JpGemo Posted September 6, 2014 Share Posted September 6, 2014 <?php //connect include 'connect.php'; //head include 'head.php'; //processing $table = $_POST['selform']; $result = mysqli_query($con,'SELECT * FROM '.$table.''); while ($row = mysqli_fetch_array($result)) echo $row['value1']; echo $row['value2']; ?> I have changed "$result = mysqli_query($con,'SELECT * FROM '.$table.'');" to "$result = mysqli_query($con,'SELECT * FROM body'); (body) is the value of the post, and the script runs correctly using the work, but how can I get the value of $table to work in the script, I have also tried using $_POST['selform'] instead of $table, however that didn't work either?? Any suggestions would be great, thank you Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/ Share on other sites More sharing options...
Ch0cu3r Posted September 6, 2014 Share Posted September 6, 2014 You are close. It should be like $result = mysqli_query($con,'SELECT * FROM '.$table); But. You need to be careful how you use $table in the query. You could open yourself upto SQL Injection if you do not santize/validate it correctly. I have to question why is the table name being submitted by a form? Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490105 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 (edited) im just teaching myself PHP atm, so im testing possible methods of creating an administration panel for my websites That change still presented with the same error i've been getting mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in <b>/misc/29/516/897/696/user/web/gemoweb.com/BYO/formprocessing.php I only get this error while using a key in the query instead of typing the actual word Edited September 6, 2014 by JpGemo Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490106 Share on other sites More sharing options...
davidannis Posted September 6, 2014 Share Posted September 6, 2014 You need to sanitize $table (as previously discussed): $table = mysqli_real_escape_string($con,$_POST['selform']); The error is telling you that the query is failing. Perhaps $table doesn't have the value you expect. Try this: $sql = 'SELECT * FROM '.$table ; echo $sql.'<br>'; $result = mysqli_query($con,$sql); Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490107 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 Ok, I so im getting the error on the; while ($row = mysqli_fetch_array($result)) echo $row['value1']; echo $row['value2']; The echo $sql has brought the body value forward which is what I was after, so something is going wrong in this part of the code Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490108 Share on other sites More sharing options...
Jacques1 Posted September 6, 2014 Share Posted September 6, 2014 Escaping doesn't work like this. The mysqli_real_escape_string() function only works for quoted values. It does not work for identifiers or unquoted values. In that case, it simply doesn't have any effect at all. Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490109 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 atm, sanitizing the script isn't the issue for me, its getting the script to generate the result. This part of the script generates the result I need; $sql = 'SELECT * FROM '.$table ;echo $sql.'<br>';$result = mysqli_query($con,$sql); however, it is coming up with an error while bringing the result from that script to displaying the result, is there an alternative to the following script while ($row = mysqli_fetch_array($result)) echo $row['value1']; echo $row['value2']; Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490110 Share on other sites More sharing options...
jazzman1 Posted September 6, 2014 Share Posted September 6, 2014 Have you tried mysqli_error() function? Try, $sql = 'SELECT * FROM '.$table ; $result = mysqli_query($con,$sql); if(!$result) echo("Error result: " . mysqli_error($con)); exit; // continue... Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490113 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 Error result: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1 This is the error brought forward Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490114 Share on other sites More sharing options...
jazzman1 Posted September 6, 2014 Share Posted September 6, 2014 Try, $sql = "SELECT * FROM `$table`"; Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490115 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 Ok, that has gotten alot closer, however it's now coming up with an error, where it is bringing forward the Database name also. searching for a table named, "DatabaseName.TableName" Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490117 Share on other sites More sharing options...
jazzman1 Posted September 6, 2014 Share Posted September 6, 2014 what's your database name? Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490119 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 I dont share information regarding the connection to my server. the error appears as Error result: Table 'Databasename.head' doesn't exist This is how the code looks now, <?php //connect include 'connect.php'; //head include 'head.php'; //processing $table = $_POST["selform"]; $result = mysqli_query($con,"SELECT * FROM `$table`"); if(!$result) echo("Error result: " . mysqli_error($con)); exit; while ($row = mysqli_fetch_array($result)) echo $row['value1']; echo $row['value2']; ?> The original suggested change to my result script had no change to the error result, until I changed my result script back and added the last change to $table, making it `$table` Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490120 Share on other sites More sharing options...
jazzman1 Posted September 6, 2014 Share Posted September 6, 2014 make sure your database credentials point to correct database. the error message is self-explanatory. Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490121 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 I am aware of that, the connection works fine, if you read the whole script and the results I have posted, I have received values returned from the scripts which require the connection to the database to be working. So it is not a connection to the database thats the issue Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490122 Share on other sites More sharing options...
jazzman1 Posted September 6, 2014 Share Posted September 6, 2014 (edited) So it is not a connection to the database thats the issue No, there is no another reason! There is no table name (head) in database, named ( Databasename ) Are you using some GUI visual tool for database administration like mysql workbech, phpmyadmin, etc... ? PS: Do var_dump before to send the query: $table = $_POST["selform"]; $sql = 'SELECT * FROM '.$table ; var_dumt($sql); $result = mysqli_query($con,$sql); if(!$result) echo("Error result: " . mysqli_error($con)); exit; Edited September 6, 2014 by jazzman1 Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490124 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 The connection is fine, I am getting the (head) value from the database, and submitting it to this script, unfortunately the script isn't echoing the values within the table, because it is adding the database name to the table name, so it is searching for the wrong table Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490126 Share on other sites More sharing options...
davidannis Posted September 6, 2014 Share Posted September 6, 2014 Please when you do var_dump($sql); as suggested, show us what you get. I am wondering if you are putting the correct value into the form that creates $_POST. Try using backticks in the form so $_POST['selform'] will contain `databasename`.`head` Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490127 Share on other sites More sharing options...
Ch0cu3r Posted September 6, 2014 Share Posted September 6, 2014 (edited) You do understand the different between database and table right? databases contains tables. The error is saying it cannot find the the table named head in the database named Databasename There is nothing wrong with he code. The problem is you have supplied PHP with the wrong database and/or table name(s). Edited September 6, 2014 by Ch0cu3r Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490128 Share on other sites More sharing options...
davidannis Posted September 6, 2014 Share Posted September 6, 2014 If your database name has a space in it you need backticks around it. Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490130 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 Ok, look ill explain it in more detail. I have 1 page, that has a form, that form allows you to pick an option from a drop down menu, the drop down menu is a list of the TABLE names, so when you hit SUBMIT, it is submitting a table name that is retrieved from the database. In the error report, the word (Head) was pulled from the database to be submitted. So the script is connecting to the database and retrieving the table name, but when I hit submit, the table name it is searching for is Databasename.Tablename, which in the error report looks like ****.head (btw, the report is displaying the ACTUAL database name, not **** , I just don't share information regarding my database connection) Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490133 Share on other sites More sharing options...
Ch0cu3r Posted September 6, 2014 Share Posted September 6, 2014 but when I hit submit, the table name it is searching for is Databasename.Tablename That is valid SQL syntax. There is nothing wrong with that. MySQL has reported the database and table name like that to prevent obfuscation in the error message. The error message is correct in that the table named head does not exist in the database you have connected mysql to. Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490134 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 if it didnt exist, then it couldn't be submitted, the table name head is being pulled from the database Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490135 Share on other sites More sharing options...
mac_gyver Posted September 6, 2014 Share Posted September 6, 2014 the error message contains the database name and the table name to give you as much information about the problem as possible. that the database name is part of the error message is not the problem. the problem is you are supplying a table name that either doesn't exist or has some white-space as part of it or has a capitalization problem (and you are on an operating system that is case-sensitive.) that you are not posting actual information makes it hard to help you, especially since you don't understand the information you are seeing in front of you. i recommend that you post the code producing your form, since you likely have a problem in the code that's providing the value that's being submitted. Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490136 Share on other sites More sharing options...
JpGemo Posted September 6, 2014 Author Share Posted September 6, 2014 (edited) This is the form, that is posting the value (head) as you can see, the value (head) is being retrieved from the database and then posted to the processing script <?php //connect include 'connect.php'; //head include 'head.php'; //list table process $form = $_POST['selform']; $sql = "SHOW TABLES FROM $db_name"; $result = mysqli_query($con,$sql); //formtable echo '<form id="form1" name="form1" method="post" action="/BYO/formprocessing.php"> <table> <tr> <td><select name = "selform" id = "selform">'; //list tables while ($row = mysqli_fetch_array($result)) { echo '("<option value="'; echo ($row[0]),'</br>'; echo '</br>">'; echo ($row[0]),'</br>'; echo '</option>")'; } //formtable 2 echo '</select>'; echo '</td> </tr> <tr> <td><input type="submit" name="Submit" value="Register"/> </td> </tr> </table>'; ?> This next script should then take the value submitted from the form, in this case (Head) then use it to display ALL the information that is contained inside that table <?php //connect include 'connect.php'; //head include 'head.php'; //processing $table = $_POST["selform"]; $result = mysqli_query($con,"SELECT * FROM `$table`"); if(!$result) echo("Error result: " . mysqli_error($con)); exit; while ($row = mysqli_fetch_array($result)) echo $row['value1']; echo $row['value2']; ?> Edited September 6, 2014 by JpGemo Quote Link to comment https://forums.phpfreaks.com/topic/290884-how-can-i-fix-this-code/#findComment-1490138 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.