Page 1 of 1

drop down form + php using sql - SOLVED

Posted: Sat Sep 15, 2007 8:59 am
by hgmmy
Ok, so once again I'm trying to "hack" my wordpress database. I'm wanting to create a page for users to view other user then there user info. Plus I'm going to make an option as to if they want to share there info, but that's yet to come. At any rate what i'm trying to do at the moment is list the users by accessing the database then using "while" to list the users in the form.

Code: Select all

<?php
  $tm_users = mysql_query("SELECT * FROM wp_users");
?>

<form action="userinfo.php" method="get"> 
Select a User:
<select name="users">
<?php  while (    $tm_listusers = mysql_fetch_array($tm_users))
 {
  echo "<option name=\" " . theuser . " \"> " . $tm_listusers['user_login'] . " </option>\n" ;
  $number++;
 }
?>
<input type="submit" value="submit" />
</select>
</form>
Then when it's submitted, have it processed as you see below on the same page but below the form.

Code: Select all

<?php
  $tm_viewuser = $_GET['theuser'];

  $tm_loggedinuser = mysql_query(" SELECT * FROM wp_usermeta WHERE meta_value='$tm_viewuser' ") or die("Failed: ".mysql_error());

  $tm_row = mysql_fetch_array($tm_loggedinuser);

 echo "<div> " . $tm_row . " </div>";

  $first_nameq = mysql_query(" SELECT * FROM wp_usermeta WHERE user_id='$tm_row[id]' AND meta_key='first_name' ")or die("Failed: ".mysql_error()); 

  $first_namef = mysql_fetch_array($first_nameq);

  echo "<div id=\"textHint\"> " . $first_namef['meta_value'] . " </div>";
//note I've only gotten as far as displaying the first name

?>
After you pick a user with then form and click submit it doesn't display any of the user information (but still displays the form :)). Something I don't know is that if I need to have different names for each option in the drop down list for this to work, though I think that is my problem. In which case how do I give each option a different name (which i know how to do) and the have one form for all of them that'll take the value of each option (which is one of my problems)?

Posted: Sat Sep 15, 2007 2:20 pm
by hgmmy
Note:I've just changed the last section of code to,

Code: Select all

<?php
  $tm_viewuser = mysql_real_escape_string($_GET['$theuser']);

  $tm_loggedinuser = mysql_query(" SELECT * FROM wp_usermeta WHERE meta_value='$tm_viewuser' ") or die("Failed: ".mysql_error());

  $tm_row = mysql_fetch_array($tm_loggedinuser);

 echo "<div> " . $tm_row . " </div>";

  $first_nameq = mysql_query(" SELECT * FROM wp_usermeta WHERE user_id='$tm_row[id]' AND meta_key='first_name' ")or die("Failed: ".mysql_error()); 

  $first_namef = mysql_fetch_array($first_nameq);

  echo "<div id=\"textHint\"> " . $first_namef['meta_value'] . " </div>";

?>

The change being i added "mysql_real_escape() to "$tm_row".

Posted: Sat Sep 15, 2007 3:38 pm
by superdezign
1) You have *a lot* of unnecessary spaces in your strings. It shouldn't affect the queries or the HTML display, but I'm fairly sure that it will affect the attributes, namely the "name" attribute that you use on your <option> elements, which brings me to the next thing I noticed.
2) You are using the "name" attribute instead of the "value" attribute. The "value" attribute is the data that is actually posted when the option is selected.
3) There is no element in your form with the name "theuser," so $_GET['theuser'] won't exist.
4) You can't put the <input> element inside of the <select> element.
5) You are using a constant, "theuser," as the "name" attribute of of the options. I'm assuming that is not what you were trying to do.
6) In your new code, you have "$_GET['$theuser']," which I'm certain was a mistake. Even if you have a variable named $theuser, it wouldn't parse since it's in single quotation marks.

I'm sure I've missed other things. At this point, I stopped reading the code.

Posted: Sat Sep 15, 2007 4:45 pm
by hgmmy
Ok, here's the code as it is now,

Code: Select all

<form action="userinfo.php" method="get"> 
Select a User:
<select name="theusers">
<?php  while ($tm_listusers = mysql_fetch_array($tm_users))
 {
  echo "<option value=\"" . $tm_listusers['user_login'] . "\">" . $tm_listusers['user_login'] . "</option>\n" ;
 }
?>
</select>

<input type="submit" value="submit" />
</form>

Code: Select all

<?php
  $tm_viewuser = mysql_real_escape_string($_GET[$theusers]);

  $tm_vieweduser = mysql_query(" SELECT * FROM wp_usermeta WHERE meta_value='$tm_viewuser' ") or die("Failed: ".mysql_error());

  $tm_row = mysql_fetch_array($tm_vieweduser);
  
  echo "<div> " . $tm_row['user_id'] . " </div>";

  $first_nameq = mysql_query(" SELECT * FROM wp_usermeta WHERE user_id='$tm_row[user_id]' AND meta_key='first_name' ") or die("Failed: ".mysql_error()); 

  $first_namef = mysql_fetch_array($first_nameq);

  echo "<div id=\"textHint\"> " . $first_namef['meta_value'] . " </div>";

?>
Ok superdezign, I'm going to address what you said with the same number for indexing.
1) Some how or nother I got the impression it had to be spaced as it was, but thinking back it makes me go "duh, stupid".
2)I was under the impression that "name" or "id" were used for the string name, then the text between the opening and closing "<option>" was the value, but I guess that's for text areas, but that's a different topic for a different time.
3)makes sense now.
4)Didn't notice...
5)I'm aware it was giving each option the same name. The url after you click the submit button was showing ...usinfo.php?theuser=admin (or whatever the user name is that was selected). But after changing everything to what it is now it shows ...userinfo.php?users=admin so I've learned that it uses the name given to "<selected>"
6)oh...

So I've changed the stuff that needed changing and it's still not working. Something seems to be wrong with the first sql query cause I'm not getting the user_id when I do that query through this method, but if i take that query and give it straight to my sql and switch out the "$tm_vieweduser" with say admin which is my account it returns the proper results... It's probably a typo I'm not seeing but I've been looking at it to long...

Thanks for your help thus far superdezign.

Posted: Sat Sep 15, 2007 5:16 pm
by s.dot

Code: Select all

SELECT * FROM wp_usermeta WHERE user_id='$tm_row[user_id]' AND meta_key='first_name'
In this line, it should be WHERE user_id = '" . $tm_row['userid'] . "'

You have to concatenate the array value into there, or php will throw notices about the use of undefined constants.

Posted: Sat Sep 15, 2007 5:41 pm
by superdezign
scottayy wrote:

Code: Select all

SELECT * FROM wp_usermeta WHERE user_id='$tm_row[user_id]' AND meta_key='first_name'
In this line, it should be WHERE user_id = '" . $tm_row['userid'] . "'

You have to concatenate the array value into there, or php will throw notices about the use of undefined constants.
Actually, Everah showed me that it wouldn't throw notices.
Anyway, instead of using concatenation, you could use brackets:

Code: Select all

SELECT * FROM wp_usermeta WHERE user_id='{$tm_row['user_id']}' AND meta_key='first_name'
If he used the brackets and omitted the single-quotes around the array index, then it would throw a notice. However, without them, it won't (and according to the manual, should work as well).

Posted: Sat Sep 15, 2007 6:53 pm
by hgmmy
Ok so I did as you said, but my first problem is in the query before that, cause I'm not getting the user id returned.

This is what that section of code is now.

Code: Select all

<?php
  $tm_viewuser = mysql_real_escape_string($_GET[$theusers]);

  $tm_vieweduser = mysql_query(" SELECT * FROM wp_usermeta WHERE meta_value='$tm_viewuser' ") or die("Failed: ".mysql_error());

  $tm_row = mysql_fetch_array($tm_vieweduser);
  
  echo "<div> " . $tm_row['user_id'] . " </div>";

  $first_nameq = mysql_query(" SELECT * FROM wp_usermeta WHERE user_id='{$tm_row[user_id]}' AND meta_key='first_name' ") or die("Failed: ".mysql_error()); 

  $first_namef = mysql_fetch_array($first_nameq);

  echo "<div id=\"textHint\"> " . $first_namef['meta_value'] . " </div>";

?>

Posted: Sat Sep 15, 2007 6:57 pm
by s.dot
I'm almost positive $_GET[$theusers] isn't a real variable.

Code: Select all

echo $_GET[$theusers];
See if it displays anything. Maybe you mean $_GET['theusers']? What is your query string?

@superdesignz that's very interesting to note :) I didn't know that. I think I'll stick to the concatenation or brackets, though.

Posted: Sat Sep 15, 2007 7:11 pm
by superdezign
scottayy wrote:@superdesignz that's very interesting to note :) I didn't know that. I think I'll stick to the concatenation or brackets, though.
Hehe, I feel you. The section in the manual on variables in strings is too long and feels slightly inconsistent. Bad parser, bad. :P

Posted: Sun Sep 16, 2007 7:57 am
by hgmmy
[quote=scottayy]I'm almost positive $_GET[$theusers] isn't a real variable.[/quote]

once again i got the wrong impression somewhere... I thought the name of any form became a variable and the value/input was just that the value of the variable. So the problems solved. Thanks superdezign, and scotteyy.