I get the id trough the link, this is no problem because there is a table "id" in the database, but i also want to pass the value from input field "quantity" trough the link.. Thank you in advance!
<?php
require_once 'database.php';
$id = $_GET['id'];
$query = sprintf("SELECT * FROM products WHERE id = '%s'", $id);
$result = mysql_query($query);
while( $row = mysql_fetch_assoc($result)) {
echo '<table>';
?>
<form action="add.php?id=<?php echo $row['id'];?>" method="POST">
<fieldset>
<legend> ADD quantity </legend>
Quantity: <br>
<input type="text" name="quantity" size="15"> </input> </br>
<input type="submit" value="Add" />
</fieldset>
</form>
?>
You are submitting a post request, so you should be able to get it like this :
$quantity = $_POST['quantity'];
If you want to send multiple GET values you can separate them via & (&).
You can do this:
link
Note: is better (standard) to use & instead of &. like this:
link
Use the $_POST var, as it follows:
$quantity=$_POST['quantity'];
But please, don't put the $id var and the $quantity directly on the sql query it will lead to mysql-injection attacks. Use PHP's PDO class or sanitized your input with proper function (like mysqli::real_escape_string()). And please not that mysql_* functions are deprecated since php 5.5 and removed since php 7.0.
you will have to use this:
<form action="add.php?id=<?php echo $row['id'];?>" method="GET">
<fieldset>
<legend> ADD quantity </legend>
Quantity: <br>
<input type="text" name="quantity" size="15"> </input> </br>
<input type="submit" value="Add" />
</fieldset>
</form>
And Get data from:
$_GET['quantity']
Related
new to PHP here
I have a page that loops through a DB and displays the contents of the table.
When the delete button is pressed I would like to delete that entry in the DB.
Right now when the button is pressed and the page goes to delete.php I keep getting Undefined index: userid
Here is the first page:
<?php
foreach($rows as $row){
$userid = $row['userid'];
$pName = $row['pName'];
$pDesc = $row['pDesc'];
$dDate = $row['dDate'];
?>
<div class="project-container">
<label>Project ID:</label>
<span><?php echo $userid; ?></span><br>
<label>Project Owner:</label>
<span><?php echo $pName; ?></span><br>
<label>Project Description:</label>
<span><?php echo $pDesc; ?> </span><br>
<label>Project Due Date:</label>
<span><?php echo $dDate; ?> </span><br>
<br>
<form action="#" method="GET">
<input type="submit" name="delete" value="Delete Project">
</form>
<form action="index.php">
<input type="submit" name="update" value="Update Project">
</form>
</div>
<br>
<br>
</div><br><br><?php } ?>
and this is delete.php:
include('connect.php');
$userid = $_GET['userid'];
echo $userid;
$sql = "DELETE FROM projecttable WHERE userid = '$userid'";
$conn->exec($sql);
Any help is appreciated, thank you
Try this. It will send a variable in the GET array named userid with the userid value to delete.php:
<form action="delete.php" method="GET">
<input type="hidden" name="userid" value="<?php echo $userid; ?>">
<input type="submit" name="delete" value="Delete Project">
</form>
The action attribute in the form tag will direct where to sent the request which is the delete.php script and the method will tell it to use the GET array which basically puts the keys and values in the URL itself. You could alternately do this by modifying the action field instead of using an input field. I just like this way for readability.
Because input fields are usually visible, using a hidden field prevents it from being displayed on the web page, but it's easy to manage in the code. The name attribute of the input field determines the name of the key in the GET array and the value attribute determined the value of that element in the GET array. So it ends up being $_GET['name_attribtue'] = value_attribute in your PHP script.
Just for example. If you changed the form method attribute to POST, your PHP script would need to use the $_POST array instead of the $_GET array.
I am trying want to ouput a string ,stored in a variabel, in a label on a page when i click on a button.
But i can't find out how. Still a beginner.
<form action="Test.php" method="post">
Output text: <input type="label" name="word" />
<input type="submit" method="submit" value="Print!" />
</form>
<?php
$word = "test";
if (isset($_POST['submit']))
{
//something that gives the label value $word//
}
?>
There are a few things wrong with your code.
Let me outline them.
Your submit input should have a name attribute, since your conditional statement is based on it if (isset($_POST['submit'])){...}, something I've modified to check if the input is not left empty, using PHP's empty() function.
The input type you have for your "Output text" is invalid, it should be type="text" and not type="label", there is no type="label".
method="submit" for your submit button is invalid for a few reasons. Method belongs in <form> and there is no method="submit".
You then need to assign a POST variable from the input:
such as:
$word = $_POST['word'];
Plus, from what looks to me that you're executing the entire code from within the same page, you can just do action="", unless your code is set in 2 seperate files.
In regards to what you want to achieve: You can then echo the input (if one was entered) using a ternary operator and giving it (the input) a value.
I.e.:
value="<?php echo isset($_POST['word']) ? $_POST['word']: '' ?>"
Here:
<form action="" method="post">
Output text: <input type="text" name="word" value="<?php echo isset($_POST['word']) ? $_POST['word']: '' ?>" />
<input type="submit" name="submit" value="Print!" />
</form>
<?php
if ( isset($_POST['submit']) && !empty($_POST['word']) )
{
$word = $_POST['word'];
echo $word;
}
?>
If you want to use a "label" for your input, then use:
<label for="word">Output text:
<input type="text" name="word" />
</label>
You should also guard against XSS attacks (Cross-side scripting) using:
http://php.net/strip_tags
http://php.net/htmlentities
http://php.net/manual/en/function.htmlspecialchars.php
I.e.:
$word = strip_tags($_POST['word']);
$word = htmlentities($_POST['word']);
$word = htmlspecialchars($_POST['word']);
A few articles you can read on XSS:
http://en.wikipedia.org/wiki/Cross-site_scripting
https://www.owasp.org/index.php/XSS_%28Cross_Site_Scripting%29_Prevention_Cheat_Sheet
Your code should look like this
<form action="Test.php" method="post">
Output text: <input type="label" name="word" value ="<?php echo isset($label['data'])?$label['data']: '' ?>" />
<input type="submit" method="submit" value="Print!" />
</form>
<?php
$word = "test";
$label = array();
if (isset($_POST['submit']))
{
//something that gives the label value $word//
$label['data'] = $word;
}
?>
This should work
Regards
Ahmad rabbani
First of all your input element has type = label, it doesn't mean anything. Change it to type=text
And you are submitting value but not printing it. So in input field you have to print it also.
Look below code.
<?php
$word = "test";
if (isset($_POST['submit']))
{
// whatever you do with $word
}
?>
<form action="Test.php" method="post">
Output text: <input type="text" name="word" value="<?php echo $word; ?>"/>
<input type="submit" name="submit" value="Print!" />
</form>
UPDATE
One more thing I forgot to mention that you are submitting form to Test.php and printing this to file, if this file's name is Test.php then not an issue, other wise leave action property blank, so it submit data to itself.
method = submit there is nothing like this. you can set button name to submit, like name= "submit".
I've created a members area where a user can update their bio. The problem is that the information the user submits isn't updating the rows in the database.
Member's Area
<body bgcolor="#E6E6FA">
<button>Log Out</button><br><br>
<input type="text" name="age"placeholder="Enter a your age."><br>
<input type="text" name="bio"placeholder="Enter your bio.">
<input type="submit" name="submit" value="Submit your details!">
PHP
<?php
if(isset($_POST['submit'])){
$con=mysql_connect("localhost","root","****","****");
// Check connection
if (mysql_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$age = mysql_real_escape_string($_POST['age']);
$bio = mysql_real_escape_string($_POST['bio']);
$name = mysql_real_escape_string($_SESSION['username']);
mysql_query($con,"UPDATE accs SET age='.$age.' WHERE name='.$name.'");
mysql_query($con,"UPDATE accs SET bio='.$bio.' WHERE name='.$name.'");
mysql_close($con);
};
?>
</body></html>
Any Ideas as to what is wrong here?
in your HTML page, the form should be inside the <form></form> tags
<form method="post" action="update.php">
<input type="text" name="age" placeholder="Enter a your age.">
<br>
<input type="text" name="bio" placeholder="Enter your bio.">
<input type="submit" name="submit" value="Submit your details!">
</form>
In your PHP page - to check the results, you can temporarily echo $age; echo $bio;
As you are using $_SESSION['username']; I think you are missing session_start(); to the top of your PHP code.
Also mysql_query only needs the SQL command, and not the connection ($con), that is mysqli, which is strongly advised to use instead of mysql_*.
As a side note, don't rely on user names in your database as the update criteria. If not already introduced, you can add an ID column to your table
a) create a proper submit form. use form tags around your form fields.
b) check, that the form is correctly submitted, by checking the $_POST array.
var_dump($_POST);
c) check, that you have values for the fields that you want to insert.
do a var_dump() before mysql_query(), to see what's going on.
var_dump($age, $bio, $name);
d) combine your two query calls into one:
mysql_query($con, "UPDATE accs SET age='.$age.', bio='.$bio.' WHERE name='.$name.'");
If you want to use the page it self to process your request, then empty the action property of your form. For example :
<form method="post" action="">
<input type="text" name="age"placeholder="Enter a your age."><br>
<input type="text" name="bio"placeholder="Enter your bio.">
<input type="submit" name="submit" value="Submit your details!">
</form>
Hi I'm quite new to php and I'm currently making a webpage similar to the ones used by supermarkets for stock management control as part of an assignment. I have the following form where the cashier would enter the product Id and the quantity of the item being purchased.
The form will then call another php file named cashsale.php which will take these inputs and update the tables in my database so that levels of stock on shelves in supermarkets are up to date with the new amounts (i.e. older qty - qty entered) and management can be advised when reorder is needed.
As it is the form works well, however I was advised to edit it in a way that a cashier can enter multiple products and quantities before submitting (i.e. the form will sort of show itself again) and allow the user to edit or remove any items before actually submitting the values to cashsale.php to manipulate the tables. I seem to be at a loss as to how this can be done.
I wanted to create a new button named "Add" which would display the form again, i.e. allow the user to check in more items, but I am confused as to how this can be done and also as to how I will be able to update tables then since I would be having more then just 2 inputs.
Can anyone help me on this please? Thanks in advance. The following is my html form:
center form action="cashsale.php" method ="post"
Product ID: <input name= "id" type="int" > <br>
Quantity:<input name="qty" type="int">
<input type="button" name = "Add" onclick="add">
<input type="Submit" name ="Submit" value = "Submit">
form center
I was not allowed to use html tags for form and center so I removed the < >. The following is some of the modifications done in the cashsale.php file just to give a clearer example.
$result = mysql_query("SELECT * FROM shelfingdetails where prodId =' " .$id. " '");
if (!$result){
die (mysql_error());
}
while ($row =mysql_fetch_array($result))
{
$qtyOnShelf= $row ['QtyOnShelf'];
$max=$row['max'];
$newQtyShelf=$qtyOnShelf-$qty;
}
$update=mysql_query("UPDATE shelfingdetails SET QtyOnShelf ='". $newQtyShelf. "' where prodId = '". $id. "';");
I hope someone can help. Thanks!
You just have to pass an array. For this you have to generate the inputs with PHP or javascript (I'm gona use jQuery to keep the code nice and simpe).
If you use PHP:
// PHP
<?php
if(isset($_POST['submit']) && $_POST['submit']){
//save data
} elseif(isset($_POST['Add']) && $_POST['Add']) {
$max = (int)$_POST['max']
} else { $max = 1; }
?>
<form action="" method="post">
<?php
for($i = 0;$i < $max;$i++){
?>
Product ID: <input name="id[]" type="int" > <br>
Quantity: <input name="qty[]" type="int">
<?php
}
?>
<input type="hidden" name="max" value="<?= $i; ?>" />
<input type="submit" name="Add" />
<input type="submit" name="Submit" value="Submit" />
</form>
If yo use Javascript:
//HTML
<form action="" method="post" id="form">
<div id="add">
Product ID: <input name="id[]" type="int" > <br>
Quantity: <input name="qty[]" type="int">
</div>
<input type="hidden" name="max" value="<?= $i; ?>" />
<input type="button" name="Add" onclick="addRow();" />
<input type="submit" name="Submit" value="Submit" />
</form>
// jQuery
function addRow(){
$("#add").append("<br />Product ID: <input name='id[]' type='int' >" +
"<br />Quantity: <input name='qty[]' type='int'>");
}
you have to use id[] and qty[] to pass them as an array and with the add button generate as many of them as you need. Like so:
Product ID: <input name="id[]" type="int" > <br>
Quantity: <input name="qty[]" type="int"> <br>
Product ID: <input name="id[]" type="int" > <br>
Quantity: <input name="qty[]" type="int"> <br>
Product ID: <input name="id[]" type="int" > <br>
Quantity: <input name="qty[]" type="int">
<input type="button" name = "Add" onclick="add">
Then on the backand use for loop to save all the data.
$max = count($_POST['id']);
$id = $_POST['id'];
$newQtyShelf = $_POST['qty'];
for($i = 0;$i < $max;$i++){
$update=mysql_query("UPDATE shelfingdetails
SET QtyOnShelf ='". (int)$newQtyShelf[i]. "'
WHERE prodId = '". (int)$id[i]. "';");
}
I just wanted to show you the idea, please don't use this specific code, because you should use mysqli instead of mysql and also mysqli_escape_string to make sure that the user not submits incorrect data.
I need to pass some data with these 2 methods together ( GET AND POST ).
I write this method, but I don't know if it is safe:
<form method="post" action="profile.php?id=<?php echo $_SESSION['id']; ?>" enctype="multipart/form-data">
<input type="text" size="40" name="title" >
<textarea name="description" rows="2" cols="30"></textarea>
<input id="starit" name="submit" value="Create" type="submit" />
</form>
<?php
a= $_GET['id'];
b= $_POST['title'];
c= $_POST['description'];
?>
Is this code safe ? Or there are other ways to do that ?
This is not a combined GET and POST request; rather, it's a POST request with query parameters.
What you have written would be the right way. Always make sure that you get the expected fields:
if (isset($_GET['id'], $_POST['title'], $_POST['description']) {
// go ahead
}
Btw, make sure that you escape your output:
<form method="post" action="profile.php?id=<?php echo rawurlencode($_SESSION['id']); ?>">
And if you're not uploading files, you don't need to set the enctype of your <form>.
you can use both and get with REQUEST instead of GET or POST, with the same name of params it will get the "request-order" order GET and then POST by default.
http://php.net/request-order
it is in php.ini
This is better :
<form method="post" action="profile.php?id=<?php echo urlencode($_SESSION['id'])); ?>">
don't write method attribute in your form condition
and add formmethod=" " attribute in input...
for example:
<input type="submit" formmethod="get" name="inputGet" value="updateGet" >
<input type="submit" formmethod="post" name="inputPost" value="updatePost" >