This is my first post, but I have found this forum to be very useful! I hope you can help me.
My conundrum is this: I have users log on and then rate each other. Once a user logs in, I want them to be able to see the ratings they made (this one I got working - the reviews I can select by a unique id generated by a form) and also see a summary of the ratings that they have received. This is where it seems to get tricky. I tried an inner join but it didn't produce any results.
Right now I have this part up above my html
<?php
include "connect.php";
if(isset($_COOKIE['ID_my_site']))
{
$username = $_COOKIE['ID_my_site'];
$pass = $_COOKIE['Key_my_site'];
while($info = mysql_fetch_array( $check ))
{
//if the cookie has the wrong password, they are taken to the login page
if ($pass != $info['password'])
{
header("");
}
//otherwise they are shown the admin area
else
{
echo "";
echo "";
}
}
}
else
//if the cookie does not exist, they are taken to the login screen
{
header("");
}
include "settings.php";
?>
And this part after my html
<?php
include('connect.php');
$result = mysql_query("SELECT r.user, r.rating1, r.rating2, r.rating3, u.username
FROM reviews r INNER JOIN users u ON r.user=u.username
WHERE r.user='$userid' ORDER BY r.user DESC")
or die(mysql_error());
echo "<table border='1' cellpadding='10'>";
echo "<tr>
<th></th>
<th>View Comments</th>
<th>Rating 1</th>
<th>Rating 2</th>
<th>Rating 3</th>
</tr>";
while($row = mysql_fetch_array( $result )) {
echo "<tr>";
echo '<td>View/Print</td>';
echo '<td>' . $row['rating1'] . '</td>';
echo '<td>' . $row['rating2'] . '</td>';
echo '<td>' . $row['rating3'] . '</td>';
echo "</tr>";
}
echo "</table>";
?>
Unfortunately, I don't get any results at all, though I see about 20 ratings for this person in the sql table.
It's also throwing a "Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in reviews.php on line 19" error.
There's probably a stupid mistake in there, but I'm getting codeblind and frustrated.
Thank you for any help!
if this is line 19:
while($row = mysql_fetch_array( $result )) {
echo "<tr>";
echo '<td>View/Print</td>';
echo '<td>' . $row['rating1'] . '</td>';
echo '<td>' . $row['rating2'] . '</td>';
echo '<td>' . $row['rating3'] . '</td>';
echo "</tr>";
}
you should use the position of the values inside the array like 1,2,3 .. and so on , not ratings1 ,ratings2 .. and so on.
Related
So these are my codes. The id in my case is a varchar(consists of number, symbol and char). When I entered a numeric ID, I can edit the information. But when the id entered is not fully numeric, the system says " Unknown column '618XRWCG' in 'where clause'"
this is updateforecast.php
<?php
}
// connect to the database
include('connect.php');
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['id'];
$min = mysql_real_escape_string(htmlspecialchars($_POST['min']));
$max = mysql_real_escape_string(htmlspecialchars($_POST['max']));
$sapuk = mysql_real_escape_string(htmlspecialchars($_POST['sapuk']));
$sapus = mysql_real_escape_string(htmlspecialchars($_POST['sapus']));
$sapasia = mysql_real_escape_string(htmlspecialchars($_POST['sapasia']));
$sapmex = mysql_real_escape_string(htmlspecialchars($_POST['sapmex']));
$penuk = mysql_real_escape_string(htmlspecialchars($_POST['penuk']));
$penus = mysql_real_escape_string(htmlspecialchars($_POST['penus']));
$penasia = mysql_real_escape_string(htmlspecialchars($_POST['penasia']));
$penmex = mysql_real_escape_string(htmlspecialchars($_POST['penmex']));
// check that firstname/lastname fields are both filled in
if ($min == '' || $max == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $min, $max, $sapuk, $sapus, $sapasia, $sapmex, $penuk, $penus, $penasia, $penmex, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE forecast SET Min='$min', Max='$max', sapUK='$sapuk', sapUS='$sapus', sapAsia='$sapasia', sapMex='$sapmex', penUK='$penuk', penUS='$penus', penAsia='$penasia', penMex='$penmex' WHERE Partnumber='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: viewforecast.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id'])&& $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM forecast WHERE Partnumber=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$min = $row['Min'];
$max = $row['Max'];
$sapuk = $row['sapUk'];
$sapus = $row['sapUS'];
$sapasia = $row['sapAsia'];
$sapmex = $row['sapMex'];
$penuk = $row['pendingUK'];
$penus = $row['pendingUS'];
$penasia = $row['pendingAsia'];
$penmex = $row['pendingMex'];
// show form
renderForm($id, $min, $max, $sapuk, $sapus, $sapasia, $sapmex, $penuk, $penus, $penasia, $penmex, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
?>
This is viewforecast.php
<?php
include('connect.php');
$result = mysql_query("SELECT * FROM forecast")
or die(mysql_error());
echo "<table border='1' id = 'frmnew' cellpadding='10'>";
echo "<tr>
<th rowspan='2'><center><b>Part Number</b></center></th>
<th rowspan='2'><center><b>Minimum Quantity</b></center></th>
<th rowspan='2'><center><b>Maximum Quantity</b></center></th>
<th colspan='4' scope='colgroup'><center>SHIP AGAINST PO</center></th>
<th colspan='4' scope='colgroup'><center>FORECAST FROM VARIOUS REGIONS PENDING FOR INTERCO PO</center></th>
</tr>
<tr>
<th scope='col'><center>UK</center></th>
<th scope='col'><center>US</center></th>
<th scope='col'><center>ASIA</center></th>
<th scope='col'><center>MEXICO</center></th>
<th scope='col'><center>UK</center></th>
<th scope='col'><center>US</center></th>
<th scope='col'><center>ASIA</center></th>
<th scope='col'><center>MEXICO</center></th>
</tr>";
// loop through results of database query, displaying them in the table
while($row = mysql_fetch_array( $result )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['Partnumber'] . '</td>';
echo '<td>' . $row['Min'] . '</td>';
echo '<td>' . $row['Max'] . '</td>';
echo '<td>' . $row['sapUK'] . '</td>';
echo '<td>' . $row['sapUS'] . '</td>';
echo '<td>' . $row['sapAsia'] . '</td>';
echo '<td>' . $row['sapMex'] . '</td>';
echo '<td>' . $row['pendingUK'] . '</td>';
echo '<td>' . $row['pendingUS'] . '</td>';
echo '<td>' . $row['pendingAsia'] . '</td>';
echo '<td>' . $row['pendingMex'] . '</td>';
echo '<td>Edit</td>';
echo '<td>Delete</td>';
echo "</tr>";
}
// close table>
echo "</table>";
?>
<p>Add a new record</p>
</body>
</html>
The previous error i stated was when i entered an id with no symbol. When i enter an id with symbols, the symbol and the character after it is hidden or something.
Please help
Your code is vulnerable to SQL Injection. You should use PDO like suggested by #IncredibleHat
Edit your updateforecast.php code select query you passed id without string change this .
$result = mysql_query("SELECT * FROM forecast WHERE Partnumber='$id'")
I have this below code but failing at getting it to delete the record, think i may be missing something.
<?php
//Open Database
class MyDB extends SQLite3
{
function __construct() {
$this->open('Name.db');
}
}
$db = new MyDB();
if(!$db){
echo $db->lastErrorMsg();
}
//Select the Name Table
$sql =<<<EOF
SELECT * FROM Name;
EOF;
$ret = $db->query($sql);
// Display The Data In a Table
echo "<table border='1' cellpadding='10'>";
echo "<tr><th>First name</th> <th>Last Name</th> <th>Gender</th> <th></th>
<th></th></tr>";
while($row = $ret->fetchArray(SQLITE3_ASSOC) ){
echo "<tr>";
echo '<td>' . $row['FirstName'] . '</td>';
echo '<td>' . $row['LastName'] . '</td>';
echo '<td>' . $row['Gender'] . '</td>';
echo '<td>Delete
</td>';
echo "</tr>";
}
// check for id to be set and if it is delete the matching row from database
if (isset($_GET['id']))
{
// puts the id value in the variable
$id = $_GET['id'];
// delete the entry
$db->exec("Delete FROM Name WHERE VALUES TeamName=$id;");
header("Location: name.php");
} else {
header("Location: name.php");}
$db->close();
?>
Is there something im missing as it still wont delete the entire row from the db file. It displays the table perfect just fails to delete the matching id Record.
Other delete querie i have tried is
$db->exec("Delete FROM Name (FirstName, LastName, Gender) WHERE VALUES
FirstName=$id;");
You cannot delete some of the values, you can either update them or just delete the entire row.
Try
$db->exec("DELETE FROM Name WHERE TeamName=$id;");
and the other thing you need to do for safety is to escape the $id variable, otherwise it's trouble waiting to happen.
1) check whether the user you are using has the delete permission.
2)$db->exec("DELETE FROM Name WHERE TeamName = '".$id."'");
I have two pages, the first shows all items from a particular field in a MySQL database:
DatabaseEntries.php
<?php
include('connect.php');
$result = mysqli_query($db, "SELECT * FROM names")
or die(mysqli_error($db));
echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>Firstname</th> <th>lastname</th> <th>Email</th><th></th> ";
while($row = mysqli_fetch_array( $result )) {
// echo out the contents of each row into a table
echo "<tr>";
echo '<td>' . $row['firstname'] . '</td>';
echo '<td>' . $row['lastname'] . '</td>';
echo '<td>' . $row['email'] . '</td>';
echo '<td>Delete</td>';
echo "</tr>";
}
?>
the second page contains the delete function:
Delete.php
<?php
include('connect.php');
// check if the 'id' variable is set in URL, and check that it is valid
if (isset($_GET['email']) )
{
// get id value
$email = $_GET['email'];
// delete the entry
$result = mysqli_query($db, "DELETE FROM names WHERE email=$email")
or die(mysqli_error($db));
// redirect back to the view page
header("Location: DatabaseEntries.php");
}
else
// if id isn't set, or isn't valid, redirect back to view page
{
header("Location: Error.php");
}
?>
I get the following error when trying to delete an item from the database:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '#gmail.com' at line 1
Can anyone tell me why? and what to do to fix it?
Thanks
Add quotes around the $email
DELETE FROM names WHERE email='$email'
Edited: My first problem was solved, but another problem came up, only one user id is provided. So here is the screenshot of the revised code.
Going back to the table, The user will press edit button, so he can edit the problem and give appropriate action..
My code for the table above is this:
<form action="edit.php" method="get">
<?php
$result = mysqli_query($con,"SELECT * FROM complaints");
echo "<table border='1'>
<tr>
<th>Id Number</th>
<th>Category</th>
<th>Problem</th>
<th>Date Reported</th>
<th>Action</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td name=id_number>" . $row['id_number'] . "</td>";
echo "<td name=remarks>" . $row['remarks'] . "</td>";
echo "<td name=status>" . $row['status'] . "</td>";
echo "<td name=date>" . $row['date_reported'] . "</td>";
echo "<td>" . "<INPUT TYPE = Submit Name = Submit1 VALUE =Edit>" . "</td>";
echo "</tr>";
}
echo "</table>"; ?> </form>
My code for the edit.php is this: [for the user id part]:
User ID: <input type='text' disabled='disables' name='userid'placeholder='<?php
$userid = $_GET["userid"];
$result2 = mysql_query("SELECT * FROM complaints WHERE id_number = '$userid'", $link);
while($row = mysql_fetch_array($result2))
{
echo $row['id_number'];
}
?>'></br>
Now, I am having difficulty, on the user id part, because only one user id show which is the 201010005 id, and the user id to be shown is the one in line with the edit that has been pressed by the user.
Any help would be appreciated.
You need to pass the id of the user that you are going to edit, so in the form add another input, but hidden with the id value, like this:
echo "<td>" . "<INPUT TYPE = hidden Name = userid VALUE = " . $row['id_number'] . ">" . "</td>";
Then in the edit page you´ll grab the user and set the query with the WHERE conditional like this:
$userid = $_GET['userid'];
$result = mysqli_query($con,"SELECT * FROM complaints WHERE id_number = '$userid'");
$result = mysqli_query($con,"SELECT * FROM complaints WHERE id = XXX");
$row = mysqli_fetch_assoc($result);
print_r($row);
I'm creating a small private forum to get some more knowledge about PHP/PDO etc. Now I have a weird bug/error/wrong piece of code that is not showing the echo. This is my code.
$sql2 = $db->prepare('SELECT topic_id, topic_subject,topic_date,topic_cat FROM topics WHERE topic_cat = :topid');
$sql2->bindParam(':topid', $_GET['id'], PDO::PARAM_INT);
$sql2->execute();
$result2 = $sql->rowCount();
if($result2 === FALSE){
echo 'The topics could not be displayed, please try again later.';
}
elseif ($result2 === 0){
echo 'There are no topics in this category yet.';
} else {
//prepare the table
echo '<table border="1">
<tr>
<th>Topic</th>
<th>Created at</th>
</tr>';
while($row = $sql2->fetch()) {
echo '<tr>';
echo '<td class="leftpart">';
echo '<h3>' . $row['topic_subject'] . '<br /><h3>';
echo '</td>';
echo '<td class="rightpart">';
echo date('d-m-Y', strtotime($row['topic_date']));
echo '</td>';
echo '</tr>';
}
}
It should show the echo at while($row = $sql2->fetch()), but it is not. Also I know there is not enough { and } but that's because the other part of the code is not relevant.
You appear to count the rows returned by $sql then loop through $sql2. Have you checked to see if there are any results in $sql2?