<?php
class Friends {
public function __construct() {
global $DB, $name, $f_name;
$name = $_SESSION['name'];
if (isset($_POST['submitted'])) {
$f_name = mysql_real_escape_string($_POST['f_name']);
}
}
public function AddList() {
global $DB,$name;
echo "<center>";
$result = $DB->query(
"SELECT * FROM friends WHERE user_name!='{$name}' AND friend_name!='{$name}' "
);
while($row = mysql_fetch_array($result)) {
echo "<form method='post'>";
echo '<input type="hidden" value=' . $row['user_name'] . ' name="f_name"</th> ';
echo '<tr>';
echo '<th><b><font color="#663300">' . $row['user_name'] . '</font></b></th>';
$this->auth();
echo "</form>";
echo "</tr>";
echo "</tr>";
}
echo "</table>";
echo "</center>";
}
public function auth() {
global $name,$f_name,$DB;
$authprove = $DB->query("SELECT * FROM approval WHERE sender_id='{$name}'");
if (mysql_num_rows($authprove) > 0) {
echo '<th><b>Approving...</th>';
} else {
echo '<th><b><input type="submit" name="submitted" value="Add"></th>';
}
}
}
$F= new Friends();
?>
A bit explaination :
Is that possible to make only a specific id to output Approving and another one output Add.
Like this
When table(approval) :
---- sender_id || receive_id
---- Admin || Guest
Output Friends.php :
---- Add friends :
---- Guest -> Wait for approval
---- Guest2 -> Add as Friend
---- Guest3 -> Add as Friend
You are performing your task very unefficiently: you'll be running N+1 queries if you have N users. You could do it with a single query using a JOIN. In that case, you'd have a single loop and no problem doing what you need.
Something like:
$query = "
SELECT
f.id,
f.user_name,
f.fullname,
a.status
FROM
friends f
LEFT OUTER JOIN approval a ON (f.id=a.sender_id)
WHERE
user_name!='{$name}'
AND friend_name!='{$name}'
";
$result = $DB->query( $query );
while( $row = mysql_fetch_array( $result ) ) {
echo $row['f.fullname'];
if ( $row['a.status'] == 'approved' ) echo "Add as Friend";
else echo "Add as Friend";
}
Related
I do not understand PHP and SQL. We are just barely scraping it at the end of the semester, and its frustrating me. I am trying to get my results page to show the correct info, but for the life of me, it won't grab anything. I clearly have something wrong and was wondering if I could get some help.
Initial page
(normal top of basic webpage here)
<form id="ClubForm" action="ClubMembersResults.php" method="get">
<?php
require_once ('dbtest.php');
$query= "SELECT * FROM tblMembers ORDER BY LastName, FirstName, MiddleName;";
$r = mysqli_query($dbc, $query);
if (mysqli_num_rows($r) > 0) {
echo '<select id="memberid" name="memberid">';
while ($row = mysqli_fetch_array($r)) {
echo '<option value="'.$row['LastName'].'">'
.$row['LastName'].", ".$row['FirstName']." ".$row['MiddleName']. '</option>';
}
echo '</select>';
} else {
echo "<p>No Members found!</p>";
}
?>
<input type="submit" name="go" id="go" value="Go" />
</form>
<div id="results"></div>
</body>
results page currently written as:
<?php
$memid = 0;
$memid = (int)$_GET['memberid'];
if ($memid > 0) {
require_once ('dbtest.php');
$query = "SELECT * FROM tblMembers WHERE MemID = $memid;";
$r = mysqli_query($dbc, $query);`enter code here`
if (mysqli_num_rows($r) > 0) {
$row = mysqli_fetch_array($r);
echo "<p>Member ID: ".$row['MemID']."<br>";
echo "Member Name: ".$row['LastName'].", ".$row['FirstName']." ".$row['MiddleName']."<br>";
echo "Member Joined: ".$row['MemDt']."<br>";
echo "Member Status: ".$row['Status']."<br></p>";
}else {
echo "<p>Member not on file.</p>";
}
//table for inverntory
echo "<table border='1'>";
echo "<caption>Transaction History</caption>";
echo "<tr>";
echo "<th>Purchase Dt</th>";
echo "<th>Trans Cd</th>";
echo "<th>Trans Desc</th>";
echo "<th>Trans Type</th>";
echo "<th>Amount</th>";
echo "</tr>";
$query2 = "SELECT p.Memid, p.PurchaseDt, p.TransCd, c.TransDesc, p.TransType, p.Amount
FROM tblpurchases p, tblcodes c
WHERE p.TransCd = c.TransCd AND p.MemId = 'member id'
ORDER BY p.MemId, p.PurchaseDt, p.TransCd
";
$r2 = mysqli_query($dbc, $query2);
while ($row = mysqli_fetch_array($r2)) {
echo "<tr>";
echo "<td>".$row['PurchaseDt']."</td>;";
echo "<td>".$row['TransCd']."</td>";
echo "<td>".$row['TransDesc']."</td>";
echo "<td>".$row['TransType']."</td>";
echo "<td>".$row['Amount']."</td>";
echo "</tr>";
}
echo "</table>";
} else {
echo '<p>No Member ID from form.</p>';
}
?>
the results page should be showing tables with the info in the TH and TR/TD areas. Both those areas are coming from a separate SQL table, and teh the only similar field between the tblmembers and tblpurchases is MemID.
You need to use a join in your sql request to show purchases by members.
SELECT m.Memid, p.PurchaseDt, p.TransCd,
FROM tblpurchases p join
tblmembers m on p.MemId=m.MemId
This is an example of a join
I have created a calendar which is connected to mysql. The calendar searchs mysql and shows the number of employees on timeoff. There are several managers for a variety of employees. I created a searchterm box at which the manager can type there name and the code will query the database specific to the managers name (essentially only showing that managers employees instead of the whole company). The number of employess on time off are shown inside the calendar as a link and the total number for that specific day. Once clicked it then shows the employee names associated with the day. The problem im having is once the manager clicks onto the link, it automatically defaults to all employees instead of the ones specific to the manager. The managers search term is getting dropped and the code is defaulting back as if nothing was entered. My question is how I can reuse that searchterm over and over again until other wise directed.
$searchTerm = trim($_GET['keyname']);
if( $searchTerm != 'All Drivers' && $searchTerm != '')
{
$sqlEvent2 = mysql_query("select * FROM timeoff_365_days where (DM = '$searchTerm' or FM = '$searchTerm' or region ='$searchTerm' or location ='$searchTerm') and TimeOffDate = '".$year."-".$month."-".$i."'");
$num_rows = mysql_num_rows($sqlEvent2);
echo '<div id="button">';
echo "<a href='".$_SERVER['PHP_SELF']."?month=".$monthstring."&day=".$i."&year=".$year. "&v=false ' >".$num_rows."</a></td>";
echo '</div>';
}
else{
$sqlEvent = mysql_query( "select * FROM timeoff_365_days where TimeOffDate = '".$year."-".$month."-".$i."'" );
if (!$sqlEvent) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$num_rows = mysql_num_rows($sqlEvent);
echo '<div id="button">';
echo "<a href='".$_SERVER['PHP_SELF']."?month=".$monthstring."&day=".$i."&year=".$year."&v=true' >".$num_rows."</a></td>";
echo '</div>';
$sqlEvent = mysql_query( "select * FROM timeoff_365_days where TimeOffDate = '".$year."-".$month."-".$i."'" );
if (!$sqlEvent) {
echo 'Could not run query: ' . mysql_error();
exit;
}
$num_rows = mysql_num_rows($sqlEvent);
echo '<div id="button">';
echo "<a href='".$_SERVER['PHP_SELF']."?month=".$monthstring."&day=".$i."&year=".$year."&v=true' >".$num_rows."</a></td>";
echo '</div>';
}
}
echo "<tr>";
echo"</table>";
?>
<div class="accordion vertical">
<ul>
<li>
<input type="radio" id="radio-3" name="radio-accordion" />
<label for="radio-3">Time Off by Driver Code</label>
<div class="content">
<?php
if(($_GET['v']==false)) {
$sqlEvent2 = "select * FROM timeoff_365_days where (DM = '$searchTerm' or FM = '$searchTerm' or region ='$searchTerm'or location ='$searchTerm') and TimeOffDate ='".$year."/".$month."/".$day."'";
$resultEvents2 = mysql_query($sqlEvent2);
while ($events2 = mysql_fetch_array($resultEvents2)){
echo $events2['DriverCode']."-";
echo $events2['Unit']."</br>";
}
}
else {
echo "";
}
?>
<?php
echo "<tr >";
var_dump($searchTerm);
if(isset($_GET['v'])) {
$sqlEvent = "select * FROM timeoff_365_days where TimeOffDate ='".$year."/".$month."/".$day."'";
$resultEvents = mysql_query($sqlEvent);
while ($events = mysql_fetch_array($resultEvents)){
echo $events['DriverCode']."-";
echo $events['Unit']."</br>";
}
}
else {
echo "";
}
echo "<tr>";
var_dump($searchTerm);
?>
GET it with $_GET, so do it in the url with domain.com/index.php?search=asddf
I want to add "update", "delete" and "view" in the other page button in the right side of the table rows of my php table. Please help me to add it. Here is my code:
<?php
$conn = mysqli_connect('localhost','root','','dbname');
if(mysqli_connect_errno()){
echo 'Failed to connect: '.mysqli_connect_error();
}
$query = "SELECT * FROM table";
$results = mysqli_query($conn,$results);
echo '<table border="1">';
echo '<tr>';
echo "<th>Firstname</th>";
echo "<th>Lastname</th>";
echo '</tr>';
while($row=mysqli_fetch_array($results)){
echo '<tr>';
echo '<td>'.$row['Firstname'].'</td>';
echo '<td>'.$row['Lastname'].'</td>';
echo '</tr>';
}
echo '</table>';
mysqli_close($conn);
?>
echo '<tr>';
echo "<th>Firstname</th>";
echo "<th>Lastname</th>";
echo "<th>Actions</th>";
echo '</tr>';
while($row=mysqli_fetch_array($results)){
echo '<tr>';
echo '<td>'.$row['Firstname'].'</td>';
echo '<td>'.$row['Lastname'].'</td>';
echo "<td>
Update
Delete
View
</td>";
echo '</tr>';
}
echo '</table>';
You should use jquery/Ajax for delete. It is better option.
For delete write this function: Need to add min jquery file
<script src="js/jquery-1.7.1.min.js"></script>
<script>
function deleteRow(id)
{
$.ajax({
url: 'delete.php',
type: "POST",
data: {
'id' : id,
},
success : function(response) {
alert('Record deleted');
},
error : function() {
},
complete : function() {
}
});
}
</script>
write your delete record code in 'delete.php'.
This is one option. You can do this in more good and specific way. Everything to say here is not possible for me.
for view you can do this in two ways.
1) If you want to display in same format, redirect it on self page and put condition like.
if(isset($_POST['id'])
{
$id = $_POST['id'];
$query = "SELECT * FROM table where id=$id";
}
else
{
$query = "SELECT * FROM table";
}
2) If you want in different format, Do same thing in view.php select only that record.
One simple thing i want to ask what is the need for view? when it is already in table above.
For Update write in your update.php :
if(isset($_POST['id'])
{
$id = $_POST['id'];
$query = "SELECT * FROM table where id=$id";
}
and set form action
<form method="post" action="<?php echo esc_url($_SERVER['PHP_SELF']); ?>">
fetch value of above result in input box like and also fetch id as hiiden field:
<input type='text' name='firstname' value='<?php echo $row['firstname']; ?>
<input type='hidden' name='id' value='<?php echo $row['id']; ?>
and for update you can go like:
if(isset($_POST['firstname'] && isset($_POST['lastname'] ) // Here you can use your any required field
{
//Your update logic go here like:
$id = $_POST['id'];
$query = "UPDATE table SET firstname=$_POST['firstname'] where id=$id"; // Your whole update query.
}
i see some mistake in your code:
$query = "SELECT * FROM table";
$results = mysqli_query($conn,$results);
should be:
$query = "SELECT * FROM table";
$results = mysqli_query($conn,$query);
try this
echo '<table border="1">';
echo '<tr>';
echo "<th>Firstname</th>";
echo "<th>Lastname</th>";
echo "<th></th>";
echo '</tr>';
while($row=mysqli_fetch_array($results)){
echo '<tr>';
echo '<td>'.$row['Firstname'].'</td>';
echo '<td>'.$row['Lastname'].'</td>';
echo "<td>
<input type='submit' value='update'>
<input type='submit' value='delete'>
<input type='submit' value='view'>
</td>";
echo '</tr>';
}
echo '</table>';
Try this functions:
<?php
Class Db {
protected $connection;
public function __construct() {
$this->connection = $connection;
}
function insert($table,array $data) {
$fields = '';$values = '';
foreach($data as $col => $value) {
$fields.= $col.",";
}
foreach($data as $col => $value) {
$values.= "'".replace_str($value)."',";
}
$fields = substr($fields,0,-1);
$values = substr($values,0,-1);
if(!$query = mysqli_query($this->connection,"insert into ".$table."(".$fields.") values(".$values.")")) {
HandleDBError("Error inserting data to the table\query:$query");
}
return $query;
}
function update($table, array $data, $where) {
$fields = '';$values = '';
foreach($data as $col => $value) {
$values.= $col."='".replace_str($value)."',";
}
$values = substr($values,0,-1);
if(!$query = mysqli_query($this->connection,"update ".$table." set ".$values." where ".$where)) {
HandleDBError("Error updating data to the table\query:$query");
}
return $query;
}
function delete($table, $where = '') {
if ($where)
return mysqli_query($this->connection,"delete from ".$table." where ".$where);
return mysqli_query($this->connection,"delete from ".$table);
}
function get($strQuery) {
if(!$query = mysqli_query($this->connection,$strQuery)) {
HandleDBError("Error inserting data to the table\query:$query");
}
$data = [];
while($row = mysqli_fetch_assoc($query)) {
$data[] = $row;
}
return $data;
}
}
?>
I'm working with our project and I noticed that whenever I refresh my page the mysql query repeats itself. When I click a submit button It will go to same page and it will perform the query. Even though i used isset() method to the submitting button, still the query repeats when I refresh/reload the page. Thank you :) !
<html>
<body>
<head>
<link rel="stylesheet" type="text/css" href="Homepagestyle.css">
</head>
<form method = "POST" action = "Forum.php">
<?php
session_start();
mysql_connect("127.0.0.1", "root", "toor");
mysql_select_db("matutorials");
echo "Welcome " . "<a href = 'UserProf.php'>". $_SESSION['username'] . "</a> <br>";
if (isset($_POST['btnProg'])){
echo $_SESSION['prog'] . "<br>";
} else if (isset($_POST['btnNet'])){
echo $_SESSION['net'] . "<br>";
}
?>
<center><font face = 'verdana'><textarea cols = 70 rows = 6 name = 'txtpost'></textarea></font></center><br>
<center><input type = 'submit' name = 'btnPost'></center><br> <br>
<center><table>
<?php
if (isset($_POST['btnProg'])){
$_SESSION['pasamoto'] = 1;
$capRows = "SELECT * FROM page_post WHERE category_id = 1 ORDER BY timestamps DESC";
$iQuer = mysql_query($capRows);
while ($getRows = mysql_fetch_array($iQuer)){
echo "<tr>";
echo "<td><div id = 'postsdiv'>" . $getRows['post'] . "</div><br>";
echo "</tr>";
}
}
?>
</table> </center>
<?php
session_start();
if(isset($_POST['btnPost'])){
$post_content = $_POST['txtpost'];
$dttime = date("Y-m-d") . " " . date("h:i:sa");
$var = $_SESSION['pasamoto'];
if ($var == 1){
$addpost = "INSERT INTO page_post(post,timestamps,category_id) VALUES ('$post_content','$dttime','$var')";
mysql_query($addpost);
$capRows = "SELECT * FROM page_post WHERE category_id = '".$var."' ORDER BY timestamps DESC";
$iQuer = mysql_query($capRows);
while ($getRows = mysql_fetch_array($iQuer)){
echo "<tr>";
echo "<td><div id = 'postsdiv'>" . $getRows['post'] . "</div><br>";
echo "</tr>";
}
}
//}
if ($var == 2){
$addpost = "INSERT INTO page_post(post,timestamps,category_id) VALUES ('$post_content','$dttime','$var')";
mysql_query($addpost);
$capRows = "SELECT * FROM page_post WHERE category_id = '".$var."' ORDER BY timestamps DESC";
$iQuer = mysql_query($capRows);
while ($getRows = mysql_fetch_array($iQuer)){
echo "<tr>";
echo "<td><div id = 'postsdiv'>" . $getRows['post'] . "</div><br>";
echo "</tr>";
}
}
//}
?>
</form>
</body>
</html>
If you refresh a page after submitting you form, the POST will still be recognised by some browsers and will cause a second POST to the code. You should update your code to trigger the SQL query on a separate page or function, and then redirect the user to the success / thanks page, where refreshing won't duplicate the query.
Alternatively, you can have a hidden field on your page which contains a unique token and compare it with a cookie. On page load, you save the token to a cookie and to the hidden field on the form. When you submit the form, validate that the token in the hidden form field matches the cookie, then delete the cookie. Refreshing the page after submission will cause the token validation to fail, preventing a duplicate SQL insert.
Just wash out the form data by redirecting the page after insert query
like header('location:home.php')
As #PeeHaa suggested in the comments above use Post-Redirect-Get concept.
Modified your code a bit. Try below:
Forum.php
<head>
<link rel="stylesheet" type="text/css" href="Homepagestyle.css">
</head>
<body>
<form method="POST" action="Forum.php">
<?php
session_start();
mysql_connect("127.0.0.1", "root", "toor");
mysql_select_db("matutorials");
echo "Welcome " . "<a href = 'UserProf.php'>". $_SESSION['username'] . "</a> <br>";
if (isset($_GET['show']))
{
echo $_SESSION['prog'] . "<br>";
}
else if (isset($_GET['show']))
{
echo $_SESSION['net'] . "<br>";
}
?>
<center><font face = 'verdana'><textarea cols = 70 rows = 6 name = 'txtpost'></textarea></font></center><br>
<center><input type = 'submit' name = 'btnPost'></center><br> <br>
<center><table>
<?php
if (isset($_GET['show']))
{
$_SESSION['pasamoto'] = 1;
$capRows = "SELECT * FROM page_post WHERE category_id = 1 ORDER BY timestamps DESC";
$iQuer = mysql_query($capRows);
while ($getRows = mysql_fetch_array($iQuer))
{
echo "<tr>";
echo "<td><div id = 'postsdiv'>" . $getRows['post'] . "</div><br>";
echo "</tr>";
}
}
?>
</table> </center>
<?php
if(isset($_POST['btnPost']))
{
$post_content = $_POST['txtpost'];
$dttime = date("Y-m-d") . " " . date("h:i:sa");
$var = $_SESSION['pasamoto'];
if ($var == 1)
{
$addpost = "INSERT INTO page_post(post,timestamps,category_id) VALUES ('$post_content','$dttime','$var')";
mysql_query($addpost);
$capRows = "SELECT * FROM page_post WHERE category_id = '".$var."' ORDER BY timestamps DESC";
$iQuer = mysql_query($capRows);
while ($getRows = mysql_fetch_array($iQuer))
{
echo "<tr>";
echo "<td><div id = 'postsdiv'>" . $getRows['post'] . "</div><br>";
echo "</tr>";
}
}
if ($var == 2)
{
$addpost = "INSERT INTO page_post(post,timestamps,category_id) VALUES ('$post_content','$dttime','$var')";
mysql_query($addpost);
$capRows = "SELECT * FROM page_post WHERE category_id = '".$var."' ORDER BY timestamps DESC";
$iQuer = mysql_query($capRows);
while ($getRows = mysql_fetch_array($iQuer))
{
echo "<tr>";
echo "<td><div id = 'postsdiv'>" . $getRows['post'] . "</div><br>";
echo "</tr>";
}
}
}
header("Location:Forum.php?show=true"); // <==== Note this
?>
</form>
</body>
</html>
Explanation:
The above code will follow the Post-Redirect-Get pattern. The form will post the data to the same page and whatever task you want to perform after form post should be enclosed in,
if(isset($_POST['btnPost']))
{
...
}
and then redirect the user to the same page using,
header("Location:Forum.php?show=true");
the header function will redirect the user to the same page and the GET parameter show will decide what to show after the redirection. The content to show after redirection (or any other time) should be enclosed in,
if(isset($_GET['show']))
{
...
}
I have a myList.php which should list all products added to my favourites and compute the total price of products.
here is the code:
<?php
include 'navigation.php'
?>
<div class='sectionContents'>
<?php
if (isset($_GET['action']) && $_GET['action'] == 'removed') {
echo "<div>" . $_GET['prod_name'] . " was removed from favourites.</div>";
}
if (isset($_SESSION['fav'])) {
$ids = "";
foreach($_SESSION['fav'] as $prod_id) {
$ids = $ids . $prod_id . ",";
}
// remove the last comma
$ids = rtrim($ids, ',');
include "db_connect.php";
$query = mysql_query("SELECT prod_id, prod_name, prod_price FROM tbl_product WHERE prod_id IN ('$ids')") or die(mysql_error());
$num = mysql_num_rows($query);
if ($num > 0) {
echo "<table border='0'>"; //start table
// our table heading
echo "<tr>";
echo "<th class='textAlignLeft'>Product Name</th>";
echo "<th>Price (MUR)</th>";
echo "<th>Action</th>";
echo "</tr>";
//also compute for total price
$totalPrice = 0;
while ($row = mysql_fetch_assoc($query)) {
extract($row);
$totalPrice += $prod_price;
//creating new table row per record
echo "<tr>";
echo "<td>{$prod_name}</td>";
echo "<td class='textAlignRight'>{$prod_price}</td>";
echo "<td class='textAlignCenter'>";
echo "<a href='remove_favourite.php?prod_id= {$prod_id}&prod_name={$prod_name}' class='customButton'>";
echo "<img src='shopping-cart-in-php/images/remove-from- cart.png' title='Remove from favourite' />";
echo "</a>";
echo "</td>";
echo "</tr>";
}
echo "<tr>";
echo "<th class='textAlignCenter'>Total Price</th>";
echo "<th class='textAlignRight'>{$totalPrice}</th>";
echo "<th></th>";
echo "</tr>";
echo "</table>";
echo "<br /><div><a href='#' class='customButton'>Home</a></div>";
} else {
echo "<div>No products found in your favourites. :(</div>";
}
} else {
echo "<div>No products in favourites yet.</div>";
}
?>
I use the add_to_fav.php below to add the products to my favourites:
<?php
session_start();
// get the product id
$prod_id = $_GET['prod_id'];
$prod_name = $_GET['prod_name'];
/*
* check if the 'fav' session array was created
* if it is NOT, create the 'fav' session array
*/
if (!isset($_SESSION['fav'])) {
$_SESSION['fav'] = array();
}
// check if the item is in the array, if it is, do not add
if (in_array($prod_id, $_SESSION['fav'])) {
// redirect to product list and tell the user it was added to favourites
header('Location: prod_list.php?action=exists&prod_id' . $prod_id . '&prod_name=' . $prod_name);
}
// else, add the item to the array
else {
array_push($_SESSION['fav'], $prod_id);
// redirect to product list and tell the user it was added to cart
header('Location: prod_list.php?action=add&prod_id' . $prod_id . '&prod_name=' . $prod_name);
}
?>
I am having "No products found in your favourites. :(" when i try to view the favourites
I have a counter like thing which shows the number of products in my favourites as well and it stays to 0.
Have I erred somewhere? Which mistake should I correct?
There are a few things that could be happening.
1) You are not starting the session before loading the favorites:
<div class='sectionContents'>
<?php
if(isset($_GET['action']) && $_GET['action']=='removed'){
echo "<div>" . $_GET['prod_name'] . " was removed from favourites.</div>";
}
session_start()
if(isset($_SESSION['fav'])){
2) Your SQL query in fact is not finding any product ids. You might want to debug the SQL and run it in phpmyadmin or your mysql interface to see if it in fact does return any results.
include "db_connect.php";
$query = "SELECT prod_id, prod_name, prod_price FROM tbl_product WHERE prod_id IN ('$ids')";
echo $query; // Print query for debugging
$result = mysql_query($query) or die(mysql_error());
$num = mysql_num_rows($result);
My guess is that this query is incorrect because of the single quotes around $ids
It should be:
$query = "SELECT prod_id, prod_name, prod_price FROM tbl_product WHERE prod_id IN ($ids)";
Also this can be simplified from:
$ids = "";
foreach($_SESSION['fav'] as $prod_id){
$ids = $ids . $prod_id . ",";
}
// remove the last comma
$ids = rtrim($ids, ',');
To:
$ids = implode(",", $_SESSION['fav']);