I currently have 2 different sections for this program, the first half takes the users input from a web page and then transfers it over onto a PHP side which will access MySQL and display the requested information.
Example: If I enter AX12 for the ID it will display information for that ID which does infact exist, but if I enter AX13 (which doesn't) it will display blank information, so I'm wondering if someone can show me how I can validate this once the information has been transferred over onto the PHP side. So if it detects that the information you've submitted does not exist simply display a message saying "ID DOES NOT EXIST" or something along those lines.
Here's the code for the PHP side if you need it for more information.
<?php
$part_number = $_GET['txtInput'];
$part_description;
$units_on_hand;
$item_class;
$warehouse_number;
$unit_price;
$query;
$result_set;
$connection;
$record;
echo "<html>";
echo "<head>";
echo "<title>SQL Application</title>";
echo "<style type = 'text/css'>body{text-align: center; background-color: #CC3333; color: #660000; font-size: 30;}</style>";
echo "</head>";
echo "<body>";
echo "<center><h1>SQL Application</h1></center>";
echo "<br />";
echo "<br />";
echo "<br />";
$connection = #mysql_connect("localhost","m_stanicic","")
or die ("\n\n PROBLEM CONNECTING TO DATABASE! \n" . mysql_error() . "\n\n");
mysql_select_db("m_stanicicdb");
$query = "select * from part where part_number = '" . $part_number . "'";
$result_set = mysql_query($query)
or die ("\n\n PROBLEM WITH QUERY! . \n" . mysql_error() . "\n\n");
$record = mysql_fetch_assoc($result_set);
if($part_number == "")
{
//
}
else
{
$part_description = $record['part_description'];
$units_on_hand = $record['units_on_hand'];
$item_class = $record['item_class'];
$warehouse_number = $record['warehouse_number'];
$unit_price = $record['unit_price'];
echo "<center>";
echo "<table border='1' width=400 style ='table-layout:fixed' cellpadding='5' cellspacing='0'>";
echo "<col width = 200>";
echo "<col width = 200>";
echo "<tr>";
echo "<th colspan='2'>DETAILS OF THE PART YOU REQUESTED</th>";
echo "</tr>";
echo "<tr>";
echo "<td>part_description</td>";
echo "<td>" . $part_description . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>units_on_hand</td>";
echo "<td>" . $units_on_hand . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>item_class</td>";
echo "<td>" . $item_class . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>warehouse_number</td>";
echo "<td>" . $warehouse_number . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td>unit_price</td>";
echo "<td>$" . $unit_price . "</td>";
echo "</tr>";
echo "</table>";
echo "</center>";
mysql_close($connection);
}
echo "<br />";
echo "<br />";
echo "<br />";
echo "<input type = 'button' value = 'RETURN' style = 'width: 75px; height: 75px;' onclick = \"javascript:window.location.href = 'jdpset1_4.html'\">";
echo "</body>";
echo "</html>";
You aren't validating anywhere that the result did return any data at all. Right after your call to mysql_query(), you should use mysql_num_rows() to see how many rows were returned by your query -- if mysql_num_rows($result_set) is zero, your query returned no data.
Notice how $part_number is never modified by mysql_query(), mysql_fetch_array() or any of those functions; so it will never be empty unless it started as such (rendering your current if almost useless).
You can check the output of your query $record...
if (count($record)==0) {
echo "the ID you entered does not exist! Try again...";
} else {
// code to output the part's details...
}
put the if (count... part instead of ...
if($part_number == "")
from your code i notice 2 things
$query = "select * from part where part_number = '" . $part_number . "'";
as your part number is a string, i recommend you to use LIKE not =
$query = "select * from part where part_number LIKE '" . $part_number . "'";
another is inspect your record is returning in multidimensional array like
$record = Array([0]=>array('part_description'=>A123...)).
then you must assign like so
$part_description = $record[0]['part_description'];
i hope it helps you
Related
I am working on a website whereby a load of advertisers are stored in the DB and then displayed to the user by there logo. I know storing directly in to the DB for images is not the done thing, however, I am starting out this way, to get the website running and then will refactor to move to a much more suitable approach.
Currently, I have the following PHP code:
<?php
session_start();
require_once "config.php";
// Create connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "SELECT * FROM advertisers";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<table>";
echo "<tr>";
echo "<th>id</th>";
echo "<th>advertiser_Name</th>";
echo "<th>advertiser_URL</th>";
echo "<th>advertiser_Category</th>";
echo "<th>advertiser_logo</th>";
echo "</tr>";
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['advertiser_id'] . "</td>";
echo "<td>" . $row['advertiser_Name'] . "</td>";
echo "<td>" . $row['advertiser_URL'] . "</td>";
echo "<td>" . $row['advertiser_Category'] . "</td>";
echo "<td>" . $row['<img src="data:image/jpeg;base64,'.base64_encode($row['advertiser_logo']).'"/>'] . "</td>";
echo "</tr>";
}
echo "</table>";
// Free result set
mysqli_free_result($result);
} else{
echo "No records matching your query were found.";
}
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
However, the images are displayed when called from the DB but they are displayed in the warning message rather than in the table?
<?php
session_start();
require_once "config.php";
// Create connection
if ($link === false)
{
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "SELECT * FROM advertisers";
if ($result = mysqli_query($link, $sql))
{
if (mysqli_num_rows($result) > 0)
{
echo "<table>";
echo "<tr>";
echo "<th>id</th>";
echo "<th>advertiser_Name</th>";
echo "<th>advertiser_URL</th>";
echo "<th>advertiser_Category</th>";
echo "<th>advertiser_logo</th>";
echo "</tr>";
while ($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['advertiser_id'] . "</td>";
echo "<td>" . $row['advertiser_Name'] . "</td>";
echo "<td>" . $row['advertiser_URL'] . "</td>";
echo "<td>" . $row['advertiser_Category'] . "</td>";
echo "<td><img src='data:image/jpeg;base64," . base64_encode($row['advertiser_logo']) . "'/></td>";
echo "</tr>";
}
echo "</table>";
// Free result set
mysqli_free_result($result);
}
else
{
echo "No records matching your query were found.";
}
}
else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
The fact that is showing the image in the warning is because you're using a tag with the source as an array key which is not correct.
The array keys, so what is inside the square bracket, is the reference to the array position. If you're familiar with C for example is the 0, 1, ecc.. and not the value itself.
Yes as #NigelRen mentioned this row $row['<img src="data:image/jpeg; looks very bad.
I think you should use:
echo "<td><img src='data:image/jpeg;base64," . base64_encode($row['advertiser_logo']) . "'/></td>";
I would like to retrieve my results from my DB in this format using Bootstrap.
Below is my PHP code that I'm currently using, the first entry I want the image to be bigger then the rest.
<?php
$article = mysqli_connect("localhost", "root", "", "blog");
// Check connection
if($article === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
// Attempt select query execution
$sql = "SELECT * FROM news";
if($result = mysqli_query($article, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<container>";
echo "<row>";
echo "<th>id</th>";
echo "<th>title</th>";
echo "<th>body</th>";
echo "<th>image</th>";
echo "</div>";
while($row = mysqli_fetch_array($result)){
echo "<row>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['title'] . "</td>";
echo "<td>" . $row['body'] . "</td>";
echo "<td>" . $row['image'] . "</td>";
echo "</row>";
}
echo "</div>";
// Free result set
mysqli_free_result($result);
} else{
echo "No records matching your query were found.";
}
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($article);
}
// Close connection
mysqli_close($article);
?>
I think you should have the condition to check for the first data in your loop to apply a bigger image size.
You can simply add condition:
$resultNum = 1;
while($row = mysqli_fetch_array($result)){
if($resultNum == 1) {
// TODO: show bigger image
} else {
// usual image
echo "<row>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['title'] . "</td>";
echo "<td>" . $row['body'] . "</td>";
echo "<td>" . $row['image'] . "</td>";
echo "</row>";
}
$resultNum++;
}
Just make a counter and then do a condition using the first number of the counter
Your code simplyfied:
$query = mysqli_query($article, "SELECT * FROM news");
$n = 1; //start the counter
if(mysqli_num_rows($query) > 0){ //detect if have rows
foreach ($query as $key => $value) {
if($n == 1){
//print the big image
echo $value["id"];
}else{
//print the little image
echo $value["id"];
}
$n++;
}
}else{
echo "No data founded";
}
Ive currently got this code where I have two loops: one which displays all my ToDos and one which counts the amount of hours ive worked on a certain ToDo.
What I want to do is to multiply the ['pris'] (cost pr hour) with the amount of hours ['timer'] from the loop.
echo "<div id='innhold'>";
$db = kobleTil();
$sql = "SELECT * FROM oppdrag";
$resultat = $db->query($sql);
while($nesteRad = $resultat->fetch_assoc()) {
echo "<hr />";
echo "<table id='resultat'>";
echo "<tr><th colspan='7'>" . $nesteRad['navn'] . "</th></tr>";
echo "<tr><td><b>Type</b></td><td><b>Startdato</b></td><td><b>Sluttdato</b></td><td><b>Pris pr. time</b></td><td><b>Aktiv</b></td></tr>";
echo "<tr>";
echo "<td>" . $nesteRad['type'] . "</td>";
echo "<td>" . $nesteRad['startDato'] . "</td>";
echo "<td>" . $nesteRad['sluttDato'] . "</td>";
echo "<td>" . $nesteRad['pris'] . "</td>";
echo "<td>" . $nesteRad['aktiv'] . "</td>";
echo '<td>Se på</td>';
echo '<td>Legg til timer</td>';
echo '<td>Slett</td>';
echo "</tr></table>";
echo "<hr />";
$prisx = $nesteRad['pris'];
}
echo "<a href='lioppdrag.php'><h5>Legg inn nytt oppdrag</h5></a>";
echo "<br />";
echo "<h3>Statistikk - Oppgaver arbeidet mest med<br /></h3>";
$statistikk = "SELECT oppdrag.*, (SELECT SUM(timer) FROM timeregistrering WHERE timeregistrering.oppdrID = oppdrag.oppdrID) AS Timer FROM oppdrag ORDER BY Timer DESC";
$print = $db->query($statistikk);
while($rad = $print->fetch_assoc()) {
$timer = $rad['Timer'] . '00px';
echo "<b>Oppdrag: " . $rad['navn'] ." Antal timer: " . $rad['Timer'] . " </b><br/>";
echo "<img src='firkant.png' id='firkant' width='"; echo $timer; echo "'></img><br/><br/>";
$timerx = $rad['Timer'];
}
echo "</div>";
} else {
echo "<div id='innhold'>";
echo "<a href='index.php'>Logg inn for å se innholdet</a>";
echo "</div>";
}
?>
I'll try to set you in the right direction but without the exact tables I can't give you the exact answer. first I'd do this in SQL before you ever get to PHOP and loops. Think in terms of set's not loops, so group your todo's and sum(timer) for each group. Then you can do another column with the sum(timer)*pris calling it Total. Psuedocode would be something like
select ToDo.Name, sum(working.timer), sum(timer)*ToDo.Pris as Total
from ToDo join working on todo.id = working.todo_id
group by ToDo.Name
(and a where clause to restrict the dates worked probably unless you just want everything)
edit: sorry I'm not sure why the code didn't show up when I first looked at the question and I only saw it after I answered but I still think this might help so take a look and let me know
I'm a new member of StackOverflow, and although I've been using the website for a long time, it's my first time posting a question, in a hope that someone will be able to help me. I'll start by saying that my knowledge of PHP and MySQL is basic, but what I'm trying to do isn't too complex in my opinion, so hopefully I won't be asking for much. I've done a lot of prior research, but I just couldn't find the right answer.
In short, this is what I'm trying to do:
I've got an html form, which upon submission writes data to a database, and then publishes a table on a separate html page. With each successful submission a new table gets generated and published, while the old one gets pushed underneath. This all works fine, and I've also implemented pagination so that only 5 tables are visible per page.
What I'd like to be able to do is allow people to ONLY view/display results (tables) based on a specific criteria, in this case "rating", by selecting a rating from a drop-down on the page where tables are published. Rating is one of the fields in my form which gets submitted to a database and then published in one of the rows in a table.
Below is the code which publishes tables. Thanks in advance for your help!
<?php
include('dbconnect.php');
mysql_select_db("vtracker", $con);
$result = mysql_query("SELECT * FROM userdata");
$age = "Age:";
$rating = "Rating:";
$country = "From:";
$name = "Name:";
while($row = mysql_fetch_array($result))
{
echo "<table id='mft_table' cellspacing='0'>";
echo "<tbody>";
echo "<tr>";
echo "<td class='row1'>" .$name . " " . $row['personsname'] . "</td>";
echo "<td rowspan='4'>";
echo "<div class='mft_column'>" . $row['mft'] . "</div>";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row2'>" . $country . " " . $row['nationality'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row3'>" . $age . " " . $row['personsage'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row4'>" . $rating . " " . $row['rating'] . "</td>";
echo "</tr>";
echo "</tbody>";
echo "<br>";
echo "</table>";
}
?>
for both true and false use can add thid in your code:
if($_POST['rating_dropdown']!='')
{
$temp_rating = $_POST['rating_dropdown'];
$query=mysql_query("SELECT * FROM userdata WHERE rating = '$temp_rating'");
}
else
{
$query=mysql_query("SELECT * FROM userdata");
}
Dunno if this works, it's just a hinch. haha.
It will see if the rating is true(not null), if it's true it will echo the results.
while($row = mysql_fetch_array($result))
{
if ($rating)
echo "<table id='mft_table' cellspacing='0'>";
echo "<tbody>";
echo "<tr>";
echo "<td class='row1'>" .$name . " " . $row['personsname'] . "</td>";
echo "<td rowspan='4'>";
echo "<div class='mft_column'>" . $row['mft'] . "</div>";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row2'>" . $country . " " . $row['nationality'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row3'>" . $age . " " . $row['personsage'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row4'>" . $rating . " " . $row['rating'] . "</td>";
echo "</tr>";
echo "</tbody>";
echo "<br>";
echo "</table>";
}
}
Once the dropdown gets selected and posted to your display page, use this code:
$temp_rating = $_POST['rating_dropdown'];
mysql_query("SELECT * FROM userdata WHERE rating = '$temp_rating'");
Keep in mind, however, that you should be using PDO or mysqli extension, not the mysql extension. According to PHP's website:
This extension is deprecated as of PHP 5.5.0, and will be removed in
the future. Instead, the MySQLi or PDO_MySQL extension should be used.
See also MySQL: choosing an API guide and related FAQ for more
information.
I have an admin area in an ecommerce website whereby the admin can view all users on the allusers.php page. The users are listed in a table with their personal information, however i have a 'view profile' button near each user whereby if you was to click on it, it would take you to another page where you can view that specific users past orders.
the following is the code i have for allusers.php:
<?php
$result = mysql_query("SELECT * FROM customers ")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>First Name</th><th>Surname</th><th>Address</th><th>E-Mail</th><th>Username</th><th>View Profile</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['surname']. "</td>";
echo "<td>" . $info['address1']. $info['address2']. $info['city']. $info['postcode']." </td>";
echo "<td>" . $info['email']. "</td>";
echo "<td>" . $info['username']. "</td>";
echo "<td>" . " <a href='view.php'>View</a> </td>";
}
}
echo "</tr>";
echo "</table>";
?>
the view.php page is as follows:
<?php
$result = mysql_query("SELECT * FROM order WHERE ......dont know what to enter here")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders For This Customer Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>Product</th><th>Quantities</th><th>Date</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['quantity']. "</td>";
echo "<td>" . $info['date']. " </td>";
}
}
echo "</tr>";
echo "</table>";
?>
I have a mysql database with the following fields & tables:
Customers - id, name, surname, address1, address2, city, postcode, email, username, password
Products - serial, name, description, price, picture
Order - id, name, quanitity, price, date, username
Thanks for any help provided
Your code lacks any sort of security mechanisms... This is very bad, especially in an e-commerce setting.
Excusing that, you would pass the username to the view page in the URL.
echo "<td>" . " <a href='view.php?user=" . $info['username'] . "'>View</a> </td>";
In your view page, you would get the parameter from the URL and include it with your query.
if (isset($_GET) && isset($_GET['user'])) {
$user = mysql_real_escape_string($_GET['user']);
} else {
header('Location: allusers.php');
exit(); // boot them back to the previous page.
}
$result = mysql_query("SELECT * FROM order WHERE username = '" . $user . "'")
A simple method could be the follow. Replace this line in alluser.php
echo "<td>" . " <a href='view.php'>View</a></td>";
with this one
echo '<td>View</td>';
and then, in your view.php have
if (isset($_GET['username']) && $_GET['username'] != '')
{
$username = mysql_real_escape_string($_GET['username']);
$result = mysql_query("SELECT * FROM order WHERE username = '$username'");
}
else
{
// No user specified. Do other statements
}
Please note the use of:
The user of the mysql_real_escape_string() function to protect from Sql injection (would be better the use of a prepared statements)
The use of the parameter username in the first page to pass the value of the username to the second page
The use of the $_GET global array to retrieve the parameter
Try this:
allusers.php
<?php
$result = mysql_query("SELECT * FROM customers ")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>First Name</th><th>Surname</th><th>Address</th><th>E-Mail</th><th>Username</th><th>View Profile</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['surname']. "</td>";
echo "<td>" . $info['address1']. $info['address2']. $info['city']. $info['postcode']." </td>";
echo "<td>" . $info['email']. "</td>";
echo "<td>" . $info['username']. "</td>";
echo "<td>" . " <a href='view.php?user={$info['username']}'>View</a> </td>";
}
}
echo "</tr>";
echo "</table>";
?>
view.php
<?php
$user = mysql_real_escape_string($_GET['user']);
$result = mysql_query("SELECT * FROM order WHERE user = '$user'")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders For This Customer Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>Product</th><th>Quantities</th><th>Date</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['quantity']. "</td>";
echo "<td>" . $info['date']. " </td>";
}
}
echo "</tr>";
echo "</table>";
?>