Converting username, to userID for entry into a comments box - php

<?php
include("connection.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
// username and password sent from form
$myusername = mysqli_real_escape_string($conn,$_POST['username']);
$mypassword = mysqli_real_escape_string($conn,$_POST['password']);
$row['userID'] = $myuserid;
$sql = "SELECT * FROM u803621131_login.users WHERE username = '$myusername' and password = '$mypassword'";
$result = mysqli_query($conn,$sql);
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$active = $row['active'];
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
session_start("myuserid");
$_SESSION['login_user'] = $myusername;
$_SESSION['login_id'] = $myuserid;
header("location: welcome.php");
}else {
$error = "Your Login Name or Password is invalid";
}
}
?>
<html>
<head>
<title>Login Page</title>
<style type = "text/css">
body {
font-family:Arial, Helvetica, sans-serif;
font-size:14px;
}
label {
font-weight:bold;
width:100px;
font-size:14px;
}
.box {
border:#666666 solid 1px;
}
</style>
</head>
<body bgcolor = "#FFFFFF">
<div align = "center">
<div style = "width:300px; border: solid 1px #333333; " align = "left">
<div style = "background-color:#333333; color:#FFFFFF; padding:3px;"><b>Login</b></div>
<div style = "margin:30px">
<form action = "" method = "post">
<label>UserName :</label><input type = "text" name = "username" class = "box"/><br /><br />
<label>Password :</label><input type = "password" name = "password" class = "box" /><br/><br />
<input type = "submit" value = " Submit "/><br />
</form>
<div style = "font-size:11px; color:#cc0000; margin-top:10px"><?php echo $error; ?></div>
</div>
</div>
</div>
</body>
</html>
Login.php - The login page with all the changed parts, the actual login works as it should. although it is hard to tell if there are any other issues
<?php session_start();
include'../../connection.php';?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="description" content="">
<meta name="keywords" content="">
<link rel="stylesheet" type="text/css" href=".../../../../style.css">
<title>Home</title>
<!--[if IE]>
<script src="http://html5shim.googlecode.com/svn/trunk/html5.js"></script>
<![endif]-->
<?php include('../../main/main.php');?>
</head>
<body>
<div class=containermain>
<h1>I5-6600k.php</h1>
<form action="ratepost.php" method="post">
<label for="rating">rating:</label>
<select name="rating" id="rating" value="rating" >
<option>
<option value="1">1 </option>
<option value="2">2</option>
<option value="3">3 </option>
<option value="4">4</option>
<option value="5">5</option>
</option>
</select>
<input type="submit" value="Submit">
</form>
<h2>graphics card write up................</h2>
<?php echo "Hello " . $_SESSION['user']; ?>
<p> </p>
<br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br><br>
</div>
<div
class="fb-like"
data-share="true"
data-width="450"
data-show-faces="true">
</div>
<!---------------------------------------COMMENT BOX---------------------------------------------------->
<div class="comments" align="center">
<form action="" method="post" >
<textarea rows="4" cols="50" name="comment">
Please type a comment if you are logged in....
</textarea>
<input type="submit" value="Submit">
</form>
<?php
if (isset($_SESSION['login_id']) && !empty($_SESSION['login_id'])) {
$id = $_SESSION['login_id'];
$sqlinsert = "INSERT INTO comment (userID, comment, dCpuID) VALUES ('$id', '$comment', '1')";
if(mysqli_query($conn, $sqlinsert)){
header("Location: i5-6600k");
} else {
echo "ERROR: Could not able to execute $sqlinsert. " . mysqli_error($conn);
}
}
// close connection
$sql = "SELECT `users`.`username`, `comment`.`comment`, `comment`.`timestamp`\n"
. "FROM `users`\n"
. "LEFT JOIN `comment` ON `users`.`userID` = `comment`.`userID` \n"
. "where dCpuID = 1";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table><tr><th>Username</th><th>Comment</th><th>Timestamp</th>";
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr><td>" . $row["username"]. "</td><td>" . $row["comment"]."</td><td>" . $row["timestamp"]. "</td>";
}
echo "</table>";
} else {
echo "0 results";
}
?>
</div>
<?php include('../../assets/footer.php');?>
<div class="fb-comments" data-href="http://www.computercomparison.tk/#home" data-numposts="5"></div>
</body>
</html>
Have included entirety of 2nd page, incase there may be clashes with other parts of the code in the site that may be pointed out.
Also you will find lots of code in strange places, only testing bits at the mo.
<?php
include('connection.php');
session_start();
$user_check = $_SESSION['login_user'];
$ses_sql = mysqli_query($conn,"select username, from users where username = '$user_check' ");
$row = mysqli_fetch_array($ses_sql,MYSQLI_ASSOC);
$login_session = $row['username'];
if(!isset($_SESSION['login_user'])){
header("location:login.php");
}
?>
Have this session.php file, didn't think it was too relevant but changing it around did affect logging in and stuff, it is in good condition here, wonder if there is anything i need to change here too? it is linked to the welcome.php


Following the error message you connected a column for the comment authors ID to one in your account table using a foreign key.
As shown in your picture they're both INT. But you are trying to insert a VARCHAR (the username) into this column instead.
My approach would be to get the user's ID by a sql query or even better save the users ID to the session:
session_start();
$_SESSION['login_user'] = $usernameFromFormOrWhatever;
$_SESSION['login_id'] = $usersID;
So you can fill your userID column with it:
$id = $_SESSION['login_id'];
$sqlinsert = "INSERT INTO comment (userID, comment, dCpuID) VALUES ('$id', '$comment', '1')";
Additionally the entered ID in your comments table must also appear in a row of your accounts table as ID of a user. Otherwise you will get an error message like you do now.

Related

Get value of html text field using sql query with php

LOGINPAGE.html:
This is where the user will input their username and password. PHP method is POST.
<html>
<head>
<title>
LOG IN
</title>
<style>
body {
text-align: center;
}
</style>
</head>
<body>
<form action = "loginDatabase.php" method = "POST">
<label>User name:</label>
<input type="text" id="userNameID" name="userNameName" required>
<br />
<label>Password:</label>
<input type="password" id="passwordID" name="passwordName" required>
<br />
<input type="submit" id="submitLoginID" name="submitLoginName">
</form>
</body>
</html>
LOGINDATABASE.php:
This is the processing part where the mysql query will reference the record to be displayed on ADMINPAGE.php based on the username given on LOGINPAGE.php. I cannot figure out want went wrong in line 7 since I always get an error Notice: Undefined index: userNameName in /opt/lampp/htdocs/UsersDatabaseProgram/loginDatabase.php on line 7
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include('connect.php');
session_start();
$result = mysqli_query($con, "SELECT * FROM addUsers WHERE userName = '" . $_GET['userNameName'] . "'");
if ($_SERVER ["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userNameName'];
$password = $_POST['passwordName'];
/*
This doesnt work
$email = $row['email'];
$userlevel = $row['userLevel'];
*/
$sql = "SELECT * FROM addUsers WHERE userName = '".$userName."' AND password = '".$password."'";
$result = mysqli_query($con, $sql);
$row = mysqli_fetch_array($result);
$count = mysqli_num_rows($result);
if ($row["userLevel"] == "user") {
$_SESSION["userName"] = $userName;
header('location: userPage.php');
} elseif ($row["userLevel"] == "admin") {
$_SESSION["userName"] = $userName;
header('location: adminPage.php');
} else {
echo "<h1> Login failed. Invalid username or password.</h1>";
}
}
?>
ADMINPAGE.php:
This is where the name of the user, user level, and user status will be displayed.
<?php
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
include('connect.php');
include('loginDatabase.php');
?>
<html>
<head>
<style>
body {
text-align: center;
}
</style>
</head>
<body>
<h2>Admin</h2>
Log-out <br />
View records <br />
Add Record <br />
<label>Welcome</label><br />
<?php echo $_SESSION["userName"] ?>
<br />
<label>User level: </label>
<?php
while ($row = mysqli_fetch_array($result)) {
?>
<input type = "text" name = "userLevelName" value = " <?php echo $row['userLevel']; ?>"> <br />
<label>Email: </label>
<input type = "text" name = "userEmailName" value = " <?php echo $row['email']; ?>">
<?php
}
?>
<br />
</body>
</html>

You're sending the data as a POST then trying to access it as GET (then retrieving it again on line 11 !!).
Change it to something like this:-
if ($_SERVER ["REQUEST_METHOD"] == "POST") {
$userName = $_POST['userNameName'];
$password = $_POST['passwordName'];
}
$result = mysqli_query($con, "SELECT * FROM addUsers WHERE userName = '$userName'");

How to validate the login form with 3 filelds?

I am able to validate the login form with 2 fields such as username and password.But I need to add other field called customer id.this. I need to pass this customer id next php page . there I have to store this in a variable. I am able to do all this.
But my problem is I am not able to validate after adding customer field. Because here I am passing the customer id after he enters in the text box.
When I add 2 fields I am able to validate.
how to validate this.
My code is,
Login.php
<!DOCTYPE html>
<html>
<head background-color:blue>
<meta charset="utf-8">
<title>Login Form</title>
<link rel="stylesheet" href="css/style1.css">
<style>
p{
color:white;
font-size:26px;
font-weight: bold;
}
label{
color:black;
font-size:13px;
font-weight: bold;
}
h1{
font-weight: bold;
}
</style>
</head>
<body>
<section class="container">
<div class="login">
<h1><font color ="MAROON">Login to Merahkee Tech solutions</font></h1>
<form action = "site.php" method = "post">
<label> Username :</label><input type = "text" name = "username" class = "box"/><br /><br />
<label> Password :</label><input type = "password" name = "password" class = "box" /><br/><br />
<label> Custoner ID :</label><input type = "password" name = "custid" class = "box" /><br/><br />
<input type = "submit" value = "Login "/><br />
</form>
</div>
</body>
</section>
</html>
<?php
include("Config.php");
session_start();
if($_SERVER["REQUEST_METHOD"] == "POST") {
$username = mysqli_real_escape_string($db,$_POST['username']);
$password = mysqli_real_escape_string($db,$_POST['password']);
$sql = "select user_table.user_id,username,`password`,cust_id from user_table join customer_table on customer_table.user_id=user_table.user_id where username = '$username' and BINARY password = '$password';";
$result = mysqli_query($db,$sql);
if (!$result) {
printf("unable to connrct to database");
exit();
}
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$_SESSION['login_user'] = "";
//header("location:http://localhost/Dashboard/TreeStructure/fr1.php");
}
//username field empty
elseif($username==null){
$error="SELECT Message FROM error_message WHERE id=1";
$ren = mysqli_query($db,$error);
$row = mysqli_fetch_array($ren);
$to =$row['Message'];
echo '<script type="text/javascript">alert(" ' . $to . ' ");</script>';
}
//password field empty
elseif($password==null){
$error2="SELECT Message FROM error_message WHERE id=3";
$ren2 = mysqli_query($db,$error2);
$row2 = mysqli_fetch_array($ren2);
$to2 =$row2['Message'];
echo '<script type="text/javascript">alert(" ' . $to2 . ' ");</script>';
}
//SPACE WHILE ENTERING USERNAME
elseif(preg_match('/\s/', $username)){
$error1="SELECT Message FROM error_message WHERE id=2";
$ren1 = mysqli_query($db,$error1);
$row1 = mysqli_fetch_array($ren1);
$to1 =$row1['Message'];
echo '<script type="text/javascript">alert(" ' . $to1 . ' ");</script>';
}
//SPACE WHILE ENTERING PASSWORD
elseif($num!=0){
$error3="SELECT Message FROM error_message WHERE id=5;";
$ren3 = mysqli_query($db,$error3);
$row3 = mysqli_fetch_array($ren3);
$to3 =$row3['Message'];
echo '<script type="text/javascript">alert(" '. $to3 .' ");</script>';
}
elseif($num1!=0){
$error5="SELECT Message FROM error_message WHERE id=4;";
$ren5 = mysqli_query($db,$error5);
$row5 = mysqli_fetch_array($ren5);
$to5 =$row5['Message'];
echo '<script type="text/javascript">alert(" '. $to5 .' ");</script>';
}
//WRONG USERNAME AND PASSWORD
else{
$error4="SELECT Message FROM error_message WHERE id=6;";
$ren4 = mysqli_query($db,$error4);
$row4 = mysqli_fetch_array($ren4);
$to4 =$row4['Message'];
echo '<script type="text/javascript">alert(" ' . $to4 . ' ");</script>';
}
//space while entering username
}
?>
In site.php
<!DOCTYPE html>
<html>
<head>
<title>Merahkee Tech Solutions </title>
<link rel="stylesheet" href="php_checkbox.css" />
</head>
<body>
<div class="container">
<div class="main">
<h2> Select Project</h2>
<?php
$m=$_POST['custid'];
include("Config.php");
$cust_id ="select project_name from customer_access where customer_id=$m;";
$ren = mysqli_query($db,$cust_id );
while($row=mysqli_fetch_array($ren)){
echo'<form action="right.php" method="post">
<label class="heading">Select Your Project:</label><br>
<input type="checkbox" name="check_list[]" value='.$m.'><label>'.$row['project_name'].'</label><br>
<input type="submit" name="submit" Value="Submit"/>
</form>';
}
?>
</div>
</div>
</body>
</html>
In right.php
<?php
if(isset($_POST['submit'])){
if(!empty($_POST['check_list'])) {
// Counting number of checked checkboxes.
$checked_count = count($_POST['check_list']);
echo " $checked_count <br/>";
// Loop to store and display values of individual checked checkbox.
foreach($_POST['check_list'] as $selected) {
echo "<p>".$selected ."</p>";
}
}
else{
echo "<b>Select Atleast One Option.</b>";
}
}
?>
Can Anybody help me to solve this.
In login page I have tried this. But I did not get.
if($_SERVER["REQUEST_METHOD"] == "POST") {
$username = mysqli_real_escape_string($db,$_POST['username']);
$password = mysqli_real_escape_string($db,$_POST['password']);
$cust_id = mysqli_real_escape_string($db,$_POST['cust_id']);
$sql = "select user_table.user_id,username,`password`,cust_id from user_table join customer_table on customer_table.user_id=user_table.user_id where username = '$username' and BINARY password = '$password' and cust_is="$cust_id" ;";
$result = mysqli_query($db,$sql);
if (!$result) {
printf("unable to connrct to database");
exit();
}
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$count = mysqli_num_rows($result);
// If result matched $myusername and $mypassword, table row must be 1 row
if($count == 1) {
$_SESSION['login_user'] = "$cust_id";
header("location:http://localhost/Dashboard/TreeStructure/fr1.php");
}
I tried to print this, after login.It prints username and password but not cust_id.

It prints username and password but not cust_id
You are not running the code you have shown us.
The SQL statement has at least two fatal error.
select user_table.user_id,username,`password`,cust_id
from user_table
join customer_table
on customer_table.user_id=user_table.user_id
where username = '$username'
and BINARY password = '$password'
and cust_is="$cust_id" ;
You are using double quotes around $cust_id in the where clause - this should be single quotes. You are trying to match this value to an attribute named cust_is - don't you mean cust_id?
The code you have shown us will fail to match a login each time.
It also seems very strange to use a customer id as an authenticator/identifier when you already have the identifier (username) and authenticator (password) and can derive the vustomer id from the database at login.

Getting ID to edit record PHP + Oracle

I have php pages that let me view, add, delete records in database, but I can't make it work to edit record. I have problem to get id to edit_h.php. When i enter id number manually in ("UPDATE uzytkownik SET LOGIN = :login WHERE id = :id") it works fine. I am stuck with this problem for a bit now. Thanks for any help in advice.
Here's my code:
edit.php
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Edytowanie uzytkownikow</title>
</head>
<body>
<form action="edit_h.php" method="post">
Login:<br>
<input type="text" name="login">
<br>
<input type="submit" value="Edytuj">
</form>
</body>
</html>
edit_h.php
<?php
include_once "polacz.php";
$id = $_GET['id'];
$login = $_POST['login'];
$con = polacz();
$stid = oci_parse($con, "UPDATE uzytkownik SET LOGIN = :login WHERE id = :id");
oci_bind_by_name($stid,':login',$login);
oci_bind_by_name($stid,':id',$id);
if (oci_execute($stid))
{
header("Location: view.php");
}
else
{
echo "blad";
}
view.php
<?php
include_once "polacz.php";
session_start();
if (!isset($_SESSION['id']))
{
header("Location: login.php");
die();
}
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Logowanie</title>
<style>
table {
border-collapse: collapse;
width: 100%;
}
th, td {
text-align: left;
padding: 8px;
}
tr:nth-child(even){background-color: #f2f2f2}
th {
background-color: #af504c;
color: white;
}
</style>
</head>
<body>
<?php
echo "Witaj ".$_SESSION['login'];
echo '<br>WYLOGUJ SIĘ<br>';
$con = polacz();
if (isset($_GET['sort']))
{
$sort = (int)$_GET['sort'];
if ($sort == 1)
{
$sort = 2;
}
else
{
$sort = 1;
}
}
else
{
$sort = 1;
}
$dbsort =array(1=>'ASC',2=>'DESC');
$stid = oci_parse($con,"SELECT id, login FROM uzytkownik ORDER BY login ".$dbsort[$sort]);
oci_execute($stid);
echo "<table>";
echo "<tr><th>ID</th><th><a href=\"view.php?sort=$sort\">Login<th>Usun</th><th>Edytuj</th>
</th></tr>";
while (($row = oci_fetch_array($stid, OCI_ASSOC)) != false)
{
$id = $row['ID'];
$login = $row['LOGIN'];
echo "<tr><td>$id</a></td><td>$login</td>
<td>Usun
<td>Edytuj</tr>";
}
echo "</table>";
echo '<br>Dodaj uzytkownika<br>';
?>
</body>
</html>

Two possibilities here:
You have id stored in session already, so you could just get it from there:
// in edit_h.php - make sure you start session before!
$id = $_SESSION['id'];
Or you pass it along the various scripts:
// edit.php
<form action="edit_h.php" method="post">
Login:<br>
<input type="text" name="login">
<br>
<input type="submit" value="Edytuj">
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>">
</form>
// edit_h.php
$id = $_POST['id']; // note, that this is stored in POST now!
Note, that it's not such a good idea to pass a plain id through scripts, as it could easily be hacked. So option 1 would be the better one (depending on how you get the id in first place)!

PHP profile update page MySql Error

Can anyone see the error in this code as the code is only giving me back :
the name does not exist
It was all working fine now it does not.
If anyone can spot it please and correct me as I am still new to this.
<?php
// see if the form has been completed
include_once("php_includes/check_login_status.php");
include_once("php_includes/db_conx.php");
// Initialize any variables that the page might echo
$username = "";
$firstname = "";
$surname = "";
$gender = "Male";
$country = "";
$weight = "";
$height = "";
if(isset($_GET["u"])){
$username = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
}
$sql = "SELECT * FROM users WHERE username='$username' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// check if the user exists in the database
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$username = $row ["username"];
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
$email = $row["email"];
$gender = $row ["gender"];
}
if (isset($_POST['submit'])){
$username = $_POST['username'];
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$email = $_POST['email'];
$gender = $_POST['gender'];
mysql_connect ("host","****","*****"); mysql_select_db('db_k1003140');
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $username . "'") or die ("query cant connect");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE users SET firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$username'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not exist";
}
?>
Here is the HTML :
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Profile Update: <?php echo $u; ?></title>
<link rel="icon" href="favicon.ico" type="image/x-icon">
<link rel="stylesheet" type="text/css" href="style.css">
<script src="js/main.js"></script>
<script src="js/javascript.js"></script>
<script src="js/ajax.js"></script>
<style type="text/css">
#updateform{
margin-top:24px;
}
#updateform > div {
margin-top: 12px;
}
#updateform > input {
width: 200px;
padding: 3px;
background: #F3F9DD;
}
</style>
</head>
<body>
<?php include_once("template_pageTop.php"); ?>
<div id="pageMiddle">
<div id="usernamecss"> Username: <?php echo $username; ?></div>
<form action="update.php" method="POST" id="updateform">
<div>
<div>First Name: </div>
<input id="firstname" type="text" name="firstname" value="<?php echo $firstname?>" maxlength="16">
<div>Surname: </div>
<input id="surname" type="text" name="surname" value="<?php echo $surname?>" maxlength="16">
<div>Weight: </div>
<input id="weight" type="text" name="weight" value="<?php echo $weight?>" >
<div>Height: </div>
<input id="height" type="text" name="height" value="<?php echo $height?>" >
<p> <input type="submit" name="submit" id="submit" value="Update Description"></p>
Go to Profile
</div>
</form>
</div>
<?php include_once("template_pageBottom.php"); ?>
</body>
</html>

Just a guess you comparing username field with firstname,
SELECT * FROM users WHERE firstname='" . $username . "'";
While it needs to be,
SELECT * FROM users WHERE username='" . $username . "'";
Note: Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.

How to insert multiple ID's in one linked table?

I want to insert de EmployeeID and the KnowledgeID in Knowledgedetail. He creates the employee but does nothing in the Knowledgedetail. I'm there now no code, I have tried so many things but i have no idea.
As first in Addprofile.php you make the profile and at least you choose yoour knowledge.
My question is if a make a profile and choose the knowledge how get i de ID's in knowledgedetail.
Table 1
Employees: EmployeeID, Name, Establishment, E-Mail, Phonenumber, Photo, Description
Table 2
Knowledge: KnowledgeID, Knowledge
Table 3
Knowledgedetail: KnowledgedetailID, EmployeeID KnowledgeID
EmployeeID out Employees have a relation with EmployeeID out Knowledgedetail and
KnowledgeID out Knowledge have a relation with KnowledgeID out Knowledegedetail
Addprofile.php
<?php
include("connection.php");
?>
<!DOCTYPE html>
<html>
<head>
<title>Information System</title>
<link rel="stylesheet" type="text/css" href="css/test.css">
<meta charset ="utf-8">
<link rel='stylesheet' href='http://ajax.googleapis.com/ajax/libs/jqueryui/1.8/themes/smoothness/jquery-ui.css' type='text/css' media='screen' />
<link rel='stylesheet' href='css/ui.multiselect.css' type='text/css' media='screen' />
<script src="../Informatiesysteem/js/jquery.min.js"></script>
<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js'></script>
<script type='text/javascript' src='https://ajax.googleapis.com/ajax/libs/jqueryui/1.8.16/jquery-ui.min.js'></script>
<script type='text/javascript' src='../Informatiesysteem/js/ui.multiselect.js'></script>
<script type='text/javascript'>
jQuery(document).ready(function() {
jQuery("#selectitems").multiselect();
});
</script>
</head>
<body>
<div id="container">
<div id="logo"></div>
<div id="header">
<h1>Add Profile</h1>
</div>
<div id="menu">
</div>
<div id="content">
<?php
$result = mysql_query("select knowledgeid, knowledge from knowledge");
$items = array();
$selected = array();
while ($row = mysql_fetch_array($result)){
$id [] = $row [ 'knowlegdeid' ];
$items[] = $row[ 'knowledge' ];
}
//form processing
if (isset($_POST['selectitems'])) {
$selected = $_POST['selectitems'];
}
if (!empty($selected)) : print_r($selected); endif;
?>
<form enctype="multipart/form-data" id="my form" method="post" action="Addedprofile.php">
Name: <input type="text" name="name" /></br>
Establishment: <input type="text" name="establishment"/></br>
E-Mail: <input type="email" name="email"/></br>
Phonenumber: <input type="tel" name="phonenumber"/></br>
Photo: <input type="file" name="photo"/></br>
Description: <textarea rows="4" cols="50" name="description"></textarea></br>
Knowledge: <select name="selectitems[]" id="selectitems" multiple="multiple" style="width: 450px; height: 180px;">
<?php //first we add the list of selected items if any
foreach ($selected as $sel) { ?>
<option value="<?php echo $sel; ?>" selected="selected"><?php echo $id[$sel]; $items[$sel];?></option>
<?php } ?>
<?php foreach ($items as $i => $v) { //then insert all items, skipping those who were added above
if (in_array($d, $i, $selected)) : continue; endif; //skip ?>
<option value="<?php echo $d, $i; ?>"><?php echo $v; ?></option>
<?php } ?>
</select>
</br></br></br></br>
<input type="submit" name="add_profile" value="Add profile" />
</form>
</div>
</body>
</html>
Addedprofile.php
<!DOCTYPE html>
<html>
<meta http-equiv="refresh" content=";URL=Addprofile.php" />
</html>
<?php
include ("connection.php");
$Name = $_POST['name'];
$Establishment = $_POST['establishment'];
$Email = $_POST['email'];
$Phonenumber = $_POST['phonenumber'];
$Photo = $_POST['photo'];
$Description = $_POST['description'];
$sql = "INSERT INTO employees
(
name,
establishment,
email,
phonenumber,
photo,
description
)
VALUES ('". $Name ."', '". $Establishment ."', '". $Email ."', '". $Phonenumber ."', '". $Photo ."', '". $Description ."')";
$sqldetail = "INSERT INTO knowledgedetail
(
employeeid,
knowledgeid
)
VALUES .......................";
$add = mysql_query($sql);
if ($add === false){
echo 'Profile is not created';
}
else {
echo "Profile created";
}
echo '</br>';
$knowledge = mysql_query($sqldetail);
if ($add === false){
echo 'Knowledge is not added';
}
else {
echo "Knowledge added";
}
echo '</br>';
?>

Here's one thing that's wrong with your code:
$knowledge = mysql_query($sqldetail);
if ($add === false){
echo 'Knowledge is not added';
}
else {
echo "Knowledge added";
}
In the if statement, you should compare $knowledge and not $add. So, it should be:
$knowledge = mysql_query($sqldetail);
if ($knowledge === false){
echo 'Knowledge is not added';
}
else {
echo "Knowledge added";
}
Also, add a call to mysql_error() every time mysql_query() fails:
echo "MySQL ERROR: SQL = $sql -- Error=".mysql_error()";

Categories