display items that match adminid

traydavid · March 8, 2014, 3:15pm

this form works for displaying products
i would like to alter it to display products only when the adminid from another table matches the adminid in the products table

any feedback is appreciated
i know i will need form and post the form data (adminid) to this page somehow but can’t make that work

if anyone has a sample in mysqli i could look at i feel sure i could integrate
the binding of data part is not helping me…

i guess i would select from products prodid, prodname where adminid = ‘and this is where i’m lost’ because i don’t know how to post the form data stuff here like getadminid from form

then i’d just loop through them? thanks for any advice.

[php]

<?php //connects to database include 'connection.php'; //connection to database is checked here if (!mysqli_connect_errno()) { //this happens upon successful connection to the database echo ""; //now we leave the connection section until the bottom of this page //we select items from a table in database $sql = "SELECT prodid, prodname FROM products"; //now prepare data for display if ($stmt = $mysqli->prepare($sql)) { //this is the actual SQL query $stmt->execute(); //bind the results we selected and only those because the count must match $stmt->bind_result($prodid, $prodname); //loop over the results while ($stmt->fetch()) { //print them out into table cells echo ''; } } //close connection to database here $mysqli->close(); } else { //print this if database connection was not successful from the top of page echo 'mysql connection problem'; exit(); } ?>

' .$prodname. '

[/php]

traydavid · March 8, 2014, 3:50pm

this does not work, for example.
Any ideas? thanks.

[php]<?php
$adminid = $_POST[‘adminid’];

if ($result = $mysqli->prepare("SELECT prodname FROM products WHERE adminid = ?")) {
    $result->bind_param("s", $prodname);
    $result->execute;
        if ($result->num_rows > 0) {                      
            echo "<table>";
            echo "<tr>";
            echo "<th>prodname    </td>";
            echo "<th>adminid</td>";
            echo "</tr>";
            while ($row = $result->fetch_object()) {
                echo "<tr>";
                echo "<td>" . $row->prodname . "</td>";
                echo "<td>" . $row->adminid . "</td>";
                echo "</tr>";
            }
        echo "</table>";
        }  
}
$mysqli->close();

?>[/php]

richei · March 8, 2014, 5:51pm

Well, unless you have an admin id of ?, the query isn’t going to work. The statement would be

if ($result = $mysqli->prepare(“SELECT prodname FROM products WHERE adminid = $adminid”)) {

traydavid · March 8, 2014, 6:03pm

thank you
i tried that…here is updated code and error
fyi the adminid in the table in the database is 1 and the prodname is a string, like ‘sparkplug’ for example

[php]

<?php $adminid = $_POST['adminid']; if ($result = $mysqli->prepare("SELECT prodname FROM products WHERE adminid = $adminid")) { $result->bind_param("s", $prodname); $result->execute; if ($result->num_rows > 0) { echo "

"; echo ""; echo ""; while ($row = $result->fetch_object()) { echo ""; echo ""; echo ""; echo ""; } echo "

prodname "; echo "	adminid"; echo "
" . $row->prodname . "	" . $row->adminid . "

"; } } $mysqli->close(); ?> [/php]

and here is the form i am using to test ( i set value to 1 for testing, tried with manually input of 1 also)

adminid:

and my new error is
Fatal error: Call to a member function prepare() on a non-object in /home/…getprod.inc.php on line 6

AND when i do a vardump the prodname is always 0 and the adminid is always 1

JimL · March 8, 2014, 7:02pm

What? You need to read up on parameterized queries, and fast.

OP: you should definitly use placeholders and bind parameters like you were originally doing.

Look into error handling so you have something to work with.
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

In your query you bind adminid = ? to the param $prodname, it should be $adminid. I think you have confused bind param (the parameters in the query) with bind result (the parameters you get from the database)

traydavid · March 8, 2014, 7:57pm

well i have but this is almost exactly as in the php manual

[php]<?php

include “connection.php”;

if (!($stmt = $mysqli->prepare(“SELECT prodid, prodname FROM products ORDER BY prodname ASC”))) {
echo “Prepare failed: (” . $mysqli->errno . ") " . $mysqli->error;
}

if (!$stmt->execute()) {
echo “Execute failed: (” . $stmt->errno . ") " . $stmt->error;
}

if (!($res = $stmt->get_result())) {
echo “Getting result set failed: (” . $stmt->errno . ") " . $stmt->error;
}

var_dump($res->fetch_all());
?>[/php]

and provides this error even without the complicated binding stuff

Fatal error: Call to undefined method mysqli_stmt::get_result() in /home/…/getprod.inc.php on line 13

JimL · March 8, 2014, 8:08pm

A quick search for that error resulted in a tip to check if your host is using the native driver for mysql

MySQL Native Driver Only
Available only with mysqlnd.

http://php.net/manual/en/mysqli-stmt.get-result.php

Sorry can’t help much more, been using PDO for years so haven’t really used mysqli

[hr]

Your other error (Fatal error: Call to a member function prepare) would make it seem like you never instantiated the mysqli object, where is the code to do the actual connection? (in that code snippet)

traydavid · March 8, 2014, 8:12pm

Thanks

Can i use pdo with mysql? Just need free database

JimL · March 8, 2014, 8:18pm

Yes, that’s one of the great things with PDO, just by changing the connection string you can change your app to use a different database type.

See the list of supported databases here:

PDO_CUBRID Cubrid PDO_DBLIB FreeTDS / Microsoft SQL Server / Sybase PDO_FIREBIRD Firebird PDO_IBM IBM DB2 PDO_INFORMIX IBM Informix Dynamic Server PDO_MYSQL MySQL 3.x/4.x/5.x PDO_OCI Oracle Call Interface PDO_ODBC ODBC v3 (IBM DB2, unixODBC and win32 ODBC) PDO_PGSQL PostgreSQL PDO_SQLITE SQLite 3 and SQLite 2 PDO_SQLSRV Microsoft SQL Server / SQL Azure PDO_4D 4D

http://www.php.net/manual/en/pdo.drivers.php

traydavid · March 9, 2014, 8:03pm

okay i think i fixed it and here is solution

this form is submitted with the admin ID, which posts the admin ID into the processing page

[php]

your-label-here:

    <input name="Submit" type="submit" value="Submit" />
</form>

[/php]

here is the form that actually works

[php]

<?php $what-form-posted = $_POST["what-form-posted"]; ?>

<php?
//connect to database here

// QUERY THE TABLE FOR DATA
$query = “SELECT whatever FROM table-name WHERE -see-above-post-section”;
$result = $mysqli->query($query) or die($mysqli->error.LINE);

// LOOP THROUGH DATA
if($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo stripslashes($row[‘whatever’]);
}
}
else {
echo ‘NONE FOUND’;
}

// CLOSE CONNECTION
mysqli_close($mysqli);

?>[/php]

thanks JimL for ideas and help

JimL · March 9, 2014, 10:23pm

Could you post the code you have now? That it works doesn’t necessarily mean it’s correct

traydavid · March 9, 2014, 11:48pm

I did…above.

JimL · March 9, 2014, 11:54pm

Yeah you have posted multiple solutions above, one of which is terrible.

traydavid · March 10, 2014, 12:25am

My purpose for original post was to see how to build form that posted data into another php page and used that data to select/display other data. This works for me:

[php]<?php

// CONNECT TO THE DATABASE
include “includes/connectionfile.inc.php”;

$adminname = $_POST[“adminname”];
var_dump(adminname);
// QUERY THE TABLE FOR THE DATA
$query = " SELECT adminname, prodname FROM products WHERE adminname = ‘$adminname’ ";
var_dump (adminname);
$result = $mysqli->query($query) or die($mysqli->error.LINE);

// LOOP THROUGH DATA
if($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo stripslashes($row[‘prodname’]);
}
}
else {
echo ‘NO RESULTS FOUND’;
}

// CLOSE CONNECTION
mysqli_close($mysqli);

?>[/php]

And this is the form:

[php]

Test to display products based on adminname

Admin Name:

    <input name="Submit" type="submit" value="Submit" />
</form>

[/php]

Not saying it is the best way or most secure or anything, just saying it works for me. Thanks!

JimL · March 10, 2014, 12:29am

You really really shouldn’t do it like that. It leaves your database (and potentially the entire server) vulnerable.

If you can’t get parameterized queries to work then change host. This stuff was introduced 10 years ago so there is no valid excuse for not supporting it today.

traydavid · March 10, 2014, 1:06am

working on that now thanks

benanamen · March 10, 2014, 2:01am

I have provided a PDO database to get you started with PDO.

http://www.phphelp.com/forum/the-occasional-tutorial/beginners-pdo-bumpstart-code-use-it-now!