Home/ Questions/Q 9235435
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T07:01:52+00:00

id 1stPayment 2ndPayment 3rdPayment 4thPayment Tuition 8 0 200 2000 2000 9000 8 2000

  • 0
id  1stPayment  2ndPayment  3rdPayment  4thPayment  Tuition 
8   0           200         2000            2000            9000    
8   2000        0           0               0                 0
9   0           0           0               0               1000    
10  1           0           0               0               0

i want to add all the tuition of id-8 and echo the result of the sum of the tuition. how can i sum all the tuition with out adding the tuition of other id’s. the table name is “students_payments”… “i also want to echo the tuition of an id in its own page, like when i access the account of id-8 it shows the sum of its tuition. 😀

i have this code, but when i access the account of id-9 and id-10 it shows the added value of all the tuition. tnx in advanced.. 😀 

<?php

include("confstudents.php");
$id = $_GET['id'];

$result = mysql_query("select * from student_payments where id='$id' ");
while ($res = mysql_fetch_assoc($result)) {

    $result = mysql_query("SELECT SUM(Tuition) FROM student_payments");
    while ($row = mysql_fetch_assoc($result)) {
        $TT = $row['SUM(Tuition)'];
        echo "Php $TT";
    }
}
?>
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    A few things about your code:

    Always cast data to what you expect them to be (in the case of your id, that should be an integer).

    Never put any unescaped strings into SQL queries. You never know what people type into your applications input fields. In this case I don’t use mysql_escape, as the id was casted to integer, which is of no harm to the query.

    Never (!) use mysql_query in a loop. You never need it and it will always slow down your application without providing any use.

    If your database expects an integer, then give it an integer and not a string. id is expected to be an integer, but ‘$id’ will always be a string. Unfortunately MySQL silently tries to cast this to integer instead of complaining…

    As I am very picky: id is an abbreviation for identifier, which in turn means, that you can identify something by it. Resulting from that, an identifier must always be unique. I hope you chose it merely to explain your question.

    Use ‘ instead of ” for strings wherever you can. This will keep the PHP parser from trying to interpret the string. Makes your code a little more save and faster.

    Though mysql_* functions are deprecated, I have only extended your code. So for an answer to your question see the code below.

    <?php

include("confstudents.php");
$id = (int)$_GET['id'];  // cast to int to prevent SQL injection; if you can't do that (e.g. it is a string), use mysql_escape()
if ($id <= 0) {   // check if the id is at all valid and break here if it isn't
    die('Invalid ID');
}

$result = mysql_query('SELECT SUM(tuition) sum_tuition FROM student_payments WHERE id = ' . $id);
if ($result === FALSE) {   // Check if the statement was able be processed
    die('Error in SQL statement');   // break here, if it wasn't
}
$res = mysql_fetch_assoc($result);   // with the SQL above, there's always exactly one row in the result
echo 'Php ' . $res['sum_tuition'];
?>

    You can add some more debugging code such as mysql_error() to find errors in your SQL statements. But don’t display that to your users. They might know, how use it for exploiting your application…

    • 0