-2

I have a html page that posts to mysql database through a php script. How do I get the information that was entered in the html page to display after 1 record created?

<?php
$link = mysqli_connect('****', '****', '****', 'orders');

$sequence = $_POST['sequence'];
$items_count = $_POST['items_count'];
$total = $_POST['total'];
$payment_type = $_POST['payment_type'];

$sql="INSERT INTO orders (sequence,items_count,total,payment_type)
VALUES
('$sequence','$items_count','$total','$payment_type')";

if (!mysqli_query($link,$sql)) {
die('Error: ' . mysqli_error($link));
}
echo '1 record created';

mysqli_close($link);

?>
n8techy
  • 3
  • 3
  • You can make use of [`sessions`](http://www.php.net/manual/en/features.sessions.php) and [`header()`](http://www.php.net/manual/en/function.header.php) (if you know how to handle that with sessions) --- And do use prepared statements, your code is prone to [`SQL injection`](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Funk Forty Niner Jan 17 '14 at 02:35
  • Lovely [SQL injection attack](http://bobby-tables.com) vulnerabilities... enjoy having your sever pwn3d. – Marc B Jan 17 '14 at 02:36
  • I highly recommend you use an ORM like idiorm -- it'll make your life much easier as you are learning these things : https://github.com/j4mie/idiorm – rm-vanda Jan 17 '14 at 02:51
  • Thank you Fred and Marc for pointing me in the right direction and trying to save my server. I dont have it working yet, but Ill get there. Side note: should I stick with mysqli or convert to PDO. I'm seeing mysqli can be made secure, but which is the safer way to go? – n8techy Jan 17 '14 at 03:44

2 Answers2

1

In the page that is supposed to display the posts, have another query 

$sql = "SELECT sequence,items_count,total,payment_type FROM orders";

and I'm not sure if it's the right mysqli function, but after you retrieve the data from mysql as an array (mysqli_fetch_array ?) - you have to iterate through the returned results. 

foreach($fetched_row as $row){ 
echo "<pre>"; print_r($row); echo "</pre>"
}

Which, you'll obviously want to use your own HTML - and the $row will be an associative array with the column names as the keys --

rm-vanda
  • 3,122
  • 3
  • 23
  • 34
  • 1
    I think foreach loop is not required for just one record because only the last inserted record is needed to be displayed. – Rolen Koh Jan 17 '14 at 04:00
1

You need to add this code on the page where your fields will be displayed.

<?php
$last_record_id = mysql_insert_id();
$query = "SELECT * FROM <tablename> WHERE <$table_primary_key_id> = '$last_record_id'";
$result = mysqli_query($dbcon, $query);
$row = mysqli_fetch_array($result)
?>

Then fetch each field in separate variable like $price = $row['price'] and display them. You don't need looping because there is only one record to fetch and display.

Rolen Koh
  • 719
  • 2
  • 11
  • 21