Create a HTML table with headings from two SQL Tables

Question

I am trying to create a simple file upload system using PHP and MySQL. I have created a database with two tables in, structure below:

File Table

+---+------------------+--------------+
| # |       Name       |     Type     |
+---+------------------+--------------+
| 1 | file_id          | int          |
| 2 | file_name        | varchar      |
| 3 | file_size        | int          |
| 4 | file_type        | varchar      |
| 5 | folder           | int          |Foreign Key to folders.folder_id
| 6 | user_Id          | int          |
| 7 | upload_time      | timestamp    |
| 8 | modify_time      | timestamp    |
+---+------------------+--------------+

Folders Table

+---+------------------+--------------+
| # |       Name       |     Type     |
+---+------------------+--------------+
| 1 | folder_id        | int          |
| 2 | name             | varchar      |
| 3 | subfolder        | int          |
+---+------------------+--------------+

Files Query

    SELECT * 
FROM   files 
       JOIN folders 
         ON folders.folder_id = files.folder 
ORDER  BY folders.subfolder ASC, 
          folders.folder_id ASC 

Folders Query

SELECT * FROM folders

The tables both echoed into a HTML table. To do this, I have two query runs happening separately, one which echoes the folders and displays them on the table, and the other echoes the files and lists them below the list of folders.

Rather than listing all the folders and then all the files I want the files to be listed below their relevant folders.

This is how my table is currently displayed:

Table Heading
-------------
folder
folder2
folder3
file1
file2
file3
file4

This is how I want it to be:

Table Heading
-------------
folder
file1
file2
folder2
file3
folder3
file4

Answer 1

Prepared statements are designed to be executed multiple times in a loop, this is a good example of where to use one:

<?php
// prepare the statement for use later
$folderId = 0;
$stmt = $connectionUploads->prepare("SELECT * FROM files WHERE folder = ?");
$stmt->bind_param("i", $folderId);

$queryGetFolders = "SELECT * FROM folders";
$resultGetFolders = mysqli_query($connectionUploads, $queryGetFolders);

if ($resultGetFolders->num_rows != 0) {
    // loop through the folder list
    while ($rowFolders = $resultGetFolders->fetch_assoc()) {
        $folderName = ucwords($rowFolders['name']);
        echo "<h1>$folderName</h1>";

        // put the new value in $folderId
        $folderId = $rowFolders['folder_id'];
        // execute the query
        $stmt->execute();
        $resultGetFiles = $stmt->get_result();
        if ($resultGetFiles->num_rows == 0) {
            echo "<p>No files</p>";
        else {
            // loop through the results as normal
            while ($rowFiles = $resultGetFiles->fetch_assoc()) {
                echo "<p>$rowFiles[file_name]</p>";
            }
        }
    }
}

Note there are no inherent security concerns with using "plain" database queries. The problems arise when you're adding user-supplied inputs to the query string. Then prepared statements are a must. In addition to reducing overhead when querying in a loop (as above) they also sanitize user input automatically.

Answer 2

You can try creating two php functions to call the various database tables, for instance

function fetch($query){

    while($row = $query->fetch_array(MYSQLI_ASSOC)){
        $result[] = $row;
    }

    return $result;
}

function getArray($a, $b, $c, $d){
    $array = mysqli_fetch_array(mysqli_query($a, "SELECT * FROM $b WHERE $c = '$d' ORDER BY $c DESC LIMIT 1"));
    return $array; 
}

then use foreach iterator to get the associative array for each file, then using the folder column you can be able to get the array for each folder where the files are found.