How can I fix this code/

[JpGemo]

<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//processing

$table = $_POST['selform'];

$result = mysqli_query($con,'SELECT * FROM '.$table.'');

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

 

?>

 

I have changed "$result = mysqli_query($con,'SELECT * FROM '.$table.'');"

to "$result = mysqli_query($con,'SELECT * FROM body');

 

(body) is the value of the post, and the script runs correctly using the work, but how can I get the value of $table to work in the script, I have also tried using $_POST['selform'] instead of $table, however that didn't work either??

 

Any suggestions would be great, thank you

[Ch0cu3r]

You are close. It should be like

$result = mysqli_query($con,'SELECT * FROM '.$table);

But. You need to be careful how you use $table in the query. You could open yourself upto SQL Injection if you do not santize/validate it correctly.  

 

I have to question why is the table name being submitted by a form?

[JpGemo]

im just teaching myself PHP atm, so im testing possible methods of creating an administration panel for my websites

 

That change still presented with the same error i've been getting

 

mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in <b>/misc/29/516/897/696/user/web/gemoweb.com/BYO/formprocessing.php

 

I only get this error while using a key in the query instead of typing the actual word

Edited September 6, 2014 by JpGemo

[davidannis]

You need to sanitize $table (as previously discussed):

$table = mysqli_real_escape_string($con,$_POST['selform']);

The error is telling you that the query is failing. Perhaps $table doesn't have the value you expect. Try this:

$sql = 'SELECT * FROM '.$table ;
echo $sql.'<br>';
$result = mysqli_query($con,$sql);

[JpGemo]

Ok, I so im getting the error on the;

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

 

The echo $sql has brought the body value forward which is what I was after, so something is going wrong in this part of the code

[Jacques1]

Escaping doesn't work like this. The mysqli_real_escape_string() function only works for quoted values. It does not work for identifiers or unquoted values. In that case, it simply doesn't have any effect at all.

[JpGemo]

atm, sanitizing the script isn't the issue for me, its getting the script to generate the result. 

 

This part of the script generates the result I need;

 

$sql = 'SELECT * FROM '.$table ;
echo $sql.'<br>';
$result = mysqli_query($con,$sql);

 

however, it is coming up with an error while bringing the result from that script to displaying the result, is there an alternative to the following script

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

[jazzman1]

Have you tried mysqli_error() function?

 

Try,

$sql = 'SELECT * FROM '.$table ;

$result = mysqli_query($con,$sql);

if(!$result) echo("Error result: " . mysqli_error($con)); exit;

// continue...

[JpGemo]

Error result: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

 

This is the error brought forward

[jazzman1]

Try,

$sql = "SELECT * FROM `$table`";

[JpGemo]

Ok, that has gotten alot closer, however it's now coming up with an error, where it is bringing forward the Database name also. searching for a table named, "DatabaseName.TableName"

[jazzman1]

what's your database name?

[JpGemo]

I dont share information regarding the connection to my server. the error appears as

 

Error result: Table 'Databasename.head' doesn't exist

 

This is how the code looks now,

 

<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//processing

$table = $_POST["selform"];

$result = mysqli_query($con,"SELECT * FROM `$table`");

 

if(!$result) echo("Error result: " . mysqli_error($con)); exit;

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

?>

 

The original suggested change to my result script had no change to the error result, until I changed my result script back and added the last change to $table, making it `$table`

[jazzman1]

make sure your database credentials point to correct database. the error message is self-explanatory. 

[JpGemo]

I am aware of that, the connection works fine, if you read the whole script and the results I have posted, I have received values returned from the scripts which require the connection to the database to be working. So it is not a connection to the database thats the issue

[jazzman1]

 

So it is not a connection to the database thats the issue

 

No, there is no another reason! There is no table name (head) in database, named ( Databasename )

 

Are you using some GUI visual tool for database administration like mysql workbech, phpmyadmin, etc... ?

 

PS: Do var_dump before to send the query:

$table = $_POST["selform"];

$sql = 'SELECT * FROM '.$table ;

var_dumt($sql); 

$result = mysqli_query($con,$sql);

if(!$result) echo("Error result: " . mysqli_error($con)); exit;

Edited September 6, 2014 by jazzman1

[JpGemo]

The connection is fine, I am getting the (head) value from the database, and submitting it to this script, unfortunately the script isn't echoing the values within the table, because it is adding the database name to the table name, so it is searching for the wrong table

[davidannis]

Please when you do

var_dump($sql);

as suggested, show us what you get.

 

I am wondering if you are putting the correct value into the form that creates $_POST. Try using backticks in the form

 

so $_POST['selform'] will contain

 `databasename`.`head`

[Ch0cu3r]

You do understand the different between database and table right?

 

databases contains tables. The error is saying it cannot find the the table named head in the database named Databasename

 

There is nothing wrong with he code. The problem is you have supplied PHP with the wrong database and/or table name(s).

Edited September 6, 2014 by Ch0cu3r

[davidannis]

If your database name has a space in it you need backticks around it.

[JpGemo]

Ok, look ill explain it in more detail.

 

I have 1 page, that has a form, that form allows you to pick an option from a drop down menu, the drop down menu is a list of the TABLE names, so when you hit SUBMIT, it is submitting a table name that is retrieved from the database. In the error report, the word (Head) was pulled from the database to be submitted. So the script is connecting to the database and retrieving the table name, but when I hit submit, the table name it is searching for is Databasename.Tablename, which in the error report looks like ****.head (btw, the report is displaying the ACTUAL database name, not **** , I just don't share information regarding my database connection) 

[Ch0cu3r]

 

 

but when I hit submit, the table name it is searching for is Databasename.Tablename

That is valid SQL syntax. There is nothing wrong with that. MySQL has reported the database and table name like that to prevent obfuscation in the error message.

 

The error message is correct in that the table named head does not exist in the database you have connected mysql to.

[JpGemo]

if it didnt exist, then it couldn't be submitted, the table name head is being pulled from the database

[mac_gyver]

the error message contains the database name and the table name to give you as much information about the problem as possible. that the database name is part of the error message is not the problem. the problem is you are supplying a table name that either doesn't exist or has some white-space as part of it or has a capitalization problem (and you are on an operating system that is case-sensitive.)

 

that you are not posting actual information makes it hard to help you, especially since you don't understand the information you are seeing in front of you.

 

i recommend that you post the code producing your form, since you likely have a problem in the code that's providing the value that's being submitted.

[JpGemo]

This is the form, that is posting the value (head) as you can see, the value (head) is being retrieved from the database and then posted to the processing script

 

<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//list table process

$form = $_POST['selform'];

$sql = "SHOW TABLES FROM $db_name";

$result = mysqli_query($con,$sql);

//formtable

echo '<form id="form1" name="form1" method="post" action="/BYO/formprocessing.php">

<table>

<tr>

<td><select name = "selform" id = "selform">';

//list tables

while ($row = mysqli_fetch_array($result)) 

{

echo '("<option value="';

echo ($row[0]),'</br>';

echo '</br>">';

echo ($row[0]),'</br>';

echo '</option>")';

}

//formtable 2

    echo '</select>';

echo '</td>

</tr>

<tr>

<td><input type="submit" name="Submit" value="Register"/> </td>

</tr>

</table>';

?>

 

This next script should then take the value submitted from the form, in this case (Head) then use it to display ALL the information that is contained inside that table

 

<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//processing

$table = $_POST["selform"];

$result = mysqli_query($con,"SELECT * FROM `$table`");

 

if(!$result) echo("Error result: " . mysqli_error($con)); exit;

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

?>

Edited September 6, 2014 by JpGemo