This is the last thing I'm gonna do, after I can make this work, I can produce to designing which might be a lot easier. Thanks for all your help.
I want to list a record from mysql using php by typing a query in the text box. Then the program will list all the records that has that element, for example address.
Here is my code:
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("koro", $con);
\\what will I put in the WHERE ADDRESS="?
$result = mysql_query("SELECT * FROM students WHERE ADDRESS=");
echo "<table border='1'>
<tr><th>Firstname</th>
<th>Lastname</th></tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['IDNUMBER'] . "</td>";
echo "<td>" . $row['LNAME'] . "</td>";
echo "<td>" . $row['FNAME'] . "</td>";
echo "<td>" . $row['MNAME'] . "</td>";
echo "<td>" . $row['GRADEYR'] . "</td>";
echo "<td>" . $row['ADDRESS'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
The listform.html:
<html>
<head>
<form action="list.php" method="post">
address:<input type="text" name="grup" value="" /><br/>
<input type="submit" name="List" value="" /><br/>
</form>
</head>
</html>
\what will I put in the WHERE ADDRESS="?thanks
You will find the value in the $_POST[] array.
$result = mysql_query("SELECT * FROM students WHERE ADDRESS = '{$_POST["grup"]}'");
This approach can be dangerous though - you'll want to also sanitize your $_POST[] data against SQL injection attacks - of which there are plenty of tutorials available.
$_POST['grup'] will contain the value in the field when posted.
Then do something like:
$result = mysql_query(sprintf("SELECT * FROM students WHERE ADDRESS='%s'", mysql_real_escape_string($_POST['grup'], $con)));
If you dont escape the POST value with sprintf and mysql_real_escape_string you can be targeted by SQL injection attacks.
http://en.wikipedia.org/wiki/SQL_injection
Related
The first part of the code, where the id is fetched from another sheet works fine and the data from while($row = mysqli_fetch_assoc($result)) are returned correctly. What I'm trying to do though is put this data in each input value by doing this <input name="visitingdate" type="date" value="<?=$row['visitingdate']?>">. I'm getting this error: "Notice: Trying to access array offset on value of type null in "Directory" on line "line"." This is what I've got so far:
<?php
require('config.php');
$id=$_REQUEST['id'];
$query = "SELECT * from records where id='".$id."'";
$result = mysqli_query($link, $query) or die ( mysqli_error());
while($row = mysqli_fetch_assoc($result))
{
echo "<tr>";
echo "<td>" . $row["visitingdate"]. "</td>";
echo "<td>" . $row["department"] . "</td>";
echo "<td>" . $row["visitingreason"]. "</td>";
echo "<td>" . $row["importance"]. "</td>";
echo "<td>" . $row["visitorname"]. "</td>";
echo "<td>" . $row["company"]. "</td>";
echo "<td>" . $row["internalrecipientname"]. "</td>";
echo "<td>" . $row["visitinglocation"]. "</td>";
echo "<td>" . $row["ETA"]. "</td>";
echo "<td>" . $row["ETD"]. "</td>";
echo "<td>" . $row["HRverification"]. "</td>";
echo "<td>" . $row["visitcompleted"]. "</td>";
}
?>
<!DOCTYPE html>
<html>
<body>
<form action="records.php" method="post">
<br><br><br>
Visiting Date<br><input name="visitingdate" type="date" value="<?=$row['visitingdate']?>"><br><br>
Department <br><input name="department" type="text" value="<?=$row['department']?>"><br><br>
Visiting Reason<br><input name="visitingreason" type="text" value="<?=$row['visitingreason']?>"><br><br>
Importance<br><input name="importance" type="text" value="<?=$row['importance']?>"> <br><br>
Visitor Name<br><input name="visitorname" type="text" value="<?=$row['visitorname']?>"><br><br>
Company<br><input name="company" type="text" value="<?=$row['company']?>"><br><br>
Internal Recipient Name<br><input name="internalrecipientname" type="text" value="<?=$row['internalrecipientname']?>"><br><br>
Visiting Location<br><input name="visitinglocation" type="text" value="<?=$row['visitinglocation']?>"><br><br>
ETA<br><input name="ETA" type="time" value="<?=$row['ETA']?>"><br><br>
ETD<br><input name="ETD" type="time" value="<?=$row['ETD']?>"><br><br>
HR Verification<br><input name="HRverification" type="checkbox" value="<?=$row['HRverification']?>"><br><br>
Visit Completed<br><input name="visitcompleted" type="checkbox" value="<?=$row['visitcompleted']?>"><br><br>
<input name="submit1" type="submit" value="Update">
</form>
<?php
?>
</body>
</html>
The problem is you're trying to access data which is never defined outside the loop.
The varialbe you're trying to access $row will work within the loop only.
To achieve what you want you need to define a variable outside the loop and than set the value of variable in loop.
For example, below sharing an example with one input, for rest you can do the same or tweak around as per your need :
<?php
require('config.php');
$id=$_REQUEST['id'];
$query = "SELECT * from records where id='".$id."'";
$result = mysqli_query($link, $query) or die ( mysqli_error());
$visitingdate = "";
while($row = mysqli_fetch_assoc($result))
{
echo "<tr>";
echo "<td>" . $row["visitingdate"]. "</td>";
$visitingdate = $row["visitingdate"];
}
?>
<!DOCTYPE html>
<html>
<body>
<form action="records.php" method="post">
<br><br><br>
Visiting Date<br><input name="visitingdate" type="date" value="<?=$visitingdate?>"><br><br>
<input name="submit1" type="submit" value="Update">
</form>
<?php
?>
</body>
</html>
I hope this will help you. Thank you.
FYI: Your code is vulnerable to SQL Injection, please write safe code. Provided solution for the requested code in case for learning beginner purpose.
I'm trying to use form processing to make a specific database query. I set the form to $name and am trying to process $sql = "SELECT * FROM quotes WHERE qSymbol = $name ORDER BY qQuoteDateTime DESC"
What is the best way to do this?
<form action="post.php" method="post">
<span></span><input type = "text" value=" " name="boxy" />
<br/><input type="submit" name="submit" value="Enter" />
</form>
<?php
$name = $_POST['boxy'];
if(isset($_POST['boxy'])){
error_reporting(E_ALL ^ E_DEPRECATED);
$con = mysql_connect('...');
if (!$con){
die("Cannot connect : " . mysql_error());
}
mysql_select_db('quotesdb',$con);
$sql = "SELECT * FROM quotes WHERE qSymbol = '$name' ORDER BY qQuoteDateTime DESC";
$myData = mysql_query($sql,$con);
echo "<table border = 1>
<tr>
<th>Data</th>
<th>Last</th>
<th>Change</th>
<th>% Chg</th>
<th>Volume</th>
</tr>";
while ($record = mysql_fetch_array($myData)){
echo "<tr>";
echo "<td>" . $record['qQuoteDateTime'] . "</td>";
echo "<td>" . $record['qLastSalePrice'] . "</td>";
echo "<td>" . $record['qNetChangePrice'] . "</td>";
echo "<td>" . $record['qNetChangePct'] . "</td>";
echo "<td>" . $record['qShareVolumeQty'] . "</td>";
echo "</tr>";
echo "</table>";
mysql_close($con);
}
You will still need single quotes around the variable unless it's a number
$sql = "SELECT * FROM quotes WHERE qSymbol = '$name' ORDER BY qQuoteDateTime DESC";
I've been trying to display the image I uploaded into the db using a simple insertform. I've only been able to retrieve the image-name into the "data-file", what I'm wondering is how can I easily display the image in the same form location instead of the image-name?
This is my result at this moment, as you can see I've only added an image to one of the inserts, and I would like to change the "footer.jpg-name" with the image displayed here.
<html>
<head>
</head>
<body>
<form action="insertform.php" method="post">
Topic: <input type="text" name="topic"><br />
Name: <input type="text" name="name"><br />
Attendance: <input type="text" name="attendance"><br />
Image: <input type="file" name="image"><br />
<input type="submit" name="submit">
</form>
<?php
if (isset($_POST['submit'])){
$con = mysql_connect("localhost","username","password");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("testingisfun",$con);
$sql = "INSERT INTO Lectures (Topic,Name,Attendance,Image) VALUES ('$_POST[topic]', '$_POST[name]', '$_POST[attendance]', '$_POST[image]')";
mysql_query($sql,$con);
mysql_close($con);
}
?>
</body>
</html>
Heres the "data-file".
<html>
<head>
</head>
<body>
<?php
$con = mysql_connect("localhost","username","password");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("testingisfun",$con);
$sql = "SELECT * FROM lectures";
$myData = mysql_query($sql,$con);
echo "<table border = 1>
<tr>
<th>Topic</th>
<th>Name</th>
<th>Attendance</th>
<th>Image</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<tr>";
echo "<td>" . $record['Topic'] . "</td>";
echo "<td>" . $record['Name'] . "</td>";
echo "<td>" . $record['Attendance'] . "</td>";
echo "<td>" . $record['Image'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
</body>
</html>
Thanks for any sort of feedback!
Try this
echo "<td><img src='/{$record['Image']}'>" . $record['Image'] . "</td>";
I took this answer from linked answer that I had put in comments. There are other alternatives also provided for this problem.
echo "<td>" . $record['Image'] . "</td>";
replace with
echo "<td><img src=\"data:image/jpeg;base64,"" . base64_encode( $record['Image'] ) . "/></td>";
You are storing images in DB and while fetching it is giving you image data that is raw so to display images from data you can use this method.
This wont help in caching but it will solve the problem.
I'm having an issue trying to update multiple entries in my database via a php populated drop down menu. Here is the code on my page that populates the table showing me all entries currently in my database:
$result = mysqli_query($con,"SELECT * FROM Submissions");
echo "<table border='1'>
<tr>
<th>First name</th>
<th>Last name</th>
<th>Email</th>
<th>Title</th>
<th>Text</th>
<th>Public Post OK?</th>
<th>Date/Time Submitted</th>
<th>Approved?</th>
<th>Test Approved</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['fname'] . "</td>";
echo "<td>" . $row['lname'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['title'] . "</td>";
echo "<td>" . nl2br($row['text']) . "</td>";
echo "<td>" . $row['publicpost'] . "</td>";
echo "<td>" . $row['time'] . "</td>";
echo "<td><select name=\"approved\"><option value=\"" . $row['approved'] . "\">" . $row['approved'] . "</option><option value=\"yes\">Yes</option><option value=\"no\">No Again</option></select></td>";
echo "<td>" . $row['approved'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
<br><br>
<form action="update.php" method="post">
<input type="submit" name="SubmitButton" value="Update" class="submit" style="cursor:pointer;">
</form>
<?php
mysqli_close($con);
?>
This is the php code for "update.php":
$approved = $_POST['approved'];
mysqli_query($con,"UPDATE Submissions SET approved = $approved");
$update_query= "UPDATE Submissions SET approved = '$approved'";
if(mysqli_query($con,$update_query)){
echo "updated";}
else {
echo "fail";}
?>
<form action="approvesubmissions.php">
<input type="submit" value="Approve Submissions page">
</form>
The goal is to have the ability to update the field "approved" with a drop down menu from "NO" to "YES" or vice versa. Instead, what is happening with this query, is that it is erasing the data in the "approved" field instead of updating it. I'm somewhat new to php and i have researched a TON on this and have come up with no solutions. Any help is GREATLY appreciated!
First, let's assume 'approved' is a TINYINT(1) or something.
Your select html should be more like this. It will autofill based on the DB value.
$selected = 'selected="selected"'; // pre-selection attribute
$isApproved = !!$row['approved']; // is this active? (approved is 1 or 0)
echo '<select name="approved">
<option value="1" ' . ($isApproved ? $selected : '') . '>Yes</option>
<option value="0" ' . (!$isApproved ? $selected : ''). '>No</option>
</select>';
Secondly, your form is at the bottom of the table, but your input that you want is in the table. When you submit your form, there is no $_POST['approved'], because that's technically not in a form. To fix, you'll need to put your opening form tag at the top before the table. Then, you'll want to put your submit button and closing form tag at the end, after you've echoed the table out.
Thirdly, your post.php page should NOT ever take user input directly into a query. But, simply do this:
// Convert input to boolean answer, then int (for the query).
$approved = isset($_POST['approved']) ? (int)!!$_POST['approved'] : 0;
mysqli_query($con,"UPDATE Submissions SET approved = '$approved'");
While we're on the topic, this would be a great time to jump into prepared statements for your project. It might sound scary, but it can save you from SQL injection.
// Make the prepared statement
$query = mysqli_prepare("UPDATE Submissions SET approved = ?");
// Safely bind your params
mysqli_stmt_bind_param($query, "i", $approved);
// Run it
mysqli_stmt_execute($query);
// "close" the statement (hint: it's reusable for things like bulk updates, etc)
mysqli_stmt_close($query);
I have this code for listing mysql records and putting it into a table according to the address inputted. My problem is, how to do just the same but this time, making use of textboxes to project the contents of the record corresponding to the same data inputted.
I'm just a beginner with no talent. Maybe you could give me some idea on how to do it.
mysql_select_db("hospital", $con);
$result = mysql_query("SELECT * FROM t2 WHERE ADDRESS='{$_POST["address"]}'");
echo "<table border='1'>
<tr>
<th>HospNum</th>
<th>RoomNum</th>
<th>LastName</th>
<th>FirstName</th>
<th>MidName</th>
<th>Address</th>
<th>TelNum</th>
<th>Nurse</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['HOSPNUM'] . "</td>";
echo "<td>" . $row['ROOMNUM'] . "</td>";
echo "<td>" . $row['LASTNAME'] . "</td>";
echo "<td>" . $row['FIRSTNAME'] . "</td>";
echo "<td>" . $row['MIDNAME'] . "</td>";
echo "<td>" . $row['ADDRESS'] . "</td>";
echo "<td>" . $row['TELNUM'] . "</td>";
echo "<td>" . $row['NURSE'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
As a suggestion, I do not think displaying the values inside of a textbox is the best idea. With that being said, you achieve your results by performing the following
while($row = mysql_fetch_array($result)) {
echo "<input type=\"text\" value='" . $row['HOSPNUM'] . "'><br />";
echo "<input type=\"text\" value='" . $row['ROOMNUM'] . "'><br />";
....
}
You would need to escape the " inside of the text boxes by using PHP's escape special character \
You need to search from your present tables and use AJAX to notify the user.
I would suggest you look into a framework in PHP which would help you a LOT since you are just starting your projects. List of frameworks can be found at http://www.phpframeworks.com/
As far as i could understand your question, you want to retrieve data from mysql based on the input of the text boxes. This is how you can go about it:
<form action="yourpage.php">
<input type="text" name="text1">
<input type="text" name="text2">
<input type="text" name="text3">
</form>
Now you can retrieve data from mysql using where clause.
select * from table where text1 = 'text1' and text2 = 'text2' and text3 = 'text3'
Note: You need to change the names in form and query as per your requirement.