Prepared statement WHERE clause to open a details page - where-clause

In the main page I want the following link to open a details page:
<td><a href=details.php?c_id=<?php echo $c_id ?> ><img src="./images/<?php echo $row['cfilename']; ?>" width="90" height="120" alt="" /></a></td>
And the details.php code:
<?php
$mysqli = new mysqli("localhost", "joseph", " ", "collectionsdb");
/* check connection */
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
// get value of object id that was sent from address bar
//$c_id = mysql_real_escape_string(c_id);
/* Create the prepared statement */
if ($stmt = $mysqli->prepare("SELECT c_id,ctitle,csubject,creference,cyear,cobjecttype,cmaterial,ctechnic,cwidth,cheight,cperiod,cmarkings,cdescription,csource,cartist,cfilename FROM collections WHERE c_id=$c_id")) {
/* Execute the prepared Statement */
$stmt->execute();
/* Bind results to variables */
$stmt->bind_result($c_id,$ctitle,$csubject,$creference,$cyear,$cobjecttype,$cmaterial,$ctechnic,$cwidth,$cheight,$cperiod,$cmarkings,$cdescription,$csource,$cartist,$cfilename);
/* fetch values */
while ($rows = $stmt->fetch()) {
// display records in a table
// and the table of results
?>
However, when i press the link the details.php opens with all the data. I expect to only open data of a particular $c_id variable. I am not sure why it is not being passed to the details page. In the way I have put the WHERE condition, I am geting an undefined variable error for c_id.
Please,what have I missed?
Joseph

First
$mysqli = new mysqli("localhost", "joseph", " ", "collectionsdb");
You are passing space to db password. Should be
$mysqli = new mysqli("localhost", "joseph", "", "collectionsdb");
Second
Is your global_register directive in php.ini enabled?
If enabled, the variable you have assigned as query string will be passed as $c_id. You can check if register_globals enabled by write php_info() in this page. See here
If not enabled, you need to assign query string variables value to a variable or directly pass the variable to the database.
Style 1:
$c_id = $_GET['c_id'];
$stmt = $mysqli->prepare("SELECT c_id,ctitle,csubject,creference,cyear,cobjecttype,cmaterial,ctechnic,cwidth,cheight,cperiod,cmarkings,cdescription,csource,cartist,cfilename FROM collections WHERE c_id=$c_id"
Style 2:
$stmt = $mysqli->prepare("SELECT c_id,ctitle,csubject,creference,cyear,cobjecttype,cmaterial,ctechnic,cwidth,cheight,cperiod,cmarkings,cdescription,csource,cartist,cfilename FROM collections WHERE c_id=$_GET['c_id']"
Sanitize you value from query string for style 1 & 2.. Hackable. :)
Let register_global directive enabled is not good. Advise, take the value from query string, sanitize it and pass to the query.

Related

I am stuck, mysqli_query() expects at least 2 parameters

I have a problem with a code in php it shows me this as errors.
register
mysqli_query() expects at least 2 parameters, 1 given in
C:\xampp\htdocs\search_engine\insert.php on line 99
And this is the code :
<?php
$db = new PDO('mysql:host=localhost;dbname=srgn;charset=utf8mb4', 'root', '123456');
if(isset($_POST["submit"]))
{
$s_link = $_POST["s_link"];
$s_key = $_POST["s_key"];
$s_des = $_POST["s_des"];
{
$sql = "insert(site_link, site_key, site_des) values('$s_link', '$s_key', '$s_des')";
$rs = mysqli_query($sql);
if($rs)
{
echo "<script> alert('Site uploaded successfully') </script>";
}
else
{
echo "<script> alert('Uploading failed, please try agin.') </script>";
}
}
}
?>
Where is the error please, and how can I set it?
Pass on the connection link as the first parameter and the SQL query as the second parameter. This is required as you are doing procedural code. Refer to the link below for more details
http://php.net/manual/en/mysqli.query.php

How to read PHP output row by row and create HTML-links from each row

I'm having this PHP-script:
<?php
$old_path = getcwd();
chdir('/var/www/html/SEARCHTOOLS/');
$term1 = $_POST['query1'];
$term2 = $_POST['query2'];
$var = "{$term1} {$term2}";
$outcome = shell_exec("searcher $var");
chdir($old_path);
echo "<pre>$outcome</pre>";
?>
On a searchpage two searchwords are written and the searchbutton is pushed. The search result turns up as a webpage like this:
/var/www/html/SEARCHTOOLS/1974-1991.pdf:1
/var/www/html/SEARCHTOOLS/1974-1991.pdf:3
/var/www/html/SEARCHTOOLS/1974-1991.pdf:7
/var/www/html/SEARCHTOOLS/1974-1991.pdf:7
/var/www/html/SEARCHTOOLS/1974-1991.pdf:9
/var/www/html/SEARCHTOOLS/1974-1991.pdf:13
/var/www/html/SEARCHTOOLS/1974-1991.pdf:13
The result shows links to individual PDF-files and pagenumber in that file, but are not clickable.
Is there a way to make these links clickable so that it opens up for instance in Evince or Acrobat at the correct page number?
Many thanks in advance.
/Paul
I found a correct answer to my problem. It took some time, but here it is:
<?php
// Get current working directory and put it as variable
$old_path = getcwd();
// Change directory
chdir('/var/www/html/SEARCHTOOLS/');
// Create first variable as result of first searchword on searchpage
$term1 = $_POST['query1'];
// Create second variable as result of second searchword on searchpage
$term2 = $_POST['query2'];
// Create a variable combining first AND second variable
$var = "{$term1} {$term2}";
// Create a variable as the result of the executed search using command "sokare" and variable "$var"
$outcome = shell_exec("sokare $var");
// Return to starting directory
chdir($old_path);
// Split the varible "$outcome" per line representing every page in PDF-file where variable "$var" is found
foreach(preg_split("/((\r?\n)|(\r\n?))/", $outcome) as $line){
// Create a variable out of the given pagenumber in PDF-file
$end = substr($line, strpos($line, ":") + 1);
// Trim the line by removing leading directories from line
$line2 = str_replace('/var/www/html', '', $line);
// Change a string from lower to upper case
$line2 = str_replace('searchtools', 'SEARCHTOOLS', $line2);
// Remove the colon and anything behind it from line
$line2 = array_shift(explode(':', $line2));
// Add suffix to line to facilitate linking to pagenumber in PDF-file
$line3 = str_replace(" ", "_", $line2).'#page=';
// Add pagenumber from the variable "$end"
$line3 = str_replace(" ", "_", $line3).$end;
// Print each line as a correct URL-link
echo "<pre><a href=$line3>$line3</a></pre>";
}
?>
The search results will now turn up as (and are clickable):
/SEARCHTOOLS/1974-1991.pdf#page=1
/SEARCHTOOLS/1974-1991.pdf#page=3
/SEARCHTOOLS/1974-1991.pdf#page=7
Just a small edit. The line ....
// Add suffix to line to facilitate linking to pagenumber in PDF-file
$line3 = str_replace(" ", "_", $line2).'#page=';
...works better with:
// Add suffix to line to facilitate linking to pagenumber in PDF-file
if (substr($line2, -3) == 'pdf') {
$line3 = $line2.'#page=';
}

How to inject a variable inside an SQL associated array?

I have many websites that use some of the same content snippets and instead of manually updating all the different websites, I thought it would be a good idea to have the content stored in a database as to only have one copy instead of multiple. It works great except for one issue which is the images that are in the article are sometimes left aligned and other times right aligned.
My solution was to add the following code to the article's image CSS tag that is in the database and use a variable on each of the individual pages to add the custom classes to the image.
class="<?php echo $ImgClass01; ?>"
EDIT: here is more of the content from what is stored in the database field to make my question a little more understandable.
<p><img src="img/charleston.jpg" class="<?php echo $ImgClass01; ?>">Is it the delightful year-round climate? The almost-European feel of its downtown city streets? The overwhelming...</p>
However, the webpage is only showing the text when viewing the source code and not using the variable. Almost anything is possible, but I'm not sure how to make this work.
Here is the code on the page...
// value for the class within the article to be printed on the page
$ImgClass01 = 'img-responsive img-rounded pull-right';
//Start a while loop to process all the rows
while ($row = mysql_fetch_assoc ($result_set))
{
$article = $row['article'];
echo $article;
} //END WHILE
EDIT: Just in case the entire page will be helpful, here is it.
<?php
$PageTitle = "Charleston, South Carolina | Local Towns";
$PageDescription = "Charleston is rated the first most popular vacation destination in the United States, and it surely must rank in...";
// 1. Create a database connection
$link = mysql_connect ("localhost", "root", "");
if (!$link) die("Could not connect: " . mysql_error());
// 2. Select a database to use
if (!mysql_select_db ("articleBank"))
die("Problem with the database: " . mysql_error());
// 3. Set up query for items to display
$query = "SELECT article FROM `articles` WHERE ID = 1";
// 4. Execute the query
$result_set = mysql_query ($query);
include ("theme/header.php");
// value for the class within the article to be printed on the page
$ImgClass01 = 'img-responsive img-rounded pull-right';
//Start a while loop to process all the rows
while ($row = mysql_fetch_assoc ($result_set))
{
$article = $row['article'];
echo $article;
} //END WHILE
// 5. Close Connection
mysql_close();
include ("theme/footer.php");
?>
while ($row = mysql_fetch_assoc ($other_result_set))
{
$ImgClass01 = $row['ImgClass01'];
}
not sure what you wanted, but you could use left, right in some row like place..

PHP 5 display mysql table error - Call to undefined function mysql_results()

I premise I'm new to php. I've tried to create a php page that displays the content of a MySQL database. As I try it in localhost I have this warning:
"Fatal error: Call to undefined function mysql_results() in C:\xampp\htdocs\phplessons\guestbook_displayer_2.php on line 18". It seems the db connection works. Someone have a tip?
This is my code:
<html>
<head></head>
<title>Display MySQL db</title>
<body>
<?php
$db=mysql_connect("localhost","root","mypassword"); //db connection
mysql_select_db ("prova001"); //choose a db
$res=mysql_query("SELECT * from php_guestbook"); //query a table
$num=mysql_num_rows($res);
// begin table
echo "<table border=1>";
echo "<tr><td>Nr.</td><td>First name</td>";
echo"<td>Last name</td><td>Country</td>";
echo"<td>E-Mail address</td><td>Telephone</td></tr>";
// contatore
for ($i=0; $i<$num; $i++)
{
$cg=mysql_results($res,$i,"firstname"); // line 18 this var is undefined.
$nm=mysql_results($res,$i,"lastname"); //Probably also the others have a similar problem.
$np=mysql_results($res,$i,"country"); //Can it be due to a bad record counter?
$st=mysql_results($res,$i,"email");
$tl=mysql_results($res,$i,"telephone");
$lf=$i+1;
//
echo "<tr><td>$lf</td><td>$cg</td><td>$nm</td><td>$np</td><td>$st</td><td>$tl</td></tr>";
}
echo "</table>";
mysql_close($db);
?>
</body>
You have probably made a typo. The method is mysql_result() without 's'.
But, you can shorten your query result handling by this way ;
// query
$res=mysql_query("SELECT * from php_guestbook"); //query a table
// begin table
echo "<table border=1>";
echo "<tr><td>Nr.</td><td>First name</td>";
echo"<td>Last name</td><td>Country</td>";
echo"<td>E-Mail address</td><td>Telephone</td></tr>";
while ($item = #mysql_fetch_assoc($res)) {
// do something with var $item;
$cg = $item['firstname'];
$nm = $item['lastname'];
// ect
}

How to do mysql_fetch_array in Magento

I want to create a drop down option using Magento module that populate the data from the database I created.
Previously, I have this code in My IndexController.php which is work. This is the first code.
public function dropdownAction() {
if (file_exists('./app/etc/local.xml')) {
$xml = simplexml_load_file('./app/etc/local.xml');
$tblprefix = $xml->global->resources->db->table_prefix;
$dbhost = $xml->global->resources->default_setup->connection->host;
$dbuser = $xml->global->resources->default_setup->connection->username;
$dbpass = $xml->global->resources->default_setup->connection->password;
$dbname = $xml->global->resources->default_setup->connection->dbname;
}
else {
exit('Failed to open ./app/etc/local.xml');
}
$link = mysql_connect($dbhost,$dbuser,$dbpass);
mysql_select_db($dbname) or die("Unable to select database");
$tblname = $tblprefix.'my_db_table';
$result = mysql_query("SELECT dropdowndata FROM ".$tblname."");
echo '<select>';
while ($ary = mysql_fetch_array($result)){
echo "<option>" . $ary['dropdowndata '] . "</option>";
}
echo "</select>";
mysql_close($link);
}
But I think the code above is not the Magento way. Do you agree?
Now, I want to populate the data with this code in IndexController.php. This is the second code.
public function dropdownAction() {
$options= Mage::getModel('my/model')->getCollection();
foreach($options as $option){
$optionData = $option->getDropdowndata ();
echo "<select>";
echo "<option>" .$optionData."</option>";
echo "</select>";
}
}
Using the code above, the data was populated but one data with one drop down option. So there are so many drop down options appear on the browser, each drop down option will contain only one data.
I think I am missing the while ($ary = mysql_fetch_array($result)). But I confuse how to include that code?
So, my question is how to do mysql_fetch_array in Magento? Or can somebody please explain how to make the second code above work like the first code.
getData() function returns an array of the whole data, and of course need move 'select' nodes out of the foreach
echo "<select>";
foreach($options as $option){
$optionData = $option->getData();
echo "<option>" .$optionData['somekey'] ."</option>";
}
echo "</select>";
But I think would be better use the magento magic functions, for example if you have 'entity_id' column in DB you can get value using $option->getEntityId(), etc...
And why do you have select inside of foreach? I think something like this will solve your problem:
public function dropdownAction() {
$options= Mage::getModel('my/model')->getCollection();
echo "<select>";
foreach($options as $option){
$optionData = $option->getDropdowndata ();
echo "<option>" .$optionData."</option>";
}
echo "</select>";
}