Yahallo! I have a problem in searching the user in the database and displaying them into the textfields. I have set everything to query and search the user by typing the lastname but it gives me an error
Fatal error: Uncaught exception 'mysqli_sql_exception' with message 'You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1' .
<?php
$host = "localhost";
$user = "root";
$password ="";
$database = "ntmadb";
$id = "";
$firstname = "";
$lastname = "";
$username = "";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// connect to mysql database
try{
$connect = mysqli_connect($host, $user, $password, $database);
} catch (mysqli_sql_exception $ex) {
echo 'Error';
}
// get values from the form
function getPosts()
{
$posts = array();
$posts[0] = $_POST['id'];
$posts[1] = $_POST['firstname'];
$posts[2] = $_POST['lastname'];
$posts[3] = $_POST['username'];
return $posts;
}
// Search
if(isset($_POST['search']))
{
$data = getPosts();
$search_Query = "SELECT * FROM members WHERE lastname = $data[2]";
$search_Result = mysqli_query($connect, $search_Query);
if($search_Result)
{
if(mysqli_num_rows($search_Result))
{
while($row = mysqli_fetch_array($search_Result))
{
$id = $row['id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$username = $row['username'];
}
}else{
echo 'No Data For This Id';
}
}else{
echo 'Result Error';
}
}
?>
<!DOCTYPE Html>
<html>
<head>
<title>PHP INSERT UPDATE DELETE SEARCH</title>
</head>
<body>
<form action="index44.php" method="post">
<input type="text" name="id" placeholder="Id" value="<?php echo $lastname;?>"><br><br>
<input type="text" name="firstname" placeholder="First Name" value="<?php echo $firstname;?>"><br><br>
<input type="text" name="lastname" placeholder="Last Name" value="<?php echo $lastname;?>"><br><br>
<input type="text" name="username" placeholder="User Name" value="<?php echo $username;?>"><br><br>
<div>
<!-- Input For Edit Values -->
<input type="submit" name="update" value="Update">
<!-- Input For Find Values With The given ID -->
<input type="submit" name="search" value="Find">
</div>
</form>
</body>
</html>
Can someone assist in fixing it? Thank you!
Try below query.
$search_Query = "SELECT * FROM members WHERE lastname = '".$data[2]."'";
Try this:
$temp_lastname = $data[2];
$search_Query = "SELECT * FROM `members` WHERE `lastname` = '$temp_lastname'";
Related
I am using this code to add some data to my already existing sql database, but the can't seem to do so, it's also not giving any errors. I have tried everything that i could think of. This is a form which lets user input the data and then when user clicks submit it gives a success message in url but i get the success message but no data in my database.
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Signup Form</title>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="firstname" placeholder="First Name">
<br>
<input type="text" name="lastname" placeholder="Last Name">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="User name">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
</form>
<?php
$sql = "SELECT * FROM users;" ;
$result = mysqli_query($conn,$sql); //connects the database to the query we just generated
$resultcheck = mysqli_num_rows($result); // it returns the number of rows in the query
if($resultcheck > 0){
//the if condition checks if there is any data inside $resultcheck
//The mysqli_fetch_assoc() function fetches a result row as an associative array.
while($row = mysqli_fetch_assoc($result)){
echo $row['user_uid'].'<br>';
}
}
?>
</body>
</html>
<?php
include_once 'dbh.php';
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$email = $_POST['email'];
$uid = $_POST['uid'];
$pwd = $_POST['pwd'];
$sql = "INSERT INTO users (`user_firstname`, `user_firstname`, `user_email`, `user_uid`, `user_pwd` ) VALUES (\'$firstname\',\'$lastname\',\'$email\',\'$uid\', \'$pwd\');";
//require 'dbh.php';
mysqli_query('$conn','$sql');
/* if($result=$mysqli->query($sql)){
echo "<p>User successfully added to database</p>".'<br>';
}
else{
echo "Error enterting user into database!".mysql_error().'<br>';
} */
header("Location: index.php?signup=success");
?>
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system"; // selecting the database
$conn = mysqli_connect($dbServername,$dbUsername,$dbPassword,$dbName );
//$mysqli = new mysqli('localhost','root',"",$dbName );
if(mysqli_connect_errno()){
printf("connection failed %s\n",mysqli_connect_error());
exit();
}
$mysqli->select_db("login_system");
?>
Please remove single quotes in $conn and $sql
mysqli_query($conn, $sql);
in your insert PHP file.
$sql = "INSERT INTO `users` (`user_firstname`, `user_lastname`, `user_email`, `user_uid`, `user_pwd` ) VALUES ('".$firstname."', '".$lastname ."', '".$email."', '".$uid."', '".$pwd."');";
$result=mysqli_query('$conn','$sql');
if($result)
{
echo "succsessfuly...";
}
else
{
echo "Not succsessfuly...";
}
Try this one:
<?php
include_once 'dbh.php';
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title> Signup Form </title>
</head>
<body>
<form action="signup.php" method="POST">
<input type="text" name="firstname" placeholder="First Name">
<br>
<input type="text" name="lastname" placeholder="Last Name">
<br>
<input type="text" name="email" placeholder="E-mail">
<br>
<input type="text" name="uid" placeholder="User name">
<br>
<input type="password" name="pwd" placeholder="Password">
<br>
<button type="submit" name="submit">Sign up</button>
</form>
<?php
$sql = "SELECT * FROM users; " ;
$result = $mysqli->query($sql); //connects the database to the query we just generated
$resultcheck = $result->num_rows; // it returns the number of rows in the query
if($resultcheck > 0){
while($row = $result->fetch_assoc()){
echo $row['user_uid'].'<br>';
}
}
?>
</body>
</html>
signup.php
<?php
include_once 'dbh.php';
$firstname = $mysqli->real_escape_string($_POST['firstname']);
$lastname = $mysqli->real_escape_string($_POST['lastname']);
$email = $mysqli->real_escape_string($_POST['email']);
$uid = $mysqli->real_escape_string($_POST['uid']);
$pwd = $mysqli->real_escape_string($_POST['pwd']);
$sql = "INSERT INTO users (`user_firstname`, `user_lastname`, `user_email`, `user_uid`, `user_pwd` ) VALUES ('$firstname','$lastname','$email','$uid', '$pwd');";
if($result=$mysqli->query($sql)){
echo "<p>User successfully added to database</p>".'<br>';
}
else{
echo "Error enterting user into database!".$mysqli->error.'<br>';
}
header("Location: index.php?signup=success");
dbh.php
<?php
$dbServername = "localhost";
$dbUsername = "root";
$dbPassword = "";
$dbName = "login_system"; // selecting the database
$mysqli = new mysqli($dbServername,$dbUsername,$dbPassword,$dbName);
if($mysqli->connect_errno){
printf("connection failed %s\n",$mysqli->connect_error);
exit();
}
Please read this reference http://php.net/manual/en/book.mysqli.php
should be like this
$sql = "INSERT INTO users (firstname, lastname, email, uid, pwd ) VALUES ('$firstname','$lastname','$email','$uid', '$pwd')";
mysqli_query($conn,$sql);
I'm trying to figure out how to upload a file into the database where that form contains multiple textfields. I uploaded a BLOB field into the database. So as I try to search the field using the ID number, it will retrieve me the values associated with it. Which works fine, so I added the function of being able to upload a file into that specific id number. I get all sorts of errors and I would like to have an assistance with it. Anyone care to help out? Here are the codes:
<?php
$host = "localhost";
$user = "root";
$password ="";
$database = "ntmadb";
$id = "";
$firstname = "";
$lastname = "";
$username = "";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// connect to mysql database
try{
$connect = mysqli_connect($host, $user, $password, $database);
} catch (mysqli_sql_exception $ex) {
echo 'Error';
}
// get values from the form
function getPosts()
{
$posts = array();
$posts[0] = $_POST['id'];
$posts[1] = $_POST['firstname'];
$posts[2] = $_POST['lastname'];
$posts[3] = $_POST['username'];
return $posts;
}
// Search
if(isset($_POST['search']))
{
$data = getPosts();
$search_Query = "SELECT * FROM members WHERE id = $data[0]";
$search_Result = mysqli_query($connect, $search_Query);
if($search_Result)
{
if(mysqli_num_rows($search_Result))
{
while($row = mysqli_fetch_array($search_Result))
{
$id = $row['id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$username = $row['username'];
}
}else{
echo 'No Data For This Id';
}
}else{
echo 'Result Error';
}
}
// Edit
if(isset($_POST['update']))
{
$data = getPosts();
$update_Query = "UPDATE `members` SET `firstname`='$data[1]',`lastname`='$data[2]',`username`='$data[3]' WHERE `id` = $data[0]";
try{
$update_Result = mysqli_query($connect, $update_Query);
if($update_Result)
{
if(mysqli_affected_rows($connect) > 0)
{
echo 'Data Updated';
}else{
echo 'Data Not Updated';
}
}
} catch (Exception $ex) {
echo 'Error Update '.$ex->getMessage();
}
}
<!--UPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOADUPLOAD -->
// Check if a file has been uploaded
if(isset($_FILES['uploaded_file'])) {
// Make sure the file was sent without errors
if($_FILES['uploaded_file']['error'] == 0) {
// Connect to the database
$dbLink = new mysqli('localhost', 'root', '', 'ntmadb');
if(mysqli_connect_errno()) {
die("MySQL connection failed: ". mysqli_connect_error());
}
// Gather all required data
$data = $dbLink->real_escape_string(file_get_contents($_FILES ['uploaded_file']['tmp_name']));
// Create the SQL query
$query = "
INSERT INTO `members` (
`data`
)
VALUES (
'{$data}' NOW()
)";
// Execute the query
$result = $dbLink->query($query);
// Check if it was successfull
if($result) {
echo 'Success! Your file was successfully added!';
}
else {
echo 'Error! Failed to insert the file'
. "<pre>{$dbLink->error}</pre>";
}
}
else {
echo 'An error accured while the file was being uploaded. '
. 'Error code: '. intval($_FILES['uploaded_file']['error']);
}
// Close the mysql connection
$dbLink->close();
}
else {
echo 'Error! A file was not sent!';
}
?>
and here is the html file:
<!DOCTYPE Html>
<html>
<head>
<title>PHP INSERT UPDATE DELETE SEARCH</title>
</head>
<body>
<form action="index4.php" method="post" enctype="multipart/form-data" >
<input type="number" name="id" placeholder="Id" value="<?php echo $id;?>"><br><br>
<input type="text" name="firstname" placeholder="First Name" value="<?php echo $firstname;?>"><br><br>
<input type="text" name="lastname" placeholder="Last Name" value="<?php echo $lastname;?>"><br><br>
<input type="text" name="username" placeholder="User Name" value="<?php echo $username;?>"><br><br>
<div>
<p>
<!-- Input For Edit Values -->
<input type="submit" name="update" value="Update">
<!-- Input For Find Values With The given ID -->
<input type="submit" name="search" value="Find">
</p>
<p>
<input type="file" name="uploaded_file">
<br>
<input type="submit" value="Upload file">
</p>
</div>
</form>
</body>
</html>
Thanks to anyone who can provide me with help. :)
I wanna update just one data from a record using php form but the thing is, when i do that, the rest of the data gets removed from the record.. What do i do :/ here are my codes for updating. What is the mistake i am making.. I am very confused. Would really appreciate some help.
<?php
include('db.php');
if(isset($_POST['update']))
{
$hostname = "localhost";
$username = "root";
$password = "";
$databaseName = "winc sports";
$connect = mysqli_connect($hostname, $username, $password, $databaseName);
$id = $_POST['id'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$age = $_POST['age'];
$country=$_POST['country'];
$phone=$_POST['phone'];
$email=$_POST['email'];
$select = "SELECT * FROM studens WHERE id = '$id'";
$selected = mysqli_query($connect, $select);
$row = mysqli_fetch_assoc($selected);
if (empty($_POST['fname'])) {$fname = $row['fname'];} else {$fname = $_POST['fname'];}
if (empty($_POST['country']))
{
$country = $row['country'];
}
else {
$country = $_POST['country'];
}
if (empty($_POST['id'])) {
$id = $row['id'];
}
else {
$id = $_POST['id'];
}
if (empty($_POST['age'])) {$age = $row['age'];} else {$age = $_POST['age'];}
if (empty($_POST['phone'])) {$phone = $row['phone'];} else {$phone = $_POST['phone'];}
if (empty($_POST['email'])) {$email = $row['email'];} else {$email = $_POST['email'];}
$query = "UPDATE students SET Fname= '$fname', Lname = '$lname', Nationality = '$country', PhoneNumber = '$phone', Email= '$email', Age = '$age' WHERE Id = '$id'";
$result = mysqli_query($connect, $query);
var_dump($result);
if($result)
{
echo 'Data Updated';
}else
{
echo 'Data Not Updated';
}
mysqli_close($connect);
}
?>
<!DOCTYPE html>
<html>
<head>
<title>PHP INSERT DATA USING PDO</title>
<meta charset="UTF-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
</head>
<body>
<form action="updating.php" method="post">
<input type="text" name="id" placeholder="Enter new ID"><br><br>
<input type="text" name="fname" placeholder="Enter new First Name"><br><br>
<input type="text" name="lname" placeholder="Enter new Last Name"><br><br>
<input type="number" name="age" placeholder="Enter new age" min="13" max="90"><br><br>
<input type="text" name="country" placeholder="Enter new Nationality"><br><br>
<input type="number" name="phone" placeholder="Enter new Phone Number"><br><br>
<input type="text" name="email" placeholder="Enter new Email"><br><br>
<input type="submit" name="update" value="update">
</form>
</body>
</html>
The select statement is fetching data from a table called studens. This looks like a typo of the actual table so it won't actually fetch any results for you to update. Thus, the data you wind up updating the table with is empty. Rename the initial select table to students and it should properly fetch the data.
Also, please look into prepared statements or various other methods to sanitize inputs. Using POST variables directly in a query makes you extremely vulnerable to SQL Injection.
It's a student database system where I can add student data, edit student data, delete student data, and search student data from registration number.
Here is where I'm getting a problem. All is ok but phone number will not be saved in mysql database. All other option are edit and insert in database.
I did not get any error when I edit any information or add new data.
When I submit phone number direct from phpmyadmin then from my index page when I put registration number then get all information of student without phone number.
Here is index.php code:
<?php
$host = "localhost";
$user = "root";
$password ="root";
$database = "college";
$student_reg = "";
$student_name = "";
$father_name = "";
$phone_number = "";
$student_address = "";
$student_course = "";
$student_certificatenumber = "";
$student_email = "";
$student_city = "";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
// connect to mysql database
try{
$connect = mysqli_connect($host, $user, $password, $database);
} catch (mysqli_sql_exception $ex) {
echo 'Error';
}
// get values from the form
function getPosts()
{
$posts = array();
$posts[7] = $_POST['student_reg'];
$posts[1] = $_POST['student_name'];
$posts[2] = $_POST['father_name'];
$posts[3] = $_POST['phone_number'];
$posts[4] = $_POST['student_address'];
$posts[5] = $_POST['student_course'];
$posts[6] = $_POST['student_certificatenumber'];
$posts[8] = $_POST['student_email'];
$posts[9] = $_POST['student_city'];
return $posts;
}
// Search
if(isset($_POST['search']))
{
$data = getPosts();
$search_Query = "SELECT * FROM students WHERE student_reg = $data[7]";
$search_Result = mysqli_query($connect, $search_Query);
if($search_Result)
{
if(mysqli_num_rows($search_Result))
{
while($row = mysqli_fetch_array($search_Result))
{
$student_reg = $row['student_reg'];
$student_name = $row['student_name'];
$father_name = $row['father_name'];
$phone_number = $row['phone_number'];
$student_address = $row['student_address'];
$student_course = $row['student_course'];
$student_certificatenumber = $row['student_certificatenumber'];
$student_email = $row['student_email'];
$student_city = $row['student_city'];
}
}else{
echo 'No Data For This Id';
}
}else{
echo 'Result Error';
}
}
// Insert
if(isset($_POST['insert']))
{
$data = getPosts();
$insert_Query = "INSERT INTO `students`(`student_reg`, `student_name`, `father_name`, `phone_number`,
`student_address`, `student_course`, `student_certificatenumber`, `student_email`, `student_city`) VALUES ('$data
[7]','$data[1]','$data[2]','$data[3]','$data[4]','$data[5]','$data[6]','$data[8]','$data[9]')";
try{
$insert_Result = mysqli_query($connect, $insert_Query);
if($insert_Result)
{
if(mysqli_affected_rows($connect) > 0)
{
echo 'Data Inserted';
}else{
echo 'Data Not Inserted';
}
}
} catch (Exception $ex) {
echo 'Error Insert '.$ex->getMessage();
}
}
// Delete
if(isset($_POST['delete']))
{
$data = getPosts();
$delete_Query = "DELETE FROM `students` WHERE `student_reg` = $data[7]";
try{
$delete_Result = mysqli_query($connect, $delete_Query);
if($delete_Result)
{
if(mysqli_affected_rows($connect) > 0)
{
echo 'Data Deleted';
}else{
echo 'Data Not Deleted';
}
}
} catch (Exception $ex) {
echo 'Error Delete '.$ex->getMessage();
}
}
// Edit
if(isset($_POST['update']))
{
$data = getPosts();
$update_Query = "UPDATE `students` SET `student_reg`='$data[7]',`student_name`='$data[1]',`father_name`='$data
[2]',`phone_number`='$data[3]',`student_address`='$data[4]',`student_course`='$data
[5]',`student_certificatenumber`='$data[6]',`student_email`='$data[8]',`student_city`='$data[9]' WHERE
`student_reg` = $data[7]";
try{
$update_Result = mysqli_query($connect, $update_Query);
if($update_Result)
{
if(mysqli_affected_rows($connect) > 0)
{
echo 'Data Updated';
}else{
echo 'Data Not Updated';
}
}
} catch (Exception $ex) {
echo 'Error Update '.$ex->getMessage();
}
}
?>
<!DOCTYPE Html>
<html>
<head>
<title>PHP INSERT UPDATE DELETE SEARCH</title>
</head>
<body>
<form action="index.php" method="post">
<input type="text" name="student_reg" placeholder="Student Registration Code" value="<?php echo
$student_reg;?>"><br><br>
<input type="text" name="student_name" placeholder="Name" value="<?php echo $student_name;?>"><br><br>
<input type="text" name="father_name" placeholder="Student Father Name" value="<?php echo
$father_name;?>"><br><br>
<input type="text" name="Phone_number" placeholder="Phone Mobile Number" value="<?php echo
$Phone_number;?>"><br><br>
<input type="text" name="student_address" placeholder="Address" value="<?php echo $student_address;?
>"><br><br>
<input type="text" name="student_course" placeholder="Course" value="<?php echo $student_course;?
>"><br><br>
<input type="text" name="student_certificatenumber" placeholder="Certificate Number" value="<?php echo
$student_certificatenumber;?>"><br><br>
<input type="text" name="student_email" placeholder="EMail" value="<?php echo $student_email;?
>"><br><br>
<input type="text" name="student_city" placeholder="City" value="<?php echo $student_city;?>"><br><br>
<div>
<!-- Input For Add Values To Database-->
<input type="submit" name="insert" value="Add">
<!-- Input For Edit Values -->
<input type="submit" name="update" value="Update">
<!-- Input For Clear Values -->
<input type="submit" name="delete" value="Delete">
<!-- Input For Find Values With The given ID -->
<input type="submit" name="search" value="Find">
</div>
</form>
</body>
</html>
check datatype of your phonenumber column in mysql database make it of string type...it may solve your problem
$posts[3] = $_POST['phone_number']
is not the same as
<input type="text" name="Phone_number"
Phone_number is not = to phone_number. PHP is case sensitive.
I'm pretty sure my code is correct. The issue I have is that, when viewing the image, there is only some of the image that is showing. I think it has something to do with my database that i'm uploading to, but I can't figure out what
Here is my code:
form for the upload
<form id="form2" method="post" name="postForm" action="post.php" enctype="multipart/form-data">
<h2>Post News here</h2>
<p>Title:</p>
<input type="text" required placeholder="Enter a title" maxlength="30" name="postTitle">
<p>Body:</p>
<input type="textarea" required placeholder="Enter a body" maxlength="250" name="postBody">
<p>Link/ Reference:</p>
<input type="text" required placeholder="Enter a link or reference" maxlength="100" name="postLinkRef">
<p>Image to upload:</p>
<input type="file" name="imageTest">
<p><input type="submit" value="Submit" name="submit"></p>
</form>
inserting the image
<?php
$host = "localhost";
$userName = "root";
$password = "password";
$db = "userdata";
$connect = mysqli_connect($host,$userName,$password, $db);
if($connect)
{
if(isset($_POST['submit']) && isset($_FILES['imageTest']))
{
$postTitle = mysqli_real_escape_string($connect,$_POST['postTitle']);
$postBody = mysqli_real_escape_string($connect,$_POST['postBody']);
$postLink = mysqli_real_escape_string($connect,$_POST['postLinkRef']);
//address, postcode
//admin priveleges for scertain accounts
//wont allow me to use $_FILES and i dont know why...
$postImageName = mysqli_real_escape_string($connect, $_FILES['imageTest']['name']);
$postImageData = mysqli_real_escape_string($connect, file_get_contents($_FILES["imageTest"]["tmp_name"]));
$postImageType = mysqli_real_escape_string($connect, $_FILES["imageTest"]["type"]);
$sql = "INSERT INTO news(title, body, link, imageName, imageData) VALUES('$postTitle','$postBody','$postLink','$postImageName','$postImageData')";
if(mysqli_query($connect, $sql))
{
echo "Your post has been uploaded\n\n";
echo "Thank you for your post $testUserName\n\n";
echo "<a href='index.php'>Got to your news </a>";
}
else
{
echo "Sorry, something went wrong!! Check to make sure the image your are uploading is a jpeg image (not any other file)!";
}
}
mysqli_close($connect);
}
else
{
echo "Fail connection";
}
?>
Showing the image
<?php
$host = "localhost";
$userName = "root";
$password = "password";
$db = "userdata";
$connect = mysqli_connect($host,$userName,$password, $db);
if(isset($_GET['postID']))
{
$id = mysqli_real_escape_string($connect, $_GET['postID']);
$q = "SELECT * FROM news WHERE postID = $id";
$r = mysqli_query($connect, $q);
if(mysqli_num_rows($r)==1)//id found in the table
{
$row = mysqli_fetch_assoc($r);
$imageData = $row["imageData"];
}
header("Content-type:image/jpeg");
echo $imageData;
}
else
{
echo "error";
}
?>
[1[2