Generando mensaje de error para consulta de base de datos vacía en PHP

The following code's purpose is to get an input (from a separate HTML file) for the customerID in a database from the user and then display the order number, order date and shipped status for that customerID. The code works fine and I am able to do this, however I also want to create an error message if a customerID that does not exist in the database is entered, instead of just an empty table. I am new to PHP and any help on how to do this is appreciated. (Please note, it has to be in either PHP or mysql)

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Prac 2 Task 8</title>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "<username>", "<password>");
mysql_select_db("warehouse<##>", $conn) 
or die ('Database not found ' . mysql_error() );
$input = $_GET["custID"];
$sql = "select orderNumber, orderDate, shipped from orders where customerID = $input 
order by orderDate"; 
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
?>
<?php 
if (orderNumber != "") { ?> 
<p>the following information was received from the user:</p>
<p><strong>customerID = </strong> <?php echo "$input"; ?><br/><br/>

<table border="1" summary="Order Details">
<tr>
<th>Order Number</th>
<th>Order Date</th>
<th>Shipped</th>
</tr>
<?php
while ($row = mysql_fetch_array($rs)) { ?>
<tr>
<td><?php echo $row["orderNumber"]?></td>
<td><?php echo $row["orderDate"]?></td>
<td><?php echo $row["shipped"]?></td>

</tr>
<?php }}
else {
$txt ="The CustomerID you entered was either invalid or does not exist"; 
echo $txt;?>
<?php }
mysql_close($conn); ?>
</table>
</body></html>

preguntado el 15 de mayo de 13 a las 03:05

please dont use mysql_* function those are deprecated see this stackoverflow.com/questions/12859942/… -

OP can use mysqli or PDO. But when you are a beginner and you are starting to learn from books that teach you with Mysql first, it might be understandable that they would first try to understand the procedural approach through the deprecated mysql and then eventually move on and open up to mysqli or PDO. -

2 Respuestas

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> 
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Prac 2 Task 8</title>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "<username>", "<password>");
mysql_select_db("warehouse<##>", $conn) 
or die ('Database not found ' . mysql_error() );
$input = $_GET["custID"];
$sql = "select orderNumber, orderDate, shipped from orders where customerID = $input 
order by orderDate"; 
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
//validate result set here
if(mysql_num_rows($rs)>0)
{
?>
<?php 
if (orderNumber != "") { ?> 
<p>the following information was received from the user:</p>
<p><strong>customerID = </strong> <?php echo "$input"; ?><br/><br/>

<table border="1" summary="Order Details">
<tr>
<th>Order Number</th>
<th>Order Date</th>
<th>Shipped</th>
</tr>
<?php
while ($row = mysql_fetch_array($rs)) { ?>
<tr>
<td><?php echo $row["orderNumber"]?></td>
<td><?php echo $row["orderDate"]?></td>
<td><?php echo $row["shipped"]?></td>

</tr>
<?php }}
else {
$txt ="The CustomerID you entered was either invalid or does not exist"; 
echo $txt;?>
<?php }

}//endif
else{

//you error message here
}

mysql_close($conn); ?>
</table>
</body></html>

contestado el 15 de mayo de 13 a las 05:05

You have many ways to do this, and this is one of so many:

  1. encapsulate your code into a try-catch so it is easy to manage errors, much better way than use "or die" stuff
  2. verify the validity of your GET and POST variables to avoid SQL injections for security
  3. you may use a "select count(*) ..." before the main query, or just count the quantity of results of the main query (what I put there)

this gives approx that:

<body>
<?php
$conn = mysql_connect("localhost", "<username>", "<password>");
mysql_select_db("warehouse<##>", $conn) 
or die ('Database not found ' . mysql_error() );

try 
{
  $input = $_GET["custID"];
  // Protect yourself from SQL injection
  if (!is_numeric($input))
    throw new Exception('Error: the customer ID is not a number');

  $sql = "select orderNumber, orderDate, shipped from orders where customerID = $input 
  order by orderDate"; 
  $rs = mysql_query($sql, $conn)
    or die ('Problem with query' . mysql_error());
  ?>
  <?php 
  if ( mysql_num_rows($rs) > 0 )
  { ?> 
  <p>the following information was received from the user:</p>
  <p><strong>customerID = </strong> <?php echo "$input"; ?><br/><br/>

  <table border="1" summary="Order Details">
  <tr>
  <th>Order Number</th>
  <th>Order Date</th>
  <th>Shipped</th>
  </tr>
  <?php
  while ($row = mysql_fetch_array($rs)) { ?>
  <tr>
  <td><?php echo $row["orderNumber"]?></td>
  <td><?php echo $row["orderDate"]?></td>
  <td><?php echo $row["shipped"]?></td>

  </tr>
  <?php }
    else
    {
      echo "There is no results for this customer";
    }
  }
  else {
  $txt ="The CustomerID you entered was either invalid or does not exist"; 
  echo $txt;?>
  <?php }
}
catch (Exception $e)
{
  echo "Error: ".$e;
}
mysql_close($conn); ?>
</table>
</body>

contestado el 15 de mayo de 13 a las 06:05

No es la respuesta que estás buscando? Examinar otras preguntas etiquetadas or haz tu propia pregunta.