I have a MySQL database that holds customer orders. I am trying to create a form that a user would enter after selecting the ID of a row they would like to modify.
What the code below is suppose to do is auto-populate a html form with all of the data from the MySQL row. It would take the ID given to it by a previous php file and then use that to grab the row it needs from the database. Unfortunately, no matter what I change or do, the webpage only produces blank boxes where the data is suppose to be.
Here's the code for edit.php (the form that is suppose to auto-populate.)
<!DOCTYPE html>
<html>
<body>
<form action="update_submit.php" method="post">
<?php
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
$servername = "server";
$username = "book";
$password = "pass";
$dbname = "book";
$db_selected = new mysqli($servername, $username, $password, $dbname);
if ($db_selected->connect_error) {
die("Connection failed: " . $dbc->connect_error);
}
if(!empty($_GET['ID'])){
$id = intval($_GET['ID']);
}
try {
$results = $db_selected -> prepare("SELECT * FROM customerorders WHERE ID = ?");
$results -> bind_param("i", $id);
$results -> execute();
} catch(Exception $e) {
echo $e -> getMessage();
die();
}
$row = $results->get_result()->fetch_assoc();
?>
<input type="hidden" name="ID" value="<?php echo $row['ID']; ?>">
<input type="text" name="lastName" value="<?php echo $row['lastName']; ?>" required><br />
<input type="text" name="firstName" value="<?php echo $row['firstName']; ?>" required><br />
<input type="text" name="email" value="<?php echo $row['email']; ?>" required><br />
<input type="text" name="phoneNumber" value="<?php echo $row['phoneNumber']; ?>" required><br />
<input type="text" name="department" value="<?php echo $row['department']; ?>" ><br />
<input type="text" name="typeOfOrder" value="<?php echo $row['typeOfOrder']; ?>" required><br />
<input type="text" name="vendor" value="<?php echo $row['vendor']; ?>" required><br />
<input type="text" name="product" value="<?php echo $row['product']; ?>" required><br />
<input type="text" name="PONumber" value="<?php echo $row['PONumber']; ?>" required><br />
<input type="text" name="accountNumber" value="<?php echo $row['accountNumber']; ?>" required><br />
<input type="text" name="dateOrdered" value="<?php echo $row['dateOrdered']; ?>" required><br />
<input type="text" name="dateExpected" value="<?php echo $row['dateExpected']; ?>" required><br />
<input type="text" name="comments" value="<?php echo $row['comments']; ?>" required><br />
<input type="submit" name="sumbit">
</form>
</body>
</html>
I have error reporting on and nothing ever comes up when I try to find problems. I've also switched around my ' and " multiple times just to see if it ever makes a difference. Nothing I have tried seems to work. I've also looked through every stack overflow question I could possibly find relating to my issue and I still can't find anything that would fix my problem.
Any help is appreciated. I am a novice to php and MySQL so I apologize in advance if the code seems nonsensical or if there is an already obvious solution.
Related
I am having trouble updating my database data. I put the data that I want to update but when I click on the "Update" button it does
nothing. I have called the file on another php file by using Update
It also shows this error
Notice: Undefined variable: fname in
C:\xampp\htdocs\project\change1.php on line 71
Can someone help me figure this issue, please?
<?php include("config.php"); ?>
<?php
if (isset($_GET['edit'])) {
$update = true;
$record = mysqli_query($con, "SELECT * FROM employee WHERE id='".$_GET['edit']."'");
$row = mysqli_fetch_array($record,MYSQLI_BOTH);
}
if (isset($_POST['update'])) {
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$password = $_POST['password'];
$addr = $_POST['addr'];
$phone = $_POST['phone'];
$id=$_GET['edit'];
$query = "UPDATE employee SET fname='".$fname."',lname='".$lname."',password='".$password."',addr='".$addr."',phone='".$phone."' WHERE id='".$id."'";
$result = mysqli_query($con,$query) or die ("problem inserting new record into database");
if($result){
header('location: show_db.php');
}
else {echo "Update not successful"; }
}
?>
<!DOCTYPE html>
<html>
<head>
<title>Update Data</title>
</head>
<body>
Home
<br/><br/>
<input type="hidden" name="id" value="<?php echo $id; ?>">
Name:<input type="text" name="fname" value="<?php echo $fname ; ?>">
Surname:<input type="text" name="lname" value="<?php echo $lname; ?>">
Password:<input type="text" name="password" value="<?php echo $password; ?>">
Address:<input type="text" name="addr" value="<?php echo $addr; ?>">
Contact:<input type="text" name="phone" value="<?php echo $phone; ?>">
<input type="submit" name="update" value="Update">
</body>
</html>
Put the html inputs inside a form
<form name ="form1" method ="get" action="">
<input type="hidden" name="id" value="<?php echo $id; ?>">
Name:<input type="text" name="fname" value="<?php echo $fname ; ?>">
Surname:<input type="text" name="lname" value="<?php echo $lname; ?>">
Password:<input type="text" name="password" value="<?php echo $password; ?>">
Address:<input type="text" name="addr" value="<?php echo $addr; ?>">
Contact:<input type="text" name="phone" value="<?php echo $phone; ?>">
<input type="submit" name="update" value="Update">
</form>
I have a tiny issue where sending variables to another page yields undefined variables.
Page 1:
<form name= "updateProfiel" method="POST" action="index.php?page=updateProfiel">
<input required type="text" name="voornaam" value="<?php echo $result['voornaam']; ?>"/>
<input required type="text" name="achternaam" value="<?php echo $result['achternaam']; ?>"/>
<input required type="text" name="adres" value="<?php echo $result['adres']; ?>"/>
<input required type="text" name="postcode" value="<?php echo $result['postcode']; ?>"/>
<input required type="text" name="woonplaats" value="<?php echo $result['woonplaats']; ?>"/>
<input required type="email" name="email" value="<?php echo $result['email']; ?>"/>
<input required type="password" name="password" placeholder="password"/>
<input type="hidden" name="submit" value="true" />
<input type="submit" id="submit" value=" Update " />
Annuleren
</form>
Page 2:
(page name is updateProfiel.php)
$voornaam = htmlspecialchars($_POST["voornaam"]);
$achternaam = htmlspecialchars($_POST["achternaam"]);
$adres = htmlspecialchars($_POST["adres"]);
$postcode = htmlspecialchars($_POST["postcode"]);
$woonplaats = htmlspecialchars($_POST["woonplaats"]);
$email = htmlspecialchars($_POST["email"]);
$password = htmlspecialchars($_POST["password"]);
$password = password_hash($password, PASSWORD_BCRYPT);`
I used phpinfo(); to see if the variables got sent from page 1 to page 2, and they are there:
The phpinfo()
But if I try to set them as variables and use them they're undefined!..
Does anyone know what's happening here?
This is very embarassing.
The undefined variables are actually not undefined. The source-page just says so.
The issue was somewhere else :')... Thanks for everyone's help!
Ps: The issue was the fact that a piece of SQL-query for the database was missing two brackets.. Yay.
I'm very new to PHP and MySQL. I've created a form which creates rows in my MySQL tables, I created a page that shows all those entries. Now I'm trying to edit those entries. I created another form that should populate with info from the selected row..the only problem is that it's not. Here's all my code including login.php...just in case. Please let me . I've looked everywhere for an answer and couldn't find one. All I found was mysql and not mysqli.
<?php //login.php
$db_hostname = 'localhost';
$db_database = 'mydata';
$db_username = 'user';
$db_password = '123#';
// Connect to server.
$link = mysqli_connect($db_hostname, $db_username, $db_password);
if (!$link) {
die('Not connected : ' . mysqli_error());
}
// Select the database.
$db_selected = mysqli_select_db($link, $db_database);
if (!$db_selected) {
die ('Can\'t use database : ' . mysqli_error());
}
?>
edit_client.php
<?php
$title = "Edit Client Form";
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo $title ?></title>
</head>
<body>
<div> <!-- form container div -->
<form action="" method="post">
<div> <!-- form description div -->
<h2><?php echo $title ?></h2>
<p>Edit a client here.</p>
</div>
<?php
require_once = 'login.php';
// get value of id that sent from address bar
$id=$_GET['id'];
if(isset($id)) {
$sql="SELECT * FROM `clients` WHERE client_id='$id'";
$result=mysqli_query($sql);
$row=mysqli_fetch_assoc($result);
?>
<input type="hidden" name="id" value="<?php echo $row['client_id']; ?>">
<input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" required><br />
<input type="text"name="last_name" value="<?php echo $row['last_name']; ?>" required><br />
<input type="text"name="company_name" value="<?php echo $row['company_name']; ?>" ><br />
<input type="text" name="address" value="<?php echo $row['address']; ?>"><br />
<input type="text" name="city" value="<?php echo $row['city']; ?>" required><br />
<input type="text" name="state" value="<?php echo $row['state']; ?>" required><br />
<input type="number" name="zip_code" value="<?php echo $row['zip_code']; ?>" required><br />
<input type="tel" name="tel_number" value="<?php echo $row['tel_number']; ?>" required><br />
<input type="email" name="email" value="<?php echo $row['email']; ?>" required><br />
<input value="Submit" type="submit">
</form>
</div>
</body>
</html>
here's the table from "display_client" that sends the ID to the edit_form.php page
<td align="left">' . '<a href="\edit_client.php?id=' . $row['client_id'] . '/">Edit</td>
any pointers in the right direction would be much appreciated. thank you.
As suggested below I have used PDO Prepared statements to achieve my desired result. Thank you thank you! #nomistic !
<?php
$title = "Edit Client Form";
?>
<!DOCTYPE html>
<html>
<head>
<title><?php echo $title ?></title>
</head>
<body>
<div> <!-- form container div -->
<form action="update_client_submit.php" method="post">
<div> <!-- form description div -->
<h2><?php echo $title ?></h2>
<p>Edit a client here.</p>
</div>
<?php
require_once 'login.php';
if(!empty($_GET['id'])){
$client_id = intval($_GET['id']);
}
try {
$results = $db -> prepare('SELECT * FROM clients WHERE client_id = ?');
$results -> bindParam(1, $client_id);
$results -> execute();
} catch(Exception $e) {
echo $e -> getMessage();
die();
}
$row = $results -> fetch(PDO::FETCH_ASSOC);
?>
<input type="hidden" name="client_id" value="<?php echo $row['client_id']; ?>">
<input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" required><br />
<input type="text" name="last_name" value="<?php echo $row['last_name']; ?>" required><br />
<input type="text" name="company_name" value="<?php echo $row['company_name']; ?>" required><br />
<input type="text" name="address" value="<?php echo $row['address']; ?>" required><br />
<input type="text" name="city" value="<?php echo $row['city'] ?>" ><br />
<input type="text" name="state" value="<?php echo $row['state'] ?>" required><br />
<input type="text" name="zip_code" value="<?php echo $row['zip_code']; ?>" required><br />
<input type="text" name="tel_number" value="<?php echo $row['tel_number']; ?>" required><br />
<input type="text" name="email" value="<?php echo $row['email']; ?>" required><br />
<input type="submit" name="sumbit">
</form>
</body>
</html>
Edit, reducing this and correcting a potential problem in you query.
you need a loop to get the data. It should be have something like this (using your data)
$id=$_GET['id'];
if(isset($id)) {
$sql="SELECT * FROM clients WHERE client_id=$id";
$result=mysqli_query($sql);
$row=mysqli_fetch_assoc($result);
while($row=mysqli_fetch_assoc($result)) {
echo '<input type="hidden" name="id" value="'.$row['client_id']. '">';
}
Note: You may want to look into using prepared statements; they are pretty easy to learn, especially at this stage, and you will have a lot of advantages, such as not having to worry about whether you are quoting int and varchar variables in your query; you'd declare them separately. They are also MUCH more secure (preventing SQL injection) and can make large queries run faster. You would just need to switch to object oriented style. (note, listing your variables in your select is what you should be doing anyway rather than select from *). The select is shortened a little for ease of explanation.
Here's an example of how yours would work with mysqli:
This is your database connection (not much different, just slightly different syntax)
$db_selected = new mysqli($db_hostname, $db_username, $db_password, $db_database)
if ($db_selected->connect_error) {
die("Connection failed: " . $dbc->connect_error);
}
Here are your queries. bind_param just identifies the item as an INT and then replaces the ? in the query with the variable $id, and bind_result takes the results of your query and turns them into variables.
The rest is fairly self-explanatory
$sql = $db_selected->prepare("SELECT client_id, first_name, last_name FROM clients WHERE client_id= ? ");
$sql->bind_param("i", $id);
$sql->execute();
$sql->store_result();
$sql->bind_result($client_id, $first_name,$last_name);
while ($sql->fetch()) {
echo '<input type="hidden" name="id" value="'.$client_id. '">';
echo '<input type="text" name="first_name" value="'.$first_name. '" required><br />';
echo '<input type="text" name="last_name" value="'. $last_name. '" required><br />';
}
$sql->free_result();
$sql->close();
If you need some more information, here are some resources: mysqli prepared statements
Trying to get an edit page to work and im getting this error Incorrect parameter count in the call to native function 'SHA1'. The error is only on the SHA1. everything else works fine other then this error. Any helped is greatly appreciated. I don't want the password showing or the encryption that is to stay blank as it is an admin editing a staff members details and they dont need to know the password.
<?php
if(empty($_POST['submit'])) {
$query = "SELECT * FROM user WHERE user_id = '$_GET[id]'";
// $supplier_id = $_GET['supplier_id'];
$result = mysqli_query($dbc, $query);
$row = mysqli_fetch_array($result);
}
else{
$update = "UPDATE user SET
title= '$_POST[inputtitle]',
first_name ='$_POST[inputfirst_name]',
middle_name = '$_POST[inputmiddle_name]',
last_name = '$_POST[inputlast_name]',
gender = '$_POST[inputgender]',
email = '$_POST[inputemail]',
pass = SHA1($_POST[inputSHA1pass]);
car_make = '$_POST[inputcar_make]'
car_model = '$_POST[inputcar_model]',
prefer_car = '$_POST[inputprefer_car]',
car_age = '$_POST[inputcar_age]',
st_no = '$_POST[inputst_no]',
st_name = '$_POST[inputst_name]',
suburb = '$_POST[inputsuburb]',
state = '$_POST[inputstate]',
country = '$_POST[inputcountry]',
postcode = '$_POST[inputpostcode]',
WHERE user_id = $_POST[user_id]";
mysqli_query($dbc, $update) or die(mysqli_error($dbc));
echo "User has been modified!";
header("Location: view_user.php");
}
?>
<form action="<?php echo $_SERVER['PHP_SELF'].htmlspecialchars($_GET[‘id’]); ?>" method="POST">
<input type="hidden" value="<?php echo $supplier = $_GET['id']; ?>" name="supplier_id">
<p>Title:
<input type="text" name="inputtitle" size="20" maxlength="30"
value="<?php echo $row["title"]; ?>"/>
</p>
<p>First Name:
<input type="text" name="inputfirst_name" size="20" maxlength="30"
value="<?php echo $row["first_name"]; ?>"/></p>
<p>Middle Name:
<input type="text" name="inputmiddle_name" size="30" maxlength="100"
value="<?php echo $row["middle_name"]; ?>"/></p>
<p>Last Name:
<input type="text" name="inputlast_name" size="20" maxlength="30"
value="<?php echo $row["last_name"]; ?>"/></p>
<p>Gender:
<input type="text" name="inputgender" size="20" maxlength="30"
value="<?php echo $row["gender"]; ?>"/></p>
<p>Email:
<input type="text" name="inputemail" size="10" maxlength="5"
value="<?php echo $row["email"]; ?>"/>
</p><br>
<p>Password:
<input type="text" name="inputSHA1pass" size="30" maxlength="40"
value="<?php if (isset($_POST['pass'])) echo $_POST['pass']; ?>"/></p>
<p>Car Make:
<input type="text" name="inputcar_make" size="20" maxlength="30"
value="<?php echo $row["car_make"]; ?>"/></p>
<p>Car Model:
<input type="text" name="inputcar_model" size="20" maxlength="30"
value="<?php echo $row["car_model"]; ?>"/></p>
<p>Prefered Car:
<input type="text" name="inputprefer_car" size="20" maxlength="30"
value="<?php echo $row["prefer_car"]; ?>"/></p>
<p>Car Age:
<input type="text" name="inputcar_age" size="20" maxlength="30"
value="<?php echo $row["car_age"]; ?>"/></p>
<p>Street Number:
<input type="text" name="inputst_no" size="20" maxlength="30"
value="<?php echo $row["st_no"]; ?>"/></p>
<p>Street Name:
<input type="text" name="inputst_name" size="20" maxlength="30"
value="<?php echo $row["st_name"]; ?>"/></p>
<p>Suburb:
<input type="text" name="inputsuburb" size="20" maxlength="30"
value="<?php echo $row["suburb"]; ?>"/></p>
<p>State:
<input type="text" name="inputstate" size="20" maxlength="30"
value="<?php echo $row["state"]; ?>"/></p>
<p>Country:
<input type="text" name="inputcountry" size="20" maxlength="30"
value="<?php echo $row["country"]; ?>"/></p>
<p>Postcode:
<input type="text" name="inputpostcode" size="20" maxlength="30"
value="<?php echo $row["postcode"]; ?>"/></p>
<p>
<input type="submit" name="submit" value="Submit"/></p>
</form>
<?php
mysqli_close($dbc);
?>
<br>
<br>
</div>
<br>
<?php
include ('../includes/footer.php');
?>
A few things:
Check that $_POST['inputSHA1pass'] is not empty
Enclose $_POST[inputSHA1pass] in quote marks and curly braces: SHA1('{$_POST[inputSHA1pass]}'). SHA1() expects a string and will error without one
Look into prepared statements. As this code stands, it is wide open to SQL injection attacks as none of your passed data is checked for validity
Change the semi-colon to a comma in the SHA1 line
Finally, once the UPDATE query has been built, capture it and try running it directly on the database server. It should give you a more meaningful error message and make debugging easier
So i need a way to be able to echo $row['username'] and echo $row['password'] where the id is specified.
So example is i have 3 rows i need to get information from with id numbers 20, 56, 88.
Now i have made the query $query = "SELECT * FROM Card_File WHERE id = $id";
How do i echo this data (keeping in mind its not in a table and could be placed in random location on the webpage, and the forms the outputs will be going into will be different (eg, not got the same form field names.))
echo $row['username'] $id=20;
echo $row['password'] $id=20;
echo $row['username'] $id=56;
echo $row['password'] $id=56;
echo $row['username'] $id=88;
echo $row['password'] $id=88;
I have been looking arround and seen some very complicated examples but dont belive its that hard to echo a row by id. I may be wrong
Below is not a great example of what the ends result is but would give you an idea.
<!DOCTYPE html>
<html>
<head>
<?php
// Connect to the database
$link = mysqli_connect('localhost','root','pass','ACS_SHAREPOINT_ADDONS');
// Select table and arguments
$query = "SELECT * FROM Card_File WHERE id = $id";
$result = mysqli_query($link, $query);
?>
</head>
<body>
<?php foreach($row = mysqli_fetch_array($result)): ?>
<div class="loginForms">
<form target="_blank" action="https://www.website.com" method="post">
<input type="hidden" name="username" id="auth-form-login" value="<?php $id=20 echo $row['username']; ?>"/>
<input type="hidden" name="password" id="auth-form-pass" value="<?php $id=20 echo $row['password']; ?>"/>
<input type="hidden" name="redirDocument" value="user"/>
<input type="hidden" name="query" value=""/>
<input type="hidden" name="urlString" value="doc-rc-login;lng-ww-en;tpl-;ver-;"/>
<input type="submit" name="authSubmit" value="AVG Resellers Center" id="auth-form-submit"/>
</form>
</div>
<div class="loginForms">
<form target="_blank" action="https://www.website.com" method="post">
<input type="hidden" name="username" id="auth-form-login" value="<?php $id=56 echo $row['username']; ?>"/>
<input type="hidden" name="password" id="auth-form-pass" value="<?php $id=56 echo $row['password']; ?>"/>
<input type="hidden" name="redirDocument" value="user"/>
<input type="hidden" name="query" value=""/>
<input type="hidden" name="urlString" value="doc-rc-login;lng-ww-en;tpl-;ver-;"/>
<input type="submit" name="authSubmit" value="AVG Resellers Center" id="auth-form-submit"/>
</form>
</div>
<div class="loginForms">
<form target="_blank" action="https://www.website.com" method="post">
<input type="hidden" name="username" id="auth-form-login" value="<?php $id=88 echo $row['username']; ?>"/>
<input type="hidden" name="password" id="auth-form-pass" value="<?php $id=88 echo $row['password']; ?>"/>
<input type="hidden" name="redirDocument" value="user"/>
<input type="hidden" name="query" value=""/>
<input type="hidden" name="urlString" value="doc-rc-login;lng-ww-en;tpl-;ver-;"/>
<input type="submit" name="authSubmit" value="AVG Resellers Center" id="auth-form-submit"/>
</form>
</div>
<?php endforeach; ?>
</body>
</html>
I believe this is what you want to do.
<?php
$ids_tofind = array(1,6,3); //for example
$id = implode(",",$ids_tofind);
$link = mysqli_connect('localhost','root','pass','ACS_SHAREPOINT_ADDONS');
// Select table and arguments
$query = "SELECT * FROM Card_File WHERE id IN(". $id.")";
$result = mysqli_query($link, $query);
while($row = mysqli_fetch_array($result)){;?>
<div class="loginForms">
<form target="_blank" action="https://www.website.com" method="post">
<input type="hidden" name="username" id="auth-form-login" value="<?php echo $row['username']; ?>"/>
<input type="hidden" name="password" id="auth-form-pass" value="<?php echo $row['password']; ?>"/>
<input type="hidden" name="redirDocument" value="user"/>
<input type="hidden" name="query" value=""/>
<input type="hidden" name="urlString" value="doc-rc-login;lng-ww-en;tpl-;ver-;"/>
<input type="submit" name="authSubmit" value="AVG Resellers Center" id="auth-form-submit"/>
</form>
</div>
<?php };?>
This will echo out the form for all three users with ID 1, 6 and 3.