0

I'm writing some Hobby PHP Chatroom Project and i got stuck, displaying the active Rooms userlist at the correct position within the roomslist. The userlist should be displayed within the textflow inside some Table, but when i try to display it at the wanted position via function call in PHP, PHP ignores the Position and displays the preformatted SQL Output either before the displaying while() or after it..

How can i Display this while() in the other while() where it should be, or at Least the wanted Textoutput of it?

Look at (2) where the users should be Displayed, and (1) where it is displayed instead! (Screenshot)

Here is my Code:

while($c >0){

   
echo '<table style="border-collapse: collapse; width: 100%;" border="1">
  <tbody>
    <tr>
      <td style="width: 100%;"><RoomHeading>'.$Roomname[$c].'</RoomHeading></td>
    </tr>
  </tbody>
</table>
<table style="border-collapse: collapse; width: 100%;" border="1">
  <tbody>
    <tr>
      <td style="width: 50%;"><img src="Bild.jpg"></td>
      <td style="width: 50%;"><div id="Roomlisttext"><Roomtext>'.$Roomthema[$c].'&nbsp;'.listusers_horizontal($Roomname[$c]).'</Roomtext><br></div></td>
    </tr>
  </tbody>
</table>
<table style="border-collapse: collapse; width: 100%;" border="1">
  <tbody>
    <tr>
      <td style="width: 100%;"><a class="floatr" href="core.php?changeroom='.$Roomname[$c].'">Betreten</a></td>
    </tr>
  </tbody>
</table>

';

$c--; 
}

As you should see, i want to display the output of listusers_horizontal() at the right Position, inside my Table for each open Room in my Chatroomlist

Here is the Code of the listusers_horizontal() function:

<?php

function listusers_horizontal($where){
include("db.php");
$active = $_SESSION["activeroom"];

  $getActlist = "SELECT * FROM `chatlogin` WHERE Room='$where';";

  $getList = mysqli_query($db, $getActlist);

if($getList){
    while($row = mysqli_fetch_object($getList))
    {
      echo $row->User;echo "&nbsp;";
      
    }
}
else{
    echo "Datenbankproblem!";
}

      
}


?>

When i open the page, php executes the While() to the end of the current row and ignores that function call until the end of that while() row and displays it after it.. as standalone HTML Block under it

What can i do to get this sql Query output at the exact position, where it should be?

Simon Dülpers
  • 17
  • 2
  • As an aside, see about sql injection and the importance of prepared and bound queries – Strawberry Aug 23 '20 at 09:32
  • **Warning:** You are wide open to [SQL Injections](https://stackoverflow.com/a/60496/1839439) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Aug 23 '20 at 10:46
  • Thank you for your Help. As you might or might not see is this my first bigger Project. Its not yet to be published in any Form to the Internet, i wanted to make it Safe, when everything else is done. But to get startet learning about Security i guess Mysql injections would be a good point to start reading about. Do you two know any good Site, that is easy to understand, maybe with case examples to study common programming Mistakes // SQL Injections related // For a first start while programming .. For example with suggestions how to solve them? – Simon Dülpers Aug 24 '20 at 12:09

0 Answers0