-2

I'm trying to open a new php page from the sNumber and display the data from the student table on student profile page from the sNumber. But I can't retrieve the data, it goes right to the error. Any help will be appreciated. Thanks

studentlist.php

 <div class="memtable">
        <?php
        $reload = $_SERVER['PHP_SELF'] . "?tpages=" . $tpages;
        echo '<div class="pagination"><ul>';
        if ($total_pages > 1) {
            echo paginate($reload, $show_page, $total_pages);
        }
        echo "</ul></div>";
        // display data in table
        echo "<table class='table table-bordered'>";
        echo "<thead><tr><th>Last Name</th> <th>First Name</th> <th>School</th> <th>Snumber</th></tr></thead>";
        // loop through results of database query, displaying them in the table
        for ($i = $start; $i < $end; $i++) {
            // make sure that PHP doesn't try to show results that don't exist
            if ($i == $total_results) {
                break;
            }

                // echo out the contents of each row into a table
                $lastName = "<a href = 'studentprofile.php?id= " .mysql_result($result, $i, 'sNumber'). "'>" . mysql_result($result, $i, 'lastName') . "</a>";

                echo "<tr " . $cls . ">";
                echo '<td>' . $lastName . '</td>';
                echo '<td>' . mysql_result($result, $i, 'firstName') . '</td>';
                echo '<td>' . mysql_result($result, $i, 'school') . '</td>';
                echo '<td>' . mysql_result($result, $i, 'sNumber') . '</td>';
                echo "</tr>";
        }
        // close table>
        echo "</table>";
        // pagination
        ?>
    </div>

studentprofile.php

 <?php

  include('phpdocs/connect.inc.php');
  include('header.php');


   if ( isset( $_GET[ "sNumber" ] ) )
   $student_sNumber = $_GET['sNumber'];

    $getStudentInfo = " SELECT sNumber FROM student WHERE student.sNumber = " . $student_sNumber;
 ?>

 <!DOCTYPE html>
  <html>
  <head>
   <title>Student</title>
   <link href="css/style.css" rel="stylesheet" type="text/css">
   </head>
   <body>
    <div class="transoverlay">

  <?php
    if ($result = mysql_query($getStudentInfo)) {
    /* fetch associative array */
    while ($row = mysql_fetch_assoc($result)) {

        echo "<h1 class='tv'>" . $row["sNumber"]. ", ". $row['firstName']."</h1>";
    }

    mysql_free_result($result);

}else{

    echo "<div class='tv'>Student Data could not be listed. </div>";
}



   ?>

    <hr color="#1a1a1a">


  </div>

  </body>
  <?php include('footer.php');?>
  </html>
kaydrae
  • 123
  • 2
  • 9
  • It looks like `$_GET['sNumber']` is never set which cause your query to fail, but honestly a lot could go wrong in this script. Also google PDO. – bassxzero Jul 15 '16 at 02:00
  • @bassxzero Thank you. I will look into PDO – kaydrae Jul 15 '16 at 02:05
  • Please [don't use `mysql_*`](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php?rq=1); the `mysql_*` functions are outdated, [deprecated](http://us3.php.net/manual/en/intro.mysql.php), and insecure. Use [`MySQLi`](http://us3.php.net/manual/en/book.mysqli.php) or [`PDO`](http://us3.php.net/manual/en/intro.pdo.php) instead. Also, you are wide open to [**SQL injection**](https://www.owasp.org/index.php/SQL_Injection). You need to use prepared statements (and use them properly). There are a lot of things to fix in this script. – elixenide Jul 15 '16 at 02:06
  • @EdCottrell Thank you. – kaydrae Jul 15 '16 at 02:11

1 Answers1

2

the url uses id but you checking for sNumber change one of those

you need to quote student number in the query as its a string

$getStudentInfo = "SELECT sNumber FROM student WHERE student.sNumber ='". $student_sNumber."'";