0

I'm trying to request all records with a specific value within the record

I have page overzicht_klant.php where my custumers stands behind that you get a link "overzicht installaties" this links to klant.php

That's where all information off that customer has to come but the request of all information with that specific customer isn't showing up what did i do wrong ?

----overzicht_klant.php----

<html>
<body>
<?php include('header.php'); ?>

<table width="auto" border="1">
  <tbody>
  <tr><td>Opdrachtgever</td><td>ID</td><td>Klant</td><td>Adres</td><td>Plaats</td><td>Telefoonnummer</td></tr>
<?php 
    require_once 'db_config.php';

$sql = "
    SELECT
        id,opdrachtgever,klant,adres,plaats,telefoonnr
    FROM
        klant
";

if(!$res = mysql_query($sql))
{
    trigger_error(mysql_error().'<br />In query: '.$sql);
}
elseif(mysql_num_rows($res) == 0)
{
    echo 'Geen resultaten gevonden';
}
else
{
    while($row = mysql_fetch_assoc($res))
    {
        echo '<tr><td>'. $row['opdrachtgever'].'</td> ';
        echo '<td>'. $row['id'].' </td> ';
        echo '<td>'. $row['klant'].' </td> ';
        echo '<td>'. $row['adres'].' </td> ';
        echo '<td>'. $row['plaats'].' </td> ';
        echo '<td>'. $row['telefoonnr'].'</td>';
        echo '<td><a href=\klant.php?id=';
        echo $row['klant']; 
        echo ">";
        echo 'Overzicht Installaties</td></tr>';
    }
} ?>
  </tbody>
</table>
</body>

</html>

klant.php

<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Klant Installaties</title>
</head>

<body>
<?php include('header.php')?>

<table border="1"><tr><td>Locatie</td><td>merk</td><td>model</td><td>type</td><td>serienummer</td><td>bouwjaar</td><td>afvoer</td><td>adres</td><td>poortnummer</td><td>filters</td></tr>
<?php
require_once 'db_config.php';
$id=mysql_real_escape_string($_GET['klant']);
$result = mysql_query("SELECT * FROM klant where klant=".$id.";");

if(!$res = mysql_query($result))
{
    trigger_error(mysql_error().'<br />In query: '.$result);
}
elseif(mysql_num_rows($res) == 0)
{
    echo '<tr><td>Geen resultaten gevonden</td></tr>';
}
else
{
    while($row = mysql_fetch_assoc($res))
    {
        echo '<tr><td>'. $row['locatie'].'</td> ';
        echo '<td>'. $row['merk'].' </td> ';
        echo '<td>'. $row['model'].' </td> ';
        echo '<td>'. $row['type'].' </td> ';
        echo '<td>'. $row['serienr'].' </td> ';
        echo '<td>'. $row['bouwjaar'].'</td>';
        echo '<td>'. $row['afvoer'].'</td>';
        echo '<td>'. $row['adres'].'</td>';
        echo '<td>'. $row['poortnr'].'</td>';
        echo '<td>'. $row['filter'].'</td></tr>';
    }
} ?>
  </tbody>
</table>



</body>
</html>
Jay Blanchard
  • 34,243
  • 16
  • 77
  • 119
eVinx
  • 1
  • 8
  • 2
    ***Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php).*** [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Mar 16 '17 at 21:39
  • 1
    [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)***. Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Mar 16 '17 at 21:40
  • In the link the parameter's name is `id`, but in the 2nd page the parameter you are trying to read is `klant`. Also, the id seems to be a string, but you do not enclose the parameter value by single quotes. You should enable error reporting, that would help you to identify the issues. – Shadow Mar 16 '17 at 21:42
  • love how every one says dont use mysql and use mysqli. Because php 5 isnt going anywere for long time. And Mysqli Has To Have A Link Global Or send it everywere. How is that easier? It is faster though. – DarkSideKillaz Mar 16 '17 at 21:53
  • @DarkSideKillaz because even in PHP5 it's a bad practice because better alternatives are available. In addition `mysqli` can be used as a class. – Seth Mar 17 '17 at 13:49
  • @Shadow how do i enable error reporting ? im new and noob so i just trying things but i cant find it – eVinx Mar 17 '17 at 16:24
  • @JayBlanchard not safe is not a problem is only for internal use so its not accessible from internet – eVinx Mar 17 '17 at 16:32
  • I hate when people say *"I'm not that far along..."* or *"This site will not be public..."* or *"It's only for school, so security doesn't matter..."*. If teachers and professors are not talking about security from day one, they're doing it wrong. Challenge them. They're teaching sloppy and dangerous coding practices which students will have to unlearn later. I also hate it when folks say, *"I'll add security later..."* or *"Security isn't important now..."* or *"Ignore the security risk..."*. If you don't have time to do it right the first time, when will you find the time to add it later? – Jay Blanchard Mar 17 '17 at 17:55
  • it just for my own use on a internal server without internet just offline so im the only one thats going to access it so whats the problem ? – eVinx Mar 17 '17 at 18:48
  • but i fixed it and it works thanks for everyone his/her information :) – eVinx Mar 17 '17 at 18:48

0 Answers0