SitePoint Sponsor

User Tag List

Results 1 to 18 of 18
  1. #1
    SitePoint Enthusiast glsbrakes's Avatar
    Join Date
    Nov 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    mysql fetch object

    Need to correct a piece of code, no matter which option one picks the data displays the same. Not correctly either...

    Code:
    <form method="POST" action="log.php" target="main" name="sort">
    <select size="1" id="id1" name="D1">
    <option value="username">Username</option>
    <option value="date">Date</option>
    <option value="ip_addr">IP Address</option>
    <option value="oper_sys">O/S</option>
    <option value="brow">Browser</option>
    </select>
    <input type="submit" value="Submit" name="B1">
    </form>
    with a log.php

    Code:
    $connection = @mysql_connect($server, $dbusername, $dbpassword)
    	or die(mysql_error());
    				
    $db = @mysql_select_db($db_name,$connection)
    	or die(mysql_error());
    
    $sql="SELECT * FROM log_login ORDER BY '$_POST [D1]'";
    $result = @mysql_query($sql, $connection) or die(mysql_error());
    
    while ($sql = mysql_fetch_object($result)) 
    {
    $user       =     $sql -> username;
    	$whend      =	$sql -> date;
    	$whent	=	$sql -> time;
    	$ip_add	=	$sql -> ip_addr;
    	$operat	= 	$sql -> oper_sys;
    	$browse	=	$sql -> brow;
    	
    	echo "<p><font size=\"1\" face=\"Tahoma\"><b>Username: 	</b>$user</font><br>";
    	echo "<font size=\"1\" face=\"Tahoma\"><b>Date:     	</b>$whend</font><br>";
    	echo "<font size=\"1\" face=\"Tahoma\"><b>Time: 		</b>$whent</font><br>";
    	echo "<font size=\"1\" face=\"Tahoma\"><b>IP Addres: </b>$ip_add</font><br>";
    	echo "<font size=\"1\" face=\"Tahoma\"><b>O/S: 		</b>$operat</font><br>";
    	echo "<font size=\"1\" face=\"Tahoma\"><b>Browser: 		</b>$browse</font></p>";
    Any help is greatly appreciated..

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You do not put single quotes around a column name

    You want
    Code:
    ORDER BY username
    not
    Code:
    ORDER BY 'username'
    Once you get it working, make sure to add some validation code here. You don't want to inject arbitrary user input into your query.

    Edit:

    P.S. No space between the array name and index -- $_POST[D1] not $_POST [D1]

  3. #3
    SitePoint Enthusiast glsbrakes's Avatar
    Join Date
    Nov 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I have tried the below and all bring out the data, but not in the correct order.


    PHP Code:
    $sql="SELECT * FROM log_login ORDER BY $POST[D1]"

    $sql="SELECT * FROM log_login ORDER BY 'log.html, [D1]'";  

    $sql="SELECT * FROM log_login ORDER BY date"//date order only

    $sql="SELECT * FROM log_login ORDER BY username"
    The select does not function, what am I missing.
    and what do you mean about the validation code?
    If it false { else?

  4. #4
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You should separate your tasks.
    First of all you should make yourself know, what SQL query you want.
    Second, produce that query from variables you have. Ensure that this resulting query is exactly the same you wanted.
    Third, take some precautions against someone put ";DROP table log_login" into $POST[D1]

    Do it step by step. Don't take second step before first.
    What SQL query(-es) you want to run?

  5. #5
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Query "SELECT * FROM log_login ORDER BY username" does work?
    If not - what are symptoms? If usernames goes out in the incorrect order, there may be encoding problem.

  6. #6
    SitePoint Enthusiast glsbrakes's Avatar
    Join Date
    Nov 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes, The info is listed correctly, althought the Select by date, ip etc. Does not.

  7. #7
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    What's wrong with date and ip?
    You're speaking of static query, or of dynamically build using POST variables?

  8. #8
    SitePoint Enthusiast glsbrakes's Avatar
    Join Date
    Nov 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    The form
    PHP Code:
    <form method="POST" action="log.php" target="main" name="sort">
    <
    select size="1" id="id1" name="D1">
    <
    option value="username">Username</option>
    <
    option value="date">Date</option>
    <
    option value="ip_addr">IP Address</option>
    <
    option value="oper_sys">O/S</option>
    <
    option value="brow">Browser</option>
    </
    select>
    <
    input type="submit" value="Submit" name="B1">
    </
    form
    no matter what you select, it does not select the proper info in ascend or decend order, just username ascending.

  9. #9
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Well, now I see your problem.
    Yo fail to name variable properly.
    Both $_POST [D1] and $POST[D1] are wrong.
    Try to print out your variable and find right name for it.

  10. #10
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    $_POST['d1'] (or $_POST[D1] / {$_POST['D1']} when within a double quoted string)

  11. #11
    SitePoint Enthusiast glsbrakes's Avatar
    Join Date
    Nov 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Try to print out your variable and find right name for it.

    Do not know how to write this code.

    $sql="SELECT * FROM (log_login ORDER BY {$_POST[D1]}";


    I get - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

  12. #12
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    That ( in there with no matching right parentheses is wrong and a bit random to include.

  13. #13
    SitePoint Enthusiast glsbrakes's Avatar
    Join Date
    Nov 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I may have another question

    The index.php is a split file log.html and log.php
    Code:
    <?php
    
    session_start();
    
    include("../config.php");
    include("../functions.php");
    
    if (allow_access(Administrators) != "yes")
    {
    	header("Location:../index.php");
    }
    
    ?>
    
    <html>
    
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <title>Log Viewer</title>
    </head>
    
    <frameset cols="350,*">
    	<frame name="contents" target="main" src="log.html">
    	<frame name="main" src="log.php">	<noframes>
    	<body>
    
    	<p>This page uses frames, but your browser doesn't support them.</p>
    
    	</body>
    	</noframes>
    </frameset>
    
    </html>
    and the form and the fetch are on two different files, so....

    Code:
    $sql="SELECT * FROM log_login ORDER BY "(log.php, '$POST[D1]')";
    But that is not really right either.

  14. #14
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    I don't know what you're doing, but your database server doesn't know anything about your website files. Putting log.php into the query you're going to send to MySQL is definitely not right.

    As an aside, I have not seen a worthwhile use of frames since 1998

  15. #15
    SitePoint Enthusiast glsbrakes's Avatar
    Join Date
    Nov 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    No, I don't know what I am doing. So, I threw together a index.php with all of the code on one page.
    And the info site comes out in no sequence. I believe in the same order of the mysql database. Maybe I should index one of the columns? Date is, althought it does not list by date.

    Code:
    <?php
    
    session_start();
    
    include("../config.php");
    include("../functions.php");
    
    if (allow_access(Administrators) != "yes")
    {
    	header("Location:../index.php");
    }
    
    ?>
    
    <html>
    
    
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
    <title>Login Log</title>
    </head>
    
    <body bgcolor="#DADADA">
    
    <table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
      <tr>
        <td width="50%">
    
    <p align="center">&nbsp;<img border="0" src="http://glsbrakes.com/image003.jpg" width="258" height="90" alt="Great Lakes Supply - Login Logs"></p>
    	<p align="left">
    <b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; Login 
    Log - History</b></p>
    <form method="POST" action="log.php" target="main" name="sort">
    <p>
    <b><font face="Tahoma" size="2">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Sort By:</font></b>
    <select size="1" id="id1" name="D1" style="font-family: Tahoma; font-size: 8pt">
    <option value="username">Username</option>
    <option value="date">Date</option>
    <option value="ip_addr">IP Address</option>
    <option value="oper_sys">O/S</option>
    <option value="brow">Browser</option>
    </select>
    <input type="submit" value="Submit" name="B1" style="font-family: Tahoma; font-size: 8pt">
    </p>
    
    </form>
    
        <p align="left">&nbsp;</p>
        
        
        <p align="left">&nbsp;</p>
        
        
        <p align="left">&nbsp;</p>
        
        
        <p align="left"><br>
    	<i><b><font face="Tahoma" size="2">
    	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
    	&nbsp;&nbsp;&nbsp;
    	<a target="_top" href="../admin/adminpage.php">Back to 
    	Adminpage</a></font></b></i></p>
        
        
        <p>&nbsp;</td>
        <td width="50%"> <p align="left"><b><i><font face="Tahoma" size="2">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font></i></b></p>
    
        <?
    	//make connection to dbase
          $connection = @mysql_connect($server, $dbusername, $dbpassword)
    	     or die(mysql_error());
    				
         $db = @mysql_select_db($db_name,$connection)
    	     or die(mysql_error());
    
         $sql="SELECT * FROM log_login ORDER BY '$POST[D1]'"; 
    
         $result = @mysql_query($sql, $connection) or die(mysql_error());
    
         while ($sql = mysql_fetch_object($result)) 
        {
    	   $user      =   $sql -> username; 
    	   $whend   =   $sql -> date;
    	   $whent   =   $sql -> time;
    	   $ip_add   =   $sql -> ip_addr;
    	   $operat   =   $sql -> oper_sys;
    	   $browse  =   $sql -> brow;
    	
    	   echo "<p><font size=\"1\" face=\"Tahoma\"><b>Username: 	</b>$user</font><br>";
    	   echo "<font size=\"1\" face=\"Tahoma\"><b>Date:     	</b>$whend</font><br>";
    	   echo "<font size=\"1\" face=\"Tahoma\"><b>Time: 		</b>$whent</font><br>";
    	   echo "<font size=\"1\" face=\"Tahoma\"><b>IP Addres: </b>$ip_add</font><br>";
    	   echo "<font size=\"1\" face=\"Tahoma\"><b>O/S: 		</b>$operat</font><br>";
    	   echo "<font size=\"1\" face=\"Tahoma\"><b>Browser: 		</b>$browse</font>";
        }
    
        ?>
    
          </p>
         </td>
        </tr>
    </table>
        
        
       
     
    	</body>
    </html>

  16. #16
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Why do you still use $POST[D1] variable, which just doesn't exists?

  17. #17
    SitePoint Enthusiast glsbrakes's Avatar
    Join Date
    Nov 2007
    Posts
    77
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I just went with a ORDER BY date"; and dropped the form select all together.

    I do not know code well enough to build a page the worked the way I wanted.

    I may give it another try later, though. Need to learn all of the meaning of the ???? coding variables. First... php.net and w3schools.com/php is a start.

    Thanks, Dave

  18. #18
    Non-Member
    Join Date
    Oct 2009
    Posts
    1,852
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    oh. make it at least
    PHP Code:
    if ($_POST['D1'] === 'username'$orderby 'username';
    if (
    $_POST['D1'] === 'date'$orderby 'date';
    // and so on
    $sql="SELECT * FROM log_login ORDER BY $orderby"
    got the idea?


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •