I am struggling with deleting data in my database with my drop-down menu.
My drop-down menu looks like this
<form method="post" action="admin.php">
<h3>Delete a user</h3>
<select name="username">
$sql = mysqli_query($connection, "SELECT username FROM users");
while ($row = $sql->fetch_assoc()){
?>
<option value="username" name="username">
<?php echo $row['username']; ?></option>
<?php } ?>
<input type="submit" name="delete" value="Delete User">
</form>
And this is displaying the users all good like i want it, so here is the php for it
<?php
include('connect.php');
if(isset($_POST['delete'])) {
$username = $_POST['username'];
mysqli_query("DELETE FROM `users` WHERE `username` = '$username' ");
echo "User was deleted!";
}
?>
So when i hit the submit button "Delete User", it looks like i get sent to admin.php and nothing happens.
How can i fix this?
Thanks.
Replace name="username" from <option></option>
Echo value in value of option.
Connection variable missing in admin.php page
Updated Code
<select name="username">
<?php
$sql = mysqli_query($connection, "SELECT username FROM users");
while ($row = $sql->fetch_assoc()){?>
<option value="<?php echo $row['username']; ?>"><?php echo $row['username']; ?></option>
<?php }?>
</select>
admin.php
$stmt = $connection->prepare("DELETE FROM `users` WHERE `username` = ?");
$stmt->bind_param('s', $username);
$stmt->execute();
1.<option value="username" name="username"> Need to be <option value="<?php echo $row['username']; ?>">
2.Connection variable is missing . Need to be:-
mysqli_query($connection,"DELETE FROM `users` WHERE `username` = '$username' ");
Modified code need to be:-
Form code:-
<?php
//comment these two lines when code started working fine
error_reporting(E_ALL);
ini_set('display_errors',1);
include('connect.php');
?>
<form method="post" action="admin.php">
<h3>Delete a user</h3>
<select name="username">
<?php
$sql = mysqli_query($connection, "SELECT username FROM users");
while ($row = mysqli_fetch_assoc($sql)){?>
<option value="<?php echo $row['username']; ?>"><?php echo $row['username']; ?></option>
<?php }?>
</select>
<input type="submit" name="delete" value="Delete User">
</form>
Php code:-
<?php
//comment these two lines when code started working fine
error_reporting(E_ALL);
ini_set('display_errors',1);
include('connect.php');
if(isset($_POST['delete'])) {
$username = $_POST['username'];
if(mysqli_query($connection,"DELETE FROM `users` WHERE `username` = '$username' ")){
echo "User was deleted!";
}
}
?>
Note:- Always do some error-reporting so that you will get error and rectify that.
Your query is vulnerable to SQL INJECTION so read about prepared statements and use them.
Change
<option value="username" name="username">
<?php echo $row['username']; ?></option>
To
<option value="<?php echo $row['username'] ?>" name="username">
<?php echo $row['username']; ?></option>
You are not putting the value in select option that's why nothing happens
Just replace
<option value="username" name="username">
<?php echo $row['username']; ?></option>
<?php } ?>
with
<option value="<?php echo $row['username']; ?>">
<?php echo $row['username']; ?></option>
<?php } ?>
It will work for you.
Related
In my code, sql query deletes the record in table with same name. For example, I have 2 records with same name mani & mani. This code deletes 2 records.
form Code:
<form method="post" action="admin.php">
<h3>Delete a user</h3>
<select name="username">
<?php
$sql = mysqli_query($connection, "SELECT username FROM users");
while ($row = $sql->fetch_assoc()){?>
<option value="<?php echo $row['username']; ?>"><?php echo
$row['username']; ?></option>
<?php }?>
</select>
<input type="submit" name="delete" value="Delete User">
</form>
Sql
<?php
include('connect.php');
if(isset($_POST['delete'])) {
$username = $_POST['username'];
mysqli_query($connection, "DELETE FROM `users` WHERE `username` = '$username' ");
echo "User was deleted!";
}
?>
You need to select unique value such as ID in this case
Try this one:
<form method="post" action="admin.php">
<h3>Delete a user</h3>
<select name="username">
<?php
$sql = mysqli_query($connection, "SELECT username FROM users");
while ($row = $sql->fetch_assoc()){?>
<option value="<?php echo $row['user_id']; ?>"><?php echo
$row['username']; ?></option>
<?php }?>
</select>
<input type="submit" name="delete" value="Delete User">
</form>
SQL
<?php
include('connect.php');
if(isset($_POST['delete'])) {
$user_id = $_POST['user_id'];
mysqli_query($connection, "DELETE FROM `users` WHERE user_id = '$user_id' ");
echo "User was deleted!";
}
?>
Yes, your code will delete rows with matching names because you have Query :
DELETE FROM `users` WHERE `username` = '$username'
To delete specific row you need to use some unique value to refer the row, like primary key!
Say for example :
If a user has EmployeeId, CustomerId or StudentRollNo; you could use these options in where clause. These tips are very basic things in Query.
There are 02 tables called item and customer.
item(item_id, item_name)
customer(cus_id, iid, cus_name)
I just tried to store item_id from item to the iid in the customer.
but it always showing null values.
My database is item_sales.
Here is my PHP code
<html>
<title></title>
<head></head>
<body>
<?php
$hostname = "localhost";
$database = "item_sales";
$username = "root";
$password = "";
$con = mysql_pconnect($hostname, $username, $password);
error_reporting(0);
?>
<form action="index.php" method="post" enctype="multipart/form-data">
<p>Customer Name : <input type="text" name="cus_name" /><br/><br/> </p>
<p>Select an Item:
<select name="iid">
<?php
$sql = mysql_query("SELECT * FROM item");
mysql_select_db($database,$con);
while($sqlv = mysql_fetch_array($sql))
{ ?>
<option id="<?php echo $sqlv['item_id']; ?>"><?php echo $sqlv['item_name']; ?></option>
<?php } ?>
</select>
</p>
<?php
if(isset($_POST['submit']))
{
$sql2 = "SELECT * FROM item WHERE iid='%item_id%'";
mysql_select_db($database,$con);
$mydata = mysql_query($sql2);
$cus_name = $_POST['cus_name'];
$sql3 = "INSERT INTO customer (cus_id, iid, cus_name) VALUES ('', '$_POST[iid]', '$cus_name')";
mysql_query($sql3);
}
?>
<input type="submit" name="submit" value="Add Sale" />
</form>
</body>
</html>
The reason it is not working is that you are attempting to save the iid select into the iid field, and I'm guessing the iid field in customer is a numeric type field, like INT - using the POST variable like this, you are going to be saving the text of the SELECT rather than the val.
What you need to do to fix this particular problem is set a "value" on each of the select options. You've set an ID but thats no real help here.
<select name="iid">
<?php
$sql = mysql_query("SELECT * FROM item");
mysql_select_db($database,$con);
while($sqlv = mysql_fetch_array($sql))
{ ?>
<option value="<?php echo $sqlv['item_id']; ?>"><?php echo $sqlv['item_name']; ?></option>
<?php } ?>
</select>
This is besides the point your code is very dangerous. I would recommend you do not use the original mysql functions as, 1) they don't offer any real protection from malicious users, and 2) they will be removed from PHP support very soon.
See this SO article on how to replace the mysql functionality from your PHP code : How can I prevent SQL injection in PHP?
That article also might help you understand the dangers your code offers.
The correct code is following :
<html>
<title></title>
<head></head>
<body>
<?php
$hostname = "localhost";
$database = "item_sales";
$username = "root";
$password = "";
$con = mysql_pconnect($hostname, $username, $password);
error_reporting(0);
?>
<form action="index.php" method="post" enctype="multipart/form-data">
<p>Customer Name : <input type="text" name="cus_name" /><br/><br/> </p>
<p>Select an Item:
<select name="iid">
<?php
$sql = mysql_query("SELECT * FROM item");
mysql_select_db($database,$con);
while($sqlv = mysql_fetch_array($sql))
{ ?>
<option value="<?php echo $sqlv['item_id']; ?>"><?php echo $sqlv['item_name']; ?></option>
<?php } ?>
</select>
</p>
<?php
if(isset($_POST['submit']))
{
$sql2 = "SELECT * FROM item";
mysql_select_db($database,$con);
$mydata = mysql_query($sql2);
$cus_name = $_POST['cus_name'];
$iid = $_GET['item_id'];
$sql3 = "INSERT INTO customer (cus_id, iid, cus_name) VALUES ('', '$_POST[iid]', '$cus_name')";
mysql_query($sql3);
}
?>
<input type="submit" name="submit" value="Add Sale" />
</form>
</body>
</html>
I'm trying to create a form that allows a user to select a field from a drop down box and then change what is currently written in the field.
My current code allows me to view the drop down list select the field I want to change and then enter my new text into a box. But when I click update, nothing happens.
<?php
mysql_connect("", "", "") or die(mysql_error());
mysql_select_db("") or die(mysql_error());
$query = "SELECT * FROM news_updates";
$result=mysql_query($query) or die("Query Failed : ".mysql_error());
$i=0;
while($rows=mysql_fetch_array($result))
{
$roll[$i]=$rows['Text'];
$i++;
}
$total_elmt=count($roll);
?>
---------------------------------------------------------Now I have the form
<form method="POST" action="">
Select the news post to Update: <select name="sel">
<option>Select</option>
<?php
for($j=0;$j<$total_elmt;$j++)
{
?><option><?php
echo $roll[$j];
?></option><?php
}
?>
</select><br />
Text Field: <input name="username" type="text" /><br />
<input name="submit" type="submit" value="Update"/><br />
<input name="reset" type="reset" value="Reset"/>
</form>
-----------------------------------------------Now I have the update php
<?php
if(isset($_POST['submit']))
{
$username=$_POST['username'];
$query2 = "UPDATE news_updates SET username='$username' WHERE rollno='$value'";
$result2=mysql_query($query2) or die("Query Failed : ".mysql_error());
echo "Successfully Updated";
}
?>
Well, you seem to be missing the $value part. Something like this should do, for the last part:
<?php
if(isset($_POST['submit']))
{
$username = mysql_real_escape_string($_POST['username']);
$value = mysql_real_escape_string($_POST['sel']);
$query2 = "UPDATE news_updates SET username='$username' WHERE rollno='$value'";
echo $query2; //For test, to see what is generated, and sent to database
$result2=mysql_query($query2) or die("Query Failed : ".mysql_error());
echo "Successfully Updated";
}
?>
Also, you should not use mysql_* functions as they are deprecated. You should switch to mysqli or PDO.
First, try adding a value to your options, like so:
for($j=0;$j<$total_elmt;$j++)
{
?>
<option value="<?php echo $roll['id']; ?>"><?php echo $roll['option_name']; ?></option>
<?php
}
Then, when you parse your file, go like so:
$value = $_POST['sel']; // add any desired security here
That should do it for you
You need to change this
<?php
for($j=0;$j<$total_elmt;$j++)
{
?><option><?php
echo $roll[$j];
?></option><?php
}
to this
<?php
for($j=0;$j<$total_elmt;$j++)
{
?><option value="<?php echo $roll[$j];?>"> <?php echo $roll[$j];?></option> <?php
}
And you also need to change the update query from this
$query2 = "UPDATE news_updates SET username='$username' WHERE rollno='$value'";
to this
$query2 = "UPDATE news_updates SET username='$username' WHERE rollno='".$_POST['sel']."'";
N. B.: Here I am assuming that $_POST['sel'] has the value selected by the user from the drop down menu because I could not find anything which corresponds to $value
As a school assignment I need to make a cms, in that I need to be able to make post edit them and delete them. so for i can edit and delete them, but for some reason I cant get it to insert the post(and also the categories, same almost the same) I hope you guys can help me.
Here is the code:
The form
<form action="includes/doAddpost.php" method="post">
<label for="PostName">Name</label>
<input type="text" name="PostName" id="PostName" placeholder="Title" autofocus="auto"/>
<label for="PostAuthor">Author</label>
<input type="text" name="PostAuthor" id="PostAuthor" placeholder="Authors name"
value="<?php if (isset($_SESSION['username'])) {
echo $_SESSION['username'];
}
?>"/>
<label for="PostContent">Content</label>
<textarea name="PostContent" id="PostContent" placeholder="content"></textarea>
<label for="PostCats">category</label>
<select name="PostCats">
<?php
$query = "SELECT * FROM categories";
$result = mysqli_query($mysqli, $query);
while ($cat = mysqli_fetch_assoc($result)) {
?>
<option value="<?php echo $cat['id']; ?>"><<?php echo $cat['title']; ?></option>
<?php } ?>
and this part doesnt seem to work either
</select>
<input type="submit" name="submit" value="submit"/>
</form>
Here is the doAddpost page:
<?php
include '../../includes/functions.php';
sec_session_start();
if(isset($_POST['submit'])){
if(isset($_POST['PostName'])){
if(isset($_POST['PostContent'])){
addPost($mysqli,$_POST['PostName'],$_POST['PostAuthor'], $_POST['PostContent'],$_POST['PostCats']);
header("Location: ../posts.php");
}else{
echo"please enter some content!";
}
} else{
echo"please set a category name!";
include('../addpost.php');
}
}else{
header("Location: ../addpost.php");
}
?>
and the function:
function addPost($mysqli, $pName, $pAuthor, $pContent, $pCat = 1)
{
$query = "INSERT INTO posts VALUES ('$pName', '$pAuthor', '$pContent', $pCat)";
mysqli_query($mysqli, $query);
}
Can anyone tell me what is the issue I am facing ?
Just edit your function as ,
function addPost($mysqli, $pName, $pAuthor, $pContent, $pCat = 1)
{
$query = "INSERT INTO posts (`your_column1`, `your_column_2`, `your_column_3`, `your_column_4`) VALUES ('$pName', '$pAuthor', '$pContent', $pCat)";
mysqli_query($mysqli, $query) or die(mysqli_error());
}
and then try...
Also in you select list change it as,
<option value="<?php echo $cat['id']; ?>"><?php echo $cat['title']; ?></option>
You placed an extra < there in your code..check that...:)
Now its time to step by step debugging:-
1) change your select category mysqli_query as below for debugging purpose
mysqli_query( $mysqli , $query ) or trigger_error($mysqli->error."($query)");
2) for you insert query mention column name in which you want to insert record . as you mentioned in comment you dont want id null so you should make you id column as AUTOINCREMENT
e.g
INSERT INTO posts (`column1`,`column2`,`column3`,`column4`) VALUES ('$pName', '$pAuthor', '$pContent', $pCat);
I've got an admin area where the admins can set the level of repair and it shows on a progress bar in the users area. I have it all working apart from updating the mySQL database to the value submitted.
My database has a table called 'users' and fields 'UserID', 'Username', 'Password', 'progress', 'admin'.
Here is the code I'm using to try and make the magic happen:
<?php
$query="SELECT * FROM users";
$result=mysql_query($query);
$num=mysql_numrows($result);
?>
<form id="chooseuseredit" method="post" action="<?php echo $PHP_SELF;?>">
<select name="ChooseUser">
<?php
$i=0;
while ($i < $num) {
$f1=mysql_result($result,$i,"UserID");
$f2=mysql_result($result,$i,"Username");
$f3=mysql_result($result,$i,"progress");
$f4=mysql_result($result,$i,"admin");
?>
<option value="<?php echo $f1; ?>"><?php echo $f2; ?></option>
<?php
$i++;
}
?>
</select>
<input type="submit" name="chooseSubmit" id="chooseSubmit" value="Choose User" />
</form>
<?php
if(isset($_POST['chooseSubmit']) )
{
$varID = $_POST['ChooseUser'];
$errorMessage = "Jesus Christ Benton, Choose a User!!";
?>
<br>
<p><strong>Editing UserID: <?php echo "$varID"; ?></strong></p>
<p>Progress:<br>
<form name="edituserform" method="post" action="<?php echo $PHP_SELF;?>">
<select name="editinguser">
<option value="0">Phone Not Recieved</option>
<option value="20">Phone Recieved</option>
<option value="40">Parts Recieved</option>
<option value="60">Repair Started</option>
<option value="80">Repair Finished</option>
<option value="100">Posted Back</option>
</select>
<input type="hidden" name="edituserid" id="edituserid" value="<?php echo "$varID"; ?>" />
<input type="submit" name="edituser" id="edituser" value="Edit" />
</form>
<?php
if(isset($_POST['edituser'])){
$add = $_POST['edituser'];
$varIDe = $_POST['edituserid'];
$errorMessage = "Jesus Christ Benton, Choose a User!!";
$query1 = mysql_query("UPDATE users SET progress = $add WHERE UserID = $varIDe");
mysql_query($query1) or die("Cannot update");
echo $add;
echo $varIDe;
}
?>
<?php
}
?>
I'm not sure if the variables are working or not, or if it's the way I've used the submit button before? Its got me a little stumped.
You're query should be
$query1 = mysql_query("UPDATE users SET progress = '$add' WHERE UserID = $varIDe");
Don't forget the quotes
and it would be best to change your
mysql_query($query1) or die("Cannot update");
to mysql_query($query1) or die("MySQL ERROR: ".mysql_error());
to get it to display errors
edit
Found a few errors
mysql_numrows should be mysql_num_rows
and major error
$query1 = mysql_query("UPDATE users SET progress = $add WHERE UserID = $varIDe");
is running a query, change it to
$query1 = "UPDATE users SET progress = '".$add."' WHERE UserID = '".$varIDe."'";
I think your getting the wrong variable
if(isset($_POST['edituser'])){
$add = $_POST['edituser']; // this is a button
should be :
if(isset($_POST['editinguser'])){
$add = $_POST['editinguser']; // this is a select list
But please read the following about SQL Injection
When something's going wrong, with respect to query, you better debugging, adding one: or die ( mysql_error ( ) ) ; and then the error message is displayed.
$query1 = mysql_query("UPDATE `users` SET `progress` = '".$add."' WHERE UserID = '".$varIDe."'");
if(mysql_query($query1))
{
//DO SOME ACTION
}
else
{
die(mysql_error());
}