I have a simple web form in HTML using POST and PHP against an SQLite3 database. The form asks for a database id. When entered and hitting submit, the result does not output to the screen.
Here is the code. Please help! It appears the variable is empty. Where am I going wrong?
Original Form HTML (edit_entry1.html):
<body bgcolor = "#C7CFCA">
</p></p>
<center><h2>Update a Record<br>
<form method="POST" action="update_record.php">
<br />
<center>
<h3>To update a record click on 'View Database' and find the record ID you want to update and enter that ID here.</h3>
</center>
<table>
<tr><td><h2>Record ID: </td><td><h2><input style="font-size:20px" type="text" name="archivo" size="80"></td></tr>
<tr><td><input type="submit" name="save" value="Submit" style="font-size:20px"></td><td><input type=reset value="Reset Form" style="font-size:20px"></td>
</table>
</form>
</center>
</html>
This is the corresponding php script (update_record.php):
<?php
{
//open the database
$db = new SQLite3('wc.db');
// Set Variables from POST
$record = $_POST["archivo"];
//now output the data to a simple html table...
echo "<!DOCTYPE html>\n";
echo "<html lang=\"en\">\n";
echo "<body bgcolor = \"#C7CFCA\" text = \"black\">\n";
echo "<center>";
echo "<p>Record ID is <?php echo $record ?>.</p>";
echo "<table>\n";
echo "<h2>Update a Record</h2>";
echo "<tr><th><u><h3>ID</th><th><u><h3>Last Name</th><th><u><h3>First Name</th>";
echo "<th><u><h3>Middle Name</th><th><u><h3>Section</th>";
echo "<th><u><h3>Lot</th><th><u><h3>Plot</th><th><u><h3>Burial Date</th><th><u><h3>Veteran</th></tr>\n";
$results = $db->query('SELECT id,last_name,first_name,middle_initial,section,lot,plot,burial_date,veteran FROM burials WHERE id = $record');
while ($row = $results->fetchArray()) {
echo "<tr><td><center><h3>" . $row['id'] . "</td><td><center><h3>" . $row['last_name'] . "</td><td><center><h3>" .
$row['first_name'] . "</td><td><center><h3>" . $row['middle_initial'] . "</td><td><center><h3>" .
$row['section'] . "</td><td><center><h3>" . $row['lot'] . "</td><td><center><h3>" . $row['plot'] . "</td><td><center><h3>" . $row['burial_date'] . "</td><td><center><h3>" . $row['veteran'] . "</td></tr>\n";
}
echo "</table>\n";
echo "<p>Record ID is <?php echo $record ?>.</p>";
echo "<label for=\"sql\"><h3>What do you want to update? </label>";
echo "<select id=\"option\">";
echo "<h3><option value=\"last_name\"><h3>Last Name</option>";
echo "<option value=\"fist_name\"><h3>First Name</option>";
echo "<option value=\"middle_initial\"><h3>Middle Name</option>";
echo "<option value=\"section\"><h3>Section</option>";
echo "<option value=\"lot\"><h3>Lot</option>";
echo "<option value=\"plot\"><h3>Plot</option>";
echo "<option value=\"burial_date\"><h3>Burial Date</option>";
echo "<option value=\"veteran\"><h3>Veteran Status</option>";
echo "</select>";
echo "<h2><input style=\"font-size:15px\" type=\"text\" name=\"opt\" size=\"30\">";
echo "</body>\n";
echo "</html>";
}
?>
When I put, say, 1 as the record id in the form, nothing is outputted. I'm new to this and would definitely appreciate some pointers/tips.
To prevent a SQL injection attack, you should consider using the prepare/bind/execute pattern. Use example 1 in the SQLITE3::prepare doc as a guide.
Regarding the problem at hand: From the PHP: Strings doc:
When a string is specified in double quotes or with heredoc, variables
are parsed within it.
Since the SQL query is enclosed in single-quotes ('), the $record variable is not parsed. In other words, what you see is what is being sent to the database, thus no rows are returned.
Related
I am working on Simple Admin Panel,
The method i am working on is to select the data from database and put it into textarea and behind the textarea update button,
when i update the textarea click update to execute query to update the table
but when i click update at the first row for example it execute the third row only even if i clicked the first row update button " picture attached "
<?php
include 'config.php';
echo '<link rel="stylesheet" href="style.css"type="text/css">';
$result = mysql_query("SELECT * FROM English");
while($row = mysql_fetch_array($result))
{
echo "<form action='' method='post'>";
echo "<table>";
echo "<tr>";
echo "<td><textarea rows='1' cols='1' name='txtid' readonly style='overflow:auto;resize:none'>" . $row['ID'] . "</textarea></td>";
echo "<td><textarea rows='4' cols='50' name='txtarea'>" . $row['Content'] . "</textarea></td>";
echo "<td><input type='submit' name='button' value='Update!'/></td>";
echo "</tr>";
}
echo "</table>";
echo "</form>";
if(isset($_POST['button'])){
$textarea =$_POST['txtarea'];
$id = $_POST['txtid'];
$sql = "UPDATE English SET Content='".$textarea."' WHERE ID='".$id."'";
echo $textarea; echo $id;
mysql_query( $sql, $conn );
}
mysql_close($conn);
?>
Example
Well,
Changed the location for closing braces
to be after
echo "</table>";
echo "</form>";
it fixed the problem
<?php
$con = mysql_connect("localhost","root");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("database", $con);
if(!isset($_POST['submit'])){
$result = mysql_query("SELECT * FROM pleasework ORDER BY ID");
$row = mysql_fetch_array($result);
}
?>
<form action="?php echo $_SERVER['PHP_SELF'];?>" id="form2" method="post" name="form2">
<img id="close1" src="X.png" width="25" height="25" onclick ="div_hide1()">
<h2><font size="6">Please change existing data</font></h2>
<hr>
<br>
<font color="yellow">Change Name to: </font><input type="text" name="New" value="<?php echo $row['Name'];?>"/><br><br>
<font color="yellow"> Change Cause to: </font> <input type="text" name="New1" value="<?php echo $row['Cause'];?>"/><br><br>
<font color="yellow">Change Symptom to: </font><input type="text" name="New2" value="<?php echo $row['Symptom'];?>"/><br><br>
<font color="yellow"> Change Gene_affected to: </font><input type="text" name="New3"value="<?php echo $row['Gene_affected'];?>" /><br><br>
<input type="hidden" name="id" value="<?php echo $_GET['ID'];?>"/>
<input type="submit" onclick="clicked(event)" />
</form>
<?php
if(isset($_POST['submit'])){
mysql_query("UPDATE pleasework SET Name= '$_POST[New]' WHERE ID='$_POST[id]'");
mysql_query("UPDATE pleasework SET Cause= '$_POST[New1]' WHERE ID='$_POST[id]'");
mysql_query("UPDATE pleasework SET Symptom= '$_POST[New2]' WHERE ID='$_POST[id]'");
mysql_query("UPDATE pleasework SET Gene_affected= '$_POST[New3]' WHERE ID='$_POST[id]'");
echo "Change Successful<br>" ;
header("Location: databse.php");
mysql_close($con);
}
else {}
?>
This is my php file.
while($row = mysql_fetch_array($result))
{
echo "<TR>";
echo "<TD>" . $row['ID'] ."</TD>";
echo "<TD>" . $row['Name'] . " </TD>";
echo "<TD>" . $row['Cause'] . " </TD>";
echo "<TD>" . $row['Symptom']. " </TD>";
echo "<TD>" . $row['Gene_affected'] . " </TD>";
echo "<TD><font color='red'>Delete row</font> </TD>";
echo "<TD><font color='red'>modify</font> </TD>";
echo "</TR>";
}
And this is the section which has a modify button that links to the edit.php file. The error here is that is doesnt bring over the values in the table to the editing page and then submitting the form doesnt work too. help please
Your code appears a bit confused.
First of all, why to put the modify routine after output the form? Especially since after modify you send the header function, that fails if previously there are some output.
Note also a typo: you forgot to properly open the php tag in the form declaration. Change-it in this way:
<form action="<?php echo $_SERVER['PHP_SELF'];?>" id="form2" method="post" name="form2">
The main problem is that you check if the $_POST[submit] if set, but this is not set, due to the absence of attribute name.
Change it in this way:
<input type="submit" name="submit" onclick="clicked(event)" />
Now your script should work (I don't have tested the sql).
Please also note that your UPDATE routine is redundant: you can reduce the 4 statement to only one in this way:
$result = mysql_query
(
"UPDATE pleasework SET Name='{$_POST[New]}', Cause='{$_POST[New1]}', Symptom='{$_POST[New2]}', Gene_affected='{$_POST[New3]}' WHERE ID={$_POST[id]}"
);
About PHP Original MySQL API:
This extension is deprecated as of PHP 5.5.0, and has been removed as of PHP 7.0.0
NOTE: mysql_* deprecated, so try to use PDO or mysqli_*.
Simple way:
<?php
if(isset($_POST['submit'])){
$result = mysql_query("UPDATE pleasework
SET Name='".$_POST['New']."',
Cause='".$_POST['New1']."',
Symptom='".$_POST['New2']."',
Gene_affected='".$_POST['New3']."'
WHERE ID=".$_POST['id'].");
if($result ){
echo "Change Successful<br>" ;
header("Location: databse.php");
}
mysql_close($con);
}
YOUR PHP:
while($row = mysql_fetch_array($result))
{ $spaces = " ";
echo "<TR>";
echo "<TD>" . $row['ID'] ."</TD>";
echo "<TD>" . $row['Name'] . $spaces."</TD>";
echo "<TD>" . $row['Cause'] . $spaces."</TD>";
echo "<TD>" . $row['Symptom']. $spaces."</TD>";
echo "<TD>" . $row['Gene_affected'] . $spaces."</TD>";
echo "<TD><a href='delete.php?id=".$row['ID'] ."'>";
echo "<font color='red'>Delete row</font></a>".$spaces."</TD>";
echo "<TD><a href='edit.php?id=" . $row['ID'] ."'>";
echo "<font color='red'>modify</font></a>".$spaces."</TD>";
echo "</TR>";
}
This question already has answers here:
When to use single quotes, double quotes, and backticks in MySQL
(13 answers)
Closed 7 years ago.
I am trying to find matching results to my query in my database and put it in the table form I made, however I get no matching results back. I ran my query in phpmyadmin and got the desired output. I used var_dump on my $result variable and get the following: resource(4) of type (mysql result). here is my code:
<?php
function renderSearchForm($search, $search_by, $search_by, $error){
?>
<!DOCTYPE HTML5>
<head>
<title>Search Query</title>
</head>
<body>
<?php
//display errors
if($error != ''){
echo '<div style="padding:4px; border:1px solid red; color:red;">' . $error . '</div>';
}
?>
<form action="" method="post">
<div>
<p>Search For:</p>
<strong>Name: *</strong> <input type="text" name="search" value="<?php echo $search; ?>" /><br/>
<p>Search by:</p>
<input type="radio" name="search_by"
<?php if (isset($search_by) && $search_by=="firstname") echo "checked";?>
value="firstname"/>Firstname*
<input type="radio" name="search_by"
<?php if (isset($search_by) && $search_by=="surname") echo "checked";?>
value="surname"/>Surname*
<br><br>
<input type="submit" name="submit" value="Submit">
<p>* required</p>
</div>
</form>
</body>
</html>
<?php
}
//connect to db
include('connect_db.php');
//check if submitted
if (isset($_POST['submit'])) {
$search = mysql_real_escape_string(htmlspecialchars($_POST['search']));
$search_by = mysql_real_escape_string(htmlspecialchars($_POST['search_by']));
//check if search is empty
if (empty($_POST["search"])) {
$error = "Error: Name is required";
//error, display form
renderSearchForm($search, $search_by, $search_by, $error);
}
elseif
// check if name only contains letters and whitespace
(!preg_match("/^[a-zA-Z ]*$/",$search)) {
$error = "Error: Only letters and white space allowed";
//error, display form
renderSearchForm($search, $search_by, $search_by, $error);
}
//check if radio button selected
elseif (empty($_POST["search_by"])) {
$error = "Error: Search_by is required";
//error, display form
renderSearchForm($search, $search_by, $search_by, $error);
}else{
//save data
$query = "SELECT * FROM members WHERE '$search_by' LIKE '%$search%'";
$result = mysql_query($query)
or die(mysql_error());
var_dump($result);
//display data from db
echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>ID</th> <th>Firstname</th> <th>Surname</th> <th>Telephone</th> <th>Cell</th> <th>Address</th> <th></th> <th></th> </tr>";
//loop through results of db and display in table
while ($row = mysql_fetch_array($result)) {
//echo contents in table
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['surname'] . "</td>";
echo "<td>" . $row['telephone'] . "</td>";
echo "<td>" . $row['cellphone'] . "</td>";
echo "<td>" . $row['address'] . "</td>";
echo "<td><a href='edit.php?id=" . $row['id'] . "'>Edit</a></td>";
echo "<td><a href='delete.php?id=" . $row['id'] . "'>Delete</a></td>";
echo "</tr>";
}
echo "</table>";
//This counts the number or results
$anymatches=mysql_num_rows($result);
if ($anymatches == 0) {
echo "Sorry, but we can not find an entry to match your query<br><br>";
}
//And we remind them what they searched for
echo "<b>Searched For:</b> " .$search. "<b> In: </b>" .$search_by;
}
}else{
//if form not submitted, display form
renderSearchForm('','','','');
}
?>
You need to remove the single quotes between $search_by. Try this:
"SELECT * FROM members WHERE $search_by LIKE '%$search%'"
I am trying to add CSS to my form but not sure how to do this. The form is created in php and MySQL, in browser it looks like: http://gyazo.com/5d099ead9bd6ea83859a5114b2438748
I need to allign the text and drop downs so they are in the equal throughout and add some spacing. Anyone help with CSS for this?
html currently:
<div class="wrap">
<img src="/images/logo.png" alt="Highdown logo" />
<h1>Entry form</h1>
</div>
css currently:
.wrap {
position: relative;
}
The form is produced with this:
if ($event_result = $con->query("SELECT Event.Name FROM event")) {
echo "<form method =\"POST\" action=\"save.php\"> ";
while ($row = $event_result->fetch_assoc()) {
echo $row['Name']. ' ';
if ($student_result = $con->query("SELECT Student.Form, Teacher.Form, Student.Forename, Student.Surname, Student_ID " .
"FROM Student, Teacher " .
"WHERE Student.Form = Teacher.Form AND Teacher.Username = '" . $_SESSION['Username'] . "'")) {
if ($student_result->num_rows) {
echo "<select name ='". $row['Name']."'>";
while ($row1 = $student_result->fetch_assoc()) {
echo '<option value="" style="display:none;"></option>';
echo "<option value ='" . $row1['Student_ID'] . "'>" . $row1['Forename'] . ' ' . $row1['Surname'] . "</option>";
}
echo "</select> <br />";
}
}
}
echo '<input type="submit" value ="Submit">';
echo '<input type="reset" value ="Reset">';
echo '<input type="button" value = "Add student" onclick="location.href=\'http://localhost/sportsday/addstudent.php\'">';
echo '<input type="button" value = "Delete student">';
echo "</form>";
}
Use
<form>
<table>
<tr> //1st Table row
<td></td> //Table column data
<td></td> //table column data
</tr> //1st row ends
<tr> // 2nd Table row
<td></td> //Table column data
<td></td> //table column data
</tr> //2nd row ends
</table>
</form>
This will give you a better layout of the form.
This should work i did not try as i dont have the database
//Query to display all events
if ($event_result = $con->query("SELECT Event.Name FROM event")) {
echo "<form method =\"POST\" action=\"save.php\"> ";
echo '<table>';
echo '<tr>';
echo '<td>';
while ($row = $event_result->fetch_assoc()) {
echo $row['Name']. ' ';
echo '</td>';
if ($student_result = $con->query("SELECT Student.Form, Teacher.Form, Student.Forename, Student.Surname, Student_ID " .
"FROM Student, Teacher " .
"WHERE Student.Form = Teacher.Form AND Teacher.Username = '" . $_SESSION['Username'] . "'")) {
if ($student_result->num_rows) {
echo '<td>';
echo "<select name ='". $row['Name']."'>";
while ($row1 = $student_result->fetch_assoc()) {
echo "<option value ='" . $row1['Student_ID'] . "'>" . $row1['Forename'] . ' ' . $row1['Surname'] . "</option>";
}
echo "</select> <br />";
echo '</td>';
echo '</tr>';
}
}
}
echo '</table>';
echo '<input type="submit" value ="Submit">';
echo '<input type="reset" value ="Reset">';
echo '<input type="button" value = "Add student" onclick="location.href=\'http://localhost/sportsday/addstudent.php\'">';
echo '<input type="button" value = "Delete student">';
echo "</form>";
}
?>
you can directly write in css
form {
⋮ declare css
}
or give name to form
form[name="value"]{
⋮ declare css
}
or add any class or id on form
#formid{
⋮ declare css
}
.formclass{
⋮ declare css
}
First , check your database...
May be there is Another Issue not related to Tabular Output.
So , First remove Table Tag..and check whether its working ?
Then try in HTML TABLE TAG
Otherwise give me sample database .sql File and complete PHP code in google drive or on shared drive.
So that I can check and identify where is problem ?
Here is the form code:
<?php
$con=mysqli_connect("localhost","user","pass","db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT ID, NAME FROM b_sonet_group ORDER BY ID DESC");
echo "<form class='form-vertical login-form' action='step-2.php' method='POST'>";
echo "<h4 class='form-title'>Step One: Choose Your Project</h4><div class='control-group'><div class='controls'>";
echo "<select>";
echo "<option value=''>Choose Your Project</option>";
while($row = mysqli_fetch_array($result))
{
echo "<option name='ID' value='" . $row['ID'] . "'>" . $row['NAME'] . "</option>";
}
echo "</select>";
echo "</div></div>";
echo "<div class='form-actions'><button type='submit' name='submit' class='btn green pull-right'>Proceed to Step Two <i class='m-icon-swapright m-icon-white'></i></button></div></form>";
mysqli_close($con);
?>
What do I need to put on page 2 that retrieves the value ID from the form on the previous page and how do I print it so I can check it is the correct ID?
Simple I know but my brain has packed up and gone home.
You need to change your select to
echo "<select name=\"project\">";
On your second page you can get the value with
echo $_POST['project'];
You need to move the name from option to your select. Then echo $_POST['id'];