Mysql fetch object

PHP
1

Need to correct a piece of code, no matter which option one picks the data displays the same. Not correctly either…:blush:

<form method="POST" action="log.php" target="main" name="sort">
<select size="1" id="id1" name="D1">
<option value="username">Username</option>
<option value="date">Date</option>
<option value="ip_addr">IP Address</option>
<option value="oper_sys">O/S</option>
<option value="brow">Browser</option>
</select>
<input type="submit" value="Submit" name="B1">
</form>

with a log.php

$connection = @mysql_connect($server, $dbusername, $dbpassword)
	or die(mysql_error());
				
$db = @mysql_select_db($db_name,$connection)
	or die(mysql_error());

$sql="SELECT * FROM log_login ORDER BY '$_POST [D1]'";
$result = @mysql_query($sql, $connection) or die(mysql_error());

while ($sql = mysql_fetch_object($result)) 
{
$user       =     $sql -> username;
	$whend      =	$sql -> date;
	$whent	=	$sql -> time;
	$ip_add	=	$sql -> ip_addr;
	$operat	= 	$sql -> oper_sys;
	$browse	=	$sql -> brow;
	
	echo "<p><font size=\\"1\\" face=\\"Tahoma\\"><b>Username: 	</b>$user</font><br>";
	echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>Date:     	</b>$whend</font><br>";
	echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>Time: 		</b>$whent</font><br>";
	echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>IP Addres: </b>$ip_add</font><br>";
	echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>O/S: 		</b>$operat</font><br>";
	echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>Browser: 		</b>$browse</font></p>";

Any help is greatly appreciated…

2

You do not put single quotes around a column name

You want

ORDER BY username

not

ORDER BY 'username'

Once you get it working, make sure to add some validation code here. You don’t want to inject arbitrary user input into your query.

Edit:

P.S. No space between the array name and index – $_POST[D1] not $_POST [D1]

3

I have tried the below and all bring out the data, but not in the correct order.

$sql="SELECT * FROM log_login ORDER BY $POST[D1]"; 

$sql="SELECT * FROM log_login ORDER BY 'log.html, [D1]'";  

$sql="SELECT * FROM log_login ORDER BY date"; //date order only

$sql="SELECT * FROM log_login ORDER BY username";

The select does not function, what am I missing.
and what do you mean about the validation code?
If it false { else?

4

You should separate your tasks.
First of all you should make yourself know, what SQL query you want.
Second, produce that query from variables you have. Ensure that this resulting query is exactly the same you wanted.
Third, take some precautions against someone put “;DROP table log_login” into $POST[D1]

Do it step by step. Don’t take second step before first.
What SQL query(-es) you want to run?

5

Query “SELECT * FROM log_login ORDER BY username” does work?
If not - what are symptoms? If usernames goes out in the incorrect order, there may be encoding problem.

6

Yes, The info is listed correctly, althought the Select by date, ip etc. Does not.

7

What’s wrong with date and ip?
You’re speaking of static query, or of dynamically build using POST variables?

8

The form

<form method="POST" action="log.php" target="main" name="sort">
<select size="1" id="id1" name="D1">
<option value="username">Username</option>
<option value="date">Date</option>
<option value="ip_addr">IP Address</option>
<option value="oper_sys">O/S</option>
<option value="brow">Browser</option>
</select>
<input type="submit" value="Submit" name="B1">
</form>

no matter what you select, it does not select the proper info in ascend or decend order, just username ascending.

9

Well, now I see your problem.
Yo fail to name variable properly.
Both $_POST [D1] and $POST[D1] are wrong.
Try to print out your variable and find right name for it.

10

$_POST[‘d1’] (or $_POST[D1] / {$_POST[‘D1’]} when within a double quoted string)

11

Try to print out your variable and find right name for it.

Do not know how to write this code.

$sql=“SELECT * FROM (log_login ORDER BY {$_POST[D1]}”;

I get - You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘’ at line 1

12

That ( in there with no matching right parentheses is wrong and a bit random to include.

13

I may have another question

The index.php is a split file log.html and log.php

<?php

session_start();

include("../config.php");
include("../functions.php");

if (allow_access(Administrators) != "yes")
{
	header("Location:../index.php");
}

?>

<html>

<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Log Viewer</title>
</head>

<frameset cols="350,*">
	[B]<frame name="contents" target="main" src="log.html">
	<frame name="main" src="log.php">[/B]	<noframes>
	<body>

	<p>This page uses frames, but your browser doesn't support them.</p>

	</body>
	</noframes>
</frameset>

</html>

and the form and the fetch are on two different files, so…

$sql="SELECT * FROM log_login ORDER BY "(log.php, '$POST[D1]')";

But that is not really right either.

14

I don’t know what you’re doing, but your database server doesn’t know anything about your website files. Putting log.php into the query you’re going to send to MySQL is definitely not right.

As an aside, I have not seen a worthwhile use of frames since 1998

15

No, I don’t know what I am doing. So, I threw together a index.php with all of the code on one page.:blush:
And the info site comes out in no sequence. I believe in the same order of the mysql database. Maybe I should index one of the columns? Date is, althought it does not list by date.

<?php

session_start();

include("../config.php");
include("../functions.php");

if (allow_access(Administrators) != "yes")
{
	header("Location:../index.php");
}

?>

<html>


<head>
<meta http-equiv="Content-Type" content="text/html; charset=windows-1252">
<title>Login Log</title>
</head>

<body bgcolor="#DADADA">

<table border="0" cellpadding="0" cellspacing="0" style="border-collapse: collapse" bordercolor="#111111" width="100%" id="AutoNumber1">
  <tr>
    <td width="50%">

<p align="center">&nbsp;<img border="0" src="http://glsbrakes.com/image003.jpg" width="258" height="90" alt="Great Lakes Supply - Login Logs"></p>
	<p align="left">
<b>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp; Login 
Log - History</b></p>
<form method="POST" action="log.php" target="main" name="sort">
<p>
<b><font face="Tahoma" size="2">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; Sort By:</font></b>
<select size="1" id="id1" name="D1" style="font-family: Tahoma; font-size: 8pt">
<option value="username">Username</option>
<option value="date">Date</option>
<option value="ip_addr">IP Address</option>
<option value="oper_sys">O/S</option>
<option value="brow">Browser</option>
</select>
<input type="submit" value="Submit" name="B1" style="font-family: Tahoma; font-size: 8pt">
</p>

</form>

    <p align="left">&nbsp;</p>
    
    
    <p align="left">&nbsp;</p>
    
    
    <p align="left">&nbsp;</p>
    
    
    <p align="left"><br>
	<i><b><font face="Tahoma" size="2">
	&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; &nbsp;&nbsp;
	&nbsp;&nbsp;&nbsp;
	<a target="_top" href="../admin/adminpage.php">Back to 
	Adminpage</a></font></b></i></p>
    
    
    <p>&nbsp;</td>
    <td width="50%"> <p align="left"><b><i><font face="Tahoma" size="2">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;</font></i></b></p>

    <?
	//make connection to dbase
      $connection = @mysql_connect($server, $dbusername, $dbpassword)
	     or die(mysql_error());
				
     $db = @mysql_select_db($db_name,$connection)
	     or die(mysql_error());

     $sql="SELECT * FROM log_login ORDER BY '$POST[D1]'"; 

     $result = @mysql_query($sql, $connection) or die(mysql_error());

     while ($sql = mysql_fetch_object($result)) 
    {
	   $user      =   $sql -> username; 
	   $whend   =   $sql -> date;
	   $whent   =   $sql -> time;
	   $ip_add   =   $sql -> ip_addr;
	   $operat   =   $sql -> oper_sys;
	   $browse  =   $sql -> brow;
	
	   echo "<p><font size=\\"1\\" face=\\"Tahoma\\"><b>Username: 	</b>$user</font><br>";
	   echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>Date:     	</b>$whend</font><br>";
	   echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>Time: 		</b>$whent</font><br>";
	   echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>IP Addres: </b>$ip_add</font><br>";
	   echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>O/S: 		</b>$operat</font><br>";
	   echo "<font size=\\"1\\" face=\\"Tahoma\\"><b>Browser: 		</b>$browse</font>";
    }

    ?>

      </p>
     </td>
    </tr>
</table>
    
    
   
 
	</body>
</html>
16

Why do you still use $POST[D1] variable, which just doesn’t exists?

17

I just went with a ORDER BY date"; and dropped the form select all together.

I do not know code well enough to build a page the worked the way I wanted.

I may give it another try later, though. Need to learn all of the meaning of the ??? coding variables. First… php.net and w3schools.com/php is a start.

Thanks, Dave

18

oh. make it at least

if ($_POST['D1'] === 'username') $orderby = 'username';
if ($_POST['D1'] === 'date') $orderby = 'date';
// and so on
$sql="SELECT * FROM log_login ORDER BY $orderby";

got the idea?