Hello I am trying to determine what I am doing wrong.. with PHP and mysql

C

comppro

New Member
Messages
2
Reaction score
0
Points
0
Fair warning
I do not know alot about mysql or php

I am making an exception sheet, which I plan to migrate to a different local web server when it is finished.

Basiaclly a user will log information.. and I want them to only view the ones that they entered.. Right now I am just focusing on being able to just view the records..

I am having a rough time getting it to display my tables at all.. My method so far is write the code see what doesn't work and fix it. So far I have been able top may a login system, the ability to upload data to the sql server, and it can tell an admin from a regular user..

My problem
the site doesn't pull any errors, but it also doesn't display any data what so ever.. Any ideals?

Here is the code I am using so far.

Code: 
<?php
//Load Files
include 'connect.php';
include 'header.php';

//Load databases
$sql = "SELECT
            exception.element_5_1, 
            exception.element_5_2, 
            exception.element_5_3, 
            exception.element_1_1, 
            exception.element_1_2, 
            exception.element_1_4,
            exception.element_2_1, 
            exception.element_2_2, 
            exception.element_2_4, 
            exception.element_4, 
            exception.element_3, 
            exception.topic_by
        WHERE
            exception.topic_by = " . mysql_real_escape_string($_GET['id']);
            


        $result = mysql_query($sql);





//Make sure logged in and correctly privileged
if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 0 )


{
        //the user is not an admin
        echo 'Sorry, you do not have sufficient rights to access this page.';
}
        else
{    


//if not signed in        
if(!$_SESSION['signed_in'])
        {
             echo '<tr><td colspan=2>You must be <a href="signin.php">signed in</a> to reply. You can also <a href="signup.php">sign up</a> for an account.';
        }
            else
    {        
        
        
        if(!$result)
{
       while($posts_row = mysql_fetch_assoc($posts_result))

//create table for use to view records.
           echo ' All Topics for the user '.$posts_row['topic_by'].'
        
    <table style="text-align: left; width: 762px; height: 77px;" border="1" cellpadding="2" cellspacing="2">
    <tbody>
    <tr>
      <td>Date</td>
      <td>Time In</td>
      <td>Time Out</td>
      <td>Code used</td>
      <td>Reason</td>
    </tr>
    <tr>
      <td>  '.$posts_row['element_5_1'].' - '.$posts_row['element_5_2'].' - '.$posts_row['element_5_3'].'</td>
      <td>  '.$posts_row['element_1_1'].' : '.$posts_row['element_1_2'].'   '.$posts_row['element_1_4'].'</td>
      <td>  '.$posts_row['element_2_1'].' : '.$posts_row['element_2_2'].'   '.$posts_row['element_2_4'].'</td>
      <td> '. $posts_row['element_4'].'</td>
      <td> '. $posts_row['element_3'].'</td>
    </tr>
    </tbody>
    </table> ';
 }
                
    
        else
   {
        echo 'The topic could not be displayed, please try again later.';
   }




   }
}




include 'footer.php';
?>
 
M

misson

Community Paragon
Community Support
Messages
2,572
Reaction score
72
Points
48
Note that you can use
PHP: 
 tags for PHP code and it will be colorized according to. Similarly, there's [HTML] for HTML.

[quote="comppro, post: 881575"]My problem the site doesn't pull any errors, but it also doesn't display any data what so ever.[/QUOTE]
You must write code to explicitly handle DB errors; it doesn't happen automatically. When you handle errors, make sure you don't output database error messages to non-admin users as it [URL=http://msdn.microsoft.com/en-us/library/ms995351.aspx#securityerrormessages_topic2]discloses too much information[/URL]. Instead, log the MySQL error message. For some errors (such as those related to missing or invalid values), output your own [url=http://developer.apple.com/library/mac/documentation/UserExperience/Conceptual/AppleHIGuidelines/Windows/Windows.html#//apple_ref/doc/uid/20000961-TP10]error message[/url] to the user and what action the user can take to address it. For the rest, inform the user that there was an internal error.

Using PDO (instead of the old mysql driver; more below), you can use [URL="http://php.net/Exception"]exceptions[/URL] by setting the [URL="http://www.php.net/manual/en/pdo.error-handling.php"]error mode[/URL] of the DB connection.

[quote="comppro, post: 881575"][PHP]<?php
//Load Files
include 'connect.php';
[/QUOTE]
Global variables (and implicit state) are bad. Instead, create a functions or (better yet) a class to manage the DB connection and segregate the credentials. You can use static variables and properties to store the connection so subsequent calls to the connect function don't have to recreate it. See "Display all that would be secret while Mysql is broken" and "
PHP: 
 MySQL and PHP[/URL]" for some illustrative examples of the technique.

[quote="comppro, post: 881575"][PHP]
//Load databases
$sql = "SELECT
            exception.element_5_1, 
[...]
            exception.element_3, 
            exception.topic_by
        WHERE
            exception.topic_by = " . mysql_real_escape_string($_GET['id']);
[/QUOTE]
Read up on the syntax of [URL="http://dev.mysql.com/doc/refman/5.1/en/select.html"]SELECT as supported by MySQL. You're missing the table (the FROM clause).

The column names are unreadable. Like variable names, column names should be descriptive, making them at least somewhat self-documenting.

comppro said:
PHP: 
        $result = mysql_query($sql);
Click to expand...
The mysql extension is outdated and on its way to deprecation. Instead, use PDO, which has many useful improvements, such as prepared statements and support for the Traversable interface, so you can loop over results with foreach. If you need a PDO tutorial, try "Writing MySQL Scripts with PHP and PDO".

comppro said:
PHP: 
//Make sure logged in and correctly privileged
if($_SESSION['signed_in'] == false | $_SESSION['user_level'] != 0 )
{ [...]
}
        else
{    
//if not signed in        
if(!$_SESSION['signed_in'])
Click to expand...

Instead of nesting "if" blocks in "else" blocks, use elseif for mutually exclusive branches. The result (along with a decent indent style) will make the code more readable.

Excepting the result table, table elements are used non-semantically. Don't use tables for layout, use CSS.

Database access and display are separate concerns and should thus be handled by separate modules.
 
You must log in or register to reply here.
Top