i am developing a website using php and mysql,in this website - javascript

i want to fetch data from my database which is linked to the website,i have created a search box,whenever i enter a particular value in search box,it should display all the related content from the database.i have done the following code,it is not fetching the data from the database,it just shows a blank screen.
<?php
define('db_name','njgh');
define('db_user','root');
define('db_password','');
define('db_host','localhost');
session_start();
$link=mysql_connect(db_host,db_user,db_password);
if(!$link)
{
die('couldnot connetc:'.mysql_error());
}
$db_selected=mysql_select_db(db_name,$link);
if(!$db_selected)
{
die('cant connect to db');
}
function clean($str) {
$str = #trim($str);
if(get_magic_quotes_gpc()) {
$str = stripslashes($str);
}
return mysql_real_escape_string($str);
}
$value = clean($_POST['searchtext']);
$qry = "SELECT * FROM database WHERE Site_ID = '$value'";
$result = mysql_query($qry);
print_r($result);

mysql_query function return resource ID not your data , use mysql_fetch_array, mysql_fetch_object to get data
$value = ($_POST['searchtext']);
$result = mysql_query("SELECT * FROM database WHERE Site_ID = '$value'");
while ($row = mysql_fetch_array($result, MYSQL_NUM)) {
printf("ID: %s Name: %s", $row[0], $row[1]);
}

mysql_* has been removed entirely as of PHP 7.0. Prevent SQL injection and use the mysqli statement class.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "njgh";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$value = $_POST['searchtext'];
/* create a prepared statement */
if($stmt = $conn->prepare("SELECT * FROM database WHERE Site_ID =?")) {
/* bind parameters for markers */
$stmt->bind_param("s", $value);
/* execute query */
$stmt->execute();
$result = $stmt->get_result();
if($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
echo $row['db_table_field_name'];
}
//or
$row = $result->fetch_assoc();
print_r($row);
} else {
}
/* close statement */
$stmt->close();
}
/* close connection */
$con->close();
?>

The original MySQL extension is now deprecated, and will generate E_DEPRECATED errors when connecting to a database. Instead, use the MySQLi or PDO_MySQL extensions.
Hope this will work for you......
<?php
define('db_name','sports');
define('db_user','root');
define('db_password','');
define('db_host','localhost');
$link=mysqli_connect(db_host,db_user,db_password,db_name);
if(!$link)
{
die('couldnot connect:'.mysql_error());
}
function clean($str) {
$link=mysqli_connect(db_host,db_user,db_password,db_name);
$str = #trim($str);
if(get_magic_quotes_gpc())
$str = stripslashes($str);
return mysqli_real_escape_string($link, $str);
}
if(isset($_POST['searchtext'])){
$value = clean($_POST['searchtext']);
$qry = "SELECT * FROM cricket WHERE id = '$value'";
$qrydb = mysqli_query($link, $qry);
while($row=mysqli_fetch_array($qrydb)){
$name = $row['name'];
}
echo $name ;
}
?>
<body>
<form method="post">
<input type="text" name="searchtext">
<input type="submit" name="submit">
</form>
</body>

Related

Can't delete on Angular

I'm trying to delete one line from a table, however and even following the examples on stackoverflow, I can't reach a solution.
One of the Important things before start, is that I have the url's hidden, so I don't see the Get url, even the splice don't delete the right line on the table.
HTML:
<button id="{{value.username}}" type='button' type="button" ng-click="delete(value.username, $index)" class="btn btn-primary">Delete</button></td>
JS
$scope.delete = function(deletingId, index){
console.log(deletingId);
$http.get("../admin/deleted.php?username=" + deletingId)
.success(function(data){
$scope.data.splice(index, 1);
console.log('dadasdas');
})
}
PHP
$id = $_GET ['username'];
$sql = "SELECT * FROM members";
$records = mysql_query($sql);
if(isset($_GET['username'])){
$id = $_GET ['username'];
$delete = "DELETE FROM members WHERE username= '$id'";
$res = mysql_query($delete) or die ("FAILED" .mysql_error());
}
Am I doing anything wrong ( the scope is working, the php src is correct, but even doing an echo on php it doesn't fulfill nothing) since I've the url's hidden is there anyway to make it as a post?
Thanks in advance
Try this (I will use Mysqli, because I don't use Mysql);
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "myDB";
$conn = new mysqli($servername, $username, $password, $dbname);
$id = $_GET['username'];
$sql = "SELECT * FROM users";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
if (strtolower($id) == strtolower($row['username'])) {
$sql = "DELETE FROM users WHERE id=".row['id'];
$conn->query($sql);
}
}
} else {
echo "No accounts registered!";
}
So, deleting stuff with SQL, is case sensitive. So, I hope/think you have a auto increment id in your database. Then this will 100% surely work!

Selecting row with multiple parameters (ajax and PHP)

Good Day,
I'm new to PHP/MySQL and I try to send a request from ajax and select a row in a database with multiple parameters.
Is this the good way to do that ?
AJAX (Jquery):
function readLine(name, firstname) {
$.ajax({
type: "post",
url: "./php/readLine.php",
dataType: 'json',
data: { name: name, firstname: firstname },
success: function(data) {
console.log(data);
}
error: function(data) {
console.log("An error occured!");
}
});
}
PHP:
<?php
$sql = "SELECT * FROM table1 WHERE firstname=".intval($_POST['firstname'])." AND name=".intval($_POST['name']);
$con = mysqli_connect("localhost", "root", "", "myDB");
if (!$con) {
die("Connection failed: " . mysqli_error($con));
}
$result = mysqli_query($con, $sql);
$to_encode = array();
while($row = mysqli_fetch_array($result, MYSQLI_NUM)){
$to_encode[] = $row;
}
echo json_encode($to_encode);
mysqli_close($con);
?>
Thanks for your help.
You can do it using PDO with prepared statements, that'll make sure the user input is made safe. Like this:
try {
$db = new PDO('mysql:dbname=db_name;host=localhost', 'db_user', 'db_password');
} catch (PDOException $e) {
die('Connection failed: ' . $e->getMessage());
}
$sql = "SELECT * FROM table1 WHERE firstname=:firstname AND name=:name";
$stmt = $db->prepare($sql);
$stmt->bindParam(':firstname', $_POST['firstname'], PDO::PARAM_STRING);
$stmt->bindParam(':name', $_POST['name'], PDO::PARAM_STRING);
$stmt->execute();
$result = $stmt->fetchAll();
echo json_encode($result);
Move the first 5 lines into an include, then you only need this code once.
Firstly, you should use prepared statements instead, as currently the code is susceptible to SQL Injection attacks. I cannot emphasise this enough, an attacker would be able to wreak havoc on your database with the code you currently have.
You should use something like the following (taken from the page linked above, and this comment on the same page). Note that I have removed the intval calls to your POSTed data, as I assume they are strings rather than integers.
$to_encode = array();
$mysqli = new mysqli("localhost", "root", "password", "myDB");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
/* create a prepared statement */
if ($stmt = $mysqli->prepare("SELECT * FROM table1 WHERE firstname=? AND name=?")) {
/* bind parameters for markers */
$stmt->bind_param("ss", $_POST['firstname'], $_POST['name']);
/* execute query */
$stmt->execute();
/* instead of bind_result: */
$result = $stmt->get_result();
/* now you can fetch the results into an array - NICE */
while ($myrow = $result->fetch_assoc()) {
// use your $myrow array as you would with any other fetch
$to_encode[] = $myrow;
}
/* close statement */
$stmt->close();
}
/* close connection */
$mysqli->close();
echo json_encode($to_encode);
$stmt = $con->prepare("SELECT * FROM table1 WHERE name=? and firstname=?");
$stmt->bind_param($name ,$firstname);
// set parameters and execute
$firstname = mysqli_real_escape_string($con, $_POST['firstname']);
$name = mysqli_real_escape_string($con, $_POST['name']);
$stmt->execute();
$stmt->bind_result($to_encode);
$stmt->fetch();
echo json_encode($to_encode);

Fetch data from database and send it to javascript function

I am selecting input values from the database and I want to send it to the javascript function addVal() so that I can retrieve this value. I do not want to use echo. It is not working right now and I don't know how I can make it work.
<h1>trial,</h1>
<div id ="val"> </div>
<?php
$name = $_POST['postname'];
$host = 'localhost';
$user = 'root';
$pass = 'root';
$db_name="big";
$conn = new mysqli($host, $user, $pass, $db_name);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "connected";
$sql = "SELECT input FROM trial_db";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while( $row = $result->fetch_assoc()) {
$value = $row['input'];
addVal ($value);
}
}
?>
<script>
function addVal (value){
document.getElementById("val").innerHTML+= value ;
}
</script>
Calling js function from php will not work remove that code from php.
And change in js.
<script>
function addVal (){
var value = "<?php echo $value; ?>";
document.getElementById("val").innerHTML+= value ;
}
</script>
Will only work if js and php codes are in same php file.

mysql_fetch_array error at line 6

mysql_fetch_array() expects parameter 1 to be resource, boolean given in
<?php
mysql_connect ("localhost", "cab","a321") or die (mysql_error());
mysql_select_db ("ppwxpjey_mcidb");
$termOrd = $_POST['termOrd'];
$sql = mysql_query("select * from booking where order_no like '%$termOrd%'");
while ($row = mysql_fetch_array($sql)){
echo "<table width='1000' border='2' align='center' style='background-color:#FFFFFF;border-collapse:collapse;border:2px solid #6699FF;color:#000000'><tr><th>ORDER NO</th><th>NAME</th><th>MOBILE</th><th>FROM PLACE</th><th>TO PLACE</th><th>JOURNEY DATE</th><th>JOURNEY TIME</th><th>PERSON</th><th>BOOKING TIME</th></tr>";
echo "<tr><td>".$row["ORDER_NO"]."</td><td>".$row["NAME"]."</td><td>".$row["MOBILE"]."</td><td>".$row["FROM_PLACE"]."</td><td>".$row["TO_PLACE"]."</td><td>".$row["JOURNEY_DATE"]."</td><td>".$row["JOURNEY_TIME"]."</td><td>".$row["PERSON"]."</td><td>".$row["UPDATE_TIME"]."</td></tr>";
echo '<br/>';
}
?>
You've to run the query before passing it in mysql_fetch_array which expects resource as a parameter. So change your code like this,
$sql = mysql_query("select * from booking where order_no like '%$termOrd%'");
$result = mysql_query($query) or die(mysql_error());
// This is where you're getting resource or throwing SQL error.
while ($row = mysql_fetch_array($result)){
// YOUR LOGIC.
}
Warning mysql_query, mysql_fetch_array,mysql_connect etc.. extensions were deprecated in PHP 5.5.0, and it was removed
in PHP 7.0.0. Instead, the MySQLi or PDO_MySQL extension should be
used. Source : http://php.net/manual/en/function.mysql-query.php
So update your code as soon as you can.
Use mysqli_* or PDO . mysql_* is deprecated.
The original MySQL extension is now deprecated, and will generate E_DEPRECATED errors when connecting to a database. Instead, use the MYSQLi or PDO_MySQL extensions. use prepared statement
//db connection
global $conn;
$servername = "localhost"; //host name
$username = "cab"; //username
$password = "a321"; //password
$mysql_database = "ppwxpjey_mcidb"; //database name
//mysqli prepared statement
$conn = mysqli_connect($servername, $username, $password) or die("Connection failed: " . mysqli_connect_error());
mysqli_select_db($conn,$mysql_database) or die("Opps some thing went wrong");
$termOrd = "%{$_POST['termOrd']}%";
$stmt = $conn->prepare("select * from booking where order_no like ? ");
$stmt->bind_param('s',$termOrd);
$stmt->execute();
$get_result= $stmt->get_result();
$row_count= $stmt->affected_rows;
if($row_count>0)
{
while($row=$get_result->fetch_assoc())
{
echo "<table width='1000' border='2' align='center' style='background-color:#FFFFFF;border-collapse:collapse;border:2px solid #6699FF;color:#000000'><tr><th>ORDER NO</th><th>NAME</th><th>MOBILE</th><th>FROM PLACE</th><th>TO PLACE</th><th>JOURNEY DATE</th><th>JOURNEY TIME</th><th>PERSON</th><th>BOOKING TIME</th></tr>";
echo "<tr><td>".$row["ORDER_NO"]."</td><td>".$row["NAME"]."</td><td>".$row["MOBILE"]."</td><td>".$row["FROM_PLACE"]."</td><td>".$row["TO_PLACE"]."</td><td>".$row["JOURNEY_DATE"]."</td><td>".$row["JOURNEY_TIME"]."</td><td>".$row["PERSON"]."</td><td>".$row["UPDATE_TIME"]."</td></tr>";
echo '<br/>';
}
}
$stmt->close();
$conn->close();

Replicate the same data request query, but using a JavaScript Ajax post

Replicate the same data request query, but use a JavaScript Ajax post so that it doesn’t refresh the page on button press, just requests another page and display in a section on the page.
i need some help changing this to a ajax post
my code
*<?php
if(isset($_POST['submit']))
{
$success = $_POST['success'];
$dates = $_POST['dates'];
$datee = $_POST['datee'];
/*** mysql hostname ***/
$hostname = 'localhost';
$dbname = '*******';
/*** mysql username ***/
$username = 'root';
/*** mysql password ***/
$password = '*******';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password);
$tablename = 'login_attempts';
$sql = 'SHOW COLUMNS FROM `'.$tablename.'`';
$fields = array();
$csv = array();
$stmt = $dbh->query($sql);
while($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
array_push($fields, $row['Field']);
}
array_push($csv, $fields);
$success = mysql_real_escape_string($success);
$sql = "SELECT * FROM $tablename WHERE success = '".$success."' AND attempted >='".$dates."' AND attempted <='".$datee."'";
$stmt = $dbh->query($sql);
$stmt->execute();
$csv = array();
while($row = $stmt->fetch(PDO::FETCH_NUM))
{
array_push($csv, $row);
}
$fp = fopen('file.csv', 'w');
foreach ($csv as $row) {
fputcsv($fp, $row);
}
fclose($fp);
header("Content-type: application/csv");
header("Content-Disposition: attachment; filename=export.csv");
header("Pragma: no-cache");
header("Expires: 0");
readfile('file.csv');
$dbh = null;
} catch(PDOException $e) {
echo $e->getMessage();
}
exit();}
?>
<html>
<head>
<title>csv with criteria</title>
</head>
<body>
<form action="csv2.php" method="post" enctype="multipart/form-data">
Select data range
<br>
<input type="date" name="dates" id="dates"> Starting date
<br>
<input type="date" name="datee" id="datee"> Ending date
<br>
Select what data you'd like
<br>
<input type="radio" name="success" value="1" checked> Yes<br>
<input type="radio" name="success" value="0"> No<br>
<input type="submit" value="show" name="submit">
<br>
</form>
</body>
</html>*
If you want to use AJAX request on form submit you should:
Import the jQuery library: e.g. <script src="//code.jquery.com/jquery-1.12.0.min.js"></script>
Create a new JavaScrpit file where you will catch the form submit event, send jQuery request and analize the response, e.g.:
$(document).ready(function(){
$("#myForm").submit(function(e){
e.preventDefault(); //stop sending the form
//here you should validate your form
//submit it via AJAX:
$.ajax({
url: "csv2.php",
data: { dates: $("#dates").val(), datee: $("#datee").val(), $('input[name='success']:checked', '#myForm').val() }
})
})
});
You can use another functions of AJAX object such as success or error callback functions: jQuery.ajax(). Don't forget to add ID to your form.
You can see this post where it's explained how to make a good ajax call to POST parameters. But you will need to separate this portion of code :
<?php
if(isset($_POST['submit']))
{
$success = $_POST['success'];
$dates = $_POST['dates'];
$datee = $_POST['datee'];
/*** mysql hostname ***/
$hostname = 'localhost';
$dbname = '*******';
/*** mysql username ***/
$username = 'root';
/*** mysql password ***/
$password = '*******';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=$dbname", $username, $password);
$tablename = 'login_attempts';
$sql = 'SHOW COLUMNS FROM `'.$tablename.'`';
$fields = array();
$csv = array();
$stmt = $dbh->query($sql);
while($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
array_push($fields, $row['Field']);
}
array_push($csv, $fields);
$success = mysql_real_escape_string($success);
$sql = "SELECT * FROM $tablename WHERE success = '".$success."' AND attempted >='".$dates."' AND attempted <='".$datee."'";
$stmt = $dbh->query($sql);
$stmt->execute();
$csv = array();
while($row = $stmt->fetch(PDO::FETCH_NUM))
{
array_push($csv, $row);
}
$fp = fopen('file.csv', 'w');
foreach ($csv as $row) {
fputcsv($fp, $row);
}
fclose($fp);
header("Content-type: application/csv");
header("Content-Disposition: attachment; filename=export.csv");
header("Pragma: no-cache");
header("Expires: 0");
readfile('file.csv');
$dbh = null;
} catch(PDOException $e) {
echo $e->getMessage();
}
exit();}
?>
into one another php file.

Categories