Jump to content

How can I fix this code/


Go to solution Solved by JpGemo,

Recommended Posts

<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//processing

$table = $_POST['selform'];

$result = mysqli_query($con,'SELECT * FROM '.$table.'');

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

 

?>

 

I have changed "$result = mysqli_query($con,'SELECT * FROM '.$table.'');"

to "$result = mysqli_query($con,'SELECT * FROM body');

 

(body) is the value of the post, and the script runs correctly using the work, but how can I get the value of $table to work in the script, I have also tried using $_POST['selform'] instead of $table, however that didn't work either??

 

Any suggestions would be great, thank you

Link to comment
https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/
Share on other sites

You are close. It should be like

$result = mysqli_query($con,'SELECT * FROM '.$table);

But. You need to be careful how you use $table in the query. You could open yourself upto SQL Injection if you do not santize/validate it correctly.  

 

I have to question why is the table name being submitted by a form?

im just teaching myself PHP atm, so im testing possible methods of creating an administration panel for my websites

 

That change still presented with the same error i've been getting

 

mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in <b>/misc/29/516/897/696/user/web/gemoweb.com/BYO/formprocessing.php

 

I only get this error while using a key in the query instead of typing the actual word

Edited by JpGemo

You need to sanitize $table (as previously discussed):

$table = mysqli_real_escape_string($con,$_POST['selform']);

The error is telling you that the query is failing. Perhaps $table doesn't have the value you expect. Try this:

$sql = 'SELECT * FROM '.$table ;
echo $sql.'<br>';
$result = mysqli_query($con,$sql);

Ok, I so im getting the error on the;

 

while ($row = mysqli_fetch_array($result))
echo $row['value1'];
echo $row['value2'];
 
The echo $sql has brought the body value forward which is what I was after, so something is going wrong in this part of the code

atm, sanitizing the script isn't the issue for me, its getting the script to generate the result. 

 

This part of the script generates the result I need;

 

$sql = 'SELECT * FROM '.$table ;
echo $sql.'<br>';
$result = mysqli_query($con,$sql);

 

however, it is coming up with an error while bringing the result from that script to displaying the result, is there an alternative to the following script

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];
echo $row['value2'];

I dont share information regarding the connection to my server. the error appears as

 

Error result: Table 'Databasename.head' doesn't exist

 

This is how the code looks now,

 

<?php 

//connect
include 'connect.php';
//head
include 'head.php';
//processing
$table = $_POST["selform"];
$result = mysqli_query($con,"SELECT * FROM `$table`");
 
if(!$result) echo("Error result: " . mysqli_error($con)); exit;
 
while ($row = mysqli_fetch_array($result))
echo $row['value1'];
echo $row['value2'];
?>
 
The original suggested change to my result script had no change to the error result, until I changed my result script back and added the last change to $table, making it `$table`

I am aware of that, the connection works fine, if you read the whole script and the results I have posted, I have received values returned from the scripts which require the connection to the database to be working. So it is not a connection to the database thats the issue

 

So it is not a connection to the database thats the issue

 

No, there is no another reason! There is no table name (head) in database, named ( Databasename )

 

Are you using some GUI visual tool for database administration like mysql workbech, phpmyadmin, etc... ?

 

PS: Do var_dump before to send the query:

$table = $_POST["selform"];

$sql = 'SELECT * FROM '.$table ;

var_dumt($sql); 

$result = mysqli_query($con,$sql);

if(!$result) echo("Error result: " . mysqli_error($con)); exit;
Edited by jazzman1

The connection is fine, I am getting the (head) value from the database, and submitting it to this script, unfortunately the script isn't echoing the values within the table, because it is adding the database name to the table name, so it is searching for the wrong table

Please when you do

var_dump($sql);

as suggested, show us what you get.

 

I am wondering if you are putting the correct value into the form that creates $_POST. Try using backticks in the form

 

so $_POST['selform'] will contain

 `databasename`.`head`

You do understand the different between database and table right?

 

databases contains tables. The error is saying it cannot find the the table named head in the database named Databasename

 

There is nothing wrong with he code. The problem is you have supplied PHP with the wrong database and/or table name(s).

Edited by Ch0cu3r

Ok, look ill explain it in more detail.

 

I have 1 page, that has a form, that form allows you to pick an option from a drop down menu, the drop down menu is a list of the TABLE names, so when you hit SUBMIT, it is submitting a table name that is retrieved from the database. In the error report, the word (Head) was pulled from the database to be submitted. So the script is connecting to the database and retrieving the table name, but when I hit submit, the table name it is searching for is Databasename.Tablename, which in the error report looks like ****.head (btw, the report is displaying the ACTUAL database name, not **** , I just don't share information regarding my database connection) 

 

 

but when I hit submit, the table name it is searching for is Databasename.Tablename

That is valid SQL syntax. There is nothing wrong with that. MySQL has reported the database and table name like that to prevent obfuscation in the error message.

 

The error message is correct in that the table named head does not exist in the database you have connected mysql to.

the error message contains the database name and the table name to give you as much information about the problem as possible. that the database name is part of the error message is not the problem. the problem is you are supplying a table name that either doesn't exist or has some white-space as part of it or has a capitalization problem (and you are on an operating system that is case-sensitive.)

 

that you are not posting actual information makes it hard to help you, especially since you don't understand the information you are seeing in front of you.

 

i recommend that you post the code producing your form, since you likely have a problem in the code that's providing the value that's being submitted.

This is the form, that is posting the value (head) as you can see, the value (head) is being retrieved from the database and then posted to the processing script

 

<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//list table process

$form = $_POST['selform'];

$sql = "SHOW TABLES FROM $db_name";

$result = mysqli_query($con,$sql);

//formtable

echo '<form id="form1" name="form1" method="post" action="/BYO/formprocessing.php">

<table>

<tr>

<td><select name = "selform" id = "selform">';

//list tables

while ($row = mysqli_fetch_array($result)) 

{

echo '("<option value="';

echo ($row[0]),'</br>';

echo '</br>">';

echo ($row[0]),'</br>';

echo '</option>")';

}

//formtable 2

    echo '</select>';

echo '</td>

</tr>

<tr>

<td><input type="submit" name="Submit" value="Register"/> </td>

</tr>

</table>';

?>

 

This next script should then take the value submitted from the form, in this case (Head) then use it to display ALL the information that is contained inside that table

 


<?php 

//connect

include 'connect.php';

//head

include 'head.php';

//processing

$table = $_POST["selform"];

$result = mysqli_query($con,"SELECT * FROM `$table`");

 

if(!$result) echo("Error result: " . mysqli_error($con)); exit;

 

while ($row = mysqli_fetch_array($result))

echo $row['value1'];

echo $row['value2'];

?>

Edited by JpGemo
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.