updating my database values through php - php

Hi I am trying to do a Registration that the users will put their name password and their answers to some questions and then an admin will manually answer to it if it's accepted.I did the system that loads their name password and answers in the database,and I also ran the things that will show the answers to the admin,but I can't figure a way to change a value just for one user not for all of them,I will leave you my codes and everything over here.
Here is my admin.viewapplications.php code
(Here,it shows everything fine,but I can't figure a way that the button to act just for one id not for all)
<?php
//include(__DIR__ . "/signup.php");
include("../resources/config.php");
//$name = $_POST['Name'];
//$mg = $_POST['MG'];
//$pg = $_POST['PG'];
//$rk = $_POST['RK'];
$sql = "SELECT id, name, tutorial, MG, PG, RK FROM rp_users WHERE tutorial = 2";
//$tutorial = "SELECT tutorial FROM rp_users";
$result = mysql_query($sql);
//$result2 = mysql_query($tutorial);
//$value = mysql_fetch_object($result2)
/*if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}*/
//if($value > 1)
//
while($row = mysql_fetch_array($result))
{
//$tutorial = row["tutorial"];
//f($tutorial == 2)
//}
$id = $row["id"];
$name = $row["name"];
$mg = $row["MG"];
$pg = $row["PG"];
$rk = $row["RK"];
echo "ID: " . $id."<br> <br>";
echo "Nume: " . $name."<br> <br>";
echo "MG: " . $mg."<br> <br>";
echo "PG: " . $pg."<br> <br>";
echo "RK: " . $rk."<br> <br>";
echo '<form action="./?p=applicationaccept" method="POST">';
echo '<input type="submit" name="accept" value="Accepta">';
echo '</form><br>';
echo '<form action="./?p=applicationdeny" method="POST">';
echo '<input type="submit" name="deny" value="Respinge">';
echo '</form><br> <br> <br>';
}
//}
//
?>
And here is my applicationaccept.php
<?php
include("../admin/admin.viewapplications.php");
include("../resources/config.php");
$iduser = $id;
$sql = "UPDATE rp_users SET tutorial=0";
$result = mysql_query($sql);
if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}
/*while($row = mysql_fetch_array($result))
{
}*/
?>


I think what you want to do is a simple UPDATE to your MySQL database..
but make sure you format the PHP code you're using otherwise it'll give you an ERROR!
Also you have to use 'mysqli' now in PHP!
<?php
$someID = '1';
$sql = "UPDATE `rp_users` SET `tutorial`= '0' WHERE `id` = $someID";
$result = mysqli_query($link, $sql);
if($result)
{
echo "Success";
}
else
{
echo ("Error");
}
?>
BTW I forgot to mntion the '$link' is the connection to your database!


As of my understanding of your question if your form action is applicationaccept.php and you are trying to update for one user in applicationaccept.php file, try this:
<?php
include("../admin/admin.viewapplications.php");
include("../resources/config.php");
$iduser = $_POST["id"]; // pass id as parameter in form
$sql = "UPDATE rp_users SET tutorial=0";// change this line to following line
$sql = "UPDATE rp_users SET tutorial=0 where id=$iduser";
$result = mysql_query($sql);
if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}
?>
Be aware your code is vulnerable

Related

Button is not disabled even one of the field bool value is TRUE

I have this php code where it checks if the client_number or client_email present in the database. If present it'll disable the submit button. But when one of the field data is not present in database it enables the button which it shouldn't.
function checkDataExistence($connection){
if(!empty($_POST["clientEmailID"])) {
$query = "SELECT * FROM clients_table WHERE client_email='" . $_POST["clientEmailID"] . "'";
$result = mysqli_query($connection, $query);
$count = mysqli_num_rows($result);
if($count>0) {
echo "<span style='color:red'> This Email is already registered!.</span>";
echo "<script>$('#submit').prop('disabled',true);</script>";
} else{
echo "<script>$('#submit').prop('disabled',false);</script>";
}
}
if(!empty($_POST["clientPhoneNumber"])) {
$query = "SELECT * FROM clients_table WHERE client_phone_number='" . $_POST["clientPhoneNumber"] . "'";
$result = mysqli_query($connection, $query);
$count = mysqli_num_rows($result);
if($count>0) {
echo "<span style='color:red'> This Phone number is already registered.</span>";
echo "<script>$('#submit').prop('disabled',true);</script>";
}else{
echo "<script>$('#submit').prop('disabled',false);</script>";
}
}
}
How to make it work for both input fields?

PHP new strings update in DB with unshift?

I have a problem to adding more strings in my database.
The idea is: SELECT information, then added array together, after these UPDATE to database.
These are in one code, but UPDATE not working with summed arrays only separately.
With echo I see the array_unshift is working well, the data is good, but not updating.
Need I change something on the server? Maybe version?
(I don't get mysqli_error!)
//CHECKBOX KIOLVASÁSA DB-BŐL!
$sql = ("SELECT id, checkbox FROM osszesito WHERE id = '$id'");
//$result = mysqli_query($conn, $sql);
//if (mysqli_num_rows($result) > 0) {
if ($result = mysqli_query($conn, $sql)) {
while($row = mysqli_fetch_assoc($result)) {
//EREDETI SOR LISTÁZÁSA
$original_array = array( $row["checkbox"] );
$x ="";
echo 'Eredeti sor: ';
foreach ($original_array as $x)
{
echo "$x "."<br><br>";
}
//EREDETI SOR KIEGÉSZÍTÉSE AZ ÚJ ADATTAL
array_unshift($original_array, $chb);
$last ="";
echo "Új sor: "."<br>";
foreach ($original_array as $last)
{
echo $last."<br>";
}
//ÚJ SOR FRISSÍTÉSE A DB-BEN!
//$sqla = "UPDATE osszesito SET checkbox = '$chb' WHERE id = '$id' ";
$sqla = "UPDATE osszesito SET checkbox = '$last' WHERE id = '$id' ";
if (mysqli_query($conn, $sqla)) {
echo "ÚJ SOR ELMENTVE!";
//header("Location: /megrendelesek/index.php");
} else {
echo "Hiba a beírás során: " . mysqli_error($conn);
}
}
///////////////////////////////////////////////
//LEZÁRÁS
} else {
echo "Jelenleg nincs megrendelés az adatbázisban!";
}
mysqli_close($conn);

When I display this page the PHP part of the code is not working. It will not display the topics

Code will not display topics from database. I just get a blank pages.
Any solutions?
The pages loads but it will not display any thing. They want me to add more context but it breaks it so here you go.
<?php
//Database stuff.
include_once("connect.php");
if ($conn->connect_error) {
trigger_error('Database connection failed: ' . $conn->connect_error, E_USER_ERROR);
}else{
mysqli_select_db($conn,"2159928_db");
}
$tid = '';
$cid = $_GET['cid'];
$tid = $_GET['tid'];
$sql = "SELECT * FROM topics WHERE category_id='".$cid."' AND id='".$tid."' LIMIT 1";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) == 1){
echo "<table width ='75%'>";
if (isset($_SESSION['uid'])) {
//echo "<form action ='post_reply.php?cid=".$cid." &tid =".$tid. "' method = 'post'>
//<input type = 'submit' name = 'submit' value = 'Reply'/>";
//echo "<tr><td colspan ='2'><center><input type='submit' value='Reply' onClick = 'window.open = 'post_reply.php?cid=".$cid." &tid =".$tid."' />";
echo "<tr><td colspan ='2'><center><input type='submit' value='Reply' onClick='window.open(\"post_reply.php?cid=$cid&tid=$tid\")' />";
} else {
echo "<tr><td colspan = '2'><p><center> Please login to reply to topics.</p></td></tr>";
}
//Trying to display this. Doesn't even display border box.
while ($row = mysqli_fetch_assoc($result)) {
$sql2 = "SELECT * FROM posts WHERE category_id='".$cid."' AND topic_id='".$tid. "'";
$result2 = mysqli_query($conn, $sql2);
while ($row2 = mysqli_fetch_assoc($result2)){
echo "<tr><td valign ='top' style = 'border: 5px solid #ffffff;'><div style = 'min-height: 125px;'>".$row['topic_title']."<br/>
by ".$row2['post_username']. " - " .$row2['post_date']. "<hr/>".$row2['post_content']."</div></td>";
}
//This part not relevant.
$old_views = $row['topic_views'];
$new_views = $old_views + 1;
$sql3 = "UPDATE topics SET topic_views='".$new_views."' WHERE category_id='".$cid."' AND id ='".$tid."' LIMIT 1";
$result3 = mysqli_query($conn, $sql3);
}
echo "</table>";
} else {
echo "<p>This topic does not exist.</p>";
}
?>

Try echo-ing out your $sql to see if the query is correct.
If query is correct. Try var_dump to see if there are any results.

link to specific user profile php

I'm creating a search bar feature on my website where the user can search for users using a name.The search result may come up with multiple users with similar names (ex. if I search "Jenna", my database may have multiple users with the name "Jenna" so multiple results will show).I want the user to be able to click on one of the profiles and see that specific "Jenna's" user profile. Kind of like Twitter, where I can search for accounts and view different profiles. Right now I have code that returns the search and also makes the search result a clickable link. However, when I try to save the user id, it only saves the latest user id.
home.php (where the search bar for users is0
<form method="GET" action="search.php" id="searchform">
Search for users:
<input type="text" name="search_user" placeholder="Enter username">
<input type="submit" name="submit" value="Search">
</form>
search.php (prints out the users with the name that the user is searching for)
session_start();
$user = '';
$password = '';
$db = 'userAccounts';
$host = 'localhost';
$port = 3306;
$link = mysqli_connect($host, $user, $password, $db);
mysqli_query($link,"GRANT ALL ON comment_schema TO 'oviya'#'localhost'");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$search_user = $_GET['search_user'];
$sql = "SELECT * FROM users WHERE username LIKE '%$search_user%'";
$result = mysqli_query($link, $sql);
if(mysqli_num_rows($result)>0){
while ($row = mysqli_fetch_assoc($result)) {
$a = '<a';
$b = ' href="';
$c = 'user_profiles.php';
$d = '">';
$e = $row['username'];
$f = '</a';
$g = '>';
$_SESSION['user'] = $row['user_id'];
$userID = $_SESSION['user'];
echo $a.$b.$c.$d.$e.$f.$g;
header("Location: user_profiles.php");
}
}
user_profiles.php (supposed to be where a specific user's profile is shown, based on the link the user clicks with the specific userID)
session_start();
$userID=$_SESSION['user'];
$link = mysqli_connect('localhost', 'x', '', 'userAccounts');
$query="SELECT * FROM dataTable WHERE user_id='$userID'";
$results = mysqli_query($link,$query);
while ($row = mysqli_fetch_assoc($results)) {
echo '<div class="output" >';
$entry_id = $row["entry_id"];
$output= $row["activity"];
echo "Activity: ";
echo htmlspecialchars($output ,ENT_QUOTES,'UTF-8')."<br>"."<br>";
$output= $row["duration"];
echo "Duration: ";
echo htmlspecialchars($output ,ENT_QUOTES,'UTF-8')." hrs"."<br>"."<br>";
$output= $row["date_"];
echo "Date: ";
echo htmlspecialchars($output ,ENT_QUOTES,'UTF-8')."<br>"."<br>";
echo '</div>';
}
I get where my mistake is, the while loop in search.php will only save the latest userID so the link will always take me to the user profile with that useriD. I'm just not sure how to implement it so that when the user views the list of profiles, the link they click will take them to a specific profile based on the user id.

You need to do changes in search and user.php files :
Search.php :
<?php
session_start();
$user = '';
$password = '';
$db = 'userAccounts';
$host = 'localhost';
$port = 3306;
$link = mysqli_connect($host, $user, $password, $db);
mysqli_query($link, "GRANT ALL ON comment_schema TO 'oviya'#'localhost'");
if (mysqli_connect_errno()) {
printf("Connect failed: %s\n", mysqli_connect_error());
exit();
}
$search_user = $_GET['search_user'];
$sql = "SELECT * FROM users WHERE username LIKE '%$search_user%'";
$result = mysqli_query($link, $sql);
if (mysqli_num_rows($result) > 0) {
while ($row = mysqli_fetch_assoc($result)) {
$id = $row['user_id'];
?>
<a href="user_profiles.php?id=<?php echo $id; ?>" >
<?php echo $row['username']; ?>
</a>
<?php
$_SESSION['user'] = $row['user_id'];
$userID = $_SESSION['user'];
header("Location: user_profiles.php");
}
}
User_profile.php:
$userid = $_GET['id'];
$link = mysqli_connect('localhost', 'x', '', 'userAccounts');
$query = "SELECT * FROM dataTable WHERE user_id='$userid'";
$results = mysqli_query($link, $query);
while ($row = mysqli_fetch_assoc($results)) {
echo '<div class="output" >';
$entry_id = $row["entry_id"];
$output = $row["activity"];
echo "Activity: ";
echo htmlspecialchars($output, ENT_QUOTES, 'UTF-8') . "<br>" . "<br>";
$output = $row["duration"];
echo "Duration: ";
echo htmlspecialchars($output, ENT_QUOTES, 'UTF-8') . " hrs" . "<br>" . "<br>";
$output = $row["date_"];
echo "Date: ";
echo htmlspecialchars($output, ENT_QUOTES, 'UTF-8') . "<br>" . "<br>";
echo '</div>';
}

Very first thing, you are saving multiple user ids to a string.
Another thing, you are saving it in while loop.
Therefore, latest value updates old value.
In your case, it will always save the last value. That is prime issue.
You can take array of user ids and save them in it.
$userIds = array();
while ($row = mysqli_fetch_assoc($result)) {
$a = '<a';
$b = ' href="';
$c = 'user_profiles.php';
$d = '">';
$e = $row['username'];
$f = '</a';
$g = '>';
$userIds[] = $row['user_id'];
$userID = $_SESSION['user'];
echo $a.$b.$c.$d.$e.$f.$g;
header("Location: user_profiles.php");
}
$_SESSION['user'] = $userIds;
And in your user_profiles.php, loop over the array or use MySQL IN() condition to get all user profiles.
Also, why did you take too many variables for html link. You can do it in single variable using concatenation like following:
$userIds = array();
while ($row = mysqli_fetch_assoc($result)) {
$a = '<a'
. ' href="';
. 'user_profiles.php';
. '">';
. $row['username'];
. '</a';
. '>';
$userIds[] = $row['user_id'];
$userID = $_SESSION['user'];
echo $a;
header("Location: user_profiles.php");
}
$_SESSION['user'] = $userIds;
Another mistake is that you are echo ing HTML link and doing redirection.
That will cause headers already sent... error.

This will display list of users with searched string
if(mysqli_num_rows($result)>0){
while ($row = mysqli_fetch_assoc($result)) {
$link="<a href='user_profiles.php?user_id=".$row['user_id']."'>".$row['username']."</a>";
}
}
After clicking on link it will redirect to user_profiles.php (no need to header. header is used for automatic redirection)
In user_profiles.php
session_start();
$userID=$_GET['user_id'];
$link = mysqli_connect('localhost', 'x', '', 'userAccounts');
$query="SELECT * FROM dataTable WHERE user_id='$userID'";
$results = mysqli_query($link,$query);
while ($row = mysqli_fetch_assoc($results)) {
echo '<div class="output" >';
$entry_id = $row["entry_id"];
$output= $row["activity"];
echo "Activity: ";
echo htmlspecialchars($output ,ENT_QUOTES,'UTF-8')."<br>"."<br>";
$output= $row["duration"];
echo "Duration: ";
echo htmlspecialchars($output ,ENT_QUOTES,'UTF-8')." hrs"."<br>"."<br>";
$output= $row["date_"];
echo "Date: ";
echo htmlspecialchars($output ,ENT_QUOTES,'UTF-8')."<br>"."<br>";
echo '</div>';
}

To delete queries! I've tried with the posts already available. It didn't work.

My first page to delete queries selected by user query.php which is working absolutely fine:
<form method=post action="delete.php">
List of queries<br/>
<?php
$ebits = ini_get('error_reporting');
error_reporting($ebits ^ E_NOTICE);
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("testdb") or die(mysql_error());
echo "<br />";
$query = "select * from queries ";
$result = mysql_query($query) or die(mysql_error());
$count=mysql_num_rows($result);
while($row = mysql_fetch_array($result))
{
print "<input type='checkbox' name='Query[]' value=\"".$row['queryId']."\"> ";
echo " ". $row['name']." ". $row["address"]." ". $row["contactNo"]."
". $row["query"];
echo "<br />";
}
?>
<input type="submit" value="Delete" name="Delete">
<br/>
</form>
I've tried with following codes for second page delete.php but nothing seems to work.
Code1:
<?php
if($_POST['Delete'])
{
if(count($_POST['checkbox']) > 0) {
foreach($_POST['checkbox'] as $checkbox)
{
$del_id=$checkbox;
$sql = "DELETE * FROM queries WHERE `queryId`= '$del_id'";
$result = mysql_query($sql);
mysql_error();
}
echo "Selected Rows deleted";
} else {
$NEW="Nothing to Delete";
}
}
?>
Code2:
<?php
if(($_POST['Delete']))
{
$count=array();
$count=$_POST['checkbox'];
for($i=0;$i<count($count);$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM queries WHERE queryId='$del_id' ";
$result = mysql_query($sql);
}
$NEW="Selected records Deleted";
}
var_dump($_POST['checkbox']);
var_dump($count);
?>

Your checkbox names are "Query", but you're accessing it as $_POST['checkbox']. This should be $_POST['Query'] instead.
EDIT checking from your updated code:
if($_POST['Delete']) {
if(count($_POST['Query']) > 0) {
foreach($_POST['Query'] as $checkbox) {
$del_id=$checkbox;
$sql = "DELETE * FROM queries WHERE queryId= '$del_id'";
$result = mysql_query($sql);
mysql_error();
}
echo "Selected Rows deleted";
}
else {
$NEW="Nothing to Delete";
}
}
Instead of this:
$del_id=$checkbox;
do this:
// if queryId is numeric
$del_id=intval($checkbox);
This makes sure that the value you're working with is numeric, instead of potential malicious input from your user. I'm going under the assumption that queryId is numeric. If it's not, then you need to do this:
// if queryId is not numeric:
$del_id = mysql_real_escape_string($checkbox);
Your DELETE syntax is incorrect:
$sql = "DELETE * FROM queries WHERE queryId= '$del_id'";
You want just DELETE FROM. Also if the value for queryId is numeric, you don't need the quotes around it:
$sql = "DELETE FROM `queries` WHERE `queryId` = $del_id";
Finally, your MySQL error call doesn't do anything useful as is:
mysql_error();
Here's how you should do this, along with the rest of the code:
if($_POST['Delete']) {
if(count($_POST['Query']) > 0) {
foreach($_POST['Query'] as $checkbox) {
$del_id= intval($checkbox);
$sql = "DELETE FROM `queries` WHERE `queryId` = $del_id";
$result = mysql_query($sql);
if(!$result) {
echo "There was an error in the query: " . mysql_error();
}
}
echo "Selected Rows deleted";
}
else {
$NEW="Nothing to Delete";
}
}

Categories