attempt at this I am going about it the wrong way. Assuming this was a large database, how could I make this more efficient? Am I going about it the wrong way using PHP? Is there a better way to do this?
The goal is to have searchable database where the user has multiple options to query to help refine the results.
<html>
<head>
<title> test Search </title>
<style type="text/css">
table {
background-color: #ffffff;
}
th {
width: 200px;
text-align: left;
}
</style>
</head>
<body>
<h1> test Search</h1>
<form method="post" action="index.php">
<input type="hidden" name="submitted" value="true"/>
<label>Colour 1: <input type="text" name="criteria" /></label>
<label>Colour 2: <input type="text" name="criteria2" /></label>
<label>PostCode: <input type="text" name="criteria3" /></label>
<label>Suburb: <input type="text" name="criteria4" /></label>
<label>State: <input type="text" name="criteria5" /></label>
<input type="submit" />
</form>
<?php
if (isset($_POST['submitted'])) {
// connect to the database
include('connect.php');
//echo "connected " ;
$criteria = $_POST['criteria'];
$criteria2 = $_POST['criteria2'];
$criteria3 = $_POST['criteria3'];
$criteria4 = $_POST['criteria4'];
$criteria5 = $_POST['criteria5'];
$query = "SELECT * FROM `Mainlist` WHERE (`Colour1`like '%$criteria%') and (`Colour2`like '%$criteria2%')
and (`PostCode`like '%$criteria3%') and (`Suburb`like '%$criteria4%') and (`State`like '%$criteria5%')
LIMIT 0,10";
$result = mysqli_query($dbcon, $query) or die(' but there was an error getting data');
echo "<table>";
echo "<tr> <th>School</th> <th>State</th> <th>Suburb</th> <th>PostCode</th> <th>Logo</th> <th>Uniform</th></tr>";
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)) {
echo "<tr><td>";
echo $row['School'];
echo "</td><td>";
echo $row['State'];
echo "</td><td>";
echo $row['Suburb'];
echo "</td><td>";
echo $row['PostCode'];
echo "</td><td><img src=\"data:image/jpeg;base64,";
echo base64_encode($row['Logo']);
echo "\" /></td></td>";
echo "</td><td><img src=\"data:image/jpeg;base64,";
echo base64_encode($row['Uniform']);
echo "\" /></td></td>";
}
echo "</table>";
}// end of main if statment
?>
</body>
</html>
<!doctype html>
<html>
<head>
<title>Main Page</title>
</head>
<?php
session_start();
?>
<form action="new_question.php" method="post">
<input type="hidden" name="sid" value="<?php echo $_SESSION['username']?>">
<input type="submit" value="New Question">
</form>
<?php
include ("connection.php");
$result = mysqli_query($con,"SELECT * FROM question_table");
while($row = mysqli_fetch_array($result))
{
echo "" . $row['question'] . $row['q_id'] . "";
echo "<br>";
}
?>
<body>
</body>
</html>
I have 5 question in my database each with a id. this page prints them as a link in loop. upon clicking any of the link it goes to "question.php" file. there i want to echo the question from the database that was clicked previously. the problem is in "question.php" file how do i find out which link was clicked among thus 5. should i send a parameter along with the link? how the parameter will change in each loop? how do i do it in this page? if i do send a parameter with the link how do i receive it in the "question.php" file?
Echo the id as a parameter on the anchor. We can also remove the id from the anchor text since it's not needed there anymore.
while($row = mysqli_fetch_array($result))
{
echo '' . $row['question'] . '<br>';
}
And then in question.php do $_GET['id']
guys. When I type anything on cyrillic like: Цветана Пиронкова, and click submit (into the table), it is showing it (and saving it in the mysql table), like that: Цветана Пиронкова
And I don't have any ideas how to fix it. I think that the problem comes from htmlspecialchars, but I don't know. Here is my index file:
<?php // connect to the database
include('connect-db.php');
// get results from database
$result = mysql_query("SELECT * FROM players")
or die(mysql_error());
mysql_query("SET NAMES UTF8");
// display data in table
echo "<p><b>View All</b></p>";
echo "<table class=\"table table-bordered table-hover\" border='1' cellpadding='10'>";
echo "<tr> <th>ID</th> <th>Mqsto</th> <th>Ime</th> <th>Tochki</th> <th></th> <th></th></tr>";
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $result )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['id'] . '</td>';
echo '<td>' . $row['mqsto'] . '</td>';
echo '<td>' . $row['ime'] . '</td>';
echo '<td>' . $row['tochki'] . '</td>';
echo '<td>Edit</td>';
echo '<td>Delete</td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
<p>Add a new record</p><br><br>
Here is my new.php file:
<?php
/*
NEW.PHP
Allows user to create a new entry in the database
*/
// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($mqsto, $ime, $tochki, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<div>
<strong>Mqsto: *</strong> <input type="text" name="mqsto" value="<?php echo $mqsto; ?>" /><br/>
<strong>Ime: *</strong> <input type="text" name="ime" value="<?php echo $ime; ?>" /><br/>
<strong>Tochki: *</strong> <input type="text" name="tochki" value="<?php echo $tochki; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include('connect-db.php');
mysql_query("SET NAMES UTF8");
// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$mqsto = mysql_real_escape_string(htmlspecialchars($_POST['mqsto']));
$ime = mysql_real_escape_string(htmlspecialchars($_POST['ime']));
$tochki = mysql_real_escape_string(htmlspecialchars($_POST['tochki']));
// check to make sure both fields are entered
if ($mqsto == '' || $ime == '' || $tochki == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
// if either field is blank, display the form again
renderForm($mqsto, $ime, $tochki, $error);
}
else
{
// save the data to the database
mysql_query("INSERT players SET mqsto='$mqsto', ime='$ime', tochki='$tochki'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: ranglista.php");
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('','','','');
}
?>
Have you setted the database charset to UTF-8 and used this inside your html?
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
Remember also that UTF-8 cyrillic inside database takes 2 byte, so pay attention when you set varchar or similar size (if you want to display 3000 character you should set a size of 6000)
Add to the top of your new.php file
echo "<meta http-equiv='Content-Type' content='text/html; charset=UTF-8' />";
I have three files; index.php, searchbar.php and search.php
now when i have search.php show its results on its own page its fine but when i try to include the search page in index.php i get nothing.
so i include the searchbox.php in index.php so i have a search bar, i then search for something and include the search.php page by using the $_GET['p'] on the index.php but the search always come up blank, if i just leave search.php as its own page and dont try to include it then i get my results but id like for them to be included on the page they were searched from.
index.php
<?php
if (isset($_GET['p']) && $_GET['p'] != "") {
$p = $_GET['p'];
if (file_exists('include/'.$p.'.php')) {
#include ('include/'.$p.'.php');
} elseif (!file_exists('include/'.$p.'.php')) {
echo 'Page you are requesting doesn´t exist<br><br>';
}
} else {
#include ('news.php');
}
?>
searchbox.php
<div id="searchwrapper"><form action="?p=search" method="get">
<input type="text" class="searchbox" name="query" value="" id="query"/>
<input type="image" src="search.png" class="searchbox_submit" value="" ALT="Submit Form" id="submit"/>
</form>
</div>
search.php
<?php
include 'connect.php';
$searchTerms = $_GET['query'];
$query = mysql_query("SELECT * FROM misc WHERE itemname LIKE '%$searchTerms%' ORDER BY itemname ");
{
echo "<table border='1' cellpadding='2' cellspacing='0' width=608 id='misc' class='tablesorter'><thead>";
echo "<tr> <th> </th> <th>Item Name</th> <th>Desc.</th></tr></thead><tbody>";
// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $query )) {
// Print out the contents of each row into a table
echo "<tr><td width=50>";
echo $row['image'];
echo "</td><td width=150>";
echo $row['itemname'];
echo "</td><td width=250>";
echo $row['desc'];
echo "</td></tr>";
}
echo "</tbody></table>";;
}
if (mysql_num_rows($query) == 0)
{
echo 'No Results';
}
?>
When I reproduced your code, the "p=search" wasn't carrying over. The better way to set it up is to have the action just go to your index.php file and have a hidden input with:
<input type="hidden" name="p" value="search" />
That will work properly for you!
A blank page almost always means you have whitespace after your closing ?>. Remove the closing ?> in index.php and search.php - this will force the preprocessor to dynamically determine EOF, which is exactly what you want (and what nearly every PHP framework/company includes within their coding standards).