PHP checkbox problem (row not getting deleted) - php

I made a simple HTML web page with a list of emplyees (only two atm).
<form method="post" action = "del.php">
<table border = "1">
<tr>
<th>Employee Name</th>
</tr>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "lavoratori";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT nome, id FROM operai";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo"<tr>";
echo'<td><input type = "checkbox" name = checkbox[]" value = '.$row['id']."<td>".$row['nome']."</td>";
echo"</tr>";
}
echo"</table>";
}
$conn->close();
?>
<input type = "submit" name = "delete" id = "delete" value = "Delete Records">
</form>
This is del.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "lavoratori";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST['delete'])){
$chkarr = $_POST['checkbox'];
foreach($chkarr as $id){
$sql = "DELETE FROM operai WHERE id = .$id.";
$result = $conn->query($sql);
}
header("Location: /test_purpose/home.php");
}
$conn->close();
?>
Can you guys tell me what's going on? I'm new to PHP.
What i'm trying to do is to delete a specific a row from selecting with a checkbox. And it does not work, it redirects me back to the main page, without deleting anything obviously.


This line is wrong:
$sql = "DELETE FROM operai WHERE id = .$id.";
Replace with:
$sql = "DELETE FROM operai WHERE id = {$id}";
You also need to consider SQL Injection: https://stackoverflow.com/a/60496/1403785

Related

Data from database only shows one data and it does not show

Our html/php code shows the name from the database but the rest of them doesn't show. Although we used the same syntax for every part but we changed the data name same with the database column name.
Why is that so?
Here is our code:
<?php
$servername = "localhost";
$username = "";
$password = "1234";
$dbname = "straypaws";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT Dog_name, Dog_loc, Dog_desc1, Dog_desc2, Dog_info1 FROM dog_info";
$result = $conn->query($sql);
?>
<div class="no-name-C61RwL helveticaneue-regular-normal-black-48px"><?php
if($row = mysqli_fetch_array($result)) {
echo $row["Dog_name"];
} ?>
</div>
<div class="dog-profile-C61RwL helveticaneue-regular-normal-black-72px">DOG PROFILE</div>
<img class="group-49-C61RwL animate-enter7" src="img/group-49#2x.svg" />
<div class="group-51-C61RwL">
<div class="group-49-Hjsg7h">
<div class="burnham-park-baguio-oKkELk helvetica55roman-regular-normal-black-24px"><?php
if($row = mysqli_fetch_array($result)) {
echo $row["Dog_loc"];
} ?>

You can't fetch same result multiple times.
Just store you fesult in array and then show it trought foreach
$dogs = [];
while($row = $result->fetch_assoc){
$dogs[] = $row;
}
And then in you html:
foreach($dogs as $dog){
echo $dog['Dog_name'];
}

How to write WHERE referring to a drop down list select?

There is a drop-down list on the PHP website that contains names taken from the database,
after selecting a name from the list, e.g. "Aprilia", I would like all records to be displayed from the database
where mark = Aprilia
I know I should add in the code below just in a SELECT WHERE x = y query
but I just don't know how to do it;
it should look like this in my opinion:
$result = mysqli_query($conn, "SELECT * FROM motorcycles WHERE mark = X");
And I just can't find this X (X should be the user pick from the dropdown list)
How to write it?
Photos:
https://imgur.com/a/PMu4At7
<?php
require_once 'header.php';
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "projectinz";
// Create connection
//$conn = new mysqli($servername, $username, $password, $dbname);
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<select name="mark" id="mark">
<?php
$query = $conn->query("SELECT mark FROM motocykle");
while($kategoria = mysqli_fetch_array($query))
{
echo '<option>'.$kategoria['mark'].'</option>';
}
?>
</select>
<?php
$wynik = mysqli_query($conn,"SELECT * FROM motocykle");
while($row = mysqli_fetch_array($wynik))
{
echo "<br>".$row['mark']." ".$row['model']." ".$row['capacity']." ".$row['power']."<br>";
}
mysqli_close($conn);
?>
</body>
</html>
EDIT !!!
find1.php
<?php
require_once 'header.php';
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "projectinz";
// Create connection
//$conn = new mysqli($servername, $username, $password, $dbname);
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
?>
<form action="../includes/find.inc.php" method="post">
<select name="mark" id="mark">
<?php
$query = $conn->query("SELECT mark FROM motocykle");
while ($kategoria = mysqli_fetch_array($query)) {
echo '<option value="id">'.$kategoria['mark'].'</option>';
}
?>
</select>
<button type="submit" name="findmoto">Find</button>
</form>
<?php
$wynik = mysqli_query($conn,"SELECT * FROM motocykle ");
while ($row = mysqli_fetch_array($wynik)) {
echo "<br>".$row['mark']." ".$row['model']." ".$row['capacity']." ".$row['power']."<br>";
}
mysqli_close($conn);
?>
</body>
</html>
find.inc.php
<?php
session_start();
if (isset($_POST['findmoto'])) {
require 'dbh.inc.php';
$id = $_POST["id"];
$marka = $_POST["mark"];
echo $id;
echo $marka;
$display = "SELECT * FROM motocykle WHERE id='$id';";
$run = mysqli_query($conn, $display);
if ($run) {
echo $display;
} else {
echo "not";
}
}
BUT:
https://imgur.com/a/RA5wuus
Where is the problem?

<option value="1">Name</option> has attribute value witch is sent to POST when form is submitted. You need to set it with probably ID from table and then after POST you filter by that ID in WHERE part of your SQL.
First change
<select name="mark" id="mark">
<?php
$query = $conn->query("SELECT id, mark FROM motocykle");
while($kategoria = mysqli_fetch_array($query))
{
echo '<option value="'.$kategoria['id'].'">'.$kategoria['mark'].'</option>';
}
?>
</select>
Second change
if(isset($_POST['findmoto'])) {
require 'dbh.inc.php';
$selectedId = intval($_POST["mark"]);
echo $selectedId;
$display = "SELECT * FROM motocykle WHERE id='$selectedId';";
$run = mysqli_query($conn, $display);
if($run)
{
echo $display;
}
else
{
echo "not";
}
}

Dynamically generate buttons with loop php

What I wan't to do is create buttons that are automatically generated from the database. So when I add a new record in the database the button is created Is this possible with a loop? So yes how do I create the button.
This is what I have so far:
<?php
$servername = "localhost";
$username = "root";
$password = "Iamthebest1009";
$dbname = "dktp";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM theme";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "". $row["theme_name"]. "<br>";
}
} else {
echo "no results";
}
$conn->close();
?>

Yes it is possible. you need to echo html
<?php
$servername = "localhost";
$username = "root";
$password = "Iamthebest1009";
$dbname = "dktp";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM theme";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$your_url ="https://www.google.com";
echo "". $row["theme_name"]. "<br>";
echo '<input type="button" name="' . $row["theme_name"]. '" value="'. $row["theme_name"].'">';
}
} else {
echo "no results";
}
$conn->close();
?>

I want to update the record in my sql but it updates all the data not getting the right id

this is form which shows the data which i have to update the data i get correctly i want when i pressed update button the data is update by using up.php file
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "alurdu_db";
$id = $_GET['id'];
mysql_query('SET CHARACTER SET utf8');
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error)
{
die("Connection failed: " . $conn->connect_error);
}
mysqli_set_charset($conn,"utf8");
$sql = "SELECT * FROM news WHERE news_id='$id'";
$result = $conn->query($sql);
if ($result->num_rows >0) {
while($row = $result->fetch_assoc()) {
?>
<form action="up.php" method="post" enctype="multipart/form-data">
<div class="form-group">
<input type="text" class="form-control" name="news_title" value="<?=$row["title"]?>">
<div class="col-md-2 text-center">News Title</div>
<button type="submit" class="btn btn-default text-align" style="background-color:#3c8dbc;color:white" value="">Update</button></a>
</form>
<?php
}
} else {
echo "Wrong Page";
}
$conn->close();
?>
this is up.php file i don't know why it does not getting the id if update without id it update all the data of the table
<?php
$news_title = $_POST["news_title"];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "alurdu_db";
$news_id = $_GET['id'];
mysql_query('SET CHARACTER SET utf8');
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
mysqli_set_charset($conn,"utf8");
$sql = " UPDATE news SET title='$news_title' WHERE news_id='$news_id' ";
if ($conn->query($sql) === TRUE) {
echo "Updated";
}
else {
echo "Error: " . $sql . "<br>" . $conn->error;
}
$conn->close();
?>

Looks like your SQL statement isn't in closed quotes. It should look like this:
$sql = "UPDATE news SET title='" . $news_title . "' WHERE news_id='" . $news_id . "'";

Find username and change his status string on a database

I have a code who prints the status of a player in HTML, but I want to add a button right on the side, and when I click it I want that status to change.
(There's a lot of players on the database and on the HTML, the problem I have is, when I click the button, the status of ALL the players change, so I need to find a way to find the steamid and change the status of that player by the steamid with the button and I don't know how to do it, here's the admin panel I'm trying to do: http://vanityrp.site.nfoservers.com/apply/admin.php)
Admin.php:
<?php
$servername = "localhost";
$username = "------";
$password = "------";
$dbname = "-----";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT avatar, name, status FROM Apps";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "
<form action='../apply/steamauth/status.php' method='post'>
<div class='advert'><img src='".$row["avatar"]. "'>\n</div><br>
<div name='username2' class='advert'>Username: ".$row["name"]. "\n<br></div>
<div class='advert'>Status: <font color='orange'>".$row["status"]."</font></div>\n<br>
<input type='submit' value='Deny' name='deny'/>
<input type='submit' value='Accept' name='accept'/>
<input type='submit' value='Remove' name='remove'/>
</form>
<hr>
";
}
} else {
}
$conn->close();
?>
And now status.php:
<?php
$servername = "localhost";
$username = "-----";
$password = "----";
$dbname = "-----";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$denied = $_POST['deny'];
$accepted = $_POST['accept'];
$remove = $_POST['remove'];
$username = $_POST['username2'];
if($accepted){
$sql = "UPDATE Apps SET status = replace(status,'Pending','Accepted.');";
$sql = "UPDATE Apps SET status = replace(status,'Denied','Accepted.');";
}elseif($denied){
$sql = "UPDATE Apps SET status = replace(status,'Pending','Denied.');";
$sql = "UPDATE Apps SET status = replace(status,'Accepted','Denied.');";
}elseif($remove){
#$sql = "DELETE FROM Apps WHERE id=$username";
}
$result = $conn->query($sql);
if ($conn->query($sql) === TRUE) {
echo "App has been denied/accepted successfully.";
header( "refresh:3;url=http://vanityrp.site.nfoservers.com/apply/admin.php" );
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
header("refresh:3;url=http://vanityrp.site.nfoservers.com/apply/admin.php");
}
?>

Try the following changes in your code
<form action='../apply/steamauth/status.php' method='post'>
<div class='advert'><img src='".$row["avatar"]. "'>\n</div><br>
<input type="hidden" name="userid" value='".$row["id"]."'/> <!--added a hidden variable "user your id column name in value"-->
<div name='username2' class='advert'>Username: ".$row["name"]. "\n<br></div>
<div class='advert'>Status: <font color='orange'>".$row["status"]."</font></div>\n<br>
<input type='submit' value='Deny' name='deny'/>
<input type='submit' value='Accept' name='accept'/>
<input type='submit' value='Remove' name='remove'/>
</form>
and in status.php
$denied = $_POST['deny'];
$accepted = $_POST['accept'];
$remove = $_POST['remove'];
$username = $_POST['username2'];
$id = $_POST['userid']; // get the hidden variable here
if($accepted){
$sql = "UPDATE Apps SET `status` = 'Accepted.' where id = $id;"; //check the condition
}elseif($denied){
$sql = "UPDATE Apps SET `status` = 'Denied.' where id = $id;";
}elseif($remove){
#$sql = "DELETE FROM Apps WHERE id=$username";
}

Change your query to select the steamid as well
$sql = "SELECT avatar, name, status, steamid FROM Apps";
Then in your form add a hidden input with the steamid as the value.
<input type='hidden' name='steamid' value='".$row['steamid']."' />
Then in your status.php
$steamid = $_POST['steamid'];
Then create prepared statements to help protect against SQL injection
$sql = "UPDATE Apps SET status = replace(status,'Pending','Accepted.') WHERE steamid = ?";
$stmt = $conn->prepare($sql);
$stmt->bind_param("i", $steamid);
$stmt->execute();

I think this can solve your problem:
<?php
$servername = "localhost";
$username = "------";
$password = "------";
$dbname = "-----";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, avatar, name, status FROM Apps";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "
<form action='../apply/steamauth/status.php' method='post'>
<div class='advert'><img src='".$row["avatar"]. "'>\n</div><br>
<div name='username2' class='advert'>Username: ".$row["name"]. "\n<br></div>
<div class='advert'>Status: <font color='orange'>".$row["status"]."</font></div>\n<br>
<input type='submit' value='".$row["id"]. "' name='deny'/>
<input type='submit' value='".$row["id"]. "' name='accept'/>
<input type='submit' value='".$row["id"]. "' name='remove'/>
</form>
<hr>
";
}
} else {
}
$conn->close();
?>
+
<?php
$servername = "localhost";
$username = "-----";
$password = "----";
$dbname = "-----";
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$denied = $_POST['deny'];
$accepted = $_POST['accept'];
$remove = $_POST['remove'];
$username = $_POST['username2'];
if($accepted){
$sql = "UPDATE Apps SET status = replace(status,'Pending','Accepted.') WHERE id='".$accepted."';";
$sql = "UPDATE Apps SET status = replace(status,'Denied','Accepted.') WHERE id='".$accepted."';";
}elseif($denied){
$sql = "UPDATE Apps SET status = replace(status,'Pending','Denied.') WHERE id='".$denied."';";
$sql = "UPDATE Apps SET status = replace(status,'Accepted','Denied.') WHERE id='".$denied."';";
}elseif($remove){
#$sql = "DELETE FROM Apps WHERE id={$remove}";
}
$result = $conn->query($sql);
if ($conn->query($sql) === TRUE) {
echo "App has been denied/accepted successfully.";
header( "refresh:3;url=http://vanityrp.site.nfoservers.com/apply/admin.php" );
} else {
echo "Error: " . $sql . "<br>" . $conn->error;
header("refresh:3;url=http://vanityrp.site.nfoservers.com/apply/admin.php");
}
?>

Try this
if($accepted){
$sql = "UPDATE Apps SET status = replace(status,'Pending','Accepted.') WHERE name='".$username."';";
$sql = "UPDATE Apps SET status = replace(status,'Denied','Accepted.') WHERE name='".$username."';";
}elseif($denied){
$sql = "UPDATE Apps SET status = replace(status,'Pending','Denied.') WHERE name='".$username."';";
$sql = "UPDATE Apps SET status = replace(status,'Accepted','Denied.') WHERE name='".$username."';";
}elseif($remove){
#$sql = "DELETE FROM Apps WHERE id={$remove}";
}

Categories