I'm trying to use PDO to update a row in my postgres database.
The form is not sending the variables to the handler file.
I'm not sure where the problem lies, I've been battling with this for a few days.
Form
//$maxContent is set and available
//$context_number is set and available
echo"<form method='post' action='updateSpatialPhoto_handler.php'>";
$query3 = $conn->prepare("SELECT * FROM excavation.contexts_spatial_photographs
WHERE contexts_spatial.area_easting = {$_SESSION['area_easting']}
AND contexts_spatial.area_northing = {$_SESSION['area_northing']}
AND contexts_spatial.context_number = {$_SESSION['context_number']}");
//contexts_spatial_photographs
$query3->execute();
while($r = $query3->fetch(PDO::FETCH_OBJ))
{
// for each needed
echo"<input type='hidden' name='photograph_date' value='".$r->photograph_date."'>";
echo"<input type='hidden' name='photograph_number' value='".$r->photograph_number."'>";
echo"<input type='hidden' name='primary_shot' value='".$r->primary_shot."'>";
echo"<input type='hidden' name='maxContext' value='", $maxContext,"'>";
};
echo"<input type='submit' value='Update Spatial Photo'>";
echo "</form>";
handler
<?php
session_start();
//
include 'connect/connect.php';
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (!isset($_SESSION['photograph_date'])) {$_SESSION['photograph_date'] = $_POST['photograph_date'];}
if (!isset($_SESSION['photograph_number'])) {$_SESSION['photograph_number'] = $_POST['photograph_number'];}
if (!isset($_SESSION['primary_shot'])) {$_SESSION['primary_shot'] = $_POST['primary_shot'];}
if (!isset($_SESSION['maxContext'])) {$_SESSION['maxContext'] = $_POST['maxContext'];}
if (isset($_SESSION['photograph_date'])) {$_SESSION['photograph_date'] = $_POST['photograph_date'];}
if (isset($_SESSION['photograph_number'])) {$_SESSION['photograph_number'] = $_POST['photograph_number'];}
if (isset($_SESSION['primary_shot'])) {$_SESSION['primary_shot'] = $_POST['primary_shot'];}
if (isset($_SESSION['maxContext'])) {$_SESSION['maxContext'] = $_POST['maxContext'];}
//echo "Photograph Date: "; echo $_SESSION['photograph_date']; echo "<br />";
//echo "Photograph Number: "; echo $_SESSION['photograph_number']; echo "<br />";
//echo "Primary Shot: "; echo $_SESSION['primary_shot']; echo "<br />";
try {
$sql3 = "UPDATE excavation.contexts_spatial_photographs SET
context_number = :context_number
WHERE contexts_spatial_photographs.area_easting = $area_easting
AND contexts_spatial_photographs.area_northing = $area_northing
AND contexts_spatial_photographs.context_number = $context_number";
$stmt2 = $conn->prepare($sql3);
// prepare sql and bind parameters
$stmt2->bindParam(':context_number', $maxContext, PDO::PARAM_INT);
$stmt2->execute();
echo "Record updated successfully in contexts spatial photographs<br />";
}
catch(PDOException $e)
{
echo "Error: " . $e->getMessage();
}
?>
At the top of the handler, your using lines like...
if (isset($_SESSION['maxContext'])) {$_SESSION['maxContext'] = $_POST['maxContext'];}
These are setting the values in the session variables, which is fine.
But in your SQL -
AND contexts_spatial_photographs.context_number = $maxContext";
$maxContext doesn't seem to be set anywhere. This may be the same as the session variables, so you need
$maxContext = $_SESSION['maxContext'];
or
AND contexts_spatial_photographs.context_number = $_SESSION['maxContext']";
Although it would be even better if you use bindParam with them, the same way you use it with :context_number.
Related
This code is supposed to update my table, but it just refreshes the page. The query works, i tested it. its the submit button but i dont know why>
if(isset($_POST['nameupdate']))
{
echo('<hr>');
echo('Vul nieuwe waarde in');
$did = $jnm;
echo "<form method='post' data-ajax='false' action=''>";
echo "<input type='text' name='nmbox' value='".$did."'>";
echo "<input type='submit' name='nmupdate' value='Update'>";
echo "</form>";
if(isset($_POST['nmupdate']))
{
$opm = $_POST['nmbox'];
$query = "UPDATE users SET name = '$opm' WHERE username = '$jus'";
$stm = $con->prepare($query);
$stm->execute();
header("location:decdprofileedit.php");
}
}
You have to put nested if statement outside the first if statement
How do I delete one single row with the code that I have. It allows me to delete all rows instead of one single row with an ID not sure what im doing wrong not sure if its the loop I have or what.
<?php
include_once('dbconnect.php');
echo "<form action='delete.php' method='post' id = 'deleteForm'>";
$sqlARTICLEQuery = "SELECT * FROM articles where pageId=$paqueryRow[pageId] order by articleId";
$articlequeryResult = mysqli_query($conn,$sqlARTICLEQuery);
while ($articlequeryRow = mysqli_fetch_assoc($articlequeryResult))
{ echo "<input type = 'radio' name = '$articlequeryRow[articleId]' method = 'post'>".$articlequeryRow['articleId']." ".$articlequeryRow['articleTitle']." ";
echo "<input name='ARTSubmit' type='submit' value='delete record' /><br/>";
if (isset($_POST['ARTSubmit'])){
$artDeleteQuery = "DELETE FROM articles where pageId = $paqueryRow[pageId] AND articleId=$articlequeryRow[articleId].";
if(mysqli_query($conn, $artDeleteQuery)){
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . mysqli_error ($conn);
}
}
$sqlTEXTQuery = "SELECT * FROM text where articleId=$articlequeryRow[articleId] order by textId";
$textqueryResult = mysqli_query($conn,$sqlTEXTQuery);
while ($textqueryRow = mysqli_fetch_assoc($textqueryResult))
{
echo "<input type = 'radio' name = '$textqueryRow[textId]' method = 'post'>".$textqueryRow['textId']." ".$textqueryRow['textTitle']." "; //how can I print articles.pageId to match with pages.pageId
echo "<input name='TEXTSubmit' type='submit' value='delete record' /><br/>";
if (isset($_POST['TEXTSubmit'])){
$textDeleteQuery = "DELETE FROM text where articleId = $articlequeryRow[articleId] AND textId = $textqueryRow[textId].";
if(mysqli_query($conn, $textDeleteQuery)){
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . mysqli_error ($conn);
}
}echo "<br />"
}echo "<br />"
}echo "</form>"
$conn->close();
?>
You forgot a end quote on line 2 from the echo. and i removed the dot behind you query on line 20 your delete line. hope it helps.
include_once('dbconnect.php');
echo "<form action='delete.php' method='post' id = 'deleteForm'>";
$sqlARTICLEQuery = "SELECT * FROM articles where pageId=$paqueryRow[pageId] order by articleId";
$articlequeryResult = mysqli_query($conn,$sqlARTICLEQuery);
while ($articlequeryRow = mysqli_fetch_assoc($articlequeryResult))
{ echo "<input type = 'radio' name = '$articlequeryRow[articleId]' method = 'post'>".$articlequeryRow['articleId']." ".$articlequeryRow['articleTitle']." ";
echo "<input name='ARTSubmit' type='submit' value='delete record' /><br/>";
if (isset($_POST['ARTSubmit'])){
$artDeleteQuery = "DELETE FROM articles where pageId = $paqueryRow[pageId] AND articleId=$articlequeryRow[articleId].";
if(mysqli_query($conn, $artDeleteQuery)){
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . mysqli_error ($conn);
}
}
$sqlTEXTQuery = "SELECT * FROM text where articleId=$articlequeryRow[articleId] order by textId";
$textqueryResult = mysqli_query($conn,$sqlTEXTQuery);
while ($textqueryRow = mysqli_fetch_assoc($textqueryResult))
{
echo "<input type = 'radio' name = '$textqueryRow[textId]' method = 'post'>".$textqueryRow['textId']." ".$textqueryRow['textTitle']." "; //how can I print articles.pageId to match with pages.pageId
echo "<input name='TEXTSubmit' type='submit' value='delete record' /><br/>";
if (isset($_POST['TEXTSubmit'])){
$textDeleteQuery = "DELETE FROM text where articleId = $articlequeryRow[articleId] AND textId = $textqueryRow[textId].";
if(mysqli_query($conn, $textDeleteQuery)){
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . mysqli_error ($conn);
}
}echo "<br />"
}echo "<br />"
}echo "</form>"
$conn->close();
?>
I have cleaned my code a little to have the following as my form. But I'm having trouble sending the data and Updating from the new update.php. The form works ok retrieving the data and displaying it. But on submission I get the ok update message but the record isn't changed in the database any ideas.
index.php
<?php
include 'connectdb.php';
// include 'query.php';
$sql = "SELECT id, WeightorMeasure FROM weightsmeasures";
$result = $conn->query($sql)
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<form action=\"update.php\"method=\"post\">";
echo "<input type=\"text\" name=\"id\" value = ".$row["id"].">";
echo "<input type=\"text\" name=\"WeightorMeasure\" value = ".$row["WeightorMeasure"] .">";
echo "<input type=\"submit\" value=\" Submit \" name=\"Update\">";
}
echo "</form>";
} else {
echo "0 results";
}
$conn->close();
?>
update.php
<?php
include 'connectdb.php';
$wm = $_POST['id'];
$id = $_POST['WeightorMeasure'];
$sql = "UPDATE weightsmeasures SET WeightorMeasure='$wm' WHERE id='$id'";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
$conn->close();
?>
Have changed to Below and now get this error.
Error updating record: Unknown column 'sdada' in 'field list'. So it looks like its trying to use the form value $wm as a column header in the table rather than the input value.
$wm = $_POST['WeightorMeasure'];
$id = $_POST['id'];
$sql = "UPDATE weightsmeasures SET WeightorMeasure=$wm WHERE id=$id";
$wm = $_POST['id'];
$id = $_POST['WeightorMeasure'];
Maybe you have these the wrong way round? :D
$wm = $_POST['WeightorMeasure'];
$id = $_POST['id'];
By the way your query is vuln to MySQL injection, please consider using prepared statements
You realize that you switched your ID and WeightOrMeasure in the variable assignments from your $_POST data?
This results in an update query that can't find the ID but does not run into a problem. Thus telling you that the operation was successful
I figure out following possible problem in your code.
mysqli_query($conn, $sql); //should be $conn->query($sql);
and this line
$wm = $_POST['id']; //$_POST['WeightorMeasure'];
$id = $_POST['WeightorMeasure'];//$_POST['id'];
the order is wrong. I hope you already have $conn object created in dpconnect.php file.
Ok found the problem was a mixture of the above having $_POST["WeightorMeasure"]; and $_POST["id"]; mixed up but the most important factor was that the table I was posting from contained Multiple Rows and on _POST to update.php it didn't know what to do with all the different rows as the SQL was only dealing with one row. Once I sent single rows through the post it worked fine. Now to learn and add prepared statements as suggested.
update.php
<?php
include 'connectdb.php';
$wm = $_POST["WeightorMeasure"];
$id = $_POST["id"];
echo $wm . "<br>";
echo $id . "<br";
$sql = "UPDATE weightsmeasures SET WeightorMeasure=\"$wm\", id=
$idWHERE id= $id";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
$conn->close();
?>
Manual single entry.
index.php
<?php
include 'connectdb.php';
// include 'query.php';
$sql = "SELECT id, WeightorMeasure FROM weightsmeasures WHERE id=11";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<form action=\"update.php\"method=\"post\">";
echo "<input type=\"text\" name=\"id\" value = ".$row["id"].">";
echo "<input type=\"text\" name=\"WeightorMeasure\" value = ".$row["WeightorMeasure"].">";
echo "<input type=\"submit\" value=\" Submit \" name=\"Update\">";
}
echo "</form>";
} else {
echo "0 results";
}
$conn->close();
?>
I'm trying to submit a form that contains a schedule for each user ID. So far it looks like this:
$sql = "SELECT * FROM dbtable";
$result = $conn->query($sql);
$name_info = "SELECT udidId, name FROM udid";
$name_result = $conn->query($name_info);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
$udidId = $row["udidId"];
echo "<label for='hours' class='schedule'><strong>I want <span>".$row["name"]."</span>";
echo "<input type='text' name='udidId' class='hidden' value='".$row["udidId"]."' />";
echo " to be <br />allowed out between <input type='text' name='outAllowedStartHour' placeholder='8' value='" . $row["outAllowedStartHour"] . "'> - <input type='text' name='outAllowedEndHour' placeholder='8' value='" . $row["outAllowedEndHour"] . "'><br />allowed in between <div class='padd_left'></div><input type='text' name='inAllowedStartHour' placeholder='8' value='" . $row["inAllowedStartHour"] . "'> - <input type='text' name='inAllowedEndHour' placeholder='8' value='" . $row["inAllowedEndHour"] . "'></strong></label>";
}
}
if(isset($_POST["update_schedule"])) {
foreach($_POST as $key => $value) {
echo "POST parameter '$key' has '$value' <br />";
while($row = $result->fetch_assoc()) {
foreach($value as $x => $x_value) {
echo "Key=" . $x . ", Value=" . $x_value;
echo "<br>";
$update_pets = "UPDATE v_spottData SET $x_value = $x_value WHERE udidId = $x";
$conn->execute($update_pets);
}
}
}
However is only updating inputs from the last ID in the database, and is not updating the input values at all. Any suggestions?
Execute doesn't execute a query, it executes a prepared statement. You need to use prepare to prepare the query.
Prepared statements should use placeholders. The quoting/escaping will be handled by the driver.
Note columns can't be bound/placeheld.
Your current query is trying to update a column with the same value, that can't be right. Change $updating_column below to whatever column you are trying to update.
$columns = array('outAllowedStartHour', 'outAllowedEndHour', 'inAllowedStartHour', 'inAllowedEndHour'); // whitelist columns
if(in_array($updating_column, $columns)) {
$update_pets = "UPDATE v_spottData SET `$updating_column` = ? WHERE udidId = ?";
$stmt = $con->prepare($update_pets);
$stmt->bind_param("ii", $x_value, $x);
$stmt->execute();
} else {
echo 'Using a Not Allowed Column';
}
You can read more about prepared statements here, http://php.net/manual/en/mysqli.quickstart.prepared-statements.php.
I feel really silly, but for anyone else dealing with the issue, my solution was simple.
Try putting the PHP to handle the form submission at the top of your document, instead of at the bottom. Everything worked fine once I moved it up!
Thank you for all of your help everyone, especially #chris85!
Is it possible to execute an UPDATE in a mysql_fetch_array() loop? Like this:
$query = "SELECT * FROM inbox";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result) or die(mysql_error())){
echo "<div>";
echo "<form method='POST'>";
echo "<h1>".$row['link']."</h1>";
echo "<h3>".$row['tittle']."</h3> na";
echo "<input type='text' name='tittle'>";
echo "<h3>".$row['content']."</h3>";
echo "<textarea name='content'></textarea>";
echo "<input type='submit' name='".$row['link']."' value='Change'>";
echo "</form>";
echo "</div>";
$tit = $_POST['tittle'];
$ten = $_POST['content'];
$link = $row['link'];
if (isset($_POST[$link])) { mysql_query("UPDATE inbox SET tittle='$tit' content='$ten' WHERE link='$link'");}
}
It have to do update in mysql_fetch_array(), because I wanna to change content of that things.
You have an error in your syntax as the values should be , delimited:
if (isset($_POST[$link])) {
mysql_query("
UPDATE inbox SET tittle='$tit',
content='$ten'
WHERE link='$link'
");}
Note:
You should take a look at the mysqli class to handle your future queries. It's just as simple as your current method, but more secure and not deprecated.