I am adapting some scripts that I found through Google that monitor users who login in to a website.
This consists of including this in each page I want to monitor:
<?
include_once("config.php");
include_once("functions.php");
?>
config.php looks like this (I have removed info on actual database):
<?php
DEFINE ('DB_USER', '');// database username
DEFINE ('DB_PASSWORD', '');//database password
DEFINE ('DB_HOST', '');//database host, usually localhost
DEFINE ('DB_NAME', '');//and finally the database name
$dbc = #mysql_connect (DB_HOST, DB_USER, DB_PASSWORD) OR die ('Could not connect to MySQL: ' . mysql_error());
#mysql_select_db (DB_NAME) OR die('Could not select the database: ' . mysql_error() );
?>
functions.php looks like this:
<?php
$page = $_SERVER['PHP_SELF'];
$user = $_SESSION["name"];
$logq = "INSERT INTO logs (Name, Page, Date) VALUES ('$user', '$page', NOW())";
$logr = #mysql_query($logq);
?>
This works fine, i.e. the table in my database is populated correctly.
However the file that is supposed to generate a table on a webpage to show the information in the MySQL table isn't working. The file, logs.php, looks like this:
<?php
$lq = "SELECT id, Name, Page, DATE_FORMAT(date, '%d %M, %Y') as sd FROM logs ORDER BY id DESC LIMIT 50";
$lr = #mysql_query($lq);
if($lr){
echo "<table><th>Name</th><th>Page</th><th>Date</th>";
while($lf = mysql_fetch_array($lr, MYSQL_ASSOC)){
echo "<tr><td>" . $lf['Name'] . "</td><td>" . $lf['Page'] . "</td><td>" . $lf['sd'] . "</td></tr>";
}
echo "</table>";
}
else
{
echo "No results!";
}
?>
Even though there is data in the MySQL table I am always getting just 'No results!' showing when I browse to the page.
Can anyone see what the problem is?
Perhaps you don't have a db connection in logs.php? If your code is the full file then this should be the problem.
If so, just include config.php at the top of the page.
One thing I can see in your query is that date is a reserved word.
You need to wrap that in backticks:
"SELECT id, Name, Page, DATE_FORMAT(`date`, '%d %M, %Y')....
or rename the column.
This is probably throwing an error in your query that you are not seeing despite the trigger_error() recommendation: Error reporting is probably turned off on your server. This is the right behaviour in a production environment, because you don't want the user to see error messages. While developing however, you can activate error reporting to see what's wrong.
try do it like this
$query = "SELECT * FROM logs ORDER BY id DESC LIMIT 50";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result))
{
echo "<table><th>Name</th><th>Page</th><th>Date</th>";
echo "<tr><td>" . $row['Name'] . "</td><td>" . $row['Page'] . "</td><td>" . $row['sd'] . "</td></tr>";
echo "</table>";
}
hope it helps
Related
The code I have creates a simple high score table by taking the name and score of a player from the URL. Example: http://www.example.com/hs/test2.php?n=Jimmy&s=15000
In the example above, the player name is Jimmy and his score was 15000.
The database is MySQL.
I don't want players to be able to see this information in the URL. How can I hide it or protect it somehow? The PHP code I'm using is below:
/*test1.php*/
<?
echo "<h5>High Scores</h5>";
$con = mysql_connect("fdb3.runhosting.com","databse","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$result = mysql_query("SELECT * FROM highscores ORDER BY Score DESC LIMIT 10");
while($row = mysql_fetch_array($result))
{
echo $row['Name'] . " | " . $row['Score'];
echo "<h5> </h5>";
}
mysql_close($con);
?>
/*test2.php*/
<?php
$nam = $_GET["n"];
$sco = $_GET["s"];
$con = mysql_connect("fdb3.runhosting.com","database","password");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
$result = mysql_query( "INSERT INTO highscores (Name, Score)
VALUES ( '" . $nam . "', '" . $sco . "' ) " );
mysql_close($con);
header( 'Location: http://yoursubdomain/1st_textdocument.php' ) ;
?>
I think there might be a way to use the POST command, but I haven't been able to make it work. Anyone know how to improve this code so it doesn't show the information being past by the URL to the PHP? Thank you for any assistance! :)
Use POST instead of GET, you need to change the method in your HTML form and use $_POST instead of $_GET
So I have two pages. One shows all of the users who have filled out the form. On this page the ID is hyperlinked to the users individual page. On the individual page it should only show their individual information. When I do it, it still shows everyones information and I can't figure out how to change it.
This is my table for all the users.
<?php
//Establish the connection to the database server
$conn = mysql_connect("localhost","root", "MIS42520!$") or die (mysql_error());
//Tell the connection which database to user_error
mysql_select_db("assignment_3", $conn);
//Tell the database what you want, with an SQL statement
$sql = "select id, firstname, lastname, emailaddress from usertable";
//Run the sql statement against the connection
$result = mysql_query($sql, $conn) or die (mysql_error());
//Process the result set $result
print "<center><table id='adminTable' border=1>";
print "<tr><th>ID</th><th>First Name</th><th>Last Name</th> <th> Email Address</th> </tr>";
while($row = mysql_fetch_array($result)){
echo "<tr>";
echo "<td>{$row['id']}</td>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['emailaddress'] . "</td></tr>";
}
echo "</table></center>"; //Close the table
?>
My table for the single user is essentially exactly the same but I added the following on top
$id= $_GET['id'];
Change your $sql variable to this:
$sql = "select id, firstname, lastname, emailaddress from usertable where id='".htmlentities($_GET['id'])."'";
Well.. you need to change the statement for the page of the only one user i think
Try this
$sql = "select id, firstname, lastname, emailaddress from usertable where id =".$id;
And as #jay-blanchard say in the comment, try not to use deprecated methods/clases, use prepared statements here's the link to themysqli class
I've made a microblog system (like Twitter) using PHP and MySQL. Every time someone posts an item it includes the UNIX timestamp in the database. But my question is, how do i get the newest item on top of the page, the second to newest as second, etc? So basically, the one with the 'highest' timestamp on top of the page, the one with a bit 'less' timestamp under that.
This is what I got (I know mysql_ functions are deprecated):
<?php
/*Database test.
© 2013 Sydcul. All rights reserved.
To set the database settings, use the 'install' directory*/
include ($_SERVER['DOCUMENT_ROOT'] . '/test/config.inc.php');
$connection = mysql_connect($host, $user, $password);
mysql_select_db($database, $connection);
$messages = mysql_query("SELECT * FROM `" . $prefix . "microblog`");
while($row = mysql_fetch_array($messages))
{
$names = mysql_query("SELECT first_name,last_name FROM `" . $prefix . "data` WHERE id='" . $row['id'] . "'");
$name = mysql_fetch_assoc($names);
$fullname = $name['first_name'] . " " . $name['last_name'];
echo "<h2>Posted by " . $row['id'] . " (" . $fullname . ")</h2>";
echo $row['message'] . "<br><br>";
}
mysql_close($connection);
?>
Please explain how to do it, instead of only giving me code, otherwise I and the other people on stackoverflow can't learn from it :)
Use ORDER BY in your SQL
SELECT * FROM tablename ORDER BY datefield DESC
if you have an auto_incrementing ID field, fetch your data and ORDER BY ID or else if you have a DateField, Order by that in a descending order
ORDER BY `ID` DESC
as simple as that.
I'm just learning MYSQL / PHP. I'm having trouble with a query, it's working in myphpadmin:
select `email`, count(*) as count
from `table`
where `date` = "open"
group by `email`
order by `email`
I can't get it to work if I either write the mysql_query myself or use the php myphpadmin generates:
$sql = "select `email`, count(*) as count\
. "from `table`\n"
. "where `date` = \"open\"\n"
. "group by `email`\n"
. "order by `email`\n"
. "";
The purpose is to query a three column table of EMAIL, DATE, EVENT - where EVENT could be "open" or "bounce" and count the number of times a person opened an email.
Here's the rest of the file (I realize I should be using msqli, that's next on my list to figure out....):
<?php
$db_host = '123';
$db_user = '123';
$db_pwd = '123';
$database = '';
$table = 'test';
if (!mysql_connect($db_host, $db_user, $db_pwd))
die("Can't connect to database");
if (!mysql_select_db($database))
die("Can't select database");
sql = "select `email`, count(*) as count\n"
. "from `table`\n"
. "where `date` = \"open\"\n"
. "group by `email`\n"
. "order by `email`\n"
. "";
// sending query
$result = mysql_query($sql);
if (!$result) {
die("Query to show fields from table failed 2");
}
echo "<table border='1'>
<tr>
<th>email</th>
<th>event</th>
<th>date</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Email'] . "</td>";
echo "<td>" . $row['event'] . "</td>";
echo "<td>" . $row['date'] . "</td>";
}
echo "</table>\n";
mysql_free_result($result);
?>
I just get the "Query to show fields from table failed 2" back - the query didn't work
The '\n' in your query - was generated by myphpadmin (when I use the "generate php code" feature
I have a connection to the database, I just changed the value assigned to those variable so I wouldn't post them
I have the "$" in the $sql var in my file, just didn't get it copied over here.
So,
When I replace this query with a simple one, it works fine, but when I try the more complected query, no luck. I assume it has to do with converting the mysql WHERE date = "open" into proper (escaped?) php....
I'm not sure what the procedure is when I sorta found my own problem = The biggest issue (of several). When I used the "generate PHP code" feature on myphpadmin it didn't keep the capital "E" in Email from the name of the column in the table...
Those newline characters might be the problem...
try
$sql = "select email, count(*) as count from table where date=\"open\" group by email order by email";
Your $database variable is empty, and you are using that with your mysql_select_db
sql var in line 19 (includes empty lines) is missing $.
what is the value of $result ? or is there error before that ?
You could try using ' instead of `!
Also make sure that you have an active connection with your database. You're only checking IF the connection is possible, so I'm not sure if your actually keeping the connection intact.
Instead, you could do:
$connect = mysql_connect($db_host, $db_user, $db_pwd) or die(mysql_error());
This is definitely a beginner's question. There are two issues. The id in my MYSQL table (set to autoincrement) keeps going up, even though I delete rows from my table (I'm using phpmyadmin). As for the other issue, I can't seem to find a way to work with the row most recently entered by the user. The code echos all existing rows from MYSQL.
I've bolded the most pertinent section of code.
<?php
//establish connection to mysql
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
/*retrieve user input from input form
and initialize variables */
$Word1 = $_POST["Word1"];
$Word2 = $_POST["Word2"];
$Word3 = $_POST["Word3"];
$Word4 = $_POST["Word4"];
$Word5 = $_POST["Word5"];
//select db
mysql_select_db("madlibs", $con);
//insert user input for word 1
$sql = "INSERT INTO test (Word1, Word2, Word3, Word4, Word5)
VALUES
('$Word1', '$Word2', '$Word3', '$Word4', '$Word5')";
if(!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
$result = mysql_query ("SELECT * FROM test");
/* take note here */
while($row = mysql_fetch_array($result))
{
echo $row['Word1'] . " " . $row['Word2'] . " " . $row['Word3'] . " " .
$row['Word4'] . " " . $row['Word5'] . " " . $row['id'];
echo "<br />";
} /* take note here */
mysql_close($con);
?>
$result = mysql_query ("SELECT * FROM test order by id desc limit 1");
As for your id question...that's how ids work. They don't fill in gaps.
On a side note: Never ever put user submitted data directly into the query string. Always escape them with mysql_real_escape_string().
SELECT * FROM test ORDER BY Id DESC LIMIT 1