Jump to content

[SOLVED] i have a table in php and i want to highligh every other row


jeger003

Recommended Posts

hello everyone!

 

i have a classified site and i display a table in php with all my users ads.....i want to highlight every other row so that i can be able to read it quicker.

 

also this will be a public table i would appreciate it if you can tell me if you see any security risks....i recieve ALOT of hackers who enter mysql injections.

 

 

here is my code:


$sql_query = "SELECT id FROM sessions WHERE session = \"".$_COOKIE["session"]."\"";

$results = mysql_query($sql_query) or die(mysql_error());

while($user_id = mysql_fetch_array($results))

$query = 'SELECT title,price,date,id,duration FROM classifieds WHERE seller = '.$user_id['id'].' ';

$result2 = mysql_query($query) or die(mysql_error());

echo "<table border='0' cellpadding='2' bordercolor='#009900'>";

echo "<tr>";

echo "<td align='center' bgcolor='#009900'><b><font color='#FFFFFF' size='2'>ID</font></b></td>";

echo "<td bgcolor='#009900'><b><font color='#FFFFFF' size='2'>Date</font></b></td>";

echo "<td align='center' bgcolor='#009900'><b><font color='#FFFFFF' size='2'>Title</font></b></td>";

echo "<td align='center' bgcolor='#009900'><b><font color='#FFFFFF' size='2'>Price</font></b></td>";

echo "<td align='center' bgcolor='#009900'><b><font color='#FFFFFF' size='2'>Duration</font></b></td>";
echo "</tr>";

while($LogF = mysql_fetch_array($result2))
{
   echo "<tr>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".$LogF['id']."</font></td>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".$LogF['date']."</font></td>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".urldecode($LogF['title'])."</font></td>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".$LogF['price']."</font></td>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".$LogF['duration']."</font></td>";
   echo "</tr>";
}
echo "</table>";

 

 

Link to comment
Share on other sites

I haven't tested this but it might work:

 

$count = 1
while($LogF = mysql_fetch_array($result2))
{
   if($count == 1)
{
   echo "<tr>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".$LogF['id']."</font></td>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".$LogF['date']."</font></td>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".urldecode($LogF['title'])."</font></td>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".$LogF['price']."</font></td>";
   echo "<td bgcolor='#94FF79' > <font size='2'>".$LogF['duration']."</font></td>";
   echo "</tr>";
}
elseif($count == 2)
{
echo "<tr>";
   echo "<td bgcolor='#000000' > <font size='2'>".$LogF['id']."</font></td>";
   echo "<td bgcolor='#000000' > <font size='2'>".$LogF['date']."</font></td>";
   echo "<td bgcolor='#000000' > <font size='2'>".urldecode($LogF['title'])."</font></td>";
   echo "<td bgcolor='#000000 > <font size='2'>".$LogF['price']."</font></td>";
   echo "<td bgcolor='#000000' > <font size='2'>".$LogF['duration']."</font></td>";
   echo "</tr>";
$count = 1
}
$count++
}

 

Please let me know if that works I am kinda curious myself lol.

Link to comment
Share on other sites

I'm just following ngreenwood6 today :P

 

Just optimizing the code above, same principles.

<?php
$color = '#000000'; // define color first 
while($LogF = mysql_fetch_array($result2))
{
   echo "<tr>";
   echo "<td bgcolor='$color' > <font size='2'>".$LogF['id']."</font></td>";
   echo "<td bgcolor='$color' > <font size='2'>".$LogF['date']."</font></td>";
   echo "<td bgcolor='$color' > <font size='2'>".urldecode($LogF['title'])."</font></td>";
   echo "<td bgcolor='$color' > <font size='2'>".$LogF['price']."</font></td>";
   echo "<td bgcolor='$color' > <font size='2'>".$LogF['duration']."</font></td>";
   echo "</tr>";
   // Of course you could shorthand the following:
   // Or even put it in array to get multiple colors.
   if($color == '#000000') {
       $color = '#94FF79';
   } else {
       $color = '#000000';
   }
}
?>

 

 

Edit: forgot to define color before the loop ;)  Also, ngreenwood - on "$count = 1" you're missing a semicolon, but otherwise it would work

 

Link to comment
Share on other sites

@the OP

 

Color alternations, their examples work, and you could shorten the if statement to a one liner

$color = ($color == '#000000') ? '#94FF79' : '#000000';

 

Regarding security:  Where do you verify the value of $_COOKIE['session'] ?  Cookies can be modified/faked/etc...

 

Also these lines:

$sql_query = "SELECT id FROM sessions WHERE session = \"".$_COOKIE["session"]."\"";

$results = mysql_query($sql_query) or die(mysql_error());

while($user_id = mysql_fetch_array($results))

$query = 'SELECT title,price,date,id,duration FROM classifieds WHERE seller = '.$user_id['id'].' ';

$result2 = mysql_query($query) or die(mysql_error());

Seem off to me.. It seems like it's only returning one result set.. so I don't think you need a while loop. 

$user_id = mysql_fetch_array($results);

^-- could change to that if I'm understanding it right.

 

Other than that, not much to look at because you only have one point of entry displayed.

Link to comment
Share on other sites

hey everyone Thanks SOOO MUCH FOR THE HELP!!!

 

im sorry im just coming back from school

 

 

this code below by kingphilip worked best very well done

I'm just following ngreenwood6 today :P

 

Just optimizing the code above, same principles.

<?php
$color = '#000000'; // define color first 
while($LogF = mysql_fetch_array($result2))
{
   echo "<tr>";
   echo "<td bgcolor='$color' > <font size='2'>".$LogF['id']."</font></td>";
   echo "<td bgcolor='$color' > <font size='2'>".$LogF['date']."</font></td>";
   echo "<td bgcolor='$color' > <font size='2'>".urldecode($LogF['title'])."</font></td>";
   echo "<td bgcolor='$color' > <font size='2'>".$LogF['price']."</font></td>";
   echo "<td bgcolor='$color' > <font size='2'>".$LogF['duration']."</font></td>";
   echo "</tr>";
   // Of course you could shorthand the following:
   // Or even put it in array to get multiple colors.
   if($color == '#000000') {
       $color = '#94FF79';
   } else {
       $color = '#000000';
   }
}
?>

 

 

Edit: forgot to define color before the loop ;)  Also, ngreenwood - on "$count = 1" you're missing a semicolon, but otherwise it would work

 

@ngreenwood6

yours worked great as well but i was only coloring the first row and the rest were black im not sure why.

 

 

@xtopolis

i think i may be having a security risk cause the cookies are being verify right off of the users computer and matched with my sessions table........thats how i'm able to display specific ads to the specific user.....so once a session is created in the sessions table it uses the user_id.

should i be worried about that?

 

and thanks for the fix up on the WHILE im not sure why i did it like that.

 

THANKS AGAIN GUYS

 

 

 

 

 

Link to comment
Share on other sites

This code is a little more efficient/flexible IMHO - and uses only one query and protects against SQL injection. I would highly suggest you use styles within your HTML. The FONT tag has been depricated since HTML 4.01 in 1999! Plus, you can use style classes that allow you to change the style for every cell with a single modification insterad of modifying each individual cell declaration in the HTML

 

//Get the user records
$query = "SELECT id, date, title, price, duration
          FROM classifieds
            JOIN sessions
              ON classifieds.seller = sessions.id
          WHERE sessions.session = '" . mysql_real_escape_string($_COOKIE['session']) . "'";

$result = mysql_query($query) or die(mysql_error());

if (!mysql_num_rows($result))
{
    echo "There were no results";
}
else
{
    //Create table header
    echo "<table style=\"font-size:10pt;" border=\"0\" cellpadding=\"2\">\n";
    echo "<tr style=\"background-color:#009900;text-align:center;color:#FFFFFF;font-weight:bold;\">\n";
    echo "<th>ID</th>\n";
    echo "<th>Date</th>\n";
    echo "<th>Title</th>\n\n";
    echo "<th>Price</th>";
    echo "<th>Duration</th>\n";
    echo "</tr>\n";

    //Display records
    while($LogF = mysql_fetch_array($result2))
    {
        $bgcolor = ($bgcolor!='#94FF79') ? '#94FF79' : '#000000';
        echo "<tr>";
        foreach ($LogF as $field => $value)
        {
            echo "<td style=\"background-color:{#94FF79};\"> ";
            echo ($field!='title') ? $value : urldecode($value);
            echo "</td>\n";
        }
    }
    echo "</table>";
}

Link to comment
Share on other sites

Are you using custom session handling or are you just doing something involving cookies to track a user in a db on top of normal sessions?  I ask because your cookie is name "session" rather than "PHPSESSID"?

 

well im just using cookies as a way to find the user ID of the person that just logged in. This way Im able to display there specific ad. My site is a script and its very complicated how they designed it but i found the cookies to be the only way to get a users id. because as soon as they log in a session is created in the sessions Table and after an hour or so it's deleted.

 

yes I am using cookies to track a user in a db on top of normal sessions and the code you guys helped me put together i used that and put it into a module that the site allows me to create.The i can take that module and put it where ever i want to and it displays the users ads.

 

i dont really know any other way to do it.

 

How can I use "PHPSESSID" or do you know another way that i can do it?

 

 

@mjdamato

 

your code looks awesome never seen it done like this. i havent had the chance to put it to the test yet cause I'm at work but I cant wait to.

 

 

You guys are absolutely wonderful!

Thanks!

 

 

 

Link to comment
Share on other sites

Don't trust the cookie.  If they login, they should have their userid stored in their session variables, or at least a way to access it.  (be it lookup of username or w.e) but you should always base it on the server's knowledge, not the clients - clients can never be trusted.

 

PHPSESSID is the default name of a cookie created by PHP when a user starts a session (session_start)  You can change the name etc, but since you don't know what i meant, it probably is still the default.

 

All I'm saying is that you should get the userid based on their login credentials, not a value supplied by them that you "assume" is what you had it at last time.  You can still do all your database tracking etc.  However, if a new cookie is created upon every logon then it's not as big of a deal, but still bad practice [trusting the client].

Link to comment
Share on other sites

Don't trust the cookie.  If they login, they should have their userid stored in their session variables, or at least a way to access it.  (be it lookup of username or w.e) but you should always base it on the server's knowledge, not the clients - clients can never be trusted.

 

PHPSESSID is the default name of a cookie created by PHP when a user starts a session (session_start)  You can change the name etc, but since you don't know what i meant, it probably is still the default.

 

All I'm saying is that you should get the userid based on their login credentials, not a value supplied by them that you "assume" is what you had it at last time.  You can still do all your database tracking etc.  However, if a new cookie is created upon every logon then it's not as big of a deal, but still bad practice [trusting the client].

 

yea, i never knew what PHPSESSID really was. i will have to look into that cause my sites security is kind of all over the place.

 

i know what you mean about cookies and how they have been used to hack or get users info.

 

thank you for the help!!

 

 

Link to comment
Share on other sites

hey guys i was about to mark this topic solved.....but i have one last small thing i'd like to add.......

 

i went through mjdamato code but i couldnt get it to work.........but how do i make it so that if there is nothing to display it displays a message like "no ads available" like mjdamato has it......i would appreciate this last thing

 

 

thanks guys

 

Link to comment
Share on other sites

You could simply use the same kind of logic I used - check if there are any records in the result. If so, show the results. If not, show an appropriate message.

 

When you say you couldn't get the code to work, what does that mean? Were there errors? If so, what?

I don't have your database to test with so the code was just written "off the cuff" and I didn't even test it for syntax errors. Any code I provide is typically as a guide for the person to build on. Which is why my sig states "I do not always test the code I provide, so there may be some syntax errors.".

 

If you want to provide some specifics I'll be happy to help troubleshoot.

Link to comment
Share on other sites

You could simply use the same kind of logic I used - check if there are any records in the result. If so, show the results. If not, show an appropriate message.

 

When you say you couldn't get the code to work, what does that mean? Were there errors? If so, what?

I don't have your database to test with so the code was just written "off the cuff" and I didn't even test it for syntax errors. Any code I provide is typically as a guide for the person to build on. Which is why my sig states "I do not always test the code I provide, so there may be some syntax errors.".

 

If you want to provide some specifics I'll be happy to help troubleshoot.

 

I apologize if i offended you in anyway.....i had no intentions.....the error i recieve is

 

Fatal error: Call to a member function FetchRow() on a non-object

 

im not sure why cause i checked and double checked everything.

 

 

Link to comment
Share on other sites

No offense taken.

 

OK, I see the error. I changed some of the variable names for "consistency". For example, if you are doing two queries and you have completely consumed the results of the first query before running the second query I reuse the variable for the query results. I can't confirm this, but it would seem logical that this would be more efficient from a memory perspective. If the first set of results are in one variable and you create a second variable for the second reslut - all of that data is in memory. By reusing the variable the first set of data is removed from memory and replaced by the second set.

 

Plus, if I do use mutiple variables for queries or query results I would to give them descriptive names instead of $results1, $results, etc. There's nothing wrong with using those - it's a preference thing. But, it does make it easier if you have to go back to code at a later time.

 

Anyway, just change this

    //Display records
    while($LogF = mysql_fetch_array($result2))

 

To this

    //Display records
    while($LogF = mysql_fetch_array($result))

Link to comment
Share on other sites

Oh, I just came across this (alternate rows) topic yesterday. This should work:

 

for ($i=0; $i<10; $i++) {
echo (($i % 2 == 0) ? 'even' : 'odd');
}

 

...because dividing by 2 will have a remainder of only 0 or 1.

 

How is that more efficient than this

$bgcolor = ($bgcolor!='#94FF79') ? '#94FF79' : '#000000';

 

The code you posted requires the script to maintain a counter variable and perform a division on each loop. And, then you could determine the value for the background color. The code I posted only has to do a single comparison to determine the color.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.