skip to Main Content

I am making a page which fetch all my database value. I want the page to get the value of Driver_id and Vehicle_id automatically from the database, users need to know what’s the id and key in themselves. But I am stuck at here.

Tools im using is phpMyAdmin.

For which below is my code of the table:

<!doctype html>
<html>
<style>
<table>
    <th>Vehicle ID</th>
    <th>Vehicle Model</th>
    <th>Vehicle Color</th>
    <th>Plate Number</th>
    <th>Seats</th>
    <th>Driver ID</th>
    <th> </th>
<?php 
    $link=mysqli_connect("localhost","root","","jomsewa");

    mysqli_select_db($link,"jomsewa") or die(mysqli_error($link));

    $select = "SELECT * FROM vehicle";

    $row = mysqli_query($link,$select);

    while ($array = mysqli_fetch_array($row)){
        echo "<tr><td>".$array['Vehicle_id']."</td>
                    <td>".$array['Vehicle_model']."</td>
                    <td>".$array['Vehicle_color']."</td>
                    <td>".$array['Vehicle_model']."</td>
                    <td>".$array['Vehicle_seats']."</td>
                    <td>".$array['Driver_id']."</td>
                    <td><a href='Dmaintenance.php?Driverid=".$array['Driver_id']."'>Select</a></td>"."</tr>";
    }

    mysqli_close($link);
?>
</table>
</body>
</html>

The link is linked to Dmaintenance.php:

<?php
$link=mysqli_connect("localhost","root","","jomsewa"); 
if (!$link) 
{ 
echo "Failed to connect to database: " . mysqli_connect_error(); 
}
mysqli_select_db($link,"jomsewa") or die(mysqli_error($link));
?>
<h3>Please update your maintenance details in the form below.</h3>
<form action="maintenance.php" method="post">
<fieldset>
    <legend>Vehicle Maintenance Information:</legend>
    <table cellpadding="10">
    <tr>
        <td>
                <?php 
        if(isset($GET['Driver_id']))
                 {
           $txt = $GET['Driver_id'];
           while($row = mysqli_fetch_array($result))
                 {
            echo "<td>".$row['Vehicle_id']."</td>";
            echo "<td>".$row['Driver_id']."</td>";
             }

            }?></td>
       </tr>

What i want is when click on one particular row link on the next page it must display my selected row contents automatically.

2

Answers


  1. Use $_GET['Driverid] instead of $_GET['Driver_id]

    There is no SQL query on Dmaintenance.php to fetch row based on Driverid. There should be

    $query = "SELECT * FROM vehicle WHERE Vehicle_id=".$_GET['Driverid'];
    $row = mysqli_query($link,$query);
    
    while ($array = mysqli_fetch_array($row)){
      print_r($array);
    }
    

    For example

    <a href="Dmaintenance.php?Driverid=123">Click Here</a>
    

    and only use following in Dmaintenance.php, you will see the parameter value

    if(isset($_GET['Driverid'])){
     echo $_GET['Driverid'];
    }
    
    Login or Signup to reply.
  2. Whenever dealing with user supplied data, as you are in Dmaintenance.php, you need to take extra precautions to ensure that your scripts are not rendered vulnerable to SQL injection or other nasty surprises. In this instance because you are using user supplied data directly in your SQL ( or would be if you adopt the style of query given by @Rakesh where you directly embed the GET data into the query ) the SQL is vulnerable to SQL Injection and could spell disaster.

    The following shows how you might use prepared statements to help avoid sql injection. There are liberal comments throughout, hope it helps.

    <?php
        /*********************
            Dmaintenance.php
        *********************/
        try{
            /*
    
                encapsulate everything within a `TRY/CATCH` block
                so that you can throw your own Exceptions if needed.
    
                The db methods here are using OO methods because 
                they are less verbose and, imo, easier to read/remember.
            */
            $link=new mysqli( 'localhost', 'root', '', 'jomsewa' );
    
            if( $link ){
    
                /* The `driver_id` is vital for the query to be run */
                $id=!empty( $_GET['Driverid'] ) ? $_GET['Driverid'] : false;
    
                if( $id ){
                    /* 
                        create a general SELECT statement to 
                        return specific fields. The reason for
                        doing this is because we bind the query
                        results directly to PHP variables using
                        `bind_result` later
                    */
                    $sql='select `Vehicle_id`, `Vehicle_model`, `Vehicle_color`, `Vehicle_seats`
                            from `vehicle` 
                          where `driver_id`=?';
    
                    /* create the prepared statement */
                    $stmt=$link->prepare( $sql );
    
    
                    if( $stmt ){
                        $stmt->bind_param( 's', $id );
                        $res=$stmt->execute();
    
                        if( $res ){
                            /*
                                Query succeeded - process recordset
                            */
    
                            $stmt->store_result();
                            $stmt->bind_result( $vid, $model, $colour, $seats );
    
                            /* open form & table */
                            echo "
                            <h3>Please update your maintenance details in the form below.</h3>
                            <form action='maintenance.php' method='post'>
                                <fieldset>
                                    <legend>Vehicle Maintenance Information:</legend>
                                    <table cellpadding='10'>"; # padding should be done in CSS and there should be a unit here, probably px
    
                            /* add dynamic data from db query */
                            while( $stmt->fetch() ){
                                echo "
                                <tr>
                                    <td>$vid</td>
                                    <td>$model</td>
                                    <td>$colour</td>
                                    <td>$seats</td>
                                </tr>";
                            }
    
    
                            /* close the table */   
                            echo "  
                                    </table>
                                </fieldset>
                            </form>";
    
    
    
                            $stmt->free_result();
                            $stmt->close();
    
                        } else {
                            throw new Exception('Query failed');
                        }
                    } else {
                        throw new Exception('Failed to prepare SQL');
                    }
                } else {
                    throw new Exception('No driver id');
                }
            } else {
                throw new Exception('No database connection made');
            }
        }catch( Exception $e ){
            exit( $e->getMessage() );
        }
    ?>
    

    The use of try/catch above allows you to specify your own messages if/when you encounter problems with the flow through the programme. If you use things like mysqli_error($link) to depict an error in production code you unintentionally reveal potentially sensitive information about your server / app than you should.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search