I'm able to display what I have in my table with the code below, but as you can see in the code I'm linking the rows to a new page, and on that page I'm trying to display the rest of the rows, which I have in the same table.
I mean, I have cols ID, photo, Firstname, Lastname, Age, StreetAdd, PhoneNum, EmailAdd in the table. I'm displaying only rows photo, Firstname, Lastname on the first page.
So what I'm trying to do is when the user clicks on the First name , which I displayed from the database, he will be redirected to the new page and see the rest of the info. How do I do it?
This is the PHP page which displays the three cols. I can display the rest of the cols on a new page but it's displaying all the info in the row. I want to display the individual info for each user, not the whole list. A possible example would be eBay. When you search for items, you won't see the full description until you click on the picture or the title.
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$result = mysql_query("SELECT * FROM test ");
echo "<table align='center' bgcolor='#F9F0F0' border='0' cellspacing='0'>
<tr>
<th><font color='red'>Firstname</font></th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td><a href='send.php'><img src='".$row['photo']."' \" width=\"150px\" height=\"150px\" /></a><br><br><br>";
echo "<a href='send.php'><td align='center' style='vertical-align:text-top' width='200px'>" . $row['Firstname'] . "</td>";
echo "<td align='center' style='vertical-align:text-top' width='200px'>" . $row['Lastname'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
On you have put a text level element a inside a block level element td the cell where first name is shown. Also you didn't close a tag there. correct form is this.
echo "<td align='center' style='vertical-align:text-top' width='200px'>";
echo "<a href='send.php'>" . $row['Firstname'] . "</a></td>";
To get the same user bio on the send.php you need to pass the primary key for this row. For examle if the primary key is id you pass it send.php in query string.
echo "<a href='send.php?id=".$row['id']."'>" . $row['Firstname'] . "</a></td>";
Now in the send.php use $_GET['id'] to get the primary key and use it to retrieve the user bio from db.
But make sure you escape parameters you pass to sql database. Dont use those variables directly! See Nullpointer's answer
Update 1:
When you get the primary key of a row just invoke a SELECT * with LIMIT 1
$pkey = mysql_real_escape_string($_GET['id']);
$sql = "SELECT * FROM test where id='$pkey' LIMIT 1";
/* Run this sql */
to display individual info for each user you can use where close in query like
SELECT * FROM test WHERE user = bla
Warning
your code is vulnerable to sql injection you need to escape all get and post and the better approach will be using Prepared statement
Good Read
How to prevent SQL injection in PHP?
Are PDO prepared statements sufficient to prevent SQL injection?
Note
The entire ext/mysql PHP extension, which provides all functions named with the prefix mysql_, is officially deprecated as of PHP v5.5.0 and will be removed in the future. So use either PDO or MySQLi
Good read
The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead
Pdo Tutorial For Beginners
This should be your first page
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$result = mysql_query("SELECT * FROM test ");
echo "<table align='center' bgcolor='#F9F0F0' border='0' cellspacing='0'>
<tr>
<th><font color='red'>Firstname</font></th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td><a href='send.php'><img src='".$row['photo']."' \" width=\"150px\" height=\"150px\" /></a><br><br><br>";
echo "<a href='send.php?".$row['id']."'><td align='center' style='vertical-align:text-top' width='200px'>" . $row['Firstname'] . "</td>";
echo "<td align='center' style='vertical-align:text-top' width='200px'>" . $row['Lastname'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
Now send.php should be
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$sql = "SELECT * FROM test where id = " . $_Get['id'] ;
$result = mysql_query($sql);
//then display the result here
?>
hope this helps
Related
I have a page that I have been working on. It runs several queries to get existing data from several tables in my DB. There is a table that shows the result of three queries. The first query gets the extension and the secret of phones, the 2nd query gets MAC addresses of phones, and finally the third query gets the names of templates for the phones. The results of the last two queries (with the help of others) are setup as dropdowns in the 3rd and 4th columns of the table created to show the extensions. This way I can select the MAC of the phone I want to assign to the extension and then the template to make the phone work the way I want. The whole page is set as a form and I am using $post to the insert page. My goal here is to take the information (array) that is created by the user making their selections and insert ALL the 4 columns of information into a new table, from there I want to create files using that information to setup the phones. Here is the code I have for now.
<?php
error_reporting(E_ALL);
ini_set('display_errors','On');
$link = mysql_connect("localhost", "root", "cacti") or die ('Error connecting to mysql' . mysql_error());
mysql_select_db("cqadmin");
$sql2 = "SELECT extension, secret from extensions;";
$result2 = mysql_query($sql2) or die(mysql_error());
echo "<table border='3'>
<tr>
<th>Extension #</th>
<th>Secret</th>
<th>MAC Address</th>
<th>Template</th>
</tr>";
while($row = mysql_fetch_array($result2))
{
$sql = "SELECT id , mac FROM phones order by mac;";
$result = mysql_query($sql) or die(mysql_error());
$sql1 = "SELECT id , templatename FROM templates order by templatename;";
$result1 = mysql_query($sql1) or die(mysql_error());
echo "<tr>";
echo "<td>" . $row['extension'] . "</td>";
echo "<td>" . $row['secret'] . "</td>";
echo "<td> <select name='phone'>";
while($rowA = mysql_fetch_array($result)) {
echo '<option value="' . $rowA['id'] . '">' . $rowA['mac'] . '</option>';
}
echo "</select></td>";
echo "<td><select name='template'>";
while($rowB = mysql_fetch_array($result1)) {
echo '<option value="' . $rowB['id'] . '">' . $rowB['templatename'] . '</option>';
}
echo "</select></td>";
echo "</tr>";
}
echo "</table>";
?>
<input type="submit" value="Submit your selections">
</body>
</html>
And my insert page
<?php
echo "You got here";
//***********Get the Assignment information *************
$values = array_values($_POST);
print_r($values);
?>
The resulting print shows this
Array ( [0] => 324 [1] => 24 )
Looking at my db table 324 is the index id of the last phone scanned and in the template table 24 is the last template created, No info on the extension or the secret.
I think I am close but I do not know where to go from here.
PS. I know I need to use mysqli or pdo, not sure how to change over yet.
I want to get data from database using session of loggedin user in my website so he can see his profile with all of his data like name,country,city and address. But code which I am using is not working "SELECT * FROM login WHERE username = $_SESSION[user]" it's not giving me any data but when I replace it with this "SELECT * FROM login WHERE passowrd = $_SESSION[pass]" it works fine but it gives all data from database instead of only session or user who is loggedin please tell me the solution
here is the full code:
<?php
if(!isset($_COOKIE['loggedin'])){
header("location:index.php");
}
session_start();
if(!isset($_SESSION['user'])){
header("location: index.php");
}
else {
?>
<?php
$con=mysqli_connect("localhost","root","123","user");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM login WHERE username = $_SESSION[user]")
or die(mysql_error());
echo "<table border='1'>
<tr>
<th>Name</th>
<th>Country</th>
<th>City</th>
<th>Address</th>
</tr>";
while($row = mysqli_fetch_array($result, MYSQL_ASSOC))
{
echo "<tr>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['country'] . "</td>";
echo "<td>" . $row['city'] . "</td>";
echo "<td>" . $row['address'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);}
?>
You have a lot of mistakes, mate. Let me try to give you a few advices:
Instead of:
"SELECT * FROM login WHERE username = $_SESSION[user]"
you need something like:
"SELECT * FROM login WHERE username = '".$_SESSION[user]."'"
You need the apostrophes around the username.
Make sure that $_SESSION[user] exists and really holds the username.
Never write queries like SELECT *, because that's not a good practice. The best practice is to select only the columns you really need. It is safer and more economical if we talk about memory usage. So instead of SELECT * use SELECT col1, col2, col3.
Try to obfuscate your password. If somebody breaks through your database he will be able to steal the identity of any users. Read more here and here. Do not forget about rainbow tables either if you are thinking about using something as simple as MD5.
Escape your queries to prevent SQL injections.
I have a table with arrays pulling information from a database, I have linked the fix to be a hyperlink "click me for fix" I have entered the link to send the variable to a php that will use $GET to echoe the information.
code below , i am new to php and been racking brains . the only out put i get is Welcome . (done welcome to test if information was being passed)
<div id=list>
<?php
// Create connection
$con=mysqli_connect('172.16.254.111',"user","password","Faults"); //(connection location , username to sql, password to sql, name of db)
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//where statement in the sql syntax will select where in db to get infor, use AND to add another condition
$result = mysqli_query($con,"SELECT * FROM Fixes WHERE Product='Serv1U' AND Fault_type='Broadcast Manager'"); //this creates a variable that selects the database
//below is the echo statment to create the results in a table format, list collumn titles
echo "<table id=tables border='1'>
<tr>
<th>Products</th>
<th>Fault_type</th>
<th>Fault_Description</th>
<th>Fix</th>
</tr>";
//below is script to list reults in a table format, $row [row name on table]
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Product'] . "</td>";
echo "<td>" . $row['Fault_type'] . "</td>";
echo "<td>" . $row['Fault_Description'] . "</td>";
echo "<td>Click for Fix</td>"; //this is how you link into an echo, alsothe id=" hopefully means i can send ID information.
}
echo "</tr>";
echo "</table>";
// below closes the coonection to mysql
mysqli_close($con);
index.php:
Welcome <?php echo $_GET["Fix"]; ?>.
I'm lost. Any help is appreciated.
Thanks
?>
Is it just a typo here? $GET must be $_GET.
And it should be $row['Fix'] not $rows['Fix']! Note the 's'!
I am new to PHP/MySQL and am working my way through the basics.
I have a MySQL database scwdb (that I moved from Access 2000 which my Windows 7 won't work with) with a table tblsplintersbowlinventory which has 2 fields:
fields and data:
txtProductBowlCode
data examples: OakSc07-001, MapleTi07-030, MapleTi07-034, BlackLimba07-002, AshSc07-017
txtProductPrimarySpecies
data examples: Oak, Maple, Maple, BlackLimba, Ash
In other words, I want to record just the species in the txtProductPrimarySpecies field.
I tried the following PHP script:
<?php
$con = mysql_connect("localhost","xxxxxxx","zzzzzzz");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("scwdb", $con);
$species = 'Maple';
mysql_query("UPDATE tblsplintersbowlinventory WHERE txtProductBowlCode LIKE $species SET txtProductPrimarySpecies=$species%");
echo "done";
mysql_close($con);
?>
It seems to run, does not show an error and prints "done", but when I check the database I don't see any changes.
What am I missing?
This db has over 600 records, and I added this new txtProductPrimarySpecies field to make my searches easier while leaving the full code which has specific info on the bowl. There are several species that I need to do this to, so I plan on using a loop to run through a list of species.
How would I code that loop to read a list of species?
OK, I found the way to make this work!
<?php
$con = mysql_connect("localhost","xxxxxx","zzzzzzz");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("scwdb", $con);
$species = 'Maple';
$result = mysql_query("UPDATE tblsplintersbowlinventory SET txtProductPrimarySpecies = '$species' WHERE txtProductBowlCode LIKE '$species%'");
$result = mysql_query("SELECT * FROM tblsplintersbowlinventory WHERE txtProductBowlCode LIKE '$species%'");
echo "<table border='1'>
<tr>
<th>Index</th>
<th>Bowl Code</th>
<th>Species</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['intProductID'] . "</td>";
echo "<td>" . $row['txtProductBowlCode'] . "</td>";
echo "<td>" . $row['txtProductPrimarySpecies'] . "</td>";
echo "</tr>";
}
echo "</table>";
echo "done";
mysql_close($con);
?>
This worked, and I manually changed the $species value and ran it for each of the species of wood in the database...since this was a one time shot it made more sense not to use a list and loop through it - I was bound to miss one or two species anyway.
Shouldn't the set without % come before where with %. Also I think your parameter should be wrapped with a quote as it is string type.
mysql_query("UPDATE tblsplintersbowlinventory
SET txtProductPrimarySpecies='$species'
WHERE txtProductBowlCode LIKE 'CONCAT($species, '%')'");
Basicaly having issues setting up a webpage which will taken in a student key entered by the user. This will then parse the student key to another file which will run it against a mysql backend to see what records this student already has. But can not get it working for the life of me please help I'm still a newb at this.
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("support_log", $con);
$result= mysql_query("SELECT student.first_name, student.surname, student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY like '$_POST[stkey]'");
$result2 = mysql_query($result) or die("Error: " . mysql_error());
if(mysql_num_rows($result2) == 0){
echo("no records found");
} ELSE {
echo "<table border='1'>
<tr>
<th>First name</th>
<th>Surname</th>
<th>Year Group</th>
<th>Student Key</th>
<th>Issue</th>
</tr>";
while($row = mysql_fetch_array($result2))
{
echo "<tr>";
echo "<td>" . $row['First_Name'] . "</td>";
echo "<td>" . $row['surname'] . "</td>";
echo "<td>" . $row['year_group'] . "</td>";
echo "<td>" . $row['stkey'] . "</td>";
echo "<td>" . $row['issue'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
mysql_close($con);
?>
After changing my where statement to:
WHERE student.STKEY like '$_POST[stkey]'");
I am no longer reciving errors from PHP but now recieving the error Query was empty which is part of my code to detect if there is no results. Though I have tested that query in phpmyadmin and it spits out results. From looking at the code does anyone have any solutions? I have also checked the parse by running an echo on the post command to ensure the data being entered was correct.
Edit: Got rid of the whole result2 check now throwing a:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\stkey_submit.php on line 24
Try $_POST['stkey'] instead of $_POST[stkey]
EDIT : if you use it in a query, it would be preferable to do :
$stkey = mysql_real_escape_string($_POST['stkey']);
$sql = "SELECT ....... like '$stkey'";
mysql_query($sql);
$result= mysql_query("SELECT student.first_name, student.surname, student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY like " . $_POST["stkey"]);
How about storing the value of stkey on a variable before including it on the query?
$stkey = $_POST['stkey'];
$result= mysql_query("SELECT student.first_name, student.surname,
student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY LIKE '%$stkey%'");
You might also want to use MySqli or PDO instead of the MySql database API. Take a look at this post from Nettuts: http://net.tutsplus.com/tutorials/php/php-database-access-are-you-doing-it-correctly/