<?php
echo "Hello test <br>";
$userid = $_GET['userid'];
echo "your user userid is " . $userid . " &";
$salt = $_GET['salt'];
echo " your user salt is " . $salt;
// Query for finding the data from db
// Issue in query
$sql = "SELECT * FROM test.test where id=" .$userid AND "salt=".$salt;
echo "<br>" . $sql;
$result = $conn->query($sql);
if (!empty($result))
{
echo "<br>Result Found";
}
else
{
echo "<br> Invalid link !";
}
// }
?>
My Query is not working properly. If I reduce my query to id=".$userid it works properly but if I add remaining portion its not working.
The $sql line should be:
$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id=".$userid." AND salt=".$salt;
$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id = $userid AND salt = $salt";
Try it.
$sql = "SELECT * FROM sauberlux_com.tbl_b2cuser where id = $userid AND salt = '$salt' ";
Also you can refer here for sql injection
Related
I want to fetch data with AM/PM format, but before that, i need to choose a database to make this.
$event_name='database_name';
I also using INNER JOIN .
Can anybody know how to format time in this case?
$event_name='database name';
$conn = mysqli_connect($servername, $username, $password);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());}
$sql = "SELECT $event_name.student_login.LOG_IN, $event_name.student_login.TIME_FORMAT(LOG_IN,"%r"), event_attendance.student_data.* FROM event_attendance.student_data
inner JOIN $event_name.student_login ON $event_name.student_login.SERIAL = event_attendance.student_data.SERIAL order by $event_name.student_login.LOG_IN DESC";
//using (SERIAL)
$result = mysqli_query($conn, $sql);
$i = 1;
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo "<td width='2'><center><B>".$i; $i++; echo"</B></center></td>";
echo "<td>" . $row["ID"]."</td>";
echo "<td>" . $row["LASTNAME"].", ". $row["FIRSTNAME"]." ". $row["MIDDLENAME"]."."."</td>";
echo "<td><center>" . $row["COURSE"]."</center></td>";
echo "<td><center>" . $row["YEAR"]."</center></td>";
echo "<td><center>" . $row["LOG_IN"] ."</center></td>";
echo "<td><center>" . $row["DATE"]."</center></td><tr>";
}
}
my code didn't work with this.
$event_name.student_login.TIME_FORMAT(LOG_IN,"%r")
TIME_FORMAT is an in-built MYSQL function and not a function of the table $event_name.student_login so using $event_name.student_login.TIME_FORMAT(LOG_IN,"%r") is wrong
Secondly, your query is in double quotes so you cannot directly use another double quote in the query string. So you need to change $event_name.student_login.TIME_FORMAT(LOG_IN,"%r") to TIME_FORMAT($event_name.student_login.LOG_IN, '%r')
Try this
$sql = "SELECT $event_name.student_login.LOG_IN, TIME_FORMAT($event_name.student_login.LOG_IN, '%r'), event_attendance.student_data.* FROM event_attendance.student_data inner JOIN $event_name.student_login ON $event_name.student_login.SERIAL = event_attendance.student_data.SERIAL order by $event_name.student_login.LOG_IN DESC";
or the cleaner version using alias
$sql = "SELECT sl.LOG_IN, TIME_FORMAT(sl.LOG_IN, '%r'), sd.* FROM event_attendance.student_data sd inner JOIN $event_name.student_login sl ON sl.SERIAL = sd.SERIAL order by sl.LOG_IN DESC";
hope somone can help me - I have this code:
$query = "SELECT * FROM `products` WHERE `category` = 100 AND `showme` = 1 `ORDER BY `nr` ASC";`
$result = mysql_query($query);
while($row = mysql_fetch_object($result)){
echo '<div class="'.$row->design.'">
<img src="'.$row->img.'" width="100%"><br>
<span><b>'.$row->name.'</b></span><br><span>'.$row->descr.'</span><br />
<span>'.$row->preprice.' </span><span>'.$row->price.'</span><span> '.$row->unit.'</span></div>
';
}
It displays like this: http://gartenundhof.de/gartenundhof-produkte5.php
It should look about like:http://gartenundhof.de/gartenundhof-produkte.php (which has 3 separate queries)
"SELECT * FROM 'products' ORDER BY 'category' ASC";
Try this
You can try it:
$query = "SELECT * FROM `products` WHERE `showme` = 1 `ORDER BY category,`nr` ASC";
$result = mysql_query($query);
$category = -1;
while($row = mysql_fetch_object($result)){
if($category != $row->category) {
$category = $row->category;
eho "<h2>$category</h2>";
}
echo '<div class="'.$row->design.'">
<img src="'.$row->img.'" width="100%"><br>
<span><b>'.$row->name.'</b></span><br><span>'.$row->descr.'</span><br />
<span>'.$row->preprice.' </span><span>'.$row->price.'</span><span> '.$row->unit.'</span></div>';
}
Assuming you have 2 tables Products and Categories:
$categories_query = "SELECT * FROM categories ORDER BY id ASC";
$categories = mysql_query($categories_query);
while($category = mysql_fetch_object($categories)) {
echo "Category: " . $category->name . "<br />";
$products_query = "SELECT * FROM products WHERE category_id = " . $category->id . " AND showme = 1 ORDER BY nr ASC";
while($product = mysql_fetch_object($products_query)) {
echo "Product: " . $product->name . "<br />";
}
}
I'm trying to get the mySQL update to work below and there's no console error but it doesn't reflect any changes I have made to the database.
Please let me know if i miss out anything.
Appreciate it very much.
table 1: nmc_cd
table 2: nmc_category
table 3: nmc_publisher
In this update php, it gets the values from the previous php and update the table.
<?php
header('Content-type: text/html; charset=iso-8859-1');
include 'database_conn.php'; // make db connection
$pCDTitle = filter_has_var(INPUT_GET, 'CDTitle') ? $_GET['CDTitle']: null; // store all parameter in variable
$pCDPubName = filter_has_var(INPUT_GET, 'CDPub') ? $_GET['CDPub']: null;
$pCDYear = filter_has_var(INPUT_GET, 'CDYear') ? $_GET['CDYear']: null;
$pCDCategory = filter_has_var(INPUT_GET, 'CDCat') ? $_GET['CDCat']: null;
$pCDPrice = filter_has_var(INPUT_GET, 'CDPrice') ? $_GET['CDPrice']: null;
$pCDID = filter_has_var(INPUT_GET, 'CDID') ? $_GET['CDID']: null;
$pCDPubID = filter_has_var(INPUT_GET, 'pubID') ? $_GET['pubID']: null;
$sql = "UPDATE nmc_cd "
. "SET nmc_cd.CDTitle='$pCDTitle',nmc_cd.CDYear='$pCDYear',nmc_cd.CDPrice='$pCDPrice',nmc_cd.catID='$pCDCategory',nmc_cd.pubID='$pCDPubName'"
. "WHERE nmc_cd.CDID='$pCDID'";
if ($conn->query($sql) === TRUE) {
echo "<b><font face='verdana' font sise='3' color='red'>Record updated successfully</font></b>";
$sql = "SELECT * FROM nmc_cd "
. "JOIN nmc_category ON (nmc_cd.catID = nmc_category.catID)"
. "JOIN nmc_publisher ON (nmc_cd.pubID = nmc_publisher.pubID)"
. "WHERE nmc_cd.CDID = '$pCDID'"; //Query Database
$result = mysqli_query($conn, $sql);
$row = mysqli_fetch_assoc($result);
$CDID = $row['CDID'];
$CDTitle = $row['CDTitle'];
$CDYear = $row['CDYear'];
$CDPrice = $row['CDPrice'];
$catDesc = $row['CDCat'];
$pubName = $row['CDPub'];
$location = $row['location'];
echo "<table>";
echo "<tr><th>Title</th><th>Year</th><th>Price</th><th>Catergory</th><th>Publisher</th><th>Location</th></tr>";
echo "<tr><td>".$row["CDTitle"]."</td><td> ".$row["CDYear"]."</td><td> ".$row["CDPrice"]."</td><td> ".$row["CatCD"]."</td><td> ".$row["CatPub"]."</td><td> ".$row["location"]."</td></tr>"; //Display Data Table Data
echo "</table";
mysqli_close($conn);
} else {
echo "<b><font face='verdana' color='red'>Error updating record!!!</font></b>" . $conn->error;
}
?>
I have the following code on a .php page and I want to display it inside a table and only show the last 10 entries
<?php
$servername = "localhost";
$username = "";
$password = "";
$dbname = "";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM dispenses";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<br> Amount: " . $row["amount"] . " - Time Dispensed: ". $row["dispensed"] . "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
You could store all the results in an array and subsequently display only last 10 elements of that array.
while($row = $result->fetch_assoc()) {
$results[] = $row;
}
for($i = count($results)-10; $i < count($results); $i++){
echo "<br> Amount: " . $results[$i]["amount"] . " - Time Dispensed: ". $results[$i]["dispensed"] . "<br>";
}
You can limit the number of results with LIMIT:
$sql = "SELECT * FROM dispenses LIMIT 10";
You can choose an offset as well. Check documentation for more.
p.s.: so in order to get last x entries using order by y use:
$sql = "SELECT * FROM (SELECT * FROM dispenses ".
"ORDER BY y DESC LIMIT 10) AS intermediate ORDER by y ASC";
Check this Fiddle to see how it works. I select the last three records based on id or insert date. I forgot to define an alias in the statement above. This is fixed now. Hope it helps ....
Here is my double-minded query:
$Quest = "SELECT * FROM TOAWorkorders";
$FindTechResult = mysql_query($Quest, $cxn)
or die ('The easter bunny is watching you' . mysql_error());
while ($row = mysql_fetch_array($FindTechResult))
{
if (strpos($BBT, 0, 3) != 'Sys')
{
$IdNum = $row['IdNum'];
$BBT = $row['BBT'];
$BBTArray = explode("-", $BBT);
$TechNum = $BBTArray["0"];
$Title = $BBTArray["2"];
$Name = explode(" ", $BBTArray['1']);
$FirstName = $Name["0"];
$LastName = $Name["1"];
}
echo $TechNum . ' !! ' . $FirstName . ' !! ' . $LastName . ' !! ' . $Title . '<br>';
$Quest = "UPDATE TOAWorkorders SET TechNum = '$TechNum', FirstName = '$FirstName', LastName = '$LastName', Title = '$Title' WHERE IdNum = '$IdNum'";
$result = mysql_query($Quest, $cxn) or die(mysql_error());
}
Everything works for about 2/3s of the database. That leaves 33,000 rows that are not updated. I cannot find any difference between the data that works and the data that doesn't.
Since you're doing an UPDATE, and you say the rest of the code works (meaning, I hope, that you get 109,112 echo'ed results), it must be that the ID isn't being found (WHERE IdNum = '$IdNum').
Try preceding that command with "SELECT COUNT(*) from TOAWorkorders WHERE IdNum = '$IdNum'" and see if you get 33,000 zeros when the program runs. If you do, then you have missing IdNum values in your table.
If you don't, please provide details and I'll let you know.