I am currently making a system for a client database management. There are four tables in mySQL for this system, which are; admin, staff, client, and project. The project table has one foreign key from the client table, which is the clientid.
Now, I have made forms for all these tables so that the user can input the data into them. Weirdly, the only form that can be updated successfully is the staff one. Both the client and project forms cannot be updated at all. It returns as successful, but the data are not altered.
Below is the staff update code.
<?php
include 'database.php';
$staffid = $_GET['staffid'];
$sql = "SELECT * FROM staff WHERE staffid='$staffid'";
$result = mysqli_query($conn,$sql);
while ($row=mysqli_fetch_array($result)){
$staffname = $row['staffname'];
$staffemail = $row['staffemail'];
$staffphone = $row['staffphone'];
}
if(isset($_POST['submit'])){
$staffname = $_POST['staffname'];
$staffemail = $_POST['staffemail'];
$staffphone = $_POST['staffphone'];
$sql = "UPDATE staff SET
staffname='$staffname',staffemail='$staffemail',staffphone='$staffphone' WHERE staffid='$staffid'";
$result = mysqli_query($conn,$sql);
if($result){
echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>";
}
else {
echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>";
}
}
?>
<form action="" method="post">
<table class ="table1">
<tr>
<td>Staff Name:</td> <td><input type="text" name="staffname" size="50" value="<?php echo $staffname;?>"></td>
</tr>
<tr>
<td>Staff Email:</td> <td><input type="text" name="staffemail" size="50" value="<?php echo $staffemail;?>"></td>
</tr>
<tr>
<td>Staff Phone No:</td> <td><input type="text" name="staffphone" size="50" value="<?php echo $staffphone;?>"></td>
</tr>
<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewstaff.php"'></td>
</table>
</form>
Okay now is the update code for the client table.
<?php
include 'database.php';
$clientid = $_GET['clientid'];
$sql = "SELECT * FROM client WHERE clientid='$clientid'";
$result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error());
while ($row=mysqli_fetch_array($result)){
$clientid = $row['clientid'];
$clientname = $row['clientname'];
$clientno = $row['clientno'];
$clientemail = $row['clientemail'];
$clientadd = $row['clientadd'];
}
if(isset($_POST['submit'])){
$clientid = $row['clientid'];
$clientname = $row['clientname'];
$clientno = $row['clientno'];
$clientemail = $row['clientemail'];
$clientadd = $row['clientadd'];
$sql = "UPDATE client SET clientid='$clientid',clientname='$clientname',clientno='$clientno',clientemail='$clientemail',clientadd='$clientadd' WHERE clientid='$clientid'";
$result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error());
if($result){
echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>";
}
else {
echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>";
}
}
?>
<form action="" method="post">
<table class ="table1">
<tr>
<td>Client ID:</td> <td><input type="text" name="clientid" size="50" value="<?php echo $clientid;?>"></td>
</tr>
<tr>
<td>Client Name:</td> <td><input type="text" name="clientname" size="50" value="<?php echo $clientname;?>"></td>
</tr>
<tr>
<td>Client Phone No.:</td> <td><input type="text" name="clientno" size="50" value="<?php echo $clientno;?>"></td>
</tr>
<tr>
<td>Client Email:</td> <td><input type="text" name="clientemail" size="50" value="<?php echo $clientemail;?>"></td>
</tr>
<tr>
<td>Client Address:</td> <td><input type="text" name="clientadd" size="50" value="<?php echo $clientadd;?>"></td>
</tr>
<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewclient.php"'></td>
</table>
</form>
Maybe I'm stupid or what but I've been trying to figure out the problem for 3 hours and I'm this close to crying lol. Been reading all the threads here about updating form but still, no answer. Hope that anyone here could help me. Thank you.
The code you use for the client table update uses this code:
if(isset($_POST['submit'])){
$clientid = $row['clientid']; // $row should be $_POST
$clientname = $row['clientname']; // $row should be $_POST
$clientno = $row['clientno']; // $row should be $_POST
$clientemail = $row['clientemail']; // $row should be $_POST
$clientadd = $row['clientadd']; // $row should be $_POST
But those $rows should be $_POST, else the updated data will be the same as the previous data (since $row is the result from the query SELECT * FROM client WHERE clientid='$clientid'). You do it correctly in the staff table update code:
if(isset($_POST['submit'])){
$staffname = $_POST['staffname'];
$staffemail = $_POST['staffemail'];
$staffphone = $_POST['staffphone'];
Please note that your your script is at risk of SQL Injection Attack. Have a look at what happened to Little Bobby Tables. Even if you are escaping inputs, its not safe!. Use prepared parameterized statements instead.
Related
I am going to fetching table values in a html table along checkbox in each row and then inserting values in another database table from multi check boxes in php.
Only the values of checked boxes should be submitted to that table.
db name "laboratory":
test: fetching values.
package: inserting table.
view
Status
Active
Inactive
<?php
$conn=mysqli_connect("localhost","root","","laboratory") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
$query="SELECT * FROM test";
$result=mysqli_query($conn,$query);
if ($result) {
while ($record=mysqli_fetch_array($result)) {
Please try to follow this code and implement in your program . Hope that this will cooperate you much
if(isset($_POST['name'])){
$name = $_POST['name'];
$status = $_POST['status'];
if(empty($name) || empty($status)){
echo "Field Must Not be empty";
} else{
$conn=new mysqli("localhost","root","","test");
if($conn){
$query = "SELECT * FROM userdata limit 5";
$stmt = $conn->query($query);
$val = '<form action="" method=""> ';
$val .= '<table> ';
if ($stmt) { ?>
<form action="" method="post">
<table>
<?php while ($result=$stmt->fetch_assoc()) { ?>
<tr>
<td><?php echo $result['post']; ?></td>
<td><input value="<?php echo $result['post']; ?>" type="checkbox" name="check[]" /></td>
</tr>
<?php } ?>
<tr>
<td>Actual Price </td>
<td>Discount</td>
<td>Final Price</td>
</tr>
<tr>
<td><input type="text" name="actual"/></td>
<td><input type="text" name="discount"/></td>
<td><input type="text" name="final"/></td>
</tr>
<tr>
<td>Description</td>
<td><textarea name="description" id="" cols="30" rows="10"></textarea></td>
</tr>
<tr>
<td><input type="submit" value="Submit" /></td>
<td><input type="reset" value="Cancel" /></td>
</tr>
</table>
</form>
<?php }} }}?>
<?php
if(isset($_POST)){
echo "<pre>";
print_r($_POST);
echo "<pre>";
}
?>`enter code here`
First of all you have to decide that what are you using either mysqli or mysql, if you are using mysqli then you have to improve your code
$query="SELECT * FROM test";
$result=mysqli_query($conn,$query);
if ($result) {
while ($record=mysqli_fetch_array($result)) {
and when you want to insert the checked data will be inserted in package table. If package table in another database then you have to give us the full detail i mean tell us the database name of package table.
i have this code in PHP and a database sql.. the situation is .. if i type the 1, 2 or 3 (productID) .. the textbox will be populated and field with database values.. but when i run the program.. fortunately it has no errors.. but when i type the id or 1 and click the submit button.. it doesnt get the neccessary values.. sorry for this im a complete newbie and im practicing PHP for a while now.. any help will do.. thank you..
<?php
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user'])){
header("Location: index.php");
}
$res = mysql_query("SELECT * FROM users WHERE user_id=".$_SESSION['user']);
$userRow = mysql_fetch_array($res);
?>
<?php
require('dbconnect.php');
$id = (isset($_REQUEST['productID']));
$result = mysql_query("SELECT * FROM tblstore WHERE productID = '$id'");
$sql = mysql_fetch_array($result);
if(!$result){
die("Error: Data not found");
} else {
$brandname = $sql['brandname'];
$price = $sql['price'];
$stocks = $sql['stocks'];
}
?>
<html>
<body>
<p>
hi' <?php echo $userRow['username']; ?> Sign Out
</p>
<form method="post">
<table align="center">
<tr>
<td>Search Apparel:</td>
<td><input type="text" name="search" name="productID" /></td>
</tr>
<tr>
<td>Brandname:</td>
<td><input type="text" name="brandname" value="<?php echo $brandname; ?>"/ </td>
</tr>
<tr>
<td>Price:</td>
<td><input type="text" name="price" value="<?php echo $price; ?>"/></td>
</tr>
<tr>
<td>Stocks:</td>
<td><input type="text" name="stocks" value="<?php echo $stocks; ?>"/></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Search" /></td>
</tr>
</table>
</form>
</body>
</html>
your getting the id incorrectly, you have:
<?php
$_REQUEST['productID']=8; //for testing
$id = (isset($_REQUEST['productID']));
if you check it you will find the output is true\false as returned by isset
var_dump($id); //true
what you should use is:
<?php
if(isset($_REQUEST['productID'])){ //maybe also check its a number and or valid range
$id=$_REQUEST['productID'];
}
I want to display all rows by a php query and update all by a submit button in sql. I this way below a can display all row and update particular row by its own submit button. But I want to update all by a single submit button.
So for do it, I thank, I want to loop for update. But I cannot understand how to do it in this case.
Here is my code:
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<tr>
<td width="10%"><input type="text" name="date" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail" maxlength="100" value="'.$Detail.'"></td>
<input type="hidden" name="id" value="'.$id.'">
</tr>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>';}
?>
padSproccess.php
include("../db.php");
global $db;
if(isset($_POST['submit'])){
$date = mysqli_real_escape_string($dbh,$_POST['date']);
$title = mysqli_real_escape_string($dbh,$_POST['title']);
$name = mysqli_real_escape_string($dbh,$_POST['name']);
$Detail = mysqli_real_escape_string($dbh,$_POST['Detail']);
$id = mysqli_real_escape_string($dbh,$_POST['id']);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
// if successfully updated.
}
For this you need to update your code into
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}?>
<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<?php
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '<tr>
<td width="10%"><input type="text" name="date[]" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title[]" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name[]" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail[]" maxlength="100" value="'.$Detail.'"></td>
<input type="hidden" name="id[]" value="'.$id.'">
</tr>';
}?>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
Now within your padSproccess.php you'll receive an array of results within your variables which'll be updated using foreach loop
What you need to do first is have an overall form, not a form for each (unless you want to throw in javascript to fire off ajax calls). So what you'll need to do is make sure each row can be associated with a specific id:
<?php
include_once '../db.php';
$result = mysqli_query($dbh, "SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
?>
<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<thead>
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_assoc($result)) {
$id = $row['id'];
$name = $row['name'];
$date = $row['date'];
$title = $row['title'];
$Detail = $row['Detail'];
echo '
<tr>
<td width="10%"><input type="text" name="date[' . $id . ']" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title[' . $id . ']" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name[' . $id . ']" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail[' . $id . ']" maxlength="100" value="'.$Detail.'"></td>
</tr>
';
}
?>
</tbody>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
Then in padSproccess.php you'll receive an array of names, dates, titles and Details, each one keyed by the ID of the row. So that'll change to something like this:
<?php
include "../db.php";
if(isset($_POST['submit'])){
$ids = array_keys($_POST['name']);
foreach ($ids as $id) {
$date = mysqli_real_escape_string($dbh,$_POST['date'][$id]);
$title = mysqli_real_escape_string($dbh,$_POST['title'][$id]);
$name = mysqli_real_escape_string($dbh,$_POST['name'][$id]);
$Detail = mysqli_real_escape_string($dbh,$_POST['Detail'][$id]);
$id = mysqli_real_escape_string($id);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
}
// if successfully updated.
}
Try this. Of course for the database I've not started and it is possible errors.
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
?>
<form action="padSproccess.php" method="POST">
<?php
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<tr>
<td width="10%"><input type="text" name="ar['.$id.'][date]" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="ar['.$id.'][title]" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="ar['.$id.'][name]" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="ar['.$id.'][Detail]" maxlength="100" value="'.$Detail.'"></td>
</tr>
</table>
';}
?>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
<?php
include("../db.php");
global $db;
if(isset($_POST['submit'])){
foreach($_POST['ar'] as $id=>$dat){
$date = mysqli_real_escape_string($dbh,$dat['date']);
$title = mysqli_real_escape_string($dbh,$dat['title']);
$name = mysqli_real_escape_string($dbh,$dat['name']);
$Detail = mysqli_real_escape_string($dbh,$dat['Detail']);
$id = mysqli_real_escape_string($dbh,$id]);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
}
// if successfully updated.
}
?>
I have a simple, unsecured, local database that I'm learning with (yes still using MySQL for now) I can view my database rows in a table and click on an edit button which then displays the single record chosen with each column inside a text box to update and save. Here is my edit page.
<?php
$id = $_GET['id'];
$connect = mysql_connect("localhost", "XXXXXX", "XXXXXXX") or
die ("Check your connection.");
mysql_select_db("toner");
$quey1="select * from inventory where id ='".$id."'";
$result=mysql_query($quey1) or die(mysql_error());
?>
<html>
<form action="updateinfo.php" method="post">
<table>
<?php
while ($row=mysql_fetch_array($result))
{
?>
<tr>
<td align="right">Partnumber:</td>
<td align="left"><input type="text" name="partnumber" value="<?php echo $row['partnumber'];?>"/></td>
</tr>
<tr>
<td align="right">Description:</td>
<td align="left"><input type="text" name="description" value="<?php echo $row['description'];?>"/></td>
</tr>
<tr>
<td align="right">Vendor:</td>
<td align="left"><input type="text" name="vendor" value="<?php echo $row['vendor'];?>"/></td>
</tr>
<tr>
<td align="right">Price:</td>
<td align="left"><input type="text" name="price" value="<?php echo $row['price'];?>"/></td>
</tr>
<tr>
<td align="right">Quantity:</td>
<td align="left"><input type="text" name="quantity" value="<?php echo $row['quantity'];?>"/></td>
</tr>
</table>
<br>
<input type="hidden" name="id" value="<?php echo $row['id'];?>"/>
<input type="submit" value="Edit/Update Toner">
<?php
}
?>
</form>
</html>
Here is my UPDATED updateinfo
<?php
mysql_connect("localhost","XXXXX","XXXXX") or die("Error: ".mysql_error());
mysql_select_db("toner");
$id =$_POST['id'];
$partnumber = $_POST['partnumber'];
$description = $_POST['description'];
$vendor = $_POST['vendor'];
$price = $_POST['price'];
$quantity = $_POST['quantity'];
$sql = "UPDATE inventory SET partnumber ='".$partnumber."',description ='".$description."',vendor ='".$vendor."',price ='".$price."',quantity ='".$quantity."' WHERE id ='".$id."'";
mysql_query($sql) or die ("Error: ".mysql_error());
echo "Updated successfully";
header( "refresh:10;url=toner.php" );
?>
After adding a primary key I'm able to update the DB however $id = $_POST['id']; still gives an error, any assistance is appreciated. Thanks. Yes I'm aware its vulnerable to injection and that I should be using PDO or MySQLi but I'm still a beginner and this is where I've chosen to start learning. Thank you.
the problem is because of partnumber,here you are again reseting the partnumber but the new one is not present in your database and because of that query does not update the new values.
$sql = "UPDATE inventory SET description ='".$description."',vendor ='".$vendor."',price ='".$price."',quantity ='".$quantity."' WHERE partnumber = '".$partnumber."'";
Solution
Don't again set the partnumber use it only in where clause.
I've searched this website for a solution but no result.
I'm stuck on the following problem, my code gives the Unknown Colum 'member_id' in 'where clause' error. Never heard of it before.. so I am a bit confused right now.
This is my code :
<?php
require("db.php");
$id = $_REQUEST['member_id'];
$result = mysql_query("SELECT * FROM members WHERE member_id = '$id'");
$test = mysql_fetch_array($result);
if (!$result)
{
die("Error: Data not found..");
}
$admin=$test['admin'] ;
$firstname=$test['firstname'] ;
$lastname=$test['lastname'] ;
$mail= $test['mail'] ;
$login=$test['login'] ;
$passwd=$test['passwd'] ;
if(isset($_POST['save']))
{
$admin_save = $_POST['admin'];
$firstname_save = $_POST['firstname'];
$lastname_save = $_POST['lastname'];
$mail_save = $_POST['mail'];
$login_save = $_POST['login'];
$passwd_save = md5($_POST['password']);
mysql_query("UPDATE lijst SET admin ='$admin_save',firstname ='$firstname_save',lastname ='$lastname_save', mail ='$mail_save', login ='$login_save',
passwd ='$passwd_save' WHERE member_id = '$id'")
or die(mysql_error());
echo "Saved!";
header("Location: main.php");
}
mysql_close($conn);
?>
The form :
<form method="post">
<table>
<tr>
<td>Admin</td>
<td><input type="text" name="admin" class="text w_20" value="<?php echo $admin ?>"/></td>
</tr>
<tr>
<td>Voornaam</td>
<td><input type="text" name="firstname" class="text w_20" value="<?php echo $firstname ?>"/></td>
</tr>
<tr>
<td>Achternaam</td>
<td><input type="text" name="lastname" class="text w_20" value="<?php echo $lastname ?>"/></td>
</tr>
<tr>
<td>E-mail</td>
<td><input type="text" name="mail" class="text w_20" value="<?php echo $mail ?>"/></td>
</tr>
<tr>
<td>Gebruikersnaam</td>
<td><input type="text" name="login" class="text w_20" value="<?php echo $login ?>"/></td>
</tr>
<tr>
<td>Password</td>
<td><input type="text" name="passwd" class="text w_20" value="<?php echo $passwd ?>"/></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="save" value="update" /></td>
</tr>
</table>
</form>
The error is saying there is no field member_id in the database table lijst. Add the field or remove the condition from the WHERE clause.
Given the SQL you just posted, your table is called members not lijst. So change the query:
UPDATE members ......
Edit: your MD5 problem is because your html input is named passwd but you are targeting password in the POST array:
$passwd_save = md5($_POST['password']);
Change to:
$passwd_save = md5($_POST['passwd']);
Finally, your query is vulnerable to SQL Injection. As a quick fix, run your user input through mysql_real_escape_string(). Or even better, switch to a modern MySQL API such as PDO, and use parameterised queries.