0

This is the codes:

while ($row= mysqli_fetch_assoc($result)) {
    //
  ?>
  <table >
    <tr>
        <td>
            <p><?php echo $row['groupName'];?></p>
            <p><?php echo $row['groupPhoneNumber'];?></p>
        </td>
    </tr>

    <tr>
        <td>
        <?php
            if (isset($_POST['submit'])) {
                $status=1; // 1 is equel to requesting. 
                 $member_request=$_SESSION['id'];
                $group_requested=$row['groupName'];
                $select_chech= mysqli_query($con,"SELECT * FROM grouptbl WHERE groupCreator ='$member_request'");
                if (mysqli_num_rows($select_chech)>0) {
                    $error="You are a member of this group!";
                    }else {
                        $query_request=mysqli_query($con,"INSERT INTO `tblrequest`(`member_request`, `group_requested`, `status`) VALUES ('".$_SESSION['id']."','$group_requested',1)");
                        $msg="now you requested to ".$row['groupName'];
                    }
            }
        ?>
        <form method="post">
             <button type="submit" name="submit"
                class="btn btn-success waves-effect waves-light">ask</button>
        </form>
            
        </td>
    </tr>

   
  </table>

<?php
}//end of while condition

see that ! on if condition statement that will help me to check if member is in the group it is not giving me an error either else not working! please help me!!

El_Vanja
  • 3,660
  • 4
  • 18
  • 21
Meston Enock
  • 41
  • 7
  • Which error? Always post full information, we can't run your code to see what the error will be. – El_Vanja May 10 '21 at 19:23
  • the error is black page(white page) when i run! – Meston Enock May 10 '21 at 19:25
  • Check your error log for details or [display errors](https://stackoverflow.com/questions/1053424/how-do-i-get-php-errors-to-display) while developing. – El_Vanja May 10 '21 at 19:26
  • 1
    Also, please note that the way you're writing your query is unsafe, as it's open to [SQL injection](https://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work). You should switch to [prepared statements](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) to prevent it. Besides the security issues, it's also quite error prone because you have to handle quotes on your own, which you don't have to do with prepared statements - they do the whole work for you. – El_Vanja May 10 '21 at 19:30

1 Answers1

0

I cleanup your code little bit, So if u have any value inside row then it will create table with tr td for each record. PRINT $row first to debug.

// I Moved this part outside table to improve readability of code.

<?php
    if (isset($_POST['submit'])) {
        $status=1; // 1 is equel to requesting. 
        $member_request=$_SESSION['id'];
        $group_requested=$row['groupName'];
        $select_chech= mysqli_query($con,"SELECT * FROM grouptbl WHERE groupCreator ='$member_request'");
        if (mysqli_num_rows($select_chech)>0) {
            $error="You are a member of this group!";
            }else {
                $query_request=mysqli_query($con,"INSERT INTO `tblrequest`(`member_request`, `group_requested`, `status`) VALUES ('".$_SESSION['id']."','$group_requested',1)");
                $msg="now you requested to ".$row['groupName'];
            }
    }
?>   
 <?php
 while ($row= mysqli_fetch_assoc($result)) { ?>  DEBUG -> PRINT $row to check, fetching value from DB or not.
  <table >
    <tr>
        <td><h2><?php echo $row['groupName'];?></h2></td>
        <td><h2><?php echo $row['groupPhoneNumber'];?></h2></td>
        <td>
        <form method="post">
             <button type="submit" name="submit"
                class="btn btn-success waves-effect waves-light">ask</button>
        </form>
        </td>
    </tr>
  </table>
<?php } ?>
Chandan Kumar
  • 799
  • 7
  • 23
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman May 10 '21 at 21:08