PHP - Trying To Use Php Variables In A Mysql Select Query

This topic has been moved to MySQL Help.

http://www.phpfreaks.com/forums/index.php?topic=348309.0

Hi there,

I'm having a problem with updating a record with an UPDATE mysql query and then following that query with a SELECT query to get those values just updated.

This is what I'm trying to do...I'd like a member to be able to complete a recommended task and upon doing so, go to a page in their back office where they can check off that task as "Completed".  This completed task would be recorded in their member record in our database so that when they return to this list, it will remain as "Completed".  I'm providing the member with a submit button that will call the same page and then update depending on which task is clicked as complete.

Here is my code:
Code: [Select]
$memberid = $_SESSION['member'];

// Check if form has been submitted
if(isset($_POST['task_done']) && $_POST['task_submit'] == 'submitted')
{
  $taskvalue = $_POST['task_value'];
  $query = "UPDATE membertable SET $taskvalue = 'done' WHERE id = $memberid";
  $result = mysqli_query($dbc, $query);
}

$query ="SELECT task1, task2, task3 FROM membertable WHERE id = $memberid";
$result = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);

$_SESSION['task1'] = $row['task1'];
$_SESSION['task2'] = $row['task2'];
$_SESSION['task3'] = $row['task3'];
?>
<h4>Task List</h4>
<table>

  <form action="" method="post">
    <tr>
      <td>Task 1</td>
      <td><?php if($_SESSION['task1'] == 'done') {echo '<div>Completed</div>';} else{ echo '<input type="submit" name="task_done" value="Mark As Completed" />';} ?></td>
    </tr>
    <input type="hidden" name="task_value" value="task1" />
    <input type="hidden" name="task_submit" value="submitted" />
  </form>

  <form action="" method="post">
    <tr>
      <td>Task 1</td>
      <td><?php if($_SESSION['task1'] == 'done') {echo '<div>Completed</div>';} else{ echo '<input type="submit" name="task_done" value="Mark As Completed" />';} ?></td>
    </tr>
    <input type="hidden" name="task_value" value="task2" />
    <input type="hidden" name="task_submit" value="submitted" />
  </form>

  <form action="" method="post">
    <tr>
      <td>Task 1</td>
      <td><?php if($_SESSION['task1'] == 'done') {echo '<div>Completed</div>';} else{ echo '<input type="submit" name="task_done" value="Mark As Completed" />';} ?></td>
    </tr>
    <input type="hidden" name="task_value" value="task3" />
    <input type="hidden" name="task_submit" value="submitted" />
  </form>

</table>

The problem that I am having is that the database is not updated with the value "done" but after submission, the screen displays "Completed" instead of "Mark As Completed".  So the value is being picked up as "done", but that is why I have the SELECT after the UPDATES, so that there is always a current value for whether a task is done or not.  Then I refresh and the screen returns the button to Mark As Complete.  Also, when I try marking all three tasks as, sometimes all three are updated, sometimes only one or two and again, I leave the page or refresh and the "Marked As Completed" buttons come back.  Bizarre.  If anyone can tell me where my logic is going wrong, I would appreciate it.

I have a photo album style gallery to build
and
i'm finding it dificult to list all the table names (these are names of photo albums) and then enter the data into a seperate query for each album name (these will change often so i cant keep updating the file as normal. this will then post all the data to the xml file and show the set of photos in the individual albums in a flash file.
can anyone help me where im going wrong at all?



<?php
$dbname = 'cablard';

if (!mysql_connect('localhost', 'cablard', '')) {
    echo 'Could not connect to mysql';
    exit;
}

$sql = "SHOW TABLES FROM $dbname";
$result = mysql_query($sql);

if (!$result) {
    echo "DB Error, could not list tables\n";
    echo 'MySQL Error: ' . mysql_error();
    exit;
}

while ($row = mysql_fetch_row($result)) {
    echo "Table: {$row[0]}\n";
}

mysql_free_result($result);



$query = "SELECT * FROM photo ORDER BY id DESC"; 
$result2 = mysql_query ($query)  or die ("Error in query: $query. ".mysql_error());

   
   while ($row = mysql_fetch_array($result2))  
   {                                       
         echo  "
<image>
<date>".$row['date']."</date>
<title>".$row['title']."</title>
<desc>".$row['description']."</desc>
<thumb>".$row['thumb']."</thumb>
<img>".$row['image']."</img>
</image>

";


   }                      
?>


Thanks
James

Hello all,   Based on the suggestion of you wonderful folks here, I went away for a few days (to learn about PDO and Prepared Statements) in order to replace the MySQLi commands in my code. That's gone pretty well thus far...with me having learnt and successfully replaced most of my "bad" code with elegant, SQL-Injection-proof code (or so I hope).   The one-and-only problem I'm having (for now at least) is that I'm having trouble understanding how to execute an UPDATE query within the resultset of a SELECT query (using PDO and prepared statements, of course).   Let me explain (my scenario), and since a picture speaks a thousand words I've also inlcuded a screenshot to show you guys my setup:   In my table I have two columns (which are essentially flags i.e. Y/N), one for "items alreay purchased" and the other for "items to be purchased later". The first flag, if/when set ON (Y) will highlight row(s) in red...and the second flag will highlight row(s) in blue (when set ON).   I initially had four buttons, two each for setting the flags/columns to "Y", and another two to reverse the columns/flags to "N". That was when I had my delete functionality as a separate operation on a separate tab/list item, and that was fine.   Now that I've realized I can include both operations (update and delete) on just the one tab, I've also figured it would be better to pare down those four buttons (into just two), and set them up as a toggle feature i.e. if the value is currently "Y" then the button will set it to "N", and vice versa.   So, looking at my attached picture, if a person selects (using the checkboxes) the first four rows and clicks the first button (labeled "Toggle selected items as Purchased/Not Purchased") then the following must happen:   1. The purchased_flag for rows # 2 and 4 must be switched OFF (set to N)...so they will no longer be highlighted in red. 2. The purchased_flag for row # 3 must be switched ON (set to Y)...so that row will now be highlighted in red. 3. Nothing must be done to rows # 1 and 5 since: a) row 5 was not selected/checked to begin with, and b) row # 1 has its purchase_later_flag set ON (to Y), so it must be skipped over.   Looking at my code below, I'm guessing (and here's where I need the help) that there's something wrong in the code within the section that says "/*** loop through the results/collection of checked items ***/". I've probably made it more complex than it should be, and that's due to the fact that I have no idea what I'm doing (or rather, how I should be doing it), and this has driven me insane for the last 2 days...which prompted me to "throw in the towel" and seek the help of you very helpful and intellegent folks. BTW, I am a newbie at this, so if I could be provided the exact code, that would be most wonderful, and much highly appreciated.   Thanks to you folks, I'm feeling real good (with a great sense of achievement) after having come here and got the great advice to learn PDO and prepared statements.   Just this one nasty little hurdle is stopping me from getting to "end-of-job" on my very first WebApp. BTW, sorry about the long post...this is the best/only way I could clearly explaing my situation.   Cheers guys!

case "update-delete":
	if(isset($_POST['highlight-purchased'])) 
		{
			// ****** Setup customized query to obtain only items that are checked ******
			$sql = "SELECT * FROM shoplist WHERE";
					for($i=0; $i < count($_POST['checkboxes']); $i++)
						{
							$sql=$sql . " idnumber=" . $_POST['checkboxes'][$i] . " or";
						}
					$sql= rtrim($sql, "or");
											
			$statement = $conn->prepare($sql);
			$statement->execute();
																						
			// *** fetch results for all checked items (1st query) *** //
			$result = $statement->fetchAll();

			$statement->closeCursor();
											
			// Setup query that will change the purchased flag to "N", if it's currently set to "Y"
			$sqlSetToN = "UPDATE shoplist SET purchased = 'N' WHERE purchased = 'Y'";
											
			// Setup query that will change the purchased flag to "Y", if it's currently set to "N", "", or NULL
			$sqlSetToY = "UPDATE shoplist SET purchased = 'Y' WHERE purchased = 'N' OR purchased = '' OR purchased IS NULL";

			$statementSetToN = $conn->prepare($sqlSetToN);
			$statementSetToY = $conn->prepare($sqlSetToY);
											
			/*** loop through the results/collection of checked items ***/
			foreach($result as $row)
				{
					if ($row["purchased"] != "Y")
						{
							// *** fetch one row at a time pertaining to the 2nd query *** //
							$resultSetToY = $statementSetToY->fetch();
															
							foreach($resultSetToY as $row)
								{															
									$statementSetToY->execute();																
								}
						}
					else
						{
							// *** fetch one row at a time pertaining to the 2nd query *** //
							$resultSetToN = $statementSetToN->fetch();
															
							foreach($resultSetToN as $row)
								{															
									$statementSetToN->execute();																
								}
						}
				}
				break;
		}

 CRUD Queston.png   20.68KB   0 downloads    

Here is my code:
// Start MySQL Query for Records
$query = "SELECT codes_update_no_join_1b" .
"SET orig_code_1 = new_code_1,
       orig_code_2 = new_code_2" .
"WHERE concat(orig_code_1, orig_code_2) = concat(old_code_1, old_code_2)";
$results = mysql_query($query) or die(mysql_error());
// End MySQL Query for Records


This query runs perfectly fine when run direct as SQL in phpMyAdmin, but throws this error when running in my script??? Why is this???

Code: [Select]
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= new_code_1, orig_code_2 = new_code_2WHERE concat(orig_code_1, orig_c' at line 1

If you also have any feedback on my code, please do tell me. I wish to improve my coding base.

Basically when you fill out the register form, it will check for data, then execute the insert query. But for some reason, the query will NOT insert into the database. In the following code below, I left out the field ID. Doesn't work with it anyways, and I'm not sure it makes a difference.

Code:

  Code: [Select]
mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)");
Full code:

Code: [Select]
<?php
include_once("includes/config.php");
 
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title><? $title; ?></title>
<meta http-equiv="Content-Language" content="English" />
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
</head>
<body>
 
<div id="wrap">
 
<div id="header">
<h1><? $title; ?></h1>
<h2><? $description; ?></h2>
</div>
 
<? include_once("includes/navigation.php"); ?>
 
<div id="content">
<div id="right">
<h2>Create</h2>
<div id="artlicles">
<?php
 
if(!$_SESSION['user'])
{
 
        $username = mysql_real_escape_string($_POST['username']);
        $password = mysql_real_escape_string($_POST['password']);
        $name = mysql_real_escape_string($_POST['name']);
        $server_type = mysql_real_escape_string($_POST['type']);
        $description = mysql_real_escape_string($_POST['description']);
 
        if(!$username || !$password || !$server_type || !$description || !$name)
        {

        echo "Note: Descriptions allow HTML. Any abuse of this will result in an IP and account ban. No warnings!<br/>All forms are required to be filled out.<br><form action='create.php' method='POST'><table><tr><td>Username</td><td><input type='text' name='username'></td></tr><tr><td>Password</td><td><input type='password' name='password'></td></tr>";
        echo "<tr><td>Sever Name</td><td><input type='text' name='name' maxlength='35'></td></tr><tr><td>Type of Server</td><td><select name='type'>
       
        <option value='Any'>Any</option>
        <option value='PvP'>PvP</option>
        <option value='Creative'>Creative</option>
        <option value='Survival'>Survival</option>
        <option value='Roleplay'>RolePlay</option>
       
        </select></td></tr>
       
        <tr><td>Description</td><td><textarea maxlength='1500' rows='18' cols='40' name='description'></textarea></td></tr>";
        echo "<tr><td>Submit</td><td><input type='submit'></td></tr></table></form>";
        }
        elseif(strlen($password) < 8)
        {
        echo "Password needs to be higher than 8 characters!";
        }
        elseif(strlen($username) > 13)
        {
                echo "Username can't be greater than 13 characters!";
        }
        else
        {
                $check1 = mysql_query("SELECT username,name FROM servers WHERE username = '$username' OR name = '$name' LIMIT 1");
               
                if(mysql_num_rows($check1) < 0)
                {
                        echo "Sorry, there is already an account with this username and/or server name!";
                }
                else
                {
                        $ip = $_SERVER['REMOTE_ADDR'];

                        mysql_query("INSERT INTO servers (username, password, name, type, description, ip, votes, beta) VALUES ($username, $password, $name, $server_type, $description, $ip, 0, 1)");
                        echo "Server has been succesfully created!";
                }
        }
       
}
else
{
        echo "You are currently logged in!";
}
 
?>
</div>
</div>
 
<div style="clear: both;"> </div>
</div>
 
<div id="footer">
<a href="http://www.templatesold.com/" target="_blank">Website Templates</a> by <a href="http://www.free-css-templates.com/" target="_blank">Free CSS Templates</a> - Site Copyright MCTop
</div>
</div>
 
</body>
</html>

Hello.

I have  a simple enough code that takes information from one table and drops it into another.  This is great, but I have 2a new complexities that I have been unable to code correctly.

A.  'lastname', 'firstname' on table1 need to be combined into 'name'

How & Where do I combine these strings and then pass them?

Code: [Select]
<?php
include('dbconfig.php');


// Make a MySQL Connection
mysql_connect("localhost", "$user", "$password") or die(mysql_error());
mysql_select_db("$database") or die(mysql_error());

$result = mysql_query(
"INSERT INTO table2 (lastname, firstname, email)
SELECT lastname, firstname, email
FROM table1
WHERE email='someemail@gmail.com' ") or die(mysql_error());

?>

What I'm wanting to do is pass the $propertyid = "1";  threw my select value as you can see. so it passes variable so to speak.'



Code: [Select]
print "<td>Control:<form action=\"dashboard.php\" method=\"GET\" target=\"_self\">
        <select name=\"control\" onChange=\"this.form.submit()\">
        <option selected></option>
        <option>Take a Payment</option>
        <option>Print Ledger </option>
        <option>-----------------</option>
        <option value=\"comadd?propid=$propertyid\">Add Communication</option>
        <option>----------------</option>
        <option>Modify Property</option>
        <option>Remote Property</option>
        </select></td>";

Can I use a variable inside an sql query to determine which table to select from? The 2 functions below do exactly the same thing, they're just selecting data from different tables. I'm not sure how I can do it. Maybe put a parameter in the function & use sprinf?


// Output the page data
function showpages()
  {
   db_connect();
$query = ("SELECT * FROM pages");  // can I change pages to a variable somehow?
$result = mysql_query($query);
    $result = result_to_assoc($result);
    return $result;   
   }

// Echo the pricelist data into the pricelist form
function show_pricelist()
  {
db_connect();
$query = ("SELECT * FROM pricelist");  // Again, if pricelist can be a variable, then I need only 1 function
$result = mysql_query($query);
    $result = result_to_assoc($result);
    return $result;   
   }

Code: [Select]
$query  = "SELECT content FROM license WHERE serial  = '".$serial."'";

Say I have two variables like below. I basically want to select one of them, but through random choice. How do I do that?

$orange = 'Orange';
$apple = 'Apple';

 

Hi, my query doesn't work, I've got a date field in my MySql table, I want to get results of all employees that was added in a certain period.  My query doesn't work but as soon as I type in values in my query instead of variables it works, what am I doing wrong?

Code: [Select]
$date = date('Y/m');
$date1 = strtotime('-6 month');
$date2 = strtotime('-6 month');
echo date('Y', $date1);
echo date('m', $date2);
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("dbname", $con);
$sql = "SELECT * FROM detail WHERE year(engaged) > '$date1' and month(engaged) > '$date2'";
$result=mysql_query($sql);
echo mysql_num_rows($result);

I have a query that pulls 1 field with 20 rows of data.  I need to assign each row to a different variable so that I can then display them in different locations on a page.
I cannot make each row of data a different field because of other constraints.
My data is very well normalized.
I am using mysqli so something like the old mysql_result would be lovely!
How can this be done without hitting my database 20 times?
Thanks for the help.

Hi, Everyone! This my first time posting here. Anyways, I've been having problem getting the correct data from my database. I want to select the total_on/off_hours,exposure,plate_number, and terminal_status. But when I select the terminal_status, there are duplicates, I already used the DISTINCT function. It's a little hard to explain so, I'll just show you.   Here's a screen cap of my code trying to get just the terminal_status       What's the problem? What should I do? Any suggestions/help will be much appreciated.

i am unable to select total_comment from mysql table related to each post..   For detail information check http://stackoverflow...-query-in-mysql