0

Im trying to add buttons to a web page along with values in a table, althought I cant even get passed the blank page, whats wrong with my code, and can I set a variable on button press?

php: 

<?php
$sql_link = mysqli_connect('localhost', 'root', '12buckle', 'GameData');
$SetHomework = mysqli_query($sql_link, "SELECT * FROM tblClassHomework WHERE ClassID   ='".$_SESSION['ClassID']."'");
echo "<table border='1'>
<tr>
<th>Name</th>
<th>Deadline</th>
<th>Comment</th>
<th>Play</th>
</tr>";
while($row = mysqli_fetch_array($SetHomework))
{
$SetHomework = mysqli_query($sql_link, "SELECT * FROM tblHomework WHERE     HomeworkID='".$row['HomeworkID']."'");
$Homework = mysqli_fetch_array($SetHomework);
echo "<tr>";
echo "<td>" . $Homework['HomeworkName'] . "</td>";
echo "<td>" . $row['Deadline'] . "</td>";
echo "<td>" . $row['Comment'] . "</td>";
echo "<td><form action='index.php' method="post"><input type="submit" name="submit"     value="Play"></form></td>";
echo "</tr>";
}
echo "</table>";
?>

My php is inside the html file the table will be presented in

Improve this question
3
  • 2
    you are using mysqli and ignoring prepared statements..Heresy!! Commented Mar 23, 2014 at 17:32
  • Why is your table name prefixed with tbl? That seems horribly redundant. Commented Mar 23, 2014 at 17:37
  • oh yeah this is my first forray into php and database structure as a whole, i guess those prefixes are dumb, but I want to fix my error first before changing more stuff Commented Mar 23, 2014 at 17:51

2 Answers 2

Reset to default
1

You have a syntax error on this line:

echo "<td><form action='index.php' method="post"><input type="submit" name="submit"     value="Play"></form></td>";

You are prematurely ending the string to be echoed by using double quotes within the string. One way of fixing this would be to use only single quotes within your double quotes, like:

echo "<td><form action='index.php' method='post'><input type='submit' name='submit'     value='Play'></form></td>";

If you haven't enabled the display of error messages, you will encounter a blank screen when there is a syntax error. You can enable them by setting the following at the top of your script:

ini_set('display_errors',1); 
error_reporting(E_ALL);

As mentioned in the comments, you should be using prepared statements to protect you from MYSQL injection. On your line:

$SetHomework = mysqli_query($sql_link, "SELECT * FROM tblClassHomework WHERE ClassID   ='".$_SESSION['ClassID']."'");

You are concatenating the value of $_SESSION['ClassID']. Instead of this you should be using prepared statements. Change your code to something like this:

$SetHomework = mysqli_query($sql_link, "SELECT * FROM tblClassHomework WHERE ClassID   = ?");
mysqli_stmt_bind_param($SetHomework, 's', $_SESSION['ClassID']);
mysqli_stmt_execute($SetHomework);

The 'i' is a placeholder for an integer. If $_SESSION['ClassID'] is a different type, you should change the placeholder accordingly. See the bind_param documentation for more details on that.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

@MrGears No problem. I have also just added some detail on prepared statements that you should take a look at.
0

Use mysqli_fetch_assoc() instead of mysqli_fetch_array()

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.