I've been reading about what others have done with this error and have made changes to my php.ini file, added code to override another php setting, and still end up with this same error. Here is my code:
<html>
<body>
<table>
<?php error_reporting (E_ALL ^ E_NOTICE); ?>
<?php
function getRecords($query) {
$con = mysql_connect("localhost", "movie", "moviepw");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("movies", $con);
$result = mysql_query($query);
// THE ERROR IS REPORTED ON THIS LINE
return $result;
}
function buildQuery() {
$keyword = $_GET['keyword'];
$sql = "SELECT * from movies WHERE
(
'movie_title' LIKE '%keyword%'
OR
'movie_description' LIKE '%keyword%'
)";
return $sql;
}
$query = buildQuery();
$records = getRecords($query);
while($row = mysql_fetch_array($records)){ ?>
<tbody>
<table border='1'>
<tr>
<td><?= $row['movie_title']; ?></td>
<td><?= $row['movie_rating']; ?></td>
<td> <img src="<?= $row['movie_image'];?>"> </td>
<td><?= $row['movie_description']; ?></td>
<td>Return to Search</td>
</tr>
<? } ?>
</tbody>
</table>
</body>
</html>
Any idea why I'm getting this error?
The editor had added spaces that were not deletable. I had to delete several lines and rewrite them. So, this issue wasn't exactly with the code...just a text editor software problem.
The other error I had was a boolean error with my query. Turns out I was trying to query the database instead of the table.
Thanks for all the help with this!
Remove the single quotes from the column names in your query. This may not be the only error, if the PHP interpreter is still complaining about ASCII 29.
$sql = "SELECT * from movies WHERE
(
'movie_title' LIKE '%keyword%'
OR
'movie_description' LIKE '%keyword%'
)";
// Should be
$sql = "SELECT * from movies WHERE
(
movie_title LIKE '%keyword%'
OR
movie_description LIKE '%keyword%'
)";
Related
I'm using the following code to search the generated table and filter data. My problem is that when I search for lets say 1, it doesn't search & filter only 1 but also the data containing 1 like 11, 21, etc. .
How can I make it search and filter the exact data I enter?
<?php
if(isset($_POST['search']))
{
$valueToSearch = $_POST['valueToSearch'];
// search in all table columns
// using concat mysql function
$query = "SELECT * FROM `tbstats` WHERE CONCAT(`date`, `mode`, `svar`, `sdev`) LIKE '%".$valueToSearch."%'";
$search_result = filterTable($query);
}
else {
$query = "SELECT * FROM `tbstats`";
$search_result = filterTable($query);
}
function filterTable($query)
{
$connect = mysqli_connect("localhost", "root", "", "dbstats");
$filter_Result = mysqli_query($connect, $query);
return $filter_Result;
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Stats</title>
<style>
table,tr,th,td
{
border: 1px solid black;
}
</style>
</head>
<body>
<form action="stats_filter.php" method="post">
<input type="text" name="valueToSearch" placeholder="Value To Search"><br><br>
<input type="submit" name="search" value="Filter"><br><br>
<table>
<tr>
<th>Date</th>
<th>Mode</th>
<th>Svar</th>
<th>Sdev</th>
</tr>
<?php while($row = mysqli_fetch_array($search_result)):?>
<tr>
<td><?php echo $row['date'];?></td>
<td><?php echo $row['mode'];?></td>
<td><?php echo $row['svar'];?></td>
<td><?php echo $row['sdev'];?></td>
</tr>
<?php endwhile;?>
</table>
</form>
</body>
</html>
When you do LIKE '%".$valueToSearch."%' you search for value that contain %value%.
If you want to search for value that start with your valueToSearch use LIKE '".$valueToSearch."%', for value that end with your valueToSearch use LIKE '%".$valueToSearch."' and for exact value use = '".$valueToSearch."'.
So in your case just replace LIKE '%".$valueToSearch."%' by = '".$valueToSearch."'
Edit :
In your case, you are doing some CONCAT so I guess you want to find the exact value in one of your field, right?
If yes, try to replace :
$query = "SELECT *
FROM `tbstats`
WHERE CONCAT(`date`, `mode`, `svar`, `sdev`) LIKE '%".$valueToSearch."%'";
by
$query = "SELECT *
FROM `tbstats`
WHERE `date` = '".$valueToSearch."'
OR `mode` = '".$valueToSearch."'
OR `svar` = '".$valueToSearch."'
OR `sdev` = '".$valueToSearch."'";
This way you will return data only if your exact searchValue is present inside one or your four field
Currently you concat all your columns to a single string and then search for an occurance of your search string anywhere in this concatenated string.
What you might actually want is to match each column exactly against your search string and return every row, which has an exact match in any column. To do an exact match, don't use LIKE. A simple = is what you want. To combine them, simply use the OR operator.
$query = "SELECT * FROM tbstats WHERE
date = '" . $valueToSearch . "' OR
mode = '" . $valueToSearch . "' OR
svar = '" . $valueToSearch . "' OR
sdev = '" . $valueToSearch . "'";
On top of that, you should realy escape your input or even better, use prepared statements.
Can anyone help me to figure out the error in my code? i want to display data through two input search..my code goes like these.
<table>
<tr>
<td>Studid</td>
<td>Course</td>
</tr>
<?php
include ("connect.php");
if(isset($_POST['submit']))
{
$studno=$_POST['idsearch'];
$scourse=$_POST['coursesearch'];
$sql=mysql_query("SELECT * FROM cfnr WHERE studid= ".$studno." AND course=".$scourse."");
}
?>
<?php
while($row=mysql_fetch_array($sql))
{
}
?>
<tr>
<td><?php echo $row['studid'];?></td>
<td><?php echo $row['course'];?></td>
</tr>
</table>
i got this error in my screen.
"mysql_fetch_array() expects parameter 1 to be resource, boolean given in "
thanks! :)
You should use a bit of debugging. Try this:
$sql = "SELECT * FROM cfnr WHERE studid= '".$studno."' AND course = '".$scourse."'";
$query = mysql_query($sql) or die(__LINE__."has an error: ".mysql_error()); // Gives an error if there's a syntax error
$row = mysql_fetch_array($query);
echo "<pre>";
print_r($row);
exit;
while ($row = mysql_fetch_array($query)) {
/* Other code */
}
Replace your sql with below line :
$sql=mysql_query("SELECT * FROM cfnr WHERE studid= ".$studno." AND course=".$scourse."") or die(mysql_error());
The issue is your `$sql variable is within the if condition and if your if condition fails there is no scope of $sql outside of if condition
Instead of
while($row=mysql_fetch_array($sql))
Use
while($row=#mysql_fetch_array($sql))
you will not get this error.
("SELECT * FROM cfnr WHERE studid= '$studno' AND course ='$scourse.'") or die(mysql_error());
Change the code :
while($row=mysql_fetch_array($sql))
to
while($row=mysql_fetch_assoc($sql))
and also change this code:
$sql=mysql_query("SELECT * FROM cfnr WHERE studid= ".$studno." AND course=".$scourse."");
to
$sql=mysql_query("SELECT * FROM cfnr WHERE studid= '$studno' AND course='$scourse'");
Not only that, the close brace of the isset() should be on before your (?>) last closing php tag.
Change the code :
include ("connect.php");
to
include 'connect.php';
I want to make a link to delete a record from database using dynamic links with php however i couldn't figure it out
this is my code :
<?php
$query = "SELECT * FROM posts ";
$result = mysqli_query($connect, $query);
?>
<table>
<tr style="background: #afafaf;">
<th>Id</th>
<th>Title</th>
<th>Action</th>
</tr>
<?php
while($rows = mysqli_fetch_assoc($result)){
echo "<tr>";
echo "<td class=\"center\">".$rows['id']."</td>";
echo "<td>".$rows['title']."</td>";
echo "<td> delete</td>";
echo "</tr>";
}
?>
</table>
the output link would be like .../delete.php?id=X
can anyone help me write the code for delete.php ?
Have the below code in your page. This first checks if $_GET['id'] is set. It will only run if it is, that way you don't get Undefined Index error.
<?php
if (isset($_GET['id'])) {
$deleteId = htmlspecialchars($_GET['id'], ENT_QUOTES);
$delete = "DELETE FROM `posts` WHERE `id` = " . $deleteId;
}
?>
I also used htmlspecialchars to sanitize the user input. You could run some validation using ctype_digit to ensure that the input is actually an integer.
I suggest using prepared statement in MySQLi to prevent SQL injection.
Edit 1
Example with ctype_digit. This checks if the id is set and if it is a number, technically you could just use ctype_digit because if id is empty then ctype will return false as var_dump(ctype_digit("")); will return false, with that logic in mind, the value must be set for ctype_digit to work and it must be an integer.
<?php
if (ctype_digit($_GET['id'])) {
$deleteId = htmlspecialchars($_GET['id'], ENT_QUOTES);
$delete = "DELETE FROM `posts` WHERE `id` = " . $deleteId;
}
?>
That would be something like this:
$deleteId = $_GET['id'];
$sql = "DELETE FROM posts WHERE id = ".$deleteId;
Remember to escape your variables before sending them off to the MySQL server.
Hey guys I'm pretty new at PHP, I'm not too sure what Ive done wrong and I've been working at this for a few hours and cant seem to see whats wrong with it (there's no error which makes things more fun) what it actually does, it runs fine but it does not display the data from my database and only shows up with the column headers and that's it.
I would appreciate any advice at this point. What my code does is that it grabs some information 'staffID' from a form and uses that to display data that associates with it (like a search function) I'm using a 'join' function just for practice with the database I'm using.
As I said I'm completely new to this so this so I could be completely wrong with my code
<?php $staffidstr = $_GET["staffID"];
$conn = mysql_connect("xxxxxxx", "xxxxxx", "xxxxxxx");
mysql_select_db("xxxxxxxx", $conn)
or die ('Database not found ' . mysql_error() );
$sql = "SELECT orderID, orderDate, shippingDate, staffName
FROM purchase, staff
WHERE purchase.staffID = staff.staffID
AND staff.staffID = '%$staffidstr%'
ORDER BY staff.staffName";
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
?>
<?php echo "$staffidstr"; ?>
<table border="1" summary="Purchase Details">
<tr>
<th>Order ID</th>
<th>Order Date</th>
<th>Shipping Date </th>
<th>Staff Name</th>
</tr>
<?php
while ($row = mysql_fetch_array($rs)) { ?>
<tr>
<td><?php echo $row["orderID"]?></td>
<td><?php echo $row["orderDate"]?></td>
<td><?php echo $row["shippingDate"]?></td>
<td><?php echo $row["staffName"]?></td>
</tr>
<?php }
mysql_close($conn); ?>
I'm pretty sure it's following part of the WHERE clause
staff.staffID = '%$staffidstr%'
That should be most likely
staff.staffID = '$staffidstr'
The % character has no special meaning using the = operator, so your query will return not a single row.
Hey, yeah, I've tried so many times to get rid of this error:
Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING
I'm thinking it's a sql problem, but it's only a simple query I'm running. Any help would be greatly appreciated.
$connDB = mysql_connect($host, $user, $pass)
or die("Connect Error: ".mysql_error());
$sql = "SELECT * FROM `images` WHERE `iimageid` = '" . $iimageid . "'";
$runSQL = mysql_query($sql, $connDB);
echo $sql;
?>
<table cellpadding="0" cellspacing="0" border="0">
<tr>
<td valign="top">
<? while($display_info = mysql_fetch_array($runSQL)) { ?>
<a href="sfd/pimages/<? echo $display_info['vimage']; ?>" rel="lightbox[g]"><img src="sfd/pimages/thumb/"<? echo $display_info['vimage']; ?>">
<br>
<? } ?>
</td>
</tr>
</table>
</td>
Ok nm, I found it pretty quickly after submitting this thing. $iimageid wasn't being pulled, taken care of now. :)
Try this (Without the ticks)
$sql = "SELECT * FROM images WHERE iimageid = '" . $iimageid . "'";
or (typecasting to integer)
$sql = "SELECT * FROM images WHERE iimageid = ". (int)$iimageid;
If its an integer value always typecast to integer, then any text string it will automatically set to 0 "For security purposes"
It looks like your SQL statement is invalid to me, try:
"SELECT * FROM images WHERE iimageid = '" . $iimageid . "'";
Looks like a PHP error to me, not MySQL. Those error codes are normally by the PHP interpreter finding something it doesn't like in your code.
You also appear to have not closed off the <a> tag?
And there appears to be an extra " after your 'thumb/' part of the <img> tag.
I would re-write this section;
<? while($display_info = mysql_fetch_array($runSQL)) { ?>
<a href="sfd/pimages/<? echo $display_info['vimage']; ?>" rel="lightbox[g]"><img src="sfd/pimages/thumb/"<? echo $display_info['vimage']; ?>">
<br>
<? } ?>
As follows, see if that helps.
<?
while ( $display_info = mysql_fetch_array($runSQL) ) {
print "<a href=\"sfd/pimages/{$display_info['vimage']}\" rel=\"lightbox[g]\">";
print "<img src=\"sfd/pimages/thumb/{$display_info['vimage']}\">";
print "</a><br>\n";
}
?>
Everytime someone uses mysql_* functions, baby raptor jesus eats a lolcat. You should start using PDO ( http://fr.php.net/manual/en/book.pdo.php ), and for the part mixing html and php you may prefer the alternative syntax http://www.php.net/manual/en/control-structures.alternative-syntax.php