Jump to content

Process the value of a searched result


Go to solution Solved by mac_gyver,

Recommended Posts

Hi guys,

How can i process the value of a search result.

this is what i've tried so far:

//searche result page
 
 
if(isset($_POST['submit'])){

    

    $_SESSION['from'] = $_POST['from'];

    $_SESSION['to'] = $_POST['to'];

    

    $sql = ("SELECT * FROM $tbl_name WHERE date_order BETWEEN '$_SESSION[from]' AND '$_SESSION[to]'");



    //$stmt = $pdo->prepare("SELECT * FROM ca_processed");

    $stmt=$pdo->query($sql);

    $stmt->execute();

    $num_rows = $stmt->rowCount();

    #print "<p>$num_rows Record(s) Found.</p>";

    if($stmt->rowCount() < 1){

    

    echo '<div class="alert alert-warning text-center">NO RECORD FOUND</div>';

    

}else{

print "<p>$num_rows Record(s) Found.</p>";
 
<form action="ReconcileAccounts" method="post">  

<table width="100%" class='table-responsive table-condensed table-striped'>



<tr>

<td bgcolor="#444444"><font color='#fff'></font></td>

<td  bgcolor="#444444"><font color='#fff'><strong>#</strong></font></td>

<td  bgcolor="#444444"><font color='#fff'>Trans Ref</font></td>

<td  bgcolor="#444444"><font color='#fff'>Service Provider</font></td>

<td  bgcolor="#444444"><font color='#fff'>Service Type</font></td>

<td  bgcolor="#444444"><font color='#fff'><strong>($) Amount</strong></font></td>

<td  bgcolor="#444444"><font color='#fff'><strong>Date Paid</strong></font></td>

<td bgcolor="#444444"><font color='#fff'><strong>Reconcile Status</strong></font></td>

</tr>

<?php

$i = 1;

while($row = $stmt->fetch(PDO::FETCH_ASSOC)) {

    $trans_ref = $row['trans_ref'];

    $service_provider = $row['service_provider'];

    $service_type = $row['service_type'];

    $amount_paid = number_format($row['amount_paid'],2);

    $date_paid = $row['date_paid'];

    $reconcile_status = $row['reconcile_status'];

    if($reconcile_status == 0){

        $reconcile_status = "<strong>NOT RECONCILED</strong>";

    }elseif($reconcile_status == 1){

         $reconcile_status = "<strong>RECONCILED</strong>";

    }

    

$reconcile_info = [

'trans_ref' => $trans_ref,

'service_provider' => $service_provider,

'service_type' => $service_type,

'amount_paid' => $amount_paid,

'date_paid' => $date_paid,

'reconcile_status' => $reconcile_status

];

$_SESSION['reconcile_info'] = $reconcile_info;



?>

<tr>

<td align="center"><input name="check_list[]" type="checkbox" value="<?php echo $row['id']; ?>" ></td>

<td><?php echo $i++; ?></td>

<td><?php echo  $trans_ref; ?></td>

<td><?php echo  $service_provider; ?></td>

<td><?php echo  $service_type; ?></td>

<td><?php echo  $amount_paid; ?></td>

<td><?php echo  $date_paid; ?></td>

<td><?php echo $reconcile_status; ?></td>

</tr>

<?php

}

?>

</table>

<input name="reconcile" type="submit" class="btn btn-primary btn-margin" id="reconciled" value="RECONCILE SELECTED">

</form>
}
 
}
 
//ReconcileAccounts
$tbl_name="xbp_paid_bills";        //your table name

$tbl_name2="xbp_registration_info";



if(isset($_POST['reconcile'])){



    if(!empty($_POST['check_list'])){

        foreach($_POST['check_list'] as $selected){



$stmt = $pdo->setAttribute( PDO::ATTR_ERRMODE, PDO::ERRMODE_WARNING );

$stmt = $pdo->prepare("UPDATE xbp_paid_bills SET reconcile_status =1 WHERE trans_id='$selected'");

$stmt->execute();

$count = $stmt->rowCount();

}

if($count){



    echo "<div class='bg-success alert alert-success text-center'>RECORD(S) RECONCILED</div>";

    $url = "ReconcileAccount";

    echo '<meta http-equiv="refresh" content="3;URL=' . $url . '">';

    

}else{

    echo "<div class='bg-warning alert alert-warning text-center'>A PROBLEM OCCURED WHILE RECONCILING RECORD</div>";

    echo "<br>";

    

print_r($stmt->errorInfo());



}

    }



}

thanks

Link to post
Share on other sites

Good job attempting to use PDO and prepared statements, but you are not doing them correctly.

 

Until you totally know what you are doing, NEVER use anything except a prepared statement.  For instance, don't use $stmt=$pdo->query($sql);, but use $stmt=$pdo->prepare($sql);.

 

Next, never directly add a variable into your SQL statement.  If you 100% new it was safe, maybe, for for now, NEVER.  Your SQL statement should look like one of the following:

$tbl_name='your_table_name';

$sql = "SELECT * FROM $tbl_name WHERE date_order BETWEEN ? AND ?";
// or
$sql = "SELECT * FROM $tbl_name WHERE date_order BETWEEN :to AND :from";

Okay, I earlier said never insert a variable into your SQL, but doing so with $tbl_name is okay (if you really need to) because you 100% know it is safe.  Never, however, put then in your WHERE statement even if you know they are safe until you really know what you are doing.  Also, the  to  and from in your between statement doesn't make any sense. 

 

Finally, you insert your variables into the prepared statement using:

$stmt=$pdo->prepare($sql);
$stmt->execute([$_POST['to'],$_POST['from']]); //If using ? as placeholders
// or
$stmt->execute(['to'=>$_POST['to'],'from'=>$_POST['from']]); //If using :to or :from as placeholders

Update your script, and then give a better description what you mean by "process the values"

Link to post
Share on other sites
  • Solution

do you have php's error_reporting set to E_ALL and display_errors set to ON in the php.ini (putting these settings into your code won't help show syntax errors in the same file where the settings are being set) on your development system so that php would help you by reporting and displaying all the errors it detects?

 

you would be getting a php syntax error because you are mixing php and html markup inside of php code tags. you would also be getting a blank php page, which you didn't tell us you are getting as a symptom when you run your code. to output in-line html markup, you need to have a closing php tag to switch out of php 'mode'. with 300+ posts, you should be past having these basic problems.

Link to post
Share on other sites

another point about prepared queries, you prepare them once, then can execute them multiple times. the UPDATE query should be prepared once, before the start of the loop. the code inside the loop should only populate the data for the place-holders, then execute the query.

 

@NotionCommotion, the OP's from and to values do make sense. from is an older date and needs to be the first parameter in the BETWEEN term for the statement to work. to is a newer date and needs to be the second parameter in the BETWEEN term.

Link to post
Share on other sites

@NotionCommotion, the OP's from and to values do make sense. from is an older date and needs to be the first parameter in the BETWEEN term for the statement to work. to is a newer date and needs to be the second parameter in the BETWEEN term.

 

Okay.  I had thought they were email addresses or names or something.

 

Also, I was going to comment on my original reply but thought better to staying just on the subject of prepared statements, but...  Why set $_SESSION with $_POST values?  It does not magically provide any protection.  Do you really need these as a session?

Link to post
Share on other sites
This thread is more than a year old.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.