0

very new to php and mysql so all help is greatly appreciated. I have tried to search the forums but not entirely sure specifically what I need to be searching for. I have a form which ask users to select a product and make a comment.

I need the information for a particular product to show on my product page instead of all of the information. (for example, I want the reviews for iPads to show on the ipad page)

This is the code that send the data to the database:

<?php
session_start();
include('connection.php');
$name=$_POST['name'];
$product=$_POST['product'];
$star=$_POST['star'];
$comment=$_POST['comment'];
mysql_query("INSERT INTO tt_review(name, product, star, comment)VALUES('$name', '$product', '$star','$comment')");
header("location: https://scm-intranet.tees.ac.uk/users/l1071039/tablet-takeover/index.html");
mysql_close($con);
?>

This is the current code to fetch the data onto my page:

<?php
include('connection.php');
$result = mysql_query("SELECT * FROM tt_review");

echo "<table border='1'>
<tr>

</tr>";

while($row = mysql_fetch_array($result)) //This function is calling the results variable and displaying them within the rows below
{
echo "<tr>"; //this code tells the page to output the table rows that are defined above
echo "<td>" . $row['name'] . "</td>";  
echo "<td>" . $row['date'] . "</td>"; //each row is then executed using the table data function
echo "<td>" . $row['product'] . "</td>";
echo "<td>" . $row['star'] . "</td>";
echo "<td>" . $row['comment'] . "</td>";

echo "</tr>";
}
echo "</table>";

?>

This is a screenshot of the table on my webpage (as I say, I need it to only show the ipad reviews.

enter image description here

j08691
  • 204,283
  • 31
  • 260
  • 272
Jonty
  • 45
  • 1
  • 7
  • 4
    [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](http://j.mp/XqV7Lp). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – esqew Jul 22 '14 at 13:31
  • 3
    **Danger**: You are **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that you need to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. – Quentin Jul 22 '14 at 13:32
  • if you are beginning with php/mysql, I suggest you take good habits early and stop using the `mysql_*` functions. they are deprecated in favor of `mysqli_*` see http://php.net/manual/fr/mysqli.overview.php – njzk2 Jul 22 '14 at 13:33
  • 3
    You seem to be asking how to perform queries with `WHERE` in them, that's very basic SQL and something better addressed by a tutorial than a SO question. – Quentin Jul 22 '14 at 13:33
  • 1
    The basic fix would be to add a [`WHERE`](http://www.techonthenet.com/mysql/where.php)-clause to your SELECT query (`WHERE product='Apple iPad'`). However, there are a few things that you _want_ to fix/change before making it live. For example, esqew's and Quentin's comments. – Chris Forrence Jul 22 '14 at 13:33

3 Answers3

2

To select only one kind of product, you should add a where clause on your sql query:

SELECT * FROM tt_review WHERE product = 'Apple iPad'
Pierre
  • 558
  • 1
  • 7
  • 36
0

Firstly, mysql_* functions have been depreciated. Rather, use either PDO or MySQLi.

Secondly, your code is very vulnerable to SQL injection.

Thirdly, fix your select statement to the following:

SELECT * FROM tt_review WHERE product = 'ipad'
Lemuel Botha
  • 659
  • 8
  • 22
  • (psst: I won't edit your answer any more than I had, but it _is_ actually spelled "[deprecated](http://en.wikipedia.org/wiki/Deprecation)". Cheers!) – Chris Forrence Jul 22 '14 at 19:21
  • Sorry, I saw what you did, I initially was saying depreciated, as in loss of value, not deprecated, but I see why you had changed it to deprecated – Lemuel Botha Jul 25 '14 at 09:04
0

You can give like this

"SELECT * FROM tt_review WHERE Product_name ='ipad'"

It will display only the information related to Ipad Still If you dont understand please give me the name of the columns you used in the table

Arun Ravilla
  • 93
  • 5