I have an admin area in an ecommerce website whereby the admin can view all users on the allusers.php page. The users are listed in a table with their personal information, however i have a 'view profile' button near each user whereby if you was to click on it, it would take you to another page where you can view that specific users past orders.
the following is the code i have for allusers.php:
<?php
$result = mysql_query("SELECT * FROM customers ")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>First Name</th><th>Surname</th><th>Address</th><th>E-Mail</th><th>Username</th><th>View Profile</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['surname']. "</td>";
echo "<td>" . $info['address1']. $info['address2']. $info['city']. $info['postcode']." </td>";
echo "<td>" . $info['email']. "</td>";
echo "<td>" . $info['username']. "</td>";
echo "<td>" . " <a href='view.php'>View</a> </td>";
}
}
echo "</tr>";
echo "</table>";
?>
the view.php page is as follows:
<?php
$result = mysql_query("SELECT * FROM order WHERE ......dont know what to enter here")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders For This Customer Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>Product</th><th>Quantities</th><th>Date</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['quantity']. "</td>";
echo "<td>" . $info['date']. " </td>";
}
}
echo "</tr>";
echo "</table>";
?>
I have a mysql database with the following fields & tables:
Customers - id, name, surname, address1, address2, city, postcode, email, username, password
Products - serial, name, description, price, picture
Order - id, name, quanitity, price, date, username
Thanks for any help provided
Your code lacks any sort of security mechanisms... This is very bad, especially in an e-commerce setting.
Excusing that, you would pass the username to the view page in the URL.
echo "<td>" . " <a href='view.php?user=" . $info['username'] . "'>View</a> </td>";
In your view page, you would get the parameter from the URL and include it with your query.
if (isset($_GET) && isset($_GET['user'])) {
$user = mysql_real_escape_string($_GET['user']);
} else {
header('Location: allusers.php');
exit(); // boot them back to the previous page.
}
$result = mysql_query("SELECT * FROM order WHERE username = '" . $user . "'")
A simple method could be the follow. Replace this line in alluser.php
echo "<td>" . " <a href='view.php'>View</a></td>";
with this one
echo '<td>View</td>';
and then, in your view.php have
if (isset($_GET['username']) && $_GET['username'] != '')
{
$username = mysql_real_escape_string($_GET['username']);
$result = mysql_query("SELECT * FROM order WHERE username = '$username'");
}
else
{
// No user specified. Do other statements
}
Please note the use of:
The user of the mysql_real_escape_string() function to protect from Sql injection (would be better the use of a prepared statements)
The use of the parameter username in the first page to pass the value of the username to the second page
The use of the $_GET global array to retrieve the parameter
Try this:
allusers.php
<?php
$result = mysql_query("SELECT * FROM customers ")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>First Name</th><th>Surname</th><th>Address</th><th>E-Mail</th><th>Username</th><th>View Profile</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['surname']. "</td>";
echo "<td>" . $info['address1']. $info['address2']. $info['city']. $info['postcode']." </td>";
echo "<td>" . $info['email']. "</td>";
echo "<td>" . $info['username']. "</td>";
echo "<td>" . " <a href='view.php?user={$info['username']}'>View</a> </td>";
}
}
echo "</tr>";
echo "</table>";
?>
view.php
<?php
$user = mysql_real_escape_string($_GET['user']);
$result = mysql_query("SELECT * FROM order WHERE user = '$user'")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Orders For This Customer Yet';
} else {
echo "<table border='0'><table border width=100%><tr><th>Product</th><th>Quantities</th><th>Date</th>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['name']. "</td>";
echo "<td>" . $info['quantity']. "</td>";
echo "<td>" . $info['date']. " </td>";
}
}
echo "</tr>";
echo "</table>";
?>
Related
I am working on a website whereby a load of advertisers are stored in the DB and then displayed to the user by there logo. I know storing directly in to the DB for images is not the done thing, however, I am starting out this way, to get the website running and then will refactor to move to a much more suitable approach.
Currently, I have the following PHP code:
<?php
session_start();
require_once "config.php";
// Create connection
if($link === false){
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "SELECT * FROM advertisers";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0){
echo "<table>";
echo "<tr>";
echo "<th>id</th>";
echo "<th>advertiser_Name</th>";
echo "<th>advertiser_URL</th>";
echo "<th>advertiser_Category</th>";
echo "<th>advertiser_logo</th>";
echo "</tr>";
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['advertiser_id'] . "</td>";
echo "<td>" . $row['advertiser_Name'] . "</td>";
echo "<td>" . $row['advertiser_URL'] . "</td>";
echo "<td>" . $row['advertiser_Category'] . "</td>";
echo "<td>" . $row['<img src="data:image/jpeg;base64,'.base64_encode($row['advertiser_logo']).'"/>'] . "</td>";
echo "</tr>";
}
echo "</table>";
// Free result set
mysqli_free_result($result);
} else{
echo "No records matching your query were found.";
}
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
However, the images are displayed when called from the DB but they are displayed in the warning message rather than in the table?
<?php
session_start();
require_once "config.php";
// Create connection
if ($link === false)
{
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "SELECT * FROM advertisers";
if ($result = mysqli_query($link, $sql))
{
if (mysqli_num_rows($result) > 0)
{
echo "<table>";
echo "<tr>";
echo "<th>id</th>";
echo "<th>advertiser_Name</th>";
echo "<th>advertiser_URL</th>";
echo "<th>advertiser_Category</th>";
echo "<th>advertiser_logo</th>";
echo "</tr>";
while ($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['advertiser_id'] . "</td>";
echo "<td>" . $row['advertiser_Name'] . "</td>";
echo "<td>" . $row['advertiser_URL'] . "</td>";
echo "<td>" . $row['advertiser_Category'] . "</td>";
echo "<td><img src='data:image/jpeg;base64," . base64_encode($row['advertiser_logo']) . "'/></td>";
echo "</tr>";
}
echo "</table>";
// Free result set
mysqli_free_result($result);
}
else
{
echo "No records matching your query were found.";
}
}
else
{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
The fact that is showing the image in the warning is because you're using a tag with the source as an array key which is not correct.
The array keys, so what is inside the square bracket, is the reference to the array position. If you're familiar with C for example is the 0, 1, ecc.. and not the value itself.
Yes as #NigelRen mentioned this row $row['<img src="data:image/jpeg; looks very bad.
I think you should use:
echo "<td><img src='data:image/jpeg;base64," . base64_encode($row['advertiser_logo']) . "'/></td>";
Thanks, friends, for the help and feedback. I know i am not good with PHP but still trying to learn and playing with it :D -- My table contains duplicate entries against evaid as Open Close or In Process --- with below code I get the last entered status from DB against each status by using query and if statement to show the data but i want to get the count of it as well. Anyone can help me out --- For example ---
$sql = "SELECT * FROM (SELECT * FROM disagreements ORDER BY addeddate DESC) disagreements GROUP BY evaid";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_assoc($result)) { // Here with this query I got last entered status of each row against evaid – as 2 Open – 5 in Process and 10 Closed --- with below if statement – I can echo the rows with status but I want to have count of it that how many are open, in process or closed
if($row["status"]=='Open') { // I want to count this value as 2
echo "<tr>";
echo "<td>" . $row["evaid"]. "</td>";
echo "<td>" . $row["status"]. "</td>";
echo "</tr>";
}
}
} else {
echo "Nothing to Display";
}
mysqli_close($conn);
<?php
$count['open'] = 0;
$count['close'] = 0;
$count['process'] = 0;
while($row = mysqli_fetch_assoc($result)) {
if($row["status"]=='Open')
{
$count['open']++;
echo "<tr>";
echo "<td>" . $row["evaid"]. "</td>";
echo "<td>" . $row["status"]. "</td>";
echo "</tr>";
}
if($row["status"]=='Close')
{ // I want to count this value as 2
$count['close']++;
echo "<tr>";
echo "<td>" . $row["evaid"]. "</td>";
echo "<td>" . $row["status"]. "</td>";
echo "</tr>";
}
if($row["status"]=='Process')
{ // I want to count this value as 2
$count['process']++;
echo "<tr>";
echo "<td>" . $row["evaid"]. "</td>";
echo "<td>" . $row["status"]. "</td>";
echo "</tr>";
}
}
print_r($count);
?>
// Hii.. You can get a count from your SQL query itself, try this
$sql = "SELECT *, COUNT(ID) AS COUNT FROM (SELECT * FROM disagreements ORDER BY addeddate DESC) disagreements GROUP BY evaid";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0)
{
while($row = mysqli_fetch_assoc($result))
{
if($row["status"]=='Open')
{
echo "<tr>";
echo "<td>" . $row['count'] . "</td>"; // here you will get a count
echo "<td>" . $row["evaid"]. "</td>";
echo "<td>" . $row["status"]. "</td>";
echo "</tr>";
}
}
}
else
{
echo "Nothing to Display";
}
mysqli_close($conn);
I wrote this code to retrieve some rows form database
session_start();
$con = mysqli_connect('localhost', 'root', '');
if(!$con)
{
die("not ok");
}
mysqli_select_db($con,"uoh");
$q = " SELECT * FROM student WHERE id = " . $_SESSION['user_id'] ." and password = " . $_SESSION['user_pass'];
$result = mysqli_query($con , $q ) ;
if($row = mysqli_fetch_array($result))
{
echo "this academic transcripts for " . $row["name"];
echo " and the id is " . $row["id"];
}
$q1 = " SELECT student_record.course,student_record.grade,student_record.term,coe_courses.crd
FROM student_record INNER JOIN coe_courses ON student_record.course_number = coe_courses.course_number
where student_record.id = ".$_SESSION['user_id'] ;
$result = mysqli_query($con , $q1 ) ;
if($row = mysqli_fetch_array($result))
{
echo "<br />";
echo "<table border=\"1\" style=\"width:500\">";
echo "<tr>";
echo "<th>coe_courses</th>";
echo "<th>terms</th>";
echo "<th>Grades</th>";
echo "<th>CRD</th>";
echo "</tr>";
echo "<tr>";
echo "<td>" . $row["course"]. "</td>";
echo "<td>" . $row["term"]. "</td>";
echo "<td>" . $row["grade"]. "</td>";
echo "<td>" . $row["crd"]. "</td>";
echo "</tr>";
echo "</table>";
}
The problem is that only shows the first row while I have three rows in phpMyAdmin.
enter image description here
You need to call fetch_* repeatedly to retrieve all rows from your result set; each time you call it it retrieves the next row in the result set.
In your sample code above, you would replace
if ($row = mysqli_fetch_array($result))
{
with
while ($row = mysqli_fetch_array($result))
{
This will loop until fetch_array tries to read beyond the last record in $result, at which point fetch_array returns false and the loop exits.
I'm creating a display for a student module webpage that displays in this format
2001/02
Computer Science
Biology
Lorem Ipsum
2002/03
Subject
Subject
Subject
In that style
The data base I'm using contains information such as
year(2001/02)
credit(10)
mods.mid(CS500)
mtitle(module title - software engineering, biology, chemistry...etc)
the PHP code I have displays every module title, so literally I giant list of modules whereas I want to split it out like up there described, Years displayed THEN every module for that year. Any one people help me? Code down below:
<?php
echo "<table cellspacing='40'>";
$query2 ="SELECT mods.mid, ayr, mtitle, credits FROM stud, smod, mods WHERE stud.sid = '".$_POST['stuNo']."' and stud.sid = smod.sid and smod.mid = mods.mid order by ayr ASC";
$result = mysql_query($query2) or die(mysql_error());
echo "Enrolment and progress";
echo "<table width='150' border='1'>";
echo "<th> Module Selection</th>";
echo"<td>".$row["ayr"]."</td>";
while ($row = mysql_fetch_array($result))
{
$temp_year=$row["ayr"];
echo "<tr>";
if ($temp_year!=$row["ayr"]){
echo "<td>" . $row["ayr"] . "</td>";
}
echo "<td>" . $row["mid"] . "</td>";
echo "<td>" . $row["mtitle"] . "</td>";
echo "<td>" . $row["credits"] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
I wouldn't know how to seperate it by year, any help is great. thank you.
I would probably code it like this, probably not the only way but should work based on what I believe you are trying to achieve. Please make sure to add the "order by" to your SQL query as well.
echo "<table cellspacing='40'>";
$query2 = "SELECT mods.mid, ayr, mtitle, credits FROM stud, smod, mods WHERE stud.sid = '".$_POST['stuNo']."' and stud.sid = smod.sid and smod.mid = mods.mid ORDER BY ayr DESC";
$result = mysql_query($query2) or die(mysql_error());
echo "Enrollment and Progress";
echo "<table width='150' border='1'>";
echo "<tr><td colspan="3"><b>Module Selection</b></td></tr>";
$year = "";
while ($row = mysql_fetch_array($result)) {
if ($year != $row["ayr"]) {
echo "<tr><td colspan="3"><b>" . $row["ayr"] . "</b></td></tr>";
$year = $row["ayr"];
}
echo "<tr>";
echo "<td>" . $row["mid"] . "</td>";
echo "<td>" . $row["mtitle"] . "</td>";
echo "<td>" . $row["credits"] . "</td>";
echo "<tr>";
}
echo "</table>";
I have two tables in mysql
practice_sheets and parent_pin
And I want to use one select statement and get data from both tables.
I have tried
$result = mysqli_query($con,"SELECT * FROM practice_sheets AND parent_pin
WHERE student_name='$_SESSION[SESS_FIRST_NAME] $_SESSION[SESS_LAST_NAME]'");
and also:
$result = mysqli_query($con,"SELECT * FROM practice_sheets, parent_pin
WHERE student_name='$_SESSION[SESS_FIRST_NAME] $_SESSION[SESS_LAST_NAME]'");
I've never tried to do this before and the previous solutions are what I found searching.
Update
I think it would help if I included my full code. the table data is going into a table on my page. the student_name field from the practice_sheets and parents_student from parent_pin will be matched.
<?php
$con=mysqli_connect();
// Check connection
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM practice_sheets
WHERE student_name='$_SESSION[SESS_FIRST_NAME] $_SESSION[SESS_LAST_NAME]'");
$numrows = mysqli_num_rows($result);
if($numrows == 0) {
echo "<div class='alert alert-danger'>";
echo "No Entries, See your instructor for details.";
echo "</div>";
} else {
echo "<table class='mws-table table-striped table-hover'>";
echo "<thead align='center'>";
echo "<tr>";
echo "<th>Sheet Number</th>";
echo "<th>Total Minutes</th>";
echo "<th>Due Date</th>";
echo "<th>PIN</th>";
echo "<th>View</th>";
echo "</tr>";
echo "</thead>";
echo "<tbody align='center'>";
while($row = mysqli_fetch_array($result)){
if ($row["total_min"]>=$row["required_min"]) {
echo "<tr class='success'>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['total_min'] . "</td>";
echo "<td>" . $row['due_date'] . "</td>";
echo "<td>" . $row['parent_pin'] . "</td>";
echo "<td> <a href='account/practiceSheets?id=" . $row["id"] . "&total_min=" . $row["total_min"] ."&due_date=" . $row["due_date"] ."&mon_min=" . $row["mon_min"] ."&tues_min=" . $row["tues_min"] ."&wed_min=" . $row["wed_min"] ."&thurs_min=" . $row["thurs_min"] ."&fri_min=" . $row["fri_min"] ."&sat_min=" . $row["sat_min"] ."&sun_min=" . $row["sun_min"] ."&name=" . $row["student_name"] ."&assignment=" . $row["assignment"] ."&required_min=" . $row["required_min"] ."'> <i class='icon-eye-open'> </i> </a> </td>";
echo "</tr>";
} else {
echo "<tr class='info'>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['total_min'] . "</td>";
echo "<td>" . $row['due_date'] . "</td>";
echo "<td>" . $row['parent_pin'] . "</td>";
echo "<td> <a href='account/practiceSheets?id=" . $row["id"] . "&total_min=" . $row["total_min"] ."&due_date=" . $row["due_date"] ."&mon_min=" . $row["mon_min"] ."&tues_min=" . $row["tues_min"] ."&wed_min=" . $row["wed_min"] ."&thurs_min=" . $row["thurs_min"] ."&fri_min=" . $row["fri_min"] ."&sat_min=" . $row["sat_min"] ."&sun_min=" . $row["sun_min"] ."&name=" . $row["student_name"] ."&assignment=" . $row["assignment"] ."&required_min=" . $row["required_min"] ."'> <i class='icon-eye-open'> </i> </a> </td>";
echo "</tr>";
}
}
echo "</tbody>";
echo "</table>";
mysqli_close($con);
}
?>
$result = mysqli_query($con,"SELECT *
FROM practice_sheets, parent_pin
WHERE student_name = parents_student
AND student_name='$_SESSION[SESS_FIRST_NAME] $_SESSION[SESS_LAST_NAME]'");
Use explicit names for WHERE statament, e.g.
$result = mysqli_query("SELECT student_name.practice_sheets FROM practice_sheets AND parent_pin WHERE student_name.practice_sheets = '{$_SESSION['SESS_FIRST_NAME']} {$_SESSION['SESS_LAST_NAME']}'");
MySQL will not AFAIK automatically check where the constraints are and rightly so considering that you may have conflicting names. Note that this is still pseudo code and you will need to change the fetched results accordingly. Usually it is considered to be good practice to also define explicitly the columns you wish to fetch, but otherwise you can use JOIN as well.
And to help writing shorter code, you can also use shorthands for the table names, e.g.
$result = mysqli_query("SELECT student_name.ps AS name, pin.pp AS pin FROM practice_sheets AS ps, parent_pin AS pp WHERE student_name.ps = '{$_SESSION['SESS_FIRST_NAME']} {$_SESSION['SESS_LAST_NAME']}'");
Update
You also have in your updated version an issue. You call mysqli_fetch_array, which returns an ordered (i.e. numbered) array. If you wish to use keyed, use mysqli_fetch_assoc.
And you are closing the MySQL connection at the moment only if the query was successful. Move mysqli_close outside of the brackets.