i cannot get a row to delete as the id is not going through the url. its a simple error somewhere and i cannot find the solution after having a look around for an hour.
this page contains the information on a table:
<?php
$result = mysql_query("SELECT review, ratings, date, user FROM reviews")
or die(mysql_error()); ;
if (mysql_num_rows($result) == 0) {
echo 'There Arent Any Reviews Yet';
} else {
echo "<table border='0'><table width=100% border='6'><tr><th>Comments/Thoughts</th><th>Ratings</th><th>Date</th><th>User</th><th>Delete</th></tr>";
while($info = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $info['review']. "</td>";
echo "<td>" . $info['ratings']. " Stars</td>";
echo "<td>" . $info['date']. "</td>";
echo "<td>" . $info['user']. "</td>";
echo "<td>" . " <a href='deletereview.php?review_id=" . $info['review_id'] . "'>Delete</a> </td>";
echo "</tr>";
}
}
echo "</table>";
?>
it goes to deletereview.php which carries out the delete function:
<?php
session_start();
require_once '../includes/db.php';
$id = $_GET['review_id'];
$info = "DELETE FROM reviews WHERE review_id = '$id'";
mysql_query($info) or die ("Error: ".mysql_error());
echo "<h2>Review Deleted</h2>";
?>
any ideas guys?
You're not selecting the review_id in the query, so $info["review_id"] is always null.
Aside from the other answers, I'll say this:
Your database will get jacked if you do not sanitize your variables.
For instance, what happens if I pass review_id=' OR '1'='1?
DELETE FROM reviews WHERE review_id = '' OR '1'='1'
This query will delete everything in reviews.
mysql_real_escape_string() your $_GET and $_POST variables before using them in your MySQL.
You forgot to select the review_id.
$result = mysql_query("SELECT review_id, review, ratings, date, user FROM reviews")
You're not selecting review_id from the database but you use $info['review_id'] to set the ID on the URL. Just change your first line to:
$result = mysql_query("SELECT review_id, review, ratings, date, user FROM reviews")
Also you must escape the input with mysql_real_escape_string:
$id = mysql_real_escape_string($_GET['review_id']);
You have to select the review_id in the query. But also you have to check for some SQL injection, because with the GET request it's easy to delete all the table records.
Related
Good day all,
I've got a code that reads the users from a database and puts them in a dropdown menu:
<?php
mysql_connect('', '', '');
mysql_select_db ("");
$sql = "SELECT id,name FROM jos_users";
$result = mysql_query($sql);
echo "<select name='deelnemers' onchange='copyId2textinput(this);'>";
while ($row = mysql_fetch_array($result)) {
echo "<option value='" . $row['id'] . "'>" . $row['name'] . "</option>";
}
echo "</select>";
?>
Now i've got another database called jos_comprofiler with also an ID and also a avatar (image).
I was wondering if somebody give me some advise to compare the ID's from the 2 tables and then show the picture.
So for example, if i click on a user in the dropdown, it must look if there's a ID match with the other table, and if there is, show the picture from 'avatar'.
Thank you for your help and excuse me for my bad english!
Query can be:
SELECT `ju`.`id`, `ju`.`name`, `jcp`.`avatar` FROM `jos_users` as `ju`
LEFT JOIN `jos_comprofiler` as `jcp` ON (`ju`.`id` = `jcp`.`id`)
Here we use a left join, which means the jos_comprofiler does not need to exist for every jos_users. In those cases the field 'avatar' will be NULL.
Then you have in row the element 'avatar' which can be either NULL or a value.
if($row['avatar'] != NULL) echo "<img src=\"".$row['avatar']."\">";
or something :) good luck
There would be some ways but I'll show fast one.
<?php
mysql_connect('', '', '');
mysql_select_db ("");
$sql = "SELECT u.id, name, avatar FROM jos_users AS u LEFT JOIN jos_comprofiler USING(id)";
$result = mysql_query($sql);
echo "<div id='imgContainer'></div>";
echo "<select name='deelnemers' onchange='showAvatar(this.value);'>";
$avatars = array();
while ($row = mysql_fetch_array($result)) {
if($row['avatar']){
$avatars[$row['id']] = $row['avatar'];
}
echo "<option value='" . $row['id'] . "'>" . $row['name'] . "</option>";
}
echo "</select>";
?>
<script>
var avatars = <?=json_encode($avatars)?>;
//alert(avatars[5]);
var avatarContainer = document.getElementById('imgContainer');
function showAvatar(id) {
if(avatars[id]===undefined) return false;
avatarContainer.innerHTML = '<img src="/path/'+avatars[id]+'" />';
}
</script>
This should work, with some modification for your code: img path, etc..
I was testing a simple employee application and got this Unknown column 'mush' in 'where clause' error. There is someone called 'mush' in the name's column.
Here's my code
<?php
// Connects to your Database
mysql_connect("localhost", "myuser", "mypass") or die(mysql_error()) ;
mysql_select_db("peoplesdb") or die(mysql_error()) ;
//Retrieves data from MySQL
$data = mysql_query("SELECT * FROM employees WHERE name = $_GET[name]") or die(mysql_error());
echo "<table border=\"1\">";
echo "<tr>";
echo "<th>First Name:</th>";
echo " <td>Last Name</td>";
echo "</tr>";
echo "<tr>";
echo "<th rowspan=\"3\"><img src=\"../about/images/".$data['photo']."\" width=\"205\" height=\"205\" alt=\"\" title=\"\"></th>";
echo $data['name'];
echo "<td>".$data['name'] ."</td>";
echo "</tr>";
echo "<tr>";
echo "<td>".$data['lastname'] ."</td>";
echo "</tr>";
echo "</table>";
?>
The aim was to display the detail on a table with a picture to the left of the table.
Here's how I tried calling the application:
http://localhost:8080/displaymembers.php?name=mush.
I have a table which contains these columns:
name, photo, telephone, lastname and dob.
Is there anything I'm going wrong that stops the details from displaying? I would like your help.
Helen.
First, you need to quote your inputs, second you need to escape them:
mysql_query("SELECT * FROM employees WHERE name = '".
mysql_real_escape_string( $_GET['name'] ) ."'");
You need to enclose it in quotes - e.g.
SELECT * FROM employees WHERE name = '{$_GET[name]}'
I would also suggest you use mysql_real_escape_string:
$data = mysql_query("SELECT * FROM employees WHERE name = '" . mysql_real_escape_string($_GET['name']) . "';") or die(mysql_error());
Try those put single quotes around your variable.
$_GET['name'];
And use mysql_real_escape_string to avoid SQL Injections.
you should try
$data = mysql_query("SELECT * FROM `employees` WHERE `name` = '".mysql_real_escape_string($_GET['name'])."'") or die(mysql_error());
as name may be reserved for mysql purposes, and I believe it is ...
I'm developing a website that has some audio courses, each course can have multiple lessons. I want to display each course in its own table with its different lessons.
This is my SQL statement:
Table: courses
id, title
Table: lessons
id, cid (course id), title, date, file
$sql = "SELECT lessons.*, courses.title AS course FROM lessons INNER JOIN courses ON courses.id = lessons.cid GROUP BY lessons.id ORDER BY lessons.id" ;
Can someone help me with the PHP code?
This is the I code I have written:
mysql_select_db($database_config, $config);
mysql_query("set names utf8");
$sql = "SELECT lessons.*, courses.title AS course FROM lessons INNER JOIN courses ON courses.id = lessons.cid GROUP BY lessons.id ORDER BY lessons.id" ;
$result = mysql_query($sql) or die(mysql_error());
while ($row = mysql_fetch_assoc($result)) {
echo "<p><span class='heading1'>" . $row['course'] . "</span> </p> ";
echo "<p class='datum'>Posted onder <a href='*'>*</a>, latest update on " . strftime("%A %d %B %Y %H:%M", strtotime($row['date']));
}
echo "</p>";
echo "<class id='text'>";
echo "<p>...</p>";
echo "<table border: none cellpadding='1' cellspacing='1'>";
echo "<tr>";
echo "<th>Nr.</th>";
echo "<th width='450'>Lesso</th>";
echo "<th>Date</th>";
echo "<th>Download</th>";
echo "</tr>";
echo "<tr>";
echo "<td>" . $row['nr'] . "</td>";
echo "<td>" . $row['title'] . "</td>";
echo "<td>" . strftime("%d/%m/%Y", strtotime($row['date'])) . "</td>";
echo "<td><a href='audio/" . rawurlencode($row['file']) . "'>MP3</a></td>";
echo "</tr>";
echo "</table>";
echo "<br>";
}
?>
One thing that comes to mind is you're starting with lessons and pulling the course details over with it. That means you're going to have a new row per lesson with a joined course. You may want to sort by course (so they're grouped) then (in PHP) keep a tally of "current course". When the course changes, switch to new heading paragraph, table, etc.
Pseudo code:
$currentCourse = null; // intitialize the course
$query = your select sorted by course;
while ($row in $query)
{
if ($currentCourse != $row['course'])
{
if (!is_null($currentCourse))
{
// there was a course before it, close the current one
}
// begin setting up heading1, table beginning, etc.
$currentCourse = $row['course']; // set this as the active course
}
// dump the current row as a table entry
}
// close the table (same code as in the second if statement)
You close the while loop on line 8 of your code block. Remove that '}' on line 8.
Also the HTML element doesn't exists!
I think I know what's your problem. You need a while loop that loops al the "courses" and in that loop you execute a second query where you select the lessons where the course_id is equal to the current course id you're looping. A little dummy code for you.
<?php
while($row = mysql_fetch_assoc(mysql_query("SELECT * FROM courses"))) {
//display the course
while($row2 = mysql_fetch_assoc(mysql_query("SELECT * FROM lessons WHERE course_id=" . $row['id']))) {
//display the lessons of that course
}
}
?>
I am trying to delete the records from the users table in mysql,
the code goes like this.
if(isset($_GET['id'])) {
//create query to delete the record
$query = "DELETE FROM users WHERE id =" . int($_GET['id']) or die(mysql_error());
//execute query
if($mysqli->query($query)) {
//print number of affected rows
echo $mysqli->affected_rows. " row(s) affected";
}
else {
//print error message
echo "Error in query : $query " . $mysqli->error;
}
}
else {
echo "Could not Execute the Delete query";
}
at the same time i am iterating the records from the users table in the database and it goes like this.
//query to get records
$query = "SELECT * FROM users";
//execute query
if($result = $mysqli->query($query)) {
// see if any rows were returned
if($result->num_rows > 0) {
// if yes then print one after another
echo "<table cellpadding=10 border=1>";
while($row = $result->fetch_array()) {
echo "<tr>";
echo "<td>" .$row[0] . "</td>";
echo "<td>" .$row[1] . "</td>";
echo "<td>" .$row[2] . "</td>";
echo "<td>Delete</td>";
echo "</tr>";
}
echo "</table>";
}
$result->close();
}
the problem is, i am able to get the records from the database and display it in the browser but when i try to delete the record the first condition does not pass i.e if(isset($_GET['id'])) instead it goes to else condition and print the message "Could not Execute the Delete query " , i guess it is not able to fetch the $_GET['id'] so only it refuses to enter the if condition,
P.S :i would appreciate if someone explains me in simple words, i am a newbie to programming, thanks..
You are missing an =:
echo "<td>Delete</td>";
HERE -------------------^
"DELETE FROM users WHERE id =" . int($_GET['id']) or die(mysql_error());
Shouldn't it be intval instead? There's no function int in PHP. There's also (less preferably) the cast to int, like this: (int) $_GET['id']).
$result = mysql_query("SELECT avg(r.rate) FROM rate r where ImgName='1'");
this php is not working.
Originally my code is
<?php
$con = mysql_connect("localhost","root","sql");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("photogallery", $con);
$result = mysql_query("SELECT avg(r.rate) FROM rate r ");
echo "<table border='0' cellspacing='5'>";
echo "<th> Average Rating </td>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td> " . $row['rate'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
the above is not showing any out put.
but modify code i.e. then its workin.
$result = mysql_query("SELECT r.rate FROM rate r ");
but i want to aggregate function
thanks in advance
you can use an alias:
SELECT avg(r.rate) AS rate_average
FROM rate r
WHERE ImgName='1'
and then output:
echo "<td> " . $row['rate_average'] . "</td>";
Your query is producing a scalar rather than a set of rows. If you want to get the average rate per item then you should do something like:
SELECT avg(r.rate) FROM rate r GROUP BY ItemIdColumn
And yes, if you want to fetch the value by column name, you should use an alias, like knittl mentioned.