0

I got the result. But in that I've created a 2 different profiles for each person. but I'm getting a same profile details for both the person. eg: sam & john are having different profile details. But when I open sam's profile detail it's showing john's profile detail. Actually its showing a single details in every different profile. Help me.

"HERE IS MY QUERY"

if(isset($_GET["employeecode"])){
$employeecode=$_GET["employeecode"];

require_once("dbconfig.php");

        $query = ("select t1.employeecode,t1.panno,t1.employeename,t1.esino,t1.designation,t1.paiddays,t1.department,t1.lopdays,t1.bank,t1.bankname,t1.pfno,t1.location,
                t2.v, t2.w,t2.x,t2.a,t2.b,t2.c,t2.d,t2.e,t2.f,t2.g,t2.h,t2.i,t2.j,t2.k,t2.l,t2.m,t2.n,t2.o,t2.p,t2.q,t2.r,t2.s,t2.t,t2.u,
                t3.total, t3.totals,t3.totalss,t3.netsalary,t3.amount,t3.mode
                FROM invoice t1,salaries t2,total1 t3
                WHERE t1.employeecode = t2.employeecode AND t2.employeecode = t3.employeecode");                

$result = mysql_query($query,$con) or die(mysql_error());
if(mysql_num_rows($result)>0){
    $row = mysql_fetch_array($result);
tutankhamun
  • 880
  • 2
  • 11
  • 21
Rahul Kumar
  • 1
  • 3
  • You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). In you implement any of the answers given at the time of writing, then you will also be **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Feb 20 '13 at 12:23

2 Answers2

0

use this query, use forgot to include $employeecode in your query. And because of that it is showing result of all employee.

$query = ("select t1.employeecode,t1.panno,t1.employeename,t1.esino,t1.designation,t1.paiddays,t1.department,t1.lopdays,t1.bank,t1.bankname,t1.pfno,t1.location,
 t2.v, t2.w,t2.x,t2.a,t2.b,t2.c,t2.d,t2.e,t2.f,t2.g,t2.h,t2.i,t2.j,t2.k,t2.l,t2.m,t2.n,t2.o,t2.p,t2.q,t2.r,t2.s,t2.t,t2.u,
 t3.total, t3.totals,t3.totalss,t3.netsalary,t3.amount,t3.mode
 FROM invoice t1,salaries t2,total1 t3
 WHERE t1.employeecode = t2.employeecode AND t2.employeecode = t3.employeecode AND t1.employeecode = '$employeecode'");
Yogesh Suthar
  • 30,424
  • 18
  • 72
  • 100
  • 1
    Thank's for an help. now i got it. – Rahul Kumar Feb 20 '13 at 12:08
  • **Danger**: This is now vulnerable to SQL Injection attacks. – Quentin Feb 20 '13 at 12:22
  • Hey u know to how to create a excel sheet. from php & mysql.. And i need all the data from mysql to in excel sheet from query wit very proper manner. And in excel sheet need options like "insert,delete,update" an all stuff.. If u can help me means it ll b very thankful to u.. – Rahul Kumar Feb 20 '13 at 12:32
0

You don't appear to be specifying a specific employee to be searching for, only "t1.employeecode = t2.employeecode".

Try this instead:

if(isset($_GET["employeecode"])){
    $employeecode=$_GET["employeecode"];

require_once("dbconfig.php");

$query = ("select t1.employeecode,t1.panno,t1.employeename,t1.esino,t1.designation,t1.paiddays,t1.department,t1.lopdays,t1.bank,t1.bankname,t1.pfno,t1.location, t2.v, t2.w,t2.x,t2.a,t2.b,t2.c,t2.d,t2.e,t2.f,t2.g,t2.h,t2.i,t2.j,t2.k,t2.l,t2.m,t2.n,t2.o,t2.p,t2.q,t2.r,t2.s,t2.t,t2.u, t3.total, t3.totals,t3.totalss,t3.netsalary,t3.amount,t3.mode FROM invoice t1,salaries t2,total1 t3 WHERE t1.employeecode = " . $employeecode . " AND t2. employeecode = " . $employeecode . " AND t3..employeecode = " . $employeecode . "");             

$result = mysql_query($query,$con) or die(mysql_error());
if(mysql_num_rows($result)>0)
{
    $row = mysql_fetch_array($result);

As you can see towards the end of the WHERE query, I am embedding the $employeecode value into the string so that the query will search for a specific user.

James Monger
  • 10,181
  • 7
  • 62
  • 98