0

I am currently creating a QR Code generator, however, I am stuck at some point where I don't know how will I connect the details of my database to the QR Code. What I mean is I wanted to use the field idNum in my database to be the text generated in my QR code. Here are the samples of my code:

include('phpqrcode/qrlib.php');

$text="Hello";

$path = 'qrcodes/';
$file = $path.uniqid().".png";

$ecc = 'L'; // error correction capability
$pixel_Size = 170;
$frame_size = 10;

QRcode::png($text, $file, $ecc, $pixel_Size, $frame_Size);

Instead of text "Hello", I want to display the idNum in my database. How?

Here is also an attempted code that I have created, however when I scan the QR code, there is no value being displayed.

$connection = mysqli_connect("localhost", "root", "", "db_bakascts") or die(mysqli_error($mysqli)); 

$id=isset($_POST['idNum']);
$sql = "SELECT * FROM tb_usersreg WHERE idNum='$id'";

$result=mysqli_query($connection,$sql) or die("Error");

    $width = "250";
    $height = "250";
    
    $url = "https://chart.googleapis.com/chart?cht=qr&chs={$width}x{$height}&chl={$id}";
    $qr["img"] = $url;
Rifky Niyas
  • 1,737
  • 10
  • 25
mariakz
  • 19
  • 6
  • 1
    Your line `$id=isset($_POST['idNum']);` will only return to you true or false and not your actual posted value. You should change that to `$id = isset($_POST['idNum']) ? $_POST['idNum'] : '';`. That being said there is alot of room for improvement in your code here. – slashroot Nov 12 '21 at 18:14
  • You have an error `or die(mysqli_error($mysqli))` will never work. Please enable mysqli error reporting instead [How to get the error message in MySQLi?](https://stackoverflow.com/a/22662582/1839439) – Dharman Dec 02 '21 at 22:24

1 Answers1

0

I have created a simple working example, with a list.php and qr.php.

list.php

This will display a list of qr codes based on id's from a database.

mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
$connection = mysqli_connect("localhost", "root", "", "db_bakascts"); 

$sql = "SELECT * FROM tb_usersreg";
$result = mysqli_query($connection,$sql);

foreach($result as $result) {
    echo "<img src='qr.php?idNum={$result['idNum']}' />";
}

qr.php

Qr.php will render a qr code based on a given idNum.

include('phpqrcode/qrlib.php');

$id=isset($_GET['idNum']) ? $_GET['idNum'] : trigger_error("No idNum given");
QRcode::png($id); //this will output the qr code directly as an image

Output (list.php)

There are 2 records in my database.

Since you explained in your question you wanted to generate some QR codes based on id's in a database, I created this simple example. You can tweak it further to your needs if needed.

Note: You could improve your code

I assumed you wanted something like the example I gave above. But I want to point out some code improvements in your code:

1. $id=isset($_POST['idNum']);

This returns a bool, not a numeric id value. You can look at my code how I have implemented this:

$id=isset($_GET['idNum']) ? $_GET['idNum'] : trigger_error("No idNum given");

2. Use mysqli_real_escape_string with query params

If you have to use parameters in your query, use mysqli_real_escape_string to protect against SQL injections.

$sql = "SELECT * FROM tb_usersreg WHERE idNum='".mysqli_real_escape_string($connection, $id) . "'";
Dharman
  • 30,962
  • 25
  • 85
  • 135
Douma
  • 2,682
  • 14
  • 23
  • Calling `mysqli_real_escape_string` [procedurally like so](https://www.php.net/manual/en/mysqli.real-escape-string.php) requires you to pass the database connection as the first parameter and the string as the second. Only if its called in a Object oriented manner do you not need to pass the database connection details. – slashroot Nov 13 '21 at 11:08
  • Don't use string escaping, there's no excuse for it. Build a proper prepared statement with parameters. – miken32 Dec 02 '21 at 22:46
  • @miken32 where is the source that says this? – Douma Dec 04 '21 at 06:10