Is there a way that i can escape >, I have a combo box which has an option below. I tried replacing > with > but it's still not uploading properly.
<select name="Category3" id="Category3">
<option value="Request |Running > 1 hour">Request |Running > 1 hour</option>
What it should upload is just Request |Running > 1 hour
but what is being uploaded is: Request |Running > 1 hour 1 hour' />
i dont know where its getting the other 1 hour' />
i tried removing the > and it just uploaded Request |Running 1 hour without the excess 1 hour' /> but i need it for consistency
here is the php code that im using to upload to db
<?php
error_reporting(0);
require 'include/DB_Open.php';
$Category3 = mysql_real_escape_string ($_POST['Category3']);
if (isset($ABC))
{
$sql="INSERT into XXX category_2
VALUES ('".$Category3."')";
$result=mysql_query($sql)or die(mysql_error());
}
?>
here is my code for retrieving the data
$sql="SELECT category_2
FROM XXX
WHERE resolved_date BETWEEN '" . $date . "' AND '" . $date1 . "'
ORDER BY resolved_date";
$myData = mysql_query($sql);
//to count if there are any results
$numrow = mysql_num_rows($myData);
if($numrow == 0)
{
echo "No results found.";
}
else
{
echo "$numrow";
}
{
echo "<table width='auto' cellpadding='1px' cellspacing='0px' border=1 align='center'>
<tr>
<th align='center'><strong>Category 3</strong></th>
</tr>";
while($info = mysql_fetch_array($myData))
{
echo "<form action='retrieve.php' method='post'>";
echo"<tr>";
echo "<td align='center'>" . $info['category_2'] . "<input type=hidden name=category_2 value=" . $info['category_2'] . "' /> </td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";
Whenever you're displaying text that might include special HTML characters, you should use htmlentities() to encode it properly, so these characters don't cause the HTML to be misparsed (or worse, allow script injection).
$cat2 = htmlentities($info['category_2']);
echo "<td align='center'>" . $cat2 . "<input type='hidden' name='category_2[]' value='" . $cat2 . "' /> </td>";
You also were missing the ' after value=. I've added that (and quotes around all the other attributes).
Since you're creating multiple inputs with the same name, you need to give them an array-style name so that the server script can get all the values. $_POST['category_2'] will be an array.
Related
This is my pagination program :
if(isset($_POST['view']))
{
$per_page = 20;
if(isset($_GET['page'])) {
$page = $_GET['page'];
} else {
$page = 1;
}
$start = $per_page * $page;
$start = $start - $per_page;
if(isset($_GET['seller']) ) {
$seller = $_GET['seller'];
} else {
$seller = ($_POST['seller']);
}
echo $seller."_".$start;
$query = "SELECT Kala.mark ,Kala.sharhe_kala, Kala_forooshande.date From Kala Join Kala_forooshande ON Kala.id_kala=Kala_forooshande.id_kala WHERE Kala_forooshande.id_forooshande=(SELECT id_forooshande From Forooshande where forooshande='". $seller ."') LIMIT $start , $per_page";
$result = mysqli_query($db,$query);
$query2 = "SELECT COUNT(*) as total FROM Kala Join Kala_forooshande ON Kala.id_kala=Kala_forooshande.id_kala WHERE Kala_forooshande.id_forooshande=(SELECT id_forooshande From Forooshande where forooshande='". $seller ."')";
$result2 = mysqli_query($db,$query2);
if ($result->num_rows > 0) {
echo " <form method='post' enctype='multipart/form-data'>
<table class='blueTable'><thead><tr><th>شماره</th><th>شرح کالا</th><th>مارک</th><th>تاریخ</th></tr></thead>";
while ($row = $result->fetch_assoc()) {
$tarikh=gregorian_to_jalali((substr($row["date"],0,4)),(substr($row["date"],5,2)),(substr($row["date"],8,2)));
$j=$start++;
echo "<tr><td>" . $j . "</td><td>" . $row["sharhe_kala"] . "</td><td>" . $row["mark"] . "</td><td>" .$tarikh[0]."-".$tarikh[1]."-".$tarikh[2] . "</td></tr>";
}
echo "</table></form> ";
$total = mysqli_fetch_assoc($result2);
$total_page = (ceil($total['total'] / $per_page));
echo "<table class='pagination'>";
$prev = $page - 1;
if ($page <= 1) {
echo "
<td> << </td>
";
} else {
echo "
<td> << </td>
";
}
for ($i = 1; $i <= $total_page; $i++) {
if ($i == $page) {
echo "
<td class='active'>$i</td>";
} else {
echo "
<td>" . $i . "</td>";
}
}
$next = $page + 1;
if ($page >= $total_page) {
echo "
<td>>></td>
";
} else {
echo "
<td> >></td>
";
}
echo "</table>";
}
}
The problem is when the user click on page 2 , the <a> tag sends <a href=\"?page=" . $i . "&seller=".$seller."\">" to see the page number 2 , but it doesn't work because of the if clauseif(isset($_POST['view']) at the begining
So it just works for first page which the view button is clicked .
Is it possible to send button value in the link to simulate on button click event ?
Based on your comment on the question:
i want to be shown only if user click on view button
Then you want more view buttons. Replace your links with their own forms which post the values your server-side code expects. So instead of this:
echo "
<td>" . $i . "</td>";
You might have something like this:
echo "
<td>
<form method=\"post\">
<input type=\"hidden\" name=\"page\" value=\"" . $i "\" />
<input type=\"hidden\" name=\"seller\" value=\"" . $seller "\" />
<input type=\"submit\" name=\"view\" value=\"" . $i "\" />
</form>
</td>";
You can use CSS to style your buttons to look like links if you prefer. Tools like Boostrap make that very easy, just adding classes like "btn btn-link" to any clickable element for example.
But ultimately if you want your links to submit a form them make them forms.
I have a MySql database online for transcriptions of document images. Those images are located on another website. I want to include the link to the actual image in the database so that the person researching can click the link and go directly to the image.
I have done the following:
Created a column named IMAGE
In my excel spreadsheet that will be uploaded via ODBC to PhpMyAdmin for my datbase, i have included the IMAGE
When the file is uploaded via ODBC, I can see the link in the Table on PhpMyAdmin for my database.
I have also included the IMAGE column to be shown on my results page and the column does appear.
But the hyperlink does NOT appear at all on the results page for any entry that has a link in the Image column so there is nothing to click on to go directly to the image
What am I doing wrong?
I wrote this up quickly to try and help you out. You will need to change DBHOST, DBUSERNAME, yourtablename etc to your databases information.
<?php
$con=mysqli_connect("DBHOST","DBUSERNAME","DBPASSWORD","DBNAME");
$result = mysqli_query($con,"SELECT * FROM 'yourtablename'");
echo "<table border='1'>
<tr>
<th>Notes</th>
<th>Image</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['NOTES'] . "</td>";
echo "<td>" . $row['IMAGE'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
Edit: Here is an alternate solution that will put the link formatting in for you.
I wrote this up quickly to try and help you out. You will need to change DBHOST, DBUSERNAME, yourtablename etc to your databases information.
<?php
$con=mysqli_connect("DBHOST","DBUSERNAME","DBPASSWORD","DBNAME");
$result = mysqli_query($con,"SELECT * FROM 'yourtablename'");
echo "<table border='1'>
<tr>
<th>Notes</th>
<th>Image</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['NOTES'] . "</td>";
echo "<td><a href='" . $row['IMAGE'] . "'>Link</a></td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
I am trying to do a query and update that query on a same page by using form but the problem is I have to submit form twice to get it updated. This code is ported from my last mysql project. My last project was search then query then update. This one is query then update. I can't see why form doesn't get variable to it on first click. Still learning PDO. Please point me to a right direction. Thank you.
require_once ('control/control.php');
$db = db_connect ();
$stmt = $db->query("SELECT * FROM offsite_inventory WHERE category != '' ORDER BY FIELD(category,'Sparkling Wine','Rose Wine','Riesling Magnum 1.5L','Riesling Magnum 3L','Austrian Riesling','Austrian Gruner','Trocken','Kabinett','Spatlese','Auslese','Chardonnay USA','Chardonnay France','Chablis','White Wine 1','White Wine 2','Pinot Noir 2','Pinot Noir 1','Cabernet And Bordeau','Red Wine 1','Red Wine 2','Red Wine 3','Red Wine 4','Rhone Valley Red')");
while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo "<tr><td width=\”50\">" . $row['code'] . "</td>
<td width=\"380\">" . $row['name'] . "</td>
<td width=\"50\" align=\"center\">" . $row['instock_resto'] . "</td>
<td width=\"50\" align=\"center\">" . $row['instock_home'] . "</td>
<td width=\"100\"><form style='display:inline!important; width:10px!important;' name='inventory' method='post' action='" . $PHP_SELF . "?id=" . $row['id'] . "&instock_home=" . $row['instock_home'] . "&name=" . $row['name'] . "'>
<table width='1' border='0' align='center' style='margin-right:auto; margin-left:auto;'>
<tr>
<td valign='middle'>
<label><input style='display:inline!important; width:25px!important;' type='number' name='instock_home'/></label></td>
<td>
<input style='display:inline!important; width:100px!important; padding:3px 0px;' type='submit' name='instock_home2' value='update stock' /></td></tr></table>
</form>";
echo "</td></tr>";
}
require_once ('control/control.php');
$conn = db_connect ();
$instock_home = $_POST['instock_home'];
$id = $_GET['id'];
$name = $_GET['name'];
$stmt2= $conn->prepare("UPDATE offsite_inventory SET instock_home = ? WHERE id = ?");
$stmt2->execute(array($instock_home, $id));
echo"</table>";
I am trying to load articles from 1 to 5 on the homepage of this website.
When loading the homepage, only results from ID 2 to 5 vs. 1 to 5 are getting displayed and I'm not sure why. It seems there probably is a problem with my while loop but I can't seem to figure it out.
I have added a link to a screenshot of the database to show that there is in fact an article with the ID 1 and I've also added a link to the website itself.
Database in question
Website in question
<div class="bodymainwrap">
<div class="contentwrap">
<?php
if (isset($_GET['id']) && !empty($_GET['id'])) {
$page = "between " . (($_GET['id']*5)-5) . " and " . ($_GET['id']*5);
} else {
$page = "between 1 and 5";
}
require_once '/db.connect';
$query = "SELECT * FROM Articles where id " . $page;
$result = mysqli_query($link, $query);
if (!$result) {
echo "<br />" . $query;
die("<br/> Error: occured while trying to execute the query " . mysqli_error($link));
}
$row = mysqli_fetch_array($result)
?>
<div class="sidebar" align="center">
<a href="/nothing/index.php?id=2" >Page 2</a>
<?php echo $query ?>
</div>
<?php
while ($row = mysqli_fetch_array($result)){
echo '<div class="entry">';
echo '<img src="/nothing/images/julie.jpg">';
echo'<H2>';
echo $row['Title'];
echo'</h2>';
echo '<p>';
echo $row['Article'];
echo '</p>';
echo '</div>';
}
?>
</div>
Your issue is here I believe, with the lone mysqli_fetch_array call after you get $result
$result = mysqli_query($link, $query);
if (!$result) {
echo "<br />" . $query;
die("<br/> Error: occured while trying to execute the query " . mysqli_error($link));
}
$row = mysqli_fetch_array($result) //delete this
Here you have already fetched the first row. Remove that, and just keep it within the loop. That's the underlying reason for how the while loop works. It keeps advancing while mysqli_fetch_array doesn't return null.
How do I fill an inputbox with mysql data. So that I can update the database?
I have this code that will show the table corresponding to the users request. But I don't know the syntax on how I can fill an inputbox with mysql data.
$result = mysql_query("SELECT * FROM t2 WHERE STAT='{$_POST["stat1"]}'");
echo "<table border='1'>
<tr>
<th>HospNum</th>
<th>RoomNum</th>
<th>LastName</th>
<th>FirstName</th>
<th>MidName</th>
<th>Address</th>
<th>TelNum</th>
<th>Status</th>
<th>Nurse</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['HOSPNUM'] . "</td>";
echo "<td>" . $row['ROOMNUM'] . "</td>";
echo "<td>" . $row['LASTNAME'] . "</td>";
echo "<td>" . $row['FIRSTNAME'] . "</td>";
echo "<td>" . $row['MIDNAME'] . "</td>";
echo "<td>" . $row['ADDRESS'] . "</td>";
echo "<td>" . $row['TELNUM'] . "</td>";
echo "<td>" . $row['STAT'] . "</td>";
echo "<td>" . $row['NURSE'] . "</td>";
echo "";
}
echo "";
And I want to display the corresponding records with this html form, by inputting a primary key. And clicking the search button, the record will appear on each box. Just like when you update mysql database through phpmyadmin. But this time using a custom html form.
<td width="168"><input name="hnum" type="text" id="hospnum"></td>
<td width="41"><font size="3">Room #</td>
<td width="3">:</td>
<td width="168"><input name="rnum" type="text" id="rnum"></td>
how can I do that?
<input name="hnum" type="text" id="hospnum" value="<?php echo $row['ROOMNUM']; ?>" />
In text field you have fill the value attribute with php fetched attribute value
echo "<input name='rnum' type='text' id='rnum' value =".$row['ROOMNUM'].">";