I'm developing a web app that allows me to generate product orders in PHP. When I first started, I was thinking only about my product orders, however, I have 3 more sales representatives and I would like for them to use it as well.
The problem I'm currently facing is that whenever I'm looking for product orders (using an ajax), all users are allowed to see all the product orders. I would like that each user can only see **their* product orders, but I'm not sure how the query should be.
What would the query be considering these tables?
Thanks in advance!
UPDATE:
So, thanks to #Nicolas answer, I was able to get only information for a selected vendor. However, the 'nombre_cliente(client name)' from 'clientes' tables is wrong for every row. It is showing only the first row. Other information is correct, except for the name. Here is what the results look like now, and how I'm looping through the data.
results
looping
Thanks in advance to everyone.
From what i understand, You would need to know who's asking the server for every request. There's multiple way to achieve this and we don't have enough informations about your infrastructure to give you a good way to accomplish this. Are you using PHP session, are you using an API with API keys, etc. Either way, To get only the product order for a particular vendor, you would need to execute a SQL that would look like that :
SELECT * FROM `facturas` WHERE `id_vendedor` = 1;
In this example, 1 is the id of the connected user.
This request will filter every order and returns only the one that have been done by the user with the id : 1.
You could also join both tables together and filter by some other property of the user table. Lets say we want to get every order by the user whose name contains "john". we would do a request like that :
SELECT facturas.* FROM `facturas` JOIN `users` ON `facturas`.`id_vendedor` = `users`. `user_id` WHERE `users`.`firstname` LIKE '%john%';
In this case, we are joining both table, mapping every id_vendedor to an user_id in the user table, and filtering by firstname. The like operator can be translate to : 'anything john anything'.
IMPORTANT
If you are doing SQL request in any language, make sure you are binding your parameters
Thanks to #Nicolas help, I was able to fix my problem. The final query is:
SELECT * FROM facturas JOIN clientes ON facturas.id_cliente=clientes.id_cliente where facturas.id_vendedor=$current_user (variable that I used to keep track of who is logged in)
Related
I'm totally confused.. I finally got the SuiteTalk API working and am able to make authenticated calls from my JS server..
I'm calling the GET /invoice route, which documented here:
https://system.netsuite.com/help/helpcenter/en_US/APIs/REST_API_Browser/record/v1/2022.2/index.html#tag-invoice
Says that it should return to me an InvoiceCollection which is a collection of Invoices which, by the documentation, has all the fields I need as part of an Invoice.
However, the actual response I am getting back is just an array of items that only has the ID in it.. where are all the other invoice fields?!
I tried to just fire off subsequent calls to the /invoice/{id} route with each ID, but I am getting back some of them as unauthorized and some not.. assuming having to do with timestamp being to close together or something.
There has to be a way to call up to /invoice and get all of the data having to do with an invoice and not just the ID right?
I'm also wondering how I can utilize the "Q" param to filter to invoices only for a certain customer, or date, etc. Appreciate any help!
I recommend trying all these queries in postman (netsuite provides a collection for it). If you try it there, you'll see that {{REST_SERVICES}}/record/v1/invoice returns a list of id's and links to invoices.
If you dont see the details of an invoice, can that have something to do with the rights (to that subsidiary)?
e.g. GET: {{REST_SERVICES}}/record/v1/invoice/164198 shows me the entire record.
To get invoices from a certain customer i think i would go for a query in the suiteql restlet.
Hope that helps a bit. I'm just discovering suitetalk myself and it's not the easiest to get a grip of.
I have been assigned with a task to handle large number of data and show then to a webpage tabular form. I'm using HTML/JSP and JS for Frontend and Java as backend.
Business logic is to query database (for me it's Oracle) and get data.
Query looks something like
Select field1, field2 etc.. from table where field1 = "SearchString"
Limit 30
The search string will be given by user.
So, each time the query gets executed I'm getting 30 rows and storing it in a bean.
And with field2 data from iteration 1 I'll execute the query again which will give another 30 rows, I will append those in the bean and loop continues untill there is no matching records. After that I need to display the bean data in UI in tabular form.
Now problem arises when the data is huge. Like, the iteration goes on 1000 times giving 30k records. Then the code is getting stuck in this loop for more time and UI screen is showing loading.
Is there a better approach to my situation?
Note : I can't do any operation the query. Because it's forbidden.
And the query is pseudo query not actual. If the first record has matching record of 30k rows. I need to take 30 in each iteration.
I agree with the comments that this is not the best practice when you are trying to present thousands and thousands of rows to the UI...
It really sounds like you should implement pagination on your UI. This is done by using queries... I don't know what DB system you are using but here is a guide on pagination for SQL Server.
You can explain to the business that using pagination is better for the user. Use the example of how google search gives you pages of search results instead of showing you millions of websites of cat pictures all in one page.
I have a use case where I have to Add query params to APIs call, and save it accordingly.
Meaning- I have one report to Add, which gives multiple filters that to be saved. (Some of them are pre-defined and others can be added) which could be saved and it could run to generate report or to schedule it.
How here I am using postgres sql as DB. How can I solve such scenarios, If say saving into db then what's the best way to do such operations? I have a db table where I am storing Report name and descriptions. But how can I add such Filters and Save it? And next time the user just Schedule or generate report with saved filters.
Below are the images for better understanding of the scenario.
The Image of where List displayed of saved reports
The Image where user can Add custom report using available filters.
Not sure the best way to handle such scenarios, where I have to add multiple of filters and save it accordingly.
Can anyone help me here with the approach to handle such things? Like saving in DB or how it could work the best.
Thanks
Edit- Something like JIRA, can save the filters and directly apply it. Something like this.
Assuming that you have control over your web application and that it will translate what users input into SQL queries, just create a data structure that both your UI and your data tier can understand and store it in a table using the JSON or JSONB datatype.
I have a search function on my site that needs to search through ~2000 items (this table never changes, it will always have the same number of items) stored in MySQL. All it needs to do is search by name or 'LIKE' the name and return the id. I have thought of two approaches to this:
Query database using ajax on keyup(), this seems like it would be expensive with many people searching
Send all the data to client as a JSON file when they load the page and search through it using JavaScript to reduce the load on the database
Which approach is better? Or if you have a better approach I am open to suggestions.
Depends on what your purpose. Do you want to provide search on fly functionality while user writes its search word or would like to return the result when the user clicks search button or something? Either way, you are talking about 2000 records which is not much actually. So I think you can store all those information into an offline memory cache and you can return your results from memory. SQL is also quite optimized for queries and it also caches the results so for 2000 records it shouldn't be any problem to perform the query to DB as well.
https://docs.google.com/file/d/0B9urXGIYtvx-YzdYNlllbUxFeHM/edit?usp=drive_web
Attached is a picture of what I have done so far. This is just the front end and I need help with the backend.
I have a question about using SQL to bring up a table based on these selections. I created these dropdowns and selections using javascript but I want to be able to pass them on to a sql to search the database based on selections and return anything that fits the criteria.
To explain everything:
I want to lists at the bottom to be apart of the Select (ex. Select OrganizationID, OrganizationName, OrganizationType, EventID, EventName)
Then I would like the two selections at the top to be the FROM (ex. FROM Events, Organization) and then of course join these with a WHERE.
Then I would like the include or exclude to be apart of the WHERE (ex. WHERE EventID=32211)
I know that I will have to use PHP for this as well and that's perfectly fine I just need help starting it to find out how to pass these selections.
the easiest way is to wrap everything in a FORM tag with an action property. The action property will specify the page you'll be sending the data to (via an http post by default).
so you could put action="searchresults.php", for example.
Your server will receive the values from all of the inputs on your page inside of the $_POST variable. The $_POST variable is an associative array where the key is the name attribute of the input elements.
so to get the values the people entered you'd do something like this:
if (isset($_POST)){
$table=$_POST["Table"]; //where Table is the name of your first option box, it should get the value assigned to the option element.
}
After you get the values, you need to build out your query. The ONLY ways you should EVER consider doing this is through either a prepared statement or a stored procedure.
here's the php documentation on MSSQL prepared statements: http://us2.php.net/sqlsrv_prepare
the long and the short of it:
//$conn is the database connection, $params is an array of the parameters to fill in the ?.
$sql = "SELECT FROM table WHERE id=?";
$stmt=sqlsrv_prepare ($conn, $sql , $params);
NEVER build a query by concatenating user inputs, this leaves you open to SQL injection attacks.
If you'd like some more specifics, you're going to have to provide more information, a database schema, the HTML on your form, some expected results.