I got a form with picture and submit button, which sends the user_id of the connected user and picture_id of the picture that they want to save into the table called pins in MySQL Database. I tried to pin different pictures from different users. Insert of user_id works but the picture_id stays the same(the last picture in pictures table) even though I click on submit below different pictures. Is it because of the form, or am I referring to it in a wrong way?
Im placing here the php code with the picture and the button to save it.
<?php
session_start();
require_once __DIR__.'/connect.php';
$sUsername = $_SESSION['txtUsername'];
try {
$stmt = $db->prepare('SELECT * FROM pictures INNER JOIN users ON users.user_id = pictures.user_id');
$stmt->execute();
$aRows = $stmt->fetchAll();
foreach ($aRows as $aRow) {echo
"<form action='display.php' method='POST'>
<div class=item><img src=images/$aRow->path>
<span class=caption>Picture id:$aRow->picture_id</span>
<input type='submit' name='submit'>
</div>
</form>";}
if (isset($_POST['submit'])) {
try {
$stmt = $db->prepare('SELECT * FROM users WHERE username = :sUserName');
$stmt->bindValue(':sUserName', $sUsername);
$stmt->execute();
$row = $stmt->fetch();
$iUserId = $row->user_id;
$stmt = $db->prepare('INSERT INTO pins VALUES( null, :iUserId, :iPictureId )');
$stmt->bindValue(':iUserId', $iUserId);
$stmt->bindValue(':iPictureId', $aRow->picture_id);
$stmt->execute();
}catch (PDOEXception $ex){
echo $ex;
}
}
}catch (PDOEXception $ex){
echo $ex;
}
?>
Related
I want to give user possibility to delete other users. I made a script where user get list over all users with delete button. Button start the script but doesn't delete user from the list. Here is my code:
function get_userlist(){
$select_users = $this->db->prepare("SELECT user_id, fname, lname, email
FROM user");
$select_users->execute();
echo "<tbody>";
while($row = $select_users->fetch(PDO::FETCH_ASSOC)){
echo "<form action='' method=''><tr><td>".$row["user_id"]."</td><td>".$row["fname"]."</td><td>
".$row["lname"]."</td><td>".$row["email"]."</td><td>
<input type='hidden' name='user_id' value=".$row["user_id"] . " >
<input type='submit' name='submit_delete' value='Delete'></td>
</tr></form>";
}
echo "</tbody></table>";
}
function delete_user($user_id)
{
$delete_user = $this->db->prepare("DELETE FROM user WHERE user_id = :user_id");
$delete_user->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$delete_user->execute();
}
And file where I use those functions:
$user = new USER($con);
$user->get_userlist();
if(isset($_POST['submit_delete'])){
$user_id = $_POST['user_id'];
$user->delete_user($user_id);
}
What am I doing wrong?
You are not passing $user_id variable to your delete_user function. Edit your code like this:
function delete_user($user_id)
{
$delete_user = $this->db->prepare("DELETE FROM user WHERE user_id = :user_id");
$delete_user->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$delete_user->execute();
}
I have been able to display the data from my database on to my website and I'm trying to delete a single row.
Now the button works but it completely deletes everything as you may tell from the code.
I have no idea on how to assign the delete button to a specific row in my table, where it just deletes that data in that specific row.
On top of this I have one delete button that sits upon my table and have no clue on how to set separate delete buttons for each row given.
admin.php (Displaying my data)
<?php
echo "<table style='box'>";
echo "<tr><th>ID</th><th>First Name</th><th>Last Name</th><th>Role</th>
<th>Email</th><th>Username</th><th>Delete</th><th>Amend</th></tr>";
class TableRows extends RecursiveIteratorIterator {
function __construct($it) {
parent::__construct($it, self::LEAVES_ONLY);
}
function current() {
return "<td style='box'>" . parent::current(). "</td>";
}
function beginChildren(){
echo "<tr>";
}
function endChildren(){
echo "</tr>";
}
}
require 'connection.php';
try {
$stmt = $conn->prepare("SELECT id, FirstName, LastName, Role, Email, Username FROM users");
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v){
echo $v;
}
}
catch (PDOException $e){
echo "Error: " . $e->getMessage();
}
$conn = null;
?>
<form method="post" action="delete.php">
<input <input class="btn-default" type="submit" name="login" value="Delete">
</form>
<?php
echo "</table>";
?>
delete.php
<?php
$servername = 'localhost';
$username = 'root';
$pass = 'root';
$database = 'tutor_database';
try {
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//sql to delete record.
$sql = "DELETE FROM users WHERE id = id";
$conn->exec($sql);
echo "Record deleted!";
} catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
I would show an image but I don't have enough reputation points to display it.
The WHERE clause in your DELETE statement will always return to true. On every row, ID will always equal ID. Hence, everything is deleted. You need to pass a parameter to delete script to filter on the row you want deleted. You can do so by a hidden HTML input value using get="method" of <form>.
However, the key is how to obtain that id from webpage's select query. Additionally, you will want to put the input button at the end of each row to delete the corresponding row's id. For these two items, you might have to return to traditional loop onto web page instead of the RecursiveArrayIterator() because we need to add a non fetched object (form delete button) into table.
admin.php (notice form button as last table cell of each row)
...same code as above...
try {
$stmt = $conn->prepare("SELECT id, FirstName, LastName, Role, Email, Username FROM users");
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
while($row = $result->fetch()) {
?>
<tr>
<td style="box"> <?php echo $row['id']; ?></td>
<td style="box"> <?php echo $row['FirstName']; ?></td>
<td style="box"> <?php echo $row['LastName']; ?></td>
<td style="box"> <?php echo $row['Role']; ?></td>
<td style="box"> <?php echo $row['Email']; ?></td>
<td style="box"> <?php echo $row['Username']; ?></td>
<td>
<form method="get" action="delete.php">
<input type="hidden" name="rowid" value="<?php echo $row['id']; ?>">
<input class="btn-default" type="submit" name="login" value="Delete">
</form>
</td>
<tr>
<?php
}
}
catch (PDOException $e){
echo "Error: " . $e->getMessage();
}
$conn = null;
delete.php (notice $id generated from $GET() and used in delete query)
$servername = 'localhost';
$username = 'root';
$pass = 'root';
$database = 'tutor_database';
try {
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// OBTAIN ROWID FROM $_GET
if(isset($_GET['rowid'])) {
$id = $_GET['rowid'];
}
// DELETE SPECIFIED ROW
$sql = "DELETE FROM users WHERE id = ".$id;
$conn->exec($sql);
echo "Record deleted!";
} catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
Trying to follow what you have. Have you tried setting the id to a var before doing?
$sql = "DELETE FROM users WHERE id = id";
Example:
$sql = "DELETE FROM users WHERE id = '$id'";
One problem is that your DELETE statement does not include a variable.
//sql to delete record.
$sql = "DELETE FROM users WHERE id = id";
You need something more like:
//sql to delete record.
$sql = "DELETE FROM users WHERE id = " . $id;
where $id is defined with the ID of the selected row.
Let's address another "hidden" problem.
Now the button works but it completely deletes everything as you may tell from the code.
Given the fact that you said this deletes ALL the records, I would guess that the id of each of your rows is the string 'id' and not a unique integer value.
DELETE FROM {table} WHERE id = {number} does not delete ALL records. It only deletes records matching the condition. You should make sure that you are setting id's correctly when adding rows. The id column should have the following properties: INT UNSIGNED NOT NULL AUTO_INCREMENT.
I am trying to create a button on my user list page to delete that row, or make that user an admin.
Here is the info for the user query and html:
<?php
$query = "SELECT * FROM users";
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute();
}
catch(PDOException $ex)
{
die("An Error has occured. Please contact the server administrator for assistance.");
}
$rows = $stmt->fetchAll();
?>
<?php foreach($rows as $row) : ?>
<?php
if($row['usertype'] == 2) {
$usertype = "<span style='color:#F7FE2E;'>Donator</span>";
} elseif($row['usertype'] == 3) {
$usertype = "<span style='color:red;'>Admin</span>";
} elseif($row['usertype'] == 4) {
$usertype = "<span style='color:orange;'>Owner</span>";
} else {
$usertype = "<span style='color:#585858;'>Normal</span>";
}
?>
<tr>
<!--<td><?php echo $row['id']; ?></td>-->
<td><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8');?></td>
<!--<td><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8');?></td>-->
<td><?php echo htmlentities($row['steamid'], ENT_QUOTES, 'UTF-8');?></td>
<td><?php echo $usertype?></td>
<td><form action="" method="post">
<input type="submit" name="admin" value="Promote" />
</form></td>
</tr>
<?php endforeach; ?>
And the code where I prepare and execute my update query:
if(!empty($_POST['admin']))
{
$query = "UPDATE `users` SET `usertype` = '3' WHERE `id` = " . $row['id'];
// $query_params = array(':id' => $row['id']);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute();
}
catch(PDOException $ex)
{
die("An Error has occured. Please contact the server administrator for assistance.");
}
}
Unfortunately I when I run this current setup, it updates the very last row. To further ask what I am looking for, is I have a list of users:
where "admin_b" is a button that forced $_POST['admin']
Billy admin_b
Bob admin_b
Jill admin_b
Jack admin_b
UPDATE:
So in my form I have an input with <input type="hidden" name="id" value="<?php $row['id']; ?>" /> and added this to my SQL $query = "UPDATE users SET usertype = '3' WHERE id = :id"; $query_params = array(':id' => $_POST['id']);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute();
}
catch(PDOException $ex)
{
die("An Error has occured. Please contact the server administrator for assistance.");
}
send an id with $_POST request, now you are always update user with id = $row['id']
WHERE `id` = " . $row['id'];
row[id]edit?=edit.php= ...
and let's say you have list all the members and beside them is an href, the code above will execute, it will display let's say Billy?edit.php=1, wherein 1 is his primary key, then for the next, when you scroll the cursor to the next href of the next user, Jim, it will display, Jim?edit.php=2, in your edit.php,
if(isset($_POST['edit])){
code goes here to make the user an admin..
You can also make an href for the delete, similar to this edit..
This is just an idea/hint that I can give to you, but your problem can be solved in many different ways, it just depends on your approach on how you could do it :D goodluck.
I have a table with inline editing using X-editable and everything is working fine including the value being submitted to the database, but for some reason it will display my echo in the else section.
Here is my PHP code:
require("config.php");
$userid = $_SESSION['user']['id'];
$sql = "SELECT fb_url, tw_url, ggl_url FROM social_preferences WHERE user_id = :userID";
$stmt = $db->prepare($sql);
$stmt->bindParam(":userID", $userid, PDO::PARAM_INT);
$stmt->execute();
$result = $stmt->fetch();
$pk = $_POST['pk'];
$name = $_POST['name'];
$value = $_POST['value'];
if(!empty($value)) {
try // save user selection to the database
{
$stmt = $db->prepare("UPDATE social_preferences SET tw_url = :twurl WHERE user_id = :userID");
$stmt->bindParam(":userID", $pk, PDO::PARAM_INT);
$stmt->bindParam(':twurl', $value);
$stmt->execute();
header("Location: admin-social.php");
die("Redirecting to admin-social.php");
} catch(PDOException $e) { echo 'Connection failed: ' . $e->getMessage(); }
}else {
echo 'Something went wrong!';
var_dump($value);
}
Here is my HTML code:
<a name="tw-url" id="tw-url" data-type="text" data-pk="<?php echo ($userid);?>" title="Edit"><?php echo ($result['tw_url']);?></a>
Like I said above everything seems to be working but it redirects to a page that will display my echo Something went wrong!even though it submitted the value to the DB. I included the var_dump to see if there is a value and that returns NULL. Can someone please help me? Any ideas why it would submit the right value to the database but redirect to my error?
Also, at what point does it send it to the database? I have a table in a form with a save button, but when I open the editable text and submit the new value does it send to the database when I save from the pop-over or when I click the save button in my table form?
The else statement is executing because when your details inserted into DB, you have set a header which redirects to the same page, in that case the variable $value value set to empty and your else statement executes.
The above answer is only valid if you set your header to same page.
I need some help I am trying to create a PHP form using sqlite3 database. I am looking up values from from an existing sqlite3 database in the table2 where the column id = 340 and display those values as a dropdown selection. Then once the value is selected by the user then the form is submitted by the users which updates the new values to the table1 with the values from the php form. I get it to display the names in the dropdown but when I click on the update button to submit the data it updates what the value is in the array.
For example lets say I have 3 fruits in the table and I select pear it updates the table with a "1" instead of the word "pear"
apple
pear
peach
PHP entry page Code:
<html>
<head>
<title></title>
</head>
<div class = "controlbox">
<body style="font-size:12;font-family:verdana">
<form action="post.php" method="post">
<p>
<h1> </h1>
<br>
<br>
Slot1 : <select name="slot1">
<option>--Available Options--</option>
<?php
try
{
$db = new PDO("sqlite:DefaultLibrary.db");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(Exception $e)
{
echo $e->getMessage();
}
$stmt2 = $db->query ("SELECT * FROM table2 where ID = '340' ");
$rowarray = $stmt2->fetchall(PDO::FETCH_ASSOC);
$slot1 = 0;
foreach($rowarray as $row)
{
echo "<option value = $slot1 >$row[FirstName] $row[LastName]</option>";
$slot1++;
}
?>
</select><br>
<p>
<input type="submit" name="update" value="update">
</p>
</form>
</body>
</html>
PHP Code: Post.php
<?php
$slot1 = sqlite_escape_string($_POST['slot1']);
try
{
$db = new PDO("sqlite:DefaultLibrary.db");
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
}
catch(Exception $e)
{
echo $e->getMessage();
}
if (!empty($slot1)) {
try
{
$stmt = $db->prepare("UPDATE table1 SET Slot1place = :slot1 WHERE ID = '340'");
$stmt->bindParam(':slot1', $slot1,PDO::PARAM_STR);
$stmt->execute();
}
catch(Exception $e)
{
echo $e->getMessage();
}
echo "submitted successfully";
}
?>
You dont use sqlite_escape_string if youre using a prepared statement like that. The values are going to be quoted witn they are bound to the statement.
I think you should check your html syntax (Is it missing tags, and the ).
Check it out at: http://www.w3schools.com/html5/tag_option.asp
echo "<option name = $name >$row[FirstName] $row[LastName]</option>";
Everything else is the right syntax