So i have a table with a row, click on 'bearbeiten', i get to a formula where i can fill in the changed name or whatever, and then everything changes instead of only the fields i wrote something in and the rest stays.
So if i would only change name and click on save, every other field in the table goes blank.
I tried it with WHERE already, and read that POST is a good method but i think i can change it with making a few changes in the $sql statement, just don't know what.
<?php
//if(isset($...)
if($_GET['aktion'] == "speichern")
{
$ID = $_GET['ID'];
$Anrede = $_GET['Anrede'];
$Nachname = $_GET['Nachname'];
$Vorname = $_GET['Vorname'];
$Geburtsdatum = $_GET['Geburtsdatum'];
$Telefonnummer = $_GET['Telefonnummer'];
$Email = $_GET['Email'];
$sql = "UPDATE Adressbuch SET Anrede = '$Anrede', Nachname = '$Nachname',Vorname = '$Vorname', Geburtsdatum = '$Geburtsdatum', Telefonnummer = '$Telefonnummer', Email = '$Email' ORDER BY ID DESC LIMIT 1";
echo 'Zurueck zum Adressbuch<br>';
require_once ('konfiguration.php');
$db_erg = mysqli_query($db_con, $sql)
or die("Anfrage fehlgeschlagen: " . mysqli_error($db_con));
exit;
}
How about:
Just update the column, if you variable is not blank, else update it with the same value as the record already has.
UPDATE Adressbuch
SET Anrede = CASE WHEN '$Anrede' != '' THEN '$Anrede' ELSE Anrede END
,Nachname = CASE WHEN '$Nachname' != '' THEN '$Nachname' ELSE Nachname END
,Vorname = CASE WHEN '$Vorname' != '' THEN '$Vorname' ELSE Vorname END
,Geburtsdatum = CASE WHEN '$Geburtsdatum' != '' THEN '$Geburtsdatum' ELSE Geburtsdatum END
,Telefonnummer = CASE WHEN '$Telefonnummer' != '' THEN '$Telefonnummer' ELSE Telefonnummer END
,Email = CASE WHEN '$Email' != '' THEN '$Email' ELSE Email END
ORDER BY ID DESC LIMIT 1
Use as and see if it works. Thanks.
<?php
require_once ('konfiguration.php');
//if(isset($...)
if($_GET['aktion'] == "speichern")
{
$ID = $_GET['ID'];
$Anrede = $_GET['Anrede'];
$Nachname = $_GET['Nachname'];
$Vorname = $_GET['Vorname'];
$Geburtsdatum = $_GET['Geburtsdatum'];
$Telefonnummer = $_GET['Telefonnummer'];
$Email = $_GET['Email'];
//use where in your query to update the particular row
//in below query id = your column in database table
$sql = "UPDATE Adressbuch SET Anrede = '$Anrede', Nachname = '$Nachname',Vorname = '$Vorname', Geburtsdatum = '$Geburtsdatum', Telefonnummer = '$Telefonnummer', Email = '$Email' WHERE id='$ID'";
$db_erg = mysqli_query($db_con, $sql) or die("Anfrage fehlgeschlagen: " . mysqli_error($db_con));
echo 'Zurueck zum Adressbuch<br>';
exit;
}
?>
Use POST method instead of GET.
Related
I'm trying to create a sign up form, it was working fine until I tried to add md5 to the password field set, I'm not sure why the Query failed. Any help would be much appreciated.
function sign_up(){
if(isset($_POST['register'])){
$c_email = escape_string($_POST['c_email']);
$c_name_first = escape_string($_POST['c_name_first']);
$c_name_last = escape_string($_POST['c_name_last']);
$c_pass = escape_string($_POST['c_pass']);
$c_image = escape_string($_FILES['c_image']['name']);
$c_image_tmp = escape_string($_FILES['c_image']['tmp_name']);
$c_address = escape_string($_POST['c_address']);
$c_address_details = escape_string($_POST['c_address_details']);
$c_city = escape_string($_POST['c_city']);
$c_state = escape_string($_POST['c_state']);
$c_zip = escape_string($_POST['c_zip']);
$c_contact = escape_string($_POST['c_phone']);
move_uploaded_file($c_image_tmp, "customer/customer_images/$c_image");
$query = query("SELECT customer_id FROM customers WHERE customer_email = '{$c_email}'");
confirm($query);
if(mysqli_num_rows($query) > 0){
set_message("This email or username is taken");
}else {
$insert_c = query("INSERT INTO customers (customer_firstname,customer_lastname,customer_address,c_addr_details,customer_email,customer_pass,customer_state,customer_city,customer_zip,customer_phone,customer_image) VALUES ('$c_name_first','$c_name_last','$c_address','$c_address_details','$c_email','$c_pass','$c_state','$c_city','$c_zip','$c_contact','$c_image')");
confirm($insert_c);
}
$query = "UPDATE user SET 'customer_pass' = '".md5(md5(last_id()).$c_pass)."' WHERE 'customer_id' = '".last_id()."'";
$send_update_query = query($query);
confirm($send_update_query);
set_message_success("Sign up successful!");
}
}
Try
$query = 'UPDATE user SET customer_pass = '.md5(md5(last_id()).$c_pass).' WHERE customer_id = '.last_id();
Check you string when you use " or '
code:
if(isset($_POST["add"]))
{
extract($_POST);
$facilities = $_POST['facilities'];
$chk="";
foreach($facilities as $chk1)
{
$chk .= $chk1.",";
}
$exam = $_POST['exam'];
$chks="";
foreach($exam as $chked)
{
$chks .= $chked.",";
}
$filename = $_FILES['college_image']['name'];
$path = "college_banner/";
$move=move_uploaded_file($_FILES['college_image']['tmp_name'],$path.$_FILES['college_image']['name']);
$filename2 = $_FILES['logo']['name'];
$path2 = "college_logo/";
$move=move_uploaded_file($_FILES['logo']['tmp_name'],$path2.$_FILES['logo']['name']);
echo "insert into all_colleges(college_name,establish,approve,affiliated,address,website,about_us,city,courses,logo,college_image,phone,field,tag,video1,video2,facilities,courses_fee,short_name,state,exams,form_fee,college_commission,client_commission,form_type)values('$name','$establish','$approve','$affiliated','$address','$website','$about_us','$city','$course','$filename2','$filename','$phone2','$field','$tag','$video1','$video2','$chk','$fee','$short','$state','$chks','$form_fee','$college_commission','$client_commission','$form_type')";
$result = mysqli_query($link,$sql2);
if($result == true)
{
$msg .= "<h5 style='color:green;'>Successfull</h5>";
}
else
{
$msg .= "<h5 style='color:red;'>Error</h5>";
}
}
In database I have an auto_increment id i.e. college_id but when I remove auto_increment over college_id then it show successfull message when click on add button instead of error. So, how can I fix this problem ?
Thank You
It doesn't matter with you college_id just make sure if it is AUTO_INCREMENT then it must be PRIMARY KEY.
And in SQL query you are not assigning query to your $sql2 variable so use
echo $sql2 = "insert into all_colleges ...";
//---^ assign query in $sql2
$result = mysqli_query($link,$sql2); // <-- you are passing $sql2
1 more thing you can use implode() without using loops for checked values in a single statement like,
$chk= = implode(',',$_POST['facilities']);
I want to change data from a database but I keep getting errors and I just cannot find the mistake I made..
Here's the code:
if(isset($_POST['id'])) {
if(is_numeric($_POST['id'])) {
$change = pg_query($db, "SELECT * FROM azubi3 WHERE id = ".$_POST['id']."");
echo $change;
if($auto == "") {
$auto = "false";
}
else { $auto = "true"; }
$change = pg_query($db, "UPDATE azubi3 SET vorname = '".$_POST['prename']."', nachname = '".$_POST['name']."', auto = ".$auto.", auto_id = ".$_POST['auto_id'].", schuh_id = ".$_POST['schuh_id']." WHERE id = ".$_POST['id']."");
}
else { echo "ID muss eine Zahl sein!"; }
}
And that's the error i get:
Warning: pg_query(): Query failed: ERROR: syntax error at or near "," LINE 1: ...achname = 'Mustermüller', auto = false, auto_id = , schuh_id... ^ in /srv/www/htdocs/azubi2/test3.php on line 82
First thing your sql is vulenrable to injection, you should correct it.
For the sake of your question :
false is a reserved keyword, please use string around it:
$change = pg_query($db, "UPDATE azubi3 SET vorname = '".$_POST['prename']."', nachname = '".$_POST['name']."', auto = '".$auto."', auto_id = ".$_POST['auto_id'].", schuh_id = ".$_POST['schuh_id']." WHERE id = ".$_POST['id']."");
I am having some problems with checking if the field is empty or not in SQL using PHP without using mysql_fetch_array().
I have this code:
date_default_timezone_set('Asia/Taipei');
$remarks = $_POST['remarks'];
$date_added = date ("Y-m-d");
$time_added = date ("h:i:s a");
$lname = $_SESSION['user']['last_name'];
$fname = $_SESSION['user']['first_name'];
$minitial = $_SESSION['user']['middle_initial'];
$con = mysqli_connect("localhost", "root", "", "thisdb");
if(empty(`TIME_IN_1`)) {
$query = "INSERT INTO time_logs (LAST_NAME, FIRST_NAME, MIDDLE_INITIAL, DATE, TIME_IN_1, TIME_IN_1_REMARKS) VALUES('$lname', ' $fname', '$minitial', '$date_added', '$time_added', '$remarks')";
}
else {
$query = "UPDATE time_logs SET TIME_IN_2 = '$time_added' where LAST_NAME = '$lname' AND DATE = '$date_added'";
}
$save = mysqli_query($con, $query);
header("Location: time_in_complete.php");
What I basically want to accomplish is if the TIME_IN_1 field is empty, the data will be added there. If it is not empty, then the data will be added to the TIME_IN_2.
Apprently, this line:
if(empty(`TIME_IN_1`))
doesn't seem to work.
$first_query = "SELECT TIME_IN_1 FROM time_logs WHERE LAST_NAME = '" . $lname . "' AND FIRST_NAME = '" . $fname . "'";
$data = mysqli_query($con, $first_query);
$num_row = mysqli_num_rows($data);
if($num_row == 0) {
$query = "INSERT INTO time_logs (LAST_NAME, FIRST_NAME, MIDDLE_INITIAL, DATE, TIME_IN_1, TIME_IN_1_REMARKS) VALUES('$lname', ' $fname', '$minitial', '$date_added', '$time_added', '$remarks')";
}
else {
$query = "UPDATE time_logs SET TIME_IN_2 = '$time_added' where LAST_NAME = '$lname' AND DATE = '$date_added'";
}
$save = mysqli_query($con, $query);
header("Location: time_in_complete.php");
Try a query like:
SELECT TIME_IN_1 from time_logs where LAST_NAME = '$lname' AND DATE = '$date_added'
Then:
// Default to true and set this false if we find a value
$bIsEmpty = true;
// Check if any rows match
if ($result->num_rows > 0){
// Yes a row matches, so check if we have a value
$row = $result->fetch_object();
if ($row->TIME_IN_1 != "")
$bIsEmpty = false;
}
if ($bIsEmpty === true){
// Do your insert
} else {
// Do your update
}
I am trying to write to my database if a variable is equal to 0. The problem is that it still writes to the database even when the variables equals 1. What is wrong??
echo $new_user;
if ($new_user == 0) {
//SENT NEW USER WELCOME MESSAGE
$adminid = '9';
$welcomemessagetitle = 'Welcome to The site';
$welcomemessagecontent = 'Hello and welcome';
$addmessages = "INSERT into `user_messages`(`to_user`,`from_user`,`title`,`content`)
VALUES ('$userid','$adminid','$welcomemessagetitle','$welcomemessagecontent');";
$query = mysql_query($addmessages) or die(mysql_error());
//SET USER AS NOT NEW USER
$newuservalue = '1';
$notnewuser = "UPDATE users SET new_user = $newuservalue WHERE id = $userid" ;
$query2 = mysql_query($notnewuser) or die(mysql_error());
} elseif ($new_user == 1) {};
UPDATE FULL CODE::
<?php
session_start();
include "../includes/db_connect.php";
///profile/index.php
if($_SESSION['id'])
{
$username = $_SESSION['username'];
$userid = $_SESSION['id'];
//WRITE FIRST TIME LOGIN INFORMATION TO DATABASE
$sql="SELECT new_user from `users` WHERE `id`= $userid ";
$res=mysql_query($sql) or die(mysql_error());
while($row=mysql_fetch_assoc($res)) $new_user = $row['new_user'] ;
echo $new_user;
if ($new_user == 0) {
//SENT NEW USER WELCOME MESSAGE
$adminid = '9';
$welcomemessagetitle = 'Welcome to Escorvee';
$welcomemessagecontent = 'Hello and welcome';
$addmessages = "INSERT into `user_messages`(`to_user`,`from_user`,`title`,`content`)
VALUES ('$userid','$adminid','$welcomemessagetitle','$welcomemessagecontent');";
$query = mysql_query($addmessages) or die(mysql_error());
//SET USER AS NOT NEW USER
$newuservalue = '1';
$notnewuser = "UPDATE users SET new_user = $newuservalue WHERE id = $userid" ;
$query2 = mysql_query($notnewuser) or die(mysql_error());
} elseif ($new_user == 1) {};
}
?>
It the variable $new_user is the value 1 then your code won't be executed so I would guess one of the following applies:
$new_user isn't 1.
The database is being modified from another location.
Your script is being called twice.
To work out which you will have to provide more information in your question.