0

I have this form form image. after submitting the form,personal details will be store into personal table and book details into book table. there is a link between two tables through id.

$user_query = "INSERT INTO personaldetails(FirstName ,MiddleName,LastName,
        Gender,Location,Email,Mobile) VALUES ('$users_firstname',
        '$users_middlename', '$users_lastname', '$users_gender','$users_location','$users_email','$users_mobile');";


       $result = mysqli_query($mysqli, $user_query);

        $user_id = mysqli_insert_id($mysqli);


        foreach($_POST['booktitle'] as $key => $bookTitle) {
            $bookTitle = mysqli_real_escape_string($mysqli, $bookTitle);
            $bookGenre = mysqli_real_escape_string($mysqli, $_POST['bookgenre'][$key]);
            $bookWriter = mysqli_real_escape_string($mysqli, $_POST['bookwriter'][$key]);
            $bookDescription = mysqli_real_escape_string($mysqli, $_POST['bookdescription'][$key]);

            $book_query = "INSERT INTO bookdetails(BookTitle ,BookGenre,BookWriter,
                BookDescription, UserId) VALUES('$bookTitle',
             '$bookGenre', '$bookWriter', '$bookDescription', '$user_id');";

my requirement is, the moment i click on post button the data which i inserted into personal details and book details should be posted on home page (same facebook status update)

i am trying to echo the both table's data as jason but it is fetching the entire rows of the tables.

$sql1 = mysql_query("select * from personaldetails");

    $sql2 = mysql_query(" select BookTitle,BookGenre,BookWriter,BookDescription from bookdetails INNER JOIN personaldetails ON (bookdetails.UserId = personaldetails.Id)"); 

echo '{"personaldetails": [';
        while($row=mysql_fetch_array($sql1))
        {
            $id=$row['Id'];
            $fname=$row['FirstName'];
            $mname=$row['MiddleName'];
            $lname=$row['LastName'];
            $gender=$row['Gender'];
            $location=$row['Location'];
            $email=$row['Email'];
            $mobile=$row['Mobile'];
    echo '
        {
            "Id":"'.$id.'",
            "FirstName":"'.$fname.'"
            "MiddleName":"'.$mname.'"
            "LastName":"'.$lname.'"
            "Gender":"'.$gender.'"
            "Location":"'.$location.'"
            "Email":"'.$email.'"
            "Mobile":"'.$mobile.'"
        },'; 
        }
    echo ']}';

    echo '{"bookdetails": [';
        while($row=mysql_fetch_array($sql2))
        {

            $btitle=$row['BookTitle'];
            $bgenre=$row['BookGenre'];
            $bwriter=$row['BookWriter'];
            $bdescription=$row['BookDescription'];

    echo '
        {

            "BookTitle":"'.$btitle.'"
            "BookGenre":"'.$bgenre.'"
            "BookWriter":"'.$bwriter.'"
            "BookDescription":"'.$bdescription.'"

        },'; 
        }
    echo ']}';

?>

i have some idea that i could be done by calling api through jquery or ajax but don't know how to do it. or i may require url params too. please do help me if you have any idea. i would be appreciated.

Ranjank
  • 133
  • 1
  • 14
  • 1
    [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard May 18 '16 at 19:05
  • You're still using `mysql` when instead you should be using `mysqli` or `PDO`s. Well, as per your issue, you have selected `*` from the table that is why `it is fetching the entire rows of the tables`. Try using `lastInsertId` to retrieve the data you just inserted. – Dangling Cruze May 18 '16 at 19:09
  • 1
    Also, the way you are outputting `JSON` is hilarious. – Dangling Cruze May 18 '16 at 19:10

1 Answers1

0

Looking at your code you need to do quite a few things. First is.. stop writing JSON yourself! Next up is in your queries.

$sql1 = mysql_query("select * from personaldetails");

while($row=mysql_fetch_array($sql1)) {
     $output['personaldetails'][] = $row;
}

$sql2 = mysql_query(" select BookTitle,BookGenre,BookWriter,BookDescription from bookdetails INNER JOIN personaldetails ON (bookdetails.UserId = personaldetails.Id)"); 

while($row=mysql_fetch_array($sql2)) {
     $output['bookdetails'][] = $row;
}

echo json_encode($output);
?>
Farkie
  • 3,307
  • 2
  • 22
  • 33