OK so I have been working far too long today and I am stuck on something simple (I think)
function commonData($uid)
{
if ($uid)
{
$sql = "
SELECT a.user_id, a.email, a.username, a.displayname, a.level_id, a.photo_id
FROM engine4_users AS a
WHERE a.user_id = ".$uid;
}
$UserInfo = #mysql_fetch_assoc(mysql_query($sql));
if ($UserInfo[user_id])
{
if ($UserInfo[photo_id] && $UserInfo[photo_id]!="NULL")
{
$PPhoto = #mysql_fetch_assoc(mysql_query("SELECT a.* FROM engine4_storage_files AS a WHERE a.file_id = ".$UserInfo[photo_id]));
$photo = SITE.$PPhoto[storage_path];
}
else $photo = NO_PHOTO;
$queryMoreProfile = mysql_query("SELECT * FROM engine4_user_fields_values AS a WHERE a.item_id = ".$UserInfo[user_id]);
while ($moreProfile = #mysql_fetch_assoc($queryMoreProfile))
{
//$location = '';
if ($moreProfile['field_id']==24)
{
$locationNumber = $moreProfile['value'];
$locationsql = #mysql_fetch_assoc(mysql_query("SELECT a.* FROM engine4_user_fields_options AS a WHERE a.option_id = ".$locationNumber));
if (isset($locationsql['label']) && !empty($locationsql['label']))
{
$location = $locationsql['label'];
}
}
//if(empty($location))
//{
// header("Location: http://www.fetishmen.net/members/edit/profile");
// exit;
//}
}
What I am TRYING to do is say, IF $location has no value (missing out of the database completely) redirect to a page. What am I doing wrong here?
The indexes of the array $moreProfile and $locationsql need to be either a variable or a string,
if ($moreProfile['field_id']==24) //or $field_id
{
$locationNumber = $moreProfile['value']; //or $value
$locationsql = #mysql_fetch_assoc(mysql_query("SELECT a.* FROM engine4_user_fields_options AS a WHERE a.option_id = ".$locationNumber));
$location = $locationsql['label']; //or $label
}
if(empty($location))
{
header("Location: http://website.com");
exit;
}
Edit: As per OP's comments,
if ($moreProfile['field_id'] == 24 )
{
$locationNumber = $moreProfile['value']; //or $value
$locationsql = #mysql_fetch_assoc(mysql_query("SELECT a.* FROM engine4_user_fields_options AS a WHERE a.option_id = ".$locationNumber));
$location = $locationsql['label']; //or $label
} else if(empty($moreProfile['field_id'])) {
header("Location: http://website.com");
exit;
}
You should stop using # and put in place proper checking that mysql_result and mysql_fetch_assoc is returning something. Try this and see if it redirects for you:
$location = '';
if ($moreProfile['field_id']==24)
{
$locationNumber = $moreProfile['value'];
$locationsql = #mysql_fetch_assoc(mysql_query("SELECT a.* FROM engine4_user_fields_options AS a WHERE a.option_id = ".$locationNumber));
if (isset($locationsql['label']) && !empty($locationsql['label'])) {
$location = $locationsql['label'];
}
}
if(empty($location))
{
header("Location: http://website.com");
exit;
}
Related
I am trying to use IsNull() to return the current variable value, but I receive an undefined Index error. The issue is that the query returns a full array.
How do I go about assigning a specific memberID so IsNull() will return the information already in the DB back into the query, thus stopping the query from erasing my current field data.
if(!empty($_POST)) {
switch (true) {
//Removed other case for brevity
case isset($_POST['update']):
if($_POST['name'] != "") {
$name = trim($_POST['name']);
}
else {
$name = NULL;
}
if($_POST['designation'] != "") {
$designation = trim($_POST['designation']);
}
else {
$designation = NULL;
}
if($_POST['rank'] != "") {
$rank = trim($_POST['rank']);
}
else {
$rank = NULL;
}
if($_POST['currentScore'] != "") {
$currentScore = trim($_POST['currentScore']);
}
else {
$currentScore = NULL;
}
if(!is_null($name) || !is_null($designation) || !is_null($rank) || !is_null($currentScore)) {
$update = $conn->prepare("UPDATE members SET name = IsNull(?, name), designation = IsNull(?, designation), rank = IsNull(?, rank), currentScore = IsNull(?, currentScore) WHERE memberID = ? ");//Prepared statements are immune to sql injection, so they are used for security
$update->bind_param('ssiii', $name, $designation, $rank, $currentScore, $memberID);// Binding the values to use in the prepared statement
if($update->execute()) {
header('location: index.php');
die();
}
}
break;
// case isset($_POST['delete']):
// // Delete statement goes here
// break;
}
}
if($results = $conn->query("SELECT *, ((previousScore + currentScore) / 2) AS avgScore FROM members")) {
FROM members")) {
if($results->num_rows) {
while($row = $results->fetch_object()) {
$records[] = $row; //Appending value to array
}
$results->free();
}
}
I am working on an assignment using PHP & MYSQL.
one of the tasks is to search on any combination of the fields. That includes Dropdown boxes populated from the Database. and Text fields.
t2ath contains
ID
SPORT
COUNTRY
GENDER
FIRSTNAME
LASTNAME
Image
I've been working on this code for a week to be able to search on any combination with no errors.
I am wondering if there is another more efficient way to do it.
$selectedSport = $_POST['sport']; $gender =$_POST['gender']; $fName =$_POST['fname']; $lName =$_POST['lname']; $country =$_POST['country'];
$sql_fName=""; $sql_lName=""; $sql_gender=""; $sql_sport=""; $sql_country="";
$checkFiled=False;
$where="";
$and="";
//
if ( $selectedSport=="showAll")
{
!isset($selectedSport);
}
else
{
if (isset($selectedSport))
{
if ($checkFiled==True)
{
$sql_sport = " AND t2ath.sport = '$selectedSport'" ;
}
else
{
$sql_sport = " t2ath.sport = '$selectedSport' " ;
$checkFiled=True;
}
}
else {
$sql_sport = "";
}
}
//
if ( $country =="showAll")
{
!isset($country);
}
else
{
if (isset($country))
{
if ($checkFiled ==True)
{
$sql_country = " AND t2ath.country = '$country'" ;
}
else
{
$sql_country = " t2ath.country = '$country' " ;
$checkFiled=True;
}
}
else {
$sql_country = "";
}
}
//
if ( $gender=="Gender")
{
!isset($gender);
}
else
{
if (isset($gender))
{
if ($checkFiled ==True)
{
$sql_gender = " AND t2ath.gender = '$gender'" ;
}
else
{
$sql_gender = " t2ath.gender = '$gender' " ;
$checkFiled=True;
}
}
else {
$sql_gender = "";
}
}
//
if ($fName =="")
{
!isset($fName);
}
else
{
if (isset($fName))
{
if ($checkFiled==True)
{
$sql_fName = " AND t2ath.firstName = '$fName'" ;
}
else
{
$sql_fName = " t2ath.firstName = '$fName' " ;
$checkFiled=True;
}
}
else {
$sql_fName = "";
}
}
//
if ($lName =="")
{
!isset($lName);
}
else
{
if (isset($lName))
{
if ($checkFiled==True)
{
$sql_lName = " AND t2ath.lastName = '$lName' " ;
}
else
{
$sql_lName = " t2ath.lastName = '$lName' " ;
$checkFiled=True;
}
}
else
{
$sql_lName = "";
}
}
if ($checkFiled == True)
$where=" where ";
$selectString = "SELECT t2ath.lastName,t2ath.firstName,t2ath.image,t2ath.sport,t2ath.gender,t2ath.country,t2country.flag FROM t2ath LEFT JOIN t2country
ON t2ath.country = t2country.name $where $sql_sport $sql_country $sql_gender $sql_fName $sql_lName ";
$result = mysql_query($selectString);
Instead of all those conditionals about whether to add AND when concatenating to the query, use an array and implode.
$fields = array('sport' => 'sport',
'gender' => 'gender',
'fname' => 'firstName',
'lname' => 'lastName',
'country' => 'country');
$wheres = array();
foreach ($fields as $postfield => $dbfield) {
if ($_POST[$postfield] != 'showAll') {
$wheres[] = "$dbfield = '" . mysql_real_escape_string($_POST[$postfield]) . "'";
}
}
$selectString = "SELECT t2ath.lastName, t2ath.firstName, t2ath.image, t2ath.sport, t2ath.gender, t2ath.country, t2country.flag
FROM t2ath LEFT JOIN t2country
ON t2ath.country = t2country.name";
if (count($wheres) > 0) {
$selectString .= " WHERE " . implode(" AND ", $wheres);
}
$result = mysql_query($selectString);
To see how to do it similarly using PDO prepared statements, see my answer here: What code approach would let users apply three optional variables in PHP/MySQL?
I've done something similar in the past where I checked the value from different fields and then added them to a series of arrays. I created an array for select, from, where, order. You can do similar for other sets like group or limit. Then I ran 'array_unique', imploded them and put them into the SQL string.
$array_select = array('users.Id'); // SET SOME DEFAULTS SO THE QUERY WILL ALWAYS RUN
$array_from = array('users');
$array_where = array();
$array_order = array();
if (isset($first_name)) {
$array_select[] = 'First_Name';
$array_from[] = 'users';
}
if (isset($city)) {
$array_select[] = 'City';
$array_from[] = 'user_contact';
$array_where[] = 'users.Id = user_contact.City';
}
if ($array_select) {
$array_select = array_unique($array_select);
$string_select = implode(', ', $array_select);
}
if ($array_where) {
$array_where = array_unique($array_where);
$string_where = 'WHERE '.implode(' AND ', $array_where);
}
// REPEAT FOR OTHERS ...
// BUILD THE QUERY OUT
$sql = 'SELECT '.$string_select.' FROM '.$string_from.' '.$string_where.' ...
Why not evaluate your string with each column (this is a guide only, I'm not building your PHP code there:
SELECT
*
FROM
table
WHERE
(ID = $id OR $id = 'showAll')
AND (SPORT = $sport OR $sport = 'showAll')
AND (COUNTRY = $country OR $country = 'showAll')
AND (GENDER = $gender OR $gender = 'showAll')
AND (FIRSTNAME = $firstname OR $firstname = 'showAll')
Just need to make sure you NVL the variables to an appropriate value (whether it be int or string)
I have a site where users can join groups and post topics related to that group, I am having an issue where regardless of the user result, it just shows "member" even on a test account that has no records in the database, can someone please explain what I am doing wrong, thank you.
<?php
$id = $_GET['gid'];
$user = $_SESSION['user_id'];
$iropen = "SELECT * FROM `group_users` WHERE user_id='$user' AND group_id='$id'";
$resultg = mysql_query($iropen);
$rows = mysql_fetch_array($resultg);
if ($rows['accepted'] = 1) {
echo 'member';
} else {
echo 'pending';
}
if ($resultg < 1) {
echo 'join';
}
?>
if ($rows['accepted'] = 1) {
You need two == here.
if ($rows['accepted'] == 1) {
PHP's operator reference, if you need it: http://www.php.net/manual/en/language.operators.php
What #vinodadhikary is saying is that you have single equal-sign instead of the double-equal-sign in your first IF clause. It should be:
if ($rows['accepted'] == 1)...
<?php
$id = $_GET['gid'];
$user = $_SESSION['user_id'];
$iropen = "SELECT * FROM `group_users` WHERE user_id='$user' AND group_id='$id'";
$resultg = mysql_query($iropen);
$rows = mysql_fetch_array($resultg);
$num_results = mysql_num_rows($resultg);
if ($num_results < 1) {
echo "join";
} else if ($rows['accepted'] == 1) {
echo "member";
} else {
echo "pending";
}
?>
Try this
<?php
$id = $_GET['gid'];
$user = $_SESSION['user_id'];
$iropen = "SELECT * FROM `group_users` WHERE user_id='".$user."' AND group_id='".$id."'";
if($resultg = mysql_query($iropen)){
$rows = mysql_fetch_array($resultg)
}
if (mysql_num_rows($resultg) < 1) {
echo 'join';
}else if ($rows['accepted'] == 1) {
echo 'member';
} else {
echo 'pending';
}
?>
I'm trying create a simple search script with php and mysql. I've html select tag which is
people
country
region
destination
from
to
With this I get the content from from mysql database. so following is my php script.
if(isset($_GET['Submit']) && $_GET['Submit'] == "Search")
{
$people = mysql_real_escape_string(htmlspecialchars(trim($_GET['people'])));
$country = mysql_real_escape_string(htmlspecialchars(trim($_GET['country'])));
$region = mysql_real_escape_string(htmlspecialchars(trim($_GET['region-depart'])));
$destination = mysql_real_escape_string(htmlspecialchars(trim($_GET['destination'])));
$from = mysql_real_escape_string(htmlspecialchars(trim($_GET['from'])));
$to = mysql_real_escape_string(htmlspecialchars(trim($_GET['to'])));
if(isset($people))
{
$search = mysql_query("SELECT * FROM property_step1 WHERE pro_no_sleep LIKE
'%$people%'");
$num = mysql_num_rows($search);
while($result = mysql_fetch_array($search))
{
$propertyid = (int) $result['propertyid'];
echo $country_d = $result['pro_country'];
echo $region_d = $result['pro_state'];
echo $destination_d = $result['pro_city'];
}
}
elseif(isset($country))
{
$search2 = mysql_query("SELECT * FROM property_step1 WHERE pro_country LIKE
'%$country%'");
$num = mysql_num_rows($search2);
while($result2 = mysql_fetch_array($search2))
{
$propertyid = (int) $result2['propertyid'];
echo $country_d = $result2['pro_country'];
echo $region_d = $result2['pro_state'];
echo $destination_d = $result2['pro_city'];
}
}
else
{
echo "nope";
}
}
Well, if i select people (which value is 1, 2, 3 and so on) it's show the content from database but when i select country it's doesn't show anything. Is there anything wrong in my query?
isset($people) always evaluates to true; you need to check if it is not empty as well:
if (isset($people) && !empty($people)) {
// ...
}
Your elseif condition for country is creating problem replace it with if only, writing if...elseif only one condition will get execute.
use this code
if (isset($_GET['Submit']) && $_GET['Submit'] == "Search") {
$people = mysql_real_escape_string(htmlspecialchars(trim($_GET['people'])));
$country = mysql_real_escape_string(htmlspecialchars(trim($_GET['country'])));
$region = mysql_real_escape_string(htmlspecialchars(trim($_GET['region-depart'])));
$destination = mysql_real_escape_string(htmlspecialchars(trim($_GET['destination'])));
$from = mysql_real_escape_string(htmlspecialchars(trim($_GET['from'])));
$to = mysql_real_escape_string(htmlspecialchars(trim($_GET['to'])));
if (isset($people)) {
$search = mysql_query("SELECT * FROM property_step1 WHERE pro_no_sleep LIKE
'%$people%'");
$num = mysql_num_rows($search);
while ($result = mysql_fetch_array($search)) {
$propertyid = (int) $result['propertyid'];
echo $country_d = $result['pro_country'];
echo $region_d = $result['pro_state'];
echo $destination_d = $result['pro_city'];
}
}
if (isset($country)) {
$search2 = mysql_query("SELECT * FROM property_step1 WHERE pro_country LIKE
'%$country%'");
$num = mysql_num_rows($search2);
while ($result2 = mysql_fetch_array($search2)) {
$propertyid = (int) $result2['propertyid'];
echo $country_d = $result2['pro_country'];
echo $region_d = $result2['pro_state'];
echo $destination_d = $result2['pro_city'];
}
} else {
echo "nope";
}
}
You are defining each variable so all variables will always "be set".
if(isset($people)) will always run, as it is defined meaning that isset($country) will never run.
This needs to be changed to:
if(!empty($people)){
}
if(!empty($country)){
}
My query is working OK. But I am trying to find out the best way to optimize and not have to repeat my $sqlRecCount and $records_count (and would like to know if it's possible to not need to duplicate the GETs). This is what I have now:
if ((int)$_GET['products_id'] === 13) {
$sqlRecCount = "select count(*) as recTotal from table_sql_1";
$recCnt = $db->Execute($sqlRecCount);
$records_count = $recCnt->fields['recTotal'];
}
elseif ((int)$_GET['products_id'] === 2) {
$sqlRecCount = "select count(*) as recTotal from table_sql_2";
$recCnt = $db->Execute($sqlRecCount);
$records_count = $recCnt->fields['recTotal'];
} else {
$records_count = "Updating...";
}
$id = intval($_GET['products_id']);
if ($id == 13 || $id == 2) {
$sqlRecCount = "select count(*) as recTotal from table_sql_" .
($id==13?'1':'2');
$recCnt = $db->Execute($sqlRecCount);
$records_count = $recCnt->fields['recTotal'];
} else {
$records_count = "Updating...";
}
ps: if you have a set of tables without direct correspondence to the product_id you can rewrite snippet as
$id = intval($_GET['products_id']); // casting to int is not required here
$tables = array('13'=>'1', '2'=>'2', and so on);
if (isset($tables[$id])) {
$sqlRecCount = "select count(*) as recTotal from table_sql_" . $tables[$id];
$recCnt = $db->Execute($sqlRecCount);
$records_count = $recCnt->fields['recTotal'];
} else {
$records_count = "Updating...";
}
ps: #downvoter - any comment?
The right way apparently would be
if ($id = (int)$_GET['products_id']) {
$sql = "SELECT count(*) as total FROM table_sql WHERE products_id=$id";
$res = $db->Execute($sql);
$records_count = $res->fields['total'];
}
or something similar according to your db API syntax