I'm totally stuck on a problem. I'm practicing MySQL data inserts from php, but I am unable to get it working. I am totally new when it comes to php. With MySQL and HTML, I did a few courses on it, so you can say I'm a beginner. This is part three of the example, the first example you have to list all the animals in the table, that part I got working, then the second part is where I have to use a named parameters to extract specific animal types, and it also works fine. Now I'm stuck with the last one inserting data. I have a simple form with animal name and animal type as text boxes, when I click on submit the updated row must auto update in example one and show in the table, but when I click on submit, nothing happens, nothing is inserted into the database, but when I refresh the page or click submit again, then only do I see the updated data. And when fill in data in the two text fields after I clicked refresh or submit, blank data is inserted into the database.
<?php
$db = 'mysql:host=localhost;dbname=animals';
$username = 'root';
$password = '';
$animal_type = $_POST[animal_type];
$animal_name = $_POST[animal_name];
$query = "INSERT INTO animals
(animal_type, animal_name)
VALUES
('$animal_type', '$animal_name')";
$animal = $db->prepare($query);
$animal->bindValue(':animal_id', $animal_id);
$animal->execute();
$animals = $animal->fetchAll();
$animal->closeCursor();
?>
<form action="example3.php" method="post">
Animal Name: <input type="text" name="animal_name"><br>
Animal Type: <input type="text" name="animal_type"><br>
<input type="submit" />
</form>
Any help would be greatly appreciated.
JasonK
Update
So this is what it looks like when completed, but you see those blank entries is what happens when I fill in animal type and animal name and click submit - it just leaves the fields blank, I checked in the database, it does the insert when I click submit. I deduced that whenever I click submit or do a page refresh, it runs the whole code again that is where the blank entries comes from.
This is what my whole code look like.
<!DOCTYPE html>
<html>
<head>
</head>
<body>
/////////////////////////////////////////////////////////////////////////////////Example1/////////////////////////////////////////////////////////////////////////////////////////
<?php include 'menu.inc';
$db = 'mysql:host=localhost;dbname=animal';
$username = 'jason';
$password = '';
try {
$db = new PDO($db, $username, $password);
echo 'Connection successful';
echo '<br />';
}
catch(PDOException $e)
{
echo 'Connection failed' . $e->getMessage();
}
$query = 'SELECT animal_type, animal_name
FROM animals';
$animal = $db->query($query);
$animal->execute();
$animals = $animal->fetchAll();
$animal->closeCursor();
echo "<br>";
?>
<table border="1">
<tr>
<th>Animal Type</th>
<th>Animal Name</th>
</tr>
<?php foreach ($animals as $animal) { ?>
<tr>
<td><?php echo $animal['animal_type']; ?></td>
<td><?php echo $animal['animal_name']; ?></td>
</tr>
<?php } ?>
</table>
/////////////////////////////////////////////////////////////////////////////////Example2/////////////////////////////////////////////////////////////////////////////////////////
<?php
$animal_type = "leopard";
$query = 'SELECT *
FROM animals
WHERE animal_type = :animal_type';
$animal = $db->prepare($query);
$animal->bindValue(':animal_type', $animal_type);
$animal->execute();
$animals = $animal->fetchAll();
$animal->closeCursor();
?>
<p>
<table border="1">
<tr>
<th>Animal Type</th>
<th>Animal Name</th>
</tr>
<?php foreach ($animals as $animal) { ?>
<tr>
<td><?php echo $animal['animal_type']; ?></td>
<td><?php echo $animal['animal_name']; ?></td>
</tr>
<?php }?>
</table>
</p>
/////////////////////////////////////////////////////////////////////////////////Example3/////////////////////////////////////////////////////////////////////////////////////////
<?php
$db = 'mysql:host=localhost;dbname=animals';
$username = 'jason';
$password = '';
$animal_type = $_POST['animal_type'];
$animal_name = $_POST['animal_name'];
$db = new PDO('mysql:host=localhost;dbname=animals', $username, $password);
$query = "INSERT INTO animals
SET animal_type = :animal_type,
animal_name = :animal_name";
$animal = $db->prepare($query);
$animal->bindParam(':animal_type', $animal_type, PDO::PARAM_STR);
$animal->bindParam(':animal_name', $animal_name, PDO::PARAM_STR);
$animal->execute();
?>
<form action="example3.php" method="post">
Animal Name: <input type="text" name="animal_name"><br>
Animal Type: <input type="text" name="animal_type"><br>
<input type="submit" />
</form>
</body>
</html>
To get value from super_globals like ($_POST,$_REQUEST,$_GET) you have to pass index as string
change
$animal_type = $_POST[animal_type];
$animal_name = $_POST[animal_name];
to
$animal_type = $_POST["animal_type"];
$animal_name = $_POST["animal_name"];
And remove un-necessary binding value
$animal->bindValue(':animal_id', $animal_id); //remove this
Also hope you have created database connection and store it in $db
Your insert query is also vulnerable to SQL Injections. Use bind param to insert value
$query = "INSERT INTO animals
(animal_type, animal_name)
VALUES
(:animal_type, :animal_name)";
$animal = $db->prepare($query);
$animal->bindParam(':animal_type', $animal_type);
$animal->bindParam(':animal_name', $animal_name);
$animal->execute();
<?php
$db = 'mysql:host=localhost;dbname=animals';
$username = 'root';
$password = '';
$animal_type = $_POST['animal_type'];
$animal_name = $_POST['animal_name'];
$db = new PDO('mysql:host=localhost;dbname=animals', $username, "");
$query = "INSERT INTO animals
SET animal_type = :animal_type,
animal_name = :animal_name";
$animal = $db->prepare($query);
$animal->bindParam(':animal_type', $animal_type, PDO::PARAM_STR);
$animal->bindParam(':animal_name', $animal_name, PDO::PARAM_STR);
$animal->execute();
?>
<form action="example3.php" method="post">
Animal Name: <input type="text" name="animal_name"><br>
Animal Type: <input type="text" name="animal_type"><br>
<input type="submit" />
</form>
where do you create the database? the only thing i see is a string named $db I think you forgot to create a PDO object like this
$db = new PDO('mysql:host=localhost;dbname=animals', $username, "");
otherwise ist try's to a prepare statement to a string
and array indexes must be a string like this $_POST["animal_type"]
<?php
if(isset($_POST['submit'])){ //check wheter form submit or not
$db = 'mysql:host=localhost;dbname=animals';
$username = 'root';
$password = '';
$animal_type = $_POST['animal_type'];
$animal_name = $_POST['animal_name'];
$stmt = $db->prepare("INSERT INTO animals
(animal_type, animal_name) VALUES (?, ?)");
$stmt->bind_param("ss", $animal_type, $animal_name);
$stmt->execute();
}
?>
<form method="post">
Animal Name: <input type="text" name="animal_name"><br>
Animal Type: <input type="text" name="animal_type"><br>
<input type="submit" name="submit"/> // change this markup input
</form>
Refer this link for more php and mysql tutoral https://www.w3schools.com/PhP/php_mysql_prepared_statements.asp
Related
I'm trying to update this database, and I've verified within this script that the update is completed, and that the $nw and $p variables are correct.
<?php
session_start();
$num = (int) $_SESSION["cart"];
$cart = $num + 1;
$_SESSION["cart"] = (string) $cart;
$nme = $_POST['nameofitem'];
$pst = $_SESSION["user"];
$db = new mysqli('localhost', 'spj916', "cs4501", 'spj916');
$query = "select * from Items where Items.Id = '$nme'";
$result = $db->query($query) or die ($db->error);
$item = $result->fetch_array();
$nw = $item[5] - 1;
$p = (int) $pst;
echo $p;
$query3 = "update Items set Quantity = '$nw' where Id = '$p'";
$db->query($query3) or die ("Invalid insert " . $db->error);
$query2 = "insert into Bought (Name, Cost, BuyerID) values ('$item[1]', '$item[4]', '$pst')";
$db->query($query2) or die ("Invalid insert " . $db->error);
header("Location: store.php");
?>
However, when it redirects to this script, it echoes the information as if it weren't updated. What is the problem?
<?php
session_start();
$db = new mysqli('localhost', 'spj916', "cs4501", 'spj916');
$user = $_SESSION["user"];
$pw = $_SESSION["pw"];
# determines number of items in cart to display
if (!isset($_SESSION["category"]))
$_SESSION["category"] = "Book";
if (isset($_POST["Ccategory"])) {
$cat = $_POST["Ccategory"];
$_SESSION["category"] = $cat;
}
if (!isset($_SESSION["cart"]))
$_SESSION["cart"] = "0";
$cart = $_SESSION["cart"];
?>
<!DOCTYPE html>
<html>
<?php # setting up table with items to buy ?>
<table border = "1" border-spacing = "5px" >
<caption><h2> UVA Bookstore 2.0</h2>
<p align=right> Items in cart: <?php echo $cart?> </p> <br />
<b><i>Welcome to the new and improved bookstore with a better selection than ever</i></b>
<br/><br/>
</caption>
<tr align = "center">
<th>Item</th>
<th>Description</th>
<th>Price</th>
<th>Number left</th>
<th>Buy</th>
</tr>
<?php
$category = $_SESSION["category"];
$query = "select * from Items where Items.Category = '$category'";
$result = $db->query($query) or die ($db->error);
$rows = $result->num_rows;
for ($i = 0; $i < $rows; $i++)
{
$row = $result->fetch_array();
?>
<form action="addtocart.php"
method="POST">
<tr align = "center">
<td>
<?php
echo $row[1];
?>
</td>
<td> <?php echo $row[3];?> </td>
<td> <?php echo $row[4];?> </td>
<td> <?php echo $row[5];?> </td>
<?php # sets up add to cart button that adds item to cart ?>
<td> <input type = "hidden" name ='nameofitem'
value= "<?php echo $row[0]?>">
<input type='submit' value='Add to Cart'> </input> </td>
</tr>
</form>
<?php
}
# form to check out and go to summary page ?>
<form action = "store.php"
method = "POST">
<tr align = "center"> <td>
<select name = "Ccategory">
<option value = "Book">Books</option>
<option value = "Music">Music</option>
<option value = "Car">Cars</option>
</select>
<input type = "hidden" name = "cat"> </td>
<td> <input type = "submit" value = "Switch Category"> </td>
</form>
<form action="summary.php"
method="POST">
<td> <input type = "submit" value = "Check out"> </td> </tr>
</table><br/>
</form>
</html>
Have you tried changing
$query3 = "update Items set Quantity = '$nw' where Id = '$p'";
to
$query3 = "update Items set Quantity = '$nw' where Id = $p";
The best way to determine if an UPDATE should work is to replace it with a SELECT containing the same WHERE clause. This way you can see what rows would be changed if you were to run the original query.
Otherwise, it seems to be the case that your changes in the current transaction are never committed. Is this the only script that has an issue with updates to the database? Please see the PHP manual for more information:
//mysqli::commit -- mysqli_commit — Commits the current transaction
bool mysqli::commit ([ int $flags [, string $name ]] )
A commit should be issued when you are done doing all updates that have dependencies (or for those that are atomic), however, you don't always have to commit depending on the configuration of your server. Also, it looks like your script has SQL injection vulnerabilities as other have mentioned. It would probably be best to use prepared statements or sanitize your inputs.
I have a form that i would like to be processed and sent to my sqlite database. I was trying to store the data in an array which is then sent to the database but i think i need to use an SQL INSERT INTO statement after my submit, i am just unsure on how to implement this properly and if my code is correct so far. I have two different pages:
index.php:
<div id="wrapper">
<div class="banner1">
<h2>Stock Input</h2>
</div>
<form id="form" method="post">
Name:<br>
<input type="text" name="name[0]"/> <br>
Gender:<br>
<input type="text" name="gender[0]"/> <br>
Age:<br>
<input type="number" name="age[0]" min="1" max="99"/> <br>
<input id="submit" type="submit">
</form>
</div>
<div id="results">
<div class="banner2">
<h2>Results</h2>
</div>
<div class="data">
<?php
include 'conn.php';
unset($_POST['submit']);
$data=$_POST;
foreach ($result as $row) {
echo $row['name'] . " ";
echo $row['gender'] . " " ;
echo $row['age'] . "<br>" . " ";
}
?>
</div>
</div>
conn.php
I used an include in my index.php as it was getting messy, not sure if this is proper use but it did the job fine i think. Anyway here is my page that creates or connects to a sqlite database using PDO and prepares and inserts some test data into my array.
<?php
try {
$dbh = new PDO('sqlite:mydb.sqlite3');
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$dbh->exec("CREATE TABLE IF NOT EXISTS test (
name VARCHAR(30),
gender VARCHAR(30),
age INTEGER)"
);
$data = array(
array('name' => 'Daniel', 'gender' => 'Male', 'age' => '21')
);
$insert = "INSERT INTO test (name, gender, age)
VALUES (:name, :gender, :age)";
$stmt = $dbh->prepare($insert);
$stmt->bindParam('name', $name);
$stmt->bindParam('gender', $gender);
$stmt->bindParam('age', $age);
foreach ($data as $m) {
$name = $m['name'];
$gender = $m['gender'];
$age = $m['age'];
$stmt->execute();
}
$result = $dbh->query('SELECT * FROM test');
$dbh = null;
}
catch(PDOException $e) {
echo $e->getMessage();
}
?>
I need the user input data to be submitted from the form to the array and sqlite. Think i'm missing some insert statements, could someone help me and guide me where i'm going wrong.
You have to move the bindParam calls inside the foreach.
foreach ($data as $m) {
$name = $m['name'];
$gender = $m['gender'];
$age = $m['age'];
$stmt->bindParam('name', $name);
$stmt->bindParam('gender', $gender);
$stmt->bindParam('age', $age);
$stmt->execute();
}
bindParam binds the value of the variable and you have to use it when you when you want to change the value.
<?php
$user_name = "root";
$password = "";
$database = "my_db";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
if(isset ($_POST['name']))
{
$name = $_POST['name'];
if(mysql_query("INSERT INTO persons VALUES(' ' , '$name') "))
echo "Successful Insertion!";
else
echo "Please try again!";
}
$result = mysql_query("SELECT * FROM persons");
?>
<html>
<head>
<style type = "text/css">
li { list-style-type: none; display: inline; padding: 10px; text-align: center;}
</style>
</head>
<body>
<form action = " . " method = "POST">
Name: <input type = "text" name = "name"><br>
<input type = "submit" value = "Enter">
</form>
<form name = "delete_form" method = "POST" action = "delete.php" >
<input type = "submit" name = "deleteRecord" value = "Delete Record" />
</form>
<h1>List of Names</h1>
<table border = "1" width = "100%" cellpadding = "5" cellspacing = "2">
<tr>
<td><strong></strong></td>
<td><strong>ID</strong></td>
<td><strong>Company</strong></td>
<td><strong>Edit</strong></td>
<td><strong>Delete</strong></td>
</tr>
<?php while ($row = mysql_fetch_array($result)) { ?>
<tr>
<td><input type="radio" Name="id" value="<?php echo $row['id']; ?>" ></td>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['name']; ?></td>
<td><?php echo "<a href = 'edit.php?id=$row[id]'>edit</a>" ?></td>
<td><?php echo "<a href = 'delete.php?id=$row[id]'>delete</a>" ?></td>
</tr>
<?php } ?>
<form name = "edit_form" method = "POST" action = " edit.php?edit= "<?php echo $row['id'] ?> >
<input type = "submit" name = "editRecord" value = "Edit Record" />
</form>
</table>
<?php
while($row = mysql_fetch_array($result))
echo "<li>$row[id]</li> . <li>$row[name]</li> <li> <a href = 'edit.php?edit=$row[id]'>edit</a> </li> <li> <a href = 'delete.php?del=$row[id]'>delete</a></li> <br>";
?>
</body>
</html>
edit.php
<?php
$user_name = "root";
$password = "";
$database = "my_db";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database, $db_handle);
$row = " ";
if (isset($_POST['id']))
{
// if there is an id sent through POST and it isn't null/empty, use that
$id = $_POST['id'];
$SQL = "SELECT * FROM persons WHERE id = '$id' ";
$result = mysql_query($SQL);
$row = mysql_fetch_array($result);
}
else
{
// otherwise use id sent through GET links
$id = $_GET['id'];
$SQL = "SELECT * FROM persons WHERE id = '$id' ";
$result = mysql_query($SQL);
$row = mysql_fetch_array($result);
}
if(isset($_POST['newName']))
{
$id = $_POST['id'];
$newName = $_POST['newName'];
$SQL = "UPDATE persons SET name = '$newName' WHERE id = '$id' ";
$result = mysql_query($SQL) or die("Could not update database" . mysql_error());
echo "<meta http-equiv = 'refresh' content = '0 ; url = index.php'>";
}
?>
<form action = " edit.php" method = "POST">
ID: <input type = "text" name = "id" value = "<?php echo $row[0] ?>"<br><br>
Name: <input type = "text" name = "newName" value = "<?php echo $row[1] ?>"<br><br>
<input type = "submit" value = "Update">
</form>
Hello,
The code above shows how to edit and delete records in a database. Originally, the edit and delete options were in the form of links to a php script which performed the required action. The ID number of the selected row gets passed to the edit or delete php file which then does the action that the user selects (refer to the comments in the code above) I am now trying to modify this code so that I can use a radio button to select a record and then edit or delete the record using radio buttons. I know this sounds trivial but I am having some difficulty with it. Any assistance would be greatly appreciated. Thank you.
Hello Tom. I have made the changes that you suggested but I it still giving the same problem. I have included the edit.php file in case you want to have a look.
The value of your radio buttons needs to contain the ID of the record to be edited.
<td><INPUT TYPE="Radio" Name="radio" value="<?php echo $row['id']; ?>"></td>
Then when you submit the form, you will know the record you are editing has id of value $_POST['radio'].
Though you are already using GET method to pass IDs (through your edit and delete links). I would recommend having consistency, and passing all IDs with parameter id. So
Use this
<td><?php echo "<a href = 'edit.php?id=$row[id]'>edit</a>"; ?></td>
<td><?php echo "<a href = 'delete.php?id=$row[id]'>delete</a>"; ?></td>
And this
<td><input type="radio" name="id" value="<?php echo $row[id]; ?>"></td>
Then in edit.php and delete.php, check to see if an ID was passed through POST (if someone submitted the form) or through GET (they clicked a link), then use whichever has a value.
<?php
if (!empty($_POST['id']))
{
// if there is an id sent through POST and it isn't null/empty, use that
$id = $_POST['id'];
}
else
{
// otherwise use id sent through GET
$id = $_GET['id'];
}
I should also mention that mysql_fetch_array is deprecated and you should be using PDO or MySQLi. Read more here: http://www.php.net/mysql_fetch_array
The below code will only work with one checkbox and ignores the rest. Is there any way that I can have it to delete selected checkboxes? I have tried using implode but it gives me
Warning: implode(): Invalid arguments passed
<form action="" method="post">
<input type="checkbox" name="id" class="check" value = "<?php echo $row['id']; ?>">
<?php echo $row['to_user'];?>
<input type="submit" name="delete">
</form>
<?php
if (isset($_POST['delete'])) {
$id = $_POST['id'];
$ids = implode( ',', $id );
$mydb = new mysqli('localhost', 'root', '', 'database');
$stmt = $mydb->prepare("update messages set deleted = 'yes' where from_user = ? and id = ? ");
$stmt->bind_param('ss', $user, $ids);
$stmt->execute();
echo "Message succesfully deleted";
exit();}
?>
Give the checkbox an array-style name:
<input type="checkbox" name="id[]" class="check" value = "<?php echo $row['id']; ?>">
This will cause $_POST['id'] to be an array of all the checked values. Then delete them in a loop:
$mydb = new mysqli('localhost', 'root', '', 'database');
$stmt = $mydb->prepare("update messages set deleted = 'yes' where from_user = ? and id = ?");
$stmt->bind_param('ss', $user, $id);
foreach ($_POST['id'] as $id) {
$stmt->execute();
}
You can't use a comma-separated list of IDs with =. You can use it with id in (...), but you can't do parameter substitution with this because the number of elements isn't known. So the loop is th best way to do it.
I am having an issue where I need to be able to delete multiple records using checkboxes.
Here is the code that I currently have.
<?php
$host = "localhost";
$user = "root";
$pass = "";
$dbName = "ticket_history";
$table_name = "ticket_history";
################ Connect to the Database and SELECT DATA ####################################
$conn = mysql_connect($host, $user, $pass) or die ("Unable to connect");
mysql_select_db($dbName);
$query = "SELECT Date,Ticket_Number,Description,Result FROM $table_name";
$result = mysql_query($query);
$count=mysql_num_rows($result);
#############################################################################################
?>
<HTML>
<HEAD>
<TITLE></TITLE>
</HEAD>
<BODY>
<table width=50%>
<form method="post" action="insert_ticket.php">
<table width border='0'>
<tr><td> Date:<input type="text" name="date"/></td>
<td>Ticket #:<input type="text" name="ticket"/></td></tr>
<table>
<tr><td>Description:<TEXTAREA COLS=50 name="description"></TEXTAREA></td></tr>
<tr><td> Result :<TEXTAREA COLS=50 name="result"></TEXTAREA></td></tr>
<tr><td><input type="submit" name="submit" value="Add"/></td></tr>
</table>
</table>
</form>
<form method="post" action="delete_ticket.php">
<input type="submit" name="delete" value="Delete"/>
</form>
</table>
<?php
print "<table width=80% border=1>\n";
$cols = 0;
while ($get_info = mysql_fetch_assoc($result)){
$id = $get_info->id;
if($cols == 0)
{
$cols = 1;
print "<tr>";
print "<th>Select</th>";
foreach($get_info as $col => $value)
{
print "<th>$col</th>";
}
print "<tr>\n";
}
print "<tr>\n";
print "<td><input type='checkbox' name='selected[]' id='checkbox[]' value=$id></td>";
foreach ($get_info as $field)
print "\t<td align='center'><font face=arial size=1/>$field</font></td>\n";
print "</tr>\n";
}
print "</table>\n";
mysql_close();
?>
<!------------------------------------------------------------!>
</BODY>
</HTML>
Delete.php
<?php
$host = "localhost";
$user = "root";
$pass = "";
$dbName = "ticket_history";
$table_name = "ticket_history";
################ Connect to the Database and SELECT DATA ####################################
$conn = mysql_connect($host, $user, $pass) or die ("Unable to connect");
mysql_select_db($dbName);
$query = "SELECT Date,Ticket_Number,Description,Result FROM $table_name";
$result = mysql_query($query);
$count=mysql_num_rows($result);
#####################################
if($_POST['delete']) {
$checkbox = $_POST['selected'];
$countCheck = count($_POST['selected']);
for($i=0;$i<$countCheck;$i++) {
$del_id = $checkbox[$i];
$sql = "DELETE FROM ticket_history WHERE Auto = $del_id";
$result = mysql_query($sql);
}
}
?>
I just want to be able to delete rows checked. How would I go about doing this effectively and efficiently?
Thank you in advance.
The simple answer to your question would be to use:
$sql = sprintf('DELETE FROM ticket_history WHERE Auto IN ()',
implode(',', $checkbox));
However as people will jump in and tell you, you are vulnerable to SQL injection. You should never trust user input. You are deleting using an ID, which I'm assuming must be an integer.
Using something like this will validate that:
$ids = array();
foreach($_POST['selected'] as $selected) {
if (ctype_digit($selected)) {
$ids[] = $selected;
}
else {
// If one is invalid, I would assume nothing can be trusted
// Depends how you want to handle the error.
die('Invalid input');
}
}
$sql = sprintf('DELETE FROM ticket_history WHERE Auto IN (%s)',
implode(',', $ids));
Other issues:
You seem to be using id's, but have not selected that field in your initial query.
$query = "SELECT Date,Ticket_Number,Description,Result FROM $table_name";
Then you reference:
$id = $get_info->id;
Check the HTML output is actually what you expect.
In your delete query, you are referencing the field Auto. Is that your ID field?
And lastly, there no checking if the user has permission to do so. If this is a public site anyone can delete from that table.
Example of using two submit buttons within one form:
<?php
if (isset($_POST['create'])) {
echo "Create!";
}
elseif (isset($_POST['delete'])) {
echo "Delete!";
}
?>
<html>
<form method="post">
<input type="submit" name="create" value="Create"/>
<input type="submit" name="delete" value="Delete"/>
</form>
</html>