In this code you can see arraying data from MySQL database and preparing them to change.
But I have a problem with a variables $_POST[$here]. How do I can insert the variable to that place. Read the code for better understanding. This code does not work. Are there some other ways. Or that is impossible to do something like this thing. If I do not use variables that changing me every or no one value. I am crying right now, that is so frustrating problem. Thanks for every answer...
while ($row = mysql_fetch_array($result) or die(mysql_error())){
$link = $row['link'];
$tittle = $row['tittle'];
$content= $row['content'];
echo "<div>";
echo "<form name='"; echo $link; echo "' method='POST' action='login.php'>";
echo "<h1>"; echo $link; echo "</h1>";
echo "<h3>"; echo $tittle; echo "</h3>";
echo "<input type='text' name='"; echo $link; echo "tittle'>";
echo "<h3>"; echo $content; echo "</h3>";
echo "<textarea name='"; echo $link; echo "content'></textarea>";
echo "<input type='submit' name='"; echo $link; echo "' value='change'>";
echo "</form>";
echo "</div>";
$var1 = $link."tittle"; $titt = $_POST[$var1];
$var2 = $link."content"; $ten = $_POST[$var2];
mysql_query("UPDATE inbox SET tittle='".$titt."', content='".$ten."' WHERE link='".$link."'");
echo $link;
}
I fixed that!!!
There is a lot of wrong with your code:
You use mysql_* functions instead of PDO
You don't escape your $_POST value exposing your website for any hacker to hack into. At least use mysql_real_escape_string(), but see point 1
You define $titt and then use $tit, which causes an error
You keep echoing instead of simply concatenating a string and then echoing that string
There's a lot to fix...
Excluding the security errors, you can try this:
while ($row = mysql_fetch_array($result) or die(mysql_error())){
$link = $row['link'];
$tittle = $row['tittle'];
$content= $row['content'];
echo "<div>";
echo "<form name='" . $link . "' method='POST'>";
echo "<h1>" . $link . "</h1>";
echo "<h3>" . $tittle . "</h3>";
echo "<input type='text' name='" . $link . "tittle'>";
echo "<h3>" . $content . "</h3>";
echo "<textarea name='" . $link . "content'></textarea>";
echo "<input type='submit' name='" . $link . "' value='change'>";
echo "</form>";
echo "</div>";
$var1 = $link."tittle";
$var2 = $link."content";
if (isset($_POST[$var1]) and isset($_POST[$var2])) {
$titt = $_POST[$var1];
$ten = $_POST[$var2];
mysql_query("UPDATE inbox SET tittle='".$titt."', content='".$ten."' WHERE link='".$link."'");
}
echo $link;
}
Related
I am working on a website whereby a load of advertisers are stored in the DB and then displayed to the user by there logo. I know storing directly in to the DB for images is not the done thing, however, I am starting out this way, to get the website running and then will refactor to move to a much more suitable approach.
Currently, I have the following PHP code:
<?php
session_start();
require_once "config.php";
// Create connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "SELECT * FROM advertisers";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<table>";
echo "<tr>";
echo "<th>id</th>";
echo "<th>advertiser_Name</th>";
echo "<th>advertiser_URL</th>";
echo "<th>advertiser_Category</th>";
echo "<th>advertiser_logo</th>";
echo "</tr>";
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['advertiser_id'] . "</td>";
echo "<td>" . $row['advertiser_Name'] . "</td>";
echo "<td>" . $row['advertiser_URL'] . "</td>";
echo "<td>" . $row['advertiser_Category'] . "</td>";
echo "<td>" . $row['<img src="data:image/jpeg;base64,'.base64_encode($row['advertiser_logo']).'"/>'] . "</td>";
echo "</tr>";
}
echo "</table>";
// Free result set
mysqli_free_result($result);
} else{
echo "No records matching your query were found.";
}
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
However, the images are displayed when called from the DB but they are displayed in the warning message rather than in the table?
<?php
session_start();
require_once "config.php";
// Create connection
if ($link === false)
{
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "SELECT * FROM advertisers";
if ($result = mysqli_query($link, $sql))
{
if (mysqli_num_rows($result) > 0)
{
echo "<table>";
echo "<tr>";
echo "<th>id</th>";
echo "<th>advertiser_Name</th>";
echo "<th>advertiser_URL</th>";
echo "<th>advertiser_Category</th>";
echo "<th>advertiser_logo</th>";
echo "</tr>";
while ($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['advertiser_id'] . "</td>";
echo "<td>" . $row['advertiser_Name'] . "</td>";
echo "<td>" . $row['advertiser_URL'] . "</td>";
echo "<td>" . $row['advertiser_Category'] . "</td>";
echo "<td><img src='data:image/jpeg;base64," . base64_encode($row['advertiser_logo']) . "'/></td>";
echo "</tr>";
}
echo "</table>";
// Free result set
mysqli_free_result($result);
}
else
{
echo "No records matching your query were found.";
}
}
else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
The fact that is showing the image in the warning is because you're using a tag with the source as an array key which is not correct.
The array keys, so what is inside the square bracket, is the reference to the array position. If you're familiar with C for example is the 0, 1, ecc.. and not the value itself.
Yes as #NigelRen mentioned this row $row['<img src="data:image/jpeg; looks very bad.
I think you should use:
echo "<td><img src='data:image/jpeg;base64," . base64_encode($row['advertiser_logo']) . "'/></td>";
Ive included a block of code below detailling how im placing sections of data from a table in my database in their own divs. However, im new to PHP and cant find out how to also output the "cup_id" from the database into their respective divs here: echo $cup["cup_name"] . "<br />"; Thanks for all the help in advance!
So in short how do i get this to work: echo $cup["cup_id", "cup_name"] . "<br />";
<?php
require_once("action/dbcon.php"); // Get the database connection
$get_cup = "SELECT * FROM cups";
$show_cup = mysqli_query($conn, $get_cup);
if (!$show_cup) {
echo "Could not load cup. " . "(" . mysqli_error($conn) . ")";
}
while ($cup = mysqli_fetch_assoc($show_cup)) {
echo '<div class="cup-info">';
echo $cup["cup_name"] . "<br />";
echo '</div>';
}
?>
Do you want to concatenate strings? use the dot operator:
echo $cup["cup_id"] . $cup["cup_name"];
And if you want to print it in another div, make this:
echo '<div class="cup-info">';
echo $cup["cup_id"] . "<br />";
echo '</div>';
echo '<div class="cup-info">';
echo $cup["cup_name"] . "<br />";
echo '</div>';
if you want the name and id to be in the same raw then you can follow this method
<?php
require_once("action/dbcon.php"); // Get the database connection
$get_cup = "SELECT * FROM cups";
$show_cup = mysqli_query($conn, $get_cup);
if (!$show_cup) {
echo "Could not load cup. " . "(" . mysqli_error($conn) . ")";
}
while ($cup = mysqli_fetch_assoc($show_cup)) {
echo '<div class="cup-info">';
echo $cup["cup_id"] . $cup["cup_name"]."<br />";
echo '</div>';
}
?>
if you want the name and id to be in different raw then you can follow this method
<?php
require_once("action/dbcon.php"); // Get the database connection
$get_cup = "SELECT * FROM cups";
$show_cup = mysqli_query($conn, $get_cup);
if (!$show_cup) {
echo "Could not load cup. " . "(" . mysqli_error($conn) . ")";
}
while ($cup = mysqli_fetch_assoc($show_cup)) {
echo '<div class="cup-info">';
echo $cup["cup_id"]."<br />";
echo '</div>';
echo '<div class="cup-info">';
echo $cup["cup_name"]."<br />";
echo '</div>';
}
?>
I am stuck on a script and need another pair of eyes to see if I am missing something. The script is for a bookshop. When a student number is in-putted and searched for the student is displayed with the books that he is suppose to get for each subject. The student, course and book data comes from a MySQL database.
This is all done with this script:
<?php
if (isset($_POST['submit'])){
$btnClick = $_POST['submit'];
switch($btnClick){
case "Logout" :
session_destroy();
header("location:index.php");
break;
case "Search" :
$Validate = $_POST['txtStud'] ;
$StudNr = ValidateTxt($Validate);
$showStud = findStud($StudNr);
$cid = $showStud[4];
$showBooks = findBooks($cid);
echo "<form action='issue_book.php' method='post'>";;
echo "<table class='table3'>";
echo "<tr>";
echo "<td>" . $showStud[0] . " " . $showStud[1] . " " . $showStud[2] ."</td>";
echo "</tr>";
echo "<tr><td></td><td>" . $showStud[3] . "</td></tr>";
$array_count = count($showBooks);
$num = 0;
while ($num != $array_count) {
$bookNum = $showBooks[$num]['bid'];
echo $bookNum . "<br>";
echo "<tr><td>" . $showBooks[$num]['bid'] . "</td>" . "<td>" . $showBooks[$num]['bname'] . "</td>" ;
echo "<td><input type='checkbox' name='booknum[]' value='<?php echo $bookNum; ?>'></td></tr>";
$num++;
}
echo "</table>";
echo "<br>";
echo "<table class = 'table3'>";
echo "<tr><td></td><td><input type='submit' name='submit' value='Issue'></td>
<td><input type='submit' name='submit' value='Clear'></td></tr>";
echo "</form>";
break;
case "Issue":
$mybooks = $_POST['booknum'];
$h = count($mybooks);
echo $h . "<br>";
print_r ($mybooks);
break;
}
}
?>
At the bottom of the dynamic created data there is 2 buttons. When I click on the Issue button I am presented with this data.
This comes from the code as it is in the script at this moment. I want to send the data from here to the database.
Array ( [0] => [1] => [2] => )
An empty array?? Not sure what happened to the names that I assigned each check box??
I tried to adapt my script according to this forum post Check box link
I am not sure where I am missing something.
This is because you have a syntax error here
echo "<td><input type='checkbox' name='booknum[]' value='<?php echo $bookNum; ?>'></td></tr>";
^php tags are opened ^
You are already printing your table inside php tags, you cannot open other tags
value='<?php echo $bookNum; ?>
This is why your array's values are empty but keys exists. You just need to concatenate
echo "<td><input type='checkbox' name='booknum[]' value='".$bookNum."'></td></tr>";
I currently have 2 different sections for this program, the first half takes the users input from a web page and then transfers it over onto a PHP side which will access MySQL and display the requested information.
Example: If I enter AX12 for the ID it will display information for that ID which does infact exist, but if I enter AX13 (which doesn't) it will display blank information, so I'm wondering if someone can show me how I can validate this once the information has been transferred over onto the PHP side. So if it detects that the information you've submitted does not exist simply display a message saying "ID DOES NOT EXIST" or something along those lines.
Here's the code for the PHP side if you need it for more information.
<?php
$part_number = $_GET['txtInput'];
$part_description;
$units_on_hand;
$item_class;
$warehouse_number;
$unit_price;
$query;
$result_set;
$connection;
$record;
echo "<html>";
echo "<head>";
echo "<title>SQL Application</title>";
echo "<style type = 'text/css'>body{text-align: center; background-color: #CC3333; color: #660000; font-size: 30;}</style>";
echo "</head>";
echo "<body>";
echo "<center><h1>SQL Application</h1></center>";
echo "<br />";
echo "<br />";
echo "<br />";
$connection = #mysql_connect("localhost","m_stanicic","")
or die ("\n\n PROBLEM CONNECTING TO DATABASE! \n" . mysql_error() . "\n\n");
mysql_select_db("m_stanicicdb");
$query = "select * from part where part_number = '" . $part_number . "'";
$result_set = mysql_query($query)
or die ("\n\n PROBLEM WITH QUERY! . \n" . mysql_error() . "\n\n");
$record = mysql_fetch_assoc($result_set);
if($part_number == "")
{
//
}
else
{
$part_description = $record['part_description'];
$units_on_hand = $record['units_on_hand'];
$item_class = $record['item_class'];
$warehouse_number = $record['warehouse_number'];
$unit_price = $record['unit_price'];
echo "<center>";
echo "<table border='1' width=400 style ='table-layout:fixed' cellpadding='5' cellspacing='0'>";
echo "<col width = 200>";
echo "<col width = 200>";
echo "<tr>";
echo "<th colspan='2'>DETAILS OF THE PART YOU REQUESTED</th>";
echo "</tr>";
echo "<tr>";
echo "<td>part_description</td>";
echo "<td>" . $part_description . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>units_on_hand</td>";
echo "<td>" . $units_on_hand . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>item_class</td>";
echo "<td>" . $item_class . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>warehouse_number</td>";
echo "<td>" . $warehouse_number . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>unit_price</td>";
echo "<td>$" . $unit_price . "</td>";
echo "</tr>";
echo "</table>";
echo "</center>";
mysql_close($connection);
}
echo "<br />";
echo "<br />";
echo "<br />";
echo "<input type = 'button' value = 'RETURN' style = 'width: 75px; height: 75px;' onclick = \"javascript:window.location.href = 'jdpset1_4.html'\">";
echo "</body>";
echo "</html>";
You aren't validating anywhere that the result did return any data at all. Right after your call to mysql_query(), you should use mysql_num_rows() to see how many rows were returned by your query -- if mysql_num_rows($result_set) is zero, your query returned no data.
Notice how $part_number is never modified by mysql_query(), mysql_fetch_array() or any of those functions; so it will never be empty unless it started as such (rendering your current if almost useless).
You can check the output of your query $record...
if (count($record)==0) {
echo "the ID you entered does not exist! Try again...";
} else {
// code to output the part's details...
}
put the if (count... part instead of ...
if($part_number == "")
from your code i notice 2 things
$query = "select * from part where part_number = '" . $part_number . "'";
as your part number is a string, i recommend you to use LIKE not =
$query = "select * from part where part_number LIKE '" . $part_number . "'";
another is inspect your record is returning in multidimensional array like
$record = Array([0]=>array('part_description'=>A123...)).
then you must assign like so
$part_description = $record[0]['part_description'];
i hope it helps you
Hey guys, first time using stackoverflow.
can you guys help me debug?
Heres the problem, this query is selecting all of the rows from my database, its only outputting the first one twice for some reason.
$top10_query = "SELECT * FROM kicks";
$result = mysqli_query($cxn, $top10_query) or die("Couldn't execute query.");
$row = mysqli_fetch_assoc($result);
$rating = $row['rating'];
$description = $row['description'];
$completed = $row['completed'];
$userid = $row['userid'];
$posted = $row['posted'];
while($row = mysqli_fetch_assoc($result)) {
echo "<tr>";
echo "<td class='rating'>" . $rating . "</td>";
echo "<td class='description'>" . $description . " </td>";
echo "<td class='completed_" . $completed . "'>" . $completed . "</td>";
echo "<td class='author'>";
echo "Posted by: <a href='profile?userid=" . $userid . "'>" . $userid . "</a><br />";
echo "on "; echo $posted;
echo "</td>";
echo "</tr>";
}
You are looping over the rowset, but never retrieving its value more than once. You pulled all of the values out of the first row, and cached them here:
$rating = $row['rating'];
$description = $row['description'];
$completed = $row['completed'];
$userid = $row['userid'];
$posted = $row['posted'];
Move this code into the loop, and remove the first fetch.
You need to update $rating, $description, etc. within the while loop:
<?php
$top10_query = "SELECT * FROM kicks";
$result = mysqli_query($cxn, $top10_query) or die("Couldn't execute query.");
while($row = mysqli_fetch_assoc($result)) {
$rating = $row['rating'];
$description = $row['description'];
$completed = $row['completed'];
$userid = $row['userid'];
$posted = $row['posted'];
echo "<tr>";
echo "<td class='rating'>" . $rating . "</td>";
echo "<td class='description'>" . $description . " </td>";
echo "<td class='completed_" . $completed . "'>" . $completed . "</td>";
echo "<td class='author'>";
echo "Posted by: <a href='profile?userid=" . $userid . "'>" . $userid . "</a><br />";
echo "on "; echo $posted;
echo "</td>";
echo "</tr>";
}
?>
Or, of course, you can inline $rating, etc., writing $row['rating'] instead.
Note: you probably want to run your variables through htmlspecialchars before inserting them into HTML. Otherwise, a description like <script>alert('hacked');</script> could execute a script, opening yourself up to XSS attacks.
You can also use extract. I do not recommend you do this, however, as it may cause problems and confusion for other developers:
<?php
$top10_query = "SELECT * FROM kicks";
$result = mysqli_query($cxn, $top10_query) or die("Couldn't execute query.");
while($row = mysqli_fetch_assoc($result)) {
extract($row);
echo "<tr>";
echo "<td class='rating'>" . $rating . "</td>";
echo "<td class='description'>" . $description . " </td>";
echo "<td class='completed_" . $completed . "'>" . $completed . "</td>";
echo "<td class='author'>";
echo "Posted by: <a href='profile?userid=" . $userid . "'>" . $userid . "</a><br />";
echo "on "; echo $posted;
echo "</td>";
echo "</tr>";
}
?>
The variables $rating etc are not "binded" to the expressions $row['rating'] etc. Once set, They will forever take these values unless you modify them again.
See PHP: Assignment Operators for detail.
Try to rewrite them as:
$top10_query = "SELECT * FROM kicks";
$result = mysqli_query($cxn, $top10_query) or die("Couldn't execute query.");
while($row = mysqli_fetch_assoc($result)) {
$rating = $row['rating']; // <-- use the new value every time a row is fetched.
$description = $row['description'];
$completed = $row['completed'];
$userid = $row['userid'];
$posted = $row['posted'];
echo "<tr>";
echo "<td class='rating'>" . $rating . "</td>";
echo "<td class='description'>" . $description . " </td>";
echo "<td class='completed_" . $completed . "'>" . $completed . "</td>";
echo "<td class='author'>";
echo "Posted by: <a href='profile?userid=" . $userid . "'>" . $userid . "</a><br />";
echo "on "; echo $posted;
echo "</td>";
echo "</tr>";
}