-2

hello can somebody take a look with my code? i think i did not forget everything to close tag i really dont know why it only display the first value everytime i click show all buton. i think the 3rd and 4rth to the last echo has something wrong. because the problem is on that part. i have morethan 1 data suppose to display but it only show the first value i inserted. here is my code so far.

$a=$_POST['dayfrom'];
$b=$_POST['dayto'];

    $result1 = mysql_query ("SELECT s.*, r.name, r.pcode
    FROM salessumarry s
    JOIN rsales r ON s.reciept = r.reciept
    WHERE s.register_mode = 'sales'
    AND s.date BETWEEN '$a' AND '$b' group by id");

    while($row = mysql_fetch_array($result1))
    {



        echo '<tr>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">'.$row['date'].'</div></td>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">'.$row['reciept'].'</div></td>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center"></div></td>';
        echo '</div></td>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;">'.$row['total_purchased'].'<div align="center">';
        echo '</div></td>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">'.$row['transactioncode'].'</div></td>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center"></div></td>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">';
        $eee=$row['total'];
        echo formatMoney($eee, true);

        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">'.$row['profit'].'</div></td>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">'.$row['mode'].'</div></td>';
        echo '<td style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">'.$row['total'].'</div></td>';
        echo '</div></td>';

        echo '<tr>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Product Code</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Name</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Description</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Category</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Quantity Purchased</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Sub total</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Total</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Tax</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Profit</th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;font-size:10px;background-image:url(images/buts3.png);color:white"">Discount</th>';
        echo'</tr>';


        echo '<tr>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">'.$row['pcode'].'</div></th>';
        echo '<th style="border-color:#000000; border-style:solid; border-width:1px;"><div align="center">'.$row['name'].'</div></th>';                             
        echo '</tr>';                       

    echo '</tr>';

 };


mysql_close($con);
?>
user2656724
  • 79
  • 10
  • First, remove the `group by id` so you get determinate results and not semi-random ones. – ypercubeᵀᴹ Sep 29 '13 at 09:13
  • Duplicate of same user: http://stackoverflow.com/questions/19075636/organize-display-of-data-from-table – djot Sep 29 '13 at 09:13
  • why not just bothering to add class and remove those inline styles – NullPoiиteя Sep 29 '13 at 09:14
  • Your code is __Vulnerable to sql injection__ – NullPoiиteя Sep 29 '13 at 09:15
  • **Security notice:** You are vulnerable to SQL injection attacks. You are also using the deprecated `mysql_*` family of functions. You are encouraged to use `mysqli_*` or PDO. Please read [how to prevent SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). – Sumurai8 Sep 29 '13 at 09:17

1 Answers1

-1

Use mysql_fetch_row instead of mysql_fetch_array

The latter fetch all the rows as an array.

You want a single row at a time instead.

Also you get a numerical array (not key-value pairs)

See http://php.net/manual/en/function.mysql-fetch-row.php

From the above page you'll see that mysql extension is deprecate and you should move to mysqli

Also as many have commented your code is not suitable for a production environment since vulnerable to sql injection.

You should use prepared statements:

http://php.net/manual/en/mysqli.quickstart.prepared-statements.php

Paolo
  • 15,233
  • 27
  • 70
  • 91