Looping with database?


#22

Though it may be a preference to use either PDO or mysqli_*, the real problem is understanding the database API you are using. People can still write incorrect code using PDO. What I strongly suggest is to stop mix matching procedural with OOP. Use OOP instead procedural and use prepared statements instead of regular queries. Also, I strongly suggest learning what each single letter data type means before you start using them. It’ll make your life a lot easier if you understand what you are doing and not just doing random guess work. PHP is not some kind of “black magic” programming language like everyone thinks it is. Programming in general is based on one’s thinking logic.


EDIT: To solve your problem, you haven’t created the mysqli variable. What I love about PHP's error messages is that it’s written in plain simple English.

It even gives you the line where it’s complaining about.


#23

Hi@ guys thank you for sharing your knowledge you may closed this issue my code is working .

$var = "INSERT INTO eliminated_tb (Name, score) SELECT name, score FROM new_record WHERE id=$id";
$result = mysqli_query($con,$var);

$query = "DELETE FROM new_record WHERE id=$id";
$result2 = mysqli_query($con,$query) or die (mysqli_error());

#24

I prefer using the $DEBUG variable because I immediately realise that the following script is only required for debugging purposes whereas having a boolean within the if(…) statement makes me guess at the desired result. Each to their own I suppose :slight_smile:


May I ask you to try the following with and without the declare statement?

<?php 
  declare(strict_types=1); // TO BE REMMED

  error_reporting(-1);

// everything Hunky Dory :)
   ini_set('display_errors', '1'); 
   ini_set('display_errors', 'true'); 

// this is acceptable without declare statement
   ini_set('display_errors', 1);

// or this is also acceptable without declare statement
   ini_set('display_errors', 1.42);

// or this is also acceptable without declare statement
   ini_set('display_errors', true);

  echo '<br><br>', __file__;
  die;

The following error message is generated:

Fatal error : Uncaught TypeError: ini_set() expects parameter 2 to be string, integer given in


Best way to validate & show errors simultaneously
#25

I ran it. What would you like to say about it?

  • I noticed you used REMMED. Brings back DOS memories.

#26

To me it looks as though calling declare(…); picks up Fatal Errors when called.

When declare(…); is not called PHP “Type Juggling” is required which will incur additional processing and thus make the script take that little bit longer to execute.

Yes I have a wardrobe full of T-Shirts, from LDOS, Mult-Dos, Ultra-Dos, etc :slight_smile:


#27

Yeah. To me, Php should give ini_set errors without strict_types set but the Type Juggling changes things.


#28

I can now understand the reason for making the declare(…); statement only file wide otherwise the ini_set(…) and error_reporting(…) would create chaos to included/required legacy libraries :slight_smile:


#29

Compromises to support old and new at the same time. Perhaps Php version 8 will take a stronger position and stop supporting the old stuff, just like what they did by removing mysql_* in Php7.


#30

@denmarkdelpuso108. Can you show us the entire code in delete.php

Of cource your happy that your code is working but it was the the intention from the others and me to make make your code more secure and to include the error handling. I think now that you have it working to try and improve it with the tips given by the others and me.

As @benanamen allready noticed it seems that you are just copy/pasting the code, which is not such a big problem in itself. But it’s a good idea to try and understand why certain things are working or not working.


#31

hi @donboe this is my code. im beginner in php but ill try to study PDO already.

index.php

<table width="100%" border="1" style="border-collapse:collapse;">
				<thead>
					<tr>
						<th><strong>CANDIDATE NO</strong></th>
						<th><strong>CONTESTANT NAME</strong></th>
						<th><strong>SCORE</strong></th>
						<th><strong>RESET SCORE</strong></th>
						<th><strong>ELIMINATE</strong></th>
					</tr>
				</thead>
				<tbody>
					<?php
					$count=1;
					$sel_query="Select * from new_record ORDER BY id desc;";
					$result = mysqli_query($con,$sel_query);
					while($row = mysqli_fetch_assoc($result)) { ?>
					<tr><td align="center"><?php echo $row["cand_no"]; ?></td>
						<td align="center"><?php echo $row["name"]; ?></td>
						<td align="center"><?php echo $row["score"]; ?></td>
						<td align="center">
						<a href="edit.php?id=<?php echo $row["id"];?>">RESET</a>
						<td align="center">
						<a href="delete.php?id=<?php echo $row["id"];?>">Delete</a>
						</td>
					</tr>
					<?php $count++; } ?>
				</tbody>
			</table>

delete.php

<?php
require('db.php');

$id=$_REQUEST['id'];

$var = "INSERT INTO eliminated_tb (Name, score) SELECT name, score FROM new_record WHERE id=$id";
$result = mysqli_query($con,$var);

$query = "DELETE FROM new_record WHERE id=$id";
$result2 = mysqli_query($con,$query) or die (mysqli_error());
header("Location: index.php");
?>


#32

Your delete.php code needs some serious security improvements. You simply do not use user-supplied data without checking it first. That’s one of the things that prepared statements will help you with.


#33

@denmarkdelpuso108. Besides of what @droopsnoot just mentioned about security there other things that can use improvement . First of all. What is the $count variable actually doing? You’re looping over the query results with the while loop so there is no need for the $count++. Next to that no mather if you use PDO or MYSQL you should keep the logic separated from the presentation. So instead of having your code within your tbody you could create a function and call that function in the page something like:

Funtion: //top of your page

function new_records() {
	$sql	=	"SELECT *
	               FROM `new_record`
			   ORDER BY `id` DESC"
			   
	$results = mysqli_query($con,$sel_query);
	
	$html = '';
	while($row = mysqli_fetch_assoc($results)) {
		$html .= '<tr>';
		$html .=     '<td align="center">'.$row["cand_no"].'</td>';
		$html .=     '<td align="center">'.$row["name"].'</td>';
		$html .=     '<td align="center">'.$row["score"].'</td>';
		$html .=     '<td align="center"> <a href="edit.php?id='.$row["id"].'">RESET</a></td>';
		$html .=     '<td align="center"> <a href="delete.php?id='.$row["id"].'">RESET</a></td>';
		$html .= '</tr>'		
	}
	return $html;
}

Call the function:

<tbody>
<?php echo new_records(); ?>
</tbody>

#34

I don’t want to undermine what you are trying to do, but I don’t see functions the way you do. Functions for me aren’t things to make my life easier by creating a single function call. I see them as a set of data collections as you will. What I am saying is that a function for me is supposed to return a set of data. By adding HTML it is no longer flexible to reuse. What happens when you want to use the same function within a div? You now have a div with tr and td elements which is incorrect HTML.

I see them as nothing more then a model call. Model calls should never contain HTML because HTML are considered your views. That’s just my take on functions.


#35

@spaceshiptrooper. I don’t see it as undermining at all.

I see them that way as well. but I’m handling out of this particular situation. The next stap would have been to combine multiple functions in one file. OP apperently have no experience at all. So what I try to do is guiding him step step by step in the right direction


#36

hi @donboe thanks for the example.