My website must consist of a page with table where admin must upload some file. Later that file is saved by php as a blob in mysql, however, $_FILES cannot find and index of my file input. Please help finding a mistake.
<tr>
<th>ID</th>
<th>Genre</th>
<th>Extension</th>
<th>Description</th>
<th>Demo-art</th>
<th>Price</th>
<th>Upload</th>
<th>Delete</th>
</tr>";
$array=array();
for($m=0; $row=mysqli_fetch_array($full); $m++)
{
$array[$m]=$row['ArtID'];
echo "<form method='POST' action='checker.php'>";
echo "<tr>";
echo "<td><input class='asd' value='$array[$m]' readonly name='name'></td>";
echo "<td>".$row['Genre']."</td>";
echo "<td>".$row['Extension']."</td>";
echo "<td>".$row['Description']."</td>";
echo "<td><input type='file' name='arts'></td>";
echo "<td><input class='priceinput' name='price' placeholder='Price'></td>";
echo "<td><input type='submit' name='Upload' value='Upload'></td>";
echo "<td><input type='submit' name='Delete' value='Delete'></td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
;}
PHP code
session_start();
$conn= new mysqli("127.0.0.1", "root", "","projectwork") or die ("Can't connect to db");
if($_POST["Upload"]) {
$price=$_POST["price"];
$id=$_POST["name"];
if ($price!=NULL) {
if (is_uploaded_file($_FILES['arts']['tmp_name'])) {
$imgData = addslashes(file_get_contents($_FILES['arts']['tmp_name']));
$imageProperties = getimageSize($_FILES['arts']['tmp_name']);
$sql = "Update arts SET imageData='".$imgData."', imageType='".$imageProperties['mime']."' WHERE ArtID=".$id."";
$current_id = mysqli_query($conn, $sql) or die("<b>Error:</b> Problem on Image Insert<br/>" . mysqli_error($conn));
}
$insert="UPDATE arts SET Price='".$price."', Is_Done='1' WHERE ArtID=".$id."";
$finalquery=$conn->query($insert);
echo $price." ".$id;
}
Apart from security flaws in your code you are missing enctype='multipart/form-data' inside the form element.
Try:
echo "<form method='POST' action='checker.php' enctype='multipart/form-data'>";
It will tell the browser you're sending a file.
Related
This is the code that im using to display the data.(registos.php)
<?php
$con = mysqli_connect('localhost','root','');
if (!$con)
{
die('Could not connect: ' . mysqli_error());
}
mysqli_select_db($con,'databaseteste');
$result =mysqli_query($con,("SELECT * FROM `formando2`"));
if (!$result) {
printf("Error: %s\n", mysqli_error($con));
exit();
}
echo "<table class=mainmenu border='1' width=100% >
<p><caption><h1>Registos</h1></caption></p>
<tr>
<th>Primeiro Nome</th>
<th>Ultimo Nome</th>
<th>Numero C.C</th>
<th>Numero contribuinte</th>
<th>Email</th>
<th>Morada</th>
<th>Código postal</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr><form action=update.php method=post>";
echo "<td><input type=text name=pname value='".$row['PrimeiroNome']."'></td>";
echo "<td><input type=text name=sname value='".$row['UltimoNome']."'></td>";
echo "<td><input type=text name=bi value='".$row['NumeroBI']."'></td>";
echo "<td><input type=text name=contri value='".$row['NumeroContribuinte']."'></td>";
echo "<td><input type=text name=email value='".$row['Email']."'></td>";
echo "<td><input type=text name=morada value='".$row['Morada']."'></td>";
echo "<td><input type=text name=cpostal value='".$row['CodigoPostal']."'></td>";
echo "<td><input type=hidden name=id value='".$row['idformando2']."'></td>";
echo "<td><input type=submit></td>";
echo "</tr>";
}
echo "</table>";
?>
This is the code that's giving me the problem i guess, in the update code.(update.php)
<?php
$con = mysqli_connect('localhost','root','');
if (!$con){die('Could not connect: ' . mysqli_error());}
mysqli_select_db($con,'databaseteste');
$update ="update `formando2`
set PrimeiroNome='$_POST[pname]',
UltimoNome='$_POST[sname]',
NumeroBI='$_POST[bi]',
NumeroContribuinte='$_POST[contri]',
Email='$_POST[email]',
Morada='$_POST[morada]',
CodigoPostal='$_POST[cpostal]'
where idformando2='$_POST[id]'";
if(mysqli_query($con,$update)){
header("refresh:1; url=registos.php");}
else{
printf("Error: %s\n", mysqli_error($con));
}
?>
When i submit it redirect's me to the update.php page then to the registos.php again, but the data still is the same.Registo Screen
Post update
You aren't closing your form tag.
You need
echo "</form></tr>";
instead of
echo "</tr>";
in registos.php
Since this loop can obviously render multiple forms to the page, you might have an issue with nested forms, or just invalid HTML, causing confusion when you post back.
I think you have not put name of the input box in single quotes or double quotes of all fields
it should be
echo "";
My Code so far. The data gets pulled correctly
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM Request");
echo "<table border='1'>
<tr>
<th>First Name</th>
<th>Last Name</th>
<th>Prayer Request</th>
<th>Deactivate Request</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Reg_F_Name'] . "</td>";
echo "<td>" . $row['Reg_L_Name'] . "</td>";
echo "<td>" . $row['Reg_Request'] . "</td>";
echo "<td><input name=\"checkbox[]\" type=\"checkbox\" id=\"checkbox[]\" value=\"".$rows['Reg_ID']. "\" /></td>";
echo "</tr>";
}
echo "</table>";
echo
"<form action='' method='post'>
<input type='submit' name='use_button' value='Update' />
</form>";
if(isset($_POST['use_button']))
{
echo "hey";
$del_id = $_POST['checkbox'];
$detectinglocations = 'your database table name';
foreach($del_id as $value){
$sql = "Update Request set Reg_Status=0 WHERE Reg_ID='".$value."'";
$result = mysql_query($sql);
}
}
mysqli_close($con);
?>
Nothing Happens when I Click Submit. I am wanting it to Update the reg_Status to 0 for every check box that is click. So whats my problem. Thank you in advance for helping!
try adding an input hidden field with same name as the checkbox name before each checkbox and with value 0 .
The checkbox doesnt get posted when not checked.
Im a newbie and working on a project for school
I have a website that lists foods.
I have an update table that allows me to change and add data.
For the food group field I have it cross reference another table called food_group which has the food_group(name) and an id.
When you view the food data you can see the name that it pulls instead of the ID. On the update page I would like a drop down to be in the place of the ID. So you can see the "friendly" name instead of the ID number, but it has to store the ID not the friendly name in the food table.
Website can be found at http://web.nmsu.edu/~jrortiz/ICT458/FINAL/
The code I have is:
<html>
<head>
</head>
<body>
<?php
$con = mysqli_connect("localhost","user","pw","db");
if (!$con){
die("Can not connect: " . mysql_error());
}
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE food SET food_group='$_POST[Food_group]', food='$_POST[Food]', ph='$_POST[PH]' WHERE food='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM food WHERE Food='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
if(isset($_POST['add'])){
$AddQuery = "INSERT INTO food (Food_group, Food, PH) VALUES ('$_POST[addGroup]','$_POST[addFood]','$_POST[addPH]')";
mysql_query($AddQuery, $con);
};
$sql = "SELECT * FROM food";
$myData = mysqli_query($con,$sql);
echo "<table border=1>
<tr>
<th>Food Group</th>
<th>Food</th>
<th>PH</th>
<th>Update/Add</th>
<th>Delete</th>
</tr>";
while($record = mysqli_fetch_array($myData)){
echo "<form action=updateFood.php method=post>";
echo "<tr>";
echo "<td><input type='text' name='Food_group' value='$record[food_group]'/></td>";
echo "<td><input type='text' name='Food' value='$record[food]'/></td>";
echo "<td><input type='text' name='PH' value='$record[ph]'/></td>";
echo "<td><input type='submit' name='update' value='update'/></td>";
echo "<td><input type='submit' name='delete' value='delete'/></td>";
echo "<td><input type='hidden' name='hidden' value='$record[food]'/></td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=updateFood.php method=post>";
echo "<tr>";
echo "<td><input type='text' name='addGroup'></td>";
echo "<td><input type='text' name='addFood'></td>";
echo "<td><input type='text' name='addPH'></td>";
echo "<td><input type='submit' name='add' value='add'/></td>";
echo "</tr>";
echo "</form>";
echo "</table>";
mysql_close($con);
?>
</body>
</html>
____________ Update 12/2/13 10:30pm ___________________
Ok so if I create a new php page like the following it will work. However, I have no idea how to combine it into the original above... Can anyone help?
<html>
<head>
</head>
<body>
<?php
// Connect to the database server
$con = mysql_connect("localhost","user","pw");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("db",$con);
$sql2="SELECT id, food_group FROM food_group";
$result = mysql_query($sql2,$con) or die(mysql_error());
while ($row = mysql_fetch_array($result)) {
$type=$row["food_group"];
$options.= '<option value="'.$row['id'].'">'.$row['food_group'].'</option>';
};?>
<SELECT NAME=Food_group>
<OPTION VALUE=0>Choose</OPTION>
<?php echo $options; ?>
</SELECT>
</body>
</html>
Thank you for all your help!
Jason
Your script is nice but I just want to point the following:
There's no need to concatenate this
"<td>" . "<input type=text name=Food_group value=" . $record['food_group'] . " </td>";
you can type it like this:
echo "<td><input type=text name=Food_group value='$record[food_group]'</td>";
also you missed to close your input tag
echo "<td><input type=text name=Food_group value='$record[food_group]' /></td>";
and another is you need to quote your attribute values , see below
echo "<td><input type='text' name='Food_group' value='$record[food_group]'</td>";
Last thing is that you're open to SQL injection, so you should start learning mysqli and prepared statement
I'm writing an php script to approve users that registered on my page, but i'm facing a little problem when i want to approve them. Here's as far as i could get.
Table:
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("activation") or die(mysql_error());
//User Approval Script
$result2 = mysql_query("SELECT * FROM userinfo WHERE status='0'")
or die(mysql_error());
echo "<table border='1'>";
echo "<tr> <th>Name</th> <th>Action</th> <th>Hours</th> <th>Approve</th> </tr>";
while($row = mysql_fetch_array( $result2 )) {
// Print out the contents of each row into a table
echo "<tr><td>";
echo $row['first_name'];
echo "</td><td>";
echo $row['last_name'];
echo "</td>";
echo "<td>";
echo $row['email'];
echo "</td><td>";
echo "<form action=\"approve.php\" method=\"post\"><input name=\"approve[]\" type=\"checkbox\">";
echo "</td></tr>";
}
echo "</table>";
echo "<input type=\"submit\" value=\"Approve\"></form>";
?>
approve.php
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("activation") or die(mysql_error());
$ticked = $_POST['approve'];
foreach($ticked as $id) {
mysql_query("UPDATE status SET approved = '1' WHERE `ID` = '$id'");
}
unset($id);
?>
I would also like to know how i can send email to each user that is approved...
Thanks in advance everyone!
Edit:
The page on approve.php is all blank, and status isn't getting updated.
Can you try this, Moved <form> tag from near checkbox into top and added checkbox value with $row["id"]
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("activation") or die(mysql_error());
//User Approval Script
$result2 = mysql_query("SELECT * FROM userinfo WHERE status='0'")
or die(mysql_error());
echo "<form action=\"approve.php\" method=\"post\"><table border='1'>";
echo "<tr> <th>Name</th> <th>Action</th> <th>Hours</th> <th>Approve</th> </tr>";
while($row = mysql_fetch_array( $result2 )) {
// Print out the contents of each row into a table
echo "<tr><td>";
echo $row['first_name'];
echo "</td><td>";
echo $row['last_name'];
echo "</td>";
echo "<td>";
echo $row['email'];
echo "</td><td>";
echo "<input name=\"approve[]\" type=\"checkbox\" value='".$row["id"]."' >";
echo "</td></tr>";
}
echo "</table>";
echo "<input type=\"submit\" value=\"Approve\"></form>";
?>
In approve.php,
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("activation") or die(mysql_error());
$ticked = $_POST['approve'];
foreach($ticked as $id) {
mysql_query("UPDATE status SET approved = '1' WHERE `ID` = '$id'");
$message ='Approved message';
mail('to email address', 'Your Subject', $message);
}
?>
Note: Use mysqli_* functions or PDO instaed of using mysql_* functions (deprecated)
You tried to open form in loop while and missed attribute value in checkbox.
Change
echo "<form action=\"approve.php\" method=\"post\"><input name=\"approve[]\" type=\"checkbox\">";
To
echo '<input name="approve" type="checkbox" value='.$row["id"].'>';
Then put echo "<form action ='approve.php' method='post'>"; above while($row = mysql_fetch_array( $result2 )) {
You should have one large form, with many checkboxes (I imagine that's what your second page is based upon), but checkboxes are <input>s, not <form>s. Your final HTML should look something like:
<form>
<table>
...
<td><input type="checkbox" name="approve[]" value="USERIDTHATYOUWANTTOAPPROVE"></td>
...
<td><input type="checkbox" name="approve[]" value="OTHERUSERIDTHATYOUWANTTOAPPROVE"></td>
...
</table>
</form>
Also!
Your code is very susceptible to SQL Injection. See How can I prevent SQL injection in PHP? and Why shouldn't I use mysql_* functions in PHP?.
You should use prepared statements to offload work in your code (you only send the query once, and change the parameters each time).
Please refer to the image below:
http://i.stack.imgur.com/6hBPC.png
For instance, if a user clicks the button on the row which says "You have a quiz for math", the "Quiz ID" value of THAT row would then be passed to another PHP file.
Here's my current code:
<?php
$con=mysqli_connect("127.0.0.1", "root", "", "quizmaker");
if (mysqli_connect_errno($con))
{
echo "MySqli Error: " . mysqli_connect_error();
}
$now=date("m/d/Y");
$sql=mysqli_query($con,"SELECT * FROM quiz_query WHERE quiz_date='$now'");
$count=mysqli_num_rows($sql);
if($count>=1)
{
echo "<table border='1' width='50%'>";
echo "<form action='answer_quiz.php' method='post'>";
echo "<tr>
<td>You have a pending quiz!</td><td> </td><td> </td>
</tr>";
$number=1;
while($result=mysqli_fetch_array($sql))
{
echo "<tr>";
echo "<td>You have a quiz for " . $result['subject'] . "</td>";
echo "<td>Quiz ID: " .$result['quiz_ID']. "</td>";
echo "<td><input type='submit' name='button' id='button' value='Take Quiz'>";
echo "<input type='hidden' name='quiz[$number]' value='$result[quiz_ID]'>";
echo "</td>";
echo "</tr>";
$number++;
}
echo "</form>";
echo "</table>";
}
else
{
"You have no quiz! :D";
}
mysqli_close($con);
?>
Move this line:
echo "<form action='answer_quiz.php' method='post'>";
Inside of the while loop.
Also, change
echo "<input type='hidden' name='quiz[$number]' value='$result[quiz_ID]'>"
with
echo "<input type='hidden' name='quizId' value='$result[quiz_ID]'>"
Now, in answer_quiz.php you'll receive $_POST['quizId'] with the value you need.
Change your while to :
while( $row = $result->fetch_array(MYSQLI_ASSOC)){
echo $row['subject'];
}
You are forgetting quotes around your variable:
Instead of
echo "<input type='hidden' name='quiz[$number]' value='$result[quiz_ID]'>";
It should be
echo "<input type='hidden' name='quiz[$number]' value='$result[\"quiz_ID\"]'>";