For example, I have the following code:
<?php
$query = mysqli_query($connect, "SELECT * FROM user_thoughts WHERE added_by='$user' ORDER BY id DESC");
while ($row = mysqli_fetch_array($query)) {
$thought_id = $row['id'];
$message_content = $row['message'];
$date_of_msg = $row['post_details'];
$thoughts_by = $row['added_by'];
$attachent = $row['attachment'];
$shared = $row['shared'];
// for each post a user has made, a new div will be echo's
echo "
<div class='message_wrapper'>
// all content here which displays the message and author.
// consider this anchor link, and see $_GET approach below.
<a href='/inc/del_post.php?id=$thought_id>'>Delete </a>
<div id='toggleComment$thought_id' class='new_comment'>
<form action='' method='post' enctype='multipart/form-data'>
<table>
<tr>
<td>
<textarea id='txtarea' name='comment_msg' cols='80' maxlength='180' placeholder=' add your comment...'></textarea>
</td>
<td>
<input id='send' type='submit' name='send_comm' value='Share'/>
</td>
</tr>
</table>
</form>
</div>
</div>";
} // while loop closed
// sending comments to database
$comment = htmlentities(trim(strip_tags(#$_POST['comment_msg'])));
$comment = mysqli_real_escape_string($connect, $comment);
// if button is pressed, do this...
if(isset($_POST['send_comm'])){
if (!empty ($comment)){
$insert_comment = mysqli_query ($connect, "INSERT INTO user_comments VALUES ('','$comment','$username','$user','0','$thought_id')");
header ("Location: /profile_page/$user");
}
}
?>
Before, I had the 'send_comm' processing in the while loop, and when I use to submit the form, the comment would be added to all of a users posts. For example, Alice has made two posts, I add a comment to one, both posts will display that message (and two new rows in db).
Now, to fix the above issue, I have put the 'send_comm' processing, outside the while loop,but of course, with this $thought_id (which in in my INSERT) would be undefined. Also, having it outside the while loop provides no way of the comment knowing which thought_id is is assigned to. So to fix this, I tried to use $_GET:
$thought_id_from_anchor = $_GET ['id'];
// if button is pressed, do this...
if(isset($_POST['send_comm'])){
if (!empty ($comment)){
$insert_comment = mysqli_query ($connect, "INSERT INTO user_comments VALUES ('','$comment','$username','$user','0','$thought_id_from_anchor')");
header ("Location: /profile_page/$user");
}
}
But of course, since it is outside the while loop, I get an undefined error on id.
I just need a comment to be added to the $thought_id it is being added to.
You can simply add a hidden input to your form containing the value of $thought_id:
<form action='' method='post' enctype='multipart/form-data'>
<input type='hidden' name='thought_id' value='$thought_id'>
<table>
<tr>
<td>
<textarea id='txtarea' name='comment_msg' cols='80' maxlength='180' placeholder=' add your comment...'></textarea>
</td>
<td>
<input id='send' type='submit' name='send_comm' value='Share'/>
</td>
</tr>
</table>
</form>
Then when the form is submitted, you can access the value of thought_id using $_POST for your query (also cleaned it up a bit):
// if button is pressed, do this...
if (isset($_POST['send_comm'])) {
$_POST = array_map('trim', $_POST);
if (!empty($_POST['thought_id']) &&
!empty($_POST['comment_msg'])) {
$comment = htmlentities(strip_tags($_POST['comment_msg']));
$comment = mysqli_real_escape_string($connect, $comment);
$thought_id = mysqli_real_escape_string($connect, $_POST['thought_id']);
$insert_comment = mysqli_query ($connect, "INSERT INTO user_comments VALUES ('','$comment','$username','$user','0','$thought_id')");
header ("Location: /profile_page/$user");
}
else {
// empty fields; handle this accordingly
}
}
INSERT INTO user_comments VALUES ('','$comment'
What is that empty string?
I think that is the ID, so, IDs only accepts integer values, you can replace by null, or remove it.
INSERT INTO user_comments VALUES (null,'$comment'
INSERT INTO user_comments VALUES ('$comment'
if you want to use the id out side of the loop you will have to assing it >to a global variable.You will need to declare a variable in the global scope >and then use the global keyword with in the while loop. Once you do this you can use the thought_id variable any were you choose.
<?php
$query = mysqli_query($connect, "SELECT * FROM user_thoughts WHERE added_by='$user' ORDER BY id DESC");
$thought_id; // Declare the variable outside of the while loop in the global scope
while ($row = mysqli_fetch_array($query)) {
global $thought_id = $row['id'];
/*use the global keyword to assign the the value of this variable to the global variable and you will be able to use it out side of the while loop */
$message_content = $row['message'];
$date_of_msg = $row['post_details'];
$thoughts_by = $row['added_by'];
$attachent = $row['attachment'];
$shared = $row['shared'];
// for each post a user has made, a new div will be echo's
echo "
<div class='message_wrapper'>
// all content here which displays the message and author.
// consider this anchor link, and see $_GET approach below.
<a href='/inc/del_post.php?id=$thought_id>'>Delete </a>
<div id='toggleComment$thought_id' class='new_comment'>
<form action='' method='post' enctype='multipart/form-data'>
<table>
<tr>
<td>
<textarea id='txtarea' name='comment_msg' cols='80' maxlength='180' placeholder=' add your comment...'></textarea>
</td>
<td>
<input id='send' type='submit' name='send_comm' value='Share'/>
</td>
</tr>
</table>
</form>
</div>
</div>";
} // while loop closed
// sending comments to database
$comment = htmlentities(trim(strip_tags(#$_POST['comment_msg'])));
$comment = mysqli_real_escape_string($connect, $comment);
// if button is pressed, do this...
if(isset($_POST['send_comm'])){
if (!empty ($comment)){
$insert_comment = mysqli_query ($connect, "INSERT INTO user_comments VALUES ('','$comment','$username','$user','0','$thought_id')");
header ("Location: /profile_page/$user");
}
}
?>
Related
So I'm just making a simple program that puts names into a database. I got that part down, I can enter a name into a form, then display it on the page, but now I'd like to know how to delete them from the database, and no longer show them on the page.
I added a button next to each name that triggers the third if statement (with the commented out query), and from what I can tell it's best to run a query based on the element's id (my primary key that auto increments), but I have no idea how to get the id from the element who's button I'm clicking on.
How do I get the id from one of the elements in my while loop? Or if there's a better way to delete them, what's that?
if (mysqli_connect_errno()) {
die('could not connect');
}
if (isset($_POST['first_name'], $_POST['last_name'])){
$first_name = trim($_POST['first_name']);
$last_name = trim($_POST['last_name']);
$putitin = mysqli_query($db, "INSERT INTO names (first_name, last_name) VALUES ('$first_name', '$last_name')");
}
if (isset($_POST['del'])){
//$takeitout = mysqli_query($db, "DELETE FROM names WHERE id = ");
}
?>
<html>
<head>
</head>
<body>
<form action='' method='post'>
<div>
<label for "first_name">First name</label>
<input type="text" name="first_name">
</div>
<div>
<label for "last_name">Last name</label>
<input type="text" name="last_name">
</div>
<div>
<input type="submit" value="Insert">
</div>
</form>
<hr>
<?php
$resultset = $db->query('SELECT * FROM names');
if($resultset->num_rows != 0){
while($rows = $resultset->fetch_assoc()) {
$fname = $rows['first_name'];
$lname = $rows['last_name'];
$id = $rows['id'];
echo "<form action='' method='post'><p>Name: $fname $lname $id<input type='submit' name='del'></form></p>";
}
} else {
echo 'No results';
}
?>
</body>
</html>
This is one way.
change your html part to
<form action='' method='post'>
<input type='hidden' name='id' value='$id' />
<p>Name: $fname $lname $id
<input type='submit' name='del' value=''>
</form></p>
and your php
if (isset($_POST['del'])){
$id = $_POST['id'];
$takeitout = mysqli_query($db, "DELETE FROM names WHERE id = '$id'");
}
Note:
What you can do is to put all your input fields inside your while loop. Then assign values to each of them, but we have to use array to store them accordingly.
We can use checkbox to store the IDs.
What will happen, is user can select from the list of names they wanted to delete by ticking the corresponding checkbox, then pressing the Delete button below.
Your code
<form action="" method="POST">
<?php
$resultset = $db->query('SELECT * FROM names');
if($resultset->num_rows != 0){
while($rows = $resultset->fetch_assoc()) {
$fname = $rows['first_name'];
$lname = $rows['last_name'];
$id = $rows['id'];
echo '<input type="checkbox" name="id[]" value="'.$id.'">'.$fname.' '.$lname.'<br>';
} /* END OF WHILE LOOP */
?>
<input type="submit" value="Delete" name="delete">
</form>
And your PHP that will process the form:
<?php
if(isset($_POST["delete"])){
$counter = count($_POST["id"]);
for($x = 0; $x<$counter; $x++){
if(!empty($_POST["id"][$x])){ /* CHECK IF AN ITEM IS SELECTED */
/* DELETE QUERY */
if($stmt = $db->prepare("DELETE FROM names WHERE id = ?")){
$stmt->bind_param("i",$_POST["id"][$x]);
$stmt->execute();
$stmt->close();
} /* END OF PREPARED STATEMENT */
} /* END OF IF; CHECKING IF IT IS SELECTED */
} /* END OF FOR LOOP */
} /* END OF ISSET DELETE */
?>
I'm trying to post a new record in a table with <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">. But every row in my table has an unique id, and that id is put next to every name. So I'm trying to get the id with $_GET but it's been unsuccesful so far. Is the method I'm trying wrong or am I doing something else wrong? If anybody can tell me what's going wrong, I'd appreciatie.
PHP that gets placed above <html>
<?php
if (isset($_POST['saveRecord'])) {
if (isset($_POST["newRecord"]) && !empty($_POST["newRecord"])) {
$id = $_GET['record'];
$klant=$_POST['newRecord'].$id;
$query = "INSERT INTO table2
(recordid, recordname)
VALUES
(NULL, '$record')";
mysqli_query($con, $query);
}
}
?>
Markup
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<table>
<?php
$query = ("select * from table1");
$result = mysqli_query($con, $query) or die (mysqli_error());
while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$id = $row['rowid'];
?>
<tr>
<td>
<input class="newRecord<?php echo $id; ?>" type="text" name="newRecord<?php echo $id; ?>" />
<a href="?record=<?php echo $id; ?>">
<button class="saveRecord<?php echo $id; ?>" name="saveRecord<?php echo $id; ?>">Save</button>
</a>
</td>
</tr>
<?php } ?>
</table>
</form>
Don't bother trying to do both at once (the $_GET variables will only be passed if it is included in the action of the form).
The script won't pick up the the records from the $_POST as the names of the field have the ID included in them.
Either create each record as an individual form (move the whole lot inside the WHILE loop), or you could use the ID held within the field name, like this:
$newdata = array();
foreach($_POST as $k => $v) {
if ((substr($k,0,9) == 'newRecord') && (!empty($v)) {
$id = substr($k,9);
$klant = $v;
$newdata[$id] = $klant;
}
}
Which should extract the ID from the field name and associate it with the data entered to the form.
Your button name is
name="saveRecord<?php echo $id; ?>
SO this condition need $id
if (isset($_POST['saveRecord'])) {// your id missing
move your opening and closing form tags in while loop,it will submit only 1 form at a time,otherwise all the inputs will be submitted.
after trying to debug this snipet of code for hours, I find I cannot figure out why my edit form wont update for the life of me. I'm not sure if it's because I'm not using GET or POST methods correctly, I'm mis-using mysql, or a combination of the both. I cant even figure out why a line of print "hi"; wont show up. if i take out the line of code testing when the edit submit button is hit the print lines come out but my database wont update. So I figure I'm stuck where I can't do anymore print line debugging untill I figure out what I'm doing wrong. here is my code.. I commented next to the "print "hi";" line that doesnt show up. keep in mind I'm pretty sure I tried every combination of GET and POST and it still doesnt show up...
<html lang="en">
<head>
<title>Employee</title>
</head>
<body>
Clean <br>
<form method="post" action="employ.php">
<input type="text" name="fname">First Name<br>
<input type="text" name="lname">Last Name<br>
<input type="text" name="email">email<br>
<input type="text" name="zip">zip code<br>
<input type="submit" name="add" value="Add"> <!-- button itself -->
</form>
<br>
<?php //server login name password database
$link = mysqli_connect("server", "login", "password", "database") or die(mysqli_error());
if(isset($_POST['add'])) //this processes after user submits data.
{
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$zip = $_POST['zip'];
$re = "/^[a-zA-Z]+(([\'\- ][a-zA-Z])?[a-zA-Z]*)*$/";
$reEmail = "/^\w+([\.-]?\w+)*#\w+([\.-]?\w+)*(\.\w{2,4})+$/";
$reZip = "/^\d{5}$/";
//if user passes re test
if( preg_match($re, $fname) && preg_match($re, $lname)
&& preg_match($reEmail, $email) && preg_match($reZip, $zip) )
{ //display current table
$querycheck = "select * from employees where fname='$fname' and email='$email'";
$resultcheck = mysqli_query($link, $querycheck); //link query to database
if(mysqli_num_rows($resultcheck) == 0)// test if query does "nothing"
{//if not process the insert query
$query = "insert into employees values('', '$fname', '$lname', '$email', '$zip')";
mysqli_query($link, $query); //link query to database
print "Employee Added"; // print confirmation
}
else
{
print "That record already exists!";
}
}
else
{
print "You did not fill out the form correctly!";
}
} ////////////////////////////////edit portion/////////////////////////////
if(isset($_GET['edit']))
{
print "teseting edit<br><br>";
?>
<form method="get" action="employ.php">
<input type="text" name="fname" value = "<?php echo $_GET['fname']?>">First Name<br>
<input type="text" name="lname" value = "<?php echo $_GET['lname']?>">Last Name<br>
<input type="text" name="email" value = "<?php echo $_GET['email']?>">email<br>
<input type="text" name="zip" value = "<?php echo $_GET['zip']?>">zip code<br>
<input type="hidden" name="employeeid" value = "<?php echo $_GET['employeeid']?>">
<input type="submit" name="endedit" value="Edit"> <!-- button itself -->
</form>
<?php
print "teseting end edit <br><br>";
if(isset($_POST['endedit'])) //this processes after user submits edited data
{ //tried get and post
print "hi"; // DOESNT APPEAR
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$zip = $_POST['zip'];
$employeeidtemp = $_POST['employeeid'];
$re = "/^[a-zA-Z]+(([\'\- ][a-zA-Z])?[a-zA-Z]*)*$/";
$reEmail = "/^\w+([\.-]?\w+)*#\w+([\.-]?\w+)*(\.\w{2,4})+$/";
$reZip = "/^\d{5}$/";
//if user passes re test
if( preg_match($re, $fname) && preg_match($re, $lname)
&& preg_match($reEmail, $email) && preg_match($reZip, $zip) )
{ //display current table
//$querycheck = "select * from employees where employeeid='$employeeidtemp'";
//$resultcheck = mysqli_query($link, $querycheck); //link query to database
// if(mysqli_num_rows($resultcheck) == 0)// test if query does "nothing"
// {
$query = "UPDATE employees SET fname='$fname', lname='$lname', email='$email', zip='$zip' WHERE employeeid='$employeeidtemp'";
mysqli_query($link, $query); //link query to database
print "Employee Updated"; // print confirmation
// }
// else
// print "huh?";
}
else
{
print "You did not fill out the form correctly!";
}
}
}
if(isset($_GET['delete']))
{
print "teseting delete<br><br>";
}
showemp();
function showemp()
{
global $link;
if(isset($_GET['choice']))
{
$choice = $_GET['choice'];
}
else
{
$choice = "lname";
}
$query = "select * from employees order by $choice";
$result = mysqli_query($link, $query);
// print table (happens first before input)
// first print row of links/headers that sort
print "<table border='1'>
<tr>
<th>Edit</th>
<th>Delete</th>
<th><a href='employ.php?choice=fname'>FNAME</a></th>
<th><a href='employ.php?choice=lname'>LNAME</a></th>
<th><a href='employ.php?choice=email'>EMAIL</a></th>
<th><a href='employ.php?choice=zip'>ZIP</a></th>
</tr>";
//while the next row (set by query) exists?
while($row = mysqli_fetch_row($result))
{
list($employeeid, $fname, $lname, $email, $zip) = $row;
print "<tr>
<td><a href='employ.php?edit=yes&employeeid=$employeeid&fname=$fname&lname=$lname&email=$email&zip=$zip'>Edit</a></td>
<td><a href='employ.php?delete=yes&employeeid=$employeeid
onclick='return confirm(\"Are you sure\")'>Delete</a></td>
<td>$fname</td>
<td>$lname</td>
<td>$email</td>
<td>$zip</td>
</tr>";
}
print "</table>";
}
?>
</body>
</html>
You have several errors:
You do not check the result of queries, use at least
code mysqli_query($link, $query) or die(mysqli_error($link));
When I kick your code with checking errors, I found that adding query does not work - your empty string value for employeeid does not accepted for my integer field.
Do not use GET in forms. Always POST. If you need reaction on GET-url, write it separately or use $_REQUEST var.
In INSERT query always write fields. When you will decide to change list of fields in mysql table, then you can get the strange behavior of this code.
Your main error is that your condition with print 'hi' is inside the condition if(isset($_GET['edit'])), it does not work when user sublim form.
I am trying to delete , edit and add new recodes on the same page but it seems am failing to make it work .And I do not want to do it using ajax jquery or java script but only php .I need some help please below are my code :
<?php
include_once('con.php');
$strSQL = "SELECT film_id, name
from
filmsbox";
$rs = mysql_query($strSQL);
echo "<table border='1' ><tr bgcolor='#eeeeee'><td>Name</td> <td colspan='2'>Action</td></tr>";
while($row = mysql_fetch_assoc($rs))
{
$film_id = $row['film_id'];
$name = $row['name'];
$hometeam= mysql_real_escape_string($name);
echo "<tr bgcolor='#eeeee'><td>$name</td> <td><a href='index.php?film_id=$film_id' name ='edit'>Edit</a></td><td><a href='index.php?film_id=$film_id' name ='delete'>Delete</a></td></tr>";
}
?>
<?php
$strSQL = "SELECT film_id, name
from
filmsbox";
$rs = mysql_query($strSQL);
$row = mysql_fetch_assoc($rs);
$film_id= $row['film_id'];
$name = $row['name'];
$name = mysql_real_escape_string($name);
$film_id= $_GET['film_id'];
?>
<?php
if(isset($_POST['edit'])){
?>
<table>
<form action="index.php" method="post">
<tr>
<td>
Name
</td>
<td>
<input type = "text" name = "name" value="<?php echo $name;?>">
</td>
</tr>
<input name="film_id" type="hidden" id="film_id" value="<?php echo $film_id; ?>">
<tr>
<td>
<input type = "submit" name = "submit" value="update">
</td>
</tr>
<?php
$name = (isset($_POST['name']))? trim($_POST['name']): '';
$film_id = $_POST['film_id'];
$sql = "UPDATE filmsbox SET name='$name'
WHERE film_id ='$film_id'";
$result = mysql_query($sql);
if($result)
{
echo "Success";
}
else
{
echo "Error";
}
}
?>
<?php
/*Delete section*/
if(isset($_POST['delete']))
{
$film_id = $_GET['film_id'];
$delete = "DELETE FROM filmsbox WHERE film_id = '$film_id'";
$result = mysql_query($delete);
if($result)
{
echo "Record deleted successfuly ";
}
else
{
echo "No data deleted";
}
}
?>
Couple of pointers:
You only need to escape values before they go into the database, not when they come out and are used in HTML i.e $hometeam = mysql_real_escape_string($name);
You are pulling the same query from the database twice in quick succession which is not needed. You can remove one of the 2 $strSQL = "SELECT film_id, name
from
filmsbox";
$rs = mysql_query($strSQL); sections from the top of your code
You need to run any update/delete queries on the data before you then do your select query to pull out the records for the page, otherwise your changes will not be shown
You should be escaping the values for your update and delete queries to prevent SQL injection
Edit:
To reload the page in an edit mode, you need to change the link URL in the table to something like
<a href='index.php?film_id=$film_id&edit=1' name ='edit'>Edit</a>
Then your edit block needs to be
if ($_GET['edit']) {
I want to be clear this is not in any way a secure method of editing values, as anyone can put ?edit=1 on the url and get to the form
UPDATE: I narrowed it down, when I got rid of this tag in the header.php file it all works, can someone please explain this.
<script src="#" type="text/javascript"></script>
Hi I'm having quite an annoying issue with my php code. I am trying to update a php database, from a form, when I do this however the fields in the data base become empty after submitting. Please Help! You can view it in action here http://andcreate.com/shoelace/admin/edit1.php click on the lists on the right to edit them and see what happens.
<?php
include("header.php");
echo "<h2>Edit Posts</h2>";
echo "<div id='editNav'>";
echo "<p>Choose Post to Edit</p>";
//////////GET ALL RECORDS AND BUILD A NAV SYSTEM FROM THEM////////
$results = mysql_query("SELECT * FROM shoeData ");
while($row = mysql_fetch_array($results)){
$id = $row['id'];
$name = $row['name'];
$about = $row['about'];
echo "$date " . substr($name, 0, 40) . " <br/> ";
}
$thisID = $_GET['id'];
if(!isset($thisID)){
$thisID = 22;
}
//////////FINISH ALL RECORDS AND BUILD A NAV SYSTEM FROM THEM////////
echo "</div>";
///////IF USER SUBMITS CHANGES UPDATE THE DATABASE//////////
//has user pressed the button
$update = $_GET['update'];
if($update == "yes") {
$name = $_POST['name'];
$about = $_POST['about'];
$company = $_POST['company'];
$buy = $_POST['buy'];
//update data for this record
$sql = "UPDATE shoeData SET
name = \"$name\",
about = \"$about\",
company = \"$company\",
buy = \"$buy\"
WHERE id= $thisID";
$thisUpdate = mysql_query($sql) or die(mysql_error());
}
///////END IF USER SUBMITS CHANGES UPDATE THE DATABASE//////////
/////////// HERE WE GET THE INFO FOR ONE RECORD ONLY////////
$results = mysql_query("SELECT * FROM shoeData WHERE id=$thisID");
while($row = mysql_fetch_array($results)){
$name = $row['name'];
$about = $row['about'];
$company = $row['company'];
$buy = $row['buy'];
}
//////////////FINISH GETTING INFO FOR ONE RECORD ONLY/////////////
?>
<form name="formS" method="post" action="<?php echo $_SERVER['PHP_SELF']."?id=$thisID&update=yes";?>">
Name
<p>
<input type="text" name="name" id="name" value="<?php echo $name;?>" />
</p>
About
<p>
<input type="text" name="about" id="about" value="<?php echo $about;?>" />
</p>
Company
<p>
<input type="text" name="company" id="company" value="<?php echo $company;?>" />
</p>
Name
<p>
<input type="text" name="buy" id="buy" value="<?php echo $buy;?>" />
</p>
<p>
<input type="submit" name="submit" id="submit" />
</p>
</form>
<p><a class="delete" href="delete.php?id=<?php echo $thisID;?>">Delete this post</a></p>
<?php
include("footer.php");
?>
You have $update = $_GET['update'];, but then right after that, you're using $_POST. A given request is either GET or POST, not both - thus whenever $_GET['update'] is set to "yes", there aren't going to be any POST vars set, and thus the update will be done with all of the values it's setting blank.
Chances are you actually meant to use either $_GET or $_POST in both places - since your updates are going through, but are blank, it sounds like you want to use $_GET (though for form submission/updates, you should probably really be using POST instead).
This may seem silly, but are you confusing $_GET and $_POST variables? You use one to check whether to enter the loop, and another to populate the string.
Also, as a minor aside, your SELECT statement towards the end of the snippet can be optimized by adding LIMIT 1 to the end of it, as presumably you're only going to be recalling one entry per id, no?