So I am trying to update data into my database by using a form and populating it.
The problem is that it is coming up with this error:
Query error: Unknown column 'customer_id' in 'where clause'
And I am not sure why. Nothing in my database is called customer id
This is my code for the form
<form method="post" action="code/update_cust.php">
<h2 id="input_form_heading">Client Update Form:</h2>
<h3>Enter your details into the form and when you are ready click the submit button </h3>
<?php
// Read the values passed in the URL and store in the variable C_num
$C_num = $_GET['id'];
$query = "SELECT * FROM client WHERE C_num='$C_num'"; // run a select query to return the existing data for the record
$results = mysqli_query($conn, $query );
if(!$results) { // capture any errors
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and store the results for later use if no errors
while ($row = mysqli_fetch_array($results)) {
$C_num =$row['C_num'];
$C_Firstname = $row['C_Firstname'];
$C_Lastname = $row['C_Lastname'];
$Unitnum = $row['Unitnum'];
$Housenum = $row['Housenum'];
$C_Street = $row['C_Street'];
$C_Suburb = $row['C_Suburb'];
$C_City = $row['C_City'];
$C_Postcode = $row['C_Postcode'];
$C_State = $row['C_State'];
$C_Phone = $row['C_Phone'];
$C_Email = $row['C_Email'];
}
?>
<p>Client Number:</p><input type="text" name="cnum" value="<?=$C_num?>"><br>
<p>First Name:</p><input type="text" name="cfirstname" value="<?=$C_Firstname?>" required><br>
<p>Last Name:</p><input type="text" name="clastname" value="<?=$C_Lastname?>" required><br>
<p>Unit Number: </p><input type="text" name="unitnumber" value="<?=$Unitnum?>" ><br>
<p>House Number: </p><input type="text" name="housenumber" value="<?=$Housenum?>" ><br>
<p>Street:</p><input type="text" name="street" value="<?=$C_Street?>" required><br>
<p>Suburb:</p><input type="text" name="suburb" value="<?=$C_Suburb?>" required><br>
<p>City:</p><input type="text" name="city" value="<?=$C_City?>" required><br>
<p>Post Code:</p><input type="text" name="postcode" value="<?=$C_Postcode?>" required><br>
<p>State:</p> <select class="form-control" type="text" name="state" value="<?=$C_State?>" ><br> <!-- "form control" and "required" changes the input fields color (see css)-->
<option value="">Please choose a state</option>
<option value="ACT">ACT</option>
<option value="NSW">NSW</option>
<option value="NT">NT</option>
<option value="QLD">QLD</option>
<option value="SA">SA</option>
<option value="TAS">TAS</option>
<option value="VIC">VIC</option>
<option value="WA">WA</option>
</select><br>
<p>Phone:</p><input type="tel" name="phone" value="<?=$C_Phone?>" ><br>
<p>Email:</p><input type="email" name="email" value="<?=$C_Email?>" required><br>
<br><br>
<input type="submit" name="submit" value= "Update">
<input type ="reset" name="reset" value ="Reset">
<?php
// Redirect the browser window back to the select query page if there are no errors
header("location: display_cust.php");
}
?>
</form>
And this is the code to action the form
<?php
// MySQL Database Connect
require_once("connection.php");
// Read the values passed in the URL and store in the variable C_num
$C_num = $_GET['id'];
// read the values from the form and store in variables
$C_num = $_POST['cnum'];
$C_Firstname = $_POST['cfirstname'];
$C_Lastname = $_POST['clastname'];
$Unitnum = $_POST['unitnumber'];
$Housenum = $_POST['housenumber'];
$C_Street = $_POST['street'];
$C_Suburb = $_POST['suburb'];
$C_City = $_POST['city'];
$C_Postcode = $_POST['postcode'];
$C_State = $_POST['state'];
$C_Phone = $_POST['phone'];
$C_Email = $_POST['email'];
// escape variables for security
$C_num = mysqli_real_escape_string($conn, $C_num);
$C_Firstname = mysqli_real_escape_string($conn, $C_Firstname);
$C_Lastname = mysqli_real_escape_string($conn, $C_Lastname);
$Unitnum = mysqli_real_escape_string($conn, $Unitnum);
$Housenum = mysqli_real_escape_string($conn, $Housenum );
$C_Street = mysqli_real_escape_string($conn, $C_Street);
$C_Suburb = mysqli_real_escape_string($conn, $C_Suburb);
$C_City = mysqli_real_escape_string($conn, $C_City);
$C_Postcode = mysqli_real_escape_string($conn, $C_Postcode);
$C_State = mysqli_real_escape_string($conn, $C_State);
$C_Phone = mysqli_real_escape_string($conn, $C_Phone);
$C_Email = mysqli_real_escape_string($conn, $C_Email);
// update the record from the database corresponding to the primary key value passed in the variable id
$query = "UPDATE FROM client WHERE C_num='$C_num'";
$results = mysqli_query($conn, $query );
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
exit;
}
else {
header("location: ../update_cust1.php");
}
?>
Any ideas? I am a little confused
Related
This is for an assignment, so the code is based on how the learning resources are presented. I have a plant database that I have to make changes to, and then update plantID no.2. I have created the form which is then populated with plantID 2 info, but when I click the Update button after making changes, it wipes all the info for that entry in the database. I'm not sure where I have gone wrong. Any help would be awesome.
<?php
// MySQL Database Connect
require_once("connect.php");
// read the values from the form and store in variables
$botanicName = $_POST['bot_name'];
$commonName = $_POST['comm_name'];
$plantDescription = $_POST['pl_desc'];
$commonUse = $_POST['comm_use'];
$maxHeight = $_POST['m_height'];
$maxWidth = $_POST['m_width'];
$popular = $_POST['pop'];
// escape variables for security
$botanicName = mysqli_real_escape_string($conn, $bot_name);
$commonName = mysqli_real_escape_string($conn, $comm_name);
$plantDescription = mysqli_real_escape_string($conn, $pl_desc);
$commonUse = mysqli_real_escape_string($conn, $comm_use);
$maxHeight = mysqli_real_escape_string($conn, $m_height);
$maxWidth = mysqli_real_escape_string($conn, $m_width);
$popular = mysqli_real_escape_string($conn, $pop);
// create the UPDATE query
$query="UPDATE plant SET botanicName='$botanicName', commonName='$commonName', plantDescription='$plantDescription', commonUse='$commonUse', maxHeight='$maxHeight', maxWidth='$maxWidth', popular='$popular' WHERE plantID='2'";
//execute the query
$results = mysqli_query($conn, $query );
// check for errors
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
exit;
}
else {
// Redirect the browser window back to the make_changes page if there are no errors
header("location: ../make_changes.html");
}
?>
<h2>Edit a Plant</h2>
<?php
// run a select query to return the existing data for the record
$query = "SELECT * FROM plant WHERE plantID='2'";
$results = mysqli_query($conn, $query );
// capture any errors
if(!$results) {
echo ("Query error: " . mysqli_error($conn));
}
else {
// fetch and store the results for later use if no errors
while ($row = mysqli_fetch_array($results)) {
$bot_name = $row['botanicName'];
$comm_name = $row['commonName'];
$pl_desc = $row['plantDescription'];
$comm_use = $row['commonUse'];
$m_height = $row['maxHeight'];
$m_width = $row['maxWidth'];
$pop = $row['popular'];
}
}
?>
<form method="post" action="code/update_plant.php">
<p>Botanic Name: <input type="text" name="botanicName" value="<?=$bot_name?>" required></p>
<p>Common Name: <input type="text" name="commonName" value="<?=$comm_name?>"required></p>
<p>Plant Description: <input type="text" name="plantDescription" value="<?=$pl_desc?>" required></p>
<p>Common Use: <input type="text" name="commonUse" value="<?=$m_height?>" required></p>
<p>Max. Height (m): <input type="text" name="maxHeight" value="<?=$m_height?>" required></p>
<p>Max. Width (m): <input type="text" name="maxWidth" value="<?=$m_width?>" required></p>
<p>Popular? (Y/N): <input type="text" name="popular" value="<?=$pop?>"required></p>
<input type="submit" name="submit" value= "Update">
</form>
The parameters sent to $_POST have the name key in your input so your $_POST['bot_name'] for example is empty, the correct way to get that name is $_POST['botanicName'].
This will be your post parameters:
$botanicName = $_POST['botanicName'];
$commonName = $_POST['commonName'];
$plantDescription = $_POST['plantDescription'];
$commonUse = $_POST['commonUse'];
$maxHeight = $_POST['maxHeight'];
$maxWidth = $_POST['maxWidth'];
$popular = $_POST['popular'];
The names you use in the form have to exactly match the indexes you use in $_POST. You are using variables that are not defined.
// read the values from the form and store in variables
$botanicName = $_POST['botanicName'];
$commonName = $_POST['commonName'];
$plantDescription = $_POST['plantDescription'];
$commonUse = $_POST['commonUse'];
$maxHeight = $_POST['maxHeight'];
$maxWidth = $_POST['maxWidth'];
$popular = $_POST['popular'];
Fix the mysqli escape function calls:
// variable $bot_name does not exist therefore it results in a null value
$botanicName = mysqli_real_escape_string($conn, $bot_name); // bad
// Fixed
$botanicName = mysqli_real_escape_string($conn, $botanicName); // good
Make the form input names the same as $_POST
<form method="post" action="code/update_plant.php">
<p>Botanic Name: <input type="text" name="botanicName" value="<?=$botanicName?>" required></p>
<p>Common Name: <input type="text" name="commonName" value="<?=$botanicName?>"required></p>
<p>Plant Description: <input type="text" name="plantDescription" value="<?=$plantDescription?>" required></p>
<p>Common Use: <input type="text" name="commonUse" value="<?=$maxHeight?>" required></p>
<p>Max. Height (m): <input type="text" name="maxHeight" value="<?=$m_height?>" required></p>
<p>Max. Width (m): <input type="text" name="maxWidth" value="<?=$maxWidth?>" required></p>
<p>Popular? (Y/N): <input type="text" name="popular" value="<?=$popular?>"required></p>
<input type="submit" name="submit" value= "Update">
</form>
I needed to change the indexes in the $_POST (I was using undefined variables) and change them also in the mysqli escape functions.
Ok i have updated my Code, not getting any Errors but nothing is being updated on the mysql side nor on the PHP Front end.
I have even tried a Hard Coded Statment.
This section is at the Very top of my Php Viewer page..
<?php
/
/ IF RESQUEST IS EQUAL TO SUBMUIT
if (isset($_REQUEST['submit']))
{
$my_date = date("Y-m-d H:i:s");
$order = uniqid();
$FullName= $_REQUEST['fullname'];
//Take in full Name and Split it into first and last name.
list($fname, $lname ) = explode( ' ', $customerName, 2 );
$address = $_REQUEST['address'];
$emailAddress = $_REQUEST['emailAddress'];
$phoneNo = $_REQUEST['phoneNo'];
Below is my Sticky Forum which is getting the Information from the Database and putting it into the Text Fields
// STICKY FORM TO ALLOW USER TO UPDATE INFORMATION
if (isset($_REQUEST['up']))
{
$query_sticky = mysqli_query($connection,'SELECT * FROM orders WHERE id = "' . $_GET['id'] . '"');
if(! $query_sticky )
{
die('Could not get data: ' . mysqli_error($connection)); // Could not find Order_id show Error
}//end die error
else
(isset($_REQUEST['update']));
{
while($row = mysqli_fetch_array($query_sticky, MYSQLI_ASSOC))
{
$row['id'];
echo '<form action="" method="post">'
Name:';
echo'<input name="customerName" id="cname" type="text" required value="'.$row['firstname']. " " .$row['lastname']. '" />';
echo' <br/>
<br/>
Address:
<textarea name="address" id = "caddress" type="text" rows="5" cols="30" required value="'.$row['address'].'" ></textarea>
<br/>
<br/>
Email Address:
<input name="emailAddress" type="email" required value="'.$row['email']. '" />
<br/>
<br/>
<br/>
Phone Number:
<input name="phoneNo" id="phoneNumber" type="text" required value="'.$row['phone']. '" />
<br/>
<br/>
<button type="submit" name="update" value="update" >update</button
<div id="Submit">
</form>
<form action="order.php" method="delete">
</form>';
}//close if
}
} // Close While
here is my Update Section
if (isset($_REQUEST['update']))
{
$updateDB = "UPDATE orders SET student ='$_POST[student]',
firstname='John', lastname='wallace',
email = '$_POST[emailAddress]', address = '$_POST[address]',
phone = '$_POST[phoneNo]'
WHERE
order_id ='$_GET[order_id]'";
mysqli_query($connection, $updateDB);
}//end update..
}//end PHP
?>
You were mixing up single and double quotes in your UPDATE query string. Try this instead:
$updateDB = "UPDATE test
SET email = '".#$_POST[$emailAddress]."',
address = '".#$_POST[$address]."',
phone = '".#$_POST[$phoneNo]."'
WHERE id = '".$_GET['id']."'";
My site has a simplistic login that when you go to an adminSLP page it redirects to the admin login page if the user isnt logged in. Problem is that when you are logged in to the page and try say inserting a record with the form i posted below it redirects you back to the login page. I cant see where I am going wrong.
ADMIN SLP
session_start();
// Call this function so your page
// can access session variables
if ($_SESSION['adminloggedin'] != 1) {
// If the 'loggedin' session variable
// is not equal to 1, then you must
// not let the user see the page.
// So, we'll redirect them to the
// login page (login.php).
header("Location: adminLogin.php");
exit;
}
ADMIN LOGIN
session_start();
if ($_GET['login']) {
// Only load the
code below if the GET
// variable 'login' is set. You will
// set this when you submit the form
if ($_POST['adminusername'] == '******'
&& $_POST['adminpassword'] == '*******') {
// Load code below if both username
// and password submitted are correct
$_SESSION['adminloggedin'] = 1;
// Set session variable
header("Location: adminSLP.php");
exit;
// Redirect to a protected page
} else echo '<style>#falseLogin{display: block!important;}</style>';
// Otherwise, echo the error message
}
LOGIN FORM
<form method="POST" action="adminLogin.php?login=true" id="adminlogin" style="padding:0">
<label for="adminusername">Username:</label>
<input type="text" name="adminusername" autocomplete="off"><br/>
<label for="adminpassword">Password:</label>
<input type="password" name="adminpassword" autocomplete="off" /><br/>
<input type="submit" value="Login">
</form>
FORM MADE FOR INSERTING RECORDS TO A DB
<form id="trainingForm" method="post" action="" style="display:block;">
<div>
<h2 id="title" style="color:#c89d64;font-size:36px;font-family: 'RokkittRegular'; margin:0 0 15px; padding:30px 0 30px 0;font-weight:normal;">Add New SLP</h2>
<label for="first_name">First Name</label><input id="first_name" name="first_name" data-required="false" data-validation="length" data-validation-length="min4" type="text">
<label for="last_name">Last Name</label><input id="last_name" name="last_name" data-required="false" data-validation="length" data-validation-length="min4" type="text">
<label for="title">Title</label><input id="title" name="title" data-required="false" data-validation="length" data-validation-length="min4" type="text">
<label for="user_phone">Phone*</label><input id="user_phone" name="user_phone" type="tel" value="(123) 456-7890" data-required="true" onFocus="if(this.value == '(123) 456-7890') this.value='';">
<label for="user_email">Email*</label><input id="user_email" name="user_email" type="email" value="name#something.com" data-required="true" data-validation="email" onFocus="if(this.value == 'name#something.com') this.value='';">
<label for="state_name">License Held In:</label><select name='state_name[]' id="state_name" multiple>
<?php
$result = mysqli_query($con,'SELECT * FROM license_state');
$count = 1;
while($row = mysqli_fetch_array($result))
{
echo '<option value=' . $row['state_name'] . '>' . $row['state_name'] . '</option>';
}
?>
</select>
<span><label for="isChecked">May we post your information on our site?:</label>
<input type="radio" name="isChecked" value="1" checked="checked"><p>Yes</p>
<input type="radio" name="isChecked" value="0"><p>No</p></span>
<label for="asha_number">Asha# (Will Not Be Published)*</label><input id="asha_number" name="asha_number" data-required="true" data-validation="length" data-validation-length="min4" type="text">
<label for="practice_name">Practice Name*</label><input id="practice_name" name="practice_name" data-required="true" data-validation="length" data-validation-length="min4" type="text">
<label for="practice_location">Practice Location*</label><input id="practice_location" name="practice_location" data-required="true" data-validation="length" data-validation-length="min4" type="text">
<span><label for="telepracticeProvider">Are you a telepractice provider?:</label>
<input type="radio" name="telepracticeProvider" id="yes" value="Yes" ><p>Yes</p>
<input type="radio" name="telepracticeProvider" id="no" value="No" checked="checked"><p>No</p></span><br/>
<input type="hidden" id='user_id' name='user_id'/>
<br/><button name="submit" id="submit" type="submit">Submit</button>
</div>
</form>
insert to db
if(isset($_POST['submit']))
{// Create connection
$con=mysqli_connect("Speechvive.db.11357591.hostedresource.com","****","*****!","Speechvive");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$title = $_POST['title'];
$state_name = $_POST['state_name'];
$asha_number = $_POST['asha_number'];
$practice_name = $_POST['practice_name'];
$practice_location = $_POST['practice_location'];
$user_phone = $_POST['user_phone'];
$user_email = $_POST['user_email'];
$isChecked = $_POST['isChecked'];
$telepracticeProvider = $_POST['telepracticeProvider'];
$implodeStates = implode(', ',$state_name);
$insert = "INSERT INTO users ".
"(first_name,last_name, title, state_name, asha_number, practice_name, practice_location, user_phone, user_email, isChecked, telepracticeProvider) ".
"VALUES('$first_name','$last_name', '$title', '$implodeStates', $asha_number, '$practice_name', '$practice_location', '$user_phone', '$user_email', '$isChecked', '$telepracticeProvider')";
$insertData = mysqli_query( $con,$insert );
if(! $insertData )
{
die('Could not enter data: ' . mysql_error());
}
mysqli_close($con);?>
<script>window.location = "http://www.speechvive.com/adminSLP.php";//RELOAD THE CURRENT PAGE</script><?php
} else if(isset($_POST['save'])){
// Create connection
$con=mysqli_connect("Speechvive.db.11357591.hostedresource.com","Speechvive","Slp2014!","Speechvive");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$user_id = $_POST['user_id'];
$first_name = $_POST['first_name'];
$last_name = $_POST['last_name'];
$title = $_POST['title'];
$state_name = $_POST['state_name'];
$asha_number = $_POST['asha_number'];
$practice_name = $_POST['practice_name'];
$practice_location = $_POST['practice_location'];
$user_phone = $_POST['user_phone'];
$user_email = $_POST['user_email'];
$isChecked = $_POST['isChecked'];
$telepracticeProvider = $_POST['telepracticeProvider'];
$implodeStates = implode(', ',$state_name);
$update = ("UPDATE users SET first_name='$first_name',last_name='$last_name', title='$title', state_name='$implodeStates', asha_number='$asha_number', practice_name='$practice_name', practice_location='$practice_location', user_phone='$user_phone', user_email='$user_email', isChecked='$isChecked', telepracticeProvider='$telepracticeProvider' WHERE user_id = $user_id");
$updateData = mysqli_query( $con,$update );
if(! $updateData )
{
die('Could not enter data: ' . mysqli_error($con));
}
mysqli_close($con);?>
<script>window.location = "http://www.speechvive.com/adminSLP.php";</script><?php
}
window.location = "http://www.speechvive.com/adminSLP.php";
why did you wrote this in insert to db part.. I think this is creating the problem
LAST EDIT : Everything works now will post below the working code , after clearing up like idealcastle said and fixed some syntax errors everything works as it should together with the javascript validation thank you everyone
HTML Code here :
<form name = "contact " id="contact_form" action="postcontact.php" method="post" onsubmit="return validateForm();">
<div id ="boxc">
<h3>Porosia juaj ?</h3>
<input name="orders" type="checkbox" value="veshje">Veshje
<input name="orders" type="checkbox" value="mbathje">Mbathje
<input name="orders" type="checkbox" value="stoli">Stoli
</div>
<div class="row">
<label class="required" for="name" >Emri:</label><br />
<input id="name" name="name" type="text" value="" size="30" placeholder = "Emri"/><br />
<span id="name_validation" class="error"></span>
</div>
<label class="required" >Country/State:</label><br />
<div class = "row"id="statecmb"><select name = "state">
<option value="chose" selected>[choose yours]</option>
<option value="albania">Albania</option>
<option value="kosovo">Kosovo</option>
<option value="germany">Germany</option>
<option value="bangladesh">Bangladesh</option>
</select>
<span id="state_validation" class="error"></span></div>
<div class="row">
<label class="required" for="email" >Email:</label><br />
<input id="email" name="email" type="text" value="" size="30"placeholder = "Email" /><br />
<span id="email_validation" class="error"></span>
</div>
<div class="row">
<label class="required" for="message" >Mesazhi:</label><br />
<textarea id="message" name="message" rows="7" cols="30" placeholder = "Mesazhi"></textarea><br />
<span id="message_validation" class="error"></span>
</div>
<input name="submit" id = "sub"type="submit" value="Submit" />
<div class="rating">
<h3>Vlerso Sherbimin :</h3>
<input type="radio" name="rate" value="1">1
<input type="radio" name="rate"value="2">2
<input type="radio" name="rate" value="3">3
<input type="radio"name="rate" value="4">4
<input type="radio" name="rate" value="5">5
</div>
</form>
Javascript file :
function validateForm() {
var valid = 1;
var email = document.getElementById('email');
var email_validation = document.getElementById("email_validation");
var name = document.getElementById('name');
var name_validation = document.getElementById("name_validation");
var message_validation = document.getElementById("message_validation");
var filter = /^([a-zA-Z0-9_\.\-])+\#(([a-zA-Z0-9\-])+\.)+([a-zA-Z0-9]{2,4})+$/;
if (name.value === "") {
valid = 0;
name_validation.innerHTML = "Ju lutem shenoni emrin tuaj";
name_validation.style.display = "block";
name_validation.parentNode.style.backgroundColor = "#FFDFDF";
} else {
name_validation.style.display = "none";
name_validation.parentNode.style.backgroundColor = "transparent";
}
if (message.value === "") {
valid = 0;
message_validation.innerHTML = "Ju lutem plotesoni fushen e mesazhit";
message_validation.style.display = "block";
message_validation.parentNode.style.backgroundColor = "#FFDFDF";
} else {
message_validation.style.display = "none";
message_validation.parentNode.style.backgroundColor = "transparent";
}
if (email.value === "") {
valid = 0;
email_validation.innerHTML = "Ju lutem shenoni email tuaj";
email_validation.style.display = "block";
email_validation.parentNode.style.backgroundColor = "#FFDFDF";
} else {
email_validation.style.display = "none";
email_validation.parentNode.style.backgroundColor = "transparent";
}
if (!filter.test(email.value)) {
valid = 0;
email_validation.innerHTML = "Email juaj nuk eshte valid";
email_validation.style.display = "block";
email_validation.parentNode.style.backgroundColor = "#FFDFDF";
} else {
email_validation.style.display = "none";
email_validation.parentNode.style.backgroundColor = "transparent";
}
if (!valid)
alert("KENI ERROR : Fushat duhen te plotesohen ");
}
PHP FIle :
<?php
$host = 'localhost';
$user = 'root';
$pass = '';
$db = 'herdesigns';
$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());
/* mysqli_select_db($con , $db); */
?>
<?php
if (isset($_POST['submit']))
{
$name = mysqli_real_escape_string($con, $_POST['name']);
$email = mysqli_real_escape_string($con, $_POST['email']);
$message = mysqli_real_escape_string($con, $_POST['message']);
$rate = mysqli_real_escape_string($con, $_POST['rate']);
$orders = mysqli_real_escape_string($con, $_POST['orders']);
$state = mysqli_real_escape_string($con, $_POST['state']);
/*$con = mysqli_connect($host, $user, $pass,$db) or die(mysqli_error());*/
/*mysqli_select_db($con , $db);*/
$sql = "INSERT INTO contacts (
orders,
name,
state,
email,
message,
rate
)
VALUES (
'$orders',
'$name',
'$state',
'$email',
'$message',
'$rate'
)";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "Mesazhi juaj eshte postuar me sukses";
header('Location:contact.php');
mysqli_query($con, $sql);
mysqli_close($con);
}
?>
EDIT:
What field is NOW() going too?
I would remove that if there is no actual field to send that datetime. Or add a field for that. Try submitting Mysql without NOW() It would look like
$sql = "INSERT INTO contacts (
name,
email,
message,
rate,
orders,
state
)
VALUES (
'$name',
'$email',
'$message',
'$rate',
'$orders',
'$state'
)";
First thing I notice is the PHP code is being shown in the browser. If you are being sent to file:// that is not good, you should be using
http//localhost/
(if you are testing locally) or of course using the server url if live.
found here
Browser is showing PHP code instead of processing it
Second,
you should sanitize your mysql data being entered. If anyone of those values submits content with a single/double quote, mysql query will fail.
Since you are using an old mysql function, here is the escape function that should work
mysql_real_escape_string()
I would do this,
$sql = "INSERT INTO contacts (
name,
email,
message,
rate,
orders,
state
)
VALUES (
'".mysql_real_escape_string($name)."',
'".mysql_real_escape_string($email)."',
'".mysql_real_escape_string($message)."',
'".mysql_real_escape_string($rate)."',
'".mysql_real_escape_string($orders)."',
'".mysql_real_escape_string($state)."',
NOW()
)";
I am not sure if anyone of these are the cause, but they are red flags from what you have posted. You should always sanitize (escape) any inputs from crashing mysql queries.
It could be an error code 500 on validform.php.
please install firefug on firefox, it will save you lots of time. type [F12] reload the page and the network tab will show you the code of error.
also, you need to get this page by the web server: http://localhost/dir/file instead c://shittyos_amp/dir/thing.php
Plus, You should use the PDO's API for conection and every request with DB as pdo->prepare will secure the request easily for you.
Don't worry it's easy!
see PHP: Is mysql_real_escape_string sufficient for cleaning user input?
Don't say you don't need security: this input form could erase your database if an user type a sql command in it!
Anymore, If the file is client-side executed, it will never protect anythings as JS can be disabled by user.
note: I still consider myself as a noob (it's my first answer here!), never forget that web's moving everday, as security. back-end and and front-end are server-side it's an application point of view: front end= friendly-interface(code) back end=api(hard/or low level code)
PS: flash is ugly and obsolete, Adobe product's aren't free as freedom and their cloud sucks^^ (troll off)
Is it yours? http://www.her-design.com/
output from the database seems fine, but input from the update doesn't pass onto the database
edit.php - from here all values displays correctly
<?php
session_start();
$name = $_SESSION['name'];
$sur = $_SESSION['sur'];
$pass = $_SESSION['pass'];
echo $name.' '.$sur.' '.$pass;
//connect
$dbh = mysql_connect ("localhost", "xxx_admin", "xxx")
or die ('ERROR!');
mysql_select_db ("xxx_database");
$query="SELECT * FROM client_info WHERE (first='$name' AND last='$sur' AND password='$pass')";
$result=mysql_query($query);
$id = mysql_result($result,$i,"id");
$first = mysql_result($result,$i,"first");
$last = mysql_result($result,$i,"last");
$phone = mysql_result($result,$i,"phone");
$mob = mysql_result($result,$i,"mob");
$fax = mysql_result($result,$i,"fax");
$email = mysql_result($result,$i,"email");
$web = mysql_result($result,$i,"web");
$com = mysql_result($result,$i,"com");
$add = mysql_result($result,$i,"add");
$city = mysql_result($result,$i,"city");
$state = mysql_result($result,$i,"state");
$zip = mysql_result($result,$i,"zip");
$zone = mysql_result($result,$i,"zone");
$office = mysql_result($result,$i,"office");
$office_num = mysql_result($result,$i,"office_num");
$ext_mob = mysql_result($result,$i,"ext_mob");
$ext_phone = mysql_result($result,$i,"ext_phone");
$ext_office = mysql_result($result,$i,"ext_office");
$srv = mysql_result($result,$i,"srv");
$stype = mysql_result($result,$i,"stype");
$voip = mysql_result($result,$i,"voip");
$vpass = mysql_result($result,$i,"vpass");
$regDate = mysql_result($result,$i,"regDate");
$acct = mysql_result($result,$i,"acct");
$Nagent = mysql_result($result,$i,"Nagent");
$agents = mysql_result($result,$i,"agents");
$password = mysql_result($result,$i,"password");
?>
<html>
<head>
<title></title>
</head>
<body>
<form method="post" action="update.php" name="gen">
<b>Personal Info:</b>
<p>First Name:<input type="text" name="first" size="20" value="<?php echo $first; ?>"/></p>
<p>Last Name:<input type="text" name="last" size="20" value="<?php echo $last; ?>"/></p>
<p>Mob:<input type="text" name="mob" size="20" value="<?php echo $mob; ?>"/>
ext:<input type="text" name="ext_mob" size="4" value="<?php echo $ext_mob; ?>"/></p>
<p>Phone:<input type="text" name="phone" size="20" value="<?php echo $phone; ?>"/>
ext:<input type="text" name="ext_phone" size="4" value="<?php echo $ext_phone; ?>"/></p>
<p>Fax:<input type="text" name="fax" size="20" value="<?php echo $fax; ?>"/></p>
<p>E-mail:<input type="text" name="email" size="35" value="<?php echo $email; ?>"/></p>
<p>Address:<input type="text" name="add" size="40" value="<?php echo $add; ?>"/></p>
<p>City:<input type="text" name="city" size="20" value="<?php echo $city; ?>"/></p>
<p>State:<input type="text" name="state" size="20" value="<?php echo $state; ?>"/></p>
<p>Zip Code:<input type="text" name="zip" size="5" value="<?php echo $zip; ?>"/></p>
<p>Zone:<input type="text" name="zone" size="5" value="<?php echo $zone; ?>"/></p>
<br>
<b>Office Info:</b>
<p>Company:<input type="text" name="com" size="40" value="<?php echo $com; ?>"/></p>
<p>Office Address:<input type="text" name="office" size="40" value="<?php echo $office; ?>"/></p>
<p>Office Num #:<input type="text" name="office_num" size="15" value="<?php echo $office_num; ?>"/>
ext:<input type="text" name="ext_office" size="4" value="<?php echo $ext_office; ?>"/></p>
<p>Website:<input type="text" name="web" size="30" value="<?php echo $web; ?>"/></p><br>
Old password:
<input type="password" size="20" name="oldpassword">
New password:
<input type="password" size="20" name="newpassword">
verify new password
<input type="password" size="20" name="verpassword">
<input type="text" size="20" name="id" value="<?php echo $id; ?>">
<input type="submit" value="Update Database">
</form>
</body>
</html>
update.php - it says update success , but there are no changes on my database
<?php
session_start();
$ud_id=$_POST['id'];
$name = $_SESSION['name'];
$sur = $_SESSION['sur'];
$pass = $_SESSION['pass'];
$ud_first = $_POST['first'];
$ud_last = $_POST['last'];
$ud_phone = $_POST['phone'];
$ud_mob = $_POST['mob'];
$ud_fax = $_POST['fax'];
$ud_email = $_POST['email'];
$ud_web = $_POST['web'];
$ud_com = $_POST['com'];
$ud_add = $_POST['add'];
$ud_city = $_POST['city'];
$ud_state = $_POST['state'];
$ud_zip = $_POST['zip'];
$ud_zone = $_POST['zone'];
$ud_office = $_POST['office'];
$ud_office_num = $_POST['office_num'];
$ud_ext_mob = $_POST['ext_mob'];
$ud_ext_phone = $_POST['ext_phone'];
$ud_ext_office = $_POST['ext_office'];
$ud_password = $_POST['newpassword'];
//connect
$dbh = mysql_connect ("localhost", "xxx_admin", "xxx")
or die ('ERROR!');
mysql_select_db ("xxx_database");
$query="UPDATE client_info SET first='$ud_first',last='$ud_last',phone='$ud_phone',mob='$ud_mob',fax='$ud_fax',email='$ud_email',web='$ud_web',com='$ud_com',add='$ud_add',city='$ud_city',state='$ud_state',zip='$ud_zip',zone='$ud_zone',office='$ud_office',office_num='$ud_office_num',ext_mob='$ud_ext_mob',ext_phone='$ud_ext_phone',ext_office='$ud_ext_office',password='$ud_password' WHERE id='$ud_id'";
mysql_query($query);
echo "Record Updated at ID: ".$ud_id;
mysql_close();
?>
As I don't know your table structure, Try this and debug accordingly.
$query="UPDATE client_info SET first='$ud_first',
last='$ud_last',
phone='$ud_phone',
mob='$ud_mob',
fax='$ud_fax',
email='$ud_email',
web='$ud_web',
com='$ud_com',
add='$ud_add',
city='$ud_city',
state='$ud_state',
zip='$ud_zip',
zone='$ud_zone',
office='$ud_office',
office_num='$ud_office_num',
ext_mob='$ud_ext_mob',
ext_phone='$ud_ext_phone',
ext_office='$ud_ext_office',
password='$ud_password' WHERE id=$ud_id;";
mysql_query($query) or die(mysql_error());
of all i STRONGLY suggest you escape your user input before sending anything to the DB. it will escape special charaters and pevent use of keywords to mess your db. to do so, simply use mysql_real_escape_string() like so;
$ud_first = mysql_real_escape_string($_POST['first']);
You sould check mysqli as mysql being decretated. If your just starting your code, i usggest you switch as soon as possible. Efficiency and security will increase.
Add an ; at the end of you query. Will help the server to know where it ends.
change or die ('ERROR!'); by or die (mysql_error()); This will echo the last error encourtered by mysql server. It will most likely tell you what your probelm is.
I give you those hints as i don't see why your code don't work as expected.
Something out of the range of this question but why assign each of the result values separately?
You expect one result and as $i not set is actually null it works
maybe you could simplify your life and code by using
$r = mysql_fetch_assoc($result);
foreach($r as $key=>$value){ $$key=$value; }
If there would be more rows expected or possible, you would have to close it in a foreach loop or similar solution. Other side, processing the post and securing input may be short&simple too
$allowed_post_vars=array('city','zip',...); // define ok variables
foreach($allowed_post_vars as $postvar)// each of them
{ $ud='ud_'.$postvar; // prepare longer name, like $ud_city etc
$$ud=mysql_real_escape_string($_POST[$postvar]); //assign it sanitized value
}