Okay guys, I'm newbie here but
1. I want to UPDATE my sql after I input number on the text box. it echos correctly but doesn't change the DB.
2. I want to remove the first submit button and make it onchange event.
I'm really confused here. Thanks guys! This work is almost done. been doing it for a long time already. I'm still learning php, please bear wit me. thanks
<?php
$conn = new mysqli('localhost', 'root', 'jared17', 'hbadb')
or die ('Cannot connect to db');
$result = $conn->query("select * from english");
echo "<html>";
echo "<body>";
echo "<form name='form' method = POST>";
echo "<select name = 'Students'>";
while ($row = $result->fetch_assoc()) {
$LRN = $row['LRN'];
$Last = $row['Last_Name'];
$First = $row['First_Name'];
echo '<option value="'.$LRN.'">'.$Last.', '.$First.'</option>';
}
echo "</select>";
echo "<input type='submit' name='submit' value='Show'>";
if (isset($_POST['Students'])) {
$lrn = $_POST['Students'];
$stmt = $conn->prepare("SELECT Last_Name, First_Name, Level, Q1, Q2, Q3, Q4, FINAL FROM english WHERE LRN = ?");
$stmt->bind_param('i', $lrn);
$stmt->execute();
$stmt->bind_result($last, $first, $level, $q1, $q2, $q3, $q4, $final);
$stmt->fetch();
echo "<table><tr><th>LRN</th><th>Name</th><th>Level</th><th>Q1</th><th>Q2</th><th>Q3</th><th>Q4</th><th>Final</th></tr>";
echo "<tr><td>$lrn</td><td>$last, $first</td><td>$level</td><td>$q1</td><td>$q2</td><td>$q3</td><td>$q4</td><td>$final</td></tr></table>";
}
///////////EDIT DATA
echo "Edit Data: ";
echo "<select name = 'Edit'>";
echo '<option value=Q1>Q1</option>';
echo '<option value=Q2>Q2</option>';
echo '<option value=Q3>Q3</option>';
echo '<option value=Q4>Q4</option>';
echo '<option value=FINAL>FINAL</option>';
echo '<input type="number" name="editdata">';
echo "</select>";
echo "<input type='submit' name='submit2' value='Edit Now'>";
if (isset($_POST['Edit'])) {
$upd = $_POST['Edit'];
$txt = $_POST['editdata'];
$now = "UPDATE english SET $upd=$txt WHERE LRN=$lrn";
$result2 = $conn->query($now);
echo $now;
}
echo "</form>";
echo "</body>";
echo "</html>";
?>
You need to wrap your input in quotes or else SQL thinks you're trying to reference columns instead of strings.
$now = "UPDATE english SET $upd=\"$txt\" WHERE LRN=\"$lrn\"";
or if you prefer single quotes to avoid escaping w backslash then this should work the same:
$now = "UPDATE english SET $upd='$txt' WHERE LRN='$lrn'";
Also, this is not best practice, as mentioned by chris85 you are subject to injection attacks, if you want best practice then you want to use this: http://php.net/manual/en/mysqli-stmt.bind-param.php
Related
<?php
$DatabaseServer = "localhost";
$DatabaseUsername = "root";
$DatabasePassword = "root";
$DatabaseName = "demo";
$Connection = mysqli_connect($DatabaseServer, $DatabaseUsername, $DatabasePassword, $DatabaseName);
if ($Connection === false) {
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sqlusers = "select * from user";
$result = mysqli_query($Connection, $sqlusers);
echo "<form method='POST'>";
while($rowuser = mysqli_fetch_array($result)){
$user = $rowuser['FirstName'];
echo "<input type='text' name='firstName' value='$user' readonly>";
echo "<select name='attendanceType'>";
$sqltype = "select * from attendancetype";
$resultaType = mysqli_query($Connection, $sqltype);
while($rowtype = mysqli_fetch_array($resultaType)){
echo "<option>";
echo $rowtype['name'];
echo "</option>";
}
echo "</select>";
echo "<br>";
}
echo "<input type='submit' name='submit' value='submit'>";
echo "</form>";
?>
Users table.
INSERT INTO `user` (`UserID`, `FirstName`, `LastName`, `Email`, `Password`, `City`) VALUES
(7, 'Rahul', 'Rajshekaran', 'Rahul#zzz.xxx', 'Rahul#123', 'Pune'),
(8, 'Mahesh', 'Krishna', 'Mahesh#xxx.xxx', 'Mahesh#123', 'Delhi');
attendancetype table:
INSERT INTO `attendancetype` (`attendanceTypeID`, `name`) VALUES
(0001, 'Present'),
(0002, 'Absent');
How can I inserting data into table on a single submission of form?
your code has one mistake. If you are looping form elements, you must achieve, that every input has the unique name.
$i = 0;
while($rowuser = mysqli_fetch_array($result)){
$user = $rowuser['FirstName'];
echo "<input type='text' name='firstName[".$i."]' value='$user' readonly>";
echo "<select name='attendanceType[".$i."]'>";
$sqltype = "select * from attendancetype";
$resultaType = mysqli_query($Connection, $sqltype);
while($rowtype = mysqli_fetch_array($resultaType)){
echo "<option>";
echo $rowtype['name'];
echo "</option>";
}
echo "</select>";
echo "<br>";
$i++;
}
process form with:
<?php
mysqli_set_charset($Connection, "utf8");
foreach($_POST['firstName'] as $i => $user) {
$sql = "insert into table set attendance_type = '".mysqli_real_escape_string($Connection, $_POST['attendanceType'][$i])."' where user='".mysqli_real_escape_string($Connection, $user)."'";
mysqli_query($Connection, $sql);
}
?>
escapeFunction is used as a refferer to the fact, that you should escape somehow (there are more ways) every input and it needs to be replaced or defined
I have a PHP search form for searching in a SQL table.
All together it works great, but there is one thing I like to change.
The whole table is visible on the screen BEFORE the search.
I would like to mention only the records after a search.
Does anybody know to hide the table in PHP?
Many thanks in advance!
HTML
<form action="" method="post">
<input type="text" name="search" placeholder="Search">
<input type="submit" value="Submit" />
</form>
PHP
<?php
$host = "******";
$user = "******";
$password = "******";
$database_name = "vangsten";
$pdo = new PDO("mysql:host=$host;dbname=$database_name", $user, $password, array(
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
));
$search=$_POST['search'];
$query = $pdo->prepare("select * FROM meldingen WHERE soort LIKE '%$search%' OR zone LIKE '%$search%' LIMIT 0 , 10");
$query->bindValue(1, "%$search%", PDO::PARAM_STR);
$query->execute();
if (!$query->rowCount() == 0) {
echo "<table style=\"margin:50px auto;\">";
echo "<tr><td>VISSOORT</td><td>LENGTE</td><td>AANTAL</td><td>ZONE</td></tr>";
while ($results = $query->fetch()) {
echo "<tr><td>";
echo $results['soort'];
echo "</td><td>";
echo $results['lengte'];
echo "</td><td>";
echo $results['aantal'];
echo "</td><td>";
echo $results['zone'];
echo "</td></tr>";
}
echo "</table>";
} else {
echo 'Nothing found';
}
?>
This is because even when there is no search passed you will end up running the query: with WHERE sort LIKE '%%'
You should check if a search has been passed first
if(array_key_exists('search',$_POST) && !empty($_POST['search'])){
$search=$_POST['search'];
$query = $pdo->prepare("select * FROM meldingen WHERE soort LIKE '%$search%' OR zone LIKE '%$search%' LIMIT 0 , 10");
$query->bindValue(1, "%$search%", PDO::PARAM_STR);
$query->execute();
if (!$query->rowCount() == 0) {
echo "<table style=\"margin:50px auto;\">";
echo "<tr><td>VISSOORT</td><td>LENGTE</td><td>AANTAL</td><td>ZONE</td></tr>";
while ($results = $query->fetch()) {
echo "<tr><td>";
echo $results['soort'];
echo "</td><td>";
echo $results['lengte'];
echo "</td><td>";
echo $results['aantal'];
echo "</td><td>";
echo $results['zone'];
echo "</td></tr>";
}
echo "</table>";
} else {
echo 'Nothing found';
}
}
array_key_exists('search',$_POST) checks that there is a value with
the key 'search;'
!empty($_POST['search']) checks it is not just
an empty string. (You may want to allow this)
You could use isset($_POST['search']) instead of array_key_exists('search',$_POST) but array_key_exists is better practice as isset still returns false if the value is NULL
You can check if the user has clicked on the search button:
if (isset($_POST['search'])) {
// do your table generation here
}
Okay I just changed it to $_POST and it's now working. I'm not sure if this is the shortcut method. At least it's working now. You can help me shrink the code if you want to help me. thanks
<?php
$conn = new mysqli('localhost', 'root', 'jared17', 'hbadb')
or die ('Cannot connect to db');
$result = $conn->query("select * from english");
echo "<html>";
echo "<body>";
echo "<form method = POST>";
echo "<select name = 'Students'>";
while ($row = $result->fetch_assoc()) {
$LRN = $row['LRN'];
$Last = $row['Last_Name'];
$First = $row['First_Name'];
$Lvl = $row['Level'];
$Q1 = $row['Q1'];
$Q2 = $row['Q2'];
$Q3 = $row['Q3'];
$Q4 = $row['Q4'];
$Final = $row['FINAL'];
echo '<option value="'.$LRN.'|'.$Last.', '.$First.'|'.$Lvl.'|'.$Q1.'|'.$Q2.'|'.$Q3.'|'.$Q4.'|'. $Final.'">'.$Last.', '.$First.'</option>';
}
echo "</select>";
echo "<input type='submit' name='submit' value='Show'>";
echo "</form>";
$show = $_POST['Students'];
$show_explode = explode('|', $show);
echo "<table><tr><th>LRN</th><th>Name</th><th>Level</th><th>Q1</th><th>Q2</th><th>Q3</th><th>Q4</th><th>Final</th></tr>";
echo "<tr><td>". $show_explode[0]."</td><td>". $show_explode[1]."</td><td>". $show_explode[2]."</td><td>". $show_explode[3]."</td><td>". $show_explode[4]."</td><td>". $show_explode[5]."</td><td>". $show_explode[6]."</td><td>". $show_explode[7]."</td></tr>";
echo "</table>";
echo "</body>";
echo "</html>";
?>
Don't put all the details in the option value like that. Just put the ID in the value.
echo "<select name = 'Students'>";
while ($row = $result->fetch_assoc()) {
$LRN = $row['LRN'];
$Last = $row['Last_Name'];
$First = $row['First_Name'];
echo '<option value="'.$LRN.'">'.$Last.', '.$First.'</option>';
}
echo "</select>";
Then look it up in the database when the form is submitted.
if (isset($_POST['Students'])) {
$lrn = $_POST['Students'];
$stmt = $conn->prepare("SELECT Last_Name, First_Name, Level, Q1, Q2, Q3, Q4, FINAL FROM english WHERE LRN = ?");
$stmt->bind_param('i', $lrn);
$stmt->execute();
$stmt->bind_result($last, $first, $level, $q1, $q2, $q3, $q4, $final);
$stmt->fetch();
echo "<table><tr><th>LRN</th><th>Name</th><th>Level</th><th>Q1</th><th>Q2</th><th>Q3</th><th>Q4</th><th>Final</th></tr>";
echo "<tr><td>$lrn</td><td>$last, $first</td><td>$level</td><td>$q1</td><td>$q2</td><td>$q3</td><td>$q4</td><td>$final</td></tr></table";
}
You can use $foreach for minimum code when deal with Array. Here code goes
if(isset($_POST['submit'])){
// after post a form ur code goes here
$show = $_POST['Students']; $show_explode = explode('|', $show);
echo "<table><tr>
<th>LRN</th>
<th>Name</th>
<th>Level</th>
<th>Q1</th>
<th>Q2</th>
<th>Q3</th>
<th>Q4</th>
<th>Final</th>
</tr>";
echo "<tr>";
foreach($show_explode as $value){
echo "<td>".$value."</td>";
}
echo "</tr></table>
}
I'm having problems to find how to create an hyperlink in a table column result and then, on click, open another page with all fields (textboxes) filled. Imagine when a click an ID, i do a select * from table where column_id = ID... Is there a way to do it?
Thanks.
Best regards
I'm not completely sure what you are asking, but this may help you a bit.
First make a Javascript.
<script type="text/JavaScript">
function selectID() {
var ID = document.getElementById("ID").value;
document.location.href ="yoursite.php?ID="+ID;
}
</script>
Then connect to your database to query the table for a link ID (or more) for example by changing the variable $value.
<?php
//Connect to database
mysql_connect("host", "user", "pass");
mysql_select_db("db_name");
$value = 'something';
$ID = $_GET['ID'];
if (!$ID) {
$ID = 0;
}
if ($ID == 0) {
$query = "SELECT * FROM table WHERE `column_1` = '$value'";
$result = mysql_query($query);
echo "<table>";
while($myrow = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td>";
echo "ID";
echo "</td>";
echo "</tr>";
}
echo "</table>";
}
elseif ($ID > 0) {
$query2 = "SELECT * FROM table WHERE `column_id` = '$ID'";
$result2 = mysql_query($query2);
while($myrow2 = mysql_fetch_array($result2)) {
$value1 = $myrow2['column_1'];
$value2 = $myrow2['column_2'];
}
echo "<form type=\"GET\" action=\"$PHP_SELF\">";
echo "<input type=\"text\" id=\"ID\" name=\"ID\" value=\"$ID\"><br>";
echo "<input type=\"text\" id=\"value1\" name=\"value1\" value=\"$value1\"><br>";
echo "<input type=\"text\" id=\"value2\" name=\"value2\" value=\"$value2\"><br>";
echo "<input type=\"hidden\" id=\"search\" name=\"search\" value=\"searching\">";
echo "<input type=\"submit\" id=\"submitbutton\" name=\"submitbutton\" value=\" Search \">";
echo "</form>";
}
?>
Is it possible to execute an UPDATE in a mysql_fetch_array() loop? Like this:
$query = "SELECT * FROM inbox";
$result = mysql_query($query) or die(mysql_error());
while ($row = mysql_fetch_array($result) or die(mysql_error())){
echo "<div>";
echo "<form method='POST'>";
echo "<h1>".$row['link']."</h1>";
echo "<h3>".$row['tittle']."</h3> na";
echo "<input type='text' name='tittle'>";
echo "<h3>".$row['content']."</h3>";
echo "<textarea name='content'></textarea>";
echo "<input type='submit' name='".$row['link']."' value='Change'>";
echo "</form>";
echo "</div>";
$tit = $_POST['tittle'];
$ten = $_POST['content'];
$link = $row['link'];
if (isset($_POST[$link])) { mysql_query("UPDATE inbox SET tittle='$tit' content='$ten' WHERE link='$link'");}
}
It have to do update in mysql_fetch_array(), because I wanna to change content of that things.
You have an error in your syntax as the values should be , delimited:
if (isset($_POST[$link])) {
mysql_query("
UPDATE inbox SET tittle='$tit',
content='$ten'
WHERE link='$link'
");}
Note:
You should take a look at the mysqli class to handle your future queries. It's just as simple as your current method, but more secure and not deprecated.