0

I need to filter date(curdate) and id of doctor to see dates for each doctor(every doctor need only see his/her only dates for each day..

I have this code that works if I don't put this ,id_doctor = GET['id_doctor'] in where clause

    <table class="table table-striped table-bordered bootstrap-datatable datatable">
    <thead>
    <tr>
    <th>Fecha</th>
    <th>Hora</th>
    <th>Nombre de Paciente</th>
    <th>Acciones</th>
    </tr>
    </thead>
    <tbody>
    <? $sql = "SELECT * FROM CITAS WHERE f_cita = CURDATE(),id_doctor = GET['id_doctor'] ORDER BY f_cita, h_cita ASC";
    $result = $conn->query($sql);
    while($row = $result->fetch(PDO::FETCH_ASSOC)) {
    ?>
    <tr>
    <td><

? echo $row['f_cita'] ?></td>
<td><? echo $row['h_cita'] ?></td>
<td><? echo $row['nombrep'] ?></td>
<td><a class="btn btn-success" href=paciente_personal_profile.php?id_paciente=<? echo $row['id_paciente']; ?>>
<i class="icon-user icon-white"></i> Ver Perfil</a>
</td>
</tr><? } ?>
</tbody>
</table>

I have this FK (id_paciente and id_doctor) in table CITAS but I need when "x" id_doctor login into the system he/she only can see his/her dates...

can you help me with this, please?

best regards!

asterix_jv
  • 824
  • 1
  • 14
  • 35

1 Answers1

1

This is because it is supposed to $_GET[] and not GET[] so

GET['id_doctor']

should be

$_GET['id_doctor']

and also you need to correlate your where clause with AND

WHERE f_cita = CURDATE() AND id_doctor = ".$_GET['id_doctor']." ORDER BY f_cita, h_cita ASC";
                       --^you placed a comma here instead of AND

I would also advise you that your code is vulnerable to mysql injections, you should read this: How can I prevent SQL injection in PHP?

You should use prepared statment to avoid any risk, learn more here

this is a nice example token from stackoverflow

$id  = 1;
$stm = $pdo->prepare("SELECT name FROM table WHERE id=?");
$stm->execute(array($id));
$name = $stm->fetchColumn();
Community
  • 1
  • 1
Fabio
  • 23,183
  • 12
  • 55
  • 64
  • hi @Fabio, with the $_GET[] I have this error `Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING` and you are right with the prepare...I will insert it right now the prepare best regards – asterix_jv Jun 04 '13 at 15:30
  • @asterix_jv use `$_GET['id_doctor']` not $_GET[]` – Fabio Jun 04 '13 at 15:31
  • yes I know, I put the all sentence `$_GET['id_doctor']` and give me that error – asterix_jv Jun 04 '13 at 15:36
  • Can you please post here how your query looks like now? – Fabio Jun 04 '13 at 15:37
  • sure, here is : `$sql = $conn->prepare("SELECT * FROM CITAS WHERE f_cita = CURDATE(),id_doctor = $_GET['id_doctor'] ORDER BY f_cita, h_cita ASC"); $result = $conn->query($sql); while($row = $result->fetch(PDO::FETCH_ASSOC)) { ?>` – asterix_jv Jun 04 '13 at 15:38
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/31197/discussion-between-fabio-and-asterix-jv) – Fabio Jun 04 '13 at 15:46