guys please check my codes in displaying record..
<?php
include("db.php");
$username=$_POST['username'];
$email=$_POST['email'];
$query="SELECT * FROM members where username = '$username'";
$result=mysql_query($query);
$num=mysql_numrows($result);
mysql_close();
?> <br /> <p></p>
Welcome back! Your details below: <br /><br />
<table border="1" cellspacing="2" cellpadding="5">
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>User Name</th>
<th>Email</th>
<th>Age</th>
</tr>
<?
$i = 0;
while ($i < $num) {
$firstname=mysql_result($result, $i, 'firstname');
$lastname=mysql_result($result, $i, 'lastname');
$username=mysql_result($result, $i, 'username');
$email=mysql_result($result, $i, 'email');
$age= mysql_result($result, $i, 'age');
?>
<tr>
<td><? echo $firstname ?></td>
<td><? echo $lastname ?></td>
<td><? echo $username ?></td>
<td><? echo $email ?></td>
<td><? echo $age ?></td>
</tr>
<?
$i++;
}
echo "</table>"; ?>
is it correct?
:-(
There's nothing fatally wrong with your code but there's a few very basic alterations i would make:
<?php
include "db.php";
$username=$_POST['username'];
$email=$_POST['email'];
// added mysql_real_escape_string to prevent sql injection
$query="SELECT * FROM `members` where `username` = '".mysql_real_escape_string($username)."'";
// added an or die clause to check for SQL errors
$result=mysql_query($query)or die(mysql_error());
// use of mysql_fetch_assoc to put user data into associative array
$user = mysql_fetch_assoc($result);
mysql_close();
?> <br /> <p></p>
Welcome back! Your details below: <br /><br />
<table border="1" cellspacing="2" cellpadding="5">
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>User Name</th>
<th>Email</th>
<th>Age</th>
</tr>
<?php
// removed unnecessary loop as i'd assume the username will only be in the database once
$firstname= $user['firstname'];
$lastname= $user['lastname'];
$username= $user['username'];
$email= $user['email'];
$age= $user['age'];
?>
<tr>
<td><? echo $firstname ?></td>
<td><? echo $lastname ?></td>
<td><? echo $username ?></td>
<td><? echo $email ?></td>
<td><? echo $age ?></td>
</tr>
</table>
Your code is not correct.
phpcs test.php
FILE: /tmp/test.php
--------------------------------------------------------------------------------
FOUND 4 ERROR(S) AND 1 WARNING(S) AFFECTING 4 LINE(S)
--------------------------------------------------------------------------------
2 | ERROR | Missing file doc comment
3 | ERROR | "include" is a statement, not a function; no parentheses are
| | required
3 | ERROR | File is being unconditionally included; use "require" instead
25 | ERROR | Short PHP opening tag used. Found "<?" Expected "<?php".
29 | WARNING | Inline control structures are discouraged
--------------------------------------------------------------------------------
$username=$_POST['username']; $email=$_POST['email'];
$query="SELECT * FROM members where username = '$username'";
Search stackoverflow for "sql injections" and maybe also for "prepared statements".
<td><? echo $firstname ?></td>
The same way your sql statement is prone to sql injections this line might be the cause for injections into your html code. Use <td><?php echo htmlspecialchars($firstname); ?></td> instead.
$email=$_POST['email'];
Why is that in there? You don't use $email again until $email=mysql_result($result, $i, 'email');. My guess is your original query tested for both the username and the email address?
$i = 0;
while ($i < $num) {
mysql_result($result, $i,
i++
...
How many members with the same username can there be in your database table? More than one? If not, why do you use the while loop?
$firstname=mysql_result($result, $i, 'firstname');
$lastname=mysql_result($result, $i, 'lastname');
$username=mysql_result($result, $i, 'username');
$email=mysql_result($result, $i, 'email');
$age= mysql_result($result, $i, 'age');
Instead of five calls to mysql_result() one call to mysql_fetch_array() would suffice. Speed is probably not an issue here but again it adds a tiny bit of complexity that seems unnecessary to me and when you use mysql_fetch_xyz() you only have one variable (an array or an object) to worry about instead of #columns variables
Related
I have a sidebar menu with links "approved users, pending users, and rejected users".
I need to implement this: when I click on approved users link in sidebar, the approved_users.php page should load with all users who are approved.
Similarly, I want to load pending users and need to approve or reject them using update query.
<?php
if(isset($_GET['approved'])){ ?>
<table>
<thead>
<tr>
<th>ID</th>
<th>Full Name</th>
<th>Phone</th>
<th>Email</th>
<th>Username</th>
<th>Password</th>
<th>Address</th>
<th>Role</th>
</tr>
</thead>
<?php
$query = "SELECT * FROM users WHERE status = 1 AND role != 'admin' ";
$resul = $db->query($query);
$num_row = $resul->num_rows;
if($num_row == 0){
echo "<tr><td class='info'>No record found.</td></tr>";
}else{
$count = 0;
while($row = $resul->fetch_assoc()){
$id = $row['id'];
$fullname = $row['fullname'];
$username = $row['username'];
$email = $row['email'];
$phone = $row['phone'];
$password = $row['password'];
$address = $row['address'];
$role = $row['row'];
$count++;
?>
<tr>
<td><?php echo $count ?></td>
<td><?php echo $fullname ?></td>
<td><?php echo $phone ?></td>
<td><?php echo $email ?></td>
<td><?php echo $username ?></td>
<td><?php echo $password ?></td>
<td><?php echo $address ?></td>
<td><span><?php echo $role ?></span></td>
</tr>
<?php
} // end of while
} // else end
} // Approved - if
}
?>
</table>
The tbody tag is missing which is causing the problem. Please add the tbody tag.
I have 4 columns in sqltable.
How can I update solution cell value to SQL table. Need to update value based on checkbox value as userid.
<?php
$result = mysql_query("SELECT * FROM `tbl_query`);
?>
<table id="t01" >
<thead>
<tr>
<th>User Id</th>
<th>Query</th>
<th>Solution</th>
<th>Date</th>
</tr>
</thead>
<tbody>
<?php
while( $row = mysql_fetch_assoc( $result ) ){
?>
<tr>
<td><?php echo $row['userid']; ?></td>
<td><?php eco $row['userquery']; ?></td>
<td contenteditable='true'><?php echo $row['solution']; ?></td>
<td><?php $row['querydate']; ?></td>
<td style='display:none;'><input type='checkbox' id='<?php echo $row['userid'];?>' name='check_list[]' value='<?php echo $row['userid']; ?>' checked /></td>
</tr>
<?php
}
?>
</tbody>
</table>
first of all, you should not use mysqlanymore since its deprecated. Use mysqli or pdo instead.
second, you are using double-quote at the beginning and single-quote at the end of your query.
and third: you forgot the singlequot in the [], thats not how you access an item from the array, you need $row['userid']
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
Code not working properly always shows the message fail.
function delete(){
$con = mysqli_connect("localhost","root","","rishita_db");
$sql="select * from 14_patientdetails";
$result=mysqli_query($con,$sql);
?>
<form method="post" action="">
<center>
<h1><u>Patient Details</u></h1>
<table border="1" style="font-family:Georgia;color:#800000;font-style:bold;">
<tr style="font-family:Georgia;color:green;font-style:bold;">
<th>#</th>
<th>Patient ID</th>
<th>Patient Name</th>
<th>DOB</th>
<th>Gender</th>
<th>Address</th>
<th>Phone No.</th>
<th>Medicare</th>
<th>Doctor Associated</th>
</tr>
<form method="post" action="">
<?php
while($row=mysqli_fetch_array($result))
{
$r=$row['patientId'];
?>
<tr>
<td><input type='checkbox' name='checkbox[]' id="checkbox" value=<?php echo $r; ?>></td>
<td><?php echo $row['patientId']; ?></td>
<td><?php echo $row['patientName']; ?></td>
<td><?php echo $row['DOB']; ?></td>
<td><?php echo $row['Gender']; ?></td>
<td><?php echo $row['Address']; ?></td>
<td><?php echo $row['Phone']; ?></td>
<td><?php echo $row['Medicare']; ?></td>
<td><?php echo $row['Doctor']; ?></td>
</tr>
<?php
}
?>
</table>
<table>
<tr>
<td colspan="5" align="center" bgcolor="#FFFFFF"><input name="del" type="submit" id="del" value="Delete"></td>
</tr>
</table>
</form>
<?php
if(isset($_POST["del"]))
{
if(isset($_POST["checkbox"]))
echo 'Enter';
$chk = isset($_POST['checkbox']);
$chkcount = count($chk);
for($i=0;$i<$chkcount;$i++){
$del=$chk[$i];
$sql1 = "DELETE FROM 14_patientdetails WHERE id='$del'";
$q = mysqli_query($con,$sql1);
}
if($q){
echo "Success";
}else{
echo 'Fail';
}
}
}
This is wrong:
$chk = isset($_POST['checkbox']);
$chkcount = count($chk);
for($i=0;$i<$chkcount;$i++){
$del=$chk[$i];
Now there are one too many mistakes, multiple <form> tags and a single closing </form>
I couldn't not edit your code on my phone so I will suggest the way to get along. I'm pretty sure you'll love it when you do it yourself.
Make a <td><input type = "checkbox" name = "checkbox" value = "<?php echo $r; ?>"/>Proceed</td> inside a while-loop something similar to your code while($row = mysqli_fetch_array($result))
In the end of the <form> make a <button> and redirect user to another page probably delete.php. Now, check its set;
if(isset($_POST['checkbox']
{
//foreach loop for your query
foreach($_POST['checkbox'] as $val)
{
// check what you're getting..
echo $val;
}}
You could also use a simple for-loop
If you want:
for($i = 0; $i <count($_POST['checkbox']; $i++)
{
// do your stuff..
}
Bottom line: try to differentiate your forms, queries and make a single loop to read from database and assign the values at the same time to your checkboxes.
This is what I have understood and tried to write from my phone,
please study mysqli/PDO to prevent SQL Injection/XSS.
I'm new to PHP and struck with a while loop. Please throw some lights here.
I'm showing some information related to books vs author vs isbn number.
There are two tables: book and author. The book name and ISBN number comes from book table. The author name comes from author table.
Here is my poor php code(please dont laugh)
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
$result1 = mysql_query("SELECT book_name FROM book where status='1'") or die(mysql_error());
$result2 = mysql_query("SELECT FName FROM author") or die(mysql_error());
$result3 = mysql_query("SELECT book_isbn_number FROM book where status='1'") or die(mysql_error());
?>
<table style="margin-top:40px" border="1" width="100%">
<tr style="background-color:#909F51">
<td>Book List</td>
<?php while($row1 = mysql_fetch_array( $result1 )) { ?>
<td><?php echo $row1['book_name']; ?></td>
<?php } ?>
</tr>
<?php while($row2 = mysql_fetch_array( $result2 )) { ?>
<tr>
<td><?php echo $row2['author_name']; ?></td>
<?php while($row3 = mysql_fetch_array( $result3 )) { ?>
<td><?php echo $row3['book_isbn_number']; ?></td>
<?php } ?>
</tr>
<?php } ?>
</table>
I'm not able to loop through the third while condition. I know the basic code structure is wrong.
Could someone help me out in getting the result.
Tables:
book
b_id
book_name
isbn_number
status
author
a_id
author_name
Expected Output:
<table width="100%" border="1">
<tr>
<td></td>
<td>Author Name 1</td>
<td>Author Name 2</td>
</tr>
<tr>
<td>Book Name 1</td>
<td>ISBN Number 1</td>
<td>ISBN Number 2</td>
</tr>
<tr>
<td>Book Name 2</td>
<td>ISBN Number 3</td>
<td>ISBN Number 4</td>
</tr>
</table>
You are using $row3['isbn_number'] when the column you are selecting is "book_isbn_number". Try changing that line to be <td><?php echo $row3['book_isbn_number']; ?></td>. The loops themselves, while using the old, deprecated mysql_* functions, should be working fine.
<td><?php echo $row3['isbn_number']; ?></td>
replace it with
<td><?php echo $row3['book_isbn_number']; ?></td>
$result3 = mysql_query("SELECT book_isbn_number FROM book where status='1'") or die(mysql_error());
Should be
$result3 = mysql_query("SELECT isbn_number FROM book where status='1'") or die(mysql_error());**
OR
<td><?php echo $row3['isbn_number']; ?></td>
Should be
<td><?php echo $row3['book_isbn_number']; ?></td>
Whichever fits your need
<?php
include "db.php";
$username=$_POST['username'];
$email=$_POST['email'];
$query="SELECT * FROM members where username = '".mysql_real_escape_string($username)."'";
$result=mysql_query($query)or die(mysql_error());
$user = mysql_fetch_assoc($result);
mysql_close();
?> <br /> <p></p>
Welcome back! Your details below: <br /><br />
<table border="1" cellspacing="2" cellpadding="5">
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>User Name</th>
<th>Email</th>
<th>Age</th>
</tr>
<?php
$firstname= $user['firstname'];
$lastname= $user['lastname'];
$username= $user['username'];
$email= $user['email'];
$age= $user['age'];
?>
<tr>
<td><? echo $firstname ?></td>
<td><? echo $lastname ?></td>
<td><? echo $username ?></td>
<td><? echo $email ?></td>
<td><? echo $age ?></td>
</tr>
</table>
guys, i use this code to display the user's details, BUT STILL its not displaying the records.
what's wrong with this code? hmm... there's no error, but its not working.
:'(
Try adding an echo(mysql_error()) to see if there's a MySQL error beyond just a bad query.
Try adding a loop like this below replacing the single record set with multiple. Also check your query and see if it's correct.
<?php
include "db.php";
$username=$_POST['username'];
$email=$_POST['email'];
$query="SELECT * FROM members where username = '".mysql_real_escape_string($username)."'";
$result=mysql_query($query)or die(mysql_error());
//$user = mysql_fetch_assoc($result);
?>
<br /> <p></p>
Welcome back! Your details below: <br /><br />
<table border="1" cellspacing="2" cellpadding="5">
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>User Name</th>
<th>Email</th>
<th>Age</th>
</tr>
<?php
while($user=mysql_fetch_array($result))
{
echo '<tr>';
echo '<td>'.$user['firstname'].'</td>
<td>'.$user['lastname'].'</td>
<td>'.$user['username'].'</td>
<td>'.$user['email'].'</td>
<td>'.$user['age'].'</td>';
echo '</tr>';
}
mysql_close();
?>
</table>
Put error_reporting(~0) at the very top to make sure you get reports on everything going less than perfect. Do a print_r($_POST) to make very sure you get in $_POST what you think you are getting.
If you then still haven't found the problem, provide more context! (like: script output)
(btw: you should echo htmlspecialchars($user[...]); or people can put very nasty stuff in there.)
And make sure you have "short_open_tag = On" in your php.ini, or use
<?php
instead of
<?
everywhere!