I have a database called simple_stall with table order_detail which have 4 columns ID Name Ordered_Item Quantity...currently after user submit their order, they'll be redirected to a page called order_detail.php...this page will show all ordered item in table with header ID Name Ordered_Item Quantity
now, when user click on someone's name from the table, i want to redirect user to a new page called view_more.php which will show the item ordered by the user however, nothing showed in the page.
This is my code:
index.php
<div class="container">
<form action="insert_data.php" method="POST">
<div>
<input type="text" name="Name" placeholder="Name">
</div>
<div>
<input type="text" name="Order" placeholder="Order">
</div>
<div>
<input type="text" name="Quantity" placeholder="Quantity">
</div>
<div>
<button type="submit" name="submit">Send Order</button>
</div>
</form>
</div>
insert_data.php
if (isset($_POST['submit']))
{
include_once 'dbh.php';
// Escape user inputs for security
$name = mysqli_real_escape_string($connection, $_POST['Name']);
$order = mysqli_real_escape_string($connection, $_POST['Order']);
$quantity = mysqli_real_escape_string($connection, $_POST['Quantity']);
// attempt insert query execution
$sql = "INSERT INTO order_detail (Name, Ordered_Item, Quantity) VALUES ('$name', '$order', '$quantity')";
if(mysqli_query($connection, $sql))
header("Location: ./order_detail.php?status=ordered");
else
echo "ERROR: Could not able to execute $sql. " . mysqli_error($connection);
// close connection
mysqli_close($connection);
}
else
{
header("Location: ./index.php?status=failed");
exit();
}
order_detail.php
<body>
<table>
<tr>
<th width="30px">No</th>
<th width="30%">Name</th>
<th width="30%">Ordered Item</th>
<th width="50px">Quantity</th>
</tr>
<?php
include_once 'dbh.php';
$query = "SELECT * FROM order_detail"; //You don't need a ; like you do in SQL
$result = mysqli_query($connection, $query);
echo "<table border = 1px>"; // start a table tag in the HTML
while($row = mysqli_fetch_array($result))
{
$name = $row['Name'];
//Creates a loop to loop through results
echo "<tr><td style = 'width:30px;'>" . $row['ID'] . "</td>
<td style = 'width:30%;'>" . "<a href='view_more.php?id=$name'>" . $row['Name'] . "</td>
<td style = 'width:30%;'>" . $row['Ordered_Item'] . "</td>
<td>" . $row['Quantity'] . "</td></tr>"; //$row['index'] the index here is a field name
}
echo "</table>"; //Close the table in HTML
mysqli_close($connection); //Make sure to close out the database connection
?>
view_more.php
if (isset($_POST['Name']))
{
include_once 'dbh.php';
$name = $row['Name'];
$query = "SELECT * FROM order_detail WHERE Name = $name";
$result = mysqli_query($connection, $query);
echo "<table border = 1px>"; // start a table tag in the HTML
while($row = mysqli_fetch_array($result))
{
//Creates a loop to loop through results
echo "<tr><td style = 'width:30px;'>" . $row['ID'] . "</td>
<td style = 'width:30%;'>" . $row['Name'] . "</td>
<td style = 'width:30%;'>" . $row['Ordered_Item'] . "</td>
<td>" . $row['Quantity'] . "</td></tr>"; //$row['index'] the index here is a field name
}
echo "</table>"; //Close the table in HTML
mysqli_close($connection);
}
It will not show,
because on view_more.php you have if (isset($_POST['Name'])) which will never be true since you are not using $_POST on view_more.php, you are using <td style = 'width:30%;'>" . "<a href='view_more.php?id=$name'>" . $row['Name'] . "</td> you are using normal link so replace it with this code
if (isset($_GET['id']))
{
include_once 'dbh.php';
$name = $_GET['id'];
$query = "SELECT * FROM order_detail WHERE Name = '$name'";
$result = mysqli_query($connection, $query);
echo "<table border = 1px>"; // start a table tag in the HTML
while($row = mysqli_fetch_array($result))
{
//Creates a loop to loop through results
echo "<tr><td style = 'width:30px;'>" . $row['ID'] . "</td>
<td style = 'width:30%;'>" . $row['Name'] . "</td>
<td style = 'width:30%;'>" . $row['Ordered_Item'] . "</td>
<td>" . $row['Quantity'] . "</td></tr>"; //$row['index'] the index here is a field name
}
echo "</table>"; //Close the table in HTML
mysqli_close($connection);
}
and you should be good to go, however, I highly recommend you to use proper php framework.
When generating the link to the view_more.php page, you're are injecting a GET param named id:
<a href='view_more.php?id=$name'>
And on the view_more.php page, you are testing for a POST param called name:
if (isset($_POST['Name']))
fix this to
if (isset($_GET['id']))
By the way, your code is really, really ugly. there are a tons of things done wrong :
unescaped params in SQL query : you are exposed to SQL injections which is a severe security breach.
coupled PHP and HTML scripts : take a look at Separation of Concerns and MVC Design pattern
Related
I am trying to use php and I am really new to it.
I create one page that (with a php code) send the info to the database and one page that display the info from the databse.
My question is: Lets say I am going to input 10 info , but I am displaying just 5 of them, how can I display the rest of the info clicking to a button for each row?
Do I have to assign to the button a value? I cant understand how I can relate the button to the row.
Basically for each row I want to display the rest of the info of that specific row clicking on that specific button.
Any help will be appricciate. thanks
----- script that insert the info in the db-----
<?php
$name = mysqli_real_escape_string($link, $_POST['name']);
$mail = mysqli_real_escape_string($link, $_POST['mail']);
$number = mysqli_real_escape_string($link, $_POST['number']);
$device = mysqli_real_escape_string($link, $_POST['device']);
$model = mysqli_real_escape_string($link, $_POST['model']);
$problem = mysqli_real_escape_string($link, $_POST['problem']);
$sql = "INSERT INTO cj (name, mail, number, device, model, problem) VALUES ('$name', '$mail', '$number', '$device', '$model', '$problem')";
$result = mysqli_query($link, $sql);
// if query fails stop script and echo error
if( $result === false)
{echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
exit;
}
header("location:add-customer.php?message=A job and customer has been added to the database");
exit;
echo "You'll never see this";
?>
----------- page that shows the info ------
<?php
$sql = "SELECT * from "database name"";
echo "
<table class='table'>
<thead>
<tr>";
/* Get field information for all columns */
echo "<form action='' method=post>";
echo "<tr class='info'>
<input type=hidden name=hidden value=" . $row['id'] . ">
<td>" . $row['id'] . "</td>
<td>" . $row['device'] . "</td>
<td>" . $row['model'] . "</td>
<td>" . $row['problem'] . "</td>
<td>
</td>
<td>
<a class='btn btn-primary btn-sm' data-toggle='modal' data-target='#myModal' value= " . $row['id'] . " > Info</a></form></td>
</tr>";
echo "</form>";
}
echo "
</tbody>
</table>";
?>
<div class="container">
<!-- Trigger the modal with a button -->
<!-- Modal -->
<div class="modal fade" id="myModal" role="dialog">
<div class="modal-dialog modal-lg">
<!-- Modal content-->
<div class="modal-content">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">×</button>
<h4 class="modal-title">Customer Information</h4>
</div>
<div class="modal-body">
<?php
include("../includes/connection.php");
if ($link->connect_errno > 0) {
die('Unable to connect to database [' . $link->connect_error . ']');
}
$sql = "SELECT name,mail,number from databasename WHERE **???**;
if (!$result = $link->query($sql)) {
die('There was an error running the query [' . $link->error . ']');
}
echo "
<table class='table'>
<thead>
<tr>";
/* Get field information for all columns */
while ($finfo = $result->fetch_field()) {
echo "
<th>" . $finfo->name . "</th>";
}
echo "
</tr>
</thead>
<tbody>";
while ($row = $result->fetch_assoc()) {
echo "<tr class='info'>
<td>" . $row['name'] . "</td>
<td>" . $row['mail'] . "</td>
<td>" . $row['number'] . "</td>
</tr>";
...
Connect to datatabase and get all 10 info with PHP. But show only 5 info. Put a button there, and use Javascript or Jquery to show other rows. (Onclick event)
I found a solution using ajax:
here is the code: (an ajax call to a third php page which fixed my problem)
<script>
$(document).ready(function(){
$('.get_info').click(function(){
var job_id = $(this).parent().siblings('input[name=hidden]').val();
$.ajax({
url: 'THIRDPAGE.php',
data: 'job_id=' + job_id,
type: 'POST',
success: function(data){
// console.log(data);
$('.info_data').html(data);
}
});
});
});
</script>
For the oone that is getting here just comment and I can explain better what I did.
I have echoed my database table onto my website and have tick option next to the table where you can tick it and delete any of the entries from the website, it should delete it from the database. For some reason its not working, I'm a beginner and any help would be greatly appreciated thanks.
<form method="" action="tester.php">
<?php
include 'connect_to_mysql.php';
$count=mysql_num_rows($result);
$result = mysql_query("SELECT * FROM booking ORDER BY ID ASC");
echo "<table border='1'>
<tr>
<th>DEL</th>
<th>Name</th>
<th>Email ID</th>
<th>Phone Number</th>
<th>Collection Address</th>
<th>Collection Date</th>
<th>Collection Time</th>
<th>Make & Model</th>
<th>Message</th>
</tr>";
while($row = mysql_fetch_array($result))
{
?>
<td align="center" bgcolor="#FFFFFF"><input name="delete_these[]" type="checkbox" id="checkbox[]" value="<?php echo $row['ID']; ?>"></td>
<?php
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['email'] . "</td>";
echo "<td>" . $row['phonenumber'] . "</td>";
echo "<td>" . $row['collectionaddress'] . "</td>";
echo "<td>" . $row['collectiondate'] . "</td>";
echo "<td>" . $row['collectiontime'] . "</td>";
echo "<td>" . $row['makemodel'] . "</td>";
echo "<td>" . $row['message'] . "</td>";
echo "</tr>";
}
echo "</table>";
?> <br>
<td colspan="5" align="center" bgcolor="#FFFFFF"><input name="delete" type="submit" id="delete" value="Delete"></td>
</tr>
<?php
// Check if delete button active, start this
if(isset($_GET['delete'])) {
for($i=0;$i<$count;$i++){
$id = $checkbox[$i];
print_r($_GET['delete_these']);
$ids = implode(', ', $_POST['delete_these']);
$sql = "DELETE FROM booking WHERE id IN($ids)";
echo "<br />SQL: $sql<br />";
$result = mysql_query($sql);
}
// if successful redirect to delete_multiple.php
if($result){
}
}
mysql_close();
?>
</form>
you have add method in your form tag--
<form method="post" action="tester.php" >
and also replace if(isset($_GET['delete'])) to if(isset($_POST['delete']))
Replace your form tag by:
<form method="post" action="tester.php">
then these 3:
if(isset($_POST['delete']))
$id =(int)$_POST['delete_these'][$i];
$sql = "DELETE FROM booking WHERE id=$id";
at the place of these 3:
if(isset($_GET['delete']))
$id = $checkbox[$i];
$sql = "DELETE FROM booking WHERE id IN($ids)";
Your $id = $checkbox[$i]; works only if register_globals directive is on, which is now deprecated (and removed as of PHP 5.4) because of security issues it causes, and if it exists in the version of PHP you are using most hosting services turn it off.
You'll be sending the data through post so you access them through $_POST. the (int) before the $_POST is to cast anything to integer so if the user try to send a string it will become 0, this will protect you from sql injection.
SIDE NOTE you should stop using mysql_* functions as they are deprecated. Check out PDO or mysqli
As the title says, and this is not probably a question, more a hint how to do it.
I have table with four fields, id (auto+primary), firstname, lastname, age.
On my index page I select *, then I make the firstname to a link which goes to antoher page which I want to show all data for that record.
For the moment I have to do it manually "select * from " where id="2". (the other page)
How do I make the link to autodetect "the id from that record set" and only display data from that record.
You can see my curreny project here,
http://www.adamskymotorkylare.se/business/
as you can see, when you click the "firstname" it will always display data where id=2 ( paris hilton ), what I want it to do, it when I click "jack" it will select * from where id="1"
Thanks in advance, Jack
"index page"
$result = mysqli_query($con,"SELECT * FROM persons");
echo "<table width=100%>
<tr>
<th>ID</th>
<th>Firstname</th>
<th>Lastname</th>
<th>Age</th>
<th>Gender</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
$id = $row['id'];
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td> <a href='view_more.php?id= . $id .'>" . $row['firstname'] . "</a> </td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['age'] . "</td>";
echo "<td>" . $row['gender'] . "</td>";
echo "</tr>";
}
echo "</table>";
"viewmore page"
$id = $_get['id'];
$result = mysqli_query($con,"SELECT * FROM persons
WHERE id='$id'");
echo "<table width=100%>
<tr>
<th>Firstname</th>
<th>Lastname</th>
<th>Age</th>
<th>Gender</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td> <a href='#'>" . $row['firstname'] . "</a> </td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['age'] . "</td>";
echo "<td>" . $row['gender'] . "</td>";
echo "</tr>";
}
echo "</table>";
Try this, on your page that indexes the users:
while($row = mysqli_fetch_array($result))
{
$id = $row['id'];
$firstName = $row['firstName'];
echo ('' . $firstName . '');
}
This means if someone clicks the first name they will be sent to user_account.php (can replace this obviously) and you will pass in the ID via the URL (user_account.php?id=123).
On the User Account page you want to do the following:
// GET ID FROM THE URL
$id = $_GET['id'];
$result = mysqli_query($con,"SELECT (WHATEVER YOU WANT) FROM (YOUR TABLE) WHERE id = $id");
Notes:
Replace variables and query with the details you need.
I hope that goes some way to helping.
UserFirstName
$id is user record id first column of your table so when you send it to view_more.php page you can get clicked id $_GET['id']; and get user records for that id and link is user name
and $id you get form data base the way you get first name
index.php
<?php
$sql =mysql_query("select * from `table`");
while($row = mysql_fetch_array($sql)){
?>
<?php $id = $row['id']; ?>
<?php echo ucwords($row['Firstname']); ?>
<?php
}
?>
on index.php anchor tag will send the user id to detail.php
detail.php
<?php
$id = $_REQUEST['cid'];
$sql =mysql_query("select * from `table` where id='".$id."'");
while($row = mysql_fetch_array($sql)){
?>
<tr>
<th>First Name:</th>
<th>Last Name:</th>
<th>Age Name:</th>
<th>Gender:</th>
</tr>
<tr>
<td><?=$row['firstname']?></td>
<td><?=$row['lastname']?></td>
<td><?=$row['age']?></td>
<td><?=$row['gender']?></td>
</tr>
<?php
}
?>
on detail.php $id get the user id from index.php. After that id helps in query and while loop which is get and show the user data from database.
This is my code:
<?php
require("../EmptyPHP.php");
$query = "SELECT name, id FROM bank";
$result = mysql_query($query);
echo "<table style=width:40% border=1>";
echo "<tr>
<td width=50%>BANK NAME</td>
<td width=50%>BANK ID</td>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr><td >" . $row['name'] . "</td><td><a name=detail
href=viewDetails.php >" . $row['id'] . "</a></td></tr>";
}
echo "</table>";
?>
I get bank name and bank id as output, and I have to make when I click on particular bank id , that id has to be displayed in the next page i.e viewDetails.php .. so how to make that?
try below code and make sure the location/path of view details page is right.Otherwise change your path.
<?php
require("../EmptyPHP.php");
$query = "SELECT name, id FROM banktb";
$result = mysql_query($query);
echo "<table style=width:40% border=1>";
echo "<tr>
<td width=50%>BANK NAME</td>
<td width=50%>BANK ID</td>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr><td >" . $row['name'] . "</td><td><a id='detail' name='detail' href='#'>" . $row['id'] . "</a></td></tr>";
}
echo "</table>";
?>
<script src="//ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js"></script>
<script type="text/javascript">
$(document).ready(function(){
$("#detail").click(function(){
var getval=this.text;
this.href="viewDetails.php?"+getval;
});
});
</script>
now you will get id of particular click in viewdetail page..Now you have to get that particular id via get method and then fetch data of particular id using sql query.
You can pass the id through url like:
"</td><td><a name=detail href=viewDetails.php?id=".$row['id'].">" . $row['id'] . "</a>
and can access it in the viewDetails.php page with
$id=$_GET['id'];
You have to use $_GET[]; in your case.
add this to your php code
viewDetails.php?bankname=$row['name']&bankid=$row['id']
and in your viewDetails.php you have to get those variables using.
echo $name = $_GET['bankname'];
echo $id = $_GET['bankid'];
Hope it helps.
every time user insert information and click add button, new data will store to database and echo into this table
table
<tr>
<td colspan="4" align="right">
<input type="image" value="image" src="images/btn_add.gif" onclick="action_1()">
</td>
</tr>
<tr>
<td colspan="2" class="title_all_u">Family Member Summary</td>
</tr>
<tr>
<td>
<?php
$query = "SELECT * FROM family_child WHERE LAS_login_id = ($emp_id)";
$result = mysql_query($query) or die(mysql_error());
echo "<table border='1'>
<tr>
<th>Family Type</th>
<th>Name</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['family_child_type'] . "</td>";
echo "<td>" . $row['family_child_name'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
</td>
</tr>
and this is insert query
if ( $action ==3 ) {
$spouse_type = $_POST['spouse_type'];
$spouse_name = $_POST['spouse_name'];
$sql1 = "INSERT INTO family_spouse (LAS_login_id, spouse_type, spouse_name) VALUES ('$LAS_login_id', '".strtoupper($spouse_type)."','".strtoupper($spouse_name)."')";
this 2 code is working for insert into database and echo in the page.
How can I add delete button below echo "<td>" . $row['family_child_name'] . "</td>"; for each row that I echo so user can delete the wrong row in the display table.
echo "<td>" . $row['family_child_name'] . " <a href='page.php&action=delete&id=family_name_id'>Delete</a></td>
Then in your page get (if action == delete) > execute your query to delete the row where the ID is the id of the family child name table.
$query = "SELECT * FROM family_child WHERE LAS_login_id = ($emp_id)";
$result = mysql_query($query) or die(mysql_error());
echo "<table border='1'>
<tr>
<th>Family Type</th>
<th>Name</th>
<th>Action</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>
<td>" . $row['family_child_type'] . "</td>
<td>" . $row['family_child_name'] . "</td>
<td>
<a href='../path/process.php?action=delete&id=".$row['family_child_id']."'>
DELETE RECORD
</a>
</td>
</tr>";
}
echo "</table>";
?>
on process page check action = delete and write query for delete there
family_child_id = ur primary key of table change according to ur table details
EDIT
PROCESS PAGE:
if($_GET["action"] == "delete")
{
$sql3="DELETE FROM family_child WHERE LAS_login_id =".$_GET["LAS_login_id"];
$result3 = mysql_query($sql3);
if (mysql_affected_rows() > 0)
{
header("location:dashboard.php?tab=1");
}
}
this coding working perfectly. i tried in my pc and posted this code here. it will insert the delete button automatically when u insert the new record. and then if u click delete button it will delete the row details in mysql db..
<body>
<?
echo "<tr>
<td>";
// your database connection
// select database
$query = ("SELECT * FROM family_child");
$result = mysql_query($query) or die(mysql_error());
echo "<table border=1>
<tr>
<th>Family Type</th>
<th>Name</th>
<th>Delete Record</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['family_child_type'] . "</td>";
echo "<td>" . $row['family_child_name'] . "</td>";
echo "<td><form method=post>
<input name=id type=hidden value='".$row['family_child_name']."';>
<input type=submit name=submit value=Delete>
</form></td>";
echo "</tr>";
}
echo "</table>";
echo "</td>
</tr>";
// delete record
if($_SERVER['REQUEST_METHOD'] == "POST")
{
if(isset($_POST['id']))
{
$id = mysql_real_escape_string($_POST['id']);
$sql = mysql_query("DELETE FROM family_child WHERE family_child_name ='$id'");
if(!$sql)
{
echo ("Could not delete rows" .mysql_error());
}
}
}
?>