I cant output the values of the row value to the html content any suggestions on how to do that? i tried using different methods so that i will print on the page but it's always blank is there any way to do it?
<?php
//connect
$dbh=mysql_connect ("localhost", "xxxx_admin", "xxxx")
or die ('I cannot connect to the database.');
mysql_select_db ("xxxx_Client");
$term = $_POST['term'];
echo $term;
$sql = mysql_query("select * from ClientTable where FName like '$term'");
if ($row['FName'] == $term){
$ID = $row['ID'];
$FName = $row['FName'];
$LName = $row['LName'];
$PHON = $row['PHON'];
}
else
echo "invalid input";
?>
<html>
<head>
<title></title>
</head>
<body>
asdadasdad<br>
<?php echo $FName; ?><br>a<br>
<?php echo $_POST["$LName"]; ?><br>a<br>
$FName <br>
$LName <br>
$ID <br>
$PHON <br>
sadasdasda
</bod>
</html>
First, you are probably not getting any results from your query. Typically when using LIKE you use some form of wildcard in the query like this:
select * from ClientTable where FName like '%$term%'
Second, you are not actually working with the result set.
You need to use some sort of mysql_fetch_array or similar to get the values into $row.
And of course, you really should not be using the mysql_* functions anyway as they are being deprecated in favor of mysqli_* or PDO.
Finally, your need to learn how to prevent SQL injection. Your code is vulnerable now.
Try adding error_reporting(E_ALL); near the beginning of your code. There is a good chance that a notice message will tell you what you're doing wrong.
Related
I have a little query, which is displaying a text if the server query_string exits in the database.
It works with all sorts of text an figures in mysql, instead of email adresses.
For example if the url looks like "example.com/query.php?test" it works.
If there is an email like "example.com/query.php?test#gmail.com" it doesn't work.
My DB table type is varchar(100).
Any idea?
<?php
$subscriber_email = ($_SERVER['QUERY_STRING']);
mysql_connect("server", "user", "pswd") or die (mysql_error ());
mysql_select_db("newsletter") or die(mysql_error());
$sql = "SELECT * FROM `newsletter submit` WHERE ID='test#gmail.com'";
$query = mysql_query($sql);
echo mysql_error();
echo (mysql_num_rows($query) == 0) ? 'NO' : 'YES';
?>
You should escape your inputs :
$subscriber_email = mysql_escape_string($_SERVER['QUERY_STRING']);
Using a non escaped string causes an error that prevents your query to be executed.
Additionally, you should consider using mysqli, mysql functions being deprecated.
UPDATE : I was a bit too fast and forgot to mention, you should put quotes on each side of your parameter :
$sql = "SELECT * FROM `newsletter submit` WHERE ID='$subscriber_email'";
Use parse_url() like below
$url = 'example.com/query.php?test#gmail.com';
$parm = parse_url($url);
echo $parm['query'];
I've written a script that in short is supposed to query data from the database and echo a result into a HTML form field. However, I have been unsuccessful. Please see code below:
<?php
include("dbconfig.php");
$val = '6';
$result = mysqli_query("Select * from test where testid= '$val'");
$name = (mysqli_num_rows($result)==1) ? mysqli_fetch_assoc($result) : null;
if(is_array($name)){
?>
<html>
<body>
<form>
Name: <input type="text" id="firstname" value="<?php echo $name['firstname']; ?>"/>
</form>
<?php
} else {
echo "No such name exists";
}
?>
</body>
</html>
Can someone please tell me what I'm doing wrong. Because it won't echo anything into the field and I find it rather annoying because majority of the scripts I've come across are quite similar to this one.
Help will be much appreciated.
Thank You,
Sohail.
I have tested the below and it works OK. #Fred-ii- gave you loads of good info, especially using error debugging - but you do need to supply the connection object which you were missing.
<?php
error_reporting( E_ALL );
include("conn.php");
$val = 6;
/* What is the name of the $connection object ? */
$result = mysqli_query( $conn, "Select * from `test` where `testid`='$val'" );
$name=( $result ) ? mysqli_fetch_assoc( $result ) : false;
?>
<html>
<head>
<title>Ya gotta have a title...</title>
</head>
<body>
<?php
if( !empty( $name ) ){
echo "
<form>
Name: <input type='text' id='firstname' value='{$name['firstname']}'/>
</form>";
} else {
echo "No such name exists";
}
?>
</
You did not pass your db connection to your query, so it never gets executed.
Assuming a successful connection using mysqli_
This line of code:
$result = mysqli_query("Select * from test where testid= '$val'");
needs to have a connection parameter:
$result = mysqli_query($connection, "Select * from test where testid= '$val'");
and is unknown to us as to which MySQL API you're using to connect with.
Your query may have failed, so check for errors.
$result = mysqli_query("Select * from test where testid= '$val'")
or die(mysqli_error($connection));
and replacing the $connection variable with the one that you have assigned in your dbconfig.php which is unknown to us.
Different MySQL APIs/functions do not intermix.
Consult these following links http://php.net/manual/en/mysqli.error.php and http://php.net/manual/en/function.error-reporting.php
and apply that to your code.
You're also open to an SQL injection. Use a prepared statement.
https://en.wikipedia.org/wiki/Prepared_statement
References:
http://php.net/manual/en/mysqli.query.php
http://php.net/manual/en/function.mysqli-connect.php
Add error reporting to the top of your file(s) which will help find errors.
<?php
error_reporting(E_ALL);
ini_set('display_errors', 1);
// rest of your code
Sidenote: Displaying errors should only be done in staging, and never production.
If you want to check if a row exists, see my other answer on Stack:
https://stackoverflow.com/a/22253579/1415724
i have tried this code to insert value into database, but i don't Know why, the value was not send into the databases. The table i have created in the mysql :
<?php
require_once "connection.php";
$conn = connect();
$db = connectdb();
mysql_select_db($db,$conn) or die (mysql_error() . "\n");
$query_usr = "select * from soalselidik";
$usr = mysql_query($query_usr,$conn) or die(mysql_error()."\n".$query_usr);
$row_usr=mysql_fetch_assoc($usr);
//to insert in database
$a1=$_POST['a1'];
$a2=$_POST['a2'];
$a3=$_POST['a3'];
$a4=$_POST['a4'];
$b1=$_POST['b1'];
$b2=$_POST['b2'];
$b3=$_POST['b3'];
$b4=$_POST['b4'];
$c1=$_POST['c1'];
$c2=$_POST['c2'];
$c3=$_POST['c3'];
$c4=$_POST['c4'];
$d1=$_POST['d1'];
$d2=$_POST['d2'];
$d3=$_POST['d3'];
$d4=$_POST['d4'];
$e1=$_POST['e1'];
$f1=$_POST['f1'];
echo $query ="insert into soalselidik (a1,a2,a3,a4,b1,b2,b3,b4,c1,c2,c3,c4,d1,d2,d3,d4,e1,f1) values('$a1','$a2','$a3','$a4','$b1','$b2','$b3','$b4','$c1','$c2','$c3','$c4''$d1','$d2','$d3','$d4','$e1','$f1')";
$result = mysql_query($query);
echo "<script languange = 'Javascript'>
alert('thankyou ! Penilaian anda diterima ');
location.href = 'home.php';</script>";
?>
'$c4''$d1'
Find that in your query and fix it :) And please do some error checking, and please stop using MySQL_* for your own good. Why should people not run any error checking mechanism that's already provided in the language and expect others to debug typos?
In case you didn't get it, there's a comma missing
How can I prevent SQL injection in PHP?
I am brand new to php/mysql, so please excuse my level of knowledge here, and feel free to direct me in a better direction, if what I am doing is out of date.
I am pulling in information from a database to fill in a landing page. The layout starts with an image on the left and a headline to the right. Here, I am using the query to retrieve a page headline text:
<?php
$result = mysql_query("SELECT banner_headline FROM low_engagement WHERE thread_segment = 'a3'", $connection);
if(!$result) {
die("Database query failed: " . mysql_error());
}
while ($row = mysql_fetch_array($result)) {
echo $row["banner_headline"];
}
?>
This works great, but now I want to duplicate that headline text inside the img alt tag. What is the best way to duplicate this queries information inside the alt tag? Is there any abbreviated code I can use for this, or is it better to just copy this code inside the alt tag and run it twice?
Thanks for any insight!
You are, as the comment says, using deprecated functions, but to answer your question, you should declare a variable to hold the value once your retrieve it from the database so that you can use it whenever your want.
<?php
$result = mysql_query("SELECT banner_headline FROM low_engagement WHERE thread_segment = 'a3'", $connection);
if(!$result) {
die("Database query failed: " . mysql_error());
}
$bannerHeadline = "";
while ($row = mysql_fetch_array($result)) {
$bannerHeadline = $row["banner_headline"];
}
echo $bannerHeadline; //use this wherever you want
?>
It is hard to help without knowing more. You are pumping the results into an array, are you expecting to only return one result or many banner_headline results? If you will only ever get one result then all you need to do is something like this:
PHP:
$result = mysql_query("
SELECT `banner_headline`
FROM `low_engagement`
WHERE `thread_segment` = 'a3'", $connection) or die(mysql_error());
// This will get the zero index, meaning first result only
$alt = mysql_result($result,0,"banner_headline");
HTML:
<html>
<body>
<!--- Rest of code -->
<img src="" alt="<?php echo $alt ?>">
On a side note, you should stop using mysql-* functions, they are deprecated.
You should look into PDO or mysqli
For some reason, JavaScript/PHP wont delete my data from MySQL! Here is the rundown of the problem.
I have an array that displays all my MySQL entries in a nice format, with a button to delete the entry for each one individually. It looks like this:
<?php
include("login.php");
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("<br/><h1>Unable to connect to MySQL, please contact support at support#michalkopanski.com</h1>");
//select a database to work with
$selected = mysql_select_db($dbname, $dbhandle)
or die("Could not select database.");
//execute the SQL query and return records
if (!$result = mysql_query("SELECT `id`, `url` FROM `videos`"))
echo 'mysql error: '.mysql_error();
//fetch tha data from the database
while ($row = mysql_fetch_array($result)) {
?>
<div class="video"><a class="<?php echo $row{'id'}; ?>" href="http://www.youtube.com/watch?v=<?php echo $row{'url'}; ?>">http://www.youtube.com/watch?v=<?php echo $row{'url'}; ?></a><a class="del" href="javascript:confirmation(<? echo $row['id']; ?>)">delete</a></div>
<?php }
//close the connection
mysql_close($dbhandle);
?>
The delete button has an href of javascript:confirmation(<? echo $row['id']; ?>) , so once you click on delete, it runs this:
<script type="text/javascript">
<!--
function confirmation(ID) {
var answer = confirm("Are you sure you want to delete this video?")
if (answer){
alert("Entry Deleted")
window.location = "delete.php?id="+ID;
}
else{
alert("No action taken")
}
}
//-->
</script>
The JavaScript should theoretically pass the 'ID' onto the page delete.php. That page looks like this (and I think this is where the problem is):
<?php
include ("login.php");
mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
mysql_select_db ($dbname)
or die("Unable to connect to database");
mysql_query("DELETE FROM `videos` WHERE `videos`.`id` ='.$id.'");
echo ("Video has been deleted.");
?>
If there's anyone out there that may know the answer to this, I would greatly appreciate it. I am also opened to suggestions (for those who aren't sure).
Thanks!
In your delete.php script, you are using this line :
mysql_query("DELETE FROM `videos` WHERE `videos`.`id` ='.$id.'");
The $id variable doesn't exists : you must initialize it from the $_GET variable, like this :
$id = $_GET['id'];
(This is because your page is called using an HTTP GET request -- ie, parameters are passed in the URL)
Also, your query feels quite strange : what about this instead :
mysql_query("DELETE FROM `videos` WHERE `videos`.`id` = '$id' ");
ie, removing the '.' : you are inside a string already, so there is nothing to concatenate (the dot operator in PHP is for concatenation of strings)
Note :
if this works on some server, it is probably because of register_globals
For more informations, see Using Register Globals
But note that this "feature" has been deprecated, and should definitely not be used !
It causes security risks
And should disappear in PHP 6 -- that'll be a nice change, even if it breaks a couple of old applications
your code has a big SQL injection hole : you should sanitize/filter/escape the $id before using it in a query !
If you video.id is a string, this means using mysql_real_escape_string
If you where using the mysqli or PDO extensions, you could also take a look at prepared statements
with an integer, you might call intval to make sure you actually get an integer.
So, in the end, I would say you should use something that looks like this :
$id = $_GET['id'];
$escaped_id = mysql_real_escape_string($id);
$query = "DELETE FROM `videos` WHERE `videos`.`id` = '$escaped_id'";
// Here, if needed, you can output the $query, for debugging purposes
mysql_query($query);
You're trying to delimit your query string very strangely... this is what you want:
mysql_query('DELETE FROM `videos` WHERE `videos`.`id` ='.$id);
But make sure you sanitize/validate $id before you query!
Edit: And as Pascal said, you need to assign $id = $_GET['id'];. I overlooked that.
In your delete.php you never set $id.
You need to check the value in $_REQUEST['id'] (or other global variable) and ONLY if it's an integer, set $id to that.
EDIT: Oh, also you need to remove the periods before and after $id in the query. You should print out your query so you can see what you're sending to the sql server. Also, you can get the SQL server's error message.
You add extra dots in the string.
Use
mysql_query("DELETE FROM `videos` WHERE `videos`.`id` ='$id'");
instead of
mysql_query("DELETE FROM `videos` WHERE `videos`.`id` ='.$id.'");
Also check how do you get the value of $id.
Thanks everyone. I used Pascal MARTIN's answer, and it comes to show that I was missing the request ($_GET) to get the 'id' from the precious page, and that some of my query was incorrect.
Here is the working copy:
<?php
include ("login.php");
$id = $_GET['id'];
mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
mysql_select_db ($dbname)
or die("Unable to connect to database");
mysql_query("DELETE FROM `videos` WHERE `videos`.`id` = $id ");
echo ("Video ".$id." has been deleted.");
?>
Thanks again!