I'm creating a CRUD system and on my edit page, its retrieving the data but the records are cut off after the first space.
For example, if the database record says Stack Overflow within the company column and i use the code below, i only get the word Stack instead of Stack Overflow.
<?php
include_once("connection.php");
$id = $_GET['id'];
$result = mysqli_query($mysqli, "SELECT * FROM leads WHERE id=$id");
while ($res = mysqli_fetch_array($result)) {
$company = $res['company'];
}
?>
<input type="text" class="form-control" id="company" name="company" placeholder="Company" required value=<?php echo $company;?>>
Why is it just pulling the first word?
You are missing the quotes in your html code:
Wrong
value=<?php echo $company;?>>
Correct
value="<?php echo $company;?>">
Also, if you want to avoid any issues with company names that contain " you should probably escape double quotes using htmlentities.
<input type="text" class="form-control" id="company" name="company" placeholder="Company" required value="<?php echo htmlentities($company, ENT_COMPAT); ?>">
Related
I need help getting the last row of a table into a html input tag.
I think an example will help you better understand my question, so here:
<input value=<?php $conn->query("SELECT id FROM members ORDER BY id DESC LIMIT 1"); ?> , disabled type="text" name="username" id="username" maxlength="10" required>
I need to put inside the value of the input box, the last id in my "members" table.
thanks!
Try to clean a bit your code and split it off in two pieces so you can understand that easier if you come back to your code in the future. Something like that:
<?php
$sql = "SELECT id FROM members ORDER BY id DESC LIMIT 1";
$result = $conn->query($sql);
$userID = "";
if($result->num_rows > 0){
$row = $result->fetch_assoc();
$userID = $row["id"];
}
?>
<input value="<?php echo $userID; ?>" disabled type="text" name="username" id="username" maxlength="10" required>
If you have just inserted that row you probably want to use mysqli_insert_id() instead. I suggest you to read more about that.
Anyway, print a user id is never a good idea. Please try to not do that, its a very bad practice.
I'm having a problem to pass the value of an associative array position for the value field on a form.
$sql = mysqli_query(
$conn,
"SELECT veiculos_codvei,
revisao.ordemServico,
descricao,
qtd,
precoUnt,
precoTotal
FROM revisao
INNER JOIN itensRevisao ON revisao.ordemServico = itensRevisao.ordemServico
WHERE codRevisao='{$codRevisao}'
");
$array = array();
// retorna consulta sql num array associativo
while ($row = mysqli_fetch_assoc($sql)) {
$array[] = $row;
}
print_r($array[0]['descricao'])
}
return "Óleo 15W40"
then I pass it to input form like this
<input type="text" class="form-control" name="descricao[]" id="descricao" placeholder="Pastilha do Freio" <?php if (isset($array[0]['descricao']) and ! empty($array[0]['descricao'])) echo "value=".$array[0]['descricao']."";?>>
but the value of input is just "Óleo", from google chrome console I can see its the right value but seems to be a concatenation problem.
<input type="text" class="form-control" name="descricao[]" id="descricao" placeholder="Pastilha do Freio" value="Óleo" 15w40="">
you do not have quotes around the value attribute (i.e you have value=Óleo 15W40 instead of value="Óleo 15W40"), the quotes you see are automaticaly added by the browser to fix the broken XML, use the following:
<input
type="text"
class="form-control"
name="descricao[]"
id="descricao"
placeholder="Pastilha do Freio"
<?php if (isset($array[0]['descricao']) and !empty($array[0]['descricao'])) echo "value=\"".$array[0]['descricao']."\"";?>
>
I figured out, I copied this input from another part of the project and I believe there were a reason to put the value tag inside of IF, although this may be wrong anyway.
Putting value outside the IF resolves the problem.
<input type="text" class="form-control" name="descricao[]" id="descricao" placeholder="Pastilha do Freio" value="<?php if (isset($array[0]['descricao']) and ! empty($array[0]['descricao'])) echo $array[0]['descricao'];?>">
This question already has an answer here:
Syntax error due to using a reserved word as a table or column name in MySQL
(1 answer)
Closed 2 years ago.
I have encountered an issue with updated my MySQL data which includes HTML data, I continuously fixed errors; however, once one error is fixed it gives another. The current error is as follows:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'desc='Live updates to certain games will also be posted on this website througho' at line 1
I have been scavenging on Stack Overflow for nearly 3 days without any definitive answers. So I am hoping someone can find this!
Here is my PHP form code:
if (isset($_POST['submit'])) {
$WName = mysql_prep($_POST['wname']);
$SName = mysql_prep($_POST['sname']);
$Desc = mysql_prep($_POST['desc']);
$LogoURL = mysql_prep($_POST['logourl']);
$aboutPage = mysql_prep($_POST['aboutpage']);
$query = "UPDATE settings SET name='$WName',subName='$SName',desc='$Desc',logoUrl='$LogoURL',about='$aboutPage'";
// $query = mysql_prep($query);
mysql_query($query) or die(mysql_error());
header("Location: settings.php?=success");
}
The function mysql_prep() can be found on the internet, namely here: https://gist.github.com/ZachMoreno/1504031
Here is the HTML form:
<form role="form" action="" method="post">
<!-- text input -->
<div class="form-group">
<label>Website Name</label>
<input type="text" name="wname" class="form-control" placeholder="
<?php echo $row['name']; ?>" value="
<?php echo $row['name']; ?>" />
</div>
<div class="form-group">
<label>Sub Name</label>
<input type="text" name="sname" class="form-control" placeholder="
<?php echo $row['subName']; ?>" value="
<?php echo $row['subName']; ?>" />
</div>
<div class="form-group">
<label>Description</label>
<textarea name="desc" class="form-control" rows="3" placeholder="
<?php echo $row['desc']; ?>" >
<?php echo $row['desc']; ?>
</textarea>
</div>
<div class="form-group">
<label>Logo URL</label>
<input type="text" name="logourl" class="form-control" placeholder="
<?php echo $row['logoUrl']; ?>" value="
<?php echo $row['logoUrl']; ?>" />
</div>
<div class="form-group">
<label>About Page</label>
<textarea class="form-control" name="aboutpage" rows="6" placeholder="
<?php echo $row['about']; ?>">
<?php echo $row['about']; ?>
</textarea>
</div>
<div class="box-footer">
<input type="submit" name="submit" class="btn btn-primary" value="Submit" style="margin-left:-10px;" />
</div>
</form>
Thanks very much for any assistance that you can provide, I hope this can be figured out and I aim to use this to assist future visitors who encounter the same/similar issues.
Can't believe I didn't see this earlier; the issue I had with MySQL was that the database had the column name 'desc' which I originally had the idea that it meant 'description' but in fact it was conflicting with the keyword 'descending'. This gave the syntax error.
Here is what I found on the MySQL documentation; 9.3 Keywords and Reserved Words
:
Keywords are words that have significance in SQL. Certain keywords, such as SELECT, DELETE, or BIGINT, are reserved and require special treatment for use as identifiers such as table and column names. This may also be true for the names of built-in functions.
On that web link above you can see a list of keywords/reserved words that shouldn't be used or should include back slashes (which I won't go into).
My solution? Don't use reserved words as identifiers!
The easiest solution that you can do is to simply avoid using these words. I prevented using the reserved word 'desc' by changing the identifier to 'description'.
Thanks for all your help! Hope this assists people in the future.
The string returned from your mysql_prep() function has escaped single quotes.
So.. ..you can't use these as delimiters in your query string. Change them to double quotes.
$query = "UPDATE settings SET name = \"$WName\",
subName = \"$SName\",
desc = \"$Desc\",
logoUrl = \"$LogoURL\",
about = \"$aboutPage\" ";
Can you try a $testQuery with just text..
$testQuery = "UPDATE settings SET name = \"ABC\",
subName = \"DEF\",
desc = \"GHI\",
logoUrl = \"JKL\",
about = \"MNO\" ";
Also, you are missing a WHERE clause, or is there only 1 row?
I am trying to retrieve a value from database and put it in a textbox.
I tried:
<input type="text" name="Balance" value="<?php $Balance= $_GET["Balance"]; ?>" readonly = "true" />
and:
<input type="text" name="Balance" value="<?php echo $Balance; ?>" readonly = "true" />
But I am getting an error saying that Balance is undefined.
The php script is located in another page (connect.php) and I already put the
<form method="post" action="connect.php" >
What else should I do?
TIA
First of all your form method is POST, so:
... $Balance= $_POST["Balance"]; ...
I think you dont know anything about what you are currently doing.
$_GET is not used to fetch something from a Database, it is used to pass and fetch parameters via URL. For accessing a Database, you need mysqli or PDO. Look for some tutorials.
Example for the code you need:
$sql = "SELECT balance FROM mytable";
$result = $db->Execute($sql);
echo "<input type='text' name='Balance' value='" . $result . "' readonly/>"
Just for you to get an idea:
mysql_connect('127.0.0.1', 'root', '')
and mysql_select_db('accounting')
and ($res = mysql_query("SELECT `id`,`balance` FROM `accounts`"))
and ($row = mysql_fetch_object($res));
HTML:
<input type="text" name="Balance" value="<?= $row->balance ?>" >
It won't work on your computer, because I don't know the tables you're using and other things I need to know, and anyway, do a search, this topic probably has been covered a million times in the last 10-15 years since PHP exists, long before Stack Overflow existed.
PS: That's one of the oldest ways of doing it. There are other ways, like PDO, but I use the "old" way and am happy with it.
I have a form with the following structure:
<input type="text" name="projNo[1]" id="projNo[1]" value="<?php echo $row['ProjNo'
[1];>"
/>
<input type="text" name="projBudget[1]" id="projBudget[1]" value="<?php echo
$row['ProjBudget'][1]; ?>" />
<input type="text" name="projDateFrom[1]" id="projDateFrom[1]" value="<?php echo
$row['ProjDateFrom'][1]; ?>" />
<input type="text" name="projDateTo[1]" id="projDateTo[1]" value="<?php echo
$row['ProjDateTo'][1]; ?>" />
<input type="text" name="projNo[2]" id="projNo[2]" value="<?php echo $row['ProjNo'
[2];>"
/>
<input type="text" name="projBudget[2]" id="projBudget[2]" value="<?php echo
$row['ProjBudget'][2]; ?>" />
<input type="text" name="projDateFrom[2]" id="projDateFrom[2]" value="<?php echo
$row['ProjDateFrom'][2]; ?>" />
<input type="text" name="projDateTo[2]" id="projDateTo[2]" value="<?php echo
$row['ProjDateTo'][2]; ?>" />
There are two more groups like this with indexes 3 and 4. Upon submit, four separate records must be created in the DB if the user has filled in all four lines. My question is twofold: How would I structure my query to accomplish this? And: Have I set up my code correctly? When the form is loaded, I would like the correct output to be displayed. I've never been confronted with a request like this before, so I'm flying a bit blind.
Use PDO and prepared statements. Prepare a statement like this:
$s = $db->prepare('INSERT INTO PROJECT (no, budget, from, to) VALUES (?,?,?,?)')
Execute the statement for each set like this:
for ($i = 1; $i<=4; $i++) {
$s->execute(array($projNo[$i], $projBudget[$i], $projDateFrom[$i], $projDateTo[$i]));
}
(You need to add error checking and validation. This includes something that loads the stuff from $_POST to the arrays I used in the above example.)
Currently, you have a XSS security issue in your code. You cannot just echo stuff that comes from the user - you need to escape it. If you are putting it inside HTML, including double-quoted attribute values like in your case, use echo htmlspecialchars($_GET[...]);.
You may want to create a "htmlout" function that does nothing else than echo htmlspecialchars, just to have a nicer, easier-to-write name for it, and use it everywhere. That way, you can search your code for instances of "echo", and unless you have protected them otherwise, this indicates you probably need to add some escaping.