Hi I'm learning php and mysql and creating simple user system. Now I wan't to display user data from mysql to the page using PHP. But I'm struggling with that because I can't get data from databasa even though user correctly sign in. I don't know what is wrong with the code, can't find problem and I was trying difference ways to grab data and display but nothing is working and always variable with data is empty.
login-process.php
<?php
include('connection.php');
$error = array();
$email = $_POST['email'];
if(empty($email)){
$error[] = 'Email can not be empty!';
}
$password = $_POST['password'];
if(empty($password)){
$error[] = 'Password can not be empty!';
}
if(empty($error)){
// query
$query = "SELECT userID, firstName, lastName, email, password, profileImage FROM user WHERE email=?";
$q = mysqli_stmt_init($conn);
mysqli_stmt_prepare($q, $query);
mysqli_stmt_bind_param($q, 's', $email);
mysqli_stmt_execute($q);
// store result
$result = mysqli_stmt_get_result($q);
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
if(!empty($row)){
// checking password
// unhasing password
if(password_verify($password, $row['password'])){
header('location: user-profile.php');
exit();
} else {
echo "You are not a member";
}
}
}
// get user info
function get_user_info($con, $userID){
$query = "SELECT firstName, lastName, email, profileImage FROM user WHERE userID=?";
$q = mysqli_stmt_init($con);
mysqli_stmt_prepare($q, $query);
// bind the statement
mysqli_stmt_bind_param($q, 'i', $userID);
// execute sql statement
mysqli_stmt_execute($q);
$result = mysqli_stmt_get_result($q);
$row = mysqli_fetch_array($result);
return empty($row) ? false : $row;
}
user-profile.php
<?php
session_start();
include ('header.php');
$user = array();
if(isset($_SESSION['userID'])){
require ('mysqli_connect.php');
$user = get_user_info($con, $_SESSION['userID']);
}
?>
<section id="main-site">
<div class="container py-5">
<div class="row">
<div class="col-4 offset-4 shadow py-4">
<div class="upload-profile-image d-flex justify-content-center pb-5">
<div class="text-center">
<img class="img rounded-circle" style="width: 200px; height: 200px;" src="<?php echo isset($user['profileImage']) ? $user['profileImage'] : './assets/profile/beard.png'; ?>" alt="">
<h4 class="py-3">
<?php
if(isset($user['firstName'])){
printf('%s %s', $user['firstName'], $user['lastName'] );
}
?>
</h4>
</div>
</div>
<div class="user-info px-3">
<ul class="font-ubuntu navbar-nav">
<li class="nav-link"><b>First Name: </b><span><?php echo isset($user['firstName']) ? $user['firstName'] : ''; ?></span></li>
<li class="nav-link"><b>Last Name: </b><span><?php echo isset($user['lastName']) ? $user['lastName'] : ''; ?></span></li>
<li class="nav-link"><b>Email: </b><span><?php echo isset($user['email']) ? $user['email'] : ''; ?></span></li>
</ul>
</div>
</div>
</div>
</div>
</section>
<?php
include "footer.php";
?>
login.php
<?php
session_start();
include ('header.php');
include('login-process.php');
?>
<?php
$user = array();
require ('connection.php');
if(isset($_SESSION['userID'])){
$user = get_user_info($conn, $_SESSION['userID']);
}
if($_SERVER['REQUEST_METHOD'] == 'POST'){
require ('login-process.php');
}
?>
<section id="register">
<nav class="navbar nav">
<img src="./image/logo.png" width="150px" height="150px" alt="">
</nav>
<div class="row ml-5 m-0">
<div class="col-lg-4 offset-lg-1">
<div class="text-center pb-5">
<h1 class="login-title text-white">Sign in.</h1>
<p class="p-1 m-0 font-poppins text-white-50">Welcome back! Please enter your details.</p>
</div>
<div class="upload-profile-image d-flex justify-content-center pb-5">
<div class="text-center">
<div class="d-flex justify-content-center">
<img class="camera-icon" src="./image/camera.png" alt="camera">
</div>
<img src=<?php echo isset($user['profileImage']) ? $user['profileImage']: "./assets/profile-picture/avatar.jpg"; ?> style="width: 200px; height: 200px" class="img rounded-circle" alt="profile">
<small class="form-text text-white-50">Choose Image</small>
<input type="file" form="reg-form" class="form-control-file" name="profileUpload" id="upload-profile">
</div>
</div>
<div class="d-flex justify-content-center">
<form action="login.php" method="post" enctype="multipart/form-data" id="reg-form">
<div class="form-row my-4">
<div class="col">
<input type="email" value="<?php if(isset($_POST['email'])) echo $_POST['email']; ?>" required name="email" id="email" class="form-control" placeholder="Email*">
</div>
</div>
<div class="form-row my-4">
<div class="col">
<input type="password" required name="password" id="password" class="form-control" placeholder="Password*">
</div>
</div>
<small id="login-error" class="text-danger">hi</small>
<div class="form-inline">
<input type="checkbox" name="agreement" class="form-check-input">
<label for="agreement" class="form-check-label pr-3 font-poppins text-white-50">Remember for 30 days</label>
Forgot password
</div>
<div class="submit-btn text-center my-5">
<button type="submit" onclick="confirmPassword(event)" class="btn btn-dark rounded-pill text-white px-5 py-3">Create account</button>
</div>
</form>
</div>
</div>
</div>
</section>
<?php
include ('footer.php');
?>
register-process.php
<?php
include ('connection.php');
//data from the form
$firstName = $_POST['first-name'];
$lastName = $_POST['last-name'];
$email = $_POST['email'];
$password = password_hash($_POST['password'], PASSWORD_DEFAULT);
$files = $_FILES['profileUpload'];
$profileImage = upload_profile("./assets/profile-picture", $files);
//sending data from input to the database
$sql = "INSERT INTO user VALUES (DEFAULT , '$firstName', '$lastName', '$email', '$password', '$profileImage', NOW())";
if (mysqli_query($conn, $sql)) {
session_start();
$_SESSION['userID'] = mysqli_insert_id($con);
header('location:login.php');
exit();
} else {
echo "ERROR";
echo mysqli_error($conn);
}
//image
function upload_profile($path, $file){
$targetDir = $path;
$default = "avatar.jpg";
$filename = basename($file['name']);
$targetFilePath = $targetDir.$filename;
$fileType = pathinfo($targetFilePath, PATHINFO_EXTENSION);
if(!empty($filename)){
// file format
$allowType = array('jpg', 'png', 'gif', 'jpeg');
if(in_array($fileType, $allowType)){
// send file to the folder
if(move_uploaded_file($file['tmp_name'], $targetFilePath)){
return $targetFilePath;
};
}
}
//if user does not load picture return the default one
return $path .$default;
}
I would like to ask for code example how to display data from database into website when I have ID
You're not setting $_SESSION['userId'] when a user logs in successfully, so the part
if(isset($_SESSION['userID'])){
$user = get_user_info($conn, $_SESSION['userID']);
}
will not trigger and $user will not be set.
Change
if(password_verify($password, $row['password'])){
header('location: user-profile.php');
exit();
} else {
echo "You are not a member";
}
to
if(password_verify($password, $row['password'])){
$_SESSION['userId'] = $row['userId']
header('location: user-profile.php');
exit();
} else {
echo "You are not a member";
}
You haven't set the value for $_SESSION['userID']
use this
session_start();
$user_id = $_SESSION['userID'];
hope it will solve your problem
Related
When adding a name with a space in the search bar the header and the footer remains however the body disappears.
I even added ini_set('display_errors', '1') and ini_set( 'default_charset', 'UTF-8' ); to check for errors however that didn't help.
Please note that the function works fine except when when entering any spaces
Here is the code:
<?php
//ini_set('display_errors', '1');
//ini_set( 'default_charset', 'UTF-8' );
session_start();
$title="Search";
include('includes/connection.php');
$url=parse_url($_SERVER['REQUEST_URI'],PHP_URL_PATH);
$url_array=explode("/",$url);
$name=end($url_array);
$uname = urldecode($name);
$position="absolute";
$sql ="SELECT userName , firstName, lastName,id
FROM users
WHERE userName LIKE ?
or firstName like ?
or lastName Like ?
or concat(firstName,' ',lastName) = ?";
$params=array("$uname","$uname","$uname","$uname");
$query= $dbh -> prepare($sql);
if($query-> execute($params)){
$results=$query->fetchAll(PDO::FETCH_OBJ);
if($query->rowCount() > 6) {
$position="inherit";
} else {
$position="absolute";
}
}
if (!$results) {
$mess = true;
// echo '<script type="text/javascript">alert("Hi");</script>';
}
//else {
//$mess = true;
//$query->errorInfo();
//}
include('includes/header.php');
//else
//{
// $mess = $query->errorInfo();
// echo '<script type="text/javascript">alert("'.$mess[2].'");</script>';
//}
?>
<main role="main" class="mbr-fullscreen" style="display: grid;position: <?php echo $position;?>;">
<div class="album py-5" >
<div class="container">
<div class="row">
<?php
if(!$results) {
echo'<div class="col-lg-12 mx-auto">
<center>
<h1 style="padding: 10px; color: #575957;">No results found</h1>
<h6>We couldn\'t find any user matching your search</h6>
<a href="/index.php" class="btn btn-primary display-4" >Search Again</a>
</center>
</div> ';
}
?>
<?php
foreach($results as $result) {
?>
<div class="col-md-4">
<div class="card mb-4 shadow-sm">
<div class="card-body">
<h3 class="card-text text-center" style="text-transform: capitalize;"><?php echo htmlentities($result->userName);?></h3>
<p class="text-center"> <?php echo htmlentities ($result->firstName).' '; echo htmlentities ($result->lastName); ?> </p>
<div class="d-flex justify-content-between align-items-center">
<div class="btn-group mx-auto mbr-form">
View
</div>
</div>
</div>
</div>
</div>
<?php
}
?>
</div>
</div>
</div>
</main>
<?php include('includes/footer.php');?>
Like statement does not work like that. You should change your query in the proper format.
Replace:
$params=array("$uname","$uname","$uname","$uname");
With:
$params=array("%$uname%","%$uname%","%$uname%","%$uname%");
1. Add $uname=str_replace(" ", "% %", $uname); after $uname = urldecode($name); to wrap each space with %
2. Replace concat(firstName,' ',lastName) = ? With concat(firstName,' ',lastName) like ?
3. Follow Tahasin instructions, Replace $params=array("$uname","$uname","$uname","$uname"); with $params=array("%$uname%","%$uname%","%$uname%","%$uname%");
I solved the problem by adding the following line in the home page
search = search.replace(/\s/g,"-");
And in my search page, I added the following code
$name=str_replace('-',' ',$uname);
You people are great, thank you for helping me out
I'm redoing the whole post since I had hard time explaining the issue or question.
What this code does:
The user can create a new training session. They can name it and if they want to, they can copy the content from previously created session.
I'm using Bootstrap 4 list group items to show the previous sessions. My problem is that I can not catch the user selection to post the data to activateSaveTrainingSession.php, which includes the SQL query to insert the new data to the database.
I can pass the data from the form to the action php file from inputSessionName -input. As you can see, I've also tried using input type="hidden". It kind of works, but it only uses the $sessionId from the first row it fetches, not the user selection. And thats the problem: how do I catch which list item the user selects, so I can post the data to the activateSaveTrainingSession.php?
<div class="row">
<div class="col-lg-12">
<form class="was-validated" action="activateSaveTrainingSession.php" method="post">
<div class="custom-control">
<div class="form-group">
<label for="inputSessionName" class="float-left"><?php echo $lang['TRAINING_SESSIONNAME_HEADER'] ?></label>
<input type="text" class="form-control" id="inputSessionName" name="inputSessionName" placeholder="Example 1" minlength="3" maxLength="128" required>
<small id="inputSessionNameHelp" class="form-text text-muted">
<?php echo $lang['TRAINING_SESSIONNAME_HELPTEXT'] ?>
</small>
</div>
</div>
<h5 class = "mt-3"><?php echo $lang['TRAINING_COPYSESSION_HEADER'] ?></h5>
<div class="row mt-3">
<div class="col-lg-6 mb-3">
<div class="list-group" id="list-tab" role="tablist">
<a class="list-group-item list-group-item-action active" id="list-doNotCopy-list" data-toggle="list" href="#list-doNotCopy" role="tab" aria-controls="list-doNotCopy">Do not copy</a>
<?php
$stmt = $link->prepare('SELECT `id`, `sessionName`, `createDate` FROM `trainingSessions` WHERE `userId` = ? ORDER BY `id` DESC LIMIT 5');
$stmt->bind_param('i', $currentUserId);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($sessionId, $sessionName, $sessionNameDate);
$sessionCounter = 0;
$tabsArray = array();
if ($stmt->num_rows > 0) {
while ($stmt->fetch()) {
$sessionNameDateFixed = date("d.m.Y", strtotime($sessionNameDate));
$sessionCounter += 1;
$listId = "list-$sessionId-list";
$tabId = "list-$sessionId";
array_push($tabsArray, $sessionId)
?>
<a class="list-group-item list-group-item-action" id="<?php echo $sessionId ?>" data-toggle="list" href="#<?php echo $tabId ?>" role="tab" aria-controls="<?php echo $tabId ?>"><?php echo $sessionName ?><input type='hidden' name='copySession' value='<?php echo $sessionId ?> '/></a>
<?php
}
} else {
echo "No results.";
}
$stmt->close();
echo "Displaying last $sessionCounter records.";
?>
</div>
</div>
<div class="col-lg-6">
<div class="tab-content" id="nav-tabContent">
<div class="tab-pane fade" id="list-doNotCopy" role="tabpanel" aria-labelledby="list-doNotCopy-list">Do not copy data from previous session.</div>
<?php
foreach ($tabsArray as $session) {
$tabsTextArray = array();
$stmt = $link->prepare('SELECT trainingSessions.id, workouts.workoutName, exercises.setNumber, exercises.reps, exercises.weights FROM workouts INNER JOIN exercises ON workouts.id = exercises.workoutId INNER JOIN trainingSessions on trainingSessions.id = exercises.sessionId WHERE exercises.userId = ? AND trainingSessions.id = ? ORDER BY exercises.id DESC');
$stmt->bind_param('ii', $currentUserId, $session);
$stmt->execute();
$stmt->store_result();
$stmt->bind_result($sessionId, $workoutName, $set, $reps, $weights);
if ($stmt->num_rows > 0) {
while ($stmt->fetch()) {
$tabText = "<strong>$workoutName</strong> sarja $set, $reps x $weights kg<br>";
array_push($tabsTextArray, $tabText);
}
}
$listId = "list-$sessionId-list";
$tabId = "list-$sessionId";
?>
<div class = "tab-pane fade" id="<?php echo $tabId ?>" role = "tabpanel" aria-labelledby = "<?php echo $listId ?>"><?php
foreach ($tabsTextArray as $text) {
echo "$text";
}
?>
</div>
<?php
}
$stmt->close();
?>
</div>
</div>
</div>
<button type="submit" name="buttonSaveTrainingSession" class="btn btn-success float-left">
<i class="fas fa-sd-card"></i>
<?php echo $lang['TRAINING_BTN_SAVE'] ?>
</button>
</form>
</div>
</div>
activateSaveTrainingSession.php
<?php
require_once('config/sql.php');
include_once('config/common.php');
if (!isset($_SESSION["loggedin"]) || $_SESSION["loggedin"] !== true) {
header("location: login.php");
exit;
}
$currentUserId = $_SESSION["currentUserId"];
$submitButton = strip_tags(trim($_POST['buttonSaveTrainingSession']));
if (isset($submitButton)) {
$inputSessioName = filter_var(trim($_POST["inputSessionName"]), FILTER_SANITIZE_FULL_SPECIAL_CHARS);
$copySessionID = filter_var(trim($_POST["copySession"]), FILTER_SANITIZE_NUMBER_INT);
if (empty($inputSessioName) && strlen($inputSessioName) < 3 && $inputSessioName > 128) {
header("location: training.php?msg=invalidSessionName");
} else {
echo "Name: $inputSessioName <br>";
echo "ID: $copySessionID";
}
} else {
header("location: 404.php");
}
?>
I think I understand your problem.
You send in the form several fields:
<input type = 'hidden' name = 'copySession' ...>
which have the same name and not in table form! so it is normal that when receiving the request:
$_POST["copySession"]
you get only one and therefore the first.
If you want to send them all, you have to do:
<input type = 'hidden' name = 'copySession[]' ...>
and you get the request as an array.
foreach($_POST["copySession"] as $sessionId){ ... }
If you want to send only one field, you must make them disabled with javascript in real time during the selection.
For example you put in all fields copySession disabled and you add a class to them. Then you add the same class on the button as well and when the user clicks on a button, the field concerned removes the disabled.
With jQuery something like:
//Click on button
$('a.specialClass').on('click', function(){
//Disabled all copySession inputs
$('input[name="copySession"]').prop('disabled', true);
//Let the field concerned able to be send
$('input.specialClass[name="copySession"]').prop('disabled', false);
});
Good luck!
I am trying to post a $_GET value so it cant insert the variable value into the database using $_SERVER["REQUEST_METHOD"].
<?php require_once("../includes/initialize.php"); ?>
<?php include("../includes/form_validation_card.php"); ?>
<?php $username = $_SESSION['username']; ?>
<?php
if(!isset($_GET['total']) && !isset($_GET['order_id'])){
redirect_to('order_summary.php');
}
$total = $_GET['total'];
$order = $_GET['order_id'];
?>
<?php
$username = $_SESSION['username'];
$sql = "SELECT * FROM customers WHERE username='$username'";
$result_set = $database->query($sql);
$found_user = $database->fetch_array($result_set);
?>
<?php include_layout_template('header2.php'); ?>
<div class="container">
<div class="row">
<br/><br/><?php echo output_message($message); ?>
</div>
<div class="row ">
<div class="jumbo jumbotron-fluid mx-auto d-block" style="height: 500px; width: 440px; background-color:#DCDCDC; border-radius: 5px;" >
<div class="text-center" style="margin: 3px;"><img src="logo/eden_petshop_logo.png" width="32" height="32"/><?php echo $found_user['first_name']; ?> <?php echo $found_user['last_name']; ?></div>
<p class="text-center">order id: #<?php echo $order; ?></p>
<h4 class="display-4 lead text-center">N<?php echo $total; ?></h4>
<div class="col-sm-6 col-sm-offset-3 mx-auto d-block">
<?php echo output_message($message); ?>
<form action="<?= $_SERVER['PHP_SELF']; ?>" method="post" class="form-horizontal">
<div class="form-group">
<div class="col">
<input type="text" name="card_number" onchange="trim(this)" placeholder="Card Number" class="form-control" id="card_number"/>
<span style="color: #EA4335"><?= $card_number_error; ?></span>
</div>
</div>
<div class="form-group">
<div class="row">
<div class="col">
<input type="text" name="mm_yy" class="form-control" onchange="trim(this)" placeholder="MM/YY">
<span style="color: #EA4335"><?= $mm_yy_error; ?></span>
</div>
<div class="col">
<input type="password" name="cvv" class="form-control" onchange="trim(this)" placeholder="CVV">
<span style="color: #EA4335"><?= $cvv_error; ?></span>
</div>
</div>
</div>
<div class="col-sm-12 col-sm-push-3">
<button type="submit" name="submit" value="Pay" class="btn bg-info btn-sm btn-block" onClick="return confirm('Are you sure your details are correct?');">Pay</button>
</div>
</form>
</div>
</div>
</div>
<?php include_layout_template('footer2.php'); ?>
This is the input display page but i am trying to the $total and $order $_GET variables insert into the database... Please note that every other part of the code assignment is working fine.
<?php
//define variables and set them to empty values
$total_error = $order_error = $card_number_error = $mm_yy_error = $cvv_error = "";
$timestamp = strftime("%Y-%m-%d %H:%M:%S", time());
//form is submitted with post method
if($_SERVER["REQUEST_METHOD"] == "POST"){
if(empty($_POST["card_number"])){
$card_number_error = "<div class=''>Card number is required</div>";
}else{
$card_number = test_input($_POST["card_number"]);
//Check if name only contains letters and whitespaces
if(!preg_match("/^(?=.*?[0-9]).{16,}$/",$card_number)){
$card_number_error = "<div>Only 16 numbers allowed</div>";
}
}
if(empty($_POST["mm_yy"])){
$mm_yy_error = "<div class=''>Card expiry is required</div>";
}else{
$mm_yy = test_input($_POST["mm_yy"]);
//Check if name only contains letters and whitespaces
if(!preg_match("/^(?=.*?[0-9]).{3,}$/",$mm_yy)){
$mm_yy_error = "<div class=''>Only numbers allowed</div>";
}
}
if(empty($_POST["cvv"])){
$cvv_error = "<div class=''>Card verification is required</div>";
}else {
$cvv = test_input($_POST["cvv"]);
//check if username is atleast 7 characters
if(!preg_match("/^(?=.*?[0-9]).{3,}$/",$cvv)){
$cvv_error = "<div class=''>Card verification must not be more than 3 numbers</div>";
}
}
if($card_number_error == "" && $mm_yy_error == "" && $cvv_error == ""){
$token = 'vfjhvbkebecbjDRCWVJEcbkrvlnke24tir7c_zdvbejw968350124';
$token = str_shuffle($token);
$token = substr($token, 0, 15);
$username = $_SESSION['username'];
$sql = "SELECT * FROM customers WHERE username='$username'";
$result_set = $database->query($sql);
$found_user = $database->fetch_array($result_set);
$email = $found_user['email_address'];
$pay = new Payment();
$pay->username = $username;
$pay->order_id = $order;
$pay->total = $total;
$pay->card_number = $card_number;
$pay->expiry = $mm_yy;
$pay->cvv = $cvv;
$pay->transaction_id = $token;
$pay->status = 0;
$pay->created_at = $timestamp;
if($pay->save()){
//$mail = new Mail();
//$mail->email_address = $email_address;
//$mail->send_transaction_confirmation();
unset($_SESSION['shopping_cart']);
$session->message('<div class="btn bg-success">Congratulations!!! Your order has been processed.</div>');
redirect_to('photos.php');
}
}
if(empty($_POST["message"])){
$message = "";
} else{
$message = test_input($_POST["message"]);
}
}
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
$data = htmlentities($data);
return $data;
}
?>
Please note that my $order and total are not getting inserted into my database... Any assistance on my preg_match would be appreciated... Thanks in advance.
You need to use $_POST in your broken code instead of $_GET. Notice your working code used $_POST instead, which is why it works.
hi i need help i have problem in my code and i can't figure the solutions please help me .
this is the dashboard:
image dashboard
and this is problem after click on delete:
delete problem
and this is my code php of posts file:
<?php
/*
===========================================================
=== Manage Members Page ===
=== You can add | edit | delete Members from here ===
===========================================================
*/
session_start();
if (isset($_SESSION['Username'])) {
include 'init.php';
$pageTitle = 'Posts';
$do = isset($_GET['do']) ? $_GET['do'] : 'Manage' ;
//Start Manage Page
if ($do == 'Manage'){ // Manage Members Page
$sort = 'ASC';
$sort_arry = array('ASC', 'DESC');
if(isset($_GET['sort']) && in_array($_GET['sort'], $sort_arry)) {
$sort = $_GET['sort'];
}
$stmt2 = $con->prepare("SELECT * FROM posts ORDER BY Ordering $sort");
$stmt2->execute();
$rows = $stmt2->fetchAll();
?>
<h1 class="text-center"> Manage Posts </h1>
<div class="container categories">
<div class="panel panel-default">
<div class="panel-heading">
<i class="fa fa-edit"></i> Manage Posts
<div class="ordering pull-right">
<i class="fa fa-sort"> </i>Ordering: [
<a class="<?php if ($sort == 'ASC') { echo 'active'; } ?>" href="?sort=ASC">Asc </a> |
<a class="<?php if ($sort == 'DESC') { echo 'active'; } ?>" href="?sort=DESC">Desc </a>
]
</div>
</div>
<div class="row">
<?php
foreach ($rows as $image) {
echo '<div class="col-md-3 col-sm-4 "><div class="thumbnail">';
echo '<h2 class="h4">'.$image['Name']. '</h2><div class="main">';
echo '<img src="data:image;base64,'.$image['Image'].' " alt="image name" title="image title" width="255" heigth="255">';
echo '</div>';
echo '<table class="table table-bordered">';
echo '<tr>';
echo '<td>' . "<a href='posts.php?do=Edit&id=". $image['ID'] ."' class='btn btn-xs btn-primary'><i class='fa fa-edit'></i> edit</a>" . '</td>';
echo '<td>' . "<a href='posts.php?do=Delete&id=". $image['ID'] ."' class='btn btn-xs btn-danger'><i class='fa fa-close'></i> Delete</a>" . '</td>';
echo '</tr>';
echo '</table>';
echo '</div>';
echo '</div>';
}
?>
</div>
<?php } elseif ($do == 'Add') { //add Member page ?>
<h1 class="text-center"> ajouter un nouveau post </h1>
<div class="container">
<form class="form-horizontal" enctype="multipart/form-data" action="?do=Insert" method="POST">
<!-- start Username fieled -->
<div class="form-group">
<label class="col-sm-2 control-label">Titre</label>
<div class="col-sm-10 col-md-8">
<input type="text" name="image-name" class="form-control" autocomplete="off" placeholder="username pour se connecter dans le site Web" required />
</div>
</div>
<!-- end Username fieled -->
<!-- start Password fieled -->
<div class="form-group">
<label class="col-sm-2 control-label">Image</label>
<div class="col-sm-10 col-md-8">
<input type="file" name="image" class="form-control" placeholder="mot de passe doit ĂȘtre difficile et complexe" required/>
</div>
</div>
<!-- end Password fieled -->
<!-- start Full name fieled -->
<div class="form-group">
<label class="col-sm-2" for="categorie">Categories:</label>
<div class="col-sm-10 col-md-8">
<select class="form-control" name="categorie">
<?php
$stmt = $con->prepare("SELECT * FROM `categories`");
// Execute the Statments
$stmt->execute();
// Assign to variable
$rows = $stmt->fetchAll();
?>
<?php
foreach ($rows as $cat) {
echo "<option value='" . $cat['ID'] . "'>". $cat['Name'] . "</option>";
}
?>
</select>
</div>
</div>
<!-- end Full name fieled -->
<!-- start submit fieled -->
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<input type="submit" value="Ajouter" class="btn btn-primary" />
</div>
</div>
<!-- end submit fieled -->
</form>
</div>
<?php
} elseif ($do == 'Insert') {
//insert Members Page
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
echo "<h1 class='text-center'> insert an post </h1>";
echo "<div class='container'>";
// Get variable from the form
$name = $_POST['image-name'];
$image= addslashes($_FILES['image']['tmp_name']);
$image= file_get_contents($image);
$image= base64_encode($image);
$cat = $_POST['categorie'];
//validate the form
$formErrors = array();
if (strlen($name) < 4) {
$formErrors[] = "title name cant be less then <strong> 4 caracter</strong>";
}
if (strlen($name) > 20) {
$formErrors[] = "title name cant be More then <strong> 20 caracter</strong>";
}
if (empty($name)) {
$formErrors[] = "Username Cant Be <strong>Empty</strong>";
}
// loop into eroos array and echo it
foreach ($formErrors as $Error) {
echo "<div class='alert alert-danger'>" . $Error . "</div>";
}
// check if There is no error procced the operations
if (empty($formErrors)) {
// check if user exist in database
$check = checkItem("Username", "users", $user);
if ($check == 1) {
$theMsg = "<div class='alert alert-danger'> Sorry this user is exist </div>";
redirectHome($theMsg, 'back');
} else {
// Insert User info into database
$stmt = $con->prepare("INSERT INTO posts(Name, Image, Cat_id)
VALUES (:name, :image, :cat)");
$stmt->execute(array(
'name' => $name,
'image' => $image,
'cat' => $cat,
));
// echo success message
$theMsg = "<div class='alert alert-success'>" . $stmt->rowCount() . ' Record Inserted </div> ';
redirectHome($theMsg, 'back', 5);
}
}
} else {
echo "<div class='container'>";
$theMsg = '<div class="alert alert-danger"> Sorry you cant browse this page directely </div>';
redirectHome($theMsg, 'back', 5); // 6 is secend of redirect to page in function
echo "</div>";
}
echo "</div>";
} elseif ($do == 'Edit') { // Edit Page
//check if GET request userid Is numeric & Get The integer value of it
$post = isset($_GET['id']) && is_numeric($_GET['id']) ? intval($_GET['id']) : 0;
//sellect All Data Depend On This ID
$stmt = $con->prepare("SELECT * FROM posts WHERE ID = ? LIMIT 1");
// execute Query
$stmt->execute(array($post));
//fetch the Data
$row = $stmt->fetch();
// The row count
$count = $stmt->rowCount();
// If Ther's Such Id show The Form
if ($count > 0) { ?>
<h1 class="text-center"> Modifier Post </h1>
<div class="container">
<form class="form-horizontal" enctype="multipart/form-data" action="?do=Update" method="POST">
<div class="col-md-6 col-md-offset-3 panel">
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>
<!-- start title fieled -->
<div class="form-group">
<label class="col-sm-2 control-label">Titre</label>
<div class="col-sm-10 col-md-8">
<input type="text" name="name" class="form-control" autocomplete="off" required value="<?php echo $row['Name']; ?>" >
</div>
</div>
<!-- end title field -->
<!-- start image filed -->
<div class="form-group">
<label class="col-sm-2 control-label">image</label>
<div class="col-sm-10 col-md-8">
<input type="file" name="image" class="form-control" />
</div>
</div>
<!-- end image filed -->
<!-- start Categories filed -->
<div class="form-group">
<label class="col-sm-2" for="categorie">Categories:</label>
<div class="col-sm-10 col-md-8">
<select class="form-control" name="categorie">
<?php
$stmt = $con->prepare("SELECT * FROM `categories`");
// Execute the Statments
$stmt->execute();
// Assign to variable
$rows = $stmt->fetchAll();
?>
<?php
foreach ($rows as $cat) {
echo "<option value='" . $cat['ID'] . "'>". $cat['Name'] . "</option>";
}
?>
</select>
</div>
</div>
<!-- Categories end-->
<!-- start submit fieled -->
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<input type="submit" value="sauvegarder" class="btn btn-primary" />
</div>
</div>
<!-- end submit fieled -->
</div>
</form>
</div>
<?php
// if there's No Such id Show Error Message
} else {
echo "<div class='container'>";
$theMsg = "<div class='alert alert-danger'>Theres is no such Id</div>";
redirectHome($theMsg);
echo "</div>";
}
} elseif ($do == 'Update') {
echo "<h1 class='text-center'> mis a jour Membre </h1>";
echo "<div class='container'>";
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
// Get variable from the form
$id = $_POST['id'];
$name = $_POST['name'];
$image = addslashes($_FILES['image']['tmp_name']);
$image = file_get_contents($image);
$image = base64_encode($image);
$cat = $_POST['categorie'];
//validate the form
$formErrors = array();
if (empty($name)) {
$formErrors[] = "<div class='alert alert-danger'>Username Cant Be <strong>Empty</strong> </div>";
}
if (empty($image)) {
$formErrors[] = "<div class='alert alert-danger'>FullName Cant Be <strong>Empty</strong></div>";
}
if (empty($cat)) {
$formErrors[] = "<div class='alert alert-danger'>Email Cant Be <strong>Empty</strong></div>";
}
// loop into eroos array and echo it
foreach ($formErrors as $Error) {
echo $Error;
}
// check if There is no error procced the operations
if (empty($formErrors)) {
// Update The Database With This Info
$stmt = $con->prepare("UPDATE posts SET Name = ? , Image = ? , Cat_id = ? WHERE ID = ?");
$stmt->execute(array($name, $image, $cat, $id));
// echo success message
$theMsg = "<div class='alert alert-success'>" . $stmt->rowCount() . ' Record Updated </div> ';
redirectHome($theMsg, 'back');
}
} else {
$theMsg = '<div class="alert alert-danger">Sorry you cant browse this page directely </div>';
redirectHome($theMsg);
}
echo "</div>";
}
elseif ($do == 'Delete') { // Delete Member Page
echo "<h1 class='text-center'> Delete Membre </h1>";
echo "<div class='container'>";
//check if GET request userid Is numeric & Get The integer value of it
$id = isset($_GET['id']) && is_numeric($_GET['id']) ? intval($_GET['id']) : 0;
//sellect All Data Depend On This ID
$check = checkItem('id', 'posts', $id);
// If Ther's Such Id show The Form
if ($check > 0) {
$stmt = $con->prepare("DELETE FROM users WHERE ID = :id");
$stmt->bindParam(":id", $id);
$stmt->execute();
$theMsg = "<div class='alert alert-success'>" . $stmt->rowCount() . ' Record Deleted </div> ';
redirectHome($theMsg);
} else {
$theMsg = "<div class='alert alert-danger'>This id not exist</div>";
redirectHome($theMsg);
}
echo "</div>";
}
include $tpl . 'footer.php';
} else {
header('Location: index.php') ;
exit();
}
from the error, id is the problem.
isset($_GET['id']) && is_numeric($_GET['id'])
i think what u want is
(isset($_GET['id']) && is_numeric($_GET['id']) )//close parantheses in wrong position
I've been coding PHP for 2 weeks (it's not pretty) and I have not been able to find the answer to my question. I want an admin type user to be able to fill a form and post it to a page where base level users can view the content. I've gotten all of this to work like a charm, but my dilemma is to allow the admin user to include an image as well. Maybe I just don't know what to search for.
Here is the php code and the form for the admin user page:
<?php
error_reporting(E_ALL & ~E_NOTICE);
session_start();
include_once("connection.php");
if (isset($_SESSION['adminid'])) {
$adminid = $_SESSION['adminid'];
$adminemail = $_SESSION['adminemail'];
if ($_POST['submit']) {
$title = $_POST['title'];
$deadline = $_POST['deadline'];
$content = $_POST['content'];
$sql_blog = "INSERT INTO blog (title, deadline, content, logoname) VALUES ('$title', '$deadline', '$content', '$logoname')";
$query_blog = mysqli_query($dbcon, $sql_blog);
echo "<script>alert('Your inquiry has been posted')</script>";
}
} else {
header('Location: index.php');
die();
}
$sql = "SELECT adminid, adminemail, adminpassword, adminname FROM admin WHERE adminemail = '$adminemail' LIMIT 1";
$query = mysqli_query($dbcon, $sql);
if ($query) {
$row = mysqli_fetch_row($query);
$adminname = $row[3];
}
?>
and here is the code for the base level user page: (i commented out the image block where I want the admin's image to be shown.
<main>
<div class="container">
<div class="row topbuffpost">
<h1>business inquiries</h1>
<hr>
<?php
include_once('connection.php');
$sql = "SELECT * FROM blog ORDER BY id DESC";
$result = mysqli_query($dbcon, $sql);
while ($row = mysqli_fetch_array($result)) {
$title = $row['title'];
$content = $row['content'];
$date = strtotime($row['deadline']);
?>
<div class="col-md-4 col-lg-3">
<div class="card hoverable">
<!-- <div class="card-image">
<div class="view overlay hm-white-slight z-depth-1">
<img src="">
<a href="#">
<div class="mask waves-effect">
</div>
</a>
</div>
</div> -->
<div class="card-content">
<h5> <?php echo $title; ?> <br/> <h6>Deadline |<small> <?php echo date("j M, Y", $date); ?> </small> </h6></h5> <br/>
<p> <?php echo $content; ?> </p>
<div class="card-btn text-center">
Read more
<i class="fa fa-lightbulb-o"></i>  propose a plan
</div>
</div>
</div>
</div>
<?php
}
?>
</div>
</div>
</main>
All of this works perfectly, I just can't figure out how to have an image display in the same way as the title, deadline, and content. Youtube wont help either, too much outdated php + I haven't been coding long enough to really work things out on my own.
You can save all user images under a folder (let's call /images/user) and record the file name into database.
if ($_POST['submit']) {
$title = $_POST['title'];
$deadline = $_POST['deadline'];
$content = $_POST['content'];
$logoname = basename($_FILES["fileToUpload"]["logoname"]; // <-- Make sure your form is ready to submit an file
// Update below as per your need.
$target = 'images/users/' . $logoname;
move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target);
$sql_blog = "INSERT INTO blog (title, deadline, content, logoname) VALUES ('$title', '$deadline', '$content', '$logoname')";
$query_blog = mysqli_query($dbcon, $sql_blog);
echo "<script>alert('Your inquiry has been posted')</script>";
}
You can then display the image your page
<main>
<div class="container">
<div class="row topbuffpost">
<h1>business inquiries</h1>
<hr>
<?php
include_once('connection.php');
$sql = "SELECT * FROM blog ORDER BY id DESC";
$result = mysqli_query($dbcon, $sql);
while ($row = mysqli_fetch_array($result)) {
$title = $row['title'];
$content = $row['content'];
$date = strtotime($row['deadline']);
$logoname = 'images/user/' . $row['logoname'];
?>
<div class="col-md-4 col-lg-3">
<div class="card hoverable">
<div class="card-image">
<div class="view overlay hm-white-slight z-depth-1">
<img src="<?php echo $logoname; ?>">
<a href="#">
<div class="mask waves-effect">
</div>
</a>
</div>
</div>
<div class="card-content">
<h5> <?php echo $title; ?> <br/> <h6>Deadline |<small> <?php echo date("j M, Y", $date); ?> </small> </h6></h5> <br/>
<p> <?php echo $content; ?> </p>
<div class="card-btn text-center">
Read more
<i class="fa fa-lightbulb-o"></i>  propose a plan
</div>
</div>
</div>
</div>
<?php
}
?>
</div>
</div>
</main>