Q(Question):
Hi all
I am extremely new to php and need some help
I found a code that Atli addressed in a 11/23/07 thread and have been working with it-all is great. My main question is how do I search for a single file and display the image for that single file. The code example by Atli will list all files
Thanks
A(Answer):
which of the 3 threads do you mean? (a link would be really helpful)
A(Answer):
Sorry-here is the link
http://bytes.com/topic/php/insights/…base-using-php
A(Answer):
Check out MySQL’s WHERE clause.
A(Answer):
Thanks for the WHERE clause link–I gave it a shot but get the result "There are no files in database" any advice for a rookie?
# Query for existing files
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber Created FROM FileStorage Where Toolnumber = ‘textfield’ ");
A(Answer):
well, obviously there is no Toolnumber field with the value of ‘textfield’.
besides, make sure, all field names are correctly written (SQL can be/is case sensitive)
A(Answer):
Thanks for the rapid reply
I did find That Toolnumber should be ToolNumber-corrected it but still the same
will ‘textfield’ pull over from my search page?
A(Answer):
Isn’t textfield meant to be $textfield i.e a variable?
A(Answer):
I tried it with the $ variable but get a undefined variable error
A(Answer):
Lets see your code, you need to take whatever the user entered in the text box, put it into a variable then use that in the SQL to retrieve.
A(Answer):
here is the code I am using that gives me undefined variable error
<?php
# Connect to the database
$dbLink = mysqli_connect("xx.xx.xx.xx", "xxxxx", "xxxxxxxx", "tools");
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
# Query for a list of all existing files
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber Created FROM FileStorage Where ToolNumber = [$textfield]");
# Check if it was successfull
if($result)
{
# Make sure there are some files in there
if(mysqli_num_rows($result) == 0) {
echo "<p>There are no files in the database</p>";
}
else
{
# Print the top of a table
echo "<table width='100%'><tr>";
echo "<td><b>Name</b></td>";
echo "<td><b>Mime</b></td>";
echo "<td><b>Size (bytes)</b></td>";
echo "<td><b>Created</b></td>";
echo "<td><b>Tool Number</b></td>";
echo "<td><b> </b></td>";
echo "</tr>";
# Print each file
while($row = mysqli_fetch_assoc($result))
{
# Print file info
echo "<tr><td>". $row['FileName']. "</td>";
echo "<td>". $row['FileMime']. "</td>";
echo "<td>". $row['FileSize']. "</td>";
echo "<td>". $row['Created']. "</td>";
echo "<td>". $row['ToolNumber']. "</td>";
# Print download link
echo "<td><a href='get_file.php?id=". $row['FileID'] ."'>Download</a></td>";
echo "</tr>";
}
# Close table
echo "</table>";
}
# Free the result
mysqli_free_result($result);
}
else
{
echo "Error! SQL query failed:";
echo "<pre>". $dbLink->error ."</pre>";
}
# Close the mysql connection
mysqli_close($dbLink);
?>
A(Answer):
I’m not sure what the square brackets are for… of cause $textfield has to be defined somewhere (looks like some form data).
// just one possibility...
$textfield = $_POST['user_input'];
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, `ToolNumber Created` FROM FileStorage WHERE ToolNumber = " . mysql_real_escape_string($textfield));
// use ' around the value if it is a string
A(Answer):
would something like this work?
$textfield = $_POST['textfield'];
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = " . mysql_real_escape_string($textfield));
here is the code for the search
<form id="form1" name="form1" method="get" action="list_files.php">
<label>Tool Number
<input type="text" name="textfield" />
</label>
<p>
<label>
<input type="submit" name="Submit" value="Submit" />
</label>
</p>
sorry for so many questions. I have only been doing this since Monday
A(Answer):
Your method is get on the form, not post so change this:
<form id="form1" name="form1" method="get" action="list_files.php">
To:
<form id="form1" name="form1" method="post" action="list_files.php">
And that should work OK.
Or alternatively change:
$textfield = $_POST['textfield'];
To:
$textfield = $_GET['textfield'];
Cheers
A(Answer):
Well I did the reccommended changes and now get another error:
Error! SQL query failed:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ” at line 1
PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user ‘ODBC’@’localhost’ (using password: NO) in C:\Inetpub\wwwroot\tlsc\list_files.php on line 12 PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Inetpub\wwwroot\tlsc\list_files.php on line 12
This is line 12:
$result = mysqli_query($dbLink, "SELECT FileID, FileName, FileMime, FileSize, ToolNumber, Created FROM FileStorage WHERE ToolNumber = " . mysql_real_escape_string($textfield));
A(Answer):
I think you need to surround the variable if not an int.
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysql_real_escape_string($textfield) . "'");
A(Answer):
well I tried:
‘" . mysql_real_escape_string($textfield) . "’");
as reccommended- but get:
There are no files in the database
PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: Access denied for user ‘ODBC’@’localhost’ (using password: NO) in C:\Inetpub\wwwroot\tlsc\list_files.php on line 12 PHP Warning: mysql_real_escape_string() [function.mysql-real-escape-string]: A link to the server could not be established in C:\Inetpub\wwwroot\tlsc\list_files.php on line 12
A(Answer):
OK just try the following:
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime, FileSize,
ToolNumber, Created
FROM FileStorage
WHERE ToolNumber = '$textfield'
");
The mysql_real_escape_string function is to make the data safe for MySQL insertion, maybe that is not used with mysqli, I have never really used it.
A(Answer):
You’re using MySQLi, so mysql_* functions are not going to work. Change it to mysqli_…
A(Answer):
Not quite sure I undestand– can you explain a little and/or give a example?
A(Answer):
He means use mysqli_real_escape_string() instead of mysql_real_escape_string() like so:
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($textfield) . "'");
A(Answer):
Back again–got this error:
There are no files in the database
PHP Warning: mysqli_real_escape_string() expects exactly 2 parameters, 1 given in C:\Inetpub\wwwroot\tlsc\list_files.php on line 17
do I need to do something like this
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE id= '$id'
AND ToolNumber =
'" . mysqli_real_escape_string($textfield) . "'");
A(Answer):
Hi,
Change:
mysqli_real_escape_string($textfield)
To:
mysqli_real_escape_string($dbLink,$textfield)
A(Answer):
Guess what–more errors
PHP Parse error: parse error in C:\Inetpub\wwwroot\tlsc\list_files.php on line 21
here are lines 21 thru 70
if($result)
{
# Make sure there are some files in there
if(mysqli_num_rows($result) == 0) {
echo "<p>There are no files in the database</p>";
}
else
{
# Print the top of a table
echo "<table width='100%'><tr>";
echo "<td><b>Name</b></td>";
echo "<td><b>Mime</b></td>";
echo "<td><b>Size (bytes)</b></td>";
echo "<td><b>Created</b></td>";
echo "<td><b>Tool Number</b></td>";
echo "<td><b> </b></td>";
echo "</tr>";
# Print each file
while($row = mysqli_fetch_assoc($result))
{
# Print file info
echo "<tr><td>". $row['FileName']. "</td>";
echo "<td>". $row['FileMime']. "</td>";
echo "<td>". $row['FileSize']. "</td>";
echo "<td>". $row['Created']. "</td>";
echo "<td>". $row['ToolNumber']. "</td>";
# Print download link
echo "<td><a href='get_file.php?id=". $row['FileID'] ."'>Download</a></td>";
echo "</tr>";
}
# Close table
echo "</table>";
}
# Free the result
mysqli_free_result($result);
}
else
{
echo "Error! SQL query failed:";
echo "<pre>". $dbLink->error ."</pre>";
}
# Close the mysql connection
mysqli_close($dbLink);
?>
A(Answer):
I suspect the error is just prior to what you pasted.
Please post all the code and use code tags as well please. Its very difficult to read without tags.
A(Answer):
mike,
Please read your Personal Messages. You have already received a warning.
A(Answer):
how do I do code tags??
A(Answer):
sorry about the tags
here is the code–let me know if I did it correct
<?php
# Connect to the database
$dbLink = mysqli_connect("71.39.54.10", "root", "trinidad", "tools");
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
# Query for a list of all existing files
// just one possibility...
$textfield = $_POST['textfield'];
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield)
# Check if it was successfull
if($result)
{
# Make sure there are some files in there
if(mysqli_num_rows($result) == 0) {
echo "<p>There are no files in the database</p>";
}
else
{
# Print the top of a table
echo "<table width='100%'><tr>";
echo "<td><b>Name</b></td>";
echo "<td><b>Mime</b></td>";
echo "<td><b>Size (bytes)</b></td>";
echo "<td><b>Created</b></td>";
echo "<td><b>Tool Number</b></td>";
echo "<td><b> </b></td>";
echo "</tr>";
# Print each file
while($row = mysqli_fetch_assoc($result))
{
# Print file info
echo "<tr><td>". $row['FileName']. "</td>";
echo "<td>". $row['FileMime']. "</td>";
echo "<td>". $row['FileSize']. "</td>";
echo "<td>". $row['Created']. "</td>";
echo "<td>". $row['ToolNumber']. "</td>";
# Print download link
echo "<td><a href='get_file.php?id=". $row['FileID'] ."'>Download</a></td>";
echo "</tr>";
}
# Close table
echo "</table>";
}
# Free the result
mysqli_free_result($result);
}
else
{
echo "Error! SQL query failed:";
echo "<pre>". $dbLink->error ."</pre>";
}
# Close the mysql connection
mysqli_close($dbLink);
?>
A(Answer):
You’ve missed some quotes:
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield)
Should be
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield) . "'";
A(Answer):
added the quotes–now get:
PHP Parse error: parse error in C:\Inetpub\wwwroot\tlsc\list_files.php on line 17 here are lines 12 – 17
$result = mysqli_query($dbLink,
"SELECT FileID, FileName, FileMime,
FileSize, ToolNumber, Created
FROM FileStorage
WHERE ToolNumber =
'" . mysqli_real_escape_string($dbLink,$textfield) . "'";
A(Answer):
It’s missing the ending parenthesis (‘)’) of the mysqli function. Add one just before the semi colon.
A(Answer):
AWSOME–That did the trick!!!! Thanks for ALL the help
A(Answer):
No problem.
A hearty ‘you’re welcome’ from us all.
A(Answer):
Glad you got there in the end.
Good Luck