PHP query when a user submit a form select - php

I want to delete a row from a form select when i click on submit input with an sql query,(i think i am wrong on something, but i don't understand what) as you can see below for my example :
My list and the blue case i want to delete on submit
My actual code, and the $supp i want to do when the user click on submit
`
<form method="POST">
<select>
<?php
// Drop Down
$res = null;
$sql2 = "SELECT `sinistre_type` FROM `form_sinistre`";
$query2 = $db->prepare($sql2);
$query2->execute();
// INIT > PREP > EXEC > SUPP
$supp = "DELETE FROM `form_sinistre` WHERE `sinistre_type` = '$res'";
$query3 = $db->prepare($supp);
$sendbddsupp = $query3->execute();
echo "<option disabled selected>..Choix Possible..</option>\n";
while ($res = $query2->fetch(PDO::FETCH_NUM)) {
echo "<option name='res'>" . $res[0] . "</option>\n";
}
?>
</select>
<input type="submit" value="Supprimer">
</form>
`
Some $_POST config
`
<?php
session_start(); //debut de SESSION
include("config.php"); //Appel de la bdd
// ... INIT VARIABLES ...
$sinistre_type = "";
$sinistre_desc_dmg = "";
$list = "";
if (empty($_POST)) { // SANS COOKIES / POST
} else { // AVEC COOKIES / POST
$sinistre_type = $_POST['nom'];
$sinistre_desc_dmg = $_POST['vent'];
$res = $_POST['res'];
$sql = "INSERT INTO `form_sinistre` (sinistre_type, sinistre_desc_dmg) VALUES (:sinistre_type, :sinistre_desc_dmg)";
$query = $db->prepare($sql);
$query->execute(array(':sinistre_type' => $sinistre_type, ':sinistre_desc_dmg' => $sinistre_desc_dmg));
}
var_dump(isset($_POST['res']));
?>
`
(EDIT : my list is linked with my db and working that why i want to send sql query)
Thanks by advance for your help, if you need more information let me know :)

Related

input file Update images inside database

So im trying to change the image thats already inside the database but i cant seem to make it work i kept looking at tutorials and other related questions but couldnt find the exact solution.
this is what i have in php
// Als de knop van de formulier is ingedrukt update de data dat van de database afkomt
if (isset($_POST['update'])) {
if (isset($_GET['id'])) {
$chauffeurs_id = $_GET['id'];
}
if (isset($_POST['Chauffeurs_foto'])) {
$Chauffeurs_foto = $_POST['Chauffeurs_foto'];
}
$sql = "SELECT * FROM chauffeurs ORDER BY 'chauffeurs_geboortedatum ASC";
$sql = "UPDATE `chauffeurs`
SET `Chauffeurs_foto`=$Chauffeurs_foto
WHERE `id`='$chauffeurs_id'";
$result = $conn->query($sql);
if ($result == TRUE){
echo "Aanpassingen zijn voltooid.";
}else{
echo "Error:" . $sql . "<br>" . $conn->error;
}
}
if (isset($_GET['id'])) {
$id = $_GET['id'];
$sql = "SELECT * FROM `chauffeurs` WHERE `id`='$id'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$id = $row['id'];
$chauffeurs_foto = $row['chauffeurs_foto'];
}
$backId = $_SESSION['krijgid'];
Here is my html code:
<!-- Formulier waar alles in komt om te veranderen -->
<form action="" method="post" enctype='multipart/form-data' >
<fieldset>
<legend>Gegevens chauffeur:</legend>
<div class="form-group col-md-4">
//I did it like this so i could style the input file
<input type="file" name="file" id="file" class="inputfile" value="data:image/jpeg;base64, <?php.base64_encode($row['chauffeurs_foto']).?>" />
<label class="btn btn primary"for="file">Choose a file</label>
<input type="submit" value="Chauffeur Aanpassen" name="update">
</fieldset>
</form>
</div>
If anyone of you has a solution i would greatly appreciate it cause i need to finish it for my internship if not i'm just going to keep searching.

File uploads can be tricky. May I suggest you start by reading the documentation on file uploading first?
You will see that your upload can best be reached using the $_FILES array. You will need to store the uploaded data in a variable, using the file_get_contents() method. And it's the file data you'll be uploading to your mySQL server.
Your code should look something like this:
$foto = file_get_contents($_FILES['file']['tmp_name']);
$sql = "UPDATE `chauffeurs` SET `Chauffeurs_foto`='{$foto}' WHERE `id`='$chauffeurs_id'";
Finally, it's generally not good practise to store file data in your database, as the database size can get out of hand if the number of files you're storing in it grows. You're better off storing files (and images) separately and only storing a file reference in the database.

You have mistakes in your '. Try this code:
session_start();
include "config.php";
if (isset($_POST['update'])) {
if (isset($_GET['id'])) {
$chauffeurs_id = $_GET['id'];
}
if (isset($_POST['Chauffeurs_foto'])) {
$Chauffeurs_foto = $_POST['Chauffeurs_foto'];
}
$sql = "UPDATE chauffeurs SET Chauffeurs_foto = '$Chauffeurs_foto' WHERE id = '$chauffeurs_id'";
$result = $conn->query($sql);
if ($result == TRUE){
echo "Aanpassingen zijn voltooid.";
}else{
echo "Error:" . $sql . "<br>" . $conn->error;
}
}
if (isset($_GET['id'])) {
$id = $_GET['id'];
$sql = "SELECT * FROM `chauffeurs` WHERE `id`='$id'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while ($row = $result->fetch_assoc()) {
$id = $row['id'];
$chauffeurs_foto = $row['chauffeurs_foto'];
}
$backId = $_SESSION['krijgid'];
}
}

Assuming this is for a real application, you should properly escape SQL values for security reasons. Never trust user input! I'm going to assume you're using mysqli, so I'm using mysql::real_escape_string().
Also, you should properly embed your variables in the query, like so:
if (isset($_GET['id'])) {
$chauffeurs_id = $conn->real_escape_string($_GET['id']);
}
if (isset($_POST['Chauffeurs_foto'])) {
$Chauffeurs_foto = $conn->real_escape_string($_POST['Chauffeurs_foto']);
}
$sql = "SELECT * FROM chauffeurs ORDER BY `chauffeurs_geboortedatum` ASC"; // This statement can you remove, it will never be used in this way
$sql = "UPDATE `chauffeurs` SET `Chauffeurs_foto` = '{$Chauffeurs_foto}' WHERE `id`='{$chauffeurs_id}'";
Succes ermee.

Creating the Name of the checkbox dynamically in PHP

I have just written this code and assign the name of the check box dynamically and delete the selected checkbox when delete button is pressed. But it isn't working. Can somebody help me??
main.php
$snooverhtml = "select * from songs_list";
$query7 = mysqli_query($con, $snooverhtml);?>
<form method="post" action="delete.php">
<input id="deletebtn" type="submit" name="deletethis" value="Delete"/></br>
<?php while($row = mysqli_fetch_assoc($query7)):?>
<input type="checkbox" name="<?php echo "cb".$row['sno.'];?>"/><?php echo $row['sno.']?> <?php echo $row['songs_name']?></br>
<?php
endwhile;
?>
delete.php
$noofsongs = "select * from songs_list";
$query8 = mysqli_query($con, $noofsongs);
$noio = mysqli_num_rows($query8);
$flag = 0;
if(isset($_POST['deletethis'])){
for($j=0; $j<=$noio ;$j++){
if (isset($_POST['<?php echo"cb".$j;?>'])){
$deletesongsquery = "DELETE FROM `songs_list` WHERE `sno.` = $j" ;
$query4 = mysqli_query($con, $deletesongsquery);
$flag = $flag + 1;
}
}
echo $flag;
}

You are already in PHP so $_POST['<?php echo"cb".$j;?>'] is incorrect. That is looking for <?php echo"cb".$j;?> literally as an index of $_POST which it never finds so isset is false. Use:
$_POST['cb'.$j']
or in your code usage:
if (isset($_POST['cb'. $j])){
You also should use parameterized queries. http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
http://php.net/manual/en/security.database.sql-injection.php

Mysqli not updating

I'm trying to update the database after select a few options and submit (using isset). The page display some information after a database query, and then I have to update the database according to the selected option.
If I run exactly the same query that is inside the function "actualizarEstado" but on a third page, then it works. What am I doing wrong? I can't understand. Tried to kill and close the first connection, but I get the same results. Thanks in advice!
<?php
include '00-conexion.php';
$data = extract($_GET);
$sql = "SELECT * FROM inscripciones WHERE nroInscripcion = $sel";
$retval = mysqli_query($conexion, $sql);
$fila = mysqli_fetch_array($retval);
if(isset($_POST['ejecutar'])){
actualizarEstado($sel);
}
function actualizarEstado($sel){
$estado = $_POST['estado'];
$sql2 = "UPDATE inscripciones SET revision1='',
revision2='',
revision3='',
revision4='',
revision5='',
revision6='',
revision7='',
revision8='',
revision9='',
estado='$estado'
WHERE nroInscripcion = $sel";
if (!mysqli_query($conexion, $sql2)) {
die('Error: ' . mysqli_error($conexion));
}
}
?>
<form method="post" action="">
<tr><td><select name="estado" from="estado">
<option value="aceptado">Aceptar</option>
<option value="rechazado">Rechazar</option>
<option value="revision">En revision</option>
</tr/></td>
<tr><td><input type="submit" value="Actualizar" name="ejecutar" onclick="return confirm('¿Estás seguro que deseas?')" /></tr></td>
</form>

I think you have to pass the $connexion variable through the function!
Make it something like this:
function actualizarEstado($myConnection,$sel){
$estado = $_POST['estado'];
$sql2 = "UPDATE inscripciones SET revision1='',
revision2='',
revision3='',
revision4='',
revision5='',
revision6='',
revision7='',
revision8='',
revision9='',
estado='$estado'
WHERE nroInscripcion = $sel";
if (!mysqli_query($myConnection, $sql2)) {
die('Error: ' . mysqli_error($myConnection));
}
}
and call the function like:
actualizarEstado($connexion,$sel);

PHP Not updating on reload

I'm trying to create a system that when i submit the form, after the page refresh it should show the new values that i get from the database. The values work well when they go into the databse but they dont show after submited, only when i refresh again. Thanks for helping
<?php
include("connect.php");
$query = "SELECT * FROM `laliga`";
$result = mysql_query($query);
while($row = mysql_fetch_assoc($result)){
$id = $row['id'];
$home = $row['home'];
$away = $row['away'];
$win = $row['win'];
$draw = $row['draw'];
$lose = $row['lose'];
}
echo "<h2>La Liga</h2>";
echo $home, " - ", $away;
if (isset($_POST) && $_POST['laliga'] == 1){
$select = mysql_real_escape_string($_POST['laliga']);
$select = $win + $select;
mysql_query("UPDATE laliga SET win='$select'");
}else if (isset($_POST) && $_POST['laliga'] == 'X'){
$select = mysql_real_escape_string($_POST['laliga']);
$select = '1';
$select = $draw + $select;
mysql_query("UPDATE laliga SET draw='$select'");
}else if (isset($_POST) && $_POST['laliga'] == 2){
$select = mysql_real_escape_string($_POST['laliga']);
$select = '1';
$select = $lose + $select;
mysql_query("UPDATE laliga SET lose='$select'");
}
header('Location: ../laliga.php');
?>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="radio" name="laliga" value="1">1
<input type="radio" name="laliga" value="X">X
<input type="radio" name="laliga" value="2">2
<input type="submit" name="submit" value="Submit"/>
</form>
<br/>
<?php
echo $home, " -> ", $win;
echo "<br/>Barazim -> ", $draw,"<br/>";
echo $away, " -> ", $lose;
?>

You should handle all of the post data at the top of the PHP file, whilst the header function will solve your problem it's a silly and inefficient way of approaching it. by handling the post data and updating the database first, by the time you query the database the data is there! at the moment you are trying to find the data and then adding it. does this make sense?
Good luck!

Add:
header('Location: <mypage.php>');
After mysql_query.

PHP Validating Submit

I'm working on a project where a user can click on an item. If the user clicked at it before , then when he tries to click at it again it shouldn't work or INSERT value on the DB. When I click the first item(I'm displaying the items straight from database by id) it inserts into DB and then when I click at it again it works(gives me the error code) doesn't insert into DB. All other items when I click at them , even if I click for the second, third, fourth time all of it inserts into DB. Please help guys. Thanks
<?php
session_start();
$date = date("Y-m-d H:i:s");
include("php/connect.php");
$query = "SELECT * FROM test ORDER BY `id` ASC LIMIT 3";
$result = mysql_query($query);
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$submit = mysql_real_escape_string($_POST["submit"]);
$tests = $_POST["test"];
// If the user submitted the form.
// Do the updating on the database.
if (!empty($submit)) {
if (count($tests) > 0) {
foreach ($tests as $test_id => $test_value) {
$match = "SELECT user_id, match_id FROM match_select";
$row1 = mysql_query($match)or die(mysql_error());
while ($row2 = mysql_fetch_assoc($row1)) {
$user_match = $row2["user_id"];
$match = $row2['match_id'];
}
if ($match == $test_id) {
echo "You have already bet.";
} else {
switch ($test_value) {
case 1:
mysql_query("UPDATE test SET win = win + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
case 'X':
mysql_query("UPDATE test SET draw = draw + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
case 2:
mysql_query("UPDATE test SET lose = lose + 1 WHERE id = '$test_id'");
mysql_query("INSERT INTO match_select (user_id, match_id) VALUES ('1','$test_id')");
break;
default:
}
}
}
}
}
echo "<h2>Seria A</h2><hr/>
<br/>Welcome,".$username."! <a href='php/logout.php'><b>LogOut</b></a><br/>";
while ($row = mysql_fetch_array($result)) {
$id = $row['id'];
$home = $row['home'];
$away = $row['away'];
$win = $row['win'];
$draw = $row['draw'];
$lose = $row['lose'];
echo "<br/>",$id,") " ,$home, " - ", $away;
echo "
<form action='seria.php' method='post'>
<select name='test[$id]'>
<option value=\"\">Parashiko</option>
<option value='1'>1</option>
<option value='X'>X</option>
<option value='2'>2</option>
</select>
<input type='submit' name='submit' value='Submit'/>
<br/>
</form>
<br/>";
echo "Totali ", $sum = $win+$lose+$draw, "<br/><hr/>";
}
} else {
$error = "<div id='hello'>Duhet te besh Log In qe te vendosesh parashikime ndeshjesh<br/><a href='php/login.php'>Kycu Ketu</a></div>";
}
?>

Your problem is here :
$match = "SELECT user_id, match_id FROM match_select";
$row1 = mysql_query($match)or die(mysql_error());
while ($row2 = mysql_fetch_assoc($row1)) {
$user_match = $row2["user_id"];
$match = $row2['match_id'];
}
You are not checking it correctly. You have to check if the entry in match_select exists for the user_id and the match_id concerned. Otherwise, $match would always be equal to the match_id field of the last inserted row in your database :
$match = "SELECT *
FROM `match_select`
WHERE `user_id` = '<your_id>'
AND `match_id` = '$test_id'";
$matchResult = mysql_query($match)or die(mysql_error());
if(mysql_num_rows($matchResult)) {
echo "You have already bet.";
}
By the way, consider using PDO or mysqli for manipulating database. mysql_ functions are deprecated :
http://www.php.net/manual/fr/function.mysql-query.php

validate insertion of record by looking up on the table if the data already exists.
Simplest way for example is to
$query = "SELECT * FROM match_select WHERE user_id = '$user_id'";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0)
{
// do not insert
}
else
{
// do something here..
}

In your form you have <select name='test[$id]'> (one for each item), then when you submit the form you are getting $tests = $_POST["test"]; You don't need to specify the index in the form and can simply do <select name='test[]'>, you can eventually add a hidden field with the id with <input type="hidden" value="$id"/>. The second part is the verification wich is not good at the moment; you can simply check if the itemalready exist in the database with a query

Categories