Refresh previous form table after submit button - php

How do I refresh the table when I click EDIT NOW Button? or this is easier, how do I make refresh button to refresh the table? I have no knowledge on JSP to auto refresh. However, I manage to make an onchange event so when I choose menu, it will refresh upon changing. When I edit a data and submit, it does not refresh. How do I re-execute the echo of table? Thanks!
<?php
$selected='';
function get_options($select)
{
$conn = new mysqli('localhost', 'root', 'jared17', 'hbadb')
or die ('Cannot connect to db');
$result = $conn->query("select * from students");
$options='';
while ($row = $result->fetch_assoc())
{
$LRN = $row['LRN'];
$Last = $row['Last_Name'];
$First = $row['First_Name'];
if($LRN == $_GET['Students'])
{
$options.='<option value="'.$LRN.'" selected>'.$Last.', '.$First.'</option>';
}
else
{
$options.='<option value="'.$LRN.'">'.$Last.', '.$First.'</option>';
}
}
return $options;
}
if (isset($_GET['Students'])) {
$conn = new mysqli('localhost', 'root', 'jared17', 'hbadb')
or die ('Cannot connect to db');
$result = $conn->query("select * from students");
$lrn = $_GET['Students'];
$stmt = $conn->prepare("SELECT Last_Name, First_Name, Level, Q1, Q2, Q3, Q4, FINAL FROM english WHERE LRN = ?");
$stmt->bind_param('i', $lrn);
$stmt->execute();
$stmt->bind_result($last, $first, $level, $q1, $q2, $q3, $q4, $final);
$stmt->fetch();
echo "<table><tr><th>LRN</th><th>Name</th><th>Level</th><th>Q1</th><th>Q2</th><th>Q3</th><th>Q4</th><th>Final</th></tr>";
echo "<tr><td>$lrn</td><td>$last, $first</td><td>$level</td><td>$q1</td><td>$q2</td><td>$q3</td><td>$q4</td><td>$final</td></tr></table>";
}
echo "<html>";
echo "<body>";
echo "<form method=GET>";
echo "<select name=Students onchange=this.form.submit();>";
echo get_options();
echo "</select>";
echo "</form>";
echo "<form method=POST>";
///////////EDIT DATA
echo "Edit Data: ";
echo "<select name = 'Edit'>";
echo '<option value=Q1>Q1</option>';
echo '<option value=Q2>Q2</option>';
echo '<option value=Q3>Q3</option>';
echo '<option value=Q4>Q4</option>';
echo '<option value=FINAL>FINAL</option>';
echo '<input type="number" max="100" name="editdata" required>';
echo "</select>";
echo "<input type='submit' name='submit2' value='Edit Now'>";
if (isset($_POST['Edit'])) {
$conn2 = new mysqli('localhost', 'root', 'jared17', 'hbadb')
or die ('Cannot connect to db');
$upd = $_POST['Edit'];
$txt = $_POST['editdata'];
$now = "UPDATE english SET $upd='$txt' WHERE LRN='$lrn'";
$res = $conn2->query($now);
if (!$conn2->error) {
echo "Errormessage: $conn->error";
}
echo $now;
}
echo "</form>";
echo "</body>";
echo "</html>";
?>


I would use 2 pages view.php and edit.php. View would display the data with link to edit. When you click edit it would open edit.php to load the form to edit data and save it to db. Then issue the command
header("Location: view.php");
to reload the view.php and display the new data
I have uploaded the scripts I use as a basis for databases so you can see if this is what you want - feel free to amend any data it is just a test database. If you want more code just ask
www.cambodia.me.uk/php/view.php
Edited to include scripts as requested - sorry it is old code and mysql not mysqli
Connect script
<?php
/*
CONNECT-DB.PHP
Allows PHP to connect to your database
*/
// Database Variables (edit with your own server information)
$server = 'server';
$user = 'user';
$pass = 'pass';
$db = 'database';
// Connect to Database
$connection = mysql_connect($server, $user, $pass)
or die ("Could not connect to server ... \n" . mysql_error ());
mysql_select_db($db)
or die ("Could not connect to database ... \n" . mysql_error ());
?>
View script
<?php
include('remote-connect.php');
$result = mysql_query("SELECT * FROM stats")
or die(mysql_error());
echo "<p><b>View All</b> | <a href='view-paginated.php?page=1'>View Paginated</a></p>";
echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>date</th> <th>Home Team</th> <th></th><th></th><th>Away Team</th> <th></th> </tr>";
while($row = mysql_fetch_array( $result )) {
echo "<tr>";
echo '<td>' . $row['date'] . '</td>';
echo '<td>' . $row['hometeam'] . '</td>';
echo '<td>' . $row['fthg'] . '</td>';
echo '<td>' . $row['ftag'] . '</td>';
echo '<td>' . $row['awayteam'] . '</td>';
echo '<td>Edit</td>';
//echo '<td>Delete</td>';
echo "</tr>";
}
echo "</table>";
?>
<p>Add a new record</p>
</body>
</html>
Edit script
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
function renderForm($id, $hometeam, $awayteam, $error)
{
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>First Name: *</strong> <input type="text" name="hometeam" value="<?php echo $hometeam; ?>"/><br/>
<strong>Last Name: *</strong> <input type="text" name="awayteam" value="<?php echo $awayteam; ?>"/><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
include('remote-connect.php');
if (isset($_POST['submit']))
{
if (is_numeric($_POST['id']))
{
$id = $_POST['id'];
$hometeam = mysql_real_escape_string(htmlspecialchars($_POST['hometeam']));
$awayteam = mysql_real_escape_string(htmlspecialchars($_POST['awayteam']));
if ($hometeam == '' || $awayteam == '')
{
$error = 'ERROR: Please complete all mandatory fields!';
renderForm($id, $hometeam, $awayteam, $error);
}
else
{
mysql_query("UPDATE stats SET hometeam='$hometeam', awayteam='$awayteam' WHERE id='$id'")
or die(mysql_error());
// Go back to view page and redisplay the edited data
header("Location: view.php");
}
}
else
{
echo 'Error!';
}
}
else
{
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM stats WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
if($row)
{
$hometeam = $row['hometeam'];
$awayteam = $row['awayteam'];
renderForm($id, $hometeam, $awayteam, '');
}
else
{
echo "No results!";
}
}
else
{
echo 'Error!';
}
}
?>
</body>
</html>


It's so easy. If you fetch your table's values after edit or delete operation, sql will bring fresh data.

Related

Delete user from database - GET method change to POST method

My question is how can i change GET method to the POST method after click action on the delete button on page Users List.
After delete using POST on top of page users.php must be message "User $name deleted!"
users.php
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8"/>
<title>Users</title>
</head>
<body>
<h1>Users List</h1>
<?php
include('db_connect.php');
$db_conn = #new mysqli($host, $db_user, $db_password, $db_name);
if($result=$db_conn->query("SELECT * FROM user ORDER BY id")){
if($result->num_rows > 0){
echo "<table border='1' cellpadding='10'>";
echo "<tr><th>ID</th><th>Name</th></tr>";
while($row=$result->fetch_object()){
echo "<tr>";
echo "<td>".$row->id."</td>";
echo "<td>".$row->name."</td>";
echo "<td><a href='delete.php?id=" . $row->id . "'>Delete</a></td>";
echo "</tr>";
}
echo "</table>";
}else{
echo "No records";
}
}else{
echo "error: ". $db_conn->error;
}
$db_conn->close();
?>
<br>Add user
</body>
</html>
delete.php
<?php
require_once 'db_connect.php';
$db_conn = #new mysqli($host, $db_user, $db_password, $db_name);
if (isset($_GET['id']) && is_numeric($_GET['id']))
{
$id = $_GET['id'];
if ($stmt = $db_conn->prepare("DELETE FROM user WHERE id = ? LIMIT 1"))
{
$stmt->bind_param("i",$id);
$stmt->execute();
$stmt->close();
}
else
{
echo "ERROR: could not prepare SQL statement.";
}
$db_conn->close();
header("Location: users.php");
}
else
{
header("Location: users.php");
}
Please help! :)

Use form with hidden inputs & submit button instead of links:
Change:
echo "<td><a href='delete.php?id=" . $row->id . "'>Delete</a></td>";
With:
echo '<td><form action="delete.php" method="POST"><input type="hidden" name="id" value="' . $row->id . '"><input type="submit" name="submit" value="Delete"></form></td>';
& surely this should be handled in PHP:
Change:
if (isset($_GET['id']) && is_numeric($_GET['id']))
{
$id = $_GET['id'];
To:
if (isset($_POST['id']) && is_numeric($_POST['id']))
{
$id = $_POST['id'];

You can do the following then
In your delete.php
if($_SERVER['REQUEST_METHOD'] == 'POST')
{
//DO the deletin here
}
In users.php
echo "<td><form action='delete.php' method = 'post'><input type = 'hidden' name = 'user_id' value = '" . $row->id . "' /><button type = 'submit'> Delete</button></form></td>";

PHP Loop with dropdown selection and submit button?

I am trying to make a loop that gets the name some other info about a product from a sql table - MySQL table
Then Creates a page that looks like that - Webpage
So Far I have this code that does show it but I cant figure out a way how to update the name of the dropdown menu so when I press submit It writes into another SQL table the name of the product and then how many of those products did the customer selected .
<?php
$sql = "SELECT * FROM product";
$result = $conn->query($sql);
while ( $row = mysqli_fetch_assoc($result) ) {
$columnValues[] = $row['ProductID'];
foreach($columnValues as $key => $value) {
$$key = $value;
while ($row = $result->fetch_assoc()) {
echo "<tr>\n". "<br>";
echo "##product-ID## ";
echo "<td>".$row['ProductID']. "</td>\n";
echo " ##product-name## ";
echo "<td>".$row['ProductName']."</td>\n";
echo "<td>\n";
echo " ##dropdown## ";
echo "<select id=$value>\n";
echo "<option value='1'>1</option>\n";
echo "<option value='2'>2</option>\n";
echo "<option value='3'>3</option>\n";
echo "<option value='4'>4</option>\n";
echo "<option value='5'>5</option>\n";
echo "<option value='6'>6</option>\n";
echo "</select>\n";
echo "</td>\n";
echo "</tr>\n";
}
}
}
$conn->close();
?>
<html>
<body>
<form method="POST" action="#" >
<input type="submit" name="Submit" value="Submit" /><br>
</form> </body>
</html>
I know I will most likely need a second php script for the capture of the post so help with that will be greatly appreciated too .
////////////////////////////////////////////////
So up to here I got it somehow - It loops and shows all the product . When I press submit it adds only the last product in the loop and it doesn't care of the drop down menu - Just adds a "2" .
The table where the script writes is simple - 4 columns OrderID1,productid1,ProductName1 orderedqnt1
Thanks in advance .
Index.php
<html>
<body>
<form method="POST" action="insert.php" >
<?php
session_start(); // session start for Variables to add to the sql in Insert.php
include("global.php"); // Stores the session Variables
## Conection part
$sql = "SELECT * FROM product";
$result = $conn->query($sql);
while ( $row = mysqli_fetch_assoc($result) ) {
$columnValues[] = $row['ProductID'];
foreach($columnValues as $key => $value) {
$$key = $value;
while ($row = $result->fetch_assoc()) {
echo "<tr>\n". "<br>";
echo "##product-ID## ";
echo "<td>".$row['ProductID']. "</td>\n";
echo " ##product-name## ";
echo "<td>".$row['ProductName']."</td>\n";
echo "<td>\n";
/* echo " ##dropdown## "; */
echo "<select id=" . $value . " name='dropdown'>\n";
echo "<option value=''>-</option>\n";
echo "<option value='1'>1</option>\n";
echo "<option value='2'>2</option>\n";
echo "<option value='3'>3</option>\n";
echo "<option value='4'>4</option>\n";
echo "<option value='5'>5</option>\n";
echo "<option value='6'>6</option>\n";
echo "</select>\n";
/* echo "</td>\n"; */
/* Echo ":::::value variable = "."$value"; */
echo "</tr>\n" . "<br>";
print_r ($value);
$_SESSION['GrabIDses']=mysqli_real_escape_string($conn,$row['ProductID']); //Grabs the ID of the product in Session Variable
$_SESSION['GrabNameses']=mysqli_real_escape_string($conn,$row['ProductName']); //Grabs the Name of the product in Session Variable
$_SESSION['GrabSKUses']=mysqli_real_escape_string($conn,$row['SKU']); //Grabs the SKU of the product in Session Variable
$_SESSION['Ordered']=mysqli_real_escape_string($conn,$value); //Grabs the Ordered Quantity for the product in Session Variable ????????????????
/* $GrabID = mysqli_real_escape_string($conn,$row['ProductID']);
$GrabName = mysqli_real_escape_string($conn,$row['ProductName']);
$GrabSKU = mysqli_real_escape_string($conn,$row['SKU']);
echo "----------------------"."$_SESSION['GrabSKUses']"."<br>"."$_SESSION['GrabIDses']"."<br>"."----------------------"; */
}
}
}
$conn->close();
echo "<br>";
?>
<input type="submit" name="Submit" value="Submit" /><br>
</form>
</body>
Insert.php
<?php
session_start(); // session start
$getvalue = $_SESSION['GrabIDses']; // session get
$getvalue1 = $_SESSION['GrabNameses']; // session get
$getvalue2 = $_SESSION['GrabSKUses']; // session get
$ordered11 = $_SESSION['Ordered']; // session get
echo $getvalue;
echo "||";
echo $getvalue1;
echo "||";
echo $getvalue2;
echo "||"."<br>";
print_r($_SESSION);
## Connection Part
if(isset($_POST['dropdown'])) {
echo("You order was completed" . "<br>");
$sql = "INSERT INTO testorder (productid1,ProductName1,orderedqnt1) VALUES ('$getvalue', '$getvalue1','$ordered11')";
if (mysqli_query($conn, $sql))
{ echo "New record created successfully"; }
else
{ echo "Error: " . $sql . "<br>" . mysqli_error($conn); }
mysqli_close($conn);
}
else {
echo" dhur";
}
?>

The < select>-Boxes have to be inside the form and inside the web page at all.
Enter a name-attribute in the < select>-Tag, to make the data available in the saving script vie $_POST
I am not sure, what you want to do, so I don't know if $row['ProductID'] is a reasonable name.
<html>
<body>
<form method="POST" action="#" >
<?php
$servername = "localhost";
$username = "root";
$password ="";
$dbname = "company";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM product";
$result = $conn->query($sql);
while ( $row = mysqli_fetch_assoc($result) ) {
$columnValues[] = $row['ProductID'];
foreach($columnValues as $key => $value) {
$$key = $value;
while ($row = $result->fetch_assoc()) {
echo "<tr>\n". "<br>";
echo "##product-ID## ";
echo "<td>".$row['ProductID']. "</td>\n";
echo " ##product-name## ";
echo "<td>".$row['ProductName']."</td>\n";
echo "<td>\n";
echo " ##dropdown## ";
echo "<select id='$value' name='{$row['ProductID']}'>\n";
echo "<option value='1'>1</option>\n";
echo "<option value='2'>2</option>\n";
echo "<option value='3'>3</option>\n";
echo "<option value='4'>4</option>\n";
echo "<option value='5'>5</option>\n";
echo "<option value='6'>6</option>\n";
echo "</select>\n";
echo "</td>\n";
/* Echo ":::::value variable = "."$value"; */
echo "</tr>\n";
}
}
}
$conn->close();
?>
<input type="submit" name="Submit" value="Submit" /><br>
</form>
</body>
</html>
<body>
<form method="POST" action="#" >
<?php
$servername = "localhost";
$username = "root";
$password ="";
$dbname = "company";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM product";
$result = $conn->query($sql);
while ( $row = mysqli_fetch_assoc($result) ) {
$columnValues[] = $row['ProductID'];
foreach($columnValues as $key => $value) {
$$key = $value;
while ($row = $result->fetch_assoc()) {
echo "<tr>\n". "<br>";
echo "##product-ID## ";
echo "<td>".$row['ProductID']. "</td>\n";
echo " ##product-name## ";
echo "<td>".$row['ProductName']."</td>\n";
echo "<td>\n";
echo " ##dropdown## ";
echo "<select id='$value' name='{$row['ProductID']}'>\n";
echo "<option value='1'>1</option>\n";
echo "<option value='2'>2</option>\n";
echo "<option value='3'>3</option>\n";
echo "<option value='4'>4</option>\n";
echo "<option value='5'>5</option>\n";
echo "<option value='6'>6</option>\n";
echo "</select>\n";
echo "</td>\n";
/* Echo ":::::value variable = "."$value"; */
echo "</tr>\n";
}
}
}
$conn->close();
?>
<input type="submit" name="Submit" value="Submit" /><br>
</form>
</body>
</html>

echo "<select id=$value>\n";
needs a name. So change to
echo "<select id=" . $value . " name='dropdown'>\n";
Then you need to make a second page, use
if(isset($_POST['dropdown'])) {
Then insert or update table with the info. I think you can get this part down quite easily :).
Edit:
while ( $row = mysqli_fetch_assoc($result) ) {
$columnValues[] = $row['ProductID'];
foreach($columnValues as $key => $value) {
$$key = $value;
while ($row = $result->fetch_assoc()) {
You're using 2 while loops. That's 1 to many.

Not able to store values from dynamic drop list into database on mysql(php)

this is starva i need your help for storing values into database here is my code i want to store the values fetched from list into database '$post[]'
<html>
<head>
<title>order</title>
</head>
<body>
<table>
<form action="order2.php" method="post">
<tr><td><input type="submit" name="submit" value="show"></td>
<td><input type="submit" name="order" value="Order"></td>
</tr>
</table>
<!________________________________!>
<?php
$servername="localhost";
$username="root";
$password="";
$database="mess_db";
$con = mysql_connect($servername,$username,$password);
if(!$con)
{
Die('Could not connect:'.mysql_error());
}
if($con)
{
echo "DB Connected<br>";
}
mysql_select_db($database,$con);
if(isset($_POST["submit"]))
{
$sql="SELECT * FROM menu";
$result= mysql_query($sql,$con);
echo '<select name="roti">';
while($row = mysql_fetch_array($result))
{
echo '<option value="'. $row['roti'].'">' . $row['roti'].'';
}
echo '</select><br><br>';
}
if(isset($_POST["submit"]))
{
$sql="SELECT * FROM menu";
$result= mysql_query($sql,$con);
echo '<select name="sabji">';
while($row = mysql_fetch_array($result))
{
echo '<option value=" ' . $row['sabji'].'">' . $row['sabji'].'';
}
echo '</select><br><br>';
}
if(isset($_POST["submit"]))
{
$sql="SELECT * FROM menu";
$result= mysql_query($sql,$con);
echo '<select name="daal">';
while($row = mysql_fetch_array($result))
{
echo '<option value=" ' . $row['daal'].'">' . $row['daal'].'';
}
echo '</select><br><br>';
}
if(isset($_POST["submit"]))
{
$sql="SELECT * FROM menu";
$result= mysql_query($sql,$con);
echo '<select name="sweet">';
while($row = mysql_fetch_array($result))
{
echo '<option value=" ' . $row['sweet'].'">' . $row['sweet'].'';
}
echo '</select><br><br>';
}
if(isset($_POST["submit"]))
{
$sql="SELECT * FROM menu";
$result= mysql_query($sql,$con);
echo '<select name="starter">';
while($row = mysql_fetch_array($result))
{
echo '<option value=" ' . $row['starter'].'">' . $row['starter'].'';
}
echo '</select><br><br>';
}
if(isset($_POST["order"]))
{
echo "Hi...";
$servername="localhost";
$username="root";
$password="";
$database="mess_db";
$con = mysql_connect($servername,$username,$password);
if(!$con){
Die('Could not connect:'.mysql_error());
}
if($con){
echo "DB Connected<br>";
}
mysql_select_db($database,$con);
if(!$_POST=="")
{
$sql="INSERT INTO order VALUES('$_POST[roti]')";
$result=mysql_query($sql,$con);
echo "Hello";
}
}
mysql_close($con);
?>
please help me on this topic
i ma not at all getting any error and database is still empty

Getting data to display in a form

I'm trying to use HTML, PHP and MYSQL to pull data from a database and display it in a form (to later be edited). At this point I'm only trying to pull that data and display it in a form. (I'll worry about updating later). I pull the data but nothing displays in my textboxes:
<?php
$con = mysqli_connect("XXXXX"); //removed for privacy
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query="select * from VOLUNTEER";
echo '$query';
$result = mysqli_query($con, $query);
echo "<table>";
if ($result)
{
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC))
{
echo '<form method = "post" action="insertvolunteer.php">';
echo '<tr>';
echo '<td>First Name:</td>';
echo '<td>' . '<input type=text name=FirstName' . $row["FirstName"] . '</td>';
echo '<td>' . '<input type=hidden name=VolunteerId' . $row["VolunteerId"] . '</td>';
echo '</tr>';
}
}
echo "</form>";
echo "</table>";
mysqli_close($con);
?>

Text box data needs to be displayed on value as
echo '<td><input type="text" name="FirstName" value="'.$row["FirstName"].'"></td>';

connect.php
<?php
$server = "server";
$user = "user";
$password = "password";
$bd = "yourbd";
$connect = mysql_connect($server, $user, $password);
$connect = mysql_select_db("$bd", $connect);
if (!$connect){
echo mysql_error(); exit;
}
?>
namefile.php
<?php
include('connect.php');
$select = mysql_query("select * from VOLUNTEER");
while ($show = mysql_fetch_assoc($select)):
echo "<table>";
echo "<form method = 'post' action='insertvolunteer.php'>";
echo '<tr>';
echo '<td>First Name:</td>';
echo '<td><input type="text" name="FirstName" value="'.$show["FirstName"].'"></td>';
echo '<td><input type="text" name="FirstName" value="'.$show["VolunteerId"].'"></td>';
echo '</tr>';
echo "</form";
echo "</table>";
endwhile;
?>
When you create an MySQL query, you need to declare this. How?
$var = "SELECT * FROM SOMEWHERE"; wrong
$var = mysql_query("SELECT * FROM SOMEWHERE"); right
'n in echo '<td>' . '<input type=text name=FirstName' . $row["FirstName"] . '</td>';, you need to close the tag. And also have no need of separate <td> of <input>.
Try something like :)
#update I realized that you've got what was wished. Cheers.

PHP/ SQL restricting viewing rights

I want to ensure "StaffID" is stored when the "View Contacts" page is loaded from a link, rather than straight from the Login Form
LOGIN FORM:
<?php session_start(); // Start PHP session
$StaffID = isset($_SESSION["StaffID"]) ? $_SESSION["StaffID"] : "";?>
<form name="staffaccess" method="post" action="staff-login.php">
<table border="1" cellpadding="3" cellspacing="1">
<tr>
<td colspan="3"><strong>Staff Login </strong></td>
</tr>
<input type="hidden" name="StaffID" id="StaffID" value="<?php echo $StaffID; ?>" />
<tr>
<td>Username:</td>
<td><input name="StaffUsername" size= "30" type="text" id="StaffUsername" value="<?php echo $StaffUsername; ?>"/></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="StaffPassword" size= "30" type="text" id="StaffPassword" value="<?php echo $StaffPassword; ?>"/></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="Submit" value="Login"/></td>
</tr>
</table>
</form>
LOGIN CHECK:
<?php session_start(); // Start PHP session?>
<body>
<?php
$_SESSION["StaffUsername"] = isset($_POST["StaffUsername"]) ? $_POST["StaffUsername"] : "";
$_SESSION["StaffPassword"] = isset($_POST["StaffPassword"]) ? $_POST["StaffPassword"] : "";
$_SESSION["StaffID"] = isset($_GET["StaffID"]) ? $_GET["StaffID"] : "";
<?php
//connect to database//
$dbc = mysql_connect("", "", "");
if (!$dbc)
die ('Could not connect: ' .mysql_error());
//select database//
$db_selected = mysql_select_db("tafe", $dbc );
if (!$db_selected)
die ('Could not connect: ' . mysql_error());
// username and password sent from form
$StaffUsername=$_POST['StaffUsername'];
$StaffPassword=$_POST['StaffPassword'];
// To protect MySQL injection (more detail about MySQL injection)
$StaffUsername = stripslashes($StaffUsername);
$StaffPassword = stripslashes($StaffPassword);
$StaffUsername = mysql_real_escape_string($StaffUsername);
$StaffPassword = mysql_real_escape_string($StaffPassword);
$qry=("SELECT * FROM staffaccess WHERE Username= '" . $StaffUsername . "' AND Password= '" .$StaffPassword ."'");
$rst = mysql_query($qry, $dbc);
$row = mysql_fetch_array($rst);
if ($row["Username"]==$StaffUsername && $row["Password"]==$StaffPassword)
{
$_SESSION["StaffID"] = $row["StaffID"];
echo "Your login was successful";
echo "</br></br>";
echo "<a href=list-contacts.php>Continue</a>";
}
else {
echo "Sorry your details are not valid";
echo "</br></br>";
echo "<a href=staff-login.htm>Return</a>";
}
?>
VIEW CONTACTS (i only want this to allow to view contacts that particular user has added)
<?php
//connect to database
$dbc = mysql_connect("", "", "");
if (!$dbc)
die ('Could not connect: ' .mysql_error());
//select database
$db_selected = mysql_select_db("tafe", $dbc );
if (!$db_selected)
die ('Could not connect: ' . mysql_error());
$StaffID = (int)$_GET['StaffId'];
// build sql insert statement
**$qry = "SELECT * FROM contacts WHERE StaffID= $StaffID ORDER by name ASC";**
//run insert satement against database
$rst = mysql_query($qry, $dbc);
// print whether successful or not
if ($rst)
{
if (mysql_num_rows($rst)>0) // check that there are records
{
echo "<table border=\"1\" cellspacing=\"0\">";
/***print out field names***/
echo "<tr>"; // start row
for ($i=0; $i<mysql_num_fields($rst); $i++) // for each field print out field name
{
echo "<th>" . mysql_field_name($rst, $i) . "</th>";
}
echo "<th> </th>";
echo "<th> </th>";
echo "</tr>";
/***print out field values***/
while ($row = mysql_fetch_array($rst)) // fetch each of the rows
{
echo "<tr>";
echo "<td>".$row['ContactID']."</td>";
echo "<td>".$row['Name']."</td>";
echo "<td>".$row['Address']."</td>";
echo "<td>".$row['Phone']."</td>";
echo "<td>".$row['Mobile']."</td>";
echo "<td>".$row['Email']."</td>";
echo "<td><a href='edit-contact.php?id=".$row['ContactID']."'>Edit</a></td>";
echo "<td><a href='delete-contact.php?id=".$row['ContactID']."'>Delete</a></td><tr>";
echo "</tr>";
}
echo "</table>";
}
else
{
echo "<b><font color='black'>No records returned.</font></b>";
}
}
else
{
echo "<b><font color='red'>Error: ".mysql_error($dbc) . "</font></b>";
}
?>

you didnt pass the staff id on contact page so you pass the staff id like this
change following change in logincheck page
if ($row["Username"]==$StaffUsername && $row["Password"]==$StaffPassword)
{
echo "Your login was successful";
echo "</br></br>";
echo "Continue";
}
you can also use session for logged user

Depending on you mysql version, you may need to quote your where properties, I'm not sure if this is causing your problem, but it may be related. Also, are you sure that your value for the StaffID field is being correctly inserted into the database?

I checked the code and you are using
echo "<a href=list-contacts.php>Continue</a>";
to send user to see the contacts and in this page you are doing
$StaffID = (int)$_GET['StaffId'];
So you need to pass that value in the query string as
echo "Continue";

Categories