🔒 Closed Programming Languaeg PHP

[EEEEERRRRRAAAA]

Pa help ako mga paps, di ko makuha yung ID ni services_tbl, papunta sa table na request_resident.
hindi lumalabas yung services_id sa table na request resident.

first code:
<?php
$query_res= mysqli_query($db,"select * from services_tbl LIMIT 3");
while($row=mysqli_fetch_array($query_res))

{
echo '<div class="contener">
<div class="image-contener">
<img src="assets/img/barangay_clearance.jpg" alt="">
</div>


<div class="meta-contener text-center">
<p>View the requirements needed for '.$row['services_name'].' and acquire online now.</p>
</div>


<div class="button-contener">
<a href="services_requirements.php?res_id='.$row['services_id'].'" class="button">PROCEED</a>
</div>
</div>';
}
?>
second code:
<form method="POST" action="services_request.php?res_id=<?php echo $_GET['res_id'];?>&action=add&id=<?php echo $product['services_id']; ?>'">

<div class="alert-success" role="alert">
<br />
<p>if you have this kind of requirement, you may now proceed!</p>
</div>
<div class="text-center">

<div class="button-contener text-center">
<a href="services_request.php?res_id=<?php echo $_GET['res_id']; ?>" class="button" name="submit">PROCEED</a>
</div>

</div>
</form>

third code:
<?php
include_once('connection.php');
session_start();
if(empty($_SESSION["users_id"]))
{
header('location:login.php');
} else{



if(isset($_POST['submit']))

{
//$services_nam = $_POST['res_id'];
$query = "INSERT INTO request_residents(u_id, services_name) values('".$_SESSION["users_id"]."', '".$row['services_name']."')";
var_dump($query);
die();
//var_dump($query);
//die();
$result = mysqli_query($db, $query);
if($result){
echo "<script>alert('SUCCESS')</script>";
}else{
echo "<script>alert('error')</script>";
}

}

}

?>

<form method="POST" action="services_request.php">
<div class="form-group">
<label for="exampleFormControlInput1">Pick-up Date</label>
<input type="date" class="form-control" id="exampleFormControlInput1" placeholder="name@example.com">
</div>


<div class="form-group">
<label for="exampleFormControlTextarea1">Purpose</label>
<textarea class="form-control" placeholder="type your purpose" id="exampleFormControlTextarea1" rows="3"></textarea>
</div>
<div class="alert-success" role="alert">
<br />
<p>Only registered residents can apply. Thank You for understanding!</p>
</div>
<div class="text-center">
<div class="button-contener text-center">
<button type="submit" class="button" name="submit">PROCEED</button>
</div>
</div>


</form>

 

[🤖]

Hello! To help you with your concern, I have a few questions:

1. Can you provide more details about your issue? What exactly are you trying to do and what have you tried so far?
2. What is the structure of your database? Can you provide the schema of the relevant tables?
3. What programming language and database management system are you using?

Once I have more information, I can assist you better.

 

[Migfus]

1st things 1st, ang ID must be unique, walang magkaparehang service_id.
Try mo configure sa table na ang service_id is unique, incremental(para automatic create), unsinged(walang negative number na ID).

Imagine mo ang school ay may students, every student may unique ID thru date of enrollment, bday, name or etc.
Pero mayroon nagkataon na same ang ID, problema nayan. Like nag bayad si student A ginamit niya ang ID pero meron
same ID din sa student B. E ma librehan na si student B.

2nd is careful ka sa singular at pural. service_id yan di services_id. Individual kasi ang service_id hindi multiple per row.

3rd is ingat ka sa query variable, yung may variable sa URL. pwede yan ma inject thru URL. Pwede naman
<input name='res_id' value='$row['services_id']' type='hidden' /> Di yan makikita sa page kasi naka hidden.

4th mag sanitize() ka before ilagay mo sa SQL. para walang injection mangyari like lagyan ko nang
"<style>*{background: red}</style> ang input.

Anyway, enjoy coding. Practice lang.

 

[EEEEERRRRRAAAA]

Thank you master

1st things 1st, ang ID must be unique, walang magkaparehang service_id.
Try mo configure sa table na ang service_id is unique, incremental(para automatic create), unsinged(walang negative number na ID).

Imagine mo ang school ay may students, every student may unique ID thru date of enrollment, bday, name or etc.
Pero mayroon nagkataon na same ang ID, problema nayan. Like nag bayad si student A ginamit niya ang ID pero meron
same ID din sa student B. E ma librehan na si student B.

2nd is careful ka sa singular at pural. service_id yan di services_id. Individual kasi ang service_id hindi multiple per row.

3rd is ingat ka sa query variable, yung may variable sa URL. pwede yan ma inject thru URL. Pwede naman
<input name='res_id' value='$row['services_id']' type='hidden' /> Di yan makikita sa page kasi naka hidden.

4th mag sanitize() ka before ilagay mo sa SQL. para walang injection mangyari like lagyan ko nang
"<style>*{background: red}</style> ang input.

Anyway, enjoy coding. Practice lang.