I have the following code running on my website. I call it from a html form. The form has a client number which looks up the redirect value in the database and should redirect to the website. The redirect works great with one value in the database. However, when I add more values it uses the last one. I added the echo goto so I can see. The script pulls every redirect value for the whole database. How can I just pull the redirect value associated with the client_number?
<php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name="clients"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// sent from form
$myclient=$_POST['myclient'];
$myclient = stripslashes($myclient);
$sql="SELECT * FROM $tbl_name WHERE client_number='$myclient'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
$result = mysql_query("SELECT redirect FROM clients");
while ($row = mysql_fetch_array($result, MYSQL_ASSOC)) {
$goto = $row['redirect'];
//added to see output
echo $goto;
//header ("location: $goto");
}
exit();
}
else {
echo "Account number is invalid";
}
?>
From your query you are pulling all redirect
$result = mysql_query("SELECT redirect FROM clients");
which should be
$result = mysql_query("SELECT redirect FROM clients WHERE clientID=1234");
Then you were using while instead of if
if($row = mysql_fetch_array($result, MYSQL_ASSOC)) { }
Using header('Location: xyz.ext') redirect in loop is bad
Related
I'm trying to display in a TextView the text in this page: http://www.oscarilfilm.com/oscar/
using json, php and mysql. I created a json.php to fetch data from db and encode the data in json using this:
<?php
$host="XXXXX"; //replace with database hostname
$username="XXXXX"; //replace with database username
$password="XXXXX"; //replace with database password
$db_name="XXXXXX"; //replace with database name
$con=mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql = "select * from emp_info";
$result = mysql_query($sql);
$json = array();
if(mysql_num_rows($result)){
while($row=mysql_fetch_assoc($result)){
$json['emp_info'][]=$row;
}
}
mysql_close($con);
echo json_encode($json);
?>
And it goes. But when i try change the query to display that post i get this: http://www.oscarilfilm.com/newjson.php and exactly this for OSCAR page: {"id":"39","post_title":"Oscar","post_content":null}
but it's impossible! it can't be null! there is some content! Why? I'm using wordpress as cms.
There's an error at line $id=$_GET['id']; said that Notice: Undefined index: id in D:\XAMPP\htdocs\view_topic.php on line 101. I tried to change " $_GET " to " $_POST " but the error is still the same. Any help ?
I am trying to retrieve the id from the database and listed all the forum topic posted by users. Others php file can run smoothly. I got problem retrieving id of the post.
<?php
$host="localhost";
$username="root";
$password="";
$db_name="db";
$tbl_name="forum_question";
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// get value of id that sent from address bar
$id=$_GET['id'];
$sql="SELECT * FROM $tbl_name WHERE id='$id'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);
?>
Always make use of the isset construct when assigning data to variables from outside world
if(isset($_GET['id']))
{
$id=$_GET['id'];
$sql="SELECT * FROM $tbl_name WHERE id='$id'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);
}
else
{
echo "ID was not set. Let me go and check the form again !";
}
?>
This variable has to be set in your URL. You have to check if it's present:
<?php
$host = "localhost";
$username = "root";
$password = "";
$db_name = "db";
$tbl_name = "forum_question";
// Connect to server and select databse.
$db = new mysqli($host, $username, $password, $db_name);
// get value of id that sent from address bar
$id = isset($_GET['id']) ? (int) $_GET['id'] : 0;
if($id <> 0) {
// TODO
// 404 Not Found
} else {
$sql = "SELECT * FROM $tbl_name WHERE id='$id'";
$row = $db->query($sql)->fetch_assoc();
// TODO
// Do Something with Data
}
Your URL must then be http://example.com/path/to/script.php?id=42
I added (int), so no sql injections are possible.
I replaced mysql_* by MySQLi, see comment to your question.
I removed quotes from variables in your query, you don't need them.
<?php
$host="localhost"; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name="hsp_property"; // Database name
$tbl_name="project_directory"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
//Get values from form
$id = $_POST['id'];
$hospital = $_POST['hospital'];
$project = $_POST['project'];
$state = $_POST['state'];
$status = $_POST['status'];
$da_status = $_POST['da_status'];
$pm = $_POST['pm'];
$budgett = $_POST['budgett'];
$budgetat = $_POST['budgetat'];
$pdapproval = $_POST['pdapproval'];
$pdcs = $_POST['pdcs'];
$pdcd = $_POST['pdcd'];
$pdcf = $_POST['pdcf'];
$pnm = $_POST['pnm'];
$prm = $_POST['prm'];
$comments = $_POST['comments'];
// update data in mysql database
$sql="UPDATE $tbl_name SET Hospital='$hospital', Project='$project', State='$state',Project_Status='$status',DA_Status='$da_status',Project_Manager='$pm',Budget_Total='$budgett',Budget_Approved='$budgetat',Project_Approval_Dates='$pdapproval',Project_Contstruction_Dates='$pdcs',Project_Contract_Dates='$pdcd',Project_Current_Dates='$pdcf',Program_Next_Milestone='$pnm',Program_Milestone='$prm',Comments='$comments' WHERE id='$id'";
$result=mysql_query($sql);
// if successfully updated.
if ($result) {
header ('Location: ../project_directory.php');
}
else {
echo 'Error';
}
?>
The above is some code to update a MySQL db, i'm running WAMP to test the website before I'll upload.
I've been using the phpeasysteps tutorial as php and mysql is new to me. It's been working all ok until now.
Would love to know what i'm doing wrong, the PhpEasySteps tutorial might be a tad old as i've had to update a few elements of the initial code to get it to work..
Replace echo 'Error'; with echo mysql_error(); to see why you didn't get a result and then slap yourself for misspelling a column name or something most likely easily overlooked. If you still can't figure it out, post the error. And if you go that far, post the result of SHOW CREATE TABLE project_directory
You need to add $link_identifier to your mysql_select_db database selection,
Syntax: bool mysql_select_db ( string $database_name [, resource $link_identifier = NULL ] )
$link = mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name", $link)or die("cannot select DB");
You can use mysql_error(); function to find the mysql related errors.
i'm going to update a row into mysql database. the senarius is: taking the values from a form and redirect to another file and set the form values to database using update statement. the problem is that mysql_query return value 1 and does not return any error but when i check the database through phpmyadmin my database doesn't affected.
here is the code
<?php
$host="localhost";
$username="root";
$password="";
$db_name="login_takrim";
$tbl_name="takrim_users";
// Connect to server and select databse.
mysql_connect("c$host","$username","$password") or die("can not connect");
mysql_select_db($db_name) or die(mysql_error());
// username and password sent from form
$myusername=$_POST["txtusername"];
$mypassword=$_POST["txtpassword"];
$myemail=$_POST["txtemail"];
// To protect MySQL injection
$myusername=stripslashes($myusername);
$myemail=stripslashes($myemail);
$mypassword=stripslashes($mypassword);
$myemail=mysql_real_escape_string($myemail);
$myusername=mysql_real_escape_string($myusername);
$mypassword=mysql_real_escape_string($mypassword);
echo "$myusername $mypassword $myemail";// test to see i get the form value on the php server.
$sql="UPDATE $tbl_name SET username = '$myusername' and password = '$mypassword' and email= '$myemail' where showname='hussein'";
$result=mysql_query($sql) or die(mysql_error());//does not return error
echo $result;
if($result==false)
{
echo "no";
}
else
{
//header("location:setEmail.php");
echo "yes";
}
?>
query may excuted correctly may be there was no matching records just do like this
<?php
$host="localhost";
$username="root";
$password="";
$db_name="login_takrim";
$tbl_name="takrim_users";
// Connect to server and select databse.
mysql_connect("c$host","$username","$password") or die("can not connect");
mysql_select_db($db_name) or die(mysql_error());
// username and password sent from form
$myusername=$_POST["txtusername"];
$mypassword=$_POST["txtpassword"];
$myemail=$_POST["txtemail"];
// To protect MySQL injection
$myusername=stripslashes($myusername);
$myemail=stripslashes($myemail);
$mypassword=stripslashes($mypassword);
$myemail=mysql_real_escape_string($myemail);
$myusername=mysql_real_escape_string($myusername);
$mypassword=mysql_real_escape_string($mypassword);
echo "$myusername $mypassword $myemail";// test to see i get the form value on the php server.
$sql="UPDATE $tbl_name SET username = '$myusername', password = '$mypassword',email= '$myemail' where showname='hussein'";
$result=mysql_query($sql) or die(mysql_error());//does not return error
if(mysql_num_rows($result) > 0)
{
//header("location:setEmail.php");
echo "yes";
}
else
{
echo "no";
}
?>
Chage your UPDATE statement like this
$sql="UPDATE $tbl_name SET `username` = '$myusername',`password` = '$mypassword',`email`= '$myemail' where `showname`='hussein'";
Disclaimer: Stop using mysql_* functions as they are deprecated. Switch to MySQLi or PDO instead.
You have an extra c here (before $host):
mysql_connect("c$host","$username","$password") or die("can not connect");
I have successfully created a PHP script which connects to my database. When the user types in their email address I want to display some information on the same page from the database relating to that email address. The database fields that I want to display are: name, tracking, status.
My question is how can I display this information. I know I have code at the bottom which redirects to a page if login successful which iI no longer want.
PHP Script:
<?php
$host="######"; // Host name
$username="######"; // Mysql username
$password="######"; // Mysql password
$db_name="######"; // Database name
$tbl_name="orders"; // Table name
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
// username and password sent from form
$myusername=$_POST['myusername'];
$myusername = stripslashes($myusername);
$myusername = mysql_real_escape_string($myusername);
$sql="SELECT * FROM $tbl_name WHERE username='$myusername'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1){
// Register $myusername, $mypassword and redirect to file "login_success.php"
session_register("myusername");
header("location:trackyourorder.html"); //DO NOT WANT TO REDIRECT
}
else {
echo "Wrong Username";
}
?>
You can use the fetch_row function in combination with a while loop. This is the easiest way. Read more about the function here: http://www.php.net/manual/en/mysqli-result.fetch-row.php
For example:
if ($result = mysqli_query($link, $query)) {
/* fetch associative array and print result*/
while ($row = mysqli_fetch_row($result)) {
printf ("%s (%s)\n", $row[0], $row[1]);
}
If I understand your question correctly, you and asking how to output data from the database directly to the screen. Without offering any formatting, this might be what you are looking for.
$sql="SELECT * FROM $tbl_name WHERE username='$myusername'";
$result=mysql_query($sql);
$results_array=mysql_fetch_array($result);
Once you have the $results_array, you can access any fetched columns from the database using normal keyed array syntax, such as:
echo $results_array["username"];
Hopefully that helps.
As an example:
$result = mysql_query($sql);
if(! $result) die("Error executing query");
while($row = mysql_fetch_assoc($result) {
echo $row["name"];
echo $row["tracking"];
echo $row["status"];
}
Or, you can do it the object oriented way:
$result = mysql_query($sql);
if(! $result) die("Error executing query");
while($row = mysql_fetch_object($result) {
echo $row->name;
echo $row->tracking;
echo $row->status;
}
On a related note, if the only fields you want are name, tracking, and status, you should only select those fields in your query. It will make the query faster, as well as prevent data from being fetched that you don't want (which can be more secure)
"SELECT name, tracking, status FROM $tbl_name WHERE username='$myusername'";
A traditional way from start to finish could be as follows.
<?php
$con=mysqli_connect("example.com","peter","abc123","my_db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM Persons");
while($row = mysqli_fetch_array($result))
{
echo $row['FirstName'] . " " . $row['LastName']; //**Put all your formatting in here!**
echo "<br />";
}
mysqli_close($con);
?>