Click here to Skip to main content
14,643,383 members
Rate this:
Please Sign up or sign in to vote.
See more:
I am trying to get value using get function but unable to get it. This code always creating problems
$course_id = mysqli_real_escape_string($conn,$_GET["course_id"]);
whenever i type the code it cannot be able to fetch value. Please help me asap.
Thanks in advanced

What I have tried:

This is the total code please help me out to get course_id
<pre>index page
<pre><?php
session_start();
include("database.php");
if(!isset($_SESSION['user']))
{
    $_SESSION['user'] = session_id();
}
$uid = $_SESSION['user'];  // set your user id settings
$datetime_string = date('c',time());    
    
if(isset($_POST['action']) or isset($_GET['view']))
{
    if(isset($_GET['view']))
    {
        header('Content-Type: application/json');
        $start = mysqli_real_escape_string($connection,$_GET["start"]);
        $end = mysqli_real_escape_string($connection,$_GET["end"]);
         #$course_id = mysqli_real_escape_string($conn,$_GET["course_id"]);
        
        $result = mysqli_query($connection,"SELECT `id`, `start` ,`end` ,`title` FROM  `events` where (date(start) >= '$start' AND date(start) <= '$end') and uid='".$uid."'");
        while($row = mysqli_fetch_assoc($result))
        {
            $events[] = $row; 
        }
        echo json_encode($events); 
        exit;
    }
    elseif($_POST['action'] == "add")
    {   
        mysqli_query($connection,"INSERT INTO `events` (
                    `title` ,
                    `start` ,
                    `end` ,
                    `uid` 
                    )
                    VALUES (
                    '".mysqli_real_escape_string($connection,$_POST["title"])."',
                    '".mysqli_real_escape_string($connection,date('Y-m-d H:i:s',strtotime($_POST["start"])))."',
                    '".mysqli_real_escape_string($connection,date('Y-m-d H:i:s',strtotime($_POST["end"])))."',
                    '".mysqli_real_escape_string($connection,$uid)."'
                    )");
        header('Content-Type: application/json');
        echo '{"id":"'.mysqli_insert_id($connection).'"}';
        exit;
    }
    elseif($_POST['action'] == "update")
    {
        mysqli_query($connection,"UPDATE `events` set 
            `start` = '".mysqli_real_escape_string($connection,date('Y-m-d H:i:s',strtotime($_POST["start"])))."', 
            `end` = '".mysqli_real_escape_string($connection,date('Y-m-d H:i:s',strtotime($_POST["end"])))."' 
            where uid = '".mysqli_real_escape_string($connection,$uid)."' and id = '".mysqli_real_escape_string($connection,$_POST["id"])."'");
        exit;
    }
    elseif($_POST['action'] == "delete") 
    {
        mysqli_query($connection,"DELETE from `events` where uid = '".mysqli_real_escape_string($connection,$uid)."' and id = '".mysqli_real_escape_string($connection,$_POST["id"])."'");
        if (mysqli_affected_rows($connection) > 0) {
            echo "1";
        }
        exit;
    }
}

?>

<!doctype html>
<html lang="en"><head>
    <title>jQuery Fullcalendar Integration with Bootstrap, PHP & MySQL | PHPLift.net</title>
    <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
    <style type="text/css">
    
      img {border-width: 0}
      * {font-family:'Lucida Grande', sans-serif;}
    </style>
  </head>
  <body  >
  
        <div class="block">
        <a href="http://www.phplift.net/jquery-fullcalendar-integration-with-bootstrap-php-mysql/">Bact to Tutorial</a>
    </div>
    <style type="text/css">
        .block a:hover{
            color: silver;
        }
        .block a{
            color: #fff;
        }
        .block {
            position: fixed;
            background: #2184cd;
            padding: 20px;
            z-index: 1;
            top: 240px;
        }
    </style>
  
    <div>
      <h2>jQuery Fullcalendar Integration with Bootstrap, PHP & MySQL example.   => <a href="http://www.phplift.net/">Home</a> | <a href="http://demos.phplift.net/">More Demos</a></h2>


      
        <div style="margin-top:8px">
<iframe allowtransparency="true" frameborder="0" scrolling="no" src="http://platform.twitter.com/widgets/follow_button.1354093195.html#_=1354256562997&id=twitter-widget-8&lang=en&screen_name=PHPLift&show_count=true&show_screen_name=true&size=m" class="twitter-follow-button" style="width: 256px; height: 20px;" title="Twitter Follow Button" data-twttr-rendered="true"></iframe>
</div>
        <div style="float:left;width:90px">
<a href="http://feeds2.feedburner.com/PHPLift" title="PHPLift feed"><img alt="feed" height="26" src="http://feeds2.feedburner.com/~fc/PHPLift?bg=f2a0bb&fg=000000&anim=0&label=Readers" style="border:0;margin-right:10px;margin-top:6px" width="88"></a>
</div>
<div style="float:left;width:120px;margin-left:20px;margin-top:2px">
<iframe allowtransparency="true" frameborder="0" scrolling="no" src="//www.facebook.com/plugins/subscribe.php?href=https%3A%2F%2Fwww.facebook.com%2Fhuzoorbux&layout=button_count&show_faces=true&colorscheme=light&font&width=200&appId=206841902768508" style="border:none; overflow:hidden; width:160px;height:25px;margin-top:5px"></iframe>
</div>
<!-- Place this tag where you want the badge to render. -->
      
      <div style="text-align: center;">
<script async src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js"></script>
<!-- PHPGang top demo all pages2 -->
<ins class="adsbygoogle"
     style="display:inline-block;width:728px;height:300px"
     data-ad-client="ca-pub-6883622550208397"
     data-ad-slot="8876576507"></ins>
<script>
(adsbygoogle = window.adsbygoogle || []).push({});
</script>
</div>

<br /><br />
<hr />  

<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.1.0/jquery.min.js"></script>
<script type="text/javascript" src="js/script.js"></script>

<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js" crossorigin="anonymous"></script>
<link  href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" rel="stylesheet" >

<link href="css/fullcalendar.css" rel="stylesheet" />
<link href="css/fullcalendar.print.css" rel="stylesheet" media="print" />
<script src="js/moment.min.js"></script>
<script src="js/fullcalendar.js"></script>


<!-- add calander in this div -->
<div class="container">
  <div class="row">
<div id="calendar"></div>

</div>
</div>


<!-- Modal -->
<div id="createEventModal" class="modal fade" role="dialog">
  <div class="modal-dialog">

    <!-- Modal content-->
    <div class="modal-content">
      <div class="modal-header">
        <button type="button" class="close" data-dismiss="modal">×</button>
        <h4 class="modal-title">Add Event</h4>
      </div>
      <div class="modal-body">
            <div class="control-group">
                <label class="control-label" for="inputPatient">Event:</label>
                <div class="field desc">
                    <input class="form-control" id="title" name="title" placeholder="Event" type="text" value="">
                </div>
            </div>
            
            <input type="hidden" id="startTime"/>
            <input type="hidden" id="endTime"/>
            
            
       
        <div class="control-group">
            <label class="control-label" for="when">When:</label>
            <div class="controls controls-row" id="when" style="margin-top:5px;">
            </div>
        </div>
        
      </div>
      <div class="modal-footer">
        <button class="btn" data-dismiss="modal" aria-hidden="true">Cancel</button>
        <button type="submit" class="btn btn-primary" id="submitButton">Save</button>
    </div>
    </div>

  </div>
</div>


<div id="calendarModal" class="modal fade">
<div class="modal-dialog">
    <div class="modal-content">
        <div class="modal-header">
            <button type="button" class="close" data-dismiss="modal">×</button>
            <h4 class="modal-title">Event Details</h4>
        </div>
        <div id="modalBody" class="modal-body">
        <h4 id="modalTitle" class="modal-title"></h4>
        <div id="modalWhen" style="margin-top:5px;"></div>
        </div>
        <input type="hidden" id="eventID"/>
        <div class="modal-footer">
            <button class="btn" data-dismiss="modal" aria-hidden="true">Cancel</button>
            <button type="submit" class="btn btn-danger" id="deleteButton">Delete</button>
        </div>
    </div>
</div>
</div>
<!--Modal-->


<div style='margin-left: auto;margin-right: auto;text-align: center;'>
</div>
<script>
  (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){
  (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o),
  m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m)
  })(window,document,'script','//www.google-analytics.com/analytics.js','ga');

  ga('create', 'UA-21769945-4', 'auto');
  ga('send', 'pageview');

</script>

  </body>
</html>





script.js page

$(document).ready(function() {
    var calendar = $('#calendar').fullCalendar({
        header: {
            left: 'prev,next today',
            center: 'title',
            right: 'month,agendaWeek,agendaDay'
        },
        defaultView: 'month',
        editable: true,
        selectable: true,
        allDaySlot: false,

        events: "index.php?page=edit_course&view=1",


        eventClick: function(event, jsEvent, view) {
            endtime = $.fullCalendar.moment(event.end).format('h:mm');
            starttime = $.fullCalendar.moment(event.start).format('dddd, MMMM Do YYYY, h:mm');
            var mywhen = starttime + ' - ' + endtime;
            $('#modalTitle').html(event.title);
            $('#modalWhen').text(mywhen);
            $('#eventID').val(event.id);
            $('#calendarModal').modal();
        },

        //header and other values
        select: function(start, end, jsEvent) {
            endtime = $.fullCalendar.moment(end).format('h:mm');
            starttime = $.fullCalendar.moment(start).format('dddd, MMMM Do YYYY, h:mm');
            var mywhen = starttime + ' - ' + endtime;
            start = moment(start).format();
            end = moment(end).format();
            course_id = moment(course_id).format();


            $('#createEventModal #startTime').val(start);
            $('#createEventModal #endTime').val(end);

            $('#createEventModal #when').text(mywhen);
            $('#createEventModal').modal('toggle');
        },
        eventDrop: function(event, delta) {
            $.ajax({
                url: 'index.php?page=edit_course',
                data: 'action=update&title=' + event.title + '&start=' + moment(event.start).format() + '&end=' + moment(event.end).format() + '&id=' + event.id,
                type: "POST",
                success: function(json) {
                    alert("Edited successfully");
                }
            });
        },
        eventResize: function(event) {
            $.ajax({
                url: 'index.php?page=edit_course',
                data: 'action=update&title=' + event.title + '&start=' + moment(event.start).format() + '&end=' + moment(event.end).format() + '&id=' + event.id,
                type: "POST",
                success: function(json) {
                    alert("Edited successfully");
                }
            });
        }
    });

    $('#submitButton').on('click', function(e) {
        // We don't want this to act as a link so cancel the link action
        e.preventDefault();
        doSubmit();
    });

    $('#deleteButton').on('click', function(e) {
        // We don't want this to act as a link so cancel the link action
        e.preventDefault();
        doDelete();
    });

    function doDelete() {
        $("#calendarModal").modal('hide');
        var eventID = $('#eventID').val();
        $.ajax({
            url: 'index.php?page=edit_course',
            data: 'action=delete&id=' + eventID,
            type: "POST",
            success: function(json) {
                if (json == 1)
                    $("#calendar").fullCalendar('removeEvents', eventID);
                else
                    return false;


            }
        });
    }

    function doSubmit() {
        $("#createEventModal").modal('hide');
        var title = $('#title').val();
        var startTime = $('#startTime').val();
        var endTime = $('#endTime').val();
        var batch_uid = $('#batch_id').val();
        var course_uid = $('#course_id').val();

        $.ajax({
            url: 'index.php?page=edit_course',
            data: 'action=add&title=' + title + '&start=' + startTime + '&end=' + endTime + '&batch_id=' + batch_uid + '&course_id=' + course_uid,
            type: "POST",
            success: function(json) {
                $("#calendar").fullCalendar('renderEvent', {
                        id: json.id,
                        title: title,
                        start: startTime,
                        end: endTime,
                        batch_id: batch_uid,
                        course_id: course_uid,
                    },
                    true);
            }
        });

    }
});
Posted
Updated 27-May-18 23:48pm
v3
Comments
Richard MacCutchan 28-May-18 4:48am
   
"This code always creating problems"
Are you expecting us to guess what those problems may be?
Member 13783315 28-May-18 5:10am
   
please view the update question
Member 13783315 28-May-18 5:12am
   
help me to get course id and display data using uid and course_id in select statement
Jochen Arndt 28-May-18 4:58am
   
Why are you calling that in the first block of code (isset($_GET['view'])) where $course_id is never used?
So it should have no effect to the fetching in that block.

To know what happens, check the return values of all mysqli functions and use mysqli_error() to report errors upon failures.
Member 13783315 28-May-18 5:10am
   
please view the update question
Member 13783315 28-May-18 5:12am
   
help me to get course id and display data using uid and course_id in select statement
Jochen Arndt 28-May-18 5:23am
   
I can't help because I did not know about these (what they mean, the type, how they are to be used, and where they are defined / the value is determined).

But you are still not using $course_id in the query. If all those ID's are numeric (not text), there is even no need to call mysqli_real_escape_string() or enclose them by quotes in the query.

1 solution

Rate this:
Please Sign up or sign in to vote.

Solution 2

$result = mysqli_query($connection,"SELECT `id`, `start` ,`end` ,`title` FROM  `events` where (date(start) >= '$start' AND date(start) <= '$end') and uid='".$uid."'");

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
   

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 503-250 Ferrand Drive Toronto Ontario, M3C 3G8 Canada +1 416-849-8900 x 100