0

I need to display only the id row of the database on a textbox, my problem was the data is displaying all id's rows and columns.

I was fetching all data in the database, but what I need is only the id on the database.

Here is my code in forms, input text fields and submit.

<form action="" method="POST">
    <div class="row  col-md-4">
    <label>Amount</label>
     <input type="text" name="id" class="form-control validate"> 
       <br>
    <input type="submit" class="form-control btn-warning" name="search" value="Search Data"></input><br>

    <?php 

    $connection = mysqli_connect("localhost","root","");
    $db = mysqli_select_db($connection, 'qrproject');

    if(isset($_POST['search']))
    {
      $id = $_POST['id'];

      $query = "SELECT * FROM scratch_cards WHERE amount='$id' ";
      $query_run = mysqli_query($connection, $query);

      while($row = mysqli_fetch_array($query_run))
      {
        ?>
        <form action="" method="POST">
        
        <input type="text" name="code" value="<?php echo $row['code'] ?>" class="form-control validate" id="mapo">
        
           <input type="text" name="pin" value="<?php echo $row['pin'] ?>" class="form-control validate" id="mact">

           <input type="text" name="status" value="<?php echo $row['status'] ?>" class="validate form-control" id="soluong">
      
       

        <input type="date" name="card_expiration" value="<?php echo $row['card_expiration'] ?>" class="validate form-control" id="cardex">
     

          <input type="number" name="card_validity" value="<?php echo $row['card_validity'] ?>" class="validate form-control" id="cardval">
       

     
        </form>
        <?php 
      }
    }
     ?>   
</form>
mkrieger1
  • 19,194
  • 5
  • 54
  • 65
  • The reason could be that you have multiple records against same ID. Would you mind giving more details about database table? – M A Dec 13 '18 at 23:44
  • @MA hello sir, i edited the image above please see the image there where my data table is. –  Dec 13 '18 at 23:50
  • @MA Yes sir your are right i have multiple records but not on the same ID .. –  Dec 13 '18 at 23:51
  • Just so you know you have a major SQL injection vulnerability in `"SELECT * FROM scratch_cards WHERE amount='$id' "`. This is because you are not sanitizing your input. Could you give us some sample data that you are working with? It's a little hard to decipher what is what between your code and image. – domdambrogia Dec 13 '18 at 23:52
  • @domdambrogia, okay so when I input or type `500` on the textfield amount. then it should give me only specific id. so when i input `500` on the textfield amount again it will give me another specific id that is not repeating. –  Dec 13 '18 at 23:56
  • You have error in your query, you are checking `$id` against `amount`, what I assume you want to check `$id` against `id` in database. Try this: `$query = "SELECT * FROM scratch_cards WHERE id='$id' "` – M A Dec 13 '18 at 23:58
  • If you can tell us more what you are trying to achieve we can better help you. – M A Dec 13 '18 at 23:59
  • @MA it doesnt work sir, i cannot put `id` only because what im inputting is the data field name `amount` not `id` . –  Dec 14 '18 at 00:00
  • If you want to filter data against `amount` field then you should expect more than 1 records as the `amount` can repeat in other records as well. However, if you want just 1 record you can put `LIMIT 1` at the of your query or just terminate your `while` loop after reading one record. – M A Dec 14 '18 at 00:04
  • Either use `$query = "SELECT * FROM scratch_cards WHERE amount='$id' LIMIT 1";` or put `break;` before `while` loop curly brace ends. – M A Dec 14 '18 at 00:05
  • @MA You are making sense, but where can i put the `break` on my while loop –  Dec 14 '18 at 00:09
  • Insert `break;` after ` – M A Dec 14 '18 at 00:12
  • If you only want to output one row, just change `while($row = mysqli_fetch_array($query_run))` to `if($row = mysqli_fetch_array($query_run))` – Nick Dec 14 '18 at 00:13
  • @Nick heyyyyy, it worked ! but how can i randomize this? it is just showing 1 row and 1 id –  Dec 14 '18 at 00:16
  • @Nick, i need to input more 500 and the output should be different and not repeating –  Dec 14 '18 at 00:17
  • 1
    To output a different row each time, you could try adding `ORDER BY RAND() LIMIT 1` to your query i.e. `SELECT * FROM scratch_cards WHERE amount='$id' ORDER BY RAND() LIMIT 1` – Nick Dec 14 '18 at 00:22

1 Answers1

0

From your comments, it seems what you want to do is output a single, random row which matches the $_POST['id'] value against the amount column in your table. You can do this by changing your query to this:

SELECT * FROM scratch_cards WHERE amount='$id' ORDER BY RAND() LIMIT 1

You can also change 

while($row = mysqli_fetch_array($query_run))

to

if($row = mysqli_fetch_array($query_run))

although with the change to the query to limit the output to one row this is no longer absolutely necessary.

As has been pointed out, you are vulnerable to SQL injection, you should read this question to see how to resolve that.

Nick
  • 138,499
  • 22
  • 57
  • 95