Hello I am trying to understand why this isn't working on my page. I am using the php block below to use the variable I created at the beginning of my page $sel_subj (I used $_GET to get the id of what I clicked on on the previous page. I want the new page to reflect the data of the link I clicked on) I got the url to work to show the correct number from the database but I cannot get my page to display the name of what link was pressed; aka the data in the column labeled 'subject_name' from the 'subjects' table.
<?php
$query = "SELECT * FROM subjects WHERE id = \"$sel_subj\"";
$result_set = mysql_query($query, $connection);
if(!$result_set) {
die("Database query failed: " . mysql_error());
$subject = mysql_fetch_array($result_set);
return $subject;
?>
into this h2 tag right here.
<h2><?php echo $subject['subject_name']; ?>Hello</h2>
I can post the whole page if it will help. I appreciate everyone's input.
Thank you.
edit:new problems
Here is the bottom half of my code. I have a navigation div above this code which separates the links to the pages that relate to the database tables from the content that I'd like to pull from the db and display in the div for the page table.
However with the code I've provided nothing is showing up on the page when I open it in firefox. In my html when I "view source" while previewing on the testing server there is nothing underneath ...
<td id="page">
<?php
$query = "SELECT * FROM subjects WHERE id ='$sel_subj'";
$result_set = mysql_query($query, $connection);
if(!$result_set)
die("Database query failed: " . mysql_error());
$subject = mysql_fetch_assoc($result_set);
return $subject;
?>
<h2><?php echo $subject['subject_name']; ?>Hello</h2>
<br />
<?php echo $sel_page; ?><br />
<?php echo $sel_subj; ?><br />
<?php echo $subject; ?><br />
<?php echo $subject['id']; ?>
</td>
Change this:
$query = "SELECT * FROM subjects WHERE id = \"$sel_subj\"";
to this:
$query = "SELECT * FROM subjects WHERE id = '$sel_subj'";
and this:
$subject = mysql_fetch_array($result_set);
to this:
$subject = mysql_fetch_assoc($result_set);
PS: Try not to use the mysql class of functions anymore, they're not too good. Instead, use mysqli or PDO.
EDIT
If the column id is of numeric type, remove the apostrophes from the query. Like this:
$query = "SELECT * FROM subjects WHERE id = $sel_subj";
Try This
$query = "SELECT * FROM subjects WHERE id = '$sel_subj' ";
Try this
$query = "SELECT * FROM subjects WHERE id = {$sel_subj} ";
Related
I'm a newbie and need Help.
I've made a page (page.php) that shows the list of data from MySQL, but only fetched 6 columns out of the total 10 columns from my table.
Beside each row, I put a link:
<a href="detail.php?id=<?php echo $rows -> num_id;?>" target="_blank">
For example, if a row with num_id=8, the link will be detail.php?id=8, which actually works.
The problem is, how can I set detail.php page to get the num_id?
I have tried using:
if(isset($_GET['id']))
{
$query2="select * from data_table where num_id=$nokasus ";
$result=mysql_query($query2) or die(mysql_error());
while($rows=mysql_fetch_object($result)){ HTML CODE HERE }
Thanks for your help.
how about fetching the id from the url by $_GET[] and assign it to a variable then do your thing.
example:
$id = $_GET['id'];
$query = "SELECT * FROM data_table WHERE num_id = $id" ;
You might be talking about GET[]. Let's also convert your code to MySQLi instead of predicated MySQL.
<?php
$con=mysqli_connect("YourHost","YourUsername","YourPassword","YourDatabase");
$id=mysqli_real_escape_string($con,$_GET['id']);
if(mysqli_connect_errno()){
echo "Error".mysqli_connect_error();
}
mysqli_query($con,"SELECT * FROM data_table WHERE num_id='$id'");
while($rows=mysqli_fetch_array($result)){ HTML CODE HERE }
?>
I am trying to show specific information for my logged in users, i can call the user_name, but i have been able also to call info from the "website" entry which holds the html for the page, i need to be able to call "website" to each logged in user, i.e Susan (user_name) has the html showing when she logs in, BUT Barry (user_name) has the same html showing as susan, as it is being called from Susans row! Please help it is driving me mad!
Here is the code that is on the myaccount.php:
Welcome To <?php echo $_SESSION['user_name'];?>'s Account Page</strong>
<?php
if (isset($_GET['msg'])) {
echo "<div class=\"error\">$_GET[msg]</div>";
}
?>
<?php
$data = mysql_query("SELECT * FROM users") or die(mysql_error());
$info = mysql_fetch_array( $data );
Print "<b></b> ".$info['$website'] . " ";
?>
You have to add a WHERE clause to your query. If you have a field in your table called user_name it will be like this :
"SELECT * FROM users WHERE user_name = '" . $_SESSION['user_name'] . "'";
Note : You are using a deprecated (mysql_query) you should use rather (mysqli_query) which has different syntax
http://php.net/manual/en/mysqli.query.php
Have you tried
$data = mysql_query("SELECT * FROM users WHERE username='$_SESSION[user_name]'") or die(mysql_error());
I am getting the below error:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'testing order by id'
Here is the main page..
echo "<div ><a href='secondpage.php?title=".urlencode($row['title'])."'>".wordwrap($row['title'], 35, "<br />\n", true)."</a></div>";
and here is the second page the error appearing on. the address bar reads http://localhost/secondpage.php?title=more+testing
<?php
$mydb = new mysqli('localhost', 'root', '', 'test');
$sql = "SELECT * FROM test where urlencode(title) =".$_GET['title']" order by id ";
$result = $mydb->query($sql);
if (!$result) {
echo $mydb->error;
}
?>
<div>
<?php
while( $row = $result->fetch_assoc() ){
echo $row['firstname'];
}
$mydb->close ();
?>
</div>
You want to use urldecode to decode the encoded string in your query:
$title = urldecode($_GET['title']);
$sql = "SELECT * FROM test where title = '$title' order by id";
I'm assuming you have a column named title in your test table. I don't think MySQL has urlencode function unless you have a procedure by that name which functions exactly like PHP's urlencode.
Update:
Thanks to #GeorgeLund, who pointed out the point of SQL Injection. Important topic which I missed earlier during answering your question. Please have a look at: https://www.owasp.org/index.php/SQL_Injection
For the very least please update your code to following:
$title = urldecode($_GET['title']);
$title = mysqli_real_escape_string($title); // Addition
$sql = "SELECT * FROM test where title = '$title' order by id";
$sql = "SELECT * FROM test where urlencode(title) ='".$_GET['title']."' order by id ";
Try like
$sql = "SELECT * FROM test WHERE urlencode(title) = ".$_GET['title']." ORDER BY id ";
You missed . leads syntax go away.
As far as I know SQL does not have function urlencode and why would you even want to urlencode the column name?
Also to store the encoded title string which is received from the last page you should decode the encoded title
So here is what I think you meant to do.
$sql = "SELECT * FROM test WHERE title = ".urldecode($_GET['title'])." order by id ";
Please try this code using urldecode
$sql = "SELECT * FROM test where title =".urldecode($_GET['title'])" order by id ";
I have a MySql DB and in the Table 'Klant' I have the column names:
ID
Naam
Email
Soort
Status
I get the column names with this query:
$strSQL = "select column_name from information_schema.columns where table_name='Klant'";
And I am selecting the data from the Table with this simple query:
$strSQL1 = "SELECT * FROM NAW.Klant";
What I want to do is search a text and with str_replace I want to replace the column_names with the data from the DB. For example:
If I type in Hello Naam, your email adress is Email I would want it to display Hello Robert your email adress is robert#gmail.com. And I will put that in a loop to do it for every row. I am currently using this:
$ID = $row['Klant_ID'];
$Naam = $row['Naam'];
$Email = $row['Email'];
$Soort = $row['Soort'];
$Naam = $row['Status'];
$vaaw = array("[ID]","[Naam]", "[Email]", "[Soort]", "[Status]");
$vervang = array("$ID","$Naam", "$Email", "$Soort", "$Status");
echo str_replace($vaaw, $vervang, $message);
The reason I do not want to use this anymore is because if I ever need to change/add/delete a column the code would still work. (I know it is a bad idea to change columns but you never know.) And also this code will work with other Tables/DB's to.
I have tried loads of things to get this to work but I just haven't got a clue how to do this and it has been bugging me for almost 2 days now. If someone knows a function or a way to do this it would be very helpful!
Try this:
<?php
$strSQL = "select column_name from information_schema.columns where table_name='Klant'";
$con=mysqli_connect('host', 'username', 'password', 'db');
if(!$con){
//error
}
$result=mysqli_query($con,$strSQL);
if(!$result){
//error
}
$table_columns=array();
//$row=mysqli_fetch_assoc($result);
while($row=mysqli_fetch_assoc($result))
{
$table_columns[]=$row['column_name'];
}
$query="select * from NAW.Klant "; //limit 10";
$result=mysqli_query($con,$query);
if(!$result){
//error
}
$greeting_text="";
while($row=mysqli_fetch_assoc($result)){
$greeting_text.= (isset($row['naam']))? "Hello {$row['naam']}":""; // because you want the 'hello'
for($i=1;$i< count($table_columns);$i++){
$greeting_text.=" Your ".$table_columns[$i]." is ".$row[$table_columns[$i]].", ";
}
$greeting_text.="\n";
}
echo $greeting_text; //test your result
If you have a predefined string template (to be replaced by column names or their values), you need to change that code when there is any change in the table columns. I simply choose to dynamically generate the string depending on the availability of columns. But if you need to use a predefined string, it is not difficult to do so.
I solved it using the script that HamZa linked in the comments. Since he is not posting it as an answer I will do it myself because I think it could help others.
The code that solved the problem is this:
$connection = mysql_connect('localhost', 'root', 'pw') or die('couldn\'t connect to the database.<br>'. mysql_error());
mysql_select_db("NAW");
$strSQL1 = "SELECT * FROM Klant";
$result = mysql_query($strSQL1, $connection) or die('Something went wrong with the query.<br>'. mysql_error());
while($row = mysql_fetch_assoc($result)){
$text = $_POST['naam'];
foreach($row as $k => $v){
$text = str_replace('['.$k.']', $v, $text);
}
echo $text;
echo "<br>";
}
Please can anyone help me with this?
I have 2 tables, location and tickets and what I have built so far is a form in a div that users enter the name of the city or town where they would like to see a live music performance. This form is submitted and an SQL statement is passed querying the location table. In another div, the users search query appears in a box on the screen. What I would like to do next is to write an SQL statement that will lookup the user's query and dynamically display the relevant ticket information from the ticket table based on the location ID.
For example, the user types in 'Newcastle' as their search query, the location table finds the city of Newcastle and displays the user's result in a div called 'tickets'..I would like to display all the fields that correspond with 'Newcastle' from the ticket table.
The locationID is the primary key in the location table and has 3 other column, city, town and postcode.
The ticket table consists of ticketID being the primary key, the locationID being the foreign Key and the other fields i.e venue, tPrice, date and time. I think the problem im having is im not passing through the variable from the users query so that the ticket table can look it up and display the relevant information.
Here is the code for the form:
<div id="search">
<form name="searchForm" id="searchForm" class="searchForm" method="post">
<input type="text" name="citySearch" id="citySearch" class="citySearch" placeholder="Enter name city/town..." autofocus="autofocus" />
<input type="submit" name="ticketSearch" id="ticketSearch" class="ticketSearch" value="Search" />
</form>
</div>
Here is the code to display the user's query:
<div id="locationResult">
<?php
include( 'classes/database_connection.php' );
$cSearch = $_POST['citySearch'];
$sql = "SELECT DISTINCT city FROM location WHERE city = '$cSearch'";
mysql_query($sql) or die (mysql_error());
$queryresult = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($queryresult)) {
$city = $row['city'];
echo $row["city"];
}
mysql_free_result($queryresult);
mysql_free_result($qResult);
mysql_close($conn);
?>
</div>
</div>
This is where I want to display the ticket results from the ticket table:
<div id="ticketsResults">
<table class="ticketResult" border="0" cellspacing="5">
<tr>
<td><b>Venue</b></td>
<td><b>Price</b></td>
<td><b>Date</b></td>
<td><b>Time</b></td>
<td><b>Street View</b></td>
</tr>
<?php
include( 'classes/database_connection.php' );
$locID = $_POST['locationID'];
$citySearch = $_POST['citySearch'];
$sQL = "SELECT locationID FROM location";
//Here is where I want it to display dynamic information rather than manually type the location
$ticketSQL = "SELECT * FROM ticket NATURAL JOIN location WHERE city = 'Newcastle' ";
mysql_query($sQL) or die (mysql_error());
$qResult = mysql_query($sQL) or die(mysql_error());
mysql_query($ticketSQL) or die (mysql_error());
$result = mysql_query($ticketSQL) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
// $ticketID = $row['ticketID'];
$venue = $row['venue'];
$ticketPrice = $row['tPrice'];
$date = $row['date'];
$time= $row['time'];
echo "<tr>\n";
echo "<td>$venue</td>\n";
echo "<td>£$ticketPrice</td>\n";
echo "<td>$date</td>\n";
echo "<td>$time</td>\n";
echo "<td>Click to see</td>\n";
echo "</tr>\n";
}
mysql_free_result($qResult);
mysql_free_result($result);
mysql_close($conn);
?>
</table>
</div>
So basically, I'm wanting an SQL statement that dynamically displays the tickets according to the user's query. Sorry about the copious amount of code! Any help given is greatly appreciated.
Before you do anything else I think you should work on your coding style, specifically your indentation. A quick google search should do the trick. Next look into mysql prepared statements because currently your code is unsafe. Like jordanm said, it is subject to SQL injection.
For example, if someone entered blah' OR 'x'='x as a city name. Your query would become
SELECT DISTINCT city FROM location WHERE city = 'blah' OR 'x'='x';
Basically it allows the user to do naughty things with your query, and you don't want that.
Below is a sample of how you can avoid this using mysql prepared statements:
// basic quick raw example
$mysqli = new mysqli('localhost', 'user', 'password', 'database');
$stmt = $mysqli->prepare('SELECT DISTINCT city FROM location WHERE city = ?');
$stmt->bind_param('s',$city_name);
$stmt->execute();
$stmt->bind_result($city);
while ($stmt->fetch())
{
echo $city;
}
That's all I'm going to leave you with because I feel like to answer the actual question (?) I will need to write the code for you. Goodluck