I posted a couple days ago and I could not insert an additional record into a MySQL database I setup. I corrected the syntax, but the database will not update again. Basically, I have a couple forms in HTML that carry sessions over to the next pages until the PHP is processes on the final page to INSERT into the database. It worked twice (I have 2 records in the database now), but it won't insert any additional records. It worked fine a couple days ago. The only changes I made to anything was that I added a search feature that accesses the same database with the same user, but the connection is closed at the end of that script as well. Here is the code I am using to INSERT into the database (I know it isn't the best coding job, I'm still learning).
<?php
$con = mysql_connect("localhost","my_username","mypassword");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dgibbo1_imaging", $con);
// Here too, please mysql_real_escape_string() all parameters
mysql_query("INSERT INTO imaging (os,MAC,Model,AntiVirus,Browser,Email,Connectivity,Sound,Ports) VALUES ('".$_SESSION['imaging2']."','".$_SESSION['imaging3']."','".$_SESSION['imaging4']."','".$_SESSION['antivirus']."','".$_SESSION['browser']."','".$_SESSION['email']."','".$_SESSION['connectivity']."','".$_SESSION['sound']."','".$_SESSION['ports']."')");
OR die("Could not update: ".mysql_error());
mysql_close($con);
?>
The name of the database is imaging. The columns are setup as:
id (This is the primary key field)
os
MAC
Model
AntiVirus
Browser
Email
Connectivity
Sound
Ports
I just find it odd that it inserted records without any problems until I tried it again today. Is it possible that it has something to do with my code for the search?
The search is a simple form on another page and processes this form:
<?php
$con = mysql_connect("localhost","my_user","mypassword");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dgibbo1_imaging", $con);
// Always escape parameters injected into SQL queries
$result = mysql_query( "SELECT * FROM imaging WHERE MAC LIKE '%"
. mysql_real_escape_string ( $search, $con )
. "%'"
);
echo "<table border='1'>
<tr>
<th>MAC</th>
<th>Model</th>
<th>AntiVirus</th>
<th>Email</th>
<th>Browser</th>
<th>Connectivity</th>
<th>Sound</th>
<th>Ports</th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['MAC'] . "</td>";
echo "<td>" . $row['Model'] . "</td>";
echo "<td>" . $row['AntiVirus'] . "</td>";
echo "<td>" . $row['Email'] . "</td>";
echo "<td>" . $row['Browser'] . "</td>";
echo "<td>" . $row['Connectivity'] . "</td>";
echo "<td>" . $row['Sound'] . "</td>";
echo "<td>" . $row['Ports'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
Meanwhile, the search will pull up the 2 existing records successfully every time, but I can't add new records and I'm wondering if it has something to do with this.
Thanks for any suggestions. I know my syntax probably isn't the best, so any suggestions from this site are always appreciated.
Try creating a separate php file and hard coding the values into it. Run that and see what happens. your search form shouldnt interfere with another form.
edit any errors when using the form? any errors when inserting to another table?
I saw your post, and it all looks "right". What I'd suggest is to add some logging instead of DIE and look at what MySQL is saying about those insert statements:
$sql = "INSERT INTO imaging ....";
mysql_query($sql);
if(mysql_errno()) {
$message = mysql_error() . "\n" . $sql . "\n";
$fp = fopen('c:\mylogifle.txt', 'a');
fwrite($fp, $message);
fclose($fp);
}
AND...as everyone has mentioned, encode those strings - assuming that the SQL is actually being executed, and you "know" it works, there's a very high possibility that some punctuation in one of the values is interfering with the SQL, like an unexpected comma somewhere that confuses MySQL
Related
I am complete newbie to PHP/SQL and all this stuff, also not really skilled with any kind of programming. My problem is that I am currently trying to pull out data from MySQL table on to website, but after finishing the code it pulls out all of the data from my table.
I would love to somehow get to pull out only data from specific table row, based on it's primary key. My current code looks like this.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "rainbow";
$link = mysqli_connect($servername, $username, $password, $dbname);
if($link === false){
die("ERROR: COuld not connect." . mysqli_connect_error());
}
$sql = "
SELECT name
, nick
, surname
, team
, country
, birthdate
, mouse
, dpi
, keyboard
, headset
FROM players
";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<table>";
echo "<tr>";
echo "<th>name</th>";
echo "<th>nick</th>";
echo "<th>surname</th>";
echo "<th>team</th>";
echo "<th>country</th>";
echo "<th>birthdate</th>";
echo "<th>mouse</th>";
echo "<th>dpi</th>";
echo "<th>keyboard</th>";
echo "<th>headset</th>";
echo "</tr>";
while ($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['nick'] . "</td>";
echo "<td>" . $row['surname'] . "</td>";
echo "<td>" . $row['team'] . "</td>";
echo "<td>" . $row['country'] . "</td>";
echo "<td>" . $row['birthdate'] . "</td>";
echo "<td>" . $row['mouse'] . "</td>";
echo "<td>" . $row['dpi'] . "</td>";
echo "<td>" . $row['keyboard'] . "</td>";
echo "<td>" . $row['headset'] . "</td>";
echo "</tr>";
}
echo "</table";
mysqli_free_result($result);
}
else {
echo "Ziadny vysledok a nic nefunguje";
}
}
mysqli_close($link);
?>
To be honest, I am not even sure if this is the right way to do it, but it works and it pulls the data into a HTML table which is not necessary for me, I just wanted to try it. Thanks for answers!
Let's suppose you have a page with this code:
<form action='page2.php' method='post'>
Inform a number:
<input type='text' name='number'>
<input type='submit' value='Send'>
</form>
Save the form above as page1.php
The file page2.php will contain the code that select one register from your table and show the result.
<?php
$id = $_POST["number"];
//The sql command will look like this:
$sql = "SELECT name, nick, surname, team, country, birthdate, mouse, dpi, keyboard, headset FROM players WHERE id = $id";
?>
A couple of things.
Firstly, You would typically keep some of your confidential stuff (database name, userid, password and server name in a separate file (eg. config.php) and you would "include" that file in this file... include ("config.php");
Secondly, in your $sql line you are selecting all of your columns individually and later in the 10 lines after your "while" statement you are selecting them again (for display). I would be calling the whole table in your $sql line with SELECT * from players and I would follow this with a WHERE. As a newbie, your basic retrive from batabase has 3 main words, SELECT (means go and get what you want and in most cases, grab it all with a *) FROM (the table you want to get it from, in your case the table is players) and WHERE (this is your selection criteria... id > 50...colour = "blue"... whatever you want). When pushing data to the DB you would use SET and UPDATE but when retrieving... SELECT, FROM, WHERE.
Your "while" statement will simply do your $sql statement (select, from, where) and return results until it runs out of records
Good luck Newbie
gri2a
I'm looking to create a formatted product list from an SQL database. My aim is to have a store on my website with a series of small boxes containing some shorthand information about each product, that when clicked will open a pop-up containing detailed information. (I have a working Javascript/JQuery code to create the pop-ups.)
Here is the PHP code so far, simply to get the information from the database and display it on a webpage...
(I've been using XAMPP to provide an environment for me to test the code in)
<?php
mysql_connect("localhost", "root", "") or die (mysql_error ());
mysql_select_db("Database1") or die(mysql_error());
$strSQL = "SELECT * FROM Products";
$rs = mysql_query($strSQL);
while($row = mysql_fetch_array($rs)) {
echo $row['Brand'] . " " . $row['ProductName'] . " " . $row['Image'] . "<br />";
}
mysql_close();
?>
I want the echoed line to be displayed in a divider, with a divider generated for each record in the SQL database (say I have 10 products available, there would be ten dividers, and 10 different boxes on the webpage). The divider's class is "ProductBox".
echo "<div class=\"ProductBox\">"; $row['Brand'] . " " . $row['ProductName'] . " " . $row['Image'] . "</div>";
This was the closest I have come to a solution, which was simply managing to write a code with no syntax errors - alas, nothing actually displays on the webpage.
If I'm going about this entirely the wrong way please tell me - I'm fairly sure I need to use a SQL database to dynamically update stock on a live website, but if I need to implement a different programming language or whatever then just tell me what you think would work and help me with a solution.
You have an extra semicolon in your code
echo "<div class=\"ProductBox\">"; $row['Brand'] . " " . $row['ProductName'] . " " . $row['Image'] . "</div>";
Replace with
echo "<div class=\"ProductBox\">". $row['Brand'] . " " . $row['ProductName'] . " " . $row['Image'] . "</div>";
mysql_fetch_array needs to be used like this (see PHP Doc):
while($row = mysql_fetch_array($rs, MYSQL_ASSOC)) {
}
or you could just use "mysql_fetch_assoc" instead.
HOWEVER, if you're new to PHP, I HIGHLY RECOMMEND that you get started on the right foot. mysql_query functions are soon to be deprecated. DON'T USE THEM. Most recommend using "PDO" for querying your database. Here's a great tutorial to teach you: http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers
Also, as mentioned, you have an extra semi-colon.
Dont forget these basics markups :
`<HTML>
<HEAD>
</HEAD>
<BODY> put in here your divs
</BODY>
</HTML>`
I have this table:(megaoverzicht.php) (I left out the part where it connects to the db)
echo "<table border='1'><tr><th>Formulier Id</th><th>Domeinnaam</th><th>Bedrijfsnaam</th><th>Datum</th><th>Periode</th><th>Subtotaal</th><th>Dealernaam</th><th>Offerte Maken</th></tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['formuliernummer'] . "</td>";
echo "<td>" . $row['domeinnaam'] . "</td>";
echo "<td>" . $row['bedrijfsnaam'] . "</td>";
echo "<td>" . $row['datum'] . "</td>";
echo "<td>" . $row['periode'] . "</td>";
echo "<td> € " . $row['subtotaal'] . "</td>";
echo "<td>" . $row['dealercontactpersoon'] . "</td>";
echo "<td><a href='offertemaken.php?id=" . $row->id . "'>Offerte Maken </a></td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
I want to open offertemaken.php when the user clicks on Offerte Maken. It needs to open the form with the data from that row(id).
This is the code from (offertemaken.php)(I left out the part where it connects to the db)
<?php
$id=$_POST['id'];
$data = 'SELECT * FROM cypg8_overzicht WHERE id="$id"';
$query = mysqli_query($con,$data) or die("Couldn't execute query. ". mysqli_error());
$data2 = mysqli_fetch_array($query);
?>
<form>
<div class="formcontainer" onmousemove="">
<input type="text" name="datum" id="datum" value="<?php echo $data2[datum]?>">
<input type="text" name="formuliernummer" id="formuliernummer" value="<?php echo $data2[formuliernummer]?>">
<input type="text" name="periode" id="periode" value="<?php echo $data2[periode]?>">
<input type="text" name="domeinnaam" id="domeinnaam" value="<?php echo $data2[domeinnaam]?>">
<input type="text" name="bedrijfsnaam" id="bedrijfsnaam" value="<?php echo $data2[bedrijfsnaam]?>">
<input type="text" name="dealercontactpersoon" id="dealercontactpersoon" value="<?php echo $data2[dealercontactpersoon]?>">
</div><!--/.formcontainer-->
</form>
I cant get it to work. I am missing something I think! I make an error in the codes below:
echo "<td><a href='offertemaken.php?id=" . $row->id . "'>Offerte Maken </a></td>";
$id=$_POST['id'];
$data = 'SELECT * FROM cypg8_overzicht WHERE id="$id"';
I have been looking at a lot of tutorials but cant understand what i am doing wrong. Here a list to show that i am not just asking but actually have been looking for a solution by myself.
http://www.daniweb.com/web-development/php/threads/341921/-php-mysqli-update-database-using-id-syntax-help-requested-
http://www.codeofaninja.com/2012/01/phpmysqli-update-record.html
I have looked at many more but i don’t want to bother all of you with an extreme long list of links. And i am not allowed because my rep is not big enough! Dont downvote me please!
Question
I want to open offertemaken.php when the user clicks on Offerte Maken. It needs to open the form with the data from that row(id)?
Edit 1 Getting closer to the endresult
I found out(thanks to Cuba32) that the link in megaoverzicht.php was doing nothing so i changed the following
<a href='offertemaken.php?id=" . $row->id . "'>
to
<a href='offertemaken.php?id=" . $row['id'] . "'>
Now it is creating these kind of links:
something/formulieren/overzichten/offertemaken.php?id=24
This is a good thing(i think) but the form that opens is blank so offertemaken.php is doing nothing with the id???
Edit 2 (Thanks to Cube32)
Since yesterday the code has changed quite a bit. I belive that megaoverzicht.php is finished it sends the link as described in edit 1. The only problem is know in offertemaken.php. Below i will put in the code.
$con = mysqli_connect($server,$username,$password,$database);
if (!$con){
die('Could not connect: ' . mysqli_error($con));
}
mysqli_select_db($con,$database);
$id=$_GET['id'];
if($data = mysqli_prepare($con, 'SELECT * FROM cypg8_overzicht WHERE id="?"'))
{
/* bind parameters for markers */
mysqli_stmt_bind_param($data, "s", $id);
/* execute query */
mysqli_stmt_execute($data);
$data2 = mysqli_stmt_fetch($data);
But this code gives me the following error.
Warning: mysqli_stmt_bind_param(): Number of variables doesn't match number of parameters in prepared statement in line 31. Line 31:
mysqli_stmt_bind_param($data, "s", $id);
I dont know how to solve this part. I will offcourse be looking on the internet to try and find a solution but if anyone knows it please post it. Thanks in advance.
Edit 3<= No more error (Thanks to Your Common Sense)
by changing WHERE id="?"' into WHERE id=?' i no longer have the error. But still it is not showing anything in the input fields
Edit 4<= Getting to confused and going back to original code.
Thanks for everyone who got me so far. But I can't see the forest anymore through the trees. I am going back to the original code and try to solve that. So the code is now as follows:
$id=$_GET['id'];
$data = 'SELECT * FROM cypg8_overzicht WHERE id="$id"';
$query = mysqli_query($con,$data) or die("Couldn't execute query. ". mysqli_error());
$data2 = mysqli_fetch_array($query);
error_reporting(E_ALL);
But this gives the following errors inside the input fields:
Notice: Use of undefined constant formuliernummer - assumed 'formuliernummer' in offertemaken.php on line 37
This error goes for all the input fields.
Edit 5
Fixed this by changing <?php echo $data2[formuliernummer]?> to <?php echo $data2['formuliernummer']?> but it is still not showing the information.
Edit 6 THE SOLUTION
I added the answer to the question below. Just look for answer written by HennySmafter.
Thanks to:
Cube32, SITDGNymall, Your Common Sense. Thanks all of you for helping me find the solution.
It took me a while but i found the answer.
megaoverzicht.php
echo "<td><a href='offertemaken.php?id=" . $row['id'] . "'>Offerte Maken </a></td>";
offertemaken.php
// Check whether the value for id is transmitted
if (isset($_GET['id'])) {
// Put the value in a separate variable
$id = $_GET['id'];
// Query the database for the details of the chosen id
$result = mysqli_query($con,"SELECT * FROM cypg8_overzicht WHERE id = $id");
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = "Invalid query: " . mysqli_error($result) . "\n";
$message .= "Whole query: " . $query;
die($message);
}
// Use result
// Attempting to print $result won't allow access to information in the resource
// One of the mysql result functions must be used
// See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(),etc.
while ($row = mysqli_fetch_assoc($result)) {
echo $row['formuliernummer'] . "\n";
echo $row['domeinnaam'] . "\n";
echo $row['bedrijfsnaam'] . "\n";
echo $row['datum'] . "\n";
echo $row['periode'] . "\n";
}
} else {
die("No valid id specified!");
}
It is not showing the values in the input boxes because there are no input boxes into the echo but those can be easily added I imagine.
In reference to the edit 1:
You are referencing the variables by association, but are outputing the mysql as a default array. instead of
$data2 = mysqli_fetch_array($query);
Try this:
$data2 = mysqli_fetch_assoc($query);
Or:
$data2 = mysqli_fetch_array($query, MYSQLI_ASSOC);
Also, do you have error reporting turned on? If so, then if the array contains no data you should be getting warnings of some kind. If not, a good test is:
error_reporting(E_ALL);
This will warn you about any places where a variable is unset or a array is empty. Another good test is to simply echo out your query, which will tell you if there's any errors in the query itself(which can save some time). If you're not going to go the Prepared Statements route(which is highly encouraged), you can simply echo out $data into your script.
I am new to PHP/MySQL and am working my way through the basics.
I have a MySQL database scwdb (that I moved from Access 2000 which my Windows 7 won't work with) with a table tblsplintersbowlinventory which has 2 fields:
fields and data:
txtProductBowlCode
data examples: OakSc07-001, MapleTi07-030, MapleTi07-034, BlackLimba07-002, AshSc07-017
txtProductPrimarySpecies
data examples: Oak, Maple, Maple, BlackLimba, Ash
In other words, I want to record just the species in the txtProductPrimarySpecies field.
I tried the following PHP script:
<?php
$con = mysql_connect("localhost","xxxxxxx","zzzzzzz");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("scwdb", $con);
$species = 'Maple';
mysql_query("UPDATE tblsplintersbowlinventory WHERE txtProductBowlCode LIKE $species SET txtProductPrimarySpecies=$species%");
echo "done";
mysql_close($con);
?>
It seems to run, does not show an error and prints "done", but when I check the database I don't see any changes.
What am I missing?
This db has over 600 records, and I added this new txtProductPrimarySpecies field to make my searches easier while leaving the full code which has specific info on the bowl. There are several species that I need to do this to, so I plan on using a loop to run through a list of species.
How would I code that loop to read a list of species?
OK, I found the way to make this work!
<?php
$con = mysql_connect("localhost","xxxxxx","zzzzzzz");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("scwdb", $con);
$species = 'Maple';
$result = mysql_query("UPDATE tblsplintersbowlinventory SET txtProductPrimarySpecies = '$species' WHERE txtProductBowlCode LIKE '$species%'");
$result = mysql_query("SELECT * FROM tblsplintersbowlinventory WHERE txtProductBowlCode LIKE '$species%'");
echo "<table border='1'>
<tr>
<th>Index</th>
<th>Bowl Code</th>
<th>Species</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['intProductID'] . "</td>";
echo "<td>" . $row['txtProductBowlCode'] . "</td>";
echo "<td>" . $row['txtProductPrimarySpecies'] . "</td>";
echo "</tr>";
}
echo "</table>";
echo "done";
mysql_close($con);
?>
This worked, and I manually changed the $species value and ran it for each of the species of wood in the database...since this was a one time shot it made more sense not to use a list and loop through it - I was bound to miss one or two species anyway.
Shouldn't the set without % come before where with %. Also I think your parameter should be wrapped with a quote as it is string type.
mysql_query("UPDATE tblsplintersbowlinventory
SET txtProductPrimarySpecies='$species'
WHERE txtProductBowlCode LIKE 'CONCAT($species, '%')'");
Basicaly having issues setting up a webpage which will taken in a student key entered by the user. This will then parse the student key to another file which will run it against a mysql backend to see what records this student already has. But can not get it working for the life of me please help I'm still a newb at this.
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("support_log", $con);
$result= mysql_query("SELECT student.first_name, student.surname, student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY like '$_POST[stkey]'");
$result2 = mysql_query($result) or die("Error: " . mysql_error());
if(mysql_num_rows($result2) == 0){
echo("no records found");
} ELSE {
echo "<table border='1'>
<tr>
<th>First name</th>
<th>Surname</th>
<th>Year Group</th>
<th>Student Key</th>
<th>Issue</th>
</tr>";
while($row = mysql_fetch_array($result2))
{
echo "<tr>";
echo "<td>" . $row['First_Name'] . "</td>";
echo "<td>" . $row['surname'] . "</td>";
echo "<td>" . $row['year_group'] . "</td>";
echo "<td>" . $row['stkey'] . "</td>";
echo "<td>" . $row['issue'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
mysql_close($con);
?>
After changing my where statement to:
WHERE student.STKEY like '$_POST[stkey]'");
I am no longer reciving errors from PHP but now recieving the error Query was empty which is part of my code to detect if there is no results. Though I have tested that query in phpmyadmin and it spits out results. From looking at the code does anyone have any solutions? I have also checked the parse by running an echo on the post command to ensure the data being entered was correct.
Edit: Got rid of the whole result2 check now throwing a:
Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\wamp\www\stkey_submit.php on line 24
Try $_POST['stkey'] instead of $_POST[stkey]
EDIT : if you use it in a query, it would be preferable to do :
$stkey = mysql_real_escape_string($_POST['stkey']);
$sql = "SELECT ....... like '$stkey'";
mysql_query($sql);
$result= mysql_query("SELECT student.first_name, student.surname, student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY like " . $_POST["stkey"]);
How about storing the value of stkey on a variable before including it on the query?
$stkey = $_POST['stkey'];
$result= mysql_query("SELECT student.first_name, student.surname,
student.year_group, student.STKEY, student_log.issue
FROM `student` JOIN `student_log`
WHERE student.STKEY LIKE '%$stkey%'");
You might also want to use MySqli or PDO instead of the MySql database API. Take a look at this post from Nettuts: http://net.tutsplus.com/tutorials/php/php-database-access-are-you-doing-it-correctly/