Can't get this query to work.

anaitis4

I'm try to write a program where a user enters info into a form and upon hitting 'submit' queries the database and then displays the information.

Here's my code for the page the form is on:

//At the very top of the page:
<?php
session_start(); 
?>
//<body>:
  <p>Please enter your student ID# below and hit Submit. </p>
      <form id="form1" name="form1" method="post" action="checkstudentattendanceck.php">
        <table width="200" border="1">
          <tr>
            <td><strong>Student ID#:</strong></td>
            <td><label>
              <input type="text" name="user_id" id="user_id" />
            </label></td>
          </tr>
          <tr>
            <td colspan="2"><div align="center">
              <label>
              <input type="submit" name="Submit" id="Submit" value="Submit" />
              </label>
            </div></td>
          </tr>
        </table>
        <p>&nbsp;</p>
      </form>
      <a href="logout.php">      Logout      </a>

And here's the code for the page that checks the form upon submission:

//At the very top of the page:
<?php
session_start();
include "include/z_db.php"; 
?>

//<body>:
<table>
<tr><th>User ID#</th><th> First Name</th><th>Last Name</th><th> Number Attended</th><th> Number Still Needed</th></tr>
<?php
  mysqli_select_db($db, 'osumusic_new');
  $result = mysqli_query($db, 'SELECT * FROM recitalattenddance WHERE user_id = '$user_id');
  while ($row = mysqli_fetch_object($result)) {
    printf(
'<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td<td>%s</td></tr>',
     htmlspecialchars($row->user_id), 
     htmlspecialchars($row->firstname),
     htmlspecialchars($row->lastname),
     htmlspecialchars($row->number_attended),
     htmlspecialchars($row->number_needed)
    );
  }
  mysqli_close($db);
 } else {
   echo '<tr><td colspan = "4">Connection Failed. 
    </td></tr>';
 }
?>
</table>

When I test this out I get this error message:

Parse error: syntax error, unexpected T_VARIABLE in C:\xampp\htdocs\osumusic\checkstudentattendanceck.php on line 166

Here's what's on line 166:

$result = mysqli_query($db, 'SELECT * FROM recitalattenddance WHERE user_id = '$user_id');

I've tried re-writing this several times and I'm obviously still missing something. Any suggestions?

bpat1434

Yes... you need to concatenate your query like so:

$result = mysqli_query($db, 'SELECT * FROM recitalattenddance WHERE user_id = ' . $user_id);

bradgrafelman

Also note that $user_id is never defined in your script (at least, what you posted), nor is it sanitized to prevent SQL injections.

anaitis4

I replaced that line with what you suggested, but when testing it still did not work and spit out this error:

Parse error: syntax error, unexpected '}' in C:\xampp\htdocs\osumusic\checkstudentattendanceck.php on line 183

Line 183 says:

} else {

Here's my complete, changed code. I defined user_id and tried to clean the data (although I'm not sure if I did it right).

<table>
<tr><th>User ID#</th><th> First Name</th><th>Last Name</th><th> Number Attended</th><th> Number Still Needed</th></tr>
<?php

$user_id="user_id";
$good_data[$field] = strip_tags(trim($_POST[$field]));

  $good_data['user_id'] = strip_tags(trim($_POST['user_id']));
  mysqli_select_db($db, 'osumusic_new');
  $result = mysqli_query($db, 'SELECT * FROM recitalattenddance WHERE user_id = ' . $user_id); 
  while ($row = mysqli_fetch_object($result)) {
    printf(
'<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td<td>%s</td></tr>',
     htmlspecialchars($row->user_id), 
     htmlspecialchars($row->firstname),
     htmlspecialchars($row->lastname),
     htmlspecialchars($row->number_attended),
     htmlspecialchars($row->number_needed)
    );
  }
  mysqli_close($db);
 } else {
   echo '<tr><td colspan = "4">Connection Failed. 
    </td></tr>';
 }
?>
</table>

Thoughts?

bradgrafelman

What is the '} else {' supposed to be paired with? You have no opening '{' to match that closing brace.

EDIT:

anaitis4 wrote:
and tried to clean the data (although I'm not sure if I did it right).

To "sanitize" data for a SQL query, you simply need to use a SQL-related cleaning function (or switch to prepared statements). For the mysqli library, there's [man]mysqli_real_escape_string/man. Then again, since you're expecting an integer, you could simply cast the input to an int.

anaitis4

I'm actually not sure what '}else{' is supposed to be paired with. I adapted this code from a book I had bought and it was in there. Should I just erase that line?

I attempted to clean my code with this....
I defined it here:
$good_data[$field] = strip_tags(trim($_POST[$field]));

And then called it here:
$good_data['user_id'] = strip_tags(trim($_POST['user_id']));

Is that correct?

seisei

can you use else function without if function? i guess thats the prob here.

HalfaBee

The query doesn't work because it is missing a '

$result = mysqli_query($db, 'SELECT * FROM recitalattenddance WHERE user_id = ' . $user_id . "'");

bpat1434

Halfabee, read the thread before you reply. We've already solved that issue. Now he's got another parse error.

HalfaBee

bpat1434 wrote:
Yes... you need to concatenate your query like so:
$result = mysqli_query($db, 'SELECT * FROM recitalattenddance WHERE user_id = ' . $user_id);

Sorry, but the code posted at 11:03 (post 4) was incorrect and the query (copied from your post) will not work, even when the other error is found.

bpat1434

@: Please, enlighten me as to why a query like that won't work? Given that $user_id is an integer, why won't it work? It will (as I started out writing SQL this way) work, it's just not secure. And while I'm at it, let me just say this:

$result = mysqli_query($db, 'SELECT * FROM recitalattenddance WHERE user_id = ' . $user_id . "'");

will result in this query:

SELECT * FROM recitalattenddance WHERE user_id = 1234[color=red][b]'[/b][/color]

Notice the red ' ? You've just created an invalid query. Like I said, read the topic an the replies before you post please.

Back on topic....

I'm actually not sure what '}else{' is supposed to be paired with.

The "}else{" should be paired with an "if(){" statement earlier in the code somewhere. Perhaps it's a check to see if there are actual rows returned in the result set or not (i.e. is there a user attending the recital by that user ID). If there is, then show the data, otherwise, show a generalized "Sorry, but they're not attending" message.

For example:

$result = mysqli_query($db, "SELECT * FROM `recitalattenddance` WHERE `user_id`=" . intval($user_id));

if($result && mysql_num_rows($result) > 0)
{
    // We have data, let's loop through it here....
}
elseif(!$result)
{
    // Something went wrong with the query
    echo 'Sorry, but something with the query went wrong.';
}
else
{
    // No data found
    echo 'That user doesn't seem to be attending the recital :(  Perhaps you could convince them to come :)';
}

HalfaBee

Heh, I am an idiot.

Too much soldering does it to you.

retro

Are you still using 60/40? Lead isn't good for ya, man!!

...unfortunately, its waayyyy better than the new lead free stuff. Damn European regulations!

anaitis4

Ok, I changed some stuff around so the code reads as follows:

//Place after <!DOCTYPE tag but before <html> tag
<?php
session_start();
include "include/z_db.php"; 
?>



//IN <body>...........

<table>
<tr><th>User ID#</th><th> First Name</th><th>Last Name</th><th> Number Attended</th><th> Number Still Needed</th></tr>
<?php

$user_id="user_id";
$good_data[$field] = strip_tags(trim($_POST[$field]));

if($good_data['user_id'] = strip_tags(trim($_POST['user_id'])));{
  mysqli_select_db($db, 'osumusic_new');
  $result = mysqli_query($db, "SELECT * FROM `recitalattenddance` WHERE `user_id`=" . intval($user_id));

if($result && mysql_num_rows($result) > 0)
{
  printf(
'<tr><td>%s</td><td>%s</td><td>%s</td><td>%s</td<td>%s</td></tr>',
     htmlspecialchars($row->user_id), 
     htmlspecialchars($row->firstname),
     htmlspecialchars($row->lastname),
     htmlspecialchars($row->number_attended),
     htmlspecialchars($row->number_needed)
    );
}  // We have data, let's loop through it here....

elseif(!$result)
{
    // Something went wrong with the query
    echo 'Sorry, but something with the query went wrong.';
}
else
{
    // No data found
    echo 'That Student ID # has no information associated with it.';
} 

  mysqli_close($db);
else {
   echo '<tr><td colspan = "4">Connection Failed. 
    </td></tr>';
}
?>
</table>

And this is now the error I get:
Parse error: syntax error, unexpected $end in C:\xampp\htdocs\osumusic\checkstudentattendanceck.php on line 223

Line 223 is </html> so it's the very end of the page. Now I'm really confused....

leatherback

You need to start using an editor with syntax highlighting and bracket pairing.

You start an if() here:
if($good_data['user_id'] = strip_tags(trim($_POST['user_id'])));{

and I think you never close it.

bradgrafelman

Not only what leatherback said is true, but you also need to get rid of that semicolon before the opening brace.