I am trying to implement and update query that updates a record in the database. I'm new to php here is my code :
<input type="text" name="name" value="<?= $name ?> "><br><br>
E-mail: <input type="text" name="email" value="<?= $email ?>" ><br><br>
Password: <input type="password" name="password" value="<?= $pass ?>" >
Here is the fetch command:
<?php
include("connection.php");
$id = $_GET['id'];
$qry = "SELECT * from studentinformation WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
while($row = mysqli_fetch_assoc($result)){
$name= $row['FullName'];
$email = $row['email'];
$pass = $row['Password'];
$major = $row['major'];
}
?>
here is the action page:
<?php
include("connection.php");
//include("UpdateStudent.php");
$id = $_GET['id'];
$name = $_GET['name'];
$email= $GET['email'];
$pass = $_GET['password'];
//$major = $_POST['major'];
$qry = "UPDATE studentinformation SET FullName = '$name', email='$email', Password= '$pass'
WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
if($result === false){
echo "Record didn't update";
}
else{
echo "Record Updated";
}
?>
Here is the form:
<form action="UpdateStudentAction.php?id=<?= $id ?>" method="get" enctype="multipart/form-data">
Please help guys I'm new to php
Move id from action attribute into a hidden input:
<form action="UpdateStudentAction.php" method="get" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?=$id?>">
...
will do the magic.
And avoid empty spaces into value attributes;
Make your form POST data instead of using GET method (that passes form data through url). Especially that you already using id query param in the url. You can include the id inside the form as a hidden field:
<form action="UpdateStudentAction.php?id=<?= $id ?>" method="POST" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?= $id ?> ">
<input type="text" name="name" value="<?= $name ?> "><br><br>
E-mail: <input type="text" name="email" value="<?= $email ?>" ><br><br>
Password: <input type="password" name="password" value="<?= $pass ?>" >
</form>
Then in your UpdateStudentAction.php file you can receive data using post:
<?php
include("connection.php");
//include("UpdateStudent.php");
$id = $_POST['id'];
$name = $_POST['name'];
$email= $_POST['email'];
$pass = $_POST['password'];
//$major = $_POST['major'];
$qry = "UPDATE studentinformation SET FullName = '$name', email='$email', Password= '$pass'
WHERE ID = $id";
$result = mysqli_query($con,$qry) or die(mysqli_error($con));
if($result === false){
echo "Record didn't update";
}
else{
echo "Record Updated";
}
?>
The GET method is restricted to send upto 1024 characters only.
The POST method does not have any restriction on data size to be sent. (You can use POST method instead of GET method)
Related
I m trying to get data on another page by id which is on showdetails.php page.but i m unable to please help.
Showdetails.php
this page shows details of user with id and button which will allow user to edit details on another page
<!DOCTYPE html>
<html>
<head>
<title>Details</title>
</head>
<body>
<?php
require('database.php');
?>
<h1>User Lists</h1>
<?php
$select = "SELECT id, firstname, lastname FROM signup";
$selectdata = $conn->query($select);
if ($selectdata->num_rows > 0){
while($row = mysqli_fetch_array($selectdata)) {
$id = $row['id'];
$first = $row['firstname'];
$last = $row['lastname'];
?>
<form method="get" action="editdetails.php">
<p><b>ID: <?php echo $id; ?></b></p>
<p>Name: <?php echo $first; ?> <?php echo $last; ?></p>
<?php
$edit = "SELECT id FROM signup WHERE id= '" .$id. "'";
$selectedit = $conn->query($edit);
?>
<p><input type="submit" name="display" value="Edit Details"></p>
</form>
<?php
}
}
?>
</body>
</html>
editdetails.php
On this page, user will be able to edit details, and i want details by id
<!DOCTYPE html>
<html>
<head>
<title>Edit User Details</title>
</head>
<body>
<?php
require('database.php');
$select = "SELECT firstname, lastname, age, phone_no, age, username, password FROM signup";
$selectdata = $conn->query($select);
if ($selectdata->num_rows > 0){
$row = mysqli_fetch_array($selectdata);
$first = $row['firstname'];
$last = $row['lastname'];
$age = $row['age'];
$phone_no = $row['phone_no'];
$username = $row['username'];
$password = $row['password'];
}
?>
<?php
if (isset($_POST['update'])) {
# code...
$first = mysqli_real_escape_string($conn, $_POST['first']);
$last = mysqli_real_escape_string($conn, $_POST['last']);
$age = mysqli_real_escape_string($conn, $_POST['age']);
$phone = mysqli_real_escape_string($conn, $_POST['phone_no']);
$username = mysqli_real_escape_string($conn, $_POST['user']);
$password = mysqli_real_escape_string($conn, $_POST['pass']);
$update = "UPDATE signup SET firstname= '$first', lastname= '$last', age= '$age', phone_no = '$phone', username = '$username', password = '$password' WHERE id= '$id'";
$updatedata = $conn->query($update);
if ($updatedata) {
# code...
echo $status = "Details Updated";
}
else {
# code...
echo $status = "Not Updated";
}
}
if (isset($_POST['delete'])) {
# code...
$delete = "DELETE FROM signup WHERE firstname = $first";
$deletedata = $conn->query($delete);
if ($deletedata) {
# code...
echo $status = "Details Deleted";
}
else {
# code...
echo $status = "Not Deleted";
}
}
?>
<h1>Edit Details</h1>
<form method="post" action= "<?php htmlspecialchars($_SERVER['PHP_SELF']) ?>">
<p>FirstName: <input type="text" name="first" value="<?php echo $first; ?>"></p>
<p>LastName: <input type="text" name="last" value="<?php echo $last; ?>"></p>
<p>Phone no: <input type="number" name="phone_no" value="<?php echo $phone_no; ?>"></p>
<p>Age: <input type="number" name="age" value="<?php echo $age; ?>"></p>
<p>User: <input type="text" name="user" value="<?php echo $username; ?>"></p>
<p>Password: <input type="password" name="pass" value="<?php echo $password; ?>"></p>
<p><input type="submit" name="update" value="Update">
<input type="submit" name="delete" value="Delete"></p>
</form>
<p><?php echo $status; ?></p>
</body>
</html>
Thank You.
Add in your HTML form a hidden input, like so:
<input type="hidden" name="id" value="<?php echo $id; ?>">
Then in your editdetails.php file you can access it with: $_GET["id"].
Update:
Add the hidden input to the form in Showdetails.php.
Then in editdetails.php add at the top of the page $id = (int)$_GET["id"];
Then add to your SELECT query in editdetails.php a WHERE statement for selecting the correct user:
$select = "SELECT ... FROM signup WHERE id = $id";
For the update query you are then good to go since you are already using there WHERE id = $id. (but before your $id variable was not defined)
I have a session.php and a welcome.php page. There I have my userprofile.
I am trying to update the email field.
When I change my email address and press the update button I get the echo Update Successful, but it does not update. I think it still has the old value from the session and I need to clear it.
session.php:
<?php
include('connection.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($db,"select * from clients where email = '$user_check'");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$_SESSION['email']= $row['email'];
$_SESSION['username']= $row['username'];
$_SESSION['firstname']= $row['firstname'];
$_SESSION['lastname']= $row['lastname'];
$_SESSION['birthdate']= $row['birthdate'];
$_SESSION['street']= $row['street'];
$_SESSION['streetnr']= $row['streetnr'];
$_SESSION['city']= $row['city'];
$_SESSION['plzz']= $row['plzz'];
if(!isset($_SESSION['login_user'])){
header("
location:http://localhost:81/Left_over_youth_website/pages/login.php");
}
?>
welcome.php:
<?php
include("../php/session.php");
?>
<div>
<div class="col-md-9">
<div class="imagepageback">
<div class="card">
<div class="profilimage"></div>
<hr class="verticalline">
<?php
$sql = "UPDATE clients SET emaill = $_SESSION WHERE email = $user_check";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
$_SESSION["emaill"] = $email_session;
}
?>
<form class="form" action="" method="post">
<input id="usernamee" class="usernamee" type="text" name="username" value="<?php echo $_SESSION['username']; ?>" readonly>
<input id="emaill" class="emaill" type="text" name="email" value="<?php echo $_SESSION['email']; ?>" readonly>
<input id="firstnamee" class="firstnamee" type="text" name="firstname" value="<?php echo $_SESSION['firstname']; ?>" readonly>
<input id="lastnamee" class="lastnamee" type="text" name="lastname" value="<?php echo $_SESSION['lastname']; ?>" readonly>
<input id="birthdatee" class="birthdatee" type="text" name="birthdate" value="<?php echo $SESSION['birthdate']; ?>" readonly>
<div>
<input id="streett" class="streett" type="text" name="street" value="<?php echo $_SESSION['street']; ?>" readonly>
<input id="nrr" class="nrr" type="text" name="streetnr" value="<?php echo $_SESSION['streetnr']; ?>" readonly>
</div>
<div>
<input id="cityy" class="cityy" type="text" name="city" value="<?php echo $_SESSION['city']; ?>" readonly>
<input id="plzz" class="plzz" type="text" name="plzz" value="<?php echo $_SESSION['plzz']; ?>" readonly>
</div>
<a href="#" class="editprofilelink" id="editprofilelink" onclick="editable(); showbt()"; >Edit Profile</a>
Change Password
<input hidden id="btupdate" type="submit" name="btupdate" value="Update">
</form>
</div>
</div>
</div>
</div>
</div>
echo 'update successful' on update query.
Try the following.
in welcome.php:
<?php
if(isset($_POST['btupdate'])){
$email = $_REQUEST['email'];
$sql = "UPDATE clients SET emaill = '$email' WHERE email = '$email_session'";
$update = mysqli_query($db, $sql);
if($update)
{
echo("update successful");
}
?>
You have a fatal error over this code:
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients". "SET emaill = $email". "WHERE email = $email_session";
if(isset($_POST['btupdate'])){
$update = mysqli_query($db, $sql);
echo("update sucessful");
}
?>
this part ("UPDATE clients". "SET emaill = $email". "WHERE email = $email_session") returns this string "UPDATE clientsSET emaill = example#example.comWHERE email = example2#example.com
try this instead:
$sql="UPDATE clients SET emaill = $email WHERE email = $email_session"
be careful when using concatinate it won't add any space for you.
And you are not changing the $_SESSION["email"] after changing it. you must add $_SESSION["email"] = $email;
<?php
$email = "SELECT * From Clients";
$sql = "UPDATE clients SET emaill = $email WHERE email = $email_session";
$update = mysqli_query($db, $sql);
if($update){
echo("update sucessful");
}
?>
I'm currently logged in using a session, I want the user to be able to update their info. However on submit nothing happens. The session works because when I check the iduser email and password echo out. I think I might be writing the query wrong or I'm using the session incorrectly.Can someone explain why nothing in the database is being updated?
<?php
session_start();
include "connect.php";
include "header.php";
$iduser=$_SESSION['logged_in']['iduser'];
$sql = mysql_query("SELECT * FROM `profile` WHERE `iduser` = '$iduser' ");
while($row = mysql_fetch_array($sql)){
$iduser = $row['iduser'];
$password = $row['password'];
$email = $row['email'];
$fnlname = $row['fnlname'];
$username = $row['username'];
$joineddate = $row['joineddate'];
$gender = $row['gender'];
$age = $row['age'];
$location = $row['location'];
$website = $row['website'];
}
echo "$iduser $password $email";
$form1 = <<<EOT
<div id="homebox1">
<div id="logohome">
<h2>Welcome</h2></br>
</div>
<div id="signupcolumn1">
<p>Please fillout your info</p>
<form id="signup2" action="signup_part2.php" method="POST">
<p><input name="fnlname" placeholder="First and Last Name" type="text" size="50" required>*</br>
<input name="username" placeholder="Username" type="text" size="50" required>*</br>
<input name="age" placeholder="Your Age" type="" size="50" required>*</br></p>
<p><input style="text-align:left;" type="radio" name="gender" value="male"/>Male</br>
<input style="text-align:left;" type="radio" name="gender" value="female"/>Female</br>
<input style="text-align:left;" type="radio" name="gender" value="blank"/>Leave Blank</br></p>
<p><input name="location" placeholder="Location" type="" size="50" >Opt.</br>
<input name="website" placeholder="Website" type="" size="50">Opt. </br></p>
<input name="joineddate" placeholder="joineddate" type="hidden" size="50">
<input type="submit" name="submita" value="Next">
</div>
</form>
EOT;
if(isset($_POST['submita'])){
//perform verification
$fnlname = $_POST['fnlname'];
$username = $_POST['username'];
$age = $_POST['age'];
$gender = $_POST['gender'];
$location = $_POST['location'];
$website = $_POST['website'];
$joineddate = $_POST['joineddate'];
$iduser=$_SESSION['logged_in']['iduser'];
$fnlname = mysql_escape_string($fnlname);
$username = mysql_escape_string($username);
$age = mysql_escape_string($age);
$gender = mysql_escape_string($gender);
$location = mysql_escape_string($location);
$website = mysql_escape_string($website);
$sql1 = mysql_query("SELECT * FROM `profile` WHERE `username` = '$username' ");
if(mysql_num_rows($sql1) > 0){
echo "Sorry, that username already exists!";
}else{
mysql_query("UPDATE profile SET fnlname='$fnlname' joineddate='$joineddate' gender='$gender' age='$age' location='$location' website='$website' WHERE iduser=$iduser ");
}
}else{
echo $form1;
}
?>
Your query should be like this
UPDATE profile SET fnlname='$fnlname', joineddate='$joineddate', gender='$gender', age='$age' ,location='$location', website='$website' WHERE iduser='$iduser'
You missed commas And if $iduser is a string you must encapsulate with single quote
I have the below code which displays information from a mysql row in a form so that the user can edit this information and then save it back to the database:
$companyeditsql = "SELECT * FROM Companys WHERE CompanyName = '" . $_POST['company'] . "'";
$companysresult=mysqli_query($conn, $companyeditsql);
$row = mysqli_fetch_array($companysresult)
?>
<form action="<?php echo $_SERVER["PHP_SELF"]; ?>" method="post">
Company Name: <input type="text" name="companyname" value="<?php echo $row['CompanyName']; ?>"><br>
E-mail: <input type="email" name="email" value="<?php echo $row['Email']; ?>"><br>
Number of Drivers: <input type="number" name="numdrivers" value="<?php echo $row['DriverCount']; ?>"><br>
Contact Name: <input type="text" name="contactname" value="<?php echo $row['ContactName']; ?>"><br>
Address: <input type="text" name="address" value="<?php echo $row['Address']; ?>"><br>
Phone Number: <input type="tel" name="phonenumber" value="<?php echo $row['PhoneNumber']; ?>"><br>
Password: <input type="password" name="password"><br>
Notes: <input type="text" name="notes" value="<?php echo $row['Notes']; ?>"><br>
<input type="hidden" name="companyid" value"<?php echo $row['ID']; ?>">
<input type="submit" name="addedittedcompany" value="Save Company">
</form>
This works well and displays the right information, I then have the below code which should take the edited data and save it back into the database:
}else if (isset($_POST['addedittedcompany'])){
$CompanyName = $_POST['companyname'];
$Email = $_POST['email'];
$NumberofDrivers = $_POST['numdrivers'];
$ContactName = $_POST['contactname'];
$Address = $_POST['address'];
$PhoneNumber = $_POST['phonenumber'];
$Password = $_POST['password'];
$Notes = $_POST['notes'];
$companyid = $_POST['companyid'];
$options = [
'cost' => 11,
];
$CompanyName = mysqli_real_escape_string($conn, $CompanyName);
$Email = mysqli_real_escape_string($conn, $Email);
$NumberofDrivers = mysqli_real_escape_string($conn, $NumberofDrivers);
$ContactName = mysqli_real_escape_string($conn, $ContactName);
$Address = mysqli_real_escape_string($conn, $Address);
$PhoneNumber = mysqli_real_escape_string($conn, $PhoneNumber);
$Notes = mysqli_real_escape_string($conn, $Notes);;
if (!empty($Password)){
$Password = mysqli_real_escape_string($conn, $Password);
$hash = password_hash($Password, PASSWORD_BCRYPT, $options);
$editcompanysql = "UPDATE Companys SET CompanyName='$CompanyName', Email='$Email', DriverCount='$NumberofDrivers', ContactName='$ContactName', Address='$Address', PhoneNumber='$PhoneNumber', Notes='$Notes', PassHash='$hash' WHERE ID = '$companyid'";
}else{
$editcompanysql = "UPDATE Companys SET CompanyName='$CompanyName', Email='$Email', DriverCount='$NumberofDrivers', ContactName='$ContactName', Address='$Address', PhoneNumber='$PhoneNumber', Notes='$Notes' WHERE ID = '$companyid'";
}
if (mysqli_query($conn,$editcompanysql)){
echo "Company Saved";
echo mysqli_error($conn);
}else{
echo "Failed to save Company";
echo mysqli_error($conn);
}
}
Once this runs the Company saved echo is fired however when I then check the database the old data is still in the database i.e the changed info has not been saved.
No error is displayed and I can not see anything wrong with the php itself, any ideas?
Thank you
I missed out the equals in the hidden value:
<input type="hidden" name="companyid" value="<?php echo $row['ID']; ?>">
and its working now
First print your post array like this then try to assignment and database update
echo "<pre>";
print_r($_POST);
echo "</pre>";
I'm having a problem. I'm working on a custom cms for my site and for some reason the users will not update in the admin panel. It pulls there ID and displays there information in the proper fields, but it will not update and I have no clue why. It just refreshes with the same info, doesn't update my the database or anything. I've tried to fix this, but it won't work. I did different alterations, but all were fails so I decided to just post the original one with a few bug fixes not relating to the updating process.
Heres the whole code:
<?php
$id = $_GET['id'];
$result = $db->query("SELECT * FROM users WHERE Id = '".$id."'");
if(isset($_POST['submit']))
{
$username1 = $_POST['Username'];
$email1 = $_POST['Email'];
$password1 = $_POST['Password'];
$f_name = $_POST['FName'];
$l_name = $_POST['LName'];
$rank1 = $_POST['Rank'];
$skype1 = $_POST['SkypeID'];
$db->query("UPDATE users SET (Email, Username, FName, LName, Rank, SkypeID) VALUES(''.$email1.'', ''.$username1.'', ''.$f_name.'', ''.$l_name.'', ''.$rank1.'', ''.$skype1.'') WHERE Id = ".$id."");
}
?>
<b>Update User</b>
<?php
$id = $_GET['id'];
$result = $db->query("SELECT * FROM users WHERE id='$id'");
while($row = $result->fetch_assoc())
{
$username = $row['Username'];
$email = $row['Email'];
$fname = $row['FName'];
$lname = $row['LName'];
$rank = $row['Rank'];
$skype = $row['SkypeID'];
}
?>
<form method="POST">
Username: <input type="text" name="username" value="<?php echo($username); ?>"><br>
Email: <input type="email" name="email" value="<?php echo($email);?>"><br>
Passowrd: <input type="password" name="password"><br>
First Name: <input type="text" name="f_name" value="<?php echo($fname);?>"><br>
Last Name: <input type="text" name="l_name" value="<?php echo($lname); ?>"><br>
Rank: <input type="text" name="rank" value="<?php echo($rank); ?>"><br>
Skype: <input type="text" name="rank" value="<?php echo($skype); ?>">
<button type="submit" name="submit">Update User</button>
</form>
Config file/$db:
<?php
$db = new mysqli('localhost', 'user', 'pass', 'database');
function registerSession($name, $value)
{
$_SESSION[$name] = $value;
}
?>
UPDATE
I have fixed the problem, I changed the query to this
$db->query("UPDATE users SET Email= '$email1' , Username= '$username1' , FName= '$f_name' , LName= '$l_name', Rank= '$rank1' , SkypeID= '$skype1' WHERE Id = ".$id."") or die (mysql_error());
I cringed when I saw this...
$id = $_GET['id'];
$result = $db->query("SELECT * FROM users WHERE id='$id'");
Because you have yet to tell us what $db is, based on the looks of things I'm going to guess its a mysql_* function? I would enjoy watching someone SQL injecting this! Show us how $db is created (It better be at least mysqli, if not PDO! If not, Google "mysqli" or "PDO") please?
It's hard to tell what your problem is.