I am listing the users who have registered in users table. But i want to hide name 'SuperAdmin' in name column.
My query is like this
$sql = "SELECT u.rowid, u.name, u.firstname, u.email, u.job, u.signature, u.office_phone, u.office_fax, u.user_mobile,";
$sql.= " u.admin, u.login, u.webcal_login, u.phenix_login, u.phenix_pass, u.note,";
$sql.= " u.pass, u.pass_crypted, u.pass_temp,";
$sql.= " u.fk_societe, u.fk_socpeople, u.fk_member, u.ldap_sid,";
$sql.= " u.statut, u.lang, u.entity,";
$sql.= " u.datec as datec,";
$sql.= " u.tms as datem,";
$sql.= " u.datelastlogin as datel,";
$sql.= " u.datepreviouslogin as datep,";
$sql.= " u.photo as photo,";
$sql.= " u.openid as openid,";
$sql.= " u.ref_int, u.ref_ext";
$sql.= " FROM ".MAIN_DB_PREFIX."user as u";
if (! empty($conf->multicompany->enabled) && ! empty($conf->multicompany->transverse_mode))
{
$sql.= " WHERE u.entity IS NOT NULL";
}
else
{
$sql.= " WHERE u.entity IN (0,".$conf->entity.")";
}
if ($sid) // permet une recherche du user par son SID ActiveDirectory ou Samba
{
$sql.= " AND (u.ldap_sid = '".$sid."' OR u.login = '".$this->db->escape($login)."') LIMIT 1";
}
else if ($login)
{
$sql.= " AND u.login = '".$this->db->escape($login)."'";
}
else
{
$sql.= " AND u.rowid = ".$id;
}
dol_syslog(get_class($this)."::fetch sql=".$sql, LOG_DEBUG);
$result = $this->db->query($sql);
if ($result)
{
$obj = $this->db->fetch_object($result);
if ($obj)
{
$this->id = $obj->rowid;
$this->ref = $obj->rowid;
$this->ref_int = $obj->ref_int;
$this->ref_ext = $obj->ref_ext;
$this->ldap_sid = $obj->ldap_sid;
$this->nom = $obj->name; // TODO deprecated
$this->lastname = $obj->name;
$this->prenom = $obj->firstname; // TODO deprecated
$this->firstname = $obj->firstname;
$this->login = $obj->login;
$this->pass_indatabase = $obj->pass;
$this->pass_indatabase_crypted = $obj->pass_crypted;
$this->pass = $obj->pass;
$this->pass_temp = $obj->pass_temp;
$this->office_phone = $obj->office_phone;
$this->office_fax = $obj->office_fax;
$this->user_mobile = $obj->user_mobile;
$this->email = $obj->email;
$this->job = $obj->job;
$this->signature = $obj->signature;
$this->admin = $obj->admin;
$this->note = $obj->note;
$this->statut = $obj->statut;
$this->photo = $obj->photo;
$this->openid = $obj->openid;
$this->lang = $obj->lang;
$this->entity = $obj->entity;
$this->datec = $this->db->jdate($obj->datec);
$this->datem = $this->db->jdate($obj->datem);
$this->datelastlogin = $this->db->jdate($obj->datel);
$this->datepreviouslogin = $this->db->jdate($obj->datep);
$this->webcal_login = $obj->webcal_login;
$this->phenix_login = $obj->phenix_login;
$this->phenix_pass_crypted = $obj->phenix_pass;
$this->societe_id = $obj->fk_societe;
$this->contact_id = $obj->fk_socpeople;
$this->fk_member = $obj->fk_member;
if (! $this->lang) $this->lang='fr_FR';
$this->db->free($result);
is it possible to do it with UNION method, someone help me in this. I tried adding Where Distinct but it didn't work. I just want to hide the name SuperAdmin
One WHERE condition will do:
$sql .= " WHERE `u`.`name` <> 'SuperAdmin';";
This will fetch all values except when name = 'SuperAdmin';
Add this after the FROM line
$sql.= " WHERE u.name != 'SuperAdmin'";
You can add a WHERE condition at the end of your query like this
$sql .= " WHERE u.name NOT LIKE 'SuperAdmin' ";
Related
This question already has answers here:
What's difference between __construct and function with same name as class has? [duplicate]
(5 answers)
PHP7 Constructor class name
(2 answers)
Closed 7 months ago.
We need to migrate our live online store from PHP 7.x to PHP 8.x
My main XAMPP folder is running PHP 7.4.3, and I've installed the latest XAMPP (8.1.6) into another folder.
The main site seems to work fine when I run the PHP 8 instance, but the basket object doesn't seem to be starting.
I can tell as I can echo out $cartid from PHP 7 but not 8.
Have I missed a config option I need to edit, or has something changed in the way PHP 8.x handles global variables or objects?
basket.php
...
include ("sqlcart.php");
$cart = new basket;
...
sqlcart.php
class basket
{
var $items;
var $empty;
var $cartid;
var $voucher_id_set;
function basket()
{
global $cartid;
global $vat_rate;
global $voucher_id_set;
global $outmail;
global $conn;
global $_COOKIE;
global $_POST;
$voucher_id_set = 0;
$number = 0;
if (isset($_COOKIE["cart_id"])) {
$cartid = ClearString(substr($_COOKIE["cart_id"], 0, 10));
$testcartid = $cartid;
settype($testcartid, "integer");
if ($testcartid > 0) {
$strsql = "SELECT * from g_tempbasket where basket_id = '" . clearstring(substr($cartid, 0, 10)) . "'";
$result = safedb_query($strsql);
$number = mysqli_num_rows($result);
} else {
$number = 0;
}
} else {
// force cart creation
$number = 0;
}
if ($number == 0) {
$todaydate = date("Y-m-d h:i:s");
$strsql = "INSERT INTO g_tempbasket (basket_id,date) ";
$strsql .= "VALUES (NULL,'$todaydate')";
safedb_query($strsql);
$newcartid = mysqli_insert_id($conn);
if ($outmail == 1) {
setcookie("cart_id", $newcartid, time() + (24 * 3600), "", ".website.co.uk", 1);
setcookie("voucher_id", "", 0, "", ".website.co.uk", 1);
} else {
setcookie("cart_id", $newcartid, time() + (24 * 3600));
setcookie("voucher_id", "", 0);
}
$cartid = $newcartid;
}
$strsql = "SELECT t.product_id, p.descript, p.cost, t.qty ";
$strsql .= "FROM g_tempbasket AS tb, g_product AS p, g_tempitems AS t ";
$strsql .= "WHERE tb.basket_id = t.basket_id ";
$strsql .= "AND t.product_id = p.product_id ";
$strsql .= "AND tb.basket_id = " . $cartid;
$result = safedb_query($strsql);
$number = mysqli_num_rows($result);
mysqli_free_result($result);
//$this->items=$result;
if ($number != 0) {
$this->empty = false;
} else {
$this->empty = true;
}
} //function
function additem($id, $name, $addcount)
{
global $cartid;
// Get product info to add
$strsql = "SELECT descript, cost, no_vat FROM g_product ";
$strsql .= "WHERE product_id = '" . $id . "'";
$prodaddresult = safedb_query($strsql);
$prodaddrow = mysqli_fetch_assoc($prodaddresult);
$prodname = $prodaddrow["descript"];
$prodcost = $prodaddrow["cost"];
$prodnovat = $prodaddrow["no_vat"];
$strsql = "SELECT qty FROM g_tempitems ";
$strsql .= "WHERE basket_id = " . $cartid;
$strsql .= " AND product_id = '" . $id . "'";
$result = safedb_query($strsql);
$number = mysqli_num_rows($result);
$strsqls = "SELECT prod_code FROM g_ship_options ";
$strsqls .= "WHERE prod_code = '" . $id . "'";
$sresult = safedb_query($strsqls);
$snumber = mysqli_num_rows($sresult);
if ($number == 0) {
if ($id == "" || $addcount < 1) { // Basic anti-bot validation
header("Location: index.php");
exit;
}
if ($snumber != 0) { // Item is shipping - mark in basket
$strsql = "INSERT INTO g_tempitems ";
$strsql .= "(basket_id, product_id, qty, shipping, descript, cost, no_vat) ";
$strsql .= "VALUES (".$cartid.", '".$id."', ".$addcount.", 1, '".$prodname."', '".$prodcost."', '".$prodnovat."')";
} else { // Non-shipping item
$strsql = "INSERT INTO g_tempitems ";
$strsql .= "(basket_id, product_id, qty, shipping, descript, cost, no_vat) ";
$strsql .= "VALUES (".$cartid.", '".$id."', ".$addcount.", 0, '".$prodname."', '".$prodcost."', '".$prodnovat."')";
}
} else {
if ($id == "") { // Basic anti-bot validation
header("Location: index.php");
exit;
}
$currow = mysqli_fetch_assoc($result);
$current = $currow["qty"];
$new = $current + $addcount;
if ($new <= 0) {
$new = 1;
}
$strsql = "UPDATE g_tempitems ";
$strsql .= "SET qty = ".$new.", ";
$strsql .= "descript = '".$prodname."', ";
$strsql .= "cost = ".$prodcost.", ";
$strsql .= "no_vat = ".$prodnovat." ";
$strsql .= "WHERE basket_id = ".$cartid." ";
$strsql .= "AND product_id = '".$id."'";
}
mysqli_free_result($result);
safedb_query($strsql);
$this->empty = false;
}
Propably incompatible changes.
From docs:
Methods with the same name as the class are no longer interpreted as constructors. The __construct() method should be used instead.
Source: https://www.php.net/manual/en/migration80.incompatible.php
I'm trying to change this query to a query with prepared statement, but I have some problem because of conditions.
This is my basic query :
function ResponseByQuery($link,$idQuery,$Boutique=null, $agency=null){
$from_agence = "";
$req_agence = "";
$req_boutique = "";
if($Boutique!=null){
$req_boutique = " AND C.idUser ='" . $Boutique . "' ";
}
if($agency!=null){
$from_agence = ", infos_client as IRC2";
$req_agence = " AND IRC.idClient = IRC2.idClient
AND IRC2.valueInfo = '". $agency."'";
}
$sql = "SELECT distinct(C.idClient), R.indiceRequete
FROM `infos_client` as IRC, client as C, user as U, requete as R ".$from_agence."
WHERE IRC.idQuery='" . $idQuery . "'".
$req_boutique.
"AND IRC.idCl = C.idCl
AND C.idUser=U.idUser".$req_agence;
$result = mysqli_query($link,$sql) or die("Query (- $sql -) failed");
$count = mysqli_num_rows($result);
}
I changed it to this :
function ResponseByQuery($link,$idQuery,$Boutique=null, $agency=null){
$from_agence = "";
$req_agence = "";
$req_boutique = "";
if($Boutique!=null){
$req_boutique = " AND C.idUser ='" . $Boutique . "' ";
}
if($agency!=null){
$from_agence = ", infos_client as IRC2";
$req_agence = " AND IRC.idClient = IRC2.idClient
AND IRC2.valueInfo = '". $agency."'";
}
$sql = "SELECT distinct(C.idClient), R.indiceRequete
FROM `infos_client` as IRC, client as C, user as U, requete as R ".$from_agence."
WHERE IRC.idQuery =?".
$req_boutique.
"AND IRC.idCl = C.idCl
AND C.idUser=U.idUser".$req_agence;
$stmt = $link->prepare($sql);
$stmt->bind_param('i', $idQuery);
$result = $stmt->execute() or die("Query (- $sql -) failed");
$result = $stmt->get_result();
$count = mysqli_num_rows($result);
}
but I don't know how can I change conditions($req_boutique,$req_agence) to prepared statement?
You can replace the inlined variables in your $req_boutique and $req_agence conditions with placeholders, and then conditionally bind values to them:
if($Boutique!=null){
$req_boutique = " AND C.idUser = ? ";
}
if($agency!=null){
$from_agence = ", infos_client as IRC2";
$req_agence = " AND IRC.idClient = IRC2.idClient
AND IRC2.valueInfo = ? ";
}
$sql = "SELECT distinct(C.idClient), R.indiceRequete
FROM `infos_client` as IRC, client as C, user as U, requete as R ".$from_agence."
WHERE IRC.idQuery =? ".
$req_boutique.
"AND IRC.idCl = C.idCl
AND C.idUser=U.idUser".$req_agence;
$stmt = $link->prepare($sql);
$types = 'i';
$vars = [$idQuery];
if ($Boutique != null) {
$types .= 's';
$vars[] = $Boutique;
}
if ($agency!= null) {
$types .= 's';
$vars[] = $agency;
}
$stmt->bind_param($types, ...$vars);
i try to insert the data with php to mysql by checking the value if it exists then it will update if no then it will insert, but it fail i use for () what is wrong with my script?
if(isset($_POST['submit'])){
$fieldA = $_POST['fieldA'];
$fieldB = $_POST['fieldB'];
$fieldC = $_POST['fieldC'];
$fieldD = $_POST['fieldD'];
if (empty($fieldA)) {
echo 'fieldA cannot empty';
}
else
{
for ($i=1; $i<= $nomer; $i++) {
$query = mysql_query("SELECT * FROM tb1 ".
"WHERE fieldA = '$fieldA' ".
"AND fieldB = '$fieldB' ".
"AND fieldC = '$fieldC' ".
"AND fieldD = '$fieldD'");
$get1 = mysql_fetch_assoc($query);
$get2 = mysql_num_rows($query);
if ($get2 != 0) {
mysql_query("UPDATE tb1 SET kd_kelas = '2' ".
"WHERE fieldA = '$fieldA' ".
"AND fieldB = '$fieldB' ".
"AND fieldC = '$fieldC' ".
"AND fieldD = '$fieldD'");
} else {
mysql_query("INSERT INTO tb1(fieldA, fieldB, ".
"fieldC, fieldD) VALUES ".
"('$fieldA', '$fieldB', ".
"'$fieldC', '$fieldD')");
}
}
}
//re-direct
$go = "mydata.php";
redirect($go);
}
All the methods related with mysql_* is deprecated now. Use mysqli_*.
And try this snippet:
if (isset($_POST['submit']) && !empty($_POST['fieldA'])) {
$fieldA = $_POST['fieldA'];
$fieldB = $_POST['fieldB'];
$fieldC = $_POST['fieldC'];
$fieldD = $_POST['fieldD'];
for ($i = 1; $i <= $nomer; $i++) {
$sql = sprintf("SELECT * FROM tb1 WHERE fieldA = '%s' AND fieldB = '%s' AND fieldC = '%s' AND fieldD = '%s'",
$fieldA, $fieldB, $fieldC, $fieldD);
$result = mysqli_query($link, $sql);
if (mysqli_num_rows($result) > 0) {
$updateSql = sprintf("UPDATE tb1 SET kd_kelas = '2' WHERE fieldA = '%s' AND fieldB = '%s' AND fieldC = '%s' AND fieldD = '%s'",
$fieldA, $fieldB, $fieldC, $fieldD);
mysqli_query($link, $updateSql);
}
else {
$insertSql = sprintf("INSERT INTO tb1(fieldA, fieldB,fieldC, fieldD) VALUES ('%s','%s','%s','%s')", $fieldA,
$fieldB, $fieldC, $fieldD);
mysqli_query($link, $insertSql);
}
}
//re-direct
$go = "mydata.php";
redirect($go);
}
here $link is the connection string
$link = mysqli_connect('localhost', 'root', 'password', 'database');
I have search form. in here multiple field. sometimes I will form submit with one field, sometimes form submit with two and sometimes multiple field value.
if (isset($_POST['search'])) {
$projectName = $_POST['pName'];
$clientId = $_POST['s_by_clientName'];
$departmentId = $_POST['s_by_department'];
$statusName = $_POST['s_by_status'];
if (!empty($projectName))
{
$searchSql = mysql_query("select * from project_list where projectName='$projectName'");
}
if (!empty($clientId))
{
$searchSql = mysql_query("select * from project_list where client_id='$clientId'");
}
if (!empty($departmentId))
{
$searchSql = mysql_query("select * from project_list where department_id='$departmentId'");
}
if (!empty($statusName))
{
$searchSql = mysql_query("select * from project_list where status='$statusName'");
}
}
these query only for search by single field.
how to make query that performs searching by one or multiple field value
is it possible??
Use Concatenation in query Variable
$searchSql ="select * from project_list where 1=1 ";
if (isset($_POST['search'])) {
$projectName = $_POST['pName'];
$clientId = $_POST['s_by_clientName'];
$departmentId = $_POST['s_by_department'];
$statusName = $_POST['s_by_status'];
if (!empty($projectName))
{
$searchSql. = " AND projectName='$projectName'";
}
if (!empty($clientId))
{
$searchSql. = " AND client_id='$clientId'";
}
if (!empty($departmentId))
{
$searchSql. = " AND department_id='$departmentId'";
}
if (!empty($statusName))
{
$searchSql. = " AND status='$statusName'";
}
}
$result=mysql_query($searchSql);
NOTE:mysql_query() has been deprecated in PHP 5.5 and removed in PHP 7. Kindly update to use mysqli library of PDO.
You can build an increntale query
<code>
if (isset($_POST['search'])) {
$projectName = $_POST['pName'];
$clientId = $_POST['s_by_clientName'];
$departmentId = $_POST['s_by_department'];
$statusName = $_POST['s_by_status'];
$my_sql = "select * from project_list ";
$my_where = "";
if (!empty($projectName))
{
if ($my_where = ""){
$my_sql .= "where ";
} else {
$my_sql .= "and ";
}
$my_sql .= "projectName='$projectName'";
}
if (!empty($clientId))
{
if ($my_where = ""){
$my_sql .= "where ";
} else {
$my_sql .= "and ";
}
$my_sql .= "client_id='$clientId'";
}
if (!empty($departmentId))
{
if ($my_where = ""){
$my_sql .= "where ";
} else {
$my_sql .= "and ";
}
$my_sql .= "department_id='$departmentId'";
}
if (!empty($statusName))
{
if ($my_where = ""){
$my_sql .= "where ";
} else {
$my_sql .= "and ";
}
$my_sql .= "status='$statusName'";
}
}
Here I used column id as primary key & auto-increment. Change it as per your column name.
$query = "SELECT * FROM project_list WHERE id is not null";
Code
<?
if (isset($_POST['search'])) {
$projectName = $_POST['pName'];
$clientId = $_POST['s_by_clientName'];
$departmentId = $_POST['s_by_department'];
$statusName = $_POST['s_by_status'];
// Here I used coloumn 'id' as primary key & auto-increment. Change it as per your column name.
$query = "SELECT * FROM project_list WHERE id is not null"
if (!empty($projectName))
{
$query. = " AND projectName='".$projectName."'";
}
if (!empty($clientId))
{
$query. = " AND client_id='".$clientId."'";
}
if (!empty($departmentId))
{
$query. = " AND department_id='".$departmentId."'";
}
if (!empty($statusName))
{
$query. = " AND project_list='".$statusName."'";
}
$searchSql = mysql_query($query);
}
I'm attempting the modify this Modx Snippet so that it will accept multiple values being returned from the db instead of the default one.
tvTags, by default, was only meant to be set to one variable. I modified it a bit so that it's exploded into a list of variables. I'd like to query the database for each of these variables and return the tags associated with each. However, I'm having difficulty as I'm fairly new to SQL and PHP.
I plugged in $region and it works, but I'm not really sure how to add in more WHERE clauses for the $countries variable.
Thanks for your help!
if (!function_exists('getTags')) {
function getTags($cIDs, $tvTags, $days) {
global $modx, $parent;
$docTags = array ();
$baspath= $modx->config["base_path"] . "manager/includes";
include_once $baspath . "/tmplvars.format.inc.php";
include_once $baspath . "/tmplvars.commands.inc.php";
if ($days > 0) {
$pub_date = mktime() - $days*24*60*60;
} else {
$pub_date = 0;
}
list($region, $countries) = explode(",", $tvTags);
$tb1 = $modx->getFullTableName("site_tmplvar_contentvalues");
$tb2 = $modx->getFullTableName("site_tmplvars");
$tb_content = $modx->getFullTableName("site_content");
$query = "SELECT stv.name,stc.tmplvarid,stc.contentid,stv.type,stv.display,stv.display_params,stc.value";
$query .= " FROM ".$tb1." stc LEFT JOIN ".$tb2." stv ON stv.id=stc.tmplvarid ";
$query .= " LEFT JOIN $tb_content tb_content ON stc.contentid=tb_content.id ";
$query .= " WHERE stv.name='".$region."' AND stc.contentid IN (".implode($cIDs,",").") ";
$query .= " AND tb_content.pub_date >= '$pub_date' ";
$query .= " AND tb_content.published = 1 ";
$query .= " ORDER BY stc.contentid ASC;";
$rs = $modx->db->query($query);
$tot = $modx->db->getRecordCount($rs);
$resourceArray = array();
for($i=0;$i<$tot;$i++) {
$row = #$modx->fetchRow($rs);
$docTags[$row['contentid']]['tags'] = getTVDisplayFormat($row['name'], $row['value'], $row['display'], $row['display_params'], $row['type'],$row['contentid']);
}
if ($tot != count($cIDs)) {
$query = "SELECT name,type,display,display_params,default_text";
$query .= " FROM $tb2";
$query .= " WHERE name='".$region."' LIMIT 1";
$rs = $modx->db->query($query);
$row = #$modx->fetchRow($rs);
$defaultOutput = getTVDisplayFormat($row['name'], $row['default_text'], $row['display'], $row['display_params'], $row['type'],$row['contentid']);
foreach ($cIDs as $id) {
if (!isset($docTags[$id]['tags'])) {
$docTags[$id]['tags'] = $defaultOutput;
}
}
}
return $docTags;
}
}
You don't add in more WHERE clauses, you use ANDs and ORs in the already existing where clause. I would say after the line $query .= " WHERE stv.name = '".$region... you put in
foreach ($countries as $country)
{
$query .= "OR stv.name = '{$country}', ";
}
but I don't know how you want the query to work.