[How to do Multiple Condition in SQL query using PHP and Ajax]

 

As long as you are going to treat all of the conditions as AND or OR conditions (which it correct based on your examples), it's simple.

 

All of the fields are going to be passed in the POST data, so you need to just ignore the ones that are blank. Then create conditions for the ones which are not blank and then concatenate them with AND conditions. This assumes that the "default" options for the select lists have an empty value.

 

Here is some sample code using just four fields as an example

 

//Preprocess the post data
$branch = isset($_POST['branch']) ? trim($_POST['branch']) : '';
$year = isset($_POST['year']) ? trim($_POST['year']) : '';
$course = isset($_POST['course']) ? trim($_POST['bcourse']) : '';
$class = isset($_POST['class']) ? trim($_POST['class']) : '';

//Determine WHERE conditions
$where = array();
if(!empty($branch))
{
    $where[] = "branch = '$branch'";
}
if(!empty($year))
{
    $where[] = "year = '$year'";
}
if(!empty($course))
{
    $where[] = "course = '$course'";
}
if(!empty($class))
{
    $where[] = "class = '$class'";
}

//Create query - concatenating all the WHERE clauses
$query = "SELECT *
          FROM table_name
          WHERE " . implode(' AND ', $where);

Can I make a function of this and call that function where I want search operation.

[How to do Multiple Condition in SQL query using PHP and Ajax]

Hello

 

I have databse in MySQL with 21 fields which are listed below

Field Name Data Type NULL

status text No

roll_no text No

branch_id int(5) No

student_name text No

father_name text No

phone1 text No

phone2 text No

email text No

dob date No

city text No

course_id varchar(5) No

class_id int(2) No

program text No

duration text No

comment text No

admission_year int(4) No

admission_date text No

entryby text No

address text No

admission_no int(4) No

fees int(6) No

 

Now I am stuck with search process, I bit confused, how can I perform search for different types of conditions/criteria

 

Few Examples of combinations of condtions

1. Only those records of city=3

2. Only those branch_id=2

3. Only those admission_year='2013'

4. Only those course_id='15'

5. Only those branch_id='2' AND  course_id='15'

6. Only those branch_id='2' AND  course_id='15' AND city LIKE 'XYZ'

7. Only those admission_year='2012' AND  course_id='10' AND duration BETWEEN(2 AND 3)

8. Only those branch_id=2 AND  course_id='15' AND student_name LIKE 'XYZ' 

8. Only those course_id=7 AND  class_id=2 AND father_name LIKE 'XYZ' 

 

My search.php form page is designed, I attached the image of form design here but I am confused how can I implement this search options for different situations.  Or can view the page here

 

Please give me some guidance and show me the correct way to solve this issue.

[Why I Am Not Able To Pass The Value Of Input Type File]

Error code 4 means that there was no file uploaded

 

A full list can be found at http://php.net/manua...load.errors.php

 

If you wish to change it simply do:

 

$code=$_POST['ICODE'];
$descp=$_POST['DESCR'];
$rate=$_POST['RATE'];
$image=$_FILES["IMAGE"]["name"];

if($_FILES["IMAGE"]["error"] > 0) {

// create a list of errors here
if($_FILES["IMAGE"]["error"] == "4") {
echo "Please select a file.";
}

} else {

echo "File Uploaded";
echo $image;

}

 

Great You are Genius

Thank you very much

[Why I Am Not Able To Pass The Value Of Input Type File]

_{You said that was the problem before *facepalm* Ok try this...}

 

$code=$_POST['ICODE'];
$descp=$_POST['DESCR'];
$rate=$_POST['RATE'];
$image=$_FILES["IMAGE"]["name"];

if($_FILES["IMAGE"]["error"] > 0) {

echo "Error: " . $_FILES["IMAGE"]["error"] . "<br />";

} else {

if(!isset($_FILES["IMAGE"]["name"]))
{
echo '<p>Please select a file</p>';
}
else
{
echo "File Uploaded";
echo $image;

}

_{Thank you for your co operation}

_{After using the code you gave If I select image it it shows "File Uploaded" with the name of the image file}

_{And if I don't select image file it show Error: 4}

_{Can't understand why 4? why not it shows "Please select a file"}

[Why I Am Not Able To Pass The Value Of Input Type File]

I just want to save the image of an item in mysql database

[Why I Am Not Able To Pass The Value Of Input Type File]

CAn I just check the this by this way

if(!isset($image))

 

As you suggested me to change

if(!isset($_FILES[$image]))

TO

if(!isset($_FILES["IMAGE"]))

 

now if submit the form without selecting any image file it is showing File Uploaded

[Why I Am Not Able To Pass The Value Of Input Type File]

You're recalling the $image variable inside the $_FILES. Change

if(!isset($_FILES[$image])) 

to

if(!isset($_FILES["IMAGE"]))

 

CAn I just check the this by this way

if(!isset($image))

[Why I Am Not Able To Pass The Value Of Input Type File]

Now it more problematic

If I don't select any image then also it is showing File Uploaded

 

YES

YES

ITS DONE Thank you Very much

NOTICE GONE BUT I am getting Please select a File message and The name of the File

Here is the modified code -

$code=$_POST['ICODE'];
$descp=$_POST['DESCR'];
$rate=$_POST['RATE'];
$image=$_FILES["IMAGE"]["name"];
if(!isset($_FILES[$image]))
{
echo '<p>Please select a file</p>';
echo $image;
}
else
{
echo "File Uploaded";
echo $image;
......

[Why I Am Not Able To Pass The Value Of Input Type File]

Change that to

$image = $_FILES["IMAGE"]["name"];

 

Now it more problematic

If I don't select any image then also it is showing File Uploaded

[Why I Am Not Able To Pass The Value Of Input Type File]

The name of the file itself example: name --> picture.jpg <-- name

 

Now I change my code to like this ->

if(!isset($_FILES["IMAGE"]))
{
echo '<p>Please select a file</p>';
echo $image;
}
else
{
echo "File Uploaded";

 

It is now working showing File Uploaded but notice is still coming

Notice: Undefined index: IMAGE in C:\xampp\htdocs\billing\prodinsert.php on line 11

[Why I Am Not Able To Pass The Value Of Input Type File]

You cant simply post an image. You use $_FILES["IMAGE"]["name"] You also do not want to upload files to a database. use a directory

 

Thank you for Guiding me What is the 2nd paprameter ["name"]

[Why I Am Not Able To Pass The Value Of Input Type File]

Hi

I just wan to to pass the value of Input Type File html tag to a 2nd PHP page where I will insert the image in mysql but I am always getting a notice and isset() is not getting the $_FILE('IMAGE').

Here is the notice - Notice: Undefined index: IMAGE in C:\xampp\htdocs\billing\prodinsert.php on line 11

This is my HTML TAGS -

<body>
<hr />
<form id="form1" name="form1" method="post" action="prodinsert.php" enctype="multipart/form-data">
<input name="ICODE" type="text" size="10" maxlength="6" />
<input name="DESCR" type="text" size="50" maxlength="45" />
<input name="RATE" type="text" size="10" maxlength="9" />
<input type="hidden" name="MAX_FILE_SIZE" value="10000000" />
<input name="IMAGE" type="file" />
</form>

And this is my PHP code-

<?php
$host="localhost";
$user="root";
$pass="";
$db="bill";
mysql_connect($host, $user, $pass) OR DIE (mysql_error());
mysql_select_db ($db) OR DIE ("Unable to select db".mysql_error());
$code=$_POST['ICODE'];
$descp=$_POST['DESCR'];
$rate=$_POST['RATE'];
$image=$_POST['IMAGE'];
if(!isset($_FILES[$image]))
{
echo '<p>Please select a file</p>';
echo $image;
}
else
{
echo "File Uploaded";
echo $image;
}

 

Where I am making mistake ??? Please guide me.

[Why Fetch_Assoc() Or Fetch_Row() Giving Error Always]

Thanx for guidence but I'm confused now how to fetch the value from array here I am modifying my code -

 

if($stmt = $mysqli -> prepare("SELECT * FROM $tbl_name1 WHERE confirm_code=?"))
{
$stmt -> bind_param("s", $passkey);
$stmt -> execute();
$stmt->store_result();
$count=$stmt->num_rows;
echo "\n".$count; // getting the value 1 which is correct
if($count==1)
{
$rows = $stmt->get_result();
$res=$rows->num_rows;
$rows->data_seek($res);
[b]// I am not getting link from here HOW CAN I get the value $rows->fetch_assoc());[/b]
$v_fname=$rows['temp_first_name'];
$v_lname=$rows['temp_last_name'];
$v_sex=$rows['temp_sex'];
$v_phone=$rows['temp_phone'];

[Why Fetch_Assoc() Or Fetch_Row() Giving Error Always]

@Barand

Yes I agree with you. Am I not implementing this function properly, I suppose I am doing some wrong pocedure to implemet it

[Why Fetch_Assoc() Or Fetch_Row() Giving Error Always]

Sorry Pikachu

 

Error is -

Fatal error: Call to undefined method mysqli_stmt::fetch_assoc() in /home/cbsecpsn/public_html/confirmation.php on line 38

[Why Fetch_Assoc() Or Fetch_Row() Giving Error Always]

Hi Every Body

I am facing problem in retreving the data from my mysql table I want to use prepared statement with mysqli for security reason. Here is my code Please give a guidance -

<?php
$host="localhost"; // Host name
$username="**********"; // Mysql username
$password="**********"; // Mysql password
$db_name="**********"; // Database name
$tbl_name1="**********"; // tem Table name
$tbl_name2="**********"; // registered user table
$mysqli = new mysqli($localhost, $username, $password, $db_name);
if ($mysqli->connect_errno)
{
echo "Connection Failed: " . mysqli_connect_errno();
   exit();
}
$count=null;
$passkey=$_GET['passkey'];
echo $passkey;  // exact passkey printed
if($stmt = $mysqli -> prepare("SELECT * FROM $tbl_name1 WHERE confirm_code=?"))
{
   $stmt -> bind_param("s", $passkey);
   $stmt -> execute();
   $stmt->store_result();
   $count=$stmt->num_rows;
   echo "\n".$count;   // getting the value 1 which is correct
   if($count==1)
   {
while($rows = $stmt->fetch_assoc())
{
  $v_fname=$rows['temp_first_name'];
  $v_lname=$rows['temp_last_name'];
  $v_sex=$rows['temp_sex'];
  $v_phone=$rows['temp_phone'];
  $v_city=$rows['temp_state'];
  $v_state=$rows['temp_city'];
  $v_pin=$rows['temp_pin'];
  $v_schoolname=$rows['temp_school_name'];
  $v_class=$rows['temp_class'];
  $v_subject=$rows['temp_computer_subject'];
  $v_board=$rows['temp_board'];
  $v_session=$rows['temp_session'];
  $v_email=$rows['temp_email'];
  $password=$rows['temp_password'];
  $v_salt=$rows['temp_salt'];
if (!($insert_stmt = $mysqli->prepare("INSERT INTO $tbl_name2 (first_name,last_name,sex,phone,state,city,pin,school_name,class,computer_subject,board,  session,email,password,salt) VALUES(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)")))
{
 echo "Prepare failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
if(!$insert_stmt->bind_param('sssiiisssssssss',$v_fname,$v_lname,$v_sex,$v_phone,$v_city,$v_state,$v_pin, $v_schoolname,$v_class,$v_subject,$v_board,$v_session,$v_email, $password,$v_salt))
{
 echo "Binding parameters failed: (" . $stmt->errno . ") " . $stmt->error;
}
if(!$insert_stmt->execute())
{
 echo "Execute failed: (" . $mysqli->errno . ") " . $mysqli->error;
}
else
{
 //echo "Data saved properly";
 $flag=1;
 if($flag==1)
 {
  echo "<body bgcolor='#FFFF99'>";
  echo "<p align='center'><font color='#008000' size='6' face='Verdana'>";
  echo "Congratulation...!! </font>";
  echo "</br>";
  echo "<font color='e80005' size='5'>Your account has been activated</font>";
  if ($stmt = $mysqli->prepare("DELETE FROM $tbl_name1 WHERE confirm_code = ? LIMIT 1"))
			 {
					 $stmt->bind_param("s",$passkey);	 
					 $stmt->execute();	 
			 }
 }
}
  }
  }
}
else
{
echo "Select Failed: (" . $mysqli->errno . ") " . $mysqli->error;
echo "<body bgcolor='#FFFF99'>";
   echo "<p align='center'><font color='#e80005' size='6' face='Verdana'>";
   echo "SORRY...! </font>";
   echo "</br>";
   echo "<font color='#e80005' size='5'>Your Confirmation code is not correct</font>";
}

 $stmt->close();

[Value Is Posted Definitly But Isset() Says No....]

Here in PHP Frreaks I saw in one thread you suggested to use library for this purpose like Ion auth is simple and secure. Can you suggest me more library which can give a strong security features.

[Value Is Posted Definitly But Isset() Says No....]

@Psycho

Thank you very much for this great information, unnecessarly I was banging my head on these code.

Can you please tell me from where I can get good security tutorial for php for the same purpose.

So, I can do same job in PHP

Regards

[Value Is Posted Definitly But Isset() Says No....]

If I delete the entire code from isset to the bottom and leave only this part in login.php file -

 
<?php
include 'dbconnection.php';
include 'functions.php';
sec_session_start();
echo var_dump($_POST);
print_r($_REQUEST);
?>

See the output

array(3) { ["logemail"]=> string(6) "ankush" ["logpass1"]=> string(0) "" ["p"]=> string(128) "704d3e76a26e1c6e99e8ca31237eb400cf2cb38b9712f22ee49ec4831bd974a37ef68fd3a8ee265b9a90cb2c07006c114db59fccd93cc0a36458f9d3f04773ea" } Array ( [logemail] => ankush [logpass1] => [p] => 704d3e76a26e1c6e99e8ca31237eb400cf2cb38b9712f22ee49ec4831bd974a37ef68fd3a8ee265b9a90cb2c07006c114db59fccd93cc0a36458f9d3f04773ea )

[Value Is Posted Definitly But Isset() Says No....]

Actually I got this code from http://www.wikihow.com/Create-a-Secure-Login-Script-in-PHP-and-MySQL

[Value Is Posted Definitly But Isset() Says No....]

Please check this code for formhash2() and formhash1() -

// Javascript Document csnip
function formhash2(form,password) {
 // Create a new element input, this will be out hashed password field.
  alert(form.id + " " + password.value);
  var p = document.createElement("input");
   // Add the new element to our form.

  p.name = "p";
  p.type = "hidden"
  p.value = hex_sha512(password.value);
  // Make sure the plaintext password doesn't get sent.
  password.value = "";
  // Finally submit the form.
  form.appendChild(p);
  form.submit();
}
function formhash1(form,password) {
alert(form.id + " " + password.value);
 // Create a new element input, this will be out hashed password field.
 var pl = document.createElement("input");
 // Add the new element to our form.

  pl.name = "pl";
  pl.type = "hidden"
  pl.value = hex_sha512(password.value);
  // Make sure the plaintext password doesn't get sent.
  password.value = "";
  // Finally submit the form.
  form.appendChild(pl);
  form.submit();
}

[Value Is Posted Definitly But Isset() Says No....]

Dear Maniac Dan.

First of all thank you for considering my problem.

I have 2 forms on my index.php here it is

<FORM ID="Login" ACTION="login.php" METHOD="POST">
<h1>welcome to the login page</h1>
please input the login details to create an account here<br />
<table border="2">
<tr>
<td>email :</td><td><input id="logemail" name="logemail" type="text" size"30"></input></td>
</tr>
<tr>
<td>password :</td><td><input id="logpass1" name="logpass1" type="password" size"20"></input></td>
</tr>
</table>
<input type="button" value="Login" onclick="formhash2(this.form,this.form.logpass1);">
</FORM>
<FORM ID="Register" ACTION="register.php" METHOD="POST">
<h1>welcome to the registration page</h1>
please input the registration details to create an account here<br />
<table border="2">
<tr>
<td>email :</td><td><input name="regemail" type="text" size"30"></input></td>
</tr>
<tr>
<td>password :</td><td><input id="regpass1" name="regpass1" type="password" size"20"></input></td>
</tr>
</table>
<input type="button" value="Register" onclick="formhash1(this.form,this.form.regpass1);">
</FORM>

1. As you can see in the code Second form also have same code with minor changes like the name of function in onclick() when this is working perfectly Why not 1st form is working.

2. But interesting part of the code is if I remove the comment from these

// $email = $_POST['logemail'];

// $password = $_POST['p'];

// echo $password;

// echo $email;

 

and rest of the code I commented then I get waht I expect from POST.

Now can you explain this...

[Value Is Posted Definitly But Isset() Says No....]

Hi All

See the code give given below. I was fighting with this code since last 5 hours to know why isset() is eveluating the condition as false if value is posted exactly what it shall POST.

If I uncomment the line no. - 4,5,6,7,8 and put rest of the code from line no. 10 to 28 I can see the POSTED value .

Can Anyone help in this by any guidance or suggestion. I will be thankful.

<?php
   include 'dbconnection.php';
   include 'functions.php';
   //sec_session_start();
 //  $email = $_POST['logemail'];
 //  $password = $_POST['p'];
   // echo $password;
   // echo $email;
 // Our custom secure way of starting a php session.

   if(isset($_POST['logemail'], $_POST['p'])) {
   $email = $_POST['logemail'];
   $password = $_POST['p']; // The hashed password.
   if(login($email, $password, $mysqli) === true) {
	  // Login success
	  //$url = 'mwq';
    //echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
 echo $password;
 echo $email;

   } else {
	  // Login failed
	  header('Location: login.php?error=1');
   }
   } else {
   // The correct POST variables were not sent to this page.
   echo 'Invalid Request Data Not POSTED';
   }

[Return back on same page after valid user login]

Registration not required I just want to show the stuff for clear picture.

 

[Return back on same page after valid user login]

 

Thank you for your consideration PFMaBiSmAd but I already integrated login code on every page.

 

If possible you can take look in my site www.cbsecsnip.in

 

Home Page - > Computer Science -> XI - > Solved Materials (click this, required valid login)

 

Now if user enter valid login from on home page he should see the page which is blocked (Solved Material)