I'm new to PHP. I'm trying to display search result based on user query. My issue is that I'm not getting all other similar search results (only the exact results are showing). Is it the right method I'm implementing from security point of view? Thanks in advance.
define('HOST','localhost');
define('USER','root');
define('PASSWORD_HOST','');
define('DATABASE','test');
if(defined('HOST') && defined('USER') && defined('PASSWORD_HOST') && defined('DATABASE')){
$conn = mysqli_connect(HOST, USER, PASSWORD_HOST, DATABASE);
}else{
die(connection_failed.mysqli_connection_error());
}
Here is HTML
<div class="container">
<div class="row">
<div class="col-sm-12">
<form action="" method="POST">
<h4>Search By</h4>
<input type="text" name="delName"/>
<button type="submit" name="submit">search</button>
</form>
</div>
</div>
</div>
Here is PHP
if(isset($_POST['submit'])){
$delName = "%{$_POST['delName']}%";
$stmt =$conn->prepare("SELECT id, delName, medName, contact1, contact2, address, pin, creditLimitDealer FROM dealerentrytable WHERE delName LIKE ?");
$stmt->bind_param("s", $delName);
$stmt->execute();
$stmt->bind_result($id, $delName, $medName, $contact1, $contact2,$address,$pin,$creditLimitDealer);
while ($stmt->fetch()) {
echo "<table>";
echo "<tr><td>ID: $id</td>";
echo "<td>delName: $delName</td>";
echo "<td>medName: $medName</td>";
echo "<td>contact1: $contact1</td>";
echo "<td>contact2: $contact2</td>";
echo "<td>address: $address</td>";
echo "<td>pin: $pin</td>";
echo "<td>creditLimitDealer: $creditLimitDealer</td></tr>";
echo "</table>";
}
$stmt->close();
}
?>
Related
I am having a form where the user enters 2 variables. These 2 variables are used in my mysqlquery. The result can be either: no matches or 1 or more matches. In each case I would like to have the output of that sql query as result on the original webpage below the entry fields (in the "queryresult" text field). How to do that?
The query is working but after clicking the button a new page is opened with the result of the query which is what I don't want.
you can see the form here: www.larscichowski.nl/coinexchange
I tried already with hidden iframe and checked the answers on a similar question
within the html this is the code for the form part:
<section class="section-form" id="form">
<div class="row" >
<h2>Coin Exchange Finder</h2>
</div>
<div class="row">
<form method="get" action="query.php" class="contact-form">
<div class="row">
<div class="col span-1-of-3">
<label for="name">Source Coin</label>
</div>
<div class="col span-1-of-3">
<input class="typeahead form-control" name="sourcecoin" id="sourcecoin" type="text" required>
</div>
</div>
<div class="row">
<div class="col span-1-of-3">
<label for="name">Destination Coin</label>
</div>
<div class="col span-1-of-3">
<input class="typeahead form-control" name="destcoin" id="destcoin" type="text" >
</div>
</div>
<script type="text/javascript">
<div class="row">
<div class="col span-1-of-3">
<label> </label>
</div>
<div class="col span-2-of-3">
<input type="submit" value="Find matching
exchanges">
</div>
</div>
<div class="row">
<div class="col span-1-of-3">
<label>We found the following matches:</label>
</div>
<div class="col span-2-of-3">
<input type="text" id="queryResult"/>
</div>
</div>
</form>
</div>
</section>
the query.php file looks like this:
<?php
$servername = "xx";
$username = "xx";
$password = "xx";
$dbname = "xx";
$sourcecoin = strip_tags(trim($_POST["sourcecoin"]));
$destcoin = strip_tags(trim($_POST["destcoin"]));
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
echo "Connection not established. Check credentials";
}
$sql = "SELECT Pairs_Source.Exchange, Exchanges.HyperLink
FROM Pairs AS Pairs_Source INNER JOIN Pairs AS Pairs_Dest ON
Pairs_Source.Exchange = Pairs_Dest.Exchange
Left join Exchanges on Pairs_Source.Exchange=Exchanges.Exchange
WHERE Pairs_Source.Coin='$sourcecoin' AND Pairs_Dest.Coin='$destcoin'";
$result = $conn->query($sql);
$json = [];
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$json[]=$row['Exchange'];
//echo "<br> They have got the following exchange(s) in common: ".
$row["Exchange"] ."<br>";
}
} else {
echo "Unfortunately these 2 coins don't have an exchange in
common";
}
echo json_encode($json);
$conn->close();
?>
You can submit the form to the same page and have the php code in the same file.
To do this, wrap your PHP code within if($_SERVER['REQUEST_METHOD'] == 'POST'), so it will only run when the form is submitted.
You need to change your form tag so it submits to the current page (or the page name in the action):
<form method="post" action="" class="contact-form">
Then, you can change your result part to something like this. (So it will store the message that you want to display into a variable):
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$message = "<br> They have got the following exchange(s) in common:
". $row["Exchange"] ."<br>";
}
} else {
$message = "Unfortunately these 2 coins don't have an exchange in
common";
}
Finally, you can echo the message anywhere in your page by doing this:
if(isset($message)) {
echo $message;
}
Your page will look something like this:
if($_SERVER['REQUEST_METHOD'] == 'POST') {
// The contents of query.php
}
// the html code
I am retrieving values from the database into the form for update, on the press of submit button.
The values do get retrieved but update process fails without any error.
Here's the code:
<?php
session_start();
$username=$_SESSION['uname'];
$cn=mysqli_connect("localhost", "root", "", "testdb");
// Define variables and initialize with empty values
$course = $category = "";
$title = $descp = "";
// Processing form data when form is submitted
if(isset($_POST["pid"]) && !empty($_POST["pid"])){
// Get hidden input value
$pid = $_POST["pid"];
// Check input errors before inserting in database
if(empty($course) && empty($category) && empty($title) && empty($descp)){
// Prepare an update statement
$sql = "UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
// Set parameters
$param_course = $course;
$param_category = $category;
$param_title = $title;
$param_descp = $descp;
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records updated successfully. Redirect to landing page
header("location: CAposts.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($cn);
} else{
// Check existence of id parameter before processing further
if(isset($_GET["pid"]) && !empty(trim($_GET["pid"]))){
// Get URL parameter
$pid = trim($_GET["pid"]);
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$result = mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($result) == 1){
/* Fetch result row as an associative array. Since the result set contains only one row, we don't need to use while loop */
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// Retrieve individual field value
$pid = $row['pid'];
$uname = $row['uname'];
$course = $row['course'];
$category = $row['category'];
$pdate = $row['pdate'];
$title = $row['title'];
$descp = $row['descp'];
} else{
// URL doesn't contain valid id. Redirect to error page
header("location: CAposts.php");
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
// Close connection
mysqli_close($cn);
} else{
// URL doesn't contain id parameter. Redirect to error page
header("location: CAposts.php");
exit();
}
}
?>
<html>
<head>
<title>IMEDTalks-Post-
<?php echo $title;?>
</title>
<link href="./css/bootstrap.min.css" rel="stylesheet" />
<script src="./scripts/jquery-3.3.1.min.js"></script>
<script src="./scripts/bootstrap.min.js"></script>
<style>
/* Make the image fully responsive */
.carousel-inner img {
width: 100%;
height: 30%;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2 class="text-center">Update Post</h2>
</div>
<p class="text-center">Please edit the input values and submit to update the post.</p>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<div class="form-group">
<div class="row">
<label class="col-form-label col-md-1 offset-3" for="course">Course:</label>
<div class="col-md-2">
<select name="course" class="form-control" required>
<option value="<?php echo $course;?>" selected>
<?php echo $course;?>
</option>
<option value="">Choose any:</option>
<option value="comp">Comp</option>
<option value="theo">Theory</option>
</select>
</div>
<label class="col-form-label col-md-1" for="category">Category:</label>
<div class="col-md-3">
<select name="category" class="form-control" required>
<option value="<?php echo $category;?>" selected>
<?php echo $category;?>
</option>
<option value="">Choose any:</option>
<option value="plang">Programming Language</option>
<option value="web">Web Technologies</option>
<option value="maths">Mathematics and Statistics</option>
<option value="others">Others</option>
</select>
</div>
</div>
</div>
<div class="form-group row">
<label for="title" class="col-form-label col-md-2">Title:
</label>
<div class="col-md-10">
<input type="text" class="form-control" value="<?php echo $title;?>" name="title" required>
</div>
</div>
<div class="form-group row">
<label for="desc" class="col-form-label col-md-12">Description:
</label>
<div class="col-md-12">
<textarea class="form-control" name="descp" rows="20" required><?php echo $descp;?></textarea>
</div>
</div>
<input type="hidden" name="pid" value="<?php echo $pid;?>" />
<div class="form-group row">
<div class="col-md-4 offset-4">
<a href="CAposts.php"><button type="button" name="cancel"
class="btn-lg btn-danger">Cancel</button></a>
</div>
<div class="col-md-4">
<button type="submit" name="update" class="btn-lg btn-success">Submit</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
PS:
pid is being bought from the previous page where the data is listed in table format, and on the click of the button, that data/post gets loaded into the form for editing using the pid, which is primary key in my database table.
using bootstrap 4.
Edited after first comments.
You have 5 columns in your query but you only bind 4 of them, so you forgot an s
$sql = "UPDATE posts SET course=?, category=?, title=? descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "sssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
Here a cleaner code for your update:
$stmt = $conn->prepare("UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?");
$stmt->bind_param("ssssi", $course, $category, $title, $descp, $pid);
$stmt->execute();
I just saw that you are trying to display all your data from DB using
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
And also, the value of all your form is using these informations fetched from DB, which is nothing since, i just can't understand. You are trying to fetching all your data using a variable which comming from data of DB itself...
Try something, change the hidden form for your ID and use this (if you have data in db using id 1)
<input type="hidden" name="pid" value="1" />
I am retrieving values from the database into the form for update, on the press of the submit button, the values should get updated.
Here's the code:
PostUpdate.php:
<?php
session_start();
$username=$_SESSION['uname'];
$cn=mysqli_connect("localhost", "root", "", "testdb");
// Define variables and initialize with empty values
$course = $category = "";
$title = $descp = "";
// Processing form data when form is submitted
if(isset($_POST["pid"]) && !empty($_POST["pid"])){
// Get hidden input value
$pid = $_POST["pid"];
// Check input errors before inserting in database
if(empty($course) && empty($category) && empty($title) && empty($descp)){
// Prepare an update statement
$sql = "UPDATE posts SET course=?, category=?, title=?, descp=? WHERE pid=?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "ssssi", $param_course, $param_category, $param_title, $param_descp, $param_pid);
// Set parameters
$param_course = $course;
$param_category = $category;
$param_title = $title;
$param_descp = $descp;
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
// Records updated successfully. Redirect to landing page
header("location: CAposts.php");
exit();
} else{
echo "Something went wrong. Please try again later.";
}
// Close statement
mysqli_stmt_close($stmt);
}
}
// Close connection
mysqli_close($cn);
} else{
// Check existence of id parameter before processing further
if(isset($_GET["pid"]) && !empty(trim($_GET["pid"]))){
// Get URL parameter
$pid = trim($_GET["pid"]);
// Prepare a select statement
$sql = "SELECT * FROM posts WHERE pid = ?";
if($stmt = mysqli_prepare($cn, $sql)){
// Bind variables to the prepared statement as parameters
mysqli_stmt_bind_param($stmt, "i", $param_pid);
// Set parameters
$param_pid = $pid;
// Attempt to execute the prepared statement
if(mysqli_stmt_execute($stmt)){
$result = mysqli_stmt_get_result($stmt);
if(mysqli_num_rows($result) == 1){
/* Fetch result row as an associative array. Since the result set contains only one row, we don't need to use while loop */
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
// Retrieve individual field value
$pid = $row['pid'];
$uname = $row['uname'];
$course = $row['course'];
$category = $row['category'];
$pdate = $row['pdate'];
$title = $row['title'];
$descp = $row['descp'];
} else{
// URL doesn't contain valid id. Redirect to error page
header("location: CAposts.php");
exit();
}
} else{
echo "Oops! Something went wrong. Please try again later.";
}
}
// Close statement
mysqli_stmt_close($stmt);
// Close connection
mysqli_close($cn);
} else{
// URL doesn't contain id parameter. Redirect to error page
header("location: CAposts.php");
exit();
}
}
?>
<html>
<head>
<title>IMEDTalks-Post-
<?php echo $title;?>
</title>
<link href="./css/bootstrap.min.css" rel="stylesheet" />
<script src="./scripts/jquery-3.3.1.min.js"></script>
<script src="./scripts/bootstrap.min.js"></script>
<style>
/* Make the image fully responsive */
.carousel-inner img {
width: 100%;
height: 30%;
}
</style>
</head>
<body>
<div class="wrapper">
<div class="container-fluid">
<div class="row">
<div class="col-md-12">
<div class="page-header">
<h2 class="text-center">Update Post</h2>
</div>
<p class="text-center">Please edit the input values and submit to update the post.</p>
<form action="<?php echo htmlspecialchars(basename($_SERVER['REQUEST_URI'])); ?>" method="post">
<div class="form-group">
<div class="row">
<label class="col-form-label col-md-1 offset-3" for="course">Course:</label>
<div class="col-md-2">
<select name="course" class="form-control" required>
<option value="<?php echo $course;?>" selected>
<?php echo $course;?>
</option>
<option value="">Choose any:</option>
<option value="comp">Comp</option>
<option value="theo">Theory</option>
</select>
</div>
<label class="col-form-label col-md-1" for="category">Category:</label>
<div class="col-md-3">
<select name="category" class="form-control" required>
<option value="<?php echo $category;?>" selected>
<?php echo $category;?>
</option>
<option value="">Choose any:</option>
<option value="plang">Programming Language</option>
<option value="web">Web Technologies</option>
<option value="maths">Mathematics and Statistics</option>
<option value="others">Others</option>
</select>
</div>
</div>
</div>
<div class="form-group row">
<label for="title" class="col-form-label col-md-2">Title:
</label>
<div class="col-md-10">
<input type="text" class="form-control" value="<?php echo $title;?>" name="title" required>
</div>
</div>
<div class="form-group row">
<label for="desc" class="col-form-label col-md-12">Description:
</label>
<div class="col-md-12">
<textarea class="form-control" name="descp" rows="20" required><?php echo $descp;?></textarea>
</div>
</div>
<input type="hidden" name="pid" value="<?php echo $pid;?>" />
<div class="form-group row">
<div class="col-md-4 offset-4">
<a href="CAposts.php"><button type="button" name="cancel"
class="btn-lg btn-danger">Cancel</button></a>
</div>
<div class="col-md-4">
<button type="submit" name="update" class="btn-lg btn-success">Submit</button>
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</body>
</html>
Here, i am using pid which is being bought from the previous page where the data is listed in table format, and on the click of a button there, that data/post gets loaded into the form for editing and updating the same using the pid(primary key in my database table)
Iam using bootstrap 4.
Problem i am facing:
The update operation is performed without any errors using the pid, but the values of course, category, title, description gets set to blank in database table after this update operation.
I can't figure out whats going wrong here.
im trying to match my textfield input of a "coupon_code" to a value in a sql table. i have three files that connect to each other. also, there should be an alert if the texfield matches.
HTML: (membership.php)
<?php
session_start();
require_once('membership.vc.php');
?>
<form>
<div class="form-row">
<div class="col col-md-8">
<input type="text" class="form-control" aria-describedby="sizing-addon1" name="promocode3" placeholder="ENTER PROMO CODE">
</div>
<div class="col col-md-4">
<input type="submit" class="btn color-white mwc-orange-background-color" name="redeem" value="REDEEM">
</div>
</div>
</form>
PHP: (membership.vc.php)
<?php
require_once($routePath . "_mc/PromoCode.mc.php");
$mcPromoCode = new PromoCode_MC();
if (isset($_POST['redeem']) && $_POST['redeem'] == 'REDEEM'){
$pcode3_txtfield = $_POST['promocode3'];
$rowpcode3 = $mcPromoCode->SelectPromoCode3($db, $p3id);
$pcode3 = $rowpcode3['coupon_code'];
if ($pcode3_txtfield == $pcode3 ){
echo "<script>
alert('There are no fields to generate a report');
window.location.href='admin/ahm/panel';
</script>";
}
}
?>
SQL Function: (PromoCode.mc.php)
<?php Class PromoCode_MC {
public function SelectPromoCode3($db, $p3id) {
$stmt = $db->prepare(
" SELECT *
FROM mywhitecard.promocode_3
WHERE p3id = :p3id ");
$stmt->bindValue(':p3id', $p3id, PDO::PARAM_INT);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
return $row; } } ?>
$pcode3 should get the column and $pcode3_txtfield should get the textfield input, which part did i do wrong? since there is no alert popup.
UPDATE: tried to do what the comments said, i thought using the primary key of the table will work but still no effect
UPDATE: i tried:
<?php Class PromoCode_MC {
public function SelectPromoCode3($db, $pcode3_txtfield) {
$stmt = $db->prepare(
" SELECT *
FROM mywhitecard.promocode_3
WHERE pcode3_txtfield = :coupon_code ");
$stmt->bindValue(':pcode3_txtfield', $pcode3_txtfield, PDO::PARAM_INT);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
return $row; }
} ?>
no effect
This question already has answers here:
Closed 10 years ago.
Possible Duplicate:
PHP: “Notice: Undefined variable” and “Notice: Undefined index”
In html code:
<select name="123023d">
<option value="default">Not Share</option>
<option value="read">Read Only</option>
<option value="edit">Editable</option>
</select>
In php code:
$rights=$_POST['123023d'];
Why i can not retrieve the value of this select box?
Notice: Undefined index: 123023d in C:\xampp\htdocs\fyp\list\add.php on line 87
Thank you.
I am sure it is in the form and it is a post method. It is located after foreach ($result as $set) as you can see i draw some sql value to generate that select box and the name of the select box is userID
Whole part:
<form id="addlist" method="post" action="add.php" >
<h1>Create your new subscriber list</h1>
<p>Create a new list before adding subscriber <label class="right"><em class="dot">*</em> indicates required</label></p>
<label><em class="dot">*</em> List name:
<span class="small">Add your list name</span>
</label>
<input id="lname" name="lname" class="required" />
<div class="spacer"></div>
<label>Reminder:
<span class="small">Remind the details of your list</span>
</label>
<textarea id="creminder" name="creminder" cols="52" ></textarea>
<div class="spacer"></div>
<div class="spacer"></div>
<p>Email me when ...</p>
<label>People subscribe:</label> <input type="checkbox" class="checkbox" name="subscribe" value="1">
<label>People unsubscribe:</label> <input type="checkbox" class="checkbox" name="unsubscribe" value="1">
<div class="spacer"></div>
</div>
</br>
<div id="stylized" class="myform">
<p>Permission Setting ...</p>
<label>Open to other users:</label> <input type="checkbox" class="checkbox" name="public" value="1">
Or
<div class="spacer"></div>
Select the permission for individual user:
<?
$sql =
"SELECT UserID,Name,Rights,Position
FROM user
WHERE UserID != ?
AND Rights != 'Admin'
";
$stmt = $conn->prepare($sql);
$stmt->execute(array($_SESSION['username']));
$num_rows= $stmt->rowCount();
if ($num_rows != 0){
$result = $stmt->fetchAll();
?>
<table width="100%" class="display" id="viewSub">
<thead>
<tr>
<th field="col1" width="40%">Name:</th>
<th field="col2" width="40%">Position:</th>
<th field="col2" width="20%">Permission:</th>
</tr>
</thead>
<tbody>
<?
foreach ($result as $set)
{
echo "<tr><td>".$set['Name']."</td><td>".$set['Position']."</td><td><select name=".$set['UserID']."><option value='default'>Not Share</option><option value='read'>Read Only</option><option value='edit'>Editable</option></select></td></tr>";
}
?>
</tbody>
</table>
<?
}
else
echo "There is no another user in this system";
?>
<input class="submit" type="submit" name="submit" value="Submit"/>
<div class="spacer"></div>
</form>
add.php which is the form and the result process
<?
include("../connection/conn.php");
session_start();
if($_SERVER['REQUEST_METHOD'] == "POST"){
print_r($_POST);
exit();
if (!isset($_POST['subscribe']))
$_POST['subscribe']=0;
if (!isset($_POST['unsubscribe']))
$_POST['unsubscribe']=0;
if (!isset($_POST['public']))
$_POST['public']=0;
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
try {
$listName = $_POST['lname'];
$listRemindSub = $_POST['subscribe'];
$creator = $_SESSION['username'];
$listRemindUnSub = $_POST['unsubscribe'];
$isPublic = $_POST['public'];
$listReminder = $_POST['creminder'];
$query="INSERT INTO list (ListID,ListName,Creator,IsRemindSub,IsRemindUnSub,IsPublic,CreateDate,Reminder) VALUES ('',?,?,?,?,?,CURDATE(),?)";
$stmt = $conn->prepare($query);
$stmt->bindParam(1, $listName , PDO::PARAM_STR);
$stmt->bindParam(2, $creator, PDO::PARAM_STR);
$stmt->bindParam(3, $listRemindSub, PDO::PARAM_INT);
$stmt->bindParam(4, $listRemindUnSub, PDO::PARAM_INT);
$stmt->bindParam(5, $isPublic, PDO::PARAM_INT);
$stmt->bindParam(6, $listReminder, PDO::PARAM_STR);
$stmt->execute();
}
catch(PDOException $e)
{
die ($e->getMessage().' Back');
$conn->rollBack();
}
try {
$lastID=$conn->lastInsertId();
$query="INSERT INTO require_attributes (ReqID,ListID,Attribute,Tag) VALUES ('',$lastID,'Email','{email}')";
$stmt = $conn->prepare($query);
$stmt->execute();
$query="INSERT INTO require_attributes (ReqID,ListID,Attribute,Tag) VALUES ('',$lastID,'FirstName','{fname}')";
$stmt = $conn->prepare($query);
$stmt->execute();
$query="INSERT INTO require_attributes (ReqID,ListID,Attribute,Tag) VALUES ('',$lastID,'LastName','{lname}')";
$stmt = $conn->prepare($query);
$stmt->execute();
}
catch(PDOException $e)
{
die ($e->getMessage().' Back');
$conn->rollBack();
}
try{
$sql = '
SELECT UserID
FROM user
WHERE Rights != ?';
$stmt = $conn->prepare($sql);
$stmt->execute(array('admin'));
$result= $stmt->fetchAll();
}
catch(PDOException $e)
{
die ($e->getMessage().' Back');
}
foreach ($result as $set)
{
if ($set['UserID']==$_SESSION['username'])
$rights='edit';
else
{$rights=$_POST[$set["UserID"]];
$rights=$_POST['123023d'];}
if ($rights != 'default' || $set['UserID']==$_SESSION['username'] || $_POST['public']==0)
{
$user=$set['UserID'];
try {
$query="INSERT INTO user_list(UserID,ListID,UserRights) VALUES ('$user',$lastID,'$rights')";
$stmt = $conn->prepare($query);
$stmt->execute();
}
catch(PDOException $e)
{
die ($e->getMessage().' Back');
$conn->rollBack();
}
}
}
$conn = null;
?>
<div id="stylized" class="myform">
<div style="text-align:center;font-weight:bold;">You have created a list. By default Mail Address, First Name , Last Name is in your list. Add more field if you want. <a href='add.php'>Back</a></div>
<div class="spacer"></div>
</div>
<?
}else{?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style type="text/css">
#import "../plugin/easyui/themes/default/easyui.css";
#import "../plugin/easyui/themes/icon.css";
#import "../style/form.css";
#import "../plugin/datatable/media/css/demo_page.css";
#import "../plugin/datatable/media/css/demo_table.css";
</style>
<script src="../plugin/jquery-1.6.1.min.js"></script>
<script type="text/javascript" src="../plugin/easyui/jquery.easyui.min.js"></script>
<script src="../plugin/jquery.validate.min.js"></script>
<script type="text/javascript" src="../plugin/datatable/media/js/jquery.dataTables.js"></script>
<script src="../plugin/jquery.form.js"></script>
<script>
$(document).ready(function(){
$("#addlist").validate();
});
$(document).ready(function() {
$('#viewSub').dataTable();
} );
</script>
</head>
<body>
<div id="stylized" class="myform">
<form id="addlist" method="post" action="add.php" >
<h1>Create your new subscriber list</h1>
<p>Create a new list before adding subscriber <label class="right"><em class="dot">*</em> indicates required</label></p>
<label><em class="dot">*</em> List name:
<span class="small">Add your list name</span>
</label>
<input id="lname" name="lname" class="required" />
<div class="spacer"></div>
<label>Reminder:
<span class="small">Remind the details of your list</span>
</label>
<textarea id="creminder" name="creminder" cols="52" ></textarea>
<div class="spacer"></div>
<div class="spacer"></div>
<p>Email me when ...</p>
<label>People subscribe:</label> <input type="checkbox" class="checkbox" name="subscribe" value="1">
<label>People unsubscribe:</label> <input type="checkbox" class="checkbox" name="unsubscribe" value="1">
<div class="spacer"></div>
</div>
</br>
<div id="stylized" class="myform">
<p>Permission Setting ...</p>
<label>Open to other users:</label> <input type="checkbox" class="checkbox" name="public" value="1">
Or
<div class="spacer"></div>
Select the permission for individual user:
<?
$sql =
"SELECT UserID,Name,Rights,Position
FROM user
WHERE UserID != ?
AND Rights != 'Admin'
";
$stmt = $conn->prepare($sql);
$stmt->execute(array($_SESSION['username']));
$num_rows= $stmt->rowCount();
if ($num_rows != 0){
$result = $stmt->fetchAll();
?>
<table width="100%" class="display" id="viewSub">
<thead>
<tr>
<th field="col1" width="40%">Name:</th>
<th field="col2" width="40%">Position:</th>
<th field="col2" width="20%">Permission:</th>
</tr>
</thead>
<tbody>
<?
foreach ($result as $set)
{
echo "<tr><td>".$set['Name']."</td><td>".$set['Position']."</td><td><select name=".$set['UserID']."><option value='default'>Not Share</option><option value='read'>Read Only</option><option value='edit'>Editable</option></select></td></tr>";
}
?>
</tbody>
</table>
<?
}
else
echo "There is no another user in this system";
?>
<input class="submit" type="submit" name="submit" value="Submit"/>
<div class="spacer"></div>
</form>
<div class="spacer"></div>
</div>
<br><br><br>
<div id="stylized" class="myform">
<?
try{
$sql = '
SELECT *
FROM list,user_list
WHERE user_list.UserID=?
AND list.ListID=user_list.ListID
';
$stmt = $conn->prepare($sql);
$stmt->execute(array($_SESSION['username']));
$result= $stmt->fetchAll();
$num_rows= $stmt->rowCount();
}
catch(PDOException $e)
{
die ($e->getMessage().' Back');
}
$conn = null;
if ($num_rows == 0) {
echo '<div style="text-align:center;font-weight:bold;">You have not created any list yet.</div>';}
else {
echo '<h1>Your Subscriber List</h1> <p>You have created '.$num_rows.' list(s).</p>';
foreach ($result as $set)
{
echo '<div style="font-weight:bold;">List Name : '.$set['FromName'].'</div><br>';
echo '<div style="font-weight:bold;">Subscriber : </div><br>';
echo '<div style="font-weight:bold;">Create Date : '.$set['CreateDate'].'</div><br>';
echo '<hr>';
}}
?>
<div class="spacer"></div>
</div>
</div>
</body>
</html>
<?
}
?>
Note the method you are using to submit the form. There are two general ways
GET Method <form method="GET" ... >
This is generally retrieved by using
echo $_GET['123023d'];
POST Method <form method="POST" ... >
This is generally retrieved by using
echo $_POST['123023d'];
If no method is defined, by default, it will be submitted using GET method so, use
$rights=$_GET['123023d'];
Update
I found your problem, there is no quotes in the title of select box
<select name=".$set['UserID'].">
Change it to this. You have to provide the quotes and escape them as well.
<select name=\"".$set['UserID']."\">
Update 2
Credit to #zerkms
The another problem was starting the name with a numeric value instead of a alphabetically character.
<select name="123023d">
Make sure you dont start with numbers like
<select name="a123023d">
How to retrieve value from a select box?
it is stored in the $_POST['123023d'] or $_GET['123023d'] variable depends on the method used.
If it is a 'post' request , use :
$rights=$_POST['123023d'];
For 'get' requests :
$rights=$_GET['123023d'];