MYSQLI Real Escape String not working with apostrophe's [duplicate] - php

This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
How to prevent XSS with HTML/PHP?
(9 answers)
Closed 17 days ago.
I have the following code:
<?php
/*
Template Name: trial_app_review
*/
get_header();
?>
<div class="form-container">
<form style="margin-top: 150px;" method="post">
<?php
// Connect to the MySQL database using the MySQLi object
$mysqli = new mysqli('host', 'user', 'password', 'db');
// Check for errors
if ($mysqli->connect_error) {
echo "Error: " . $mysqli->connect_error;
} else {
// Check if the button was clicked
if (isset($_POST['insert_btn'])) {
// Get the values of the row that the button belongs to
$WK = $_POST['WK']; $WK = mysqli_real_escape_string($mysqli, $WK);
$Trial_Year = $_POST['Trial_Year']; $Trial_Year = mysqli_real_escape_string($mysqli, $Trial_Year);
$Trial_Dates = $_POST['Trial_Dates'];$Trial_Dates = mysqli_real_escape_string($mysqli, $Trial_Dates);
$Trial_Club = $_POST['Trial_Club']; $Trial_Club = mysqli_real_escape_string($mysqli, $Trial_Club);
$Trial_Classes = $_POST['Trial_Classes']; $Trial_Classes = mysqli_real_escape_string($mysqli, $Trial_Classes);
$Ring_Width = $_POST['Ring_Width']; $Ring_Width = mysqli_real_escape_string($mysqli, $Ring_Width);
$Ring_Height = $_POST['Ring_Height']; $Ring_Height = mysqli_real_escape_string($mysqli, $Ring_Height);
$double_yes_no = $_POST['double_yes_no']; $double_yes_no = mysqli_real_escape_string($mysqli, $double_yes_no);
$FeePd = $_POST['FeePd']; $FeePd = mysqli_real_escape_string($mysqli, $FeePd);
$num_days = $_POST['num_days']; $num_days = mysqli_real_escape_string($mysqli, $num_days);
$start_date = $_POST['start_date']; $start_date = mysqli_real_escape_string($mysqli, $start_date);
$Trial_City = $_POST['Trial_City']; $Trial_City = mysqli_real_escape_string($mysqli, $Trial_City);
$Trial_St = $_POST['Trial_St']; $Trial_St = mysqli_real_escape_string($mysqli, $Trial_St);
$trial_sec = $_POST['trial_sec']; $trial_sec = mysqli_real_escape_string($mysqli, $trial_sec);
$Trial_Email = $_POST['Trial_Email']; $Trial_Email = mysqli_real_escape_string($mysqli, $Trial_Email);
$Trial_Website = $_POST['Trial_Website']; $Trial_Website = mysqli_real_escape_string($mysqli, $Trial_Website);
$end_date = $_POST['end_date']; $end_date = mysqli_real_escape_string($mysqli, $end_date);
$street_addr = $_POST['street_addr']; $street_addr = mysqli_real_escape_string($mysqli, $street_addr);
$distckwk = $_POST['distckwk']; $distckwk = mysqli_real_escape_string($mysqli, $distckwk);
$club_id = $_POST['club_id']; $club_id = mysqli_real_escape_string($mysqli, $club_id);
$pend_id = $_POST['ID']; $pend_id = mysqli_real_escape_string($mysqli, $pend_id);
$query = "INSERT INTO Calendar (pend_id, WK, Trial_Year, Trial_Dates, Trial_Club, Trial_City, Trial_St, Trial_Classes, Ring_Width, Ring_Height, double_yes_no, Trial_FName, Trial_Email,
Trial_Website, FeePd, start_date, end_date, street_addr, distckwk, club_id,Pend_Confirm)
VALUES ('$pend_id', '$WK', '$Trial_Year', '$Trial_Dates', '$Trial_Club', '$Trial_City', '$Trial_St', '$Trial_Classes', '$Ring_Width', '$Ring_Height', '$double_yes_no', '$trial_sec',
'$Trial_Email', '$Trial_Website', '$FeePd', '$start_date', '$end_date', '$street_addr','$distckwk', '$club_id',CONCAT('Confirmed-', CURRENT_DATE()))";
$result = $mysqli->query($query);
if ($result) {
$update = "UPDATE PendingCalendar SET Pend_Confirm = CONCAT('Confirmed-', CURRENT_DATE()) WHERE ID = '$pend_id'";
$update_result = $mysqli->query($update);if ($update_result) {
echo '<script>window.location.href = "https://nadac.com/success.php";</script>';
} else {
echo "Error: " . $mysqli->error;
}
} else {
echo "Error: " . $mysqli->error;
}
}
else {
// Execute a SELECT query and check for errors
$result = $mysqli->query("SELECT * FROM PendingCalendar WHERE Pend_Confirm IS NULL OR Pend_Confirm ='' ORDER BY WK DESC");
if (!$result) {
echo "Error: " . $mysqli->error;
} else {
// Add the stylesheet
echo "<style>
table {
border-collapse: collapse;
}
table, td, th {
border: 1px solid black;
padding: 5px;
}
</style>";
// Create the updated HTML table
echo "<table>\n";
echo " <tr>\n";
echo " <th>Action</th>\n";
echo " <th>WK</th>\n";
echo " <th>Trial_Year</th>\n";
echo " <th>Trial_Club</th>\n";
echo " <th>Trial_Classes</th>\n";
echo " <th>Ring_Width</th>\n";
echo " <th>Ring_Height</th>\n";
echo " <th>double_yes_no</th>\n";
echo " <th>Fee Pd</th>\n";
echo " <th>start_date</th>\n";
echo " <th>end_date</th>\n";
echo " </tr>\n";
// Iterate over the results and print each row
while ($row =
$result->fetch_assoc()) {
// Print the table row
echo " <tr>\n";
echo " <td>\n";
echo " <form method='post' >\n";
echo " <input type='hidden' name='ID' value='" . $row['ID'] . "'>\n";
echo " <input type='hidden' name='WK' value='" . $row['WK'] . "'>\n";
echo " <input type='hidden' name='Trial_Year' value='" . $row['Trial_Year'] . "'>\n";
echo " <input type='hidden' name='Trial_Club' value='" . $row['Trial_Club'] . "'>\n";
echo " <input type='hidden' name='Trial_Classes' value='" . $row['Trial_Classes'] . "'>\n";
echo " <input type='hidden' name='Ring_Width' value='" . $row['Ring_Width'] . "'>\n";
echo " <input type='hidden' name='Ring_Height' value='" . $row['Ring_Height'] . "'>\n";
echo " <input type='hidden' name='double_yes_no' value='" . $row['double_yes_no'] . "'>\n";
echo " <input type='hidden' name='FeePd' value='" . $row['FeePd'] . "'>\n";
echo " <input type='hidden' name='start_date' value='" . $row['start_date'] . "'>\n";
echo " <input type='hidden' name='end_date' value='" . $row['end_date'] . "'>\n";
echo " <input type='hidden' name='Trial_Dates' value='" . $row['Trial_Dates'] . "'>\n";
echo " <input type='hidden' name='Trial_City' value='" . $row['Trial_City'] . "'>\n";
echo " <input type='hidden' name='Trial_St' value='" . $row['Trial_St'] . "'>\n";
echo " <input type='hidden' name='Trial_Email' value='" . $row['Trial_Email'] . "'>\n";
echo " <input type='hidden' name='Trial_Website' value='" . $row['Trial_Website'] . "'>\n";
echo " <input type='hidden' name='street_addr' value='" . $row['street_addr'] . "'>\n";
echo " <input type='hidden' name='distckwk' value='" . $row['distckwk'] . "'>\n";
echo " <input type='hidden' name='club_id' value='" . $row['club_id'] . "'>\n";
echo " <input type='hidden' name='trial_sec' value='" . $row['trial_sec'] . "'>\n";
echo " <button type='submit' name='insert_btn'>Insert</button>\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>" . $row['WK'] . "</td>\n";
echo " <td>" . $row['Trial_Year'] . "</td>\n";
echo " <td>" . $row['Trial_Club'] . "</td>\n";
echo " <td>" . $row['Trial_Classes'] . "</td>\n";
echo " <td>" . $row['Ring_Width'] . "</td>\n";
echo " <td>" . $row['Ring_Height'] . "</td>\n";
echo " <td>" . $row['double_yes_no'] . "</td>\n";
echo " <td>" . $row['FeePd'] . "</td>\n";
echo " <td>" . $row['start_date'] . "</td>\n";
echo " <td>" . $row['end_date'] . "</td>\n";
echo " </tr>\n";
} echo "</table>\n";
}
}
}
?>
</form>
</div>
And it works. But when a column has an apostrophe, it removes everything after the apostrophe.
I am definitely a beginner, but I thought the escape string would prevent that from happening?
I made a test record and using something like this: NADAC,Testing'testing"testing it gets shortened to: NADAC,Testing
What am I missing?

Related

value for session data question number not getting incremented and passed in codeigniter project

Please advice me as value for session data question_number not getting incremented and passed in Codeigniter project
The old value question_number of 1 is always passed as the question number
the code is supposed to set question_number as 1 initially and then when the user submits the form the first time, and the form data is processed by the same document, the question number is supposed to be incremented by one and passed to the same form below
but unfortunately, this new question number is not passed to the hidden input type
see the code below
$con = mysqli_connect($dbhost, $dbuser, $dbpass, $dbName);
if (!$this->session->userdata("user_id")) {
header("location:" . base_url() . "login");
}
$_SESSION['error'] = '';
$_SESSION['success'] = '';
// template methods start here ==========================================
if (isset($_POST["LaunchTest"])) {
$test_id = addslashes($_POST['id']);
echo("test_id: " . $test_id . "<br />");
$session_id = addslashes($_POST['session_id']);
echo("session_id: " . $session_id . "<br />");
$counter = addslashes($_POST['counter']);
echo("counter: " . $counter . "<br />");
$score = addslashes($_POST['score']);
echo("score: " . $score . "<br />");
$question_number = addslashes($_POST['question_number']);
echo("question_number: " . $question_number . "<br />");
$answer = addslashes($_POST['hidden_answer']);
echo("answer: " . $answer . "<br />");
$user_choice = addslashes($_POST['radio_choice']);
echo("user_choice: " . $user_choice . "<br />");
$start_id = addslashes($_POST['start_id']);
echo("start_id: " . $start_id . "<br />");
$end_id = addslashes($_POST['end_id']);
echo("end_id: " . $end_id . "<br />");
$current_question= $question_number;
if ($user_choice==$answer) {
$score++;
}
$preventRepeat = [];
$question_number = $question_number+1;
echo("new Question number: " . $question_number . "<br />");
$new_question = $question_number;
$_SESSION['question_number'] = $question_number;
$organisation = $_SESSION['organisation'];
date_default_timezone_set('Africa/Lagos');
$today = date('m/d/Y h:i:s a', time());
$sql_query = "UPDATE cbt_attempts_tbl SET "
. "currentQuestion ='"
. $current_question . "',"
. "score ='"
. $score . "',"
. "created_date ='"
. $today . "'"
. " WHERE session_id = '"
. $session_id .
"'";
; //$displayedRowCount = $rowCount;
echo $sql_query . "<br />";
$result = mysqli_query($con, $sql_query) or die("No data returned from DB Query");
//$candidate_quest_count++;
echo "database updated succesfully. <br />";
$current_question++;
if ($question_number > $_SESSION['total_questions']) {
//calculate score
$score_output = calculateScore($score, $_SESSION['total_questions']);
//end test
header("location:" . base_url() . "score?id=" . $test_id .
"&test_session=" . $session_id. "score=". $score_output);
} else {
// myRandomNum = generateSecondRandomNumber();
$myRandomNum = generateRandomNumber($start_id, $end_id);
echo("myRandomNum: " . $myRandomNum . "<br />");
//$myRandomNum = preventRepeatingQuestions($myRandomNum);
$quesionAtRand_str = getQuestionAtRandom($myRandomNum, $con);
$QuestData_arr = explode("~", $quesionAtRand_str);
//echo("QuestData_arr is: " . $QuestData_arr . "<br />");
$Question = $QuestData_arr[1];
//echo("Question is: " . $Question . "<br />");
$OptA = $QuestData_arr[2];
//echo("OptA is: " . $OptA . "<br />");
$OptB = $QuestData_arr[3];
//echo("OptB is: " . $OptB . "<br />");
$OptC = $QuestData_arr[4];
//echo("OptC is: " . $OptC . "<br />");
$OptD = $QuestData_arr[5];
//echo("OptD is: " . $OptD . "<br />");
$Answer = $QuestData_arr[6];
//echo("Answer is: " . $Answer . "<br />");
}
}
?>
<?php include('admin_block.php'); ?>
<br/>
<?php
if (!isset($_GET["id"])) {
$_SESSION['error'] = '<label class="text-danger">nothing selected.</label><br />';
header("location:" . base_url() . "launchtest");
exit();
}
$test_id = addslashes($_GET['id']);
//display deleted succesfully
//header return to update screen
$organisation = $_SESSION['organisation'];
$user_name = $_SESSION['user_name'];
// main start
//-----FIRST TIME RUN STARTS HERE---
if (!isset($test_session_id)) {
$arr_usr_choice = [];
$arr_correct_answer = [];
$arr_usr_choice[0] = "nothing";
$arr_correct_answer[0] = "nothing";
$candidate_quest_count = 1;
$question_number = 1;
$preventRepeat = [];
$counter = 1;
$current_question = 1;
$score = 0;
$_SESSION["score"] = 0;
$test_session_id = generateTestSessionId();
//echo("test_session_id is: " . $test_session_id . "<br />");
//gettestdetails from summary table
$testDetails = getTestDetailsFromSummary($con, $test_id);
//echo("testDetails: " . $testDetails . "<br />");
$dataFromSmryTble_arr = explode("~", $testDetails);
$test_name= $dataFromSmryTble_arr[2];
//echo("test_name: " . $test_name . "<br />");
$type = $dataFromSmryTble_arr[6];
//echo("type: " . $type . "<br />");
$subject = $dataFromSmryTble_arr[5];
//echo("subject: " . $subject . "<br />");
$total_questions = $dataFromSmryTble_arr[3];
//echo("total_questions: " . $total_questions . "<br />");
$start_id = $dataFromSmryTble_arr[0];
//echo("start_id: " . $start_id . "<br />");
$end_id = $dataFromSmryTble_arr[1];
//echo("end_id: " . $end_id . "<br />");
$_SESSION['total_questions'] = $total_questions;
loadDetailsToAttemptsTbl(
$con,
$test_id,
$test_session_id,
$test_name,
$type,
$subject,
$total_questions,
$start_id,
$end_id
);
//1. get test takers first name and lastname
if (!isset($_SESSION['firstname']) || !isset($_SESSION['lastname'])) {
header("location:" . base_url() . "enter_student_details?id=" . $test_id .
"&test_session=" . $test_session_id);
}
$firstname = $_SESSION['firstname'];
$lastname = $_SESSION['lastname'];
$output = displayFirstQuestion($con, $test_session_id); // duisplays one Question
//echo("output is: " . $output . "<br />");
$QuestData_arr = explode("~", $output);
//echo("output is: " . $output . "<br />");
$Question = $QuestData_arr[1];
//echo("Question is: " . $Question . "<br />");
$OptA = $QuestData_arr[2];
//echo("OptA is: " . $OptA . "<br />");
$OptB = $QuestData_arr[3];
//echo("OptB is: " . $OptB . "<br />");
$OptC = $QuestData_arr[4];
//echo("OptC is: " . $OptC . "<br />");
$OptD = $QuestData_arr[5];
//echo("OptD is: " . $OptD . "<br />");
$Answer = $QuestData_arr[6];
//echo("Answer is: " . $Answer . "<br />");
$_SESSION['question_number'] = $question_number;
}
//-----FIRST TIME RUN ENDS HERE---
echo '<form method="post" action="'. $_SERVER['PHP_SELF'].'?id=' . $test_id .
'&test_session=' . $test_session_id .'"';
echo '<h2 class="section-heading animated">'. $test_name .'</h2>';
echo '<TABLE class="my_style" border="0"><TR><TD>' . $firstname . " ". $lastname . '</TD></TR></TABLE>';
echo '<font color="#fff"><table class="my_style" border="0" cellpadding="2">';
echo '<tr >';
echo '<td valign="top" >' . $_SESSION["question_number"] . '</td>';
echo '<td valign="top" colspan="3" scope="col"><b>' . $Question . '</b></td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">A.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="A" required /></td><td valign="top" >' . $OptA . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">B.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="B" /></td><td valign="top" >' . $OptB . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">C.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="C" /><td valign="top" >' . $OptC . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">D.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="D" /><td valign="top" >' . $OptD. '</td> <input type="hidden" value="'.$Answer.'" name="hidden_answer" /> ';
echo '</tr>';
echo '</tr >';
echo '<td colspan="4" ><input type="submit" style="background-color: #008CBA;" value="Next Question" name ="LaunchTest" onClick="checkRadios()"/>';
echo '<input type="hidden" name="id" value="'. $test_id.'"/>';
echo '<input type="hidden" name="question_number" value="'. $_SESSION["question_number"] .'"/>';
echo '<input type="hidden" name="session_id" value="'.$test_session_id.'"/>';
echo '<input type="hidden" name="counter" value="'.$counter.'"/>';
echo '<input type="hidden" name="score" value="'.$_SESSION["score"] .'"/>';
echo '<input type="hidden" name="start_id" value="'.$start_id.'"/>';
echo '<input type="hidden" name="end_id" value="'.$end_id.'"/>';
echo '</td>';
echo '</tr >';
echo '</table></font>';
echo '</form>';
// main end
?>

#Ynhockey was right. test_session_id was causing the issues

echo radiobutton value from mysql table

How can i loop all questions in a row to display as radio button answers?
I have 4 tables in $row that i want to print as radio button survey.
Question nr1 (Radiobutton)Answer0 (Radiobutton)ansewer1 (Radiobutton)answer2
Question nr2 (Radiobutton)Answer0 (Radiobutton)ansewer1 (Radiobutton)answer2
Question nr3 (Radiobutton)Answer0 (Radiobutton)ansewer1 (Radiobutton)answer2
and so on.....
<?php
$result = mysqli_query($db,"SELECT * FROM que");
while($row = mysqli_fetch_array($result)) {
echo $row['que_id'] . " " . $row['que_question'] . " " . $row['que_answer0'] . " " . $row['que_answer1'] . " " . $row['que_answer2'] ;
echo "<br>";
}
?>

Replace this:
<?php
$result = mysqli_query($db,"SELECT * FROM que");
while($row = mysqli_fetch_array($result)) {
echo $row['que_id'] . " " . $row['que_question'] . " " . $row['que_answer0'] . " " . $row['que_answer1'] . " " . $row['que_answer2'] ;
echo "<br>";
}
?>
to this:
<?php
$result = mysqli_query($db,"SELECT * FROM que");
while($row = mysqli_fetch_array($result)) {
echo '' . $row['que_question'] . '<br>
<input type="radio" name="' . $row['que_id'] . '" value="male">' . $row['que_answer0'] . '<br>
<input type="radio" name="' . $row['que_id'] . '" value="male">' . $row['que_answer1'] . '<br>
<input type="radio" name="' . $row['que_id'] . '" value="male">' . $row['que_answer0'] . '<br>';
}
?>

Use this
$result = mysqli_query($db,"SELECT * FROM que");
while($row = mysqli_fetch_array($result))
{
echo $row['que_question'].' ';
echo "<input type='radio' name='question[".$row['que_id']."]' value='".$row['que_answer1']."'">." ";
echo "<input type='radio' name='question[".$row['que_id']."]' value='".$row['que_answer2']."'">." ";
echo "<input type='radio' name='question[".$row['que_id']."]' value='".$row['que_answer3']."'">."<br>";
}

Edited all entries in database [php]

I have a problem in editing data in my database. I only want to edit one entry but after I clicked edit, it shows that all the data in my database were edited.
eventlist.php
<?php
$con=mysqli_connect("localhost","root","root","chess");
$result = mysqli_query($con,"select * from events");
//echo "<a href='dashboard.php'>Home</a><br>";
echo "<table border=1 id='hor-minimalist-a' width='100%'>";
echo "<tr align='center'><td><b>Date</b></td><td><b>Event</b></td><td><b>Special Note</b></td><td colspan='2'>Options</td></tr>";
$a=0;
while($row = mysqli_fetch_array($result))
{
if($a%2==0){
echo "<tr bgcolor='#b2d5ff' width='100'>"."<td>" . $row['date'] . "</td> <td>" . $row['event'] . "</td> <td>" . $row['note'] . "</td>"
. "</td><td><a href='editevent.php?id=" . $row['id'] . "'>Edit</a></td><td><a href='deleteevent.php?id=" . $row['id'] . "'>Delete</a></td></tr>";
}
else{
echo "<tr>"."<td>" . $row['date'] . "</td> <td>" . $row['event'] . "</td> <td>" . $row['note'] . "</td>"
. "</td><td><a href='editevent.php?id=" . $row['id'] . "'>Edit</a></td><td><a href='deleteevent.php?id=" . $row['id'] . "'>Delete</a></td></tr>";
}
$a++;
}
echo '</table>';
echo "<center><a href='addevent.php'><button type='submit' class='button'>Add New</button></a></center>";
?>
editevent.php
<?php
while($row = mysqli_fetch_array($result))
{
echo "ID: <input type='text' name='id' value='$row[id]'><br/>";
echo "Date: <input type='text' name='date' value='$row[date]'><br/>";
echo "Event: <textarea type='text' name='event'>".$row['event']."</textarea><br/>";
echo "Note: <input type='text' name='note' value='$row[note]'><br/>";
}
?>
updateevent.php
<?php
$id = $_POST['id'];
$date = $_POST['date'];
$event = $_POST['event'];
$note = $_POST['note'];
$con = mysqli_connect("localhost","root","root","chess");
mysqli_query($con,"update events set date='$date', event='$event', note='$note' where id = id");
header('location: eventlist.php');
?>

"update events set date='$date', event='$event', note='$note' where id = id"
where id = id is true for all rows, so all rows get updated. You probably ment to write where id = $id.
Also note that your query is open to SQL injection. Use prepared statements instead.

Undefined index PHP placing at host

I have to make a site for school. It need to be linked with a database. On localhost everything is ok and works, but when I tried to upload it on the host of the school, I get this error:
Notice: Undefined index: vragen in /mnt/studentenhomes/arnaud.gandibleux/public_html/datamanagement/index.php on line 44
I can't find the solution
index.php
<div id="tekst">
<table align='center'>
<?php
//if (isset($_GET['vragen'])){
if ($_GET['vragen'] === 'Alleclubs') {
getclubs();
} elseif ($_GET['vragen'] === 'ledenvjf') {
getVJFleden();
echo "test";
} elseif ($_GET['vragen'] === 'ledenffbj') {
getFFBJleden();
}
elseif (isset($_GET['clubnr'])) {
getLedenPerClubEnID($_GET['clubnr']);
}
else{
getclubs();
}
// }
?>
</table>
Crud.php
function getVJFleden() {
global $mysqli;
$result = $mysqli->query("SELECT * FROM Leden l JOIN Clubs c ON l.clubnr = c.clubnr join Bonden b
ON b.ID_bond = c.ID_bond LEFT JOIN adressen a ON a.ID_adress = l.ID_adress WHERE b.naam_bond = 'VJF';");
if ($result) {
if ($result->num_rows > 0) {
echo"<caption>Alle leden VJF</caption>";
echo "<th>Voornaam</th><th>achternaam</th><th>leeftijd</th><th>Kye</th><th>adress</th>";
while ($leden = $result->fetch_object()) {
echo "<tr><td>$leden->lid_voornaam</td> ";
echo "<td>" . $leden->lid_achternaam . "</td> ";
echo "<td>" . $leden->lid_leeftijd . "</td> ";
echo "<td>" . $leden->kye . "</td> ";
echo "<td>" . $leden->straatnaam . " " . $leden->huisnummer . " " . $leden->postcode . " " . $leden->gemeente . "</td> ";
echo "<td><form id='update' action='update.php' method='POST'>
<input type='hidden' name='id' value='" . $leden->ID_lid . "'/>
<input type='hidden' name='clubnr' value='" . $_GET['clubnr'] . "'/>
<input type='image' src='update.png' alt='Update' width='22' height='22'>
</form>
<form id='delete' action='deleteLid.php' method='POST'>
<input type='hidden' name='id' value='" . $leden->ID_lid . "'/>
<input type='image' src='delete.png' alt='detele' width='22' height='22'>
</form></td> ";
}
}
}
$mysqli->close();
}
function getFFBJleden() {
global $mysqli;
#, Adressen a
#AND l.ID_adress = a.ID_adress
$result = $mysqli->query("SELECT * FROM Leden l JOIN Clubs c ON l.clubnr = c.clubnr join Bonden b ON b.ID_bond = c.ID_bond LEFT JOIN adressen a ON a.ID_adress = l.ID_adress WHERE b.naam_bond = 'FFBJ';");
if ($result) {
if ($result->num_rows > 0) {
echo"<caption>Alle leden VJF</caption>";
echo "<th>Voornaam</th><th>achternaam</th><th>leeftijd</th><th>Kye</th><th>adress</th>";
while ($leden = $result->fetch_object()) {
echo "<tr><td>$leden->lid_voornaam</td> ";
echo "<td>" . $leden->lid_achternaam . "</td> ";
echo "<td>" . $leden->lid_leeftijd . "</td> ";
echo "<td>" . $leden->kye . "</td> ";
echo "<td>" . $leden->straatnaam . " " . $leden->huisnummer . " " . $leden->postcode . " " . $leden->gemeente . "</td> ";
echo "<td><form id='update' action='update.php' method='POST'>
<input type='hidden' name='id' value='" . $leden->ID_lid . "'/>
<input type='hidden' name='clubnr' value='" . $_GET['clubnr'] . "'/>
<input type='image' src='update.png' alt='Update' width='22' height='22'>
</form>
<form id='delete' action='deleteLid.php' method='POST'>
<input type='hidden' name='id' value='" . $leden->ID_lid . "'/>
<input type='image' src='delete.png' alt='detele' width='22' height='22'>
</form></td> ";
}
}
}
$mysqli->close();
}

You need to ensure that the array index exists before you try to use it. Being that it is a $_GET variable, it may not have been passed as a URL parameter.
Uncomment
//if (isset($_GET['vragen'])){
To
if (isset($_GET['vragen'])){

Two things are happening:
you have Notice warnings on. See here on how to turn them off: (How do I turn off PHP Notices?)
It's probably one of the $_GET parameters that you didn't specify on the url. So when you load the page, you're accessing the $_GET superglobal, but there may be nothing in it, and you're trying to print out that value.
You can either turn off notices or use a function to get a values from $_GET, and in this function check that the value isset() first before you access it.

when you visit the site you do something like: mysite.com?vragen=ledenvjf
if you forget the part after the ? there is no $_GET['vragen'] and the notice is thrown
this line
//if (isset($_GET['vragen'])){
prevents the notice from being thrown you should uncomment it together with this line:
// }

It means that variable vragen is not set so your $_GET array doesn't have any element with index vragen.
Uncomment //if (isset($_GET['vragen'])){ and // } since this was checking if $_GET variable with name vragen was set. Example of when this check will pass index.php?vragen=ledenvjf

Update is not working in database

Dont mind the security issues, this is just local testing, but when ever i click the update button none of the changes go through on the page or on the query and i get no erros.
<?php
$link = mysqli_connect("localhost", "root", "", "test") or die("could not connect");
if (isset($_POST['update'])) {
$updateQuery = (" UPDATE `test1` SET f_name = '$_POST[f_name]', l_name='$_POST[l_name]', email='$_POST[email]' WHERE id='$_POST[id]'");
mysqli_query($link, $updateQuery);
};
$query = ("SELECT * FROM `test1`");
$result = mysqli_query($link, $query);
echo "<table border=1
<tr>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
</tr>";
while($row = mysqli_fetch_array($result)) {
echo "<form method=post action=update.php>";
echo "<tr>";
echo "<td>" . "<input type=text name=f_name value=" . $row['f_name'] . " </td>";
echo "<td>" . "<input type=text name=l_name value=" . $row['l_name'] . " </td>";
echo "<td>" . "<input type=text name=email value=" . $row['email'] . " </td>";
echo "<td>" . "<input type=hidden name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=submit value=update" . " </td>";
echo "</tr>";
}
?>

change your form to
while($row = mysqli_fetch_array($result)) {
echo "<form method=post action=update.php>";
echo "<input type=hidden name=update>";
echo "<tr>";
echo "<td>" . "<input type=text name=f_name value=" . $row['f_name'] . " </td>";
echo "<td>" . "<input type=text name=l_name value=" . $row['l_name'] . " </td>";
echo "<td>" . "<input type=text name=email value=" . $row['email'] . " </td>";
echo "<td>" . "<input type=hidden name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=submit value=update" . " </td>";
echo "</tr>";
}

POST keys should be in quotes. Try this instead:
$updateQuery = "UPDATE test1 SET f_name = ".$_POST['f_name'].", l_name=."$_POST['l_name'].", email=".$_POST['email']." WHERE id=".$_POST['id'];

Try this:
$updateQuery = ("UPDATE `test1` SET f_name = '{$_POST['f_name']}', l_name='{$_POST['l_name']}', email='{$_POST['email']}' WHERE id='{$_POST['id']}'");
Also you can try echoing something inside your if (isset($_POST['update'])) { to make sure it is testing true.
Here is your problem:
if (isset($_POST['submit']) && $_POST['submit'] == 'update') {
The name of the submit button is submit not update, the value is update.

Categories