This is the starting page where the user can see a table filled with values from the database
$con=mysqli_connect("$host", "$username", "$password")or die("cannot connect");
mysqli_select_db($con, "$db_name")or die("cannot select DB");
$sql="SELECT * FROM $tbl_name ORDER BY id DESC";
$result=mysqli_query($con, $sql);
?>
<table id="diabloforum" width="90%" border="0" align="center" cellpadding="3" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td width="6%" align="center" bgcolor="#E6E6E6"><strong>#</strong></td>
<td width="53%" align="center" bgcolor="#E6E6E6"><strong>Topic</strong></td>
<td width="15%" align="center" bgcolor="#E6E6E6"><strong>Views</strong></td>
<td width="13%" align="center" bgcolor="#E6E6E6"><strong>Replies</strong></td>
<td width="13%" align="center" bgcolor="#E6E6E6"><strong>Date/Time</strong></td>
</tr>
<?php
while($rows=mysqli_fetch_array($result)){
?>
<tr id="diabloforumrows">
<td class="tablerows"><?php echo $rows['id']; ?></td>
<td class="tablerows"><a id="topics" href="view_topic.php?id=<? echo $rows['id']; ?>"><?php echo $rows['topic']; ?></a><BR></td>
<td class="tablerows" align="center"><div id="view"><?php echo $rows['view']; ?></div></td>
<td class="tablerows" align="center"><?php echo $rows['reply']; ?></td>
<td class="tablerows" align="center"><?php echo $rows['datetime']; ?></td>
</tr>
<?php
// Exit looping and close connection
}
mysqli_close($con);
?>
<tr>
<td colspan="5" align="right" bgcolor="#E6E6E6"><a href="create_topic.php"><strong id="createnewlink">Create New Topic</strong> </a></td>
</tr>
</table>
if the user clicks 'topic' then this shall happen, but it does not..
$con=mysqli_connect("$host", "$username", "$password")or die("cannot connect");
mysqli_select_db($con, "$db_name")or die("cannot select DB");
// get value of id that sent from address bar
$id=filter_input(INPUT_GET, 'id', FILTER_VALIDATE_INT);
if ($id === false) {
//filter failed
die('id not a number');
}
if ($id === null) {
//variable was not set
die('id not set');
}
//white list table
$safe_tbl_name = '';
switch($tbl_name){
case 'Table1':
$safe_tbl_name = 'MyTable1';
break;
case 'Table2':
$safe_tbl_name = 'MyTable2';
break;
default:
$safe_tbl_name = 'MyDataTable';
};
$sql="SELECT * FROM `$safe_tbl_name` WHERE id=?";
$stmt = $con->prepare($sql);
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->bind_result($result);
if (!$check1_res) {
printf("Error: %s\n", mysqli_error($con));
exit();
}
$rows = $stmt->fetch_all(MYSQLI_ASSOC);
?>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bordercolor="1" bgcolor="#FFFFFF">
<tr>
<td bgcolor="#F8F7F1"><strong><?php echo $rows['topic']; ?></strong></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><?php echo $rows['detail']; ?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>By :</strong> <?php echo $rows['name']; ?> <strong>Email : </strong><?php echo $rows['email'];?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>Date/time : </strong><?php echo $rows['datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<?php
$tbl_name2="forum_answer"; // Switch to table "forum_answer"
$sql2="SELECT * FROM $tbl_name2 WHERE question_id='$id'";
$result2=mysqli_query($con, $sql2)or die(mysqli_error($con));
while($rows=mysqli_fetch_array($result2)){
?>
<!DOCTYPE HTML SYSTEM>
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td><table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td bgcolor="#F8F7F1"><strong>ID</strong></td>
<td bgcolor="#F8F7F1">:</td>
<td bgcolor="#F8F7F1"><?php echo $rows['a_id']; ?></td>
</tr>
<tr>
<td width="18%" bgcolor="#F8F7F1"><strong>Name</strong></td>
<td width="5%" bgcolor="#F8F7F1">:</td>
<td width="77%" bgcolor="#F8F7F1"><?php echo $rows['a_name']; ?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>Email</strong></td>
<td bgcolor="#F8F7F1">:</td>
<td bgcolor="#F8F7F1"><?php echo $rows['a_email']; ?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>Answer</strong></td>
<td bgcolor="#F8F7F1">:</td>
<td bgcolor="#F8F7F1"><?php echo $rows['a_answer']; ?></td>
</tr>
<tr>
<td bgcolor="#F8F7F1"><strong>Date/Time</strong></td>
<td bgcolor="#F8F7F1">:</td>
<td bgcolor="#F8F7F1"><?php echo $rows['a_datetime']; ?></td>
</tr>
</table></td>
</tr>
</table>
<?php
}
$sql3="SELECT view FROM $tbl_name WHERE id='$id'";
$result3=mysqli_query($con, $sql3);
$rows=mysqli_fetch_array($result3);
$view=$rows['view'];
// if have no counter value set counter = 1
if(empty($view)){
$view=1;
$sql4="INSERT INTO $tbl_name(view) VALUES('$view') WHERE id='$id'";
$result4=mysqli_query($con, $sql4);
}
// count more value
$addview=$view+1;
$sql5="update $tbl_name set view='$addview' WHERE id='$id'";
$result5=mysqli_query($con, $sql5);
mysqli_close($con);
?>
<!DOCTYPE HTML SYSTEM>
<form name="form1" method="post" action="add_answer.php">
<table width="400" border="0" align="center" cellpadding="0" cellspacing="1" bgcolor="#CCCCCC">
<tr>
<td>
<table width="100%" border="0" cellpadding="3" cellspacing="1" bgcolor="#FFFFFF">
<tr>
<td width="18%"><strong>Name</strong></td>
<td width="3%">:</td>
<td width="79%"><input name="a_name" type="text" id="a_name" size="45"></td>
</tr>
<tr>
<td><strong>Email</strong></td>
<td>:</td>
<td><input name="a_email" type="text" id="a_email" size="45"></td>
</tr>
<tr>
<td valign="top"><strong>Answer</strong></td>
<td valign="top">:</td>
<td><textarea name="a_answer" cols="45" rows="3" id="a_answer"></textarea></td>
</tr>
<tr>
<td> </td>
<td><input name="id" type="hidden" value="<?php echo $id; ?>"></td>
<td><input type="submit" name="Submit" value="Submit"> <input type="reset" name="Submit2" value="Reset"></td>
</tr>
</table>
</td>
</tr>
</table>
</form>
And I get the error 'id not a number'
Thank you in advance!
Aucun commentaire:
Enregistrer un commentaire