php and mysql anomaly - php

I have a php page which is showing data in a HTML table taken from a MySQL database. Part of the table has a submit button for people to click to like a row. When clicked it runs a form which reloads the page and attempts to process the new inputs. In the example below all the inputs "submit", "timestamp" and "timestamp2" are set after the button is clicked. In the example the query $jpgh1 works and immediately reloads the row with the updated ticks count. If I use $jpgh2 the page reloads but is not updated. I have tried encasing $rt1 and $rt2 in quotes but that doesn't work. The reason I have the $admin bit is because this is being tested on a live system and I don't want the other users to see the testing. Currently the two values for timestamp and timestamp2 are being shown in the fields on the selected row and they match the values which work in $jpgh1.
if(isset($_POST['submit'])) {
If((isset($_POST['timestamp'])) and (isset($_POST['timestamp2']))) {
$rt1 = $_POST['timestamp'];
$rt2 = $_POST['timestamp2'];
$jpgh1 = mysql_query('update topics set ticks=1 where timestamp=1486723327 and timestamp2=1487081058');
$jpgh2 = mysql_query('update topics set ticks=3 where timestamp=$rt1 and timestamp2=$rt2');
}
}
<?php if($_SESSION['username'] == $admin) {
$t1 = $dnn2['timestamp'];
$t2 = $dnn2['timestamp2'];
?>
<form action='' method='POST'>
<input type='text' id='timestamp' name='timestamp' value='<?php echo $t1; ?>'/><br/>
<input type='text' id='timestamp2' name='timestamp2' value='<?php echo $t2; ?>'/><br/>
<input type='submit' name='submit' value='Tick'/></form>
<?php
}
?>
Needless to say after I posted I found the answer.
if(isset($_POST['submit'])){
If((isset($_POST['timestamp'])) and (isset($_POST['timestamp2'])))
{
$rt1 = $_POST['timestamp'];
$rt2 = $_POST['timestamp2'];
$rt3 = "update topics set ticks=1 where timestamp=$rt1 and timestamp2=$rt2";
$jpgh3 = mysql_query($rt3);
}
}

Related

PHP select results from database, check them, make an update and print them

I make you a semplified example of my problem and then try to explain it:
<?php
$connect = mysqli_connect($link, $user, $pw, $db);
$informations = mysqli_fetch_array(mysqli_query($connect, "SELECT * FROM table WHERE id = '$id' "));
if($_POST['submit']){
if($informations['show'] == 'true'){
if($informations['changes'] <= '100'){
$value = mysqli_real_escape_string($connect, $_POST['value']);
mysqli_query($connect, "UPDATE table SET changes=changes+1, value='$value' WHERE id = '$id'");
}else{
echo "You made too much changes.";
}
}else{
echo "You cannot change this.";
}
}
if($informations['show'] == 'true'){
echo "<form action='' method='post'>";
echo "<input type='text' name='value' /><input type='submit' name='submit' value='Update' />";
echo "</form>";
}
echo "<br/>You currently have made ".$informations['changes']." changes";
?>
So, looking at this code I can see this:
I enter my page and have a text input near a submit button
Under this i have written "You currently have made 0 changes."
If I press the submit button my page refresh and I can see:
A text input near a submit button
Under this i have written "You currently have made 0 changes."
If i refresh the page this time I can see:
A text input near a submit button
Under this i have writte "You currently have made 1 changes."
So what i wanna ask you is:
Is there any way to perform the update and directly see the changes on the page after the normal form refresh?
I cannot put the "update query" above the "select query" because before make the update i need to check the values of the user....
I know I may use AJAX but it's seems weird that php cannot do that without AJAX, and that takes more time...
Any help will be appreciated, thank you!

The reason is not linked to using Ajax or not. You are increasing the changes value in the database but not in your PHP variable.
So just before this line:
mysqli_query($connect, "UPDATE table SET changes=changes+1, value='$value' WHERE id = '$id'");
add the following:
$informations['changes']++;
Remarks
Although you have escaped quotes in $value to avoid SQL injection, it is better to prepare your statements instead of concatenating values into it.
The field changes is numerical so this comparison is wrong:
if($informations['changes'] <= '100'){
It should be without quotes:
if($informations['changes'] <= 100){
Change the message "too much changes" to "too many changes", because changes is a plural.

PHP code not updating SQL database although print_r suggests correct input

First of all this is my first question on here, and altohugh I have searched the site none of the answers I've seen resolve my current problem.
I am a PHP novice and am currently working on an end project for a course. The object is to make a rudimentary blog where users can post, delete and edit their news, admins can edit or delete everything etc. I am mostly doing fine, but am having a bit of trouble with the editing feature.
The following code displays all blog posts, their authors and dates of posting. If the currently logged in person is the author of a post or a admin, they have the option of deleting or editing each individual post. A small form appears that contains the title and post text. When the user types something else in clicking on the edit button should change the values in the database to the new values the user specified. The problem is that whenever i click on the edit button in the current setup, nothing happens. If i move the if statement outside of the other if statement, the posts do update, but become blank in the database.
Running print_r($_POST) after the fact shows that the array it builds has correct names and updated values, but still they aren't updated in the database. Here is the code, the pertinent part starts at the last if statement( I know, it isn't injection proof, will get to that as soon as it works):
$query = "SELECT id, title, body, pub_date, user_id FROM posts ORDER BY id desc";
$query_fetch = mysql_query($query);
while ($blog_post = mysql_fetch_assoc($query_fetch)) {
$author_id = $blog_post["user_id"];
$post_id = $blog_post["id"];
$post_id2 = $blog_post["id"] . 2;
$title = $blog_post['title'];
$body = $blog_post['body'];
$query = "SELECT username FROM users WHERE id = '$author_id'";
$query_run = mysql_query($query);
$author = mysql_fetch_assoc($query_run);
echo "<h2>" . censor($blog_post["title"]) . "</h2>" . "<br> <p> Autor: " . $author["username"] . "</p><br><p>Objavljeno: " . $blog_post["pub_date"];
if ($_SESSION['admin'] == 1 or $_SESSION['username'] == $author["username"]) {
echo "<form action='' method='POST'><input type='submit' name= '$post_id' value= 'Obriši objavu'></form>";
echo "<form action='' method='POST'><input type='submit' name= '$post_id2' value= 'Uredi objavu'></form>";
}
echo "<p>" . censor($blog_post["body"]) . "</p>";
if (isset($_POST["$post_id"])) {
$del_post = "DELETE FROM posts WHERE id = '$post_id'";
mysql_query($del_post);
}
if (isset($_POST["$post_id2"])) {
echo "<form action='' method= 'POST'>New title<input type='text' value = '$title' name='title'>New text<textarea name='body' id='' cols='30' rows='10'>$body</textarea><input type='submit' name='edit' value='edit'></form>";
if (isset($_POST['edit'])) {
$edit_title = $_POST['title'];
$edit_body = $_POST['body'];
$query = "UPDATE posts SET title= '$edit_title', body= '$edit_body' WHERE id= '$post_id'";
mysql_query($query);
}
}
}
Any help would be appreciated.

This last piece of code
if (isset($_POST["$post_id2"])) {
echo "<form action='' method= 'POST'>New title<input type='text' value = '$title' name='title'>New text<textarea name='body' id='' cols='30' rows='10'>$body</textarea><input type='submit' name='edit' value='edit'></form>";
if (isset($_POST['edit'])) {
$edit_title = $_POST['title'];
$edit_body = $_POST['body'];
$query = "UPDATE posts SET title= '$edit_title', body= '$edit_body' WHERE id= '$post_id'";
mysql_query($query);
}
}
gets activated when post_id2 is sent, but generates a form where post_id2 is not contained anymore. So when you submit that form, the IF is not entered.
You can modify it like this:
if (isset($_POST["$post_id2"])) {
echo "<form action='' method= 'POST'>New title<input type='text' value = '$title' name='title'>New text<textarea name='body' id='' cols='30' rows='10'>$body</textarea><input type='submit' name='edit' value='edit'></form>";
}
if (isset($_POST['edit'])) {
$edit_title = $_POST['title'];
$edit_body = $_POST['body'];
$query = "UPDATE posts SET title= '$edit_title', body= '$edit_body' WHERE id= '$post_id'";
mysql_query($query);
}
In general I think you would find it easier to use forms differently, specifically by using some sort of action tag:
input type="hidden" name="command" value="edit"
input type="hidden" name="post" value="{$post_id}"
This way you could run one single query immediately, without the need for browsing all the posts in a cycle.
One other useful possibility is to split your code between different PHP files, and keeping common code in one include:
<?php // this is delete.php
include "common.php";
$post_id = my_get_var('post_id');
my_sql_command("DELETE FROM posts WHERE...");
used from
<form action="delete.php" method="post" ...>
As you can see this allows for different ways of retrieving post_id (centrally defined in a single function my_get_var in common.php) and the central definition of SQL functions. How this function interfaces to MySQL can then be updated, specifically passing from mysql_ functions (which are deprecated, and soon will no longer be available) to e.g. PDO.
It also allows you to test a single command independently, by directly entering delete.php in the browser (you need for my_get_var to accept both POST and GET variables to do this).
Details
You want to inspect and/or modify a collection of posts. You then require initially at least the following operations: list, edit, and delete.
Only the first works against all posts.
So you could have a list.php file running the SELECT. Also, it is only in this SELECT that you need information about the user, so your query could become:
$query = "SELECT posts.id, title, body, pub_date, user_id, username FROM posts JOIN users ON (posts.user_id = users.id) ORDER BY posts.id desc";
In the display cycle we would display this information:
$query_fetch = mysql_query($query);
// This file will receive requests to edit or delete
// We can use a single form.
echo '<form action="manage.php">';
while ($post = mysql_fetch_assoc($query_fetch)) {
echo "<h2>" . censor($post["title"]) . "</h2>" . "<br> <p> Autor: " . $post["username"] . "</p><br><p>Objavljeno: " . $post["pub_date"];
if ((1 == $_SESSION['admin']) or ($_SESSION['username'] == $post["username"]) {
echo "<input type=\"submit\" name=\"Obriši objavu\" value=\"{$post['id']}\" />";
echo "<input type=\"submit\" name=\"Uredi objavu\" value=\"{$post['id']}\" />";
}
echo "<p>" . censor($blog_post["body"]) . "</p>";
}
echo "</form>";
This way you need only one form, and it will submit one field with a name describing the action to be taken, and the post on which to do it.
The file manage.php will then receive this information -- and can also be used to update it:
foreach(array(
"delete" => "Obriši objavu", // from list.php
"edit" => "Uredi objavu", // " "
"update" => "update" // from this file itself (see below)
)
as $test_todo => $var) {
if (array_key_exists($var, $_POST)) {
$id = $_POST[$var];
$todo = $test_todo;
}
}
if (isset($id)) {
switch($todo) {
case "delete":
mysql_query("DELETE FROM posts WHERE id = '{$id}'");
break;
case "edit":
// Get this post.
$query = "SELECT posts.id, title, body, pub_date, user_id, username FROM posts JOIN users ON (posts.user_id = users.id) WHERE posts.id = '{$id}';";
echo '<form action="manage.php" method= "POST">';
// This is how we tell this file what to do, and to what.
echo "<input type=\"hidden\" name=\"update\" value=\"{$id}\">";
// run query, fetch the one record, display info...
echo "</form>";
break;
case "update":
// Build the update query from $_POST.
mysql_query("UPDATE posts SET ...");
}

At first check that your query is correct. Then try to hard-code your query. Also test your query in phpMyAdmin Also you can try to remove the '' from your number variables on every query.
Please, can you give us your error?
There is a possibility also that your database has already been updated. So double check it.

This is how I usually debug. echo the query. Run it in PHPmyadmin, and see the error.
so, in your case.
echo "UPDATE posts SET title= '$edit_title', body= '$edit_body' WHERE id= '$post_id'";
echo that and you will have the query that the script will be trying to run.
Try running it in phpmyadmin and check what the error is.

Can't insert using php/sql? Basic query

I have a site where an admin can enter exam marks for papers which are part of an exam.
I am on the final part of actually giving a user their mark. But I just can't seem to do it.
So far what I have done is:
Allow the admin to view all of the exams, click on a specific exam and view the papers for that exam, then click on a paper and view all of the people who took that paper.
Then, click on a user and enter their marks and feedback. This is the part which I cannot do. I have pasted my code below along with what I am trying to do but it just is not working, any help would be great!
So, along with their mark and feedback I am also inserting into the marks table the, paperID and the examID.
CODE:
<?php
$epsID = $_GET['epsID'];
$sql = "SELECT * FROM ExamPaperStudent WHERE epsID = '$epsID'";
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result))
{
$epID = $row ['epID'];
$sID = $row ['sID'];
echo "<p><form>";
echo "<b>Mark: <input type=text name=mark></b><br>";
echo "<b>Feedback: <input type=text name=feedback></b><br>";
echo $epID;
echo $sID;
echo "</form>";
echo "<a href='insertmark.php?epsID=". $row['epsID']."'>Add Data</a>";
}
?>
INSERTMARK.php code: (At this form I already know the exam/paper ID, which I also am trying to insert (along with marks/feedback).
CODE:
$mark = $_POST["mark"];
$feedback = $_POST["feedback"];
if(isset($_REQUEST['submit']))
{
$sql = mysql_query("insert INTO exammarks (mark, feedback, epID, atID) values ('$mark', '$feedback', '$epID', '$sID')");
$result = mysql_query($result);
}
epsID = exampaperstudent
epID = exampaper
sID = student

your form is wrong .
change this
echo "<p><form>";
to
echo "<p><form action='INSERTMARK.php' method='POST' name='myform'>";
OMG everything is wrong inside your inputs. i just give one and you correct the others
echo "<b>Mark: <input type='text' name='mark'></b><br>";
^----^------^----^---//use single quotes around here
didnt you miss submit button ?

Issue with getting values of checkboxes checked in HTML form in PHP

I have a HTML form that I build using php like this:
<div class="modal-body">
<?php
$getW = "SELECT personID, firstName, lastName FROM person";
$wResult = mysql_query($getW, $database);
print("<form action='actions/editPeopleTask.php'><pre>");
while ($row = mysql_fetch_row($wResult))
{
$personID = $row[0];
$personName = $row[1] . " " . $row[2];
$assignedQ = "SELECT * FROM table WHERE personID = '$personID'";
if (mysql_num_rows(mysql_query($assignedQ, $database)) > 0)
{
print("<input type='checkbox' checked='checked' name='person[]' value=$personID /> $personName<br/><br/>");
}
else
print("<input type='checkbox' name='person[]' id='person' value=$personID /> $personName<br/><br/>");
}
print("<input type='submit'/ name='submit' value='submit'></br></pre></form>")
?>
</div>
There is a loop that runs through this each time to add these inputs to my form. The $personID is the id of the current person that I got from my database and $personName is the name of the person. The line at the top:
if (mysql_num_rows(mysql_query($assignedQ, $database)) > 0)
is just to check if the person already existed in another table, so I can determine if their checkbox should be checked already or not.
The form works as it should, but then (when I submit) I go to another php file and try to get the results like so:
$personList = $_POST['person'];
echo count($personList);
But there is never anything in the list, no matter how many checkboxes I check.
From all the stuff online that I have seen, this should work, but it doesn't.

Update a field in mysql table on click

I have a binary field in a mysql database that gets updated by a button on an html form.
So, I click the button for every row and it changes the mysql value for each of the rows…
The problem is that it has a delay, when I click on one button of a certain row it only gets updated when I click on the next. But if I click on that button and refresh the page it gets changed.
I've look into ways of updating the page, but I just can't get it to work...
<form action='index.php' method='POST'>
<input type=hidden name='keyword2' value='$keyword'>
<input type='submit' value = 'SELECT' >
</form>";
<?php
j($_POST['keyword2']);
function j($q){
$n = "SELECT `CÔR` FROM `keywords` WHERE `keyword`='$q'";
$b = mysql_query ($n);
$row = mysql_fetch_array($b);
echo $row['CÔR'];
$t = $row['CÔR'];
if ($t == 1) {
$m = "UPDATE `keywords` SET `CÔR`=0 WHERE `keyword`='$q'";
mysql_query ($m);
}
if ($t == 0) {
$l = "UPDATE `keywords` SET `CÔR`=1 WHERE `keyword`='$q'";
mysql_query ($l);
}

Categories