I'm doing project and i want to update user profile using php mysql when i click
on update button it show that there are error in line 17. please help to find the error.
<?php
session_start();
if(!isset($_SESSION["n"]))
{
header("location:error.php");
}
if(isset($_POST["s"]))
{
$name=$_POST["nm"];
$lname=$_POST["lnm"];
$address=$_POST["ad"];
$u=$_SESSION["un"];
$query = "SELECT * FROM signup";
$result=mysqli_query($result,$query) or die(mysqli_connect_error());
$i=0;
while($row=mysqli_fetch_array($result))
{
$roll[$i]=$row['rollno'];
$i++;
}
$total_elmt=count($roll);
require_once("vars.php");
$conn=mysqli_connect(host,uname,pass,db) or die(mysqli_connect_error());
$query="update signup set name='$nm',lname='$lnm',address='$ad' where user_id='$value'";
$execute=mysqli_query($conn,$query);$r=mysql_affected_rows();
mysqli_close($conn);
$msg="Your information is submitted successfully";
}
?>
you need to open the database first to run the select query.
move this line to the top:
$conn=mysqli_connect(host,uname,pass,db) or die(mysqli_connect_error());
you are using mysqli_query function wrong. it should be
$result=mysqli_query($conn,$query) or die(mysqli_connect_error());
Now i have updated your code
<?php
session_start();
if(!isset($_SESSION["n"]))
{
header("location:error.php");
}
if(isset($_POST["s"]))
{
$name = $_POST["nm"];
$lname = $_POST["lnm"];
$address = $_POST["ad"];
$u = $_SESSION["un"];
$conn = mysqli_connect(host,uname,pass,db) or die(mysqli_connect_error());
$query = "SELECT * FROM signup";
$result = mysqli_query($conn, $query);
$i=0;
while($row=mysqli_fetch_array($result))
{
$roll[$i]=$row['rollno'];
$i++;
}
$total_elmt=count($roll);
require_once("vars.php");
$query="update signup set name='$nm',lname='$lnm',address='$ad' where user_id='$value'";
$execute=mysqli_query($conn,$query);
$r=mysql_affected_rows();
mysqli_close($conn);
$msg="Your information is submitted successfully";
}
?>
Related
when i insert data my select query is not working and data is directly insert. My search query is not working but data is directly inserted.please help me.how my serach query is start please check the code.
session_start();
error_reporting(0);
include('includes/config.php');
if(strlen($_SESSION['alogin'])=="")
{
header("Location: index.php");
}
else{
if(isset($_POST['submit']))
{
$classname=$_POST['classname'];
$classnamenumeric=$_POST['classnamenumeric'];
$section=$_POST['section'];
$q="SELECT * FROM tblclasses Where (ClassName='$classname' AND Section='$section');";
$res=mysqli_query($dbh,$q);
if (mysqli_num_rows($res) > 0) {
$row = mysqli_fetch_assoc($res);
if($classname==$row['ClassName'] && $section==$row['Section'])
{
echo '<script>alert("already exists")</script>';
}
}else{
$sql="INSERT INTO tblclasses(ClassName,ClassNameNumeric,Section) VALUES(:classname,:classnamenumeric,:section)";
$query = $dbh->prepare($sql);
$query->bindParam(':classname',$classname,PDO::PARAM_STR);
$query->bindParam(':classnamenumeric',$classnamenumeric,PDO::PARAM_STR);
$query->bindParam(':section',$section,PDO::PARAM_STR);
$query->execute();
$lastInsertId = $dbh->lastInsertId();
if($lastInsertId)
{
$msg="Class Created successfully";
}
else
{
$error="Something went wrong. Please try again";
}
}
}
?>```
This is my script delete.php:
<?php
if (isset($_GET['delete'])) {
include_once 'connect.php';
$id = mysqli_real_escape_string($conn, $_GET['delete']);
$sql = mysqli_query($conn, "DELETE FROM tabel WHERE id=$id");
$query_execute = mysqli_query($conn,$sql);
if ($query_execute) {
header("location: ../task.php?qdel=success");
} else {
echo mysqli_error($conn);
header("location: ../task.php?edel=error");
}
mysqli_close($conn);
?>
When I click delete, the page does not redirect. I get this error:
"You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '1' at line 1".
But when I click back in my browser, the row is deleted. What am I missing?
I'm using this code... prepare statement work fine in my case...
<?php
if (isset($_GET['delete'])) {
include 'connect.php';
$id = $_GET['delete'];
$deleteString = "DELETE FROM penempatan WHERE id = ?";
$preparedDeleteStmt = mysqli_prepare($conn, $deleteString);
mysqli_stmt_bind_param($preparedDeleteStmt, 'i', $id);
if (!mysqli_stmt_execute($preparedDeleteStmt)) {
mysqli_close($conn);
die("The system is not available, try again later");
header("location: ../tugas.php?edel=error");
}
if(mysqli_stmt_store_result($preparedDeleteStmt)) {
header("location: ../tugas.php?qdel=success");
}
}
?>
I cannot update the values in my table with this code, if the update is successful the page should redirect in ('Location:ui.php'), how can this be achieved?
<?php
ob_start();
include('dbconnect.php');
$code=$_GET['stallcode'];
if(isset($_POST['submit']))
{
$pcost = $_POST['pcost'];
$tcost = $_POST['tcost'];
$cash = $_POST['cash'];
$change = $_POST['change'];
if (($cash == '0'))
{
$pstatus="0";
}
else
{
$pstatus="1";
}
$updated=mysql_query("UPDATE tbl_stallowner SET
paymentstatus='$pstatus', penaltycost='$pcost', totalcost='$tcost', cash='$cash', change='$change'
WHERE stallcode='$code'")or die();
if($updated)
{
$msg="Successfully Updated!!";
header('Location:ui.php');
}
} //update ends here
ob_end_flush();
?>
As you redirects users by checking if($updated) is true, this will not work, you should check the number of affected rows instead using mysql_num_rows.
Also remember to exit; after header() to stop the execution.
$num_rows = mysql_num_rows($updated);
if($num_rows > 0)
{
$msg="Successfully Updated!!";
header('Location:ui.php');
exit;
}
Tip: You should not be using MySQL as it has already been deprecated, use MySQLi instead.
You want to use mysqli, not it's predecessor, mysql. Mysql is vulnerable and open to exploitation, here's what you should write in each of your files:
dbconnect.php
<?php
$conn = mysqli_connect("localhost","my_user","my_password","my_db");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
updatestallowner.php (or whatever you named it)
<?php
ob_start();
require('dbconnect.php');
$code = mysqli_real_escape_string($conn, $_GET['stallcode']);
if(isset($_POST['submit'])){
$pcost = mysqli_real_escape_string($conn, $_POST['pcost']);
$tcost = mysqli_real_escape_string($conn, $_POST['tcost']);
$cash = mysqli_real_escape_string($conn, $_POST['cash']);
$change = mysqli_real_escape_string($conn, $_POST['change']);
if ($cash == '0') {
$pstatus="0";
} else{
$pstatus="1";
}
$sql = "UPDATE tbl_stallowner SET paymentstatus='$pstatus', penaltycost='$pcost', totalcost='$tcost', cash='$cash', change='$change' WHERE stallcode='$code';";
$result = mysqli_query($conn, $sql);
if($result) {
$msg="Successfully Updated!!";
header('Location: ui.php');
exit;
} else {
die("Error updating!");
}
}
?>
Good luck!
Login.php
session_start();
<?php
$username = "root";
$password = "tiger";
$hostname = "localhost";
//connection to the database
$dbhandle = mysqli_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
//select a database to work with
/* #var $selected type */
$selected = mysqli_select_db($dbhandle,"sample")
or die("Could not select sample");
$name=(\filter_input(\INPUT_POST,'name'));
$phone=(\filter_input(\INPUT_POST,'phone'));
$email=(\filter_input(\INPUT_POST,'email'));
//$custno=(\filter_input(\INPUT_POST,'custno'));
if(!empty(\filter_input(\INPUT_POST,'continue')))
{
echo "<script type='text/javascript'>\n";
'check()';
echo "</script>";
$sql="insert into customersignin(name,phone,email)values('$name','$phone','$email')";
$result=mysqli_query($dbhandle,$sql) or die(\mysqli_error($dbhandle));
}
else
{
$sql1="insert into customersignin(custno)values(NULL)";
$result1=mysqli_query($dbhandle,$sql1) or die(\mysqli_error($dbhandle));
}
$sql2="select custno from customersignin";
$result2=mysqli_query($dbhandle,$sql2) or die (mysqli_error($dbhandle));
$row= mysqli_fetch_array($result2);
if(mysqli_num_rows($result2)>0)
{
echo "$_SESSION['custno']";
unset($_SESSION['custno'];
header('Location:customersvsoup.php');
}
mysqli_close($dbhandle);
$_SESSION[name]=(\filter_input(INPUT_POST,'name'));
customer.php
<body>
<?php session_start(); ?>
<input type="text" style="position: absolute;top:200px;" value="<?php echo $_SESSION["custno"]?>">
</body>
In the php file the customer log in is done,the custno is the auto generate field,i have 2 buttons called continue and skip,for both the auto generate works fine,after any of the button action is done,i need to display the custno in the text box of the next page using session.But the problem is the text box is empty when i run this code.But the session['name'] is working..Please help.
Your session_start(); should come at the beginning of the file in login.php. I see you using $_SESSION[custno] before it's called. That's why your textbox is empty.
Also it should be:
$_SESSION['custno']
$_SESSION['name']note the single quotes
Regarding your logical problem (in the comments) try:
$_SESSION['name'] = (filter_input(INPUT_POST, 'name'));
if (!empty(filter_input(INPUT_POST, 'continue')))
{
echo "<script type='text/javascript'>\n";
'check()';
echo "</script>";
$sql = "insert into customersignin(name,phone,email)values('$name','$phone','$email')";
$result = mysqli_query($dbhandle, $sql) or die(mysqli_error($dbhandle));
$sql2 = "select max(custno) as last_custno from customersignin";
$result2 = mysqli_query($dbhandle, $sql2) or die(mysqli_error($dbhandle));
if (mysqli_num_rows($result2) > 0)
{
$row = mysqli_fetch_assoc($result2);
$_SESSION['custno'] = $row['last_custno'];
header('Location:customersvsoup.php');
}
}
else
{
$sql1 = "insert into customersignin(custno)values(NULL)";
$result1 = mysqli_query($dbhandle, $sql1) or die(mysqli_error($dbhandle));
//since this bit of code is repeating,
//you could even use a function to shorten it
$sql2 = "select max(custno) as last_custno from customersignin";
$result2 = mysqli_query($dbhandle, $sql2) or die(mysqli_error($dbhandle));
if (mysqli_num_rows($result2) > 0)
{
$row = mysqli_fetch_assoc($result2);
$_SESSION['custno'] = $row['last_custno'];
header('Location:customersvsoup.php');
}
}
And please put the session_start(); inside after <?php. All php code should be within the PHP tags.
you have error in insert query:
$sql="insertintocustomersignin(name,phone,email)values('$name','$phone','$email')";
should be :
$sql="insert into customersignin(name,phone,email) values ('$name','$phone','$email')";
you should use quotes in array index :
$_SESSION[custno], $_SESSION[name] should be $_SESSION['custno'], $_SESSION['name']
I am trying to check if the session username matches the record in my database and if it does, I want to include a file.
This is my code
<?php
$username = $_SESSION['username'];
echo $username;
include('connect.php');
mysqli_select_db($connect,"persons");
$sql = "SELECT * FROM users WHERE sessionusername='$username'";
$r = mysqli_query($connect,$sql) or die(mysqli_error($connect));
$geez = mysqli_fetch_array($r);
if($geez)
{
include('check.php');
}
else
{
echo "error";
}
?>
The session username does not match the record in my database, yet the file is being included. Why?
OH, I FOUND THE ISSUE. IT IS CONSIDERING MY USERNAME TO BE ROOT...BUT WHEN I SAY ECHO $_SESSION['USERNAME'] IT IS CRAIG#CRAIG.COM..WHY SO>
<?php
$username = $_SESSION['username'];
echo $username;
include('connect.php');
mysqli_select_db($connect,"persons");
$sql = "SELECT sessionusername FROM users WHERE sessionusername='$username'";
$r = mysqli_query($connect,$sql) or die(mysqli_error($connect));
$geez = mysqli_fetch_array($r);
if($geez["sessionusername"]==$username)
{
include('check.php');
}
else
{
echo "error";
}
?>
You are simply testing whether the array $geez is empty or not. If the array has anything in it, you if($geez) will return true. To stop this behaviour, please see ceteras' answer, particularly this part:
if($geez["sessionusername"]==$username)
{
include('check.php');
}
I believe that's the only part that has changed.
Thanks,
James