I made a blog. Everything is working correctly except for one thing; being able to compare my id in order to open the appropriate article.
I'm using FETCH_ASSOC:
$sth->setFetchMode(PDO::FETCH_ASSOC);
I'm checking $_GET for an id:
if (isset($_GET['id']) && ($_GET['id'] == $blogid['id'])) { **PROBLEM IS WITH $blogid
$row = $sth->fetch()
//... Code to display html and db values
If true, it shows the entire blog post. Else it displays all the blog intros:
<?php } else { ?>
<?php while($row = $sth->fetch()) { ?>
//... Code to display html and db values
How can I access the id in my if statement? If I do something like:
$blogid = $sth->fetch()
it screws up $row = $sth->fetch() by reordering the posts
EDIT Query added:
$sth = $dbh->query('SELECT id, title, slug, body, image, author, date, category from blog ORDER BY date DESC');
You're using PDO and MySQL slightly wrong here. Instead of getting all the blog posts and checking to see whether the one you've got has the correct ID, you should only get one blog post (row) from the DB using a WHERE clause, like this:
SELECT id, title, ... FROM blog
WHERE id=[ID from $_GET]
ORDER BY date DESC
PDO handles this for you fantastically well by allowing you to use placeholders:
SELECT id, title, ... FROM blog
WHERE id=:theBlogID
ORDER BY date DESC
Here, I've used the placeholder :theBlogID which will be replaced by the $_GET parameter .
Using PDO, your final code needs to prepare the query, bind a parameter to it, execute it and then get the result (checking if there actually is a result using PDO::rowCount()) something like this:
$sth = $dbh->prepare('SELECT id, title, ... FROM blog
WHERE id=:theBlogID
ORDER BY date DESC');
$sth->bindParam(':theBlogID', $_GET['id'], PDO::PARAM_INT); // Bind the ID from $_GET to the placeholder
$result = $sth->execute(); // Execute (run) the query
if($result->rowCount()) { // Have we found any blog posts with the ID specified?
$data = $result->fetchAll();
foreach($data as $post) {
// Print out your blog post
}
}
It's not clear how much of the above you currently have as you only give one or two line snippets here and there, but this should give a good outline of what you need to do.
Related
I'm building a small blog site using SQL/PHP and I have the basics working and I'm now trying to implement tags so users can refine the topics displayed.
The code I have so far is:
$stmt = $con->prepare("SELECT tblblog.id,title,img,figcaption,body,date,tag_id
FROM tblblog LEFT JOIN tblblogtags
ON tblblog.id = tblblogtags.blog_id
WHERE tblblogtags.tag_id = ?
ORDER BY date DESC");
$stmt->bind_param("i",$_GET['tag']);
if($stmt->execute()){
$result = $stmt->get_result();
foreach($result as $item){
echo ...;
}
}
$stmt->close();
My problem is if the $_GET['tag'] is empty it returns no entries because it is passing empty or null to the $stmt. Other than implementing a if(!empty($_GET['tag'])){}else{} loop with two different statements is there a better way implement like using a CASE after the WHERE or filtering the array instead?
So i'm trying to use in_array to call a list back from the database and then i'm checking with those results to see if the field "Title" is present in the array by doing the following.
$qGetAllTitles = "SELECT ArticleTitle FROM articles
UNION
SELECT ArticleTitle FROM temp_article";
$rGetAllTitles = mysqli_query($dbc, $qGetAllTitles);
$GetAllTitlesRow = mysqli_fetch_array($rGetAllTitles, MYSQLI_ASSOC);
if (in_array($Title, $GetAllTitlesRow['ArticleTitle'])){
$errors[0] = "The title is already taken by another article, please pick a different title";
} else {
$TTL = mysqli_escape_string($dbc, trim($Title));
$errors[0] = "Title worked";
}
I'm aware that the strings are case sensitive (and i'm looking how to negate this but that's another unrelated question)
My problem is, when i put an already used article title into the title field (which works, all other checks i use work, just not this one) it still returns "title worked", even though the check shouldn't unless the title is unique.
I've checked the SQL input in phpmyadmin (for my MySQL database) and that works getting all (3) results and the method of fetching the query is reused from elsewhere in my code, which also works, same as the in_array check so i'm really not sure why it's not working.
Your query returns multiple rows but you are only retrieving data for the first row. So unless the title matches the first row's title you won't find any duplicates. You need to do one of the following:
1) Loop through the result set and make an array of page titles before using in_array()
$GetAllTitlesRows = array();
while ($row = mysqli_fetch_array($rGetAllTitles, MYSQLI_ASSOC)) {
$GetAllTitlesRows[] = $row['ArticleTitle'];
}
or
2) Just search for any articles using that title right in your query which makes the code a whole lot simpler (recommended). In other words, use a WHERE clause specifically looking for that title in the ArticleTitle field. If you get any results you know it is taken.
$qGetAllTitles = "SELECT ArticleTitle FROM articles WHERE ArticleTitle = '$Title'
UNION
SELECT ArticleTitle FROM temp_article WHERE ArticleTitle = '$Title'";
$rGetAllTitles = mysqli_query($dbc, $qGetAllTitles);
if (mysqli_num_rows($rGetAllTitles) > 0){
$errors[0] = "The title is already taken by another article, please pick a different title";
}
I am converting old mysql_query code to PDO parameterized queries. Here's what I have so far. It doesn't seem to return anything. I have tried the same query in phpmyadmin, and in the old code with the same input, and the query returns rows those ways.
public function searchArticle($input)
{
$db = new PDO("mysql:host=localhost;dbname=thecorrectdbname", "root", "supersecretpassword");
$statement = $db->prepare("SELECT * FROM news WHERE headline LIKE '%:title%'
OR content LIKE %:content%'
OR author LIKE '%:author%'
ORDER BY id DESC");
$statement->execute(array('title' =>$query,
'content' =>$query,
'author'=>$query));
$result = $statement->fetchAll();
print_r($result);
if (!$result || $statement->rowCount() <= 0)
{
echo'nothing in this array';
return false;
}
return $result;
}
This returns
Array ( ) nothing in this array
Using the same $db connection I can manage to INSERT data into the DB, so the connection is working.
Two questions.
What am I doing wrong in this code?
Suppose I would get the code working. Is the $result object returned by a PDO prepared statement structurally the same as a mysql_query $result object? If not, how do I convert a PDO resultset to a mysql_query one?
Your replacement variables will get escaped and quoted automatically by PDO, which means you cannot have a variable within quotes.
change the following:
$statement = $db->prepare("SELECT * FROM news WHERE headline LIKE :title
OR content LIKE :content
OR author LIKE :author
ORDER BY id DESC");
$statement->execute(array('title' =>'%'.$query.'%',
'content' =>'%'.$query.'%',
'author'=>'%'.$query.'%'));
You are doing an invalid use of placeholder. Placeholder must be used in the place of whole value.
$statement = $db->prepare("SELECT * FROM news WHERE headline LIKE :title
OR content LIKE :content
OR author LIKE :author
ORDER BY id DESC");
$statement->execute(array('title' =>"%$query%",
'content' =>"%$query%",
'author'=>"%$query%"));
This is the code for the user to post the post.
if(islet($_POST['submit'])) {
$name = $_POST['name'];
$keywords = $_POST['keywords'];
$description = $_POST['description'];
if(islet($_GET['user_id'])) {
$_SESSION['user_id'] = $_GET['user_id'];
} //Then I just have a inset into statement for my database with these 4 variables.
}
I have a web form that creates a post by the user. I now want to make the user able to go back to a page dedicated to that post for them to edit, add on to etc.
Here is the high level solution:
You need to create a page that expects a post_id as a parameter of the query string. That page will be accessed like this: http://yoursite.com/show-post.php?post_id=136
In PHP, retrieve that post_id: $_GET['post_id']
From that post id, pull from the DB the information associated to that id. Something like SELECT * FROM post WHERE post_id = $_GET['post_id'].
Then display the post using the information returned by the SQL query.
If you want to show a list of posts from the current user, create another page http://yoursite.com/my-posts.php.
From that page, write a SQL query based on the current user id: SELECT * FROM post WHERE user_id = $_SESSION['user_id'] (assuming you have a user_id in the post table, and the user has authenticated and his id was stored in the session).
That will fetch you a list of posts, loop through them to get their details.
Please note that you should escape the parameter passed in the query string. There are many ways to do this so I won't go into it here.
EDIT:
This is how you generate the links:
<?php foreach ($mysql_result as $row) { ?>
link
<?php } ?>
Then, in edit-post.php, you can get the post_id by doing $postId = $_GET['post_id'];, and then use it in the query to fetch ALL the information about that one particular post.
Make sure you have a unique ID column in your database - call it 'postid', and set it to autoincrement with every new entry.
That way you'll be sure to have a unique identifier for each entry you insert in to the database.
You then need to retrieve a list of items in the database, including the postid, and for each row in the database provide a link to display it.
If a postid is selected in the url, then display information for that post. If it isn't, then show a list:
<?
$dbh = new PDO('mysql:host=localhost;dbname=databasename;charset=utf8', 'username', 'password');
///No post id selected, display a list of everything
if(!$_GET['postid']) {
print "You're listing all the rows in the database<br/>";
$query = $dbh->prepare("SELECT `postid`,`name` FROM `table` ORDER by postid ASC");
$query->execute();
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
print "".$row['name']."<br/>";
}
} else { //A post ID is selected
$postid = $_GET['postid'];
Print "Select from the database where postid = ".$postid;
$query = $dbh->prepare("SELECT `postid`, `name`, `keywords`, `description` FROM `table` WHERE `postid` = '$postid' LIMIT 1");
$query->execute();
while ($row = $query->fetch(PDO::FETCH_ASSOC)) {
$name = $row['name'];
$keywords = $row['keywords'];
$description = $row['description'];
print 'Displaying details for '.$name.': '.$keywords.', '.$description.' - create edit links here... <br/><br/>';
}
} //End post id is selected
?>
I'm building a website and I need an array of 'related posts', the array $previews. This array needs to contain three arrays, each of them with data from a related post. I tried getting the data using this code, but it fails:
$previews = array();
$query = mysql_query("SELECT TOP 3 title, url, category, date_published FROM post WHERE NOT(id = '$my_id') AND category = '$my_category' ORDER BY NEWID()");
while($row = mysql_fetch_assoc($query)) $previews[] = $row;
I keep getting "Warning: mysql_fetch_assoc() expects parameter 1 to be resource, boolean given".
Can somebody please help me out?
Thank you.
Try this, it may work.
$query = mysql_query("SELECT TOP 3 title, url, category, date_published FROM post WHERE NOT(id = '".$my_id."') AND category = '".$my_category."' ORDER BY NEWID()");
while($row = mysql_fetch_assoc($query)) $previews[] = $row;
If your query fails to return any values due to error or permission access issues, $query will be be the boolean false.
You are getting this error because something with your query went wrong. Try to call die(var_dump(mysql_error($query))); to see what went wrong.
Your SQL is wrong. It looks like MsSQL not MySQL. I'm not sure about the whole thing, but TOP 3 should be removed and you should use limit at the end of the query.
Was:
SELECT TOP 3 title, url, category, date_published FROM post WHERE NOT(id = '$my_id') AND category = '$my_category' ORDER BY NEWID()
Should be:
SELECT title, url, category, date_published FROM post WHERE id != '$my_id' AND category = '$my_category' ORDER BY NEWID limit 3
It works with:
$query = mysql_query("SELECT title, url, category, date_published FROM post WHERE NOT(id = '$my_id') AND category = '$my_category' limit 3");
So the problem must be the ORDER BY NEWID().
Thanks for your comments everybody.
Typically you would check to see if the query was successful before operating on the result object:
<?php
$query = "SELECT fields FROM table";
$result = mysql_query($query);
if ($result)
{
// operate on results i.e. fetching assoc etc.
}
else
{
// handle error accordingly
// use mysql_error() for debugging or maybe logging
}
?>
mysql_query() returns false if the query was unsuccessful.
Also, as a few others have mentioned, your SQL syntax is incorrect and looks like TSQL/MSSQL.