I am trying to echo out all of the user rows in my database as a select in a form.
It is only showing a blank space. Nothing else.
Here is my code.
<?php
session_start();
require('../../config.php');
$user = $_SESSION['user'];
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
$logged = $_SESSION['loggedin'];
if ($logged == true) {
if ($rank >= 3) {
echo "Succesful, $user.<br />
<form method='POST' action='delete.php'>
<select><option>Please select</option>";
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
}
echo "<option>$lol</option>";
echo "</select>
</form>";
} else {
echo "Your not an admin. $user";
}
} else {
echo "Please login.";
}
?>
First, please stop using mysql_ functions as they are being deprecated. Look into mysqli_ or PDO. Be aware that your script is vulnerable to SQL injection.
The reason your script is not working is because it appears you are calling mysql_fetch_assoc twice. When calling it the second time, there won't be any output if your query only returns a single row.
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
You will need to resubmit a query (something like below) and call that result separately to populate the drop down, or store the result in an array.
$qry=("SELECT `uname` FROM users");
$result=mysql_query($qry);
while ($row = mysql_fetch_assoc($result)) {
echo '<option>' . ucwords($row['uname']) . '</option>';
}
It looks like your while loop is set up badly, I think you need to change
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
}
echo "<option>$lol</option>";
to this
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
echo "<option>$lol</option>";
}
UPDATE:
I reread your question and it seems that you want to display all unames from your table.
The original query was to check if the user is an admin.
Here's how it will look like. But it's just a duplicate of njk's answer.
<?php
session_start();
require('../../config.php');
$user = $_SESSION['user'];
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
$logged = $_SESSION['loggedin'];
if ($logged == true) {
if ($rank >= 3) {
echo "Succesful, $user.<br />
<form method='POST' action='delete.php'>
<select><option>Please select</option>";
// added these 2 lines
$qry=("SELECT `rank`, `uname` FROM users");
$result=mysql_query($qry);
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
echo "<option>$lol</option>";
}
echo "</select>
</form>";
} else {
echo "Your not an admin. $user";
}
} else {
echo "Please login.";
}
?>
Are you sure your database has more than 1 row? You are calling the fetch 1 time so the second time it will try to fetch the second row.
Try also running the query directly into mysql and see if you get the rows you're expecting back, may be its not returning what you expected
Related
I have a column called favid. I am trying to pull and compare the data in that column to an existing value:
<?php $query = mysql_query("SELECT * FROM ajaxfavourites WHERE favid=$favid");
while ($row = mysql_fetch_assoc($query)) {
echo $row['favid']; };?>
I also have an existing value:
$x
But when I do something like this it doesn't work:
<?php if($row['favid'] == $x){?>
Do this...
<?php } else { ?>
Do nothing...
<?php}?>
I realize the data in the column somehow isn't pulled out. What should be done for this to work?
Try this, I assume you already connected to DB.
<?php
$x = 1;
$query = mysql_query("SELECT * FROM ajaxfavourites WHERE favid='$favid'") or die(mysql_error());
if (mysql_num_rows($query) > 0)
{
while ($row = mysql_fetch_assoc($query))
{
if ($row["existing_column_name"] == $x)
{
echo "Yes";
} else
{
echo "No";
}
}
} else
{
echo "Nothing was found";
}
?>
<?php
$x = 100500; // integer for example
$CID = mysql_connect("host","user","pass") or die(mysql_error());
mysql_select_db("db_name");
$query = mysql_query("SELECT * FROM ajaxfavourites WHERE favid='{$favid}'", $CID);
while ($row = mysql_fetch_assoc($query)) {
if (intval($row["some_existing_column_name"])==$x){
print "Is equals!";
} else {
print "Is different!";
}
}
?>
Please be informed that mysql_connect and other functions with the prefix of mysql_ is deprecated and can be removed in the next versions of PHP.
I have the following code to check if a row exists in MySQL:
<?php
if (!empty($_POST)) {
$code = $_POST['code'];
mysql_connect("$dbhost","$dbuser","$dbpass");
mysql_select_db("$dbname");
$result = mysql_query("SELECT 1 FROM files WHERE id='$code' LIMIT 1");
if (mysql_fetch_row($result)) {
echo 'Exists';
} else {
echo 'Does not exist';
}
}
?>
This works fine. But I need to change it a bit. I have the following fields:
id, title, url, type. When someone uses the code above ^ to check if a row exists, I need a variable to get the url from the same row, so I can redirect the user to there.
Do you have any idea how I can do that?
Thanks in advance! :)
Try this:
<?php
if (!empty($_POST)) {
$code = $_POST['code'];
mysql_connect("$dbhost","$dbuser","$dbpass");
mysql_select_db("$dbname");
$result = mysql_query("SELECT * FROM files WHERE id=" . $code . " LIMIT 1");
if (mysql_num_rows($result) > 0) {
while($rows = mysql_fetch_array($result)) {
echo 'Exists';
$url = $rows['url'];
}
} else {
echo 'Does not exist';
}
}
?>
It is quite simple. I think you don't show any effort to find the solution by yourself.
<?php
if (!empty($_POST)) {
$code = $_POST['code'];
mysql_connect("$dbhost","$dbuser","$dbpass");
mysql_select_db("$dbname");
$result = mysql_query("SELECT url FROM files WHERE id='$code' LIMIT 1");
if ($result) {
$url = mysql_fetch_row($resultado);
} else {
echo 'Does not exist';
}
}
<?php
$sql_query = "SELECT * FROM test WHERE userid ='$userid'";
$result1 =mysql_query($sql_query);
if(mysql_num_rows($result1)>0){
while($post = mysql_fetch_array($result1))
{
$url = $post['url'];
}
}
?>
If mysql_num_rows($result1)>0 it means row is existed fir the given user id
<?php
include 'config.php'; //connect to db
if(isset($_REQUEST["pwd"]) && isset($_REQUEST["name"])) {
$password = $_REQUEST['pwd']; //pass from previous page
$name = $_REQUEST['name']; //pass from previous page
$checkUserPass = mysql_query("SELECT * FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'", $conn); //check if the user exist
if(mysql_num_rows($checkUserPass) == 1) {
$personnelId = mysql_query("SELECT PersonnelID FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'", $conn); //query user id
while($row = mysql_fetch_assoc($personnelId)) {
echo $row['PersonnelD']; // print user id
}
mysql_close($conn);
//echo "<br/><br/>";
//echo "<script>alert('Logged In.')</script>";
//header("Refresh: 1; url=profile/profile.php?id="'.$id.');
//header('Refresh: 1; url=test.php?id=$personnelId');
} else {
echo "<br/><br/>";
echo "<script>alert('Wrong Password.')</script>";
header('Refresh: 1; url=personnelselect.php');
}
}
?>
i cannot echo the $row['PersonnelD'] the page shows blank. i cannot understand where did i go wrong. this page quesion have been solved
Looks like you have mistake in code:
echo $row['PersonnelD'];
shouldn't it be following?
echo $row['PersonnelID'];
check the mysql_fetch_assoc() function may be its parameter is empty so it can't enter the while loop
Try to debug and check the values came in the variables using var_dump() function. Ex: var_dump($row); in while loop.
In both your querys, you have
"SELECT * FROM validPersonnel WHERE Passkey = '$password' and Name = '$name'"
It should be:
"SELECT * FROM validPersonnel WHERE Passkey = '".$password."' and Name = '".$name."';"
PHP doesn't recognize the $var unless you close the quotes. The period adds the $var to the string.
I am trying to echo out all of the user rows in my database as a select in a form.
It is only showing a blank space. Nothing else.
Here is my code.
<?php
session_start();
require('../../config.php');
$user = $_SESSION['user'];
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
$logged = $_SESSION['loggedin'];
if ($logged == true) {
if ($rank >= 3) {
echo "Succesful, $user.<br />
<form method='POST' action='delete.php'>
<select><option>Please select</option>";
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
}
echo "<option>$lol</option>";
echo "</select>
</form>";
} else {
echo "Your not an admin. $user";
}
} else {
echo "Please login.";
}
?>
First, please stop using mysql_ functions as they are being deprecated. Look into mysqli_ or PDO. Be aware that your script is vulnerable to SQL injection.
The reason your script is not working is because it appears you are calling mysql_fetch_assoc twice. When calling it the second time, there won't be any output if your query only returns a single row.
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
You will need to resubmit a query (something like below) and call that result separately to populate the drop down, or store the result in an array.
$qry=("SELECT `uname` FROM users");
$result=mysql_query($qry);
while ($row = mysql_fetch_assoc($result)) {
echo '<option>' . ucwords($row['uname']) . '</option>';
}
It looks like your while loop is set up badly, I think you need to change
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
}
echo "<option>$lol</option>";
to this
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
echo "<option>$lol</option>";
}
UPDATE:
I reread your question and it seems that you want to display all unames from your table.
The original query was to check if the user is an admin.
Here's how it will look like. But it's just a duplicate of njk's answer.
<?php
session_start();
require('../../config.php');
$user = $_SESSION['user'];
$qry=("SELECT `rank`, `uname` FROM users WHERE `uname` = '$user'");
$result=mysql_query($qry);
$row = mysql_fetch_assoc($result);
$rank = $row['rank'];
$logged = $_SESSION['loggedin'];
if ($logged == true) {
if ($rank >= 3) {
echo "Succesful, $user.<br />
<form method='POST' action='delete.php'>
<select><option>Please select</option>";
// added these 2 lines
$qry=("SELECT `rank`, `uname` FROM users");
$result=mysql_query($qry);
while ($row = mysql_fetch_assoc($result)) {
$users = $row['uname'];
$lol = ucwords($users);
echo "<option>$lol</option>";
}
echo "</select>
</form>";
} else {
echo "Your not an admin. $user";
}
} else {
echo "Please login.";
}
?>
Are you sure your database has more than 1 row? You are calling the fetch 1 time so the second time it will try to fetch the second row.
Try also running the query directly into mysql and see if you get the rows you're expecting back, may be its not returning what you expected
I have a html page with the form log-in with username and password. When people enter the correct password, it will take them to the php page with their bills. If the password is incorrect, it will display the error message and then exit the program. I got the log-in function to work. However, it's also effecting my other program. Now every time i try to write something in the item/amount row, it also display the error message and exit the program. I know it has something to do with the $numresult>0 condition. When i took that condition out, my amount/item rows work, but the log-in page also allow blank entry in username/password to log in. Any idea how i can make sure that people have to enter the correct password (not a blank entries) to log in, at the same time, get my item/amount rows in the second page behave as normal? My codes are below. Sorry it's a little long.
</head>
<body style="font-family: Arial, Helvetica, sans-serif; color: black;" onload=>
<h1>My Bills</h1>
<form method=post>
<?php
//*************************************************
//Connect to Database
//*************************************************
//*************************************************
//Verify password and username
//*************************************************
$password = $_POST['password']; //retrieve variables for password and userId
$userid = $_POST['userid'];
$query = "SELECT * FROM valid_logon WHERE userid = '$userid' AND
password='$password'"; //get query from database
$result = mysql_query($query);
$numresults = mysql_num_rows($result); //get row number
$row = mysql_fetch_array($result); //get array into variable
$dbuserid = $row['userid'];
$dbpassword = $row['password'];
if ($numresults>0)
{
if ($userid == $dbuserid && $password == $dbpassword)
{
process();
}
}else{
err_msg();
}
//*************************************************
//Error message.
//*************************************************
function err_msg()
{
print "The username and/or password you have entered are invalid.";
print "</body>";
print"</html>";
exit;
}
//*************************************************
//Write out records with data if they exist.
//*************************************************
function process()
{
print "<table>";
print "<tr><th>Item</th><th>Amount</th></tr>";
$action = $_POST['action'];
if ($action == 'update')
{
$write_ctr = 1;
// Delete all rows in the table
$query = "DELETE FROM n1417_expenses ";
$result = mysql_query($query);
if (mysql_error()) {
echo("<br>MySQL Error - Cannot delete from table: ".mysql_error());
echo("<br>SQL Statement: ".$query);
}
// Loop through table and insert values into the database
while (true)
{
$item_name = 'item'."$write_ctr";
$item_value = $_POST[$item_name];
$amount_name = 'amount'."$write_ctr";
$amount_value = $_POST[$amount_name];
if (empty($item_value))
{
break;
}
// Insert an item to the table
if(!is_numeric($amount_value))
{
print "<font color=red>I'm sorry, amount \"".$amount_value."\" is not a valid number.</font><br>\n";
}else{
$query = "INSERT INTO n1417_expenses (item, amount)
VALUES('".$item_value."','".$amount_value."') ";
$result = mysql_query($query);
}
if (mysql_error())
{
echo("<br>MySQL Error - Cannot insert a row into table: ".mysql_error());
echo("<br>SQL Statement: ".$query);
}
$write_ctr++;
}
}
//*************************************************
//Now Select from table and Display
//*************************************************
$err_cnt = 0;
$read_ctr = 1;
$query = "SELECT item, amount FROM n1417_expenses ";
$result = mysql_query($query);
if (mysql_error()) {
echo("<br>MySQL Error- Cannot select from table: ".mysql_error());
echo("<br>SQL Statement: ".$query);
}
if (!empty($result))
{
$rowresults = mysql_num_rows($result);
if ($rowresults > 0)
{
for ($read_ctr=1; $read_ctr<=$rowresults; $read_ctr++)
{
$row = mysql_fetch_array($result);
$item_value = $row['item'];
$item_name = 'item'."$read_ctr";
$amount_value = $row['amount'];
$amount_name = 'amount'."$read_ctr";
print "<tr>";
print "<td><input type=text name=$item_name value='$item_value'></td>\n";
print "<td><input type=text name=$amount_name value='$amount_value'></td>\n";
print "<td>";
print "</tr>";
$total_amt = $total_amt + $amount_value;
}
}
}
//*************************************************
//Now write the blank lines
//*************************************************
for ($i = $read_ctr; $i < $read_ctr + 2; $i++)
{
$item_name = 'item'."$i";
$amount_name = 'amount'."$i";
print '<tr>';
print "<td><input type=text name=$item_name value=''></td>\n";
print "<td><input type=text name=$amount_name value=''></td>\n";
print '</tr>';
}
print "</table>";
print "<br>Total Bills: $total_amt";
}
?>
<br><input type=submit value=Submit>
<br<br>
<!-- Hidden Action Field -->
<input type=hidden name=action value=update>
</form>
To answer the question posted, your problem appears to be that the username and password being are checked again when your user submits the form. Because the fields don't exist, the query finds zero rows, triggering your error message.
There are a number of ways of fixing your problem, one way would be to use a Session to remember that a user is logged in. This could be implemented by altering your password check as follows:
session_start();
if (!isset($_SESSION['logged_in']) || !$_SESSION['logged_in'])
{
$password = $_POST['password']; //retrieve variables for password and userId
$userid = $_POST['userid'];
$query = "SELECT * FROM valid_logon WHERE userid = '".mysql_real_escape_string($userid)."' AND
password='".mysql_real_escape_string($password)."'"; //get query from database
$result = mysql_query($query);
$numresults = mysql_num_rows($result); //get row number
$row = mysql_fetch_array($result); //get array into variable
$dbuserid = $row['userid'];
$dbpassword = $row['password'];
if ($numresults>0)
{
if ($userid == $dbuserid && $password == $dbpassword)
{
$_SESSION['logged_in'] = TRUE;
process();
}
}else{
err_msg();
}
}
I've kept the code as similar to the original as possible, but I will echo the comments above on the need to secure your SQL calls. Have a look at using PDO if possible, or at the very least start using mysql_real_escape_string as above.