I would like to ask something here.
now I make form that insert data into table.
this table kemaskini that already have
+------+----------+----------+
| no | Item | kuantiti |
+------+----------+----------+
| 1 | Speaker | 10 |
+------+----------+----------+
| 2 | Laptop | 10 |
+------+----------+----------+
| 3 | Mouse | 10 |
+------+----------+----------+
when I type "Speaker" in form then I submit it.
it trace and say try again. it because already have.
coding that I write here. it only trace row 1 of table kemaskini.
when I type "Laptop" in form then I submit it.
it insert normally.
i more thing how I can trace "Speaker" and "speaker" are same.
if (isset($_POST['submit']))
{
$result = mysql_query("SELECT Item FROM kemaskini");
$test = mysql_fetch_array($result);
$trace=$test['Item'];
if($_POST['Item']==$trace)
{
echo "Try Again";
}
else
{
$item=$_POST['Item'] ;
$kuantiti= $_POST['kuantiti'] ;
mysql_query("INSERT INTO `kemaskini`(Item,kuantiti)
VALUES ('$item','$kuantiti')");
header("Location: kemaskini.php");
}
}
The reason for that is because you are not looping the result from mysql_fetch_array() that is why you are only checking for the first value of the result. If you don't want to Iterate, you can change the query into:
$itemToSearch = "Speaker";
$result = mysql_query("SELECT COUNT(*) result
FROM kemaskini
WHERE Item = '$itemToSearch'")
which will give you the total number of items found,
$test = mysql_fetch_array($result);
$trace = $test['result'];
if($trace > 0)
{
echo "Try Again";
}
else
{
// insert value
}
As a sidenote, the query is vulnerable with SQL Injection if the value(s) of the variables came from the outside. Please take a look at the article below to learn how to prevent from it. By using PreparedStatements you can get rid of using single quotes around values.
How to prevent SQL injection in PHP?
Regarding, how can you trace "Speaker" and "speaker" are the same, you can use the upper() or lower() function that most database engines support. I don't work with mysql so I am going on an assumption here. Your check would be something like this:
select count(*) records
from kemaskini
where lower(item) = 'speaker'
Having said that, I have to warn you that using functions in the where clause like this make your queries run slower.
If JW's comment about PreparedStatements includes using query parameters (I don't work with php either), it's very good advice. Not only do they increase the security of your applications, but they escape special characters such as apostrophes. Since you are doing a character search, you would not want your query to crash if the user submitted something like "Dave's keyboard" to your application.
Related
Not sure if it's possible to do this in SQL but... I'm having difficulty selecting results between certain criteria. I have a column that is a mixture of text and numeric. For example: LOC:05-04-01. I'm wanting to select items between two locations. EG: between LOC:05-04-01 and LOC:05-04-20.
I've tried using the standard BETWEEN statement but it returns an empty result.
$loc1 = 'LOC:05-04-01';
$loc2 = 'LOC:05-04-20';
$sql = $dbh->prepare("SELECT * FROM table WHERE location BETWEEN ? AND ? ORDER BY location DESC");
$sql->execute([$loc1,$loc2]);
while ($row = $sql->fetch(PDO::FETCH_ASSOC)) {
echo $row['ID'].': '.$row['location'].'<br>';
}
My database is similar to below:
ID | Location
1 | LOC:05-04-01
2 | LOC:05-04-02
3 | LOC:05-04-05
4 | LOC:06-04-01
5 | LOC:06-04-02
6 | LOC:06-04-10
I'm expecting to see a list of locations out of the above query such as:
1: LOC:05-04-01
2: LOC:05-04-02
3: LOC:05-04-05
This code should do what you want:
SELECT *
FROM <table>
WHERE location BETWEEN 'LOC:05-04-01' AND 'LOC:05-04-20'
ORDER BY location DESC;
You are doing string comparisons, and the values compare as strings.
You should test this using a direct query on the database. If this doesn't work, then you might have data in columns that you don't expect -- say the hyphens are really a different character.
If the PHP code does not work, something is going wrong at that level. You might have an error in your query (say connected to the wrong database). You might have bad characters in your constants.
Ok so I have a db of Users (ID) and their T or F results to different Hobbies. So something like this, excuse the formating I didn't know how to space it.
ID | swimming | running | rock climbing | learning to program.
user1 T F T T
user2 F T T F
OK I wanted to do a SQL search where I return all Column names of a table, if the value of that column is "T" where the ID is the users ID.
so if the ID is user1, I return swimming, rock climbing, learning to program.
Now I couldn't figure out how to do this with SQL so I figured I could try do this manually with PHP.
So I tried something like this.
$stmt = $this->con->prepare("SELECT swimming, running, rock,
program FROM mytablehere WHERE ID = ?");
$stmt->bind_param("s", $ID); // specific ID is went in via here
$stmt->execute();
$stmt->bind_result( $swimming, $running, $rock, $program);
$stmt->fetch();
$user = array();
if($swimming == "T"){
$swimming ="swimming";
$user['swimming'] = $swimming; }
...
return $user;
So the idea is it would find the binds that are "T" and insert them into the user array, and leave the ones that are "F" out.
However my postman tells me, no data is found.
So my question is how do do I get this sort of function. Is there an SQL search to make this easier or how do I need to approach my PHP code differently.
Can I not if then the bind $swimming or do I have to bind them all to one array, and then return a different array at the end?
if($user['swimming'] == "T"){
$hobby['swimming'] = "swimming"; }
return $hobby
there should really be an easier way to do this. If anyone has an sql search that would be great. But this will allow you to do it via php. I was having issues with my postman which was stopping me from getting data, but once I did the code up top will just give you an useless mess. This will return only the column names but it has to be done manually.
I need to get a SUM off all numerical entries in one of the tables of my DB
id | parameter
--------------
1 | 5
2 | 1
3 | 11
4 | 3
My php is:
$total = 'SELECT parameter FROM resource_table';
$res = $db->prepare($total);
$res->execute();
while($row4 = $res->fetch()) {
$count_sum1[$row4['parameter']][] = $row4;
}
$count_sum = array_sum( $count_sum1 );
print<<<END
$count_sum
END;
this is not working, as I can guess I am not doing something correctly.
Please help
Thanks for your help in advance
Let the database do the work:
SELECT SUM(parameter) FROM resource_table
In case you want to stick to php:
<?php
// code
while($row=$res->fetch())
$count_sum+=row["parameter"];
// code
?>
Yes, database engine supports simple operations, such as SUM(), AVG(), MIN() and lot of others... so actually you are able to do some basic operation on the specific engine. Read a documentation to your database engine, because you could use MySql, MSSQL, or plenty of others and every use its own type of functions.
But I suppose that you use MySQL, so the function is simply SUM():
SELECT SUM(parameter) FROM tableName;
I am working on a survey created by PHP and MySQL. So the issue is, I am trying to create a ResponseID, which is an ID specific for every person submitting the survey. So the code was created to add 1 to the existing max value from the ResponseID column. Here's the code:
//Response ID creation
$query = "SELECT max(ResponseID) FROM survey";
$res = mysql_query($query);
$RID = $res+1;
I know I can condense it, but here's the problem: I already entered one item on the table with the ResponseID of 1. When I tested the survey with different answers, the next ResponseID was 5. It should have been 2. So I tested again to see if it would produce 6 next time.
Unfortunately, it produced 5 again. I had my PHP guru looked it over and he said the coding was correct and it should be something from the database. I didn't set anything in the ResponseID except for it being an int. So why is it producing a 5? If anyone could please tell me how to go about fixing it, that would be super cool of you.
I am somewhat new to PHP.
$res will be a mysql statement handle, NOT the result of the query. you still have to actually FETCH a row from this $res result to access the value of the max() function in the query.
This handle probably internally has identifier #5, which is why you're getting that "odd" result.
The code should be:
$sql = "SELECT MAX(responseID) AS max ...";
$result = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_assoc($result);
$RID = $row['max'] + 1;
$res is a resource, not the value of the query, please read the manual: http://nz.php.net/manual/en/function.mysql-query.php
Why don't you use an AUTO_INCREMENT column and retrieve the new value using mysql_insert_id?
You need to use an AUTO_INCREMENT column for this. The problem is that if two instances of the PHP script are running at the same time (extremely likely assuming you're using a multithreaded server like Apache), then you could have a case like this:
|PHP #1 | PHP #2 |
=================================
|Accept client |(waiting) |
|SELECT MAX... |(waiting) |
|Send to MySQL | Accept client |
|(waiting) | SELECT MAX... |
|(waiting) | Send to MySQL |
|Get response 4 |Get response 4 | //Nothing inserted yet, max is still 4
|Try to insert 5| (waiting) |
|Succeeded | (waiting) |
|(waiting) |Try to insert 5|
| ... | Failed! |
(This in addition to what Dagon said)
Use $row = mysql_fetch_assoc($res) to get the resulting row from your query.
See mysql_fetch_assoc().
The reason why you are not getting the correct value is because mysql_query doesn't return a value, it returns a resource.
Try this instead:
//Response ID creation
$query = "SELECT max(ResponseID) FROM survey";
$res = mysql_query($query);
if($res !== FALSE) $res = mysql_fetch_array($res); // If $res === FALSE, something went wrong
$RID = $res[0] + 1;
Also I suggest you to use AUTO_INCREMENT on the ResponseID field, this makes your life a lot easier :)
i'm not really sure if i understood ur problem but if u wanna generate a response ID specific to every user or every survey posted, then what u can do is use auto_increment for the response ID. the response id will be incremented every time a new survey is posted. also get the last id posted using mysql_insert_id to get the last id posted.
so u can get the last id using
$last_id = mysql_insert_id ();
u need to put that statement right after ur query. that way u can get the last id.
I have a php file that search a SQL database. It takes a string from a textbox and tries to match it to various attributes for the database. Here is the code that performs the searched:
if ($filter['meta_info']) {
$search_string = $filter['meta_info'];
unset($filter['meta_info']);
$m_intSortField = null;
$m_strWhere .= (($m_strWhere) ? " AND " : "")."(MATCH (`courses`.`assigned_id`,`courses`.`title`,`courses`.`author`,`courses`.`keywords`,`courses`.` abstract`,`courses`.`objective`,`courses`.`summary`,`courses`.`copyright`,`courses`.`notes`) AGAINST ('".mysql_escape_string($search_string)."' IN BOOLEAN MODE))";
}
My problem is, I want it to return courses that have a partial match to the assigned ID not just a complete match. Anyone know how I could do this?
Turn off strict mode on your mysql options, or use LIKE.
SELECT id,name from LESSONS where name LIKE "English%";
returns
| id | Name
| 2 | English Literature
| 8 | English Language