-1
<?php
include ("../dataconnection.php");
    
if(isset($_GET['sub']))
{
    if(isset($_POST['name']))
        $name = $_POST['name'];
    if(isset($_POST['content']));
        $content = $_POST['content'];
    $query = "INSERT INTO testimonial (testi_name, testi_content) VALUES ('$name', '$content')";
    $result = mysqli_query($connect, $query);
    ?>
    <script>
    alert("Your review has been submitted!");
    </script>
    <?php
    header("Refresh:0");
}

$getTesti = "SELECT * FROM testimonial ORDER BY testi_name ASC";
$result = mysqli_query($connect, $getTesti) or die(mysqli_error($connect));
$row = mysqli_fetch_assoc($result);

?>

<?php foreach($row as $review):?>
<div class="box">
    <h3><?php htmlspecialchars($review['testi_name'], ENT_QUOTES); ?></h3>
    <?php htmlspecialchars($review['testi_content'], ENT_QUOTES); ?>
</div>
<?php endforeach; ?>

Hi I'm having issue where for the second coding it says Illegal string offset 'testi_name'. I tried reading others questions that have been solved but I still couldn't understand. I get the 'testi_name' from my sql. Please tell me what is the problem as I'm a beginner in php. Thank you, your help is greatly appreciated.

It even loop it 3 times eventhough i only have 1 row in my sql [1]: https://i.stack.imgur.com/C8hhd.png

Dharman
  • 30,962
  • 25
  • 85
  • 135
Cherry
  • 5
  • 2
  • Perhaps the column names are upper case? Use prepared statements!!! – Gerard H. Pille Jan 19 '21 at 02:21
  • It is a very bad idea to use `die(mysqli_error($conn));` in your code, because it could potentially leak sensitive information. See this post for more explanation: [mysqli or die, does it have to die?](https://stackoverflow.com/a/15320411/1839439) – Dharman Jan 19 '21 at 11:48

1 Answers1

0

$row is just the first row of results, not all the results. So you're looping over the columns in the first row, not all the rows.

You should also use a prepared statement rather than substituting variables into the SQL.

The code should be:

<?php
include ("../dataconnection.php");
    
if(isset($_GET['sub']))
{
    $content = $_POST['content'];
    if(!empty($name)&& !empty($rate)&& !empty($content))
    {
        $query = "INSERT INTO testimonial (page_id, testi_name, testi_content, testi_rating) VALUES (?, ?, ?, ?)";
        $stmt = mysqli_prepare($connect, $query);
        mysqli_stmt_bind_param($stmt, "ssss", $page, $name, $content, $rate);
        mysqli_stmt_execute($stmt);
        ?>
        <script>
        alert("Your review has been submitted!");
        </script>
        <?php
        header("Refresh:0");
    }
}

$getTesti = "SELECT * FROM testimonial ORDER BY testi_name ASC";
$result = mysqli_query($connect, $getTesti) or die(mysqli_error($connect));
while ($row = mysqli_fetch_assoc($result)): ?>
    <div class="box">
        <h3><?php htmlspecialchars($row['testi_name'], ENT_QUOTES); ?></h3>
        <?php htmlspecialchars($row['testi_content'], ENT_QUOTES); ?>
    </div>
<?php endforeach; ?>
Barmar
  • 741,623
  • 53
  • 500
  • 612