I currently have a search screen to display results. A user can click on a link in that search screen to open a new window and view additional information. Currently i'm able to display the additional information as a table however I want to display the data in text boxes.
Currently my code to display the data ins a table is as follows: Code to get the id of the row that the user has clicked on
$id = $_GET['id'];
$sql = "SELECT user_id, name, age, address
FROM details
WHERE user_id= '".id."'";
$query = mysqli_query($connection, $sql);
$_SESSION['user_id'] = $id;?>
Code to display the data as a table:
<tr>
<th>name</th>
<th>age</th>
<th>address</th>
</tr>
<tbody>
<?php while ($row = mysqli_fetch_array($query)){ ?>
<tr>
<td><?php echo $row['name'] ?></td>
<td><?php echo $row['age'] ?></td>
<td><?php echo $row['address'] ?></td>
</tr>
</tbody>
I want to display the data in text boxes and its not as easy as I thought. I thought I could just changethe row to a text box as below.
<label for="name">Full Name:</label>
<input id="name" style="width: 150px; type="text" value="<?php echo $row['name']; ?>
Any pointers would be greatly appreciated.
As another has said you are open to abuse here but because anyone can type anything into the address bar as a get variable. Try this instead.
<?php
// First check you have the get, then if so retrieve it and run this till the end
if ($_GET) {
// Sanitize the get data
$id = mysqli_real_escape_string($connection, $_GET['id']);
$id = strip_tags($id);
$id = trim($id);
$id = urldecode($id);
$id = htmlspecialchars($id);
// Select the get data from your table
$select = mysqli_query($connection, "select user_id,name,age,address from details where user_id='$id'");
// Check if at least one record actually exists
if (mysqli_num_rows($select)>0) {
// Retrieve an array from your select, this will get all records for that ID so you may want to close the while loop before echoing the results in HTML if you have multiple records...
while ($row=mysqli_fetch_array($select)) {
$real_id = $row['user_id'];
$name = $row['name'];
$age = $row['age'];
$address = $row['address'];
// Display the results in HTML
echo "
<label for='id'>ID</label>
<input type='text' id='id' value='$real_id'>
<label for='name'>Name</label>
<input type='text' id='name' value='$name'>
<label for='age'>Age</label>
<input type='text' id='age' value='$age'>
<label for='address'>Address</label>
<input type='text' id='address' value='$address'>
";
}
}
}
mysqli_close($connection);
?>
Conclusions: if there is no GET data or if the GET data doesn't correspond to anything in your table nothing will happen.
Related
Here Is my problem: I do not get any error with my code but my problem is when i click the 'Delete Multiple' Button it does nothing not even reload the page.
Note: By The Way the redirect_to(); function i created so do not get confused by thinking that is a php function or anything
PHP Code:
display_errors(E_ALL);
if(isset($_POST['muldelete'])) {
$mul = $_POST['checkdelete'];
$sql = "DELETE FROM cmarkers WHERE id = " . $mul;
$result = mysqli_query($db, $sql);
redirect_to("elerts.php");
}
HTML Code:
<form action="elerts.php" method="post">
<table class="table table-striped">
<tr>
<td> </td>
<td>Date</td>
<td>Comment</td>
<td>Actions</td>
</tr>
<?php
$sql = "SELECT * FROM cmarkers";
$result = $db->query($sql);
while ($row = mysqli_fetch_assoc($result)) {
?>
<tr>
<td><input type="checkbox" name="checkdelete[]" value="<?php echo $row['id']; ?>" /></td>
<td><?php echo $row['date']; ?></td>
<td><?php echo $row['comment']; ?></td>
<td>DeleteEdit</td>
</tr>
<?php
}
?>
<input type="submit" name="muldelete" value="Delete Multiple" />
</table>
</form>
Thank You
If you need more info please let me know
First, your code contain some attention and placements errors.
input between <table> outer of td's is incorrect.
You can't make a multiple delete if you generate one form by value to
delete.
Fix them.
Getting Array of muldelete
To all the checked inputs, you must add the array field symbol
to clusterize the name "muldelete" to a post array.
<td><input type="checkbox" name="checkdelete[]" value="<?php $row['id']; ?>" /></td>
PHP side
Now you can fetch whole deletion array, like this:
if(!empty($_POST["muldelete"]))
{
$mul = join(',', $_POST['checkdelete']);
// Using IN() to make only one query for all records instead of multiple
// ex: IN(3, 4, 54, 8)
$query = "DELETE FROM cmarkers WHERE id IN(".$mul.")";
$result = mysqli_query($db, $query);
redirect_to("elerts.php");
}
Security
If ID's are integer value, you can prevent string injection into the sql query
$mul = array_map(function($id)
{
return intval($id);
}, $mul);
Your button is outside the <form></form> tags, so it is not related to the form elements or the form method at all. Instead of having a different form for each checkbox you should surround the entire table with the form tags thus ensuring that all the checkboxes and the button are in the same form.
<form method='post' action='elerts.php'>
<table class="table table-striped">
...all your table data including checkboxes...
<input type="submit" name="muldelete" value="Delete Multiple" />
</table>
</form>
I think because You are closing form tag earlier than submit button.
Try to put whole table into and should work.
PHP should looks like
display_errors(E_ALL);
if(isset($_POST['muldelete'])) {
$mul = implode(',',$_POST['checkdelete']);
$sql = "DELETE FROM cmarkers WHERE id IN(" . $mul.")";
$result = mysqli_query($db, $sql);
redirect_to("elerts.php");
}
Scenario:
The user inputs the reference number and based on his reference number, I should display the location equivalent to it.
SQL:
require_once('conn.php');
$refnum = (isset($_POST['refOff'])) ; //Get filename set in form
$query = mysql_query("SELECT * FROM pilot WHERE geo=$refnum");
// display query results
while($row = mysql_fetch_array($query))
{
$rname =$row['rname'];
$pname =$row['pname'];
$mname =$row['mname'];
}
HTML:
<tr>
<td width="283" height="32">Region:</span> </td>
<td width="407"> <input type="text"value="<?php echo $rname;?>"/></td>
</tr>
<tr>
<td width="283" height="32">Province:</span> </td>
<td width="407"> <input type="text"value="<?php echo $pname;?>"/></td>
</tr>
<tr>
<td width="283" height="32">City:</span> </td>
<td width="407"> <input type="text"value="<?php echo $mname;?>"/></td>
</tr>
The PROBLEM:
Errors are being displayed saying the rname,pname,and mname are undefined. What is wrong?Thanks again
First of all I'm believing that you have an input element of this sort in your html:
<label for='refOff'>Reference Number: </label>
<input type='text' id='refOff' name='refOff'/>
This line in your code:
$refnum = (isset($_POST['refOff']))
only returns a boolean value (i.e. true or false) and never returns the actual value the user has entered into the 'refOff' html input element. This should rather work well using the ternary operator:
$refnum = (isset($_POST['refOff']))? $_POST['refOff'] : null;
if($refnum){
$query = mysql_query("SELECT * FROM pilot WHERE geo=$refnum");
// display query results
while($row = mysql_fetch_array($query))
{
$rname =$row['rname'];
$pname =$row['pname'];
$mname =$row['mname'];
}
}
Goodluck!
hye all expert, i have a page (history.php) that retrieve their old data after user login:- beside each TITLE there a check box,
TITLE
<checkbox> BAT101
<checkbox> BAT102
<checkbox> BAT201
<button> COMPARE SELECTED
for example, let say if user check checkbox for BAT101 and BAT201 then click button COMPARE SELECTED then go to the new page .php that will display like this:-
TITLE PERCENTAGE RESULT
BAT 101 30%
BAT 201 50.2%
The data for percentage result were stored in a database, same with the title..
Anyone know the source code should i implement?
This is my code for history.php currently..many thanks...!!
<?php
session_start();
if(isset($_SESSION['idmember'])){
$idmembersession = $_SESSION['idmember'];
}
include'configure.php';
?>
<html>
<title>History Page</title><head></head>
<body>
<table>
<tr>
<th></th>
<th>TITLE</th>
<th>ACTION</th>
</tr>
<?php
$query = "SELECT * FROM documents where idmember='$idmembersession'";
$sql_query = mysql_query($query) or die('Error 3 :'.mysql_error());
while($data = mysql_fetch_array($sql_query,MYSQL_ASSOC)){
$title = $data['subject'];
?>
<tr>
<td><input type="checkbox" name="checkbox" value="<?php echo $title ?>" /></td>
<?php
echo "<td>$title</td>";
}
?>
</tr>
</table>
Compare selected
</body></html>
use this for creating check box...
<input type="checkbox" name="selectedcheck[<?php echo $title ?>]" value="<?php echo $title.'=>'.$iddoc; ?>" />
it will create a array with name selectedcheck[].
in the newpage.php you can catch this array of selected check box by this using
<?php
if(isset ($_POST["vehicle"]))
{
$selectedcheckbox = $_POST["selectedcheck"];
foreach($selectedcheckbox as $title=>$value)
{
echo $title . " Value=" . $value;
}
}
?>
I am trying to update whatever content in the textbox that has been edited and post to database. However, only the second record is update but the first record is not. I think should be the while loop problem but I don't what is the mistake.
Here's my edit page code:
viewadmindb.php
<?php
session_start();
include('adminconfig.php');
$sql = "SELECT * FROM admin ORDER BY ID";
$result = mysql_query($sql);
?>
<body>
<div id="wrap">
<div id="status"></div>
<form method="POST" action="adminsave.php" onSubmit="return validate(this);">
<table class="viewdb" contentEditable="true">
<tr><td id='fcolor' style='border:2px solid black' align=center> ID </td>
<td id='fcolor' style='border:2px solid black' align=center> Name </td>
<td id='fcolor' style='border:2px solid black' align=center> Password </td>
<td id='fcolor' style='border:2px solid black; width:auto;' align=center>
Department</td>
<td id='fcolor' style='border:2px solid black' align=center> Email </td></tr>
<div id="content">
<?php
while($row = mysql_fetch_array($result)){ ?>
<tr>
<td style='border:2px solid black; width:auto' align=center><?php echo $row[] =
$row['ID'] ?></td>
<td style='border:2px solid black' align=center> <?php echo $row[]
= $row['name'] ?> </td>
<td style='border:2px solid black' align=center> <?php echo $row[] =
$row['password'] ?> </td>
<td style='border:2px solid black; width:200px' align=center> <?php echo $row[] =
$row['department'] ?> </td>
<td style='border:2px solid black' align=center> <?php echo $row[] = $row['email']
?> </td>
<tr>
<td><input id='edit' type = 'text' name="ID[]" value='<?php echo $row['ID'] ?>'
maxlength="50"></td>
<td><input id='edit' type = 'text' name="name[]" value='<?php echo $row['name']
?>'
maxlength="50"></td>
<td><input id='edit' type = 'text' name="password[]" value='<?php echo
$row['password'] ?>' maxlength=50"></td>
<td><input id='edit' type = 'text' name="department[]" value='<?php echo
$row['department'] ?>' maxlength="50"></td>
<td><input id='edit' type = 'text' name="email[]" value='<?php echo
$row['email']?>'
style='width:300px' " maxlength="50"></td>
<?php } ?>
<td><input id='edit' type='submit' name='<?php $row['ID'] ?>' value='Submit'/>
</td></tr>
</table>
</form>
<?php
$ID=$row['ID'];
$name=$row['name'];
$password=$row['password'];
$department=$row['department'];
$email=$row['email'];
?>
adminsave.php
<?php
session_start();
include('adminconfig.php');
$ids=$_POST['ID'];
$name_arr=$_POST['name'];
$password_arr=$_POST['password'];
$department_arr=$_POST['department'];
$email_arr=$_POST['email'];
foreach(($ids as $key=>$id) {
$name = $name_arr[$key];
$password = $password_arr[$key];
$department = $department_arr[$key];
$email = $email_arr[$key];
$sql = "UPDATE admin SET name = '$name',password = '$password',
department ='$department',email = '$email' WHERE ID = '$id'";
}
$result = mysql_query($sql);
if(!$result){
die('invalid query:'.mysql_error());
}
else
echo ("<tr><td>" . "Data updated succesfully..." . "</td></tr>");
header('Refresh:5; url=viewadmindb.php');
die;
?>
You really should look up into how ID's are supposed to work in html. The basic things is that ID must be unique. You should not have two or more elements with same ID. But in your case it's the name-attribute that is the issue.
If you have a loop like this...
while($row = mysql_fetch_array($result)){ ?>
<tr>
<td><input id='edit' type = 'text' name="ID" value='<?php echo $row['ID'] ?>'
maxlength="50"></td>
</tr>
}?>
...and you have two rows from the $result-recordset, you will echo out html something like this:
<tr>
<td><input id='edit' type = 'text' name="ID" value='1'
maxlength="50"></td>
</tr>
<tr>
<td><input id='edit' type = 'text' name="ID" value='2'
maxlength="50"></td>
</tr>
Your then saving values into the database based on a element with name ID. But the problem is that PHP doesn't know which of the rows above it should use (How could PHP know?). When refering to an element that has a duplicate the last element in the DOM is used. Therefore only this row is take into account:
<tr>
<td><input id='edit' type = 'text' name="ID" value='2'
maxlength="50"></td>
</tr>
There are no loop in adminsave.php that indicates you want to save several values. It just tells that you want to save content into database with a specific ID.
$sql = "UPDATE admin SET name = '$name',password = '$password',
department ='$department',email = '$email' WHERE ID = '$ID'";
and because the last row in the DOM is used, the update-statement would be:
$sql = "UPDATE admin SET name = '$name',password = '$password',
department ='$department',email = '$email' WHERE ID = '2'";
You can solve this by making the name-element an array by adding brackets to name-elements: (Also make edit a class instead of an id because it's ok to have duplicate classes but not duplicate ids)
<tr>
<td><input class='edit' type = 'text' name="ID[]" value='<?php echo $row['ID'] ?>'
maxlength="50"></td>
</tr>
But then you would also have to loop through the array
<?php
$ids = $_POST['ID']; //Get array from form
$name_arr = $_POST['name'];
$password_arr = $_POST['password'];
$department_arr = $_POST['department'];
$email_arr = $_POST['email'];
foreach($ids as $key=>$id) {
//Get specific element in each array
$name = $name_arr[$key];
$password = $password_arr[$key];
$department = $department_arr[$key];
$email = $email_arr[$key];
//Create sql and execute
$sql = "UPDATE admin SET name = '$name',password = '$password',
department ='$department',email = '$email' WHERE ID = '$id'";
$result = mysql_query($sql);
}
The row:
$sql = "SELECT * FROM admin WHERE $ID = '$ID'";
is pointless because the variable $sql is overritten on the next row.
Note that above is just for demonstrating how the basic concepts of ids, names and arrays works when handling forms. You should really not just mysql_* functions, but instead read up on PDO or mysqli instead. You should sanitize (make sure unwanted data is not injected into db) before updating.
The whole Logic is wrong.
Just pass in the query string from main page to another php page ex from:admin_detail.php to edit_admin.php
Then query db for data based on passed query string
echo them in desired textbox.
then call update statement.
viewadmindb.php
The var $row you didnot set. Just ad this $row = mysql_fetch_array($reslult); before you access to table values.
What is this $row[] = $row['name'] ? You refill $row, and after you cannot access the original value from database. Use ony labels, no vars like <td> E-mail: </td>
adminsave.php
You rewrited the $sql var. The line $sql = "SELECT * FROM admin WHERE $ID = '$ID'; you donot need to use.
Good tip: use the css syntax ` and border the varchars with {$var}:
"UPDATE `admin` SET `name` = '{$name}', `password` = '{$password}', `department` = '{$department}', `email` = '{$email}' WHERE `ID` = '{$ID}'"
It seems you are new to php.
Your code is not well formated and not really readable.
Don't do $_POST['...'] and write this value directly into database (security issue => mysql injection) So please insert mysql_real_escape_string($value) before you insert into database.
What the hack is that? echo $row[] = $row['password'] don't do that! only echo is enough.
Solution of your answer:
It's normal that your code update only the last iteration of the while loop, because only the last value will be stored into the $_POST array.
If you wanna fix that you have to make the form as array like:
<input id='edit' type = 'text' name="name[]" value='<?php echo $row['name'] ?>'
maxlength="50">
Then in your viewadmindb.php you have to iterate over this values again and make for each value an extra update query which updates the value in the database.
UPDATE:
The foreach loop should look like this in adminsave.php:
$arrIds = array();
$arrNames = array();
$arrDepartments = array();
$arrPasswords = array();
// ... add all necessary vars you wan a fetch from the post request
$arrIds[] = $_POST['name'][];
$arrNames[] = $_POST['name'][];
$arrDepartments[] = $_POST['department'][];
$arrResults = array(); // To store result data if necessary
foreach($arrIds as $key => $item) {
// Build sql query
$sql = "UPDATE admin SET name = '". $arrNames[$key] . "',password = '". $arrPasswords[$key] . "',
department ='". $arrDepartments[$key] . "',email = '". $arrEmailss[$key] . "' WHERE ID = '$item'";
// Execute query!
$arrResults[] = mysql_query($sql);
}
So now you should be able to get it running...
My main issue that I am running into is basically this:
I have a while loop that generates results from a query. With the results that have been generated, I want the ability to update the table the original query was from.
The query produces the expected results, but the table is not being updated when I click the REMOVE button. I am also trying to find a solution for the results to be updated after the UPDATE query executes...
<?php
$sql = "SELECT * FROM vehicles WHERE sold='n' ORDER BY year DESC";
$query = mysql_query($sql);
while ($row = mysql_fetch_array($query)) {
echo
"
<tr>
<td style='border-bottom-style:dotted;padding-top:10px;padding-bottom:10px;font-size:.9em'>",$row['year'],"</td>
<td style='border-bottom-style:dotted;padding-top:10px;padding-bottom:10px;font-size:.9em'>",$row['make'],"</td>
<td style='border-bottom-style:dotted;padding-top:10px;padding-bottom:10px;font-size:.9em'>",$row['model'],"</td>
<td style='border-bottom-style:dotted;padding-top:10px;padding-bottom:10px;font-size:.9em'><input type='submit' name='remove' value='REMOVE' style='background-color:#C33;color:white;padding:10px;border-radius:5px;width:70px'/></td>
</tr>";
if(isset($_POST['remove'])){
$removeSql = "UPDATE `table`.`vehicles` SET `display`='0' WHERE `vin`='{$row['vin']}'";
mysql_query($removeSql) or die('check that code dummy');
}
}
mysql_close($connection);
?>
That's a submit button, will not work without form tag. You can't do it this way.
You can write the remove code on a separate page and convert that submit button to normal button and pass vin id on click of that button and call that page using ajax.
Or if you don't know ajax and want to do it on that page itself then do it this way :
<?php
$sql = "SELECT * FROM vehicles WHERE sold='n' ORDER BY year DESC";
$query = mysql_query($sql);
while ($row = mysql_fetch_array($query)) {
echo
"
<tr>
<td style='border-bottom-style:dotted;padding-top:10px;padding-bottom:10px;font-size:.9em'>",$row['year'],"</td>
<td style='border-bottom-style:dotted;padding-top:10px;padding-bottom:10px;font-size:.9em'>",$row['make'],"</td>
<td style='border-bottom-style:dotted;padding-top:10px;padding-bottom:10px;font-size:.9em'>",$row['model'],"</td>
<td style='border-bottom-style:dotted;padding-top:10px;padding-bottom:10px;font-size:.9em'>
<form action="" method="POST">
<input type="hidden" name="vin_id" value="<?php echo $row['vin']; ?>">
<input type='submit' name='remove' value='REMOVE' style='background-color:#C33;color:white;padding:10px;border-radius:5px;width:70px'/>
</form></td>
</tr>";
}
if(isset($_POST['remove'])){
$removeSql = "UPDATE `table`.`vehicles` SET `display`='0' WHERE `vin`='".$_POST['vin_id']."'";
mysql_query($removeSql) or die('check that code dummy');
}
mysql_close($connection);
?>