I am new to PHP/MySQL and am working my way through the basics.
I have a MySQL database scwdb (that I moved from Access 2000 which my Windows 7 won't work with) with a table tblsplintersbowlinventory which has 2 fields:
fields and data:
txtProductBowlCode
data examples: OakSc07-001, MapleTi07-030, MapleTi07-034, BlackLimba07-002, AshSc07-017
txtProductPrimarySpecies
data examples: Oak, Maple, Maple, BlackLimba, Ash
In other words, I want to record just the species in the txtProductPrimarySpecies field.
I tried the following PHP script:
<?php
$con = mysql_connect("localhost","xxxxxxx","zzzzzzz");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("scwdb", $con);
$species = 'Maple';
mysql_query("UPDATE tblsplintersbowlinventory WHERE txtProductBowlCode LIKE $species SET txtProductPrimarySpecies=$species%");
echo "done";
mysql_close($con);
?>
It seems to run, does not show an error and prints "done", but when I check the database I don't see any changes.
What am I missing?
This db has over 600 records, and I added this new txtProductPrimarySpecies field to make my searches easier while leaving the full code which has specific info on the bowl. There are several species that I need to do this to, so I plan on using a loop to run through a list of species.
How would I code that loop to read a list of species?
OK, I found the way to make this work!
<?php
$con = mysql_connect("localhost","xxxxxx","zzzzzzz");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("scwdb", $con);
$species = 'Maple';
$result = mysql_query("UPDATE tblsplintersbowlinventory SET txtProductPrimarySpecies = '$species' WHERE txtProductBowlCode LIKE '$species%'");
$result = mysql_query("SELECT * FROM tblsplintersbowlinventory WHERE txtProductBowlCode LIKE '$species%'");
echo "<table border='1'>
<tr>
<th>Index</th>
<th>Bowl Code</th>
<th>Species</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['intProductID'] . "</td>";
echo "<td>" . $row['txtProductBowlCode'] . "</td>";
echo "<td>" . $row['txtProductPrimarySpecies'] . "</td>";
echo "</tr>";
}
echo "</table>";
echo "done";
mysql_close($con);
?>
This worked, and I manually changed the $species value and ran it for each of the species of wood in the database...since this was a one time shot it made more sense not to use a list and loop through it - I was bound to miss one or two species anyway.
Shouldn't the set without % come before where with %. Also I think your parameter should be wrapped with a quote as it is string type.
mysql_query("UPDATE tblsplintersbowlinventory
SET txtProductPrimarySpecies='$species'
WHERE txtProductBowlCode LIKE 'CONCAT($species, '%')'");
Related
I have a page that I have been working on. It runs several queries to get existing data from several tables in my DB. There is a table that shows the result of three queries. The first query gets the extension and the secret of phones, the 2nd query gets MAC addresses of phones, and finally the third query gets the names of templates for the phones. The results of the last two queries (with the help of others) are setup as dropdowns in the 3rd and 4th columns of the table created to show the extensions. This way I can select the MAC of the phone I want to assign to the extension and then the template to make the phone work the way I want. The whole page is set as a form and I am using $post to the insert page. My goal here is to take the information (array) that is created by the user making their selections and insert ALL the 4 columns of information into a new table, from there I want to create files using that information to setup the phones. Here is the code I have for now.
<?php
error_reporting(E_ALL);
ini_set('display_errors','On');
$link = mysql_connect("localhost", "root", "cacti") or die ('Error connecting to mysql' . mysql_error());
mysql_select_db("cqadmin");
$sql2 = "SELECT extension, secret from extensions;";
$result2 = mysql_query($sql2) or die(mysql_error());
echo "<table border='3'>
<tr>
<th>Extension #</th>
<th>Secret</th>
<th>MAC Address</th>
<th>Template</th>
</tr>";
while($row = mysql_fetch_array($result2))
{
$sql = "SELECT id , mac FROM phones order by mac;";
$result = mysql_query($sql) or die(mysql_error());
$sql1 = "SELECT id , templatename FROM templates order by templatename;";
$result1 = mysql_query($sql1) or die(mysql_error());
echo "<tr>";
echo "<td>" . $row['extension'] . "</td>";
echo "<td>" . $row['secret'] . "</td>";
echo "<td> <select name='phone'>";
while($rowA = mysql_fetch_array($result)) {
echo '<option value="' . $rowA['id'] . '">' . $rowA['mac'] . '</option>';
}
echo "</select></td>";
echo "<td><select name='template'>";
while($rowB = mysql_fetch_array($result1)) {
echo '<option value="' . $rowB['id'] . '">' . $rowB['templatename'] . '</option>';
}
echo "</select></td>";
echo "</tr>";
}
echo "</table>";
?>
<input type="submit" value="Submit your selections">
</body>
</html>
And my insert page
<?php
echo "You got here";
//***********Get the Assignment information *************
$values = array_values($_POST);
print_r($values);
?>
The resulting print shows this
Array ( [0] => 324 [1] => 24 )
Looking at my db table 324 is the index id of the last phone scanned and in the template table 24 is the last template created, No info on the extension or the secret.
I think I am close but I do not know where to go from here.
PS. I know I need to use mysqli or pdo, not sure how to change over yet.
I have the code bellow, it's ok but I want to be able to use for example the 4th value extracted from the database, use it alone, not put all of them in a list, I want to be able to use the values from database individually. How do I echo them?
Edit: I was thinking to simplify things, to be able to add the values from database into one array and then extract the value I need from the array (for example the 4th - ordered by "order_id"). But how?
Right now I can only create a list with all the values one after the other..
(Sorry, I am new to this). Thank you for all your help..
<?php
include '../../h.inc.php';
$con = mysql_connect($db['host'],$db['user'],$db['passwd']);
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$result = mysql_query("SELECT * FROM options WHERE Name LIKE 'x_swift%' ORDER BY order_id");
echo "<table border='1'>
<tr>
<th>Values</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
// echo "<td>" . $row['Name'] . "</td>";
echo "<td>" . $row['VALUE'] . "</td>";
echo "</tr>";
$array = array(mysql_fetch_array($strict));
}
echo "</table>";
mysql_close($con);
?>
To select the value in the value column of the row where order_id is 4, use this SQL:
$query = 'select value from options where order_id = 4';
Then you can access this result in many ways. One is to get the entire result row (which in this case is just one cell) as an associative array:
if ($result = mysql_query($query)) {
$row = mysql_fetch_assoc($result);
echo 'value = ' . $row['value'];
}
You can also get the value directly:
if ($result = mysql_query($query)) {
echo 'value = ' . mysql_result($result, 'value');
}
It would just be a query like...
$result = mysql_query("SELECT * FROM options WHERE ID = 3");
mysql_fetch_row($result);
Unless Im misunderstanding you....let me know
But you really should use PDO, instead of deprecated mysql_* functions
http://php.net/manual/en/book.pdo.php
I'm able to display what I have in my table with the code below, but as you can see in the code I'm linking the rows to a new page, and on that page I'm trying to display the rest of the rows, which I have in the same table.
I mean, I have cols ID, photo, Firstname, Lastname, Age, StreetAdd, PhoneNum, EmailAdd in the table. I'm displaying only rows photo, Firstname, Lastname on the first page.
So what I'm trying to do is when the user clicks on the First name , which I displayed from the database, he will be redirected to the new page and see the rest of the info. How do I do it?
This is the PHP page which displays the three cols. I can display the rest of the cols on a new page but it's displaying all the info in the row. I want to display the individual info for each user, not the whole list. A possible example would be eBay. When you search for items, you won't see the full description until you click on the picture or the title.
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$result = mysql_query("SELECT * FROM test ");
echo "<table align='center' bgcolor='#F9F0F0' border='0' cellspacing='0'>
<tr>
<th><font color='red'>Firstname</font></th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td><a href='send.php'><img src='".$row['photo']."' \" width=\"150px\" height=\"150px\" /></a><br><br><br>";
echo "<a href='send.php'><td align='center' style='vertical-align:text-top' width='200px'>" . $row['Firstname'] . "</td>";
echo "<td align='center' style='vertical-align:text-top' width='200px'>" . $row['Lastname'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
On you have put a text level element a inside a block level element td the cell where first name is shown. Also you didn't close a tag there. correct form is this.
echo "<td align='center' style='vertical-align:text-top' width='200px'>";
echo "<a href='send.php'>" . $row['Firstname'] . "</a></td>";
To get the same user bio on the send.php you need to pass the primary key for this row. For examle if the primary key is id you pass it send.php in query string.
echo "<a href='send.php?id=".$row['id']."'>" . $row['Firstname'] . "</a></td>";
Now in the send.php use $_GET['id'] to get the primary key and use it to retrieve the user bio from db.
But make sure you escape parameters you pass to sql database. Dont use those variables directly! See Nullpointer's answer
Update 1:
When you get the primary key of a row just invoke a SELECT * with LIMIT 1
$pkey = mysql_real_escape_string($_GET['id']);
$sql = "SELECT * FROM test where id='$pkey' LIMIT 1";
/* Run this sql */
to display individual info for each user you can use where close in query like
SELECT * FROM test WHERE user = bla
Warning
your code is vulnerable to sql injection you need to escape all get and post and the better approach will be using Prepared statement
Good Read
How to prevent SQL injection in PHP?
Are PDO prepared statements sufficient to prevent SQL injection?
Note
The entire ext/mysql PHP extension, which provides all functions named with the prefix mysql_, is officially deprecated as of PHP v5.5.0 and will be removed in the future. So use either PDO or MySQLi
Good read
The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead
Pdo Tutorial For Beginners
This should be your first page
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$result = mysql_query("SELECT * FROM test ");
echo "<table align='center' bgcolor='#F9F0F0' border='0' cellspacing='0'>
<tr>
<th><font color='red'>Firstname</font></th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td><a href='send.php'><img src='".$row['photo']."' \" width=\"150px\" height=\"150px\" /></a><br><br><br>";
echo "<a href='send.php?".$row['id']."'><td align='center' style='vertical-align:text-top' width='200px'>" . $row['Firstname'] . "</td>";
echo "<td align='center' style='vertical-align:text-top' width='200px'>" . $row['Lastname'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
Now send.php should be
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$sql = "SELECT * FROM test where id = " . $_Get['id'] ;
$result = mysql_query($sql);
//then display the result here
?>
hope this helps
Basicaly having issues setting up a webpage which will taken in a student key entered by the user. This will then parse the student key to another file which will run it against a mysql backend to see what records this student already has. But can not get it working for the life of me please help I'm still a newb at this.
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("support_log", $con);
$result= mysql_query("SELECT student.first_name, student.surname, student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY like '$_POST[stkey]'");
$result2 = mysql_query($result) or die("Error: " . mysql_error());
if(mysql_num_rows($result2) == 0){
echo("no records found");
} ELSE {
echo "<table border='1'>
<tr>
<th>First name</th>
<th>Surname</th>
<th>Year Group</th>
<th>Student Key</th>
<th>Issue</th>
</tr>";
while($row = mysql_fetch_array($result2))
{
echo "<tr>";
echo "<td>" . $row['First_Name'] . "</td>";
echo "<td>" . $row['surname'] . "</td>";
echo "<td>" . $row['year_group'] . "</td>";
echo "<td>" . $row['stkey'] . "</td>";
echo "<td>" . $row['issue'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
mysql_close($con);
?>
After changing my where statement to:
WHERE student.STKEY like '$_POST[stkey]'");
I am no longer reciving errors from PHP but now recieving the error Query was empty which is part of my code to detect if there is no results. Though I have tested that query in phpmyadmin and it spits out results. From looking at the code does anyone have any solutions? I have also checked the parse by running an echo on the post command to ensure the data being entered was correct.
Edit: Got rid of the whole result2 check now throwing a:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\stkey_submit.php on line 24
Try $_POST['stkey'] instead of $_POST[stkey]
EDIT : if you use it in a query, it would be preferable to do :
$stkey = mysql_real_escape_string($_POST['stkey']);
$sql = "SELECT ....... like '$stkey'";
mysql_query($sql);
$result= mysql_query("SELECT student.first_name, student.surname, student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY like " . $_POST["stkey"]);
How about storing the value of stkey on a variable before including it on the query?
$stkey = $_POST['stkey'];
$result= mysql_query("SELECT student.first_name, student.surname,
student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY LIKE '%$stkey%'");
You might also want to use MySqli or PDO instead of the MySql database API. Take a look at this post from Nettuts: http://net.tutsplus.com/tutorials/php/php-database-access-are-you-doing-it-correctly/
I posted a couple days ago and I could not insert an additional record into a MySQL database I setup. I corrected the syntax, but the database will not update again. Basically, I have a couple forms in HTML that carry sessions over to the next pages until the PHP is processes on the final page to INSERT into the database. It worked twice (I have 2 records in the database now), but it won't insert any additional records. It worked fine a couple days ago. The only changes I made to anything was that I added a search feature that accesses the same database with the same user, but the connection is closed at the end of that script as well. Here is the code I am using to INSERT into the database (I know it isn't the best coding job, I'm still learning).
<?php
$con = mysql_connect("localhost","my_username","mypassword");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dgibbo1_imaging", $con);
// Here too, please mysql_real_escape_string() all parameters
mysql_query("INSERT INTO imaging (os,MAC,Model,AntiVirus,Browser,Email,Connectivity,Sound,Ports) VALUES ('".$_SESSION['imaging2']."','".$_SESSION['imaging3']."','".$_SESSION['imaging4']."','".$_SESSION['antivirus']."','".$_SESSION['browser']."','".$_SESSION['email']."','".$_SESSION['connectivity']."','".$_SESSION['sound']."','".$_SESSION['ports']."')");
OR die("Could not update: ".mysql_error());
mysql_close($con);
?>
The name of the database is imaging. The columns are setup as:
id (This is the primary key field)
os
MAC
Model
AntiVirus
Browser
Email
Connectivity
Sound
Ports
I just find it odd that it inserted records without any problems until I tried it again today. Is it possible that it has something to do with my code for the search?
The search is a simple form on another page and processes this form:
<?php
$con = mysql_connect("localhost","my_user","mypassword");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dgibbo1_imaging", $con);
// Always escape parameters injected into SQL queries
$result = mysql_query( "SELECT * FROM imaging WHERE MAC LIKE '%"
. mysql_real_escape_string ( $search, $con )
. "%'"
);
echo "<table border='1'>
<tr>
<th>MAC</th>
<th>Model</th>
<th>AntiVirus</th>
<th>Email</th>
<th>Browser</th>
<th>Connectivity</th>
<th>Sound</th>
<th>Ports</th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['MAC'] . "</td>";
echo "<td>" . $row['Model'] . "</td>";
echo "<td>" . $row['AntiVirus'] . "</td>";
echo "<td>" . $row['Email'] . "</td>";
echo "<td>" . $row['Browser'] . "</td>";
echo "<td>" . $row['Connectivity'] . "</td>";
echo "<td>" . $row['Sound'] . "</td>";
echo "<td>" . $row['Ports'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
Meanwhile, the search will pull up the 2 existing records successfully every time, but I can't add new records and I'm wondering if it has something to do with this.
Thanks for any suggestions. I know my syntax probably isn't the best, so any suggestions from this site are always appreciated.
Try creating a separate php file and hard coding the values into it. Run that and see what happens. your search form shouldnt interfere with another form.
edit any errors when using the form? any errors when inserting to another table?
I saw your post, and it all looks "right". What I'd suggest is to add some logging instead of DIE and look at what MySQL is saying about those insert statements:
$sql = "INSERT INTO imaging ....";
mysql_query($sql);
if(mysql_errno()) {
$message = mysql_error() . "\n" . $sql . "\n";
$fp = fopen('c:\mylogifle.txt', 'a');
fwrite($fp, $message);
fclose($fp);
}
AND...as everyone has mentioned, encode those strings - assuming that the SQL is actually being executed, and you "know" it works, there's a very high possibility that some punctuation in one of the values is interfering with the SQL, like an unexpected comma somewhere that confuses MySQL