So I'm trying to delete a comment on the website and also from database, but it just works find on web site. After I click delete button, the comment is gone, but nothing changed in my database. After I refresh the page, the comments I deleted appear again.
So I think, somehow, ajax makes php disconnect to MySQL database anymore.
jquery:
$(".delete").each(function (index4) {
$(this).on("click",function (event) {
$(this).parent().parent().load("../public/form/delete_comments.php", {index4:index4}, function () {
$(this).remove();
});
})
php:
<?php
require_once "../../private/initialize.php";
$id = $_SESSION['id'];
$thread_clicked = isset($_POST['index4'])?$_POST['index4']:'';
$req_user = "SELECT * FROM log_in WHERE id='" .$id. "'";
$result_user = mysqli_query($db,$req_user);
$subject_user = mysqli_fetch_assoc($result_user);
$req = "DELETE FROM comments WHERE user=`" .$subject_user['account']. "` AND c_id=`" .$thread_clicked. "`";
$result = mysqli_query($db,$req);
UPDATE: i changed ajax to :$(this).parent().parent().load("/yyqGS/public/form/delete_comments.php",{index4:index4});
but still doesn't do any change to database.
UPDATE:
<?php
require_once "../../private/initialize.php";
session_start();
$id = $_SESSION['id'];
$thread_clicked = isset($_POST['index4'])?$_POST['index4']:'';
$thread_clicked = $thread_clicked +1;
$req_user = "SELECT * FROM log_in WHERE id='.$id.'";
$result_user = mysqli_query($db,$req_user);
$subject_user = mysqli_fetch_assoc($result_user);
$req = "DELETE FROM comments WHERE user='" .$subject_user['account']. "' AND c_id='" .$thread_clicked. "'";
$result = mysqli_query($db,$req);
if ( !$req ) {
printf("Error: %s\n", $mysqli_error($db));
}
else{
echo $result;
}
and i got 1 everytime i delete a comment, but database still doesn't change!
Magic just happened! I don't even know what have I done (I fixed quotation marks problem), but it just works know!
<?php
require_once "../../private/initialize.php";
session_start();
$id = $_SESSION['id'];
$thread_clicked = isset($_POST['index4'])?$_POST['index4']:'';
$thread_clicked = $thread_clicked +1;
$req_user = "SELECT * FROM log_in WHERE id='".$id."'";
$result_user = mysqli_query($db,$req_user);
$subject_user = mysqli_fetch_assoc($result_user);
$req = "DELETE FROM comments WHERE user='" .$subject_user['account']. "' AND c_id='" .$thread_clicked. "'";
$result = mysqli_query($db,$req);
if ( !$req ) {
printf("Error: %s\n", $mysqli_error($db));
}
else{
echo $req;
}
?>
<?php
require_once "../../private/initialize.php";
$id = $_SESSION['id'];
$thread_clicked = isset($_POST['index4'])?$_POST['index4']:'';
$req_user = "SELECT * FROM log_in WHERE id='$id'";
$result_user = mysqli_query($db,$req_user);
$subject_user = mysqli_fetch_assoc($result_user);
$req = $result = mysqli_query($db,$req);
$req = "DELETE FROM comments WHERE user='"$subject_user['account']"' AND c_id='"$thread_clicked"'";
$result = mysqli_query($db,$req);
Try this code for your php. If it works fine i will edit with explanation.
Your using the wrong quotes in your delete statement - your using back ticks which is used to identify fields, not surround values.
$req = "DELETE FROM comments WHERE user=`" .$subject_user['account']. "` AND c_id=`" .$thread_clicked. "`";
should be
$req = "DELETE FROM comments WHERE user='" .$subject_user['account']. "' AND c_id='" .$thread_clicked. "'";
with single quotes rather than backticks.
Edit: It's also useful to check the return values from queries...
if ( !$result ) {
printf("Error: %s\n", $mysqli_error($db));
}
Should let you know if there are any problems with the delete.
Related
I'm new to PHP and I am creating a program where in a user can add a profile and add a profile picture. However, if I am to update the profile of the user and also change the profile picture, I am getting an error saying:
Warning: mysqli_query(): Couldn't fetch mysqli in C:\xampp\htdocs\cms_aries\admin\includes\admin_navigation.php on line 27
Warning: mysqli_error(): Couldn't fetch mysqli in C:\xampp\htdocs\cms_aries\admin\includes\admin_navigation.php on line 30
Error loading profile picture
Here is the code of the profile.php:
<?php
include "includes/admin_header.php";
?>
<?php
if(isset($_SESSION['username'])){
$username = $_SESSION['username'];
$query = "SELECT * FROM users WHERE user_name = '{$username}' ";
$select_user_profile_query = mysqli_query($connection, $query);
while($row = mysqli_fetch_array($select_user_profile_query)){
$user_name = $row['user_name'];
$user_firstname = $row['user_firstname'];
$user_lastname = $row['user_lastname'];
$user_email = $row['user_email'];
$user_image = $row['user_image'];
$user_password = $row['user_password'];
}
}
?>
<?php
if(isset($_POST['edit_user'])){
$the_user_firstname = escape($_POST['user_firstname']);
$the_user_lastname = escape($_POST['user_lastname']);
$the_user_email = escape($_POST['user_email']);
//Profile Images
$the_user_temp_image = $_FILES['user_image']['name'];
$the_user_image = $_FILES['user_image']['name'];
$the_user_name = escape($_POST['user_name']);
$the_user_password = escape($_POST['user_password']);
move_uploaded_file($the_user_temp_image, "../images/$the_user_image");
$query = "UPDATE users SET ";
$query .= "user_firstname = '{$the_user_firstname}', ";
$query .= "user_lastname = '{$the_user_lastname}', ";
$query .= "user_email = '{$the_user_email}', ";
$query .= "user_image = '{$the_user_image}', ";
$query .= "user_password = '{$the_user_password}' ";
$query .= "WHERE user_name = '{$the_user_name}' ";
$update_user = mysqli_query($connection,$query);
confirm($update_user);
mysqli_close($connection);
}
?>
And here is the code of the admin_navigation.php where in I am getting the error message:
<?php
if (isset($_SESSION['username'])) {
$username = $_SESSION['username'];
$query = "SELECT user_image FROM users WHERE user_name = '{$username}'";
$select_profile_picture = mysqli_query($connection, $query);
if (!$select_profile_picture) {
die('Error loading profile picture'.mysqli_error($connection));
}
while ($row = mysqli_fetch_assoc($select_profile_picture)) {
$profile_picture = $row['user_image'];
}
}
?>
Careless me. I just need to change the $the_user_temp_image = $_FILES['user_image']['name'] to $the_user_temp_image = $_FILES['user_image]['tmp_name'] in order to fetched the temporary images. I also try to remove the mysqli_close($connection) in order to remove the error and fetched the values of the page because I realized that when I am closing the connection, PHP automatically vanishes the $connection variable and automatically closes the connection behind the scenes when it fits to do that.
Why MYSQLi does not update the DB record, but it does provide a successful message. Of course, with the following message: 0 records UPDATED successfully And no changes are made to the database.
my index php file code:
<?php
include 'connect.php';
$work = $_GET["work"];
if($work == "select"){
$query = "SELECT * FROM login ORDER BY City DESC";
$result = $connect->prepare($query);
$result ->execute();
$out = array();
while ($row = $result->fetch(PDO::FETCH_ASSOC)){
$record = array();
$record["InsID"] = $row["InsID"];
$record["Password"] = $row["Password"];
$record["Name"] = $row["Name"];
$record["City"] = $row["City"];
array_push($out,$record);
}
echo json_encode($out);
} elseif($work == "update"){
$name2 = $_REQUEST["Ali"];
$code2 = $_REQUEST["4779"];
$city2 = $_REQUEST["teh"];
$pass2 = $_REQUEST["123"];
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2'";
$result2 = $connect->prepare($query2);
$result2 ->execute();
}
?>
I really do not know where my coding is wrong. Please help.
I don't get why you are updating InsID and also using 'where InsID like'
Also there is additional ; in query
You may try
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID like '$code2'";
Important = sanitize input data first**
if I understand what you're trying to accomplish then :
you don't have to set InsID again
you need to use = and not LIKE in the WHERE condition
i.e. this is the row you need :
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2';";
also see Nico Haase's comment, it's super correct ! you must improve the code security, see : http://php.net/manual/en/security.database.sql-injection.php
Try this code
May be useful
$query2 = "UPDATE login SET Password='$pass2',Name='$name2',City='$city2' WHERE InsID = '$code2';
if(mysqli_affected_rows($connect)==1){
echo "updated successfully";
}
else{
echo "failed";
}
I want edit record in db table but it doesn't save in db table and nothing changed after i submit this form.
Here codes that i forgot to put.
<?php
require('db.php');
include("auth.php"); //include auth.php file on all secure pages
$id_doc=$_REQUEST['id_doc'];
$query = "SELECT * from doc where id_doc='".$id_doc."'";
$result = mysqli_query($connection, $query) or die ( mysqli_error());
$row = mysqli_fetch_assoc($result);
?>
This is my php codes
<?php
if(isset($_POST['new']) && $_POST['new']==1)
{
$id_doc=$_REQUEST['id_doc'];
$query = "SELECT * from doc where id_doc='".$id_doc."'";
$result = mysqli_query($connection, $query) or die ( mysqli_error());
$row = mysqli_fetch_assoc($result);
$title =$_REQUEST['title'];
$date = $_REQUEST['date'];
$from_to = $_REQUEST['from_to'];
$details = $_REQUEST['details'];
$d_location = $_REQUEST['d_location'];
$d_stat = $_REQUEST['d_stat'];
$update="update doc set title='".$title."', date='".$date."', from_to='".$from_to."', details='".$details."', d_location='".$d_location."', d_stat='".$d_stat."' where id_doc='".$id_doc."'";
mysqli_query($connection, $update) or die(mysql_error());
$status = "File Record Updated Successfully. </br></br><a href='v_doc.php'>View Updated Record</a>";
echo '<p style="color:#FF0000;">'.$status.'</p>';
}else {
// here some else code
}
?>
Not an answer. Too long for a comment.
The issue of parametrised queries aside, I find this easier to read:
UPDATE doc
SET title = '$title'
, date = '$date'
, from_to = '$from_to'
, details = '$details'
, d_location = '$d_location'
, d_stat = '$d_stat'
WHERE id_doc = '$id_doc'
And now see about parametrised queries
Try below:
<?php
if(isset($_POST['new']) && $_POST['new']==1)
{
$id_doc=$_REQUEST['id_doc'];
$query = "SELECT * from doc where id_doc='".$id_doc."'";
$result = mysqli_query($connection, $query) or die ( mysqli_error());
$row = mysqli_fetch_assoc($result);
$title =$_REQUEST['title'];
$date = $_REQUEST['date'];
$from_to = $_REQUEST['from_to'];
$details = $_REQUEST['details'];
$d_location = $_REQUEST['d_location'];
$d_stat = $_REQUEST['d_stat'];
$update="update doc set title='".$title."', date='".$date."', from_to='".$from_to."', details='".$details."', d_location='".$d_location."', d_stat='".$d_stat."' where id_doc='".$id_doc."'";
if(mysqli_query($connection, $update)) {
$status = "File Record Updated Successfully. </br></br><a href='v_doc.php'>View Updated Record</a>";
} else {
die(mysqli_error($connection));
}
echo '<p style="color:#FF0000;">'.$status.'</p>';
} else {
// here some else code
}
?>
This should show you exact error, once you get it. show it here, so we can check and do correction.
The idea of the task is to allow the user to add and withdraw "money" to and from their account. The problem is I can add money, but I can't withdraw it
$funds = $_POST['funds'];
$withdraw_or_add = $_POST['list'];
if($withdraw_or_add == "add")
{
$sql = "UPDATE users SET userFunds = '".$funds."' WHERE userId = 1";
}
else
{
$info = mysql_query("SELECT * FROM users WHERE userId = '1'");
$info = mysql_fetch_assoc($info);
$new_fund = $info['userFunds'] - $funds;
$sql = "UPDATE users SET userFunds = '".$new_fund."' WHERE userId = 1";
}
mysql_select_db('details_db');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
So for example, let's say $fund = 5 and $info['userFunds'] = 20 then the variable $new_fund should be 15. But instead it equals -5. If anyone can help it would be much appreciated.
Firstly page of top you put used db connection related code :
$conn = mysql_connect('localhost', 'user', 'pass');
mysql_select_db('details_db');
and then bellow and removed mysql_select_db('details_db'); line after mysql_
$funds = $_POST['funds'];
$withdraw_or_add = $_POST['list'];
if($withdraw_or_add == "add")
{
$sql = "UPDATE users SET userFunds = '".$funds."' WHERE userId = 1";
}
else
{
$info = mysql_query("SELECT * FROM users WHERE userId = '1'");
$info = mysql_fetch_assoc($info);
$new_fund = $info['userFunds'] - $funds;
$sql = "UPDATE users SET userFunds = '".$new_fund."' WHERE userId = 1";
}
//mysql_select_db('details_db');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
Note: Please stop using mysql_* functions. mysql_* extensions have been removed in PHP 7. Please used PDO and MySQLi.
I am trying to update MySQL Database via PHP. I am getting that the Update was successful, how ever MySQL is not being updated. I tried the query in MySQL and it is working but there but not via the PHP page. Why?
<?php
include("checksession.php");
$Id = $_POST['Id'];
$_SESSION['Id'] = $Id;
include("dbconnect.php");
$sql = "UPDATE part SET Available = 'Yes' WHERE Id = '$Id'";
$result = mysql_query($sql, $con);
if($result)
{
Header("Location: Item.php?eMsg=Made Available");
}
else
{
Header("Location: Item.php?eMsg=Unable to Make Available");
}
?>
Try this solution use native function mysql_affected_rows():
$Request = mysql_query($sql, $con);
$Result = mysql_affected_rows();
try this:
$sql = "UPDATE part SET Available = 'Yes' WHERE Id = '{$Id}'";