The $imagedoes not get assigned any thing. The alert displays an empty string. The update query is working perfectly.
<?php
if(isset($_POST['EditProfilebu']))
{
$id = $_GET['id'];
$username = $_POST['Name'];
$Email = $_POST['Email'];
$PostalCode = $_POST['PostalCode'];
$Address = $_POST['Address'];
$text = $_POST['text'];
$image = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
move_uploaded_file($image_tmp,"images/$image");
echo "<script>alert('$image')</script>";
move_uploaded_file($image_tmp,"images/$image");
$query = "update users set UserName='$username',UserEmail='$Email',Picture='$image',PostalCode='$PostalCode',Address='$Address',Text='$text' where UserId='$id'";
$run = mysqli_query($mysqli,$query);
if($run)
{
echo "<script>alert('Updated')</script>";
}
}
?>
Related
I am wanting to keep a table log history of executed MySQLI queries and log the specific user who executed a query and date & time the query was executed - on any (all) of my PHP pages.
What is the best way and simplest way to achieve this?
PHP
session_start();
if(!isset($_SESSION["username"])){
header("Location: login.php");
exit(); }
$connection = mysqli_connect("****", "****", "****", "****");
if (!$connection) {
die("Database connection failed: " . mysqli_connect_error());
}
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
Recommendation from a SO user:
However, there are errors with this suggestion ...many.
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$log_action = mysqli_query($connection,$query);
$result = mysqli_query($connection,$query);
if($result) {
define("LOG_FILE", "https://www.*******.com/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
$message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
Write a wrapper library that logs all the mysqli calls that you want to record, e.g.
function my_mysqli_query($link, $query, $resultmode = MYSQLI_STORE_RESULT) {
log_action('mysqli_query', $query);
return mysqli_query($link, $query, $resultmode);
}
function my_mysqli_prepare($link, $query) {
log_action('mysqli_prepare', $query);
return mysqli_prepare($link, $query);
}
...
define("LOG_FILE", "/path/to/logfile.txt");
function log_action($action, $data) {
$time = date('Y-m-d h:i:s');
$user = isset($_SESSION['username']) ? $_SESSION['username'] : '';
message = "$time\tuser=$user\taction=$action\tdata=$data\n";
file_put_contents(LOG_FILE, $message, FILE_APPEND);
}
I've written it to log to a file. You could log to a database table instead, it's just more code in log_action().
Then do a global replace in all your other scripts, replacing mysqli_query with my_mysqli_query, mysqli_prepare with my_mysqli_prepare, and so on. So your code would look like:
if(isset($_POST['update'])) {
$accountNo = $_GET['ID'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$dob = $_POST['dob'];
$email = $_POST['email'];
$phone = $_POST['phone'];
$address = $_POST['address'];
$town = $_POST['town'];
$postcode = $_POST['postcode'];
$query = "UPDATE usertable set firstname = '".$firstname."', surname='".$surname."', dob='".$dob."', email='".$email."', phone='".$phone."', address='".$address."', town='".$town."', postcode='".$postcode."' where accountNo='".$accountNo."'";
$result = my_mysqli_query($connection,$query);
if ($result) {
echo "Update successful";
}
}
When I tried to update some data in my library management system, the data doesn't update. It just keep on saving the same data. Here's the code:
if(isset($_POST['submit'])){
$postID = #$_POST['stud_id'];
$getID = #$_GET['stud_id'];
$postFullName = $_POST['fullname'];
$postEmail = $_POST['email'];
$postContact = $_POST['contact'];
$postSection =$_POST ['section'];
$postUsername = $_POST['username'];
$postPassword = $_POST['password'];
$postType = $_POST['type'];
$postStatus = $_POST['status'];
$rs3 = $db->query("SELECT * FROM users WHERE stud_id = '$postID' ");
$check = $rs3->num_rows;
if ($check > 0)
{
if ($action == "edit")
{
$edit = $db -> query("UPDATE users SET stud_id='$postID', fullname = '$postFullName', email = '$postEmail' , contact = '$postContact', section = '$postSection',username = '$postUsername',password = '$postPassword',type = '$postType', status = '$postStatus' WHERE user_id = '$postID' ");
echo "Record Updated.";
}
else
{
$edit = $db -> query("UPDATE users SET stud_id='$postID', fullname = '$postFullName', email = '$postEmail' , contact = '$postContact', section = '$postSection',username = '$postUsername',password = '$postPassword',type = '$postType', status = '$postStatus' WHERE user_id = '$postID' ");
echo "Record Updated.";
}
}
<?php
if (isset($_GET['id']) && filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
$id=$_GET['id'];
}else{
header('HTTP/1.0 404 Not Found');
exit("<h1>Not Found</h1>\n<p>The submitted data is not valid.</p>");
}
$query = "SELECT * FROM all_parks WHERE id = $id";
$result = mysqli_query($conn, $query) or die ("Error querying database.");
$row = mysqli_fetch_array($result);
$state = $row['state'];
$type = $row['type'];
$name = $row['name'];
$short_intro = $row['short_intro'];
$long_description = $row['long_description'];
$parkimage = $row['image_url'];
$allowed = $row['allowed'];
$not_allowed = $row['not_allowed'];
$warnings = $row['warnings'];
$more_details = $row['more_details'];
$neighboring_parks = ['neighboring_parks'];
$website = ['website'];
$camping = ['camping'];
$hiking = ['hiking'];
$volunteer = ['volunteer'];
$map = ['google_map_location'];
$telephone = ['telephone'];
$email = ['email'];
?>
$map, $website, $camping, $hiking is giving a 404 error for the link
$parkimage is not showing
$volunteer, $donate, $neighboring_parks is echoing 'Array' on the page
you forgot to write $row , Use this code-
<?php
if (isset($_GET['id']) && filter_var($_GET['id'], FILTER_VALIDATE_INT)) {
$id=$_GET['id'];
}else{
header('HTTP/1.0 404 Not Found');
exit("<h1>Not Found</h1>\n<p>The submitted data is not valid.</p>");
}
$query = "SELECT * FROM all_parks WHERE id = $id";
$result = mysqli_query($conn, $query) or die ("Error querying database.");
$row = mysqli_fetch_array($result);
$state = $row['state'];
$type = $row['type'];
$name = $row['name'];
$short_intro = $row['short_intro'];
$long_description = $row['long_description'];
$parkimage = $row['image_url'];
$allowed = $row['allowed'];
$not_allowed = $row['not_allowed'];
$warnings = $row['warnings'];
$more_details = $row['more_details'];
$neighboring_parks = $row['neighboring_parks'];
$website = $row['website'];
$camping = $row['camping'];
$hiking = $row['hiking'];
$volunteer = $row['volunteer'];
$map = $row['google_map_location'];
$telephone = $row['telephone'];
$email = $row['email'];
?>
It Will Work.
Use while ($row = mysqli_fetch_array($result)), it will work.
I want to store user's contact no. from an android registration form in SQL database but it shows 'failure' instead of 'success' when i try to add $_post['contact'] code to my PHP file.
This is my PHP file.
register.php
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact =(int)$_POST['contact'];
$institute = $_POST['institute'];
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','contact-no','$institute')";
if(mysqli_query($con,$sql)){
echo 'success';
}
else{
echo 'failure';
}
mysqli_close($con);
?>
Please tell me what i am doing wrong in it. thank you
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact =$_POST['contact'];
$institute = $_POST['institute'];
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address',$contact,'$institute')";
$result=$con->query($sql);
if($result)
{
echo 'success';
}
else{
echo 'failure';
}
$con->close();
?>
remove the int for $POST_['contact'] and dnt use single quotes('') for $contact while inserting since it is a integer for string value you should give single quotes
Try this
<?php
define('HOST','mysql8.000webhost.com');
define('USER','a6293046_******');
define('PASS','*********');
define('DB','a6293046_insti');
$con = mysqli_connect(HOST,USER,PASS,DB);
//change 'somename' with the name of submit button!
if(isset($_POST['somename'])){
$error=0;
$name = $_POST['name'];
$email = $_POST['email'];
$address = $_POST['address'];
$contact = $_POST['contact'];
$institute = $_POST['institute'];
if(is_numeric($contact)){
$error=1;
}
if($error==1){
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";
$insert= mysqli_query($con,$sql);
echo 'success';
}
else{
echo 'failure';
}
}
?>
this code will insert data in database only if $contact is numeric otherwise there will not be insert
'contact-no' is not variable.
change 'contact-no' to $contact
try this code
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";
Offcoarse it will: you have an mistake in your SQL, you lost dollar sign and you should use $contact variable not $contact-no
$sql = "insert into Persons (name,email,address,contact-no,institute) values ('$name','$email','$address','$contact','$institute')";
I've looked around and haven't found particularly what I'm after.
I have quite a few forms with text input and file uploads.
I've figured how to upload a file, give it a unique ID and get it into my web server folder. Pretty smooth sailing. However, I would like to also get that fancy new ID into my MySQL database.
I've separated my upload.php page with text forms going to the database
<?php
//Connecting and Sending data to the database follows
$dbc = mysqli_connect('localhost', 'root', 'root', 'surfboardhub')
or die('Error connecting to MySQL server');
//Get values from
$location = "";
$price = "";
$thick = "";
$width = "";
$height ="";
$model = "";
$brand = "";
$email = "";
$category = "";
if(isset($_POST['location'])){ $location = $_POST['location']; }
if(isset($_POST['price'])){ $price = $_POST['price']; }
if(isset($_POST['thick'])){ $thick = $_POST['thick']; }
if(isset($_POST['width'])){ $width = $_POST['width']; }
if(isset($_POST['height'])){ $height = $_POST['height']; }
if(isset($_POST['model'])){ $model = $_POST['model']; }
if(isset($_POST['brand'])){ $brand = $_POST['brand']; }
if(isset($_POST['email'])){ $email = $_POST['email']; }
//if(isset($_POST['image'])){ $imagename = $_POST['imagename']; }
//if(isset($_POST['mime'])){ $mime = $_POST['mime']; }
$query = "INSERT INTO uploads (location, price, thick, width, height, model, brand, email,category)
VALUES ('$location', '$price','$thick','$width','$height', '$model', '$brand', '$email','$category')";
$result = mysqli_query($dbc,$query)
or die('Error querying database.');
mysqli_close($dbc);
and then my bit to get the file to its new location in my web server.
$name = $_FILES['image']['name'];
$extension = strtolower(substr($name, strpos($name, '.') + 1));
$type = $_FILES['image']['type'];
$tmp_name = $_FILES['image']['tmp_name'];
if (isset($name)) {
if (!empty($name)) {
if (($extension=='jpg'||$extension=='jpeg'||$extension=='png'||$extension=="gif")&&$type=='image/jpeg'||$type=='image/png'||$type=='image/gif') {
$location = 'uploads/';
$location = $location . uniqid();
if (move_uploaded_file($tmp_name, $location.$name)) {
echo 'uploaded!';
}
else {
echo 'There was an error.';
}
} else {
echo 'File must be jpg/jpeg, png, or gif.';
}
} else {
echo 'Please choose a file';
}
}
?>
Basically, I need to get that new unique ID to go to where the text information is going, because they're all being submitted at once. And I'd like to be able to figure out who uploaded what if need be. If it didn't have a unique ID I can get it to work, but for some reason having that uniqid trips me up. Thoughts? Much obliged.
Save the uniqid() to a PHP variable and then you can use it in more than one place:
First, create an ID:
<?php
$ID = uniqid();
?>
Then, save your file, using your new $ID variable:
<?php
$name = $_FILES['image']['name'];
$extension = strtolower(substr($name, strpos($name, '.') + 1));
$type = $_FILES['image']['type'];
$tmp_name = $_FILES['image']['tmp_name'];
if (isset($name)) {
if (!empty($name)) {
if (($extension=='jpg'||$extension=='jpeg'||$extension=='png'||$extension=="gif")&&$type=='image/jpeg'||$type=='image/png'||$type=='image/gif') {
$location = 'uploads/';
$location = $location . $ID;
if (move_uploaded_file($tmp_name, $location.$name)) {
echo 'uploaded!';
} else {
echo 'There was an error.';
}
} else {
echo 'File must be jpg/jpeg, png, or gif.';
}
} else {
echo 'Please choose a file';
}
}
?>
Then, save your data to the db, including $ID
<?php
//Connecting and Sending data to the database follows
$dbc = mysqli_connect('localhost', 'root', 'root', 'surfboardhub')
or die('Error connecting to MySQL server');
//Get values from
$location = "";
$price = "";
$thick = "";
$width = "";
$height ="";
$model = "";
$brand = "";
$email = "";
$category = "";
if(isset($_POST['location'])){ $location = $_POST['location']; }
if(isset($_POST['price'])){ $price = $_POST['price']; }
if(isset($_POST['thick'])){ $thick = $_POST['thick']; }
if(isset($_POST['width'])){ $width = $_POST['width']; }
if(isset($_POST['height'])){ $height = $_POST['height']; }
if(isset($_POST['model'])){ $model = $_POST['model']; }
if(isset($_POST['brand'])){ $brand = $_POST['brand']; }
if(isset($_POST['email'])){ $email = $_POST['email']; }
//if(isset($_POST['image'])){ $imagename = $_POST['imagename']; }
//if(isset($_POST['mime'])){ $mime = $_POST['mime']; }
$query = "INSERT INTO uploads (ID, location, price, thick, width, height, model, brand, email,category)
VALUES ('$ID', '$location', '$price','$thick','$width','$height', '$model', '$brand', '$email','$category')";
$result = mysqli_query($dbc,$query)
or die('Error querying database.');
mysqli_close($dbc);
?>