PHP - Displaying Specific data on a text boxes - php

I need to display only the id row of the database on a textbox, my problem was the data is displaying all id's rows and columns.
I was fetching all data in the database, but what I need is only the id on the database.
Here is my code in forms, input text fields and submit.
<form action="" method="POST">
<div class="row col-md-4">
<label>Amount</label>
<input type="text" name="id" class="form-control validate">
<br>
<input type="submit" class="form-control btn-warning" name="search" value="Search Data"></input><br>
<?php
$connection = mysqli_connect("localhost","root","");
$db = mysqli_select_db($connection, 'qrproject');
if(isset($_POST['search']))
{
$id = $_POST['id'];
$query = "SELECT * FROM scratch_cards WHERE amount='$id' ";
$query_run = mysqli_query($connection, $query);
while($row = mysqli_fetch_array($query_run))
{
?>
<form action="" method="POST">
<input type="text" name="code" value="<?php echo $row['code'] ?>" class="form-control validate" id="mapo">
<input type="text" name="pin" value="<?php echo $row['pin'] ?>" class="form-control validate" id="mact">
<input type="text" name="status" value="<?php echo $row['status'] ?>" class="validate form-control" id="soluong">
<input type="date" name="card_expiration" value="<?php echo $row['card_expiration'] ?>" class="validate form-control" id="cardex">
<input type="number" name="card_validity" value="<?php echo $row['card_validity'] ?>" class="validate form-control" id="cardval">
</form>
<?php
}
}
?>
</form>

From your comments, it seems what you want to do is output a single, random row which matches the $_POST['id'] value against the amount column in your table. You can do this by changing your query to this:
SELECT * FROM scratch_cards WHERE amount='$id' ORDER BY RAND() LIMIT 1
You can also change
while($row = mysqli_fetch_array($query_run))
to
if($row = mysqli_fetch_array($query_run))
although with the change to the query to limit the output to one row this is no longer absolutely necessary.
As has been pointed out, you are vulnerable to SQL injection, you should read this question to see how to resolve that.

Related

how to Edit a particular id in php

I have a page which is showing around 3000 entries. what i am trying to do is when i click on filter button the data of only that entry will change. but currently, when i click on filter button the data of all the entries are changing.
here is my code:-
<?php
include("config.php");
$sql="SELECT * FROM inventory_details where status ='0' limit 0,100";
$query=mysqli_query($conn, $sql);
while($row=mysqli_fetch_assoc($query)){
$id = $row['id'];
$inventorybackground = $row['inventorybackground'];
$inventorycolor = $row['inventorycolor'];
$firm_name = $row['firm_name'];
$position = $row['position'];
$city = $row['city'];
$catagory_name = $row['catagory_name'];
$supplier = $row['supplier'];
if (isset($_POST['update'])){
$position=$_POST['position'];
$update_query="UPDATE inventory_details SET position ='$position' WHERE id='$id'";
$run_update=mysqli_query($conn, $update_query);
}
?>
<div class="container">
<div class="row" style="background-color: <?php echo $inventorybackground; ?> !important; color: <?php echo $inventorycolor; ?>; padding-top: 10px;">
<form class="form-horizontal" method="post" enctype="multipart/form-data">
<div class="col-md-1 inventory-data">
<input type="text" class="form-control" id="id" name="id" value="<?php echo $id;?>" disabled>
</div>
<div class="col-md-3 inventory-data">
<input type="text" class="form-control" id="firm_name" name="firm_name" value="<?php echo $firm_name;?>" disabled>
</div>
<div class="col-md-1 inventory-data">
<input type="text" class="form-control" id="position" name="position" value="<?php echo $position;?>">
</div>
<div class="col-md-1 inventory-data">
<input type="text" class="form-control" id="city" name="city" value="<?php echo $city;?>" disabled>
</div>
<div class="col-md-2 inventory-data">
<input type="text" class="form-control" id="catagory_name" name="catagory_name" value="<?php echo $catagory_name;?>" disabled>
</div>
<div class="col-md-2 inventory-data">
<input type="text" class="form-control" id="supplier" name="supplier" value="<?php echo $supplier;?>" disabled>
</div>
<div class="col-md-2 inventory-data">
<button type="submit" name="update" value="update" class="btn btn-primary">Filter</button>
</div>
</form>
</div>
</div>
<?php } ?>
Currently, i am only trying to change the position and I think, this problem is because of loop.
Please help me out, Thanks in advance.
When you click the button, the entire list is updated on your loop to list the rows.
Add this code at your page to detect the form POST to do the update:
if ($_SERVER["REQUEST_METHOD"] === "POST") {
// perform update here
$id = $_POST['id'];
$position = $_POST['position'];
$update_query="UPDATE inventory_details SET position ='$position' WHERE id='$id'";
$run_update=mysqli_query($conn, $update_query);
}
Edit:
Your input can't be disabled, try to use input hidden to pass id to POST:
<input type="hidden" id="id" name="id" value="<?php echo $id;?>">
If you need to show the id on input text, change the name to different name istead of id, because it will be used from input hidden
while($row=mysqli_fetch_assoc($query)){
This has ending bracket on the end. So you are basically looping through all the data and updating it all. Do the update query outside of loop.
$update_query="UPDATE inventory_details SET position ='$position' WHERE id='$id'";
You have SQL injection vulnerability here, please use prepared statements.
https://www.w3schools.com/php/php_mysql_prepared_statements.asp
If id is integer, you dont have to put quotation marks around it

PHP - Randomized data displayed in text box when Submit is clicked

Hello I have a database and its data is this please see this image
I need a solution to this problem, the solution is i need the data to be change and not repeating, so when i input a value that is written on the database the displayed value on the textbox will not REPEAT and Change everytime i input the same value.
<form action="" method="POST">
<div class="row col-md-4">
<label>Amount</label>
<input type="text" name="id" class="form-control validate">
<br>
<input type="submit" class="form-control btn-warning" name="search" value="Search Data"></input><br>
//HERE IS WHERE I SUBMIT THE DATA RIGHT NOW IT IS NOT RANDOMIZED WHEN I SUBMIT AGAIN THE SAME VALUE APPEARS
<?php
$connection = mysqli_connect("localhost","root","");
$db = mysqli_select_db($connection, 'qrproject');
if(isset($_POST['search'])){
$id = $_POST['id'];
$query = "SELECT * FROM scratch_cards WHERE amount='$id' ";
$query_run = mysqli_query($connection, $query);
while($row = mysqli_fetch_array($query_run)) {
?>
<form action="" method="POST">
<input type="text" name="code" value="<?php echo $row['code'] ?>" class="form-control validate" id="mapo">
<input type="text" name="pin" value="<?php echo $row['pin'] ?>" class="form-control validate" id="mact">
<input type="text" name="status" value="<?php echo $row['status'] ?>" class="validate form-control" id="soluong">
<input type="date" name="card_expiration" value="<?php echo $row['card_expiration'] ?>" class="validate form-control" id="cardex">
<input type="number" name="card_validity" value="<?php echo $row['card_validity'] ?>" class="validate form-control" id="cardval">
</form>
<?php
}
}
?>
</form>
Maybe as per your comment, you need unique records, so you can use DISTINCT in your query so by giving DISTINCT to any column, you won't get repeated records.
Here in your case:
SELECT DISTINCT id, amount FROM scratch_cards WHERE amount='$id'
Maybe this can help you to get unique records

Get value from $_GET and use it as a ID

I have problem with reciving $_GET value, I need it as a ID to update my table.
Im using <a href='includes/edit_section.php?id=$id'>Change</a>. Variable $id is properly fetched and it is working, when I click on this link (because it is in table) it shows right value.
But problem is in next part, when I recive it with $_GET. I tryed to make variable ($id = $_GET['id']) but there is no any change.
When I execute this, nothing updates, when I replace $_GET with number it works perfectly.
My table looks like this Table(ID,Title,Paragraph,Image)
This is my code:
<?php
if(isset($_POST['submit'])) {
$title = $_POST['title'];
$paragraph = $_POST['paragraph'];
$query = "UPDATE table SET title = '{$title}', paragraph = '{$paragraph}' WHERE id = '{$_GET['id']}' ";
$c= mysqli_query($connection, $query);
}
This is my form
<form action="edit_section.php" method="post" enctype="multipart/form-data">
<div class="form-group">
<label for="title">Title</label>
<input type="text" class="form-control" name="title">
<label for="paragraph">Paragraph</label>
<input type="text" class="form-control" name="paragraph">
</div>
<div class="form-group">
<input class="btn btn-primary" type="submit" name="submit" value="cHANGE">
</div>
</form>
The problem is that you need to send the id when you submit the form, a traditional way of doing it is using a hidden type input, for example <input type="hidden" name="id" value="<?= $id ?>"> And of course it is necessary to pass the id to the view where the form is rendered
So you could try this
<form action="edit_section.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?= $id ?>">
<div class="form-group">
<label for="title">Title</label>
<input type="text" class="form-control" name="title">
</div>
<div class="form-group">
<label for="paragraph">Paragraph</label>
<input type="text" class="form-control" name="paragraph">
</div>
<div class="form-group">
<input class="btn btn-primary" type="submit" name="submit" value="cHANGE">
</div>
</form>
And when processing the form
<?php
if(isset($_POST['submit'])) {
$id = $_POST['id'];
$title = $_POST['title'];
$paragraph = $_POST['paragraph'];
$query = "UPDATE table SET title = '{$title}', paragraph = '{$paragraph}' WHERE id = '{$id}' ";
$c= mysqli_query($connection, $query);
}
I separated in its respective form-group the inputs of title and paragraph
At top add
$id = $_GET['id'];
then
basically problem is in
<form action="edit_section.php"
it should be
<form action="edit_section.php?id=<?php echo $id;?>"
plus in your update query id should be ID (capital).. also check for other column names for case-sensitivity
change the action for form at HMTL like tihs
<form action="edit_section.php?<?=$_GET['id']?>" method="post" enctype="multipart/form-data">
Add "id" as a hidden variable in your form.
Edited - Missed out an enclosing double quote for the hidden 'id' value in the form.
<form action="edit_section.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>">
<div class="form-group">
<label for="title">Title</label>
<input type="text" class="form-control" name="title">
<label for="paragraph">Paragraph</label>
<input type="text" class="form-control" name="paragraph">
</div>
<div class="form-group">
<input class="btn btn-primary" type="submit" name="submit" value="cHANGE">
</div>
</form>
Make the following changes to your PHP script
<?php
if(isset($_POST['submit'])) {
$title = $_POST['title'];
$id = $_POST['id'];
$paragraph = $_POST['paragraph'];
$query = "UPDATE table SET title = '{$title}', paragraph = '{$paragraph}' WHERE id = '{$id}' ";
$c= mysqli_query($connection, $query);
}
?>

Fetch data from database and update is not working

i have this code for the user-edit.php
what i need with this code is to fetch user data from database and show it to the textbox and also the user able to edit the textbox value and updating the database
<?php
include("config/session.php");
include("config/connection.php");
$user_id = $_SESSION['LOGGED_USER_ID'];
?>
<?php
$sql_query = "SELECT * FROM table_users WHERE `SNo` = '$user_id'";
$query = mysql_query($sql_query);
//$i = 1;
$fetch = mysql_fetch_assoc($query);
//$user_id = $_GET['id'];
?>
<form name="form1" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" >
<fieldset>
<p>
<label for="simple-input" >User Name</label>
<input type="text" id="UserName" class="round default-width-input" autofocus name="UserName" value="<?php echo $fetch['UserName'];?>" readonly="readonly" />
</p>
<p>
<label for="simple-input" >Password</label>
<input type="text" id="pass_word" class="round default-width-input" autofocus name="pass_word" value="<?php echo $fetch['pass_word'];?>" />
</p>
<p>
<label for="simple-input" >Email ID</label>
<input type="text" id="Email" class="round default-width-input" autofocus name="Email" value="<?php echo $fetch['Email'];?>" />
</p>
<p>
<label for="simple-input" >Website</label>
<input type="text" id="website" class="round default-width-input" autofocus name="website" value="<?php echo $fetch['website'];?>" />
</p>
</fieldset>
<input type="submit" class="btn btn-primary btn-large" name="form_submit" value="Update Data"/>
</form>
<?php
if(isset($_POST['form_submit']))
{
"UPDATE `table_users` SET `pass_word` = '".$_POST['pass_word']."',`Email` = '".$_POST['Email']."',`website` = '".$_POST['website']."', WHERE `SNo` = '$user_id'";
// sql query for update data into database
if(mysql_query($sql_query))
{
echo '<script type="text/javascript">';
echo 'alert("Data Are Updated Successfully");';
echo '</script>';
}
else
{
echo '<script type="text/javascript">';
echo 'alert("error occured while updating data");';
echo '</script>';
}
}
?>
</div>
</div>
</div>
been working with this for hours and still the data are not updated to the mysql database, been trying several way but still the textbox value cant update the database, please help
remove , before where in query
$sql_query="UPDATE `table_users` SET `pass_word` = '".$_POST['pass_word']."',`Email` = '".$_POST['Email']."',`website` = '".$_POST['website']."' WHERE `SNo` = '$user_id'";
store query in $sql_query because you not store update string into variable
without store in $sql_query you run sql query
if(mysql_query($sql_query)) so store update query in $sql_query

Fetch MySQL table data with specific value

I'm trying to edit the value and/or add more values to table options using PHP, here is a screen shot:
I started of with the following, now Im trying to see how I can pull the data that's associated with form_field_id, in this example is 5.
<?php
require_once("config/database.php");
$con = mysql_connect($config["db_server"],$config["db_user"],$config["db_pass"]);
mysql_select_db($config['db_name'], $con);
// get value of id that sent from address bar
$id=$_GET['form_field_id'];
// Retrieve data from database
$sql="SELECT * FROM options WHERE id='$form_field_id'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);
?>
<form name="form1" method="post" action="updated_values.php">
<input name="name" class="form-control" type="text" id="name" value="<? echo $rows['value']; ?>">
<input name="name" class="form-control" type="text" id="name" value="<? echo $rows['value']; ?>">
<input name="name" class="form-control" type="text" id="name" value="<? echo $rows['value']; ?>">
<input name="name" class="form-control" type="text" id="name" value="<? echo $rows['value']; ?>">
<input name="name" class="form-control" type="text" id="name" value="<? echo $rows['value']; ?>">
<input name="name" class="form-control" type="text" id="name" value="<? echo $rows['value']; ?>">
<button type="submit" /> Update </button>
</form>
Here is the updated code I added after your suggestion:
<?php
require_once("config/database.php");
$con = mysql_connect($config["db_server"],$config["db_user"],$config["db_pass"]);
mysql_select_db($config['db_name'], $con);
// get value of id that sent from address bar
$id=$_GET['form_field_id'];
// Retrieve data from database
$sql="SELECT * FROM options WHERE id='$id'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);
?>
<form name="form1" method="post" action="updated_values.php">
<?php
while($rows=mysql_fetch_array($result))
{
?>
<input name="name[]" class="form-control" type="text" id="name" value="<? echo $rows['value']; ?>">
<?php } ?>
<button type="submit" /> Update </button>
</form>
You have an error in your query, you are passing a variable thta you didn't assign so change first query as follow
$sql="SELECT * FROM options WHERE id='$id'";
//^here you used a wrong variable
You also need to loop throw your records to print all them, so change as follow
<form name="form1" method="post" action="updated_values.php">
<?php
while($rows=mysql_fetch_array($result))
{
?>
<input name="name[]" class="form-control" type="text" id="name[]" value="<? echo $rows['value']; ?>">
<?php } ?>
<button type="submit" /> Update </button>
</form>
Note that i also changed name of your input and i added [] so you will have an array of name input.
As side note i'd say your code is highly vulnerable to mysql injection and you should switch either to mysqli or PDO and use prepared statments to avoid any problems.
Your code looks right. You just need to change this:
$sql="SELECT * FROM options WHERE id='$form_field_id'";
to this:
$sql="SELECT * FROM options WHERE form_field_id='$id'";
All you had wrong was the variable and the column name, and to show the results you have to properly loop through all the rows you get.

Categories