Page 1 of 1

Output

Posted: Fri Aug 12, 2011 7:38 am
by YoussefSiblini
Hi, I am trying to output all the rows where question_id='$id' from my table, but the problem is that it is outputting only one row and not more?

Code: Select all

$output2 = '';

if (isset($_GET['secid'])) 
{     
    
          $host="localhost"; // Host name 
          $username="root"; // Mysql username 
          $password=""; // Mysql password 
          $db_name="Forum"; // Database name 
          $tbl_name2="forum_answer"; // Table name
		  $id=$_GET['secid'];
          $sql2 = mysql_query("SELECT * FROM $tbl_name2 WHERE question_id='$id'");
		  $Count = mysql_num_rows($sql2);
          if ($Count > 0) 
          {    
             while($row = mysql_fetch_array($sql2))
		     {
			 $a_id = $row["a_id"];
			 $a_name = $row["a_name"];
			 $a_email = $row["a_email"];
			 $a_answer = $row["a_answer"];
			 $a_datetime = $row["a_datetime"];
	         $output2 = 
	         '
             <table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
                 <tr>
                    <td>
					   <table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
                         <tr>
                             <td bgcolor="#F8F7F1"><strong>ID</strong></td>
                             <td bgcolor="#F8F7F1">:</td>
                             <td bgcolor="#F8F7F1">' . $a_id . '</td>
                          </tr>
                          <tr>
                             <td width="18%" bgcolor="#F8F7F1"><strong>Name</strong></td>
                             <td width="5%" bgcolor="#F8F7F1">:</td>
                             <td width="77%" bgcolor="#F8F7F1">' . $a_name . '</td>
                          </tr>
                          <tr>
                             <td bgcolor="#F8F7F1"><strong>Email</strong></td>
                             <td bgcolor="#F8F7F1">:</td>
                             <td bgcolor="#F8F7F1">' . $a_email . '</td>
                          </tr>
                          <tr>
                             <td bgcolor="#F8F7F1"><strong>Answer</strong></td>
                             <td bgcolor="#F8F7F1">:</td>
                             <td bgcolor="#F8F7F1">' . $a_answer . '</td>
                          </tr>
                          <tr>
                             <td bgcolor="#F8F7F1"><strong>Date/Time</strong></td>
                             <td bgcolor="#F8F7F1">:</td>
                             <td bgcolor="#F8F7F1">' . $a_datetime . '</td>
                          </tr>
                        </table>
					</td>
                 </tr>
             </table><br>	
	         ';
	        }
	    }
		else
		{
			echo"not greater then 0";
		}
}
?>

Youssef

Re: Output

Posted: Fri Aug 12, 2011 11:31 am
by flying_circus
Try adding the following line just before your while loop. This will tell you how many records are returned from the database. Once we know that, we can troubleshoot a query problem or a php problem.

Code: Select all

print $Count;

Re: Output

Posted: Fri Aug 12, 2011 4:17 pm
by YoussefSiblini
Hi I did that and I am getting number 7,
I included all the php code in the body tag and it is working but it look messy, I will prefer if I found a better way.
If it will give you a head ache don't worry about it :)

Re: Output

Posted: Fri Aug 12, 2011 5:16 pm
by flying_circus
The problem lies right here:

Code: Select all

while($row = mysql_fetch_array($sql2))
{
$a_id = $row["a_id"];
$a_name = $row["a_name"];
$a_email = $row["a_email"];
$a_answer = $row["a_answer"];
$a_datetime = $row["a_datetime"];
$output2 = 
Notice that your $output2 is inside your while loop. Everytime the loop executes, it overwrites $output2 with that latest value.

If you want to append to $output2 rather than overwrite, try (notice the . before the = sign):

Code: Select all

$output2 .= 'your code here';

Re: Output

Posted: Fri Aug 12, 2011 5:25 pm
by twinedev
The problem with your original code is that every time it loops through the results, you are assigning a fresh new value to $output2

This line section:

Code: Select all

	$output2 =
	'
	<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
needs changed to be: ( change = to .= )

Code: Select all

	$output2 .=
	'
	<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
Additionally, up above, you are taking direct values from a visitor and sticking them directly into your SQL statement, which can allow allow someone to hack your site (think about if I put $_GET['secid'] = "4'; DELETE FROM forum-answer;" you just lost all your data in that table) NEVER allow this!

Try one of these two...

If ID is numeric, simply do this:

Code: Select all

	$id=(int)$_GET['secid']; 
This will cast $_GET['secid'] as an integer, therefore you will only end up with a number

Otherwise:

Code: Select all

	$id=mysql_real_escape_string($_GET['secid']);
This will properly escape the quotes for you.

Re: Output

Posted: Fri Aug 12, 2011 5:26 pm
by twinedev
(I really need to recheck the thread before hitting submit when I have to take a phone call in the middle of entering my replies LOL)

Re: Output

Posted: Fri Aug 12, 2011 7:08 pm
by YoussefSiblini
Hehehe twinedev you are sooooo helpful even when you have to take a phone :).
I always wanted to know wth is the . before the = sign mean at least now I have an idea about it.
Thank you soooo much for the security advices I will definitely check it out, my first php website ever :) looool, I am really worried about the security part, so that was really helpful.

Thank you flying_circus for your quick replies.

Re: Output

Posted: Fri Aug 12, 2011 10:08 pm
by twinedev

Code: Select all

$var1 .= $var2;
is the same as:

Code: Select all

$var1 = $var1 . $var2;
which concatenates the two strings together so if $var1 was "Hello " and $var2 was "World!", afterwards, $var1 would be "Hello World!"
(and if you actually used both of those examples together, one after the other, you would have "Hello World!World!")

These are used for others as well:

Code: Select all

$var1 += 4; // $var1 = $var1 + 4;
$var1 -= 4; // $var1 = $var1 - 4;
$var1 *= 4; // $var1 = $var1 * 4;

Re: Output

Posted: Sat Aug 13, 2011 4:03 am
by YoussefSiblini
:-) Many thanks definitely adding you hehe