Jump to content

How can I fix this code/


JpGemo

Recommended Posts

<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//processing

$table = $_POST['selform'];

$result = mysqli_query($con,'SELECT * FROM '.$table.'');

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

 

?>

 

I have changed "$result = mysqli_query($con,'SELECT * FROM '.$table.'');"

to "$result = mysqli_query($con,'SELECT * FROM body');

 

(body) is the value of the post, and the script runs correctly using the work, but how can I get the value of $table to work in the script, I have also tried using $_POST['selform'] instead of $table, however that didn't work either??

 

Any suggestions would be great, thank you

Link to post
Share on other sites

You are close. It should be like

$result = mysqli_query($con,'SELECT * FROM '.$table);

But. You need to be careful how you use $table in the query. You could open yourself upto SQL Injection if you do not santize/validate it correctly.  

 

I have to question why is the table name being submitted by a form?

Link to post
Share on other sites

im just teaching myself PHP atm, so im testing possible methods of creating an administration panel for my websites

 

That change still presented with the same error i've been getting

 

mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in <b>/misc/29/516/897/696/user/web/gemoweb.com/BYO/formprocessing.php

 

I only get this error while using a key in the query instead of typing the actual word

Link to post
Share on other sites

You need to sanitize $table (as previously discussed):

$table = mysqli_real_escape_string($con,$_POST['selform']);

The error is telling you that the query is failing. Perhaps $table doesn't have the value you expect. Try this:

$sql = 'SELECT * FROM '.$table ;
echo $sql.'<br>';
$result = mysqli_query($con,$sql);

Link to post
Share on other sites

Ok, I so im getting the error on the;

 

while ($row = mysqli_fetch_array($result))
echo $row['value1'];
echo $row['value2'];
 
The echo $sql has brought the body value forward which is what I was after, so something is going wrong in this part of the code
Link to post
Share on other sites

Escaping doesn't work like this. The mysqli_real_escape_string() function only works for quoted values. It does not work for identifiers or unquoted values. In that case, it simply doesn't have any effect at all.

Link to post
Share on other sites

atm, sanitizing the script isn't the issue for me, its getting the script to generate the result. 

 

This part of the script generates the result I need;

 

$sql = 'SELECT * FROM '.$table ;
echo $sql.'<br>';
$result = mysqli_query($con,$sql);

 

however, it is coming up with an error while bringing the result from that script to displaying the result, is there an alternative to the following script

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];
echo $row['value2'];
Link to post
Share on other sites

Have you tried mysqli_error() function?

 

Try,

$sql = 'SELECT * FROM '.$table ;

$result = mysqli_query($con,$sql);

if(!$result) echo("Error result: " . mysqli_error($con)); exit;

// continue...
Link to post
Share on other sites

I dont share information regarding the connection to my server. the error appears as

 

Error result: Table 'Databasename.head' doesn't exist

 

This is how the code looks now,

 

<?php 

//connect
include 'connect.php';
//head
include 'head.php';
//processing
$table = $_POST["selform"];
$result = mysqli_query($con,"SELECT * FROM `$table`");
 
if(!$result) echo("Error result: " . mysqli_error($con)); exit;
 
while ($row = mysqli_fetch_array($result))
echo $row['value1'];
echo $row['value2'];
?>
 
The original suggested change to my result script had no change to the error result, until I changed my result script back and added the last change to $table, making it `$table`
Link to post
Share on other sites

I am aware of that, the connection works fine, if you read the whole script and the results I have posted, I have received values returned from the scripts which require the connection to the database to be working. So it is not a connection to the database thats the issue

Link to post
Share on other sites

 

So it is not a connection to the database thats the issue

 

No, there is no another reason! There is no table name (head) in database, named ( Databasename )

 

Are you using some GUI visual tool for database administration like mysql workbech, phpmyadmin, etc... ?

 

PS: Do var_dump before to send the query:

$table = $_POST["selform"];

$sql = 'SELECT * FROM '.$table ;

var_dumt($sql); 

$result = mysqli_query($con,$sql);

if(!$result) echo("Error result: " . mysqli_error($con)); exit;
Link to post
Share on other sites

The connection is fine, I am getting the (head) value from the database, and submitting it to this script, unfortunately the script isn't echoing the values within the table, because it is adding the database name to the table name, so it is searching for the wrong table

Link to post
Share on other sites

Please when you do

var_dump($sql);

as suggested, show us what you get.

 

I am wondering if you are putting the correct value into the form that creates $_POST. Try using backticks in the form

 

so $_POST['selform'] will contain

 `databasename`.`head`
Link to post
Share on other sites

You do understand the different between database and table right?

 

databases contains tables. The error is saying it cannot find the the table named head in the database named Databasename

 

There is nothing wrong with he code. The problem is you have supplied PHP with the wrong database and/or table name(s).

Link to post
Share on other sites

Ok, look ill explain it in more detail.

 

I have 1 page, that has a form, that form allows you to pick an option from a drop down menu, the drop down menu is a list of the TABLE names, so when you hit SUBMIT, it is submitting a table name that is retrieved from the database. In the error report, the word (Head) was pulled from the database to be submitted. So the script is connecting to the database and retrieving the table name, but when I hit submit, the table name it is searching for is Databasename.Tablename, which in the error report looks like ****.head (btw, the report is displaying the ACTUAL database name, not **** , I just don't share information regarding my database connection) 

Link to post
Share on other sites

 

 

but when I hit submit, the table name it is searching for is Databasename.Tablename

That is valid SQL syntax. There is nothing wrong with that. MySQL has reported the database and table name like that to prevent obfuscation in the error message.

 

The error message is correct in that the table named head does not exist in the database you have connected mysql to.

Link to post
Share on other sites

the error message contains the database name and the table name to give you as much information about the problem as possible. that the database name is part of the error message is not the problem. the problem is you are supplying a table name that either doesn't exist or has some white-space as part of it or has a capitalization problem (and you are on an operating system that is case-sensitive.)

 

that you are not posting actual information makes it hard to help you, especially since you don't understand the information you are seeing in front of you.

 

i recommend that you post the code producing your form, since you likely have a problem in the code that's providing the value that's being submitted.

Link to post
Share on other sites
This is the form, that is posting the value (head) as you can see, the value (head) is being retrieved from the database and then posted to the processing script

 

<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//list table process

$form = $_POST['selform'];

$sql = "SHOW TABLES FROM $db_name";

$result = mysqli_query($con,$sql);

//formtable

echo '<form id="form1" name="form1" method="post" action="/BYO/formprocessing.php">

<table>

<tr>

<td><select name = "selform" id = "selform">';

//list tables

while ($row = mysqli_fetch_array($result)) 

{

echo '("<option value="';

echo ($row[0]),'</br>';

echo '</br>">';

echo ($row[0]),'</br>';

echo '</option>")';

}

//formtable 2

    echo '</select>';

echo '</td>

</tr>

<tr>

<td><input type="submit" name="Submit" value="Register"/> </td>

</tr>

</table>';

?>

 

This next script should then take the value submitted from the form, in this case (Head) then use it to display ALL the information that is contained inside that table

 


<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//processing

$table = $_POST["selform"];

$result = mysqli_query($con,"SELECT * FROM `$table`");

 

if(!$result) echo("Error result: " . mysqli_error($con)); exit;

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

?>

Link to post
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.