Fix adding to database after refresh php - php

i made a simple web app that can add text to database and also can display it. I have such problem, when i added a text(it is added to database and displayed in browser) and refresh the page, in database previous value of text input is added again even if text input is empty.
after refresh
<?php
include 'config.php';
if(isset($_POST['Submit'])) {
if(strlen(trim($_REQUEST['text'])) > 0) { $conn->query("INSERT INTO Posts (Text_Post,Data) VALUES ('".$_POST['text']."','".date("Y-m-d H:i:s")."')");
$value = '';
}
$result = $conn->query("SELECT * FROM Posts ORDER BY Data DESC");
$ul = '<ul>';
while ($row = $result->fetch_assoc()) {
unset($id, $name);
$id = $row['ID_Post'];
$text = $row['Text_Post'];
$data = $row['Data'];
$ul .= '<li id="'. $id .'"> '. $text . ' </li>';
}
$ul .= '</ul>';
$lista = $ul;
$conn->close();
}
?>
<!DOCTYPE html>
<html>
<head>
<title>anonim</title>
<link rel="stylesheet" type="text/css" href="style/style.css">
</head>
<body>
<?php
include 'config.php';
$result = $conn->query("SELECT * FROM Posts ORDER BY Data DESC");
$ul = '<ul>';
while ($row = $result->fetch_assoc()) {
unset($id, $name);
$id = $row['ID_Post'];
$text = $row['Text_Post'];
$data = $row['Data'];
$ul .= '<li id="'. $id .'"> '. $text . ' </li>';
}
$ul .= '</ul>';
$lista = $ul;
?>
<form name="form" action="" method="post">
<input type="text" name="text" id="text" />
<input type="submit" id="Submit" name="Submit" value="Add" />
<div id="lista">
<?php if(isset($lista)){ echo $lista; } ?>
</div>
</form>
</body>
</html>

Related

How to show comments on specific posts

I have an application that where users can post announcements and comment on posts. My problem is that whenever a comment is posted, It shows up on every announcement post. How can I post comments so that they show up on that specific post?
I have 2 database tables: "announcement: id, name, announcementTitle, announcement, image" and "comment: id, post_id, name, comment" with foreign key attached to comment.
Here is my home.php where the announcements and comments are echoed
<div class="container">
<div class="mx-auto">
<?php
if (isset($_SESSION['username'])) {
echo'
<h1 style="text-decoration:underline">Post an announcement</h1>
<form method="post" action="announcement.php" enctype="multipart/form-data">
<input type="text" name="announcementTitle" placeholder="Enter Subject"><br>
<textarea name="announcementBox" rows="5" cols="40" placeholder="Enter Announcement"></textarea><br>
<input type="file" name="image" accept="image/jpeg">
<button name="announcement">Submit</button>
</form>';
}
$query = "SELECT * FROM announcement ORDER BY id DESC";
$result = mysqli_query($con,$query);
while ($row = mysqli_fetch_array($result)) {
echo '<div class="row" style="color:black;background-color:white;border-radius:5px;padding:10px;margin-top:10px;margin-bottom:70px">';
echo '<div class="column" style="width:100%;border:5px">';
if (isset($_SESSION['username'])) {
echo '<form method="post" action="announcement.php">';
echo "Posted by " .$row["name"]. " click X to delete:";
echo '<input type="hidden" name="postID" value="'.$row['id'].'">';
echo '<button name="delete" style="float:right">X</button>';
echo '</form>';
}
echo $row['announcementTitle'].'<br>';
echo $row['announcement'].'<br>';
echo '<img width="20%" src="data:image;base64,'.$row['image'].'"alt="Image" style="padding-top:10px">';
echo'
<form method="post" action="comment.php">
<textarea name="commentbox" rows="2" cols="50" placeholder="Leave a Comment"></textarea><br>
<button name="comment">Submit</button>
</form>';
echo "Comments:<p><p>";
echo " <p>";
$find_comment = "SELECT * FROM comment ORDER BY id DESC";
$res = mysqli_query($con,$find_comment);
while ($row = mysqli_fetch_array($res)) {
echo '<input type="hidden" name="postID" value="'.$row['post_id'].'">';
$comment_name = $row['name'];
$comment = $row['comment'];
echo "$comment_name: $comment<p>";
}
if(isset($_GET['error'])) {
echo "<p>100 Character Limit";
}
echo '</div></div>';
}
?>
</div>
</div>
Here is comment.php where comments are put in the database
<?php
session_start();
$con = mysqli_connect('localhost', 'root', 'Arv5n321');
mysqli_select_db($con, 'userregistration');
$namee = '';
$comment = '';
$comment_length = strlen($comment);
if($comment_length > 100) {
header("location: home.php?error=1");
}else {
$que = "SELECT * FROM announcement";
$res = mysqli_query($con,$que);
while ($row = mysqli_fetch_array($res)) {
$post_id = $row['id'];
}
$namee = $_SESSION['username'];
$comment = $_POST['commentbox'];
$query = "INSERT INTO comment(post_id,name,comment) VALUES('$post_id','$namee','$comment')";
$result = mysqli_query($con, $query);
if ($result) {
header("location:home.php?success=submitted");
} else {
header("location:home.php?error=couldnotsubmit");
}
}
?>
Here is announcement.php where announcements are put in the database
<?php
session_start();
//$con = mysqli_connect('freedb.tech', 'freedbtech_arvindra', 'Arv5n321', 'freedbtech_remote') or die(mysqli_error($con));
$con = mysqli_connect('localhost', 'root', 'Arv5n321', 'userregistration') or die(mysqli_error($con));
if (isset($_POST['announcement'])) {
$image = $_FILES['image']['tmp_name'];
$name = $_FILES['image']['name'];
$image = base64_encode(file_get_contents(addslashes($image)));
date_default_timezone_set("America/New_York");
$title = $_POST['announcementTitle']." (<b>".date("m/d/Y")." ".date("h:i:sa")."</b>)";
$paragraph = $_POST['announcementBox'];
if (empty($paragraph)||empty($title)) {
header('location:home.php?error=fillintheblanks');
}else{
$nam = $_SESSION['username'];
$query = "insert into announcement(name,announcementTitle,announcement,image) values('$nam','$title','$paragraph','$image')";
$result = mysqli_query($con, $query);
if ($result) {
header("location:home.php?success=submitted");
} else {
header("location:home.php?error=couldnotsubmit");
}
}
}else if (isset($_POST['delete'])){
$query = "delete from announcement where id='".$_POST['postID']."';";
$result = mysqli_query($con,$query);
if ($result) {
header('location:home.php?success=deleted');
} else {
header('location:home.php?error=couldnotdelete');
}
}
else {
header('location:home.php');
}
I am a little new to PHP so any help is good.

Comment delete button not working

I have a problem with my comments. I can insert them in the database my friend made and echo them in the right pages, but the delete part isn't working.
People with an account can delete their own comments, and admins can delete any comment. But when i click on the delete button of a comment, i doesn't do anything and when i click again it deletes every comment in that page, can someone help? When I click a delete button, i want to delete that specific comment only, not all of them. Also, the key in the database is the date the comment was posted.
Here's comments.php
<!DOCTYPE html>
<html>
<link rel="stylesheet" type="text/css" href="/cssfolder/comments.css">
<link rel="stylesheet" type="text/css" href="http://fonts.googleapis.com/css?family=Open+Sans%22%3E">
<head>
<title>Page Title</title>
</head>
<body>
<div class="comment">
<form method="post" action="">
<textarea name='message' class="area" id='message' placeholder="Leave a comment"></textarea><br/>
<br>
<input type="submit" class="commentbutton" name="comment" value="Comment">
<br>
</form>
</div>
<div class="commentcontainer">
<?php
date_default_timezone_set('America/Curacao');
$db = new PDO('mysql:host=localhost;dbname=id1552202_accounts', 'id1552202_thecouch', 'Fargo123');
$url = (isset($_SERVER['HTTPS']) ? "https" : "http") . "://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$link = parse_url($url)['path'];
$path = ltrim($link, '/');
try {
$zoekfilm = $db->prepare("SELECT film_id FROM Reviews WHERE path = :path");
$zoekfilm->bindParam("path", $path);
$zoekfilm->execute();
$film = $zoekfilm->fetch();
} catch(PDOException $b){
die("Error!: " . $b->getMessage());
}
$hoeveel = $db->prepare("SELECT * FROM comments WHERE film_id = :id ");
$hoeveel->bindParam("id", $film[0]);
$hoeveel->execute();
$count = $hoeveel->rowCount();
echo "<br><b>" . $count . " Comments</b><br><br>";
if(isset($_POST['comment'])){
if(empty($_POST['message'])){
echo "There's no message";
echo "<br>";
echo "<br>";
} else {
if(isset($_SESSION['loggeduser'])){
$message = $_POST['message'];
$datum = date('YmdHis');
$username = $_SESSION['loggeduser'][0];
$nospam = $db->prepare(" SELECT comment FROM comments WHERE comment = :message AND film_id = :id");
$nospam->bindParam("message", $message);
$nospam->bindParam("id", $film[0]);
$nospam->execute();
if($nospam->rowCount() === 1){
echo "No spam please";
} else {
try{
$addcomment = $db->prepare("INSERT INTO comments(Usernames, film_id, comment, date) VALUES (:username, :id , :comment, :datum )");
$addcomment->bindParam("username", $username);
$addcomment->bindParam("id", $film[0]);
$addcomment->bindParam("comment", $message);
$addcomment->bindParam("datum", $datum);
$addcomment->execute();
} catch(PDOException $c){
die("Error!: " . $c->getMessage());
}
}
} else {
header("Location: /signin.php");
}
}
}
try {
$showcomments = $db->prepare("SELECT * FROM comments WHERE film_id = :id ORDER BY date DESC");
$showcomments->bindParam("id", $film[0]);
$showcomments->execute();
while($result = $showcomments->fetch(PDO::FETCH_ASSOC)){
if(isset($_SESSION['admin'])){
echo '<div class="commentdiv">';
echo '<p><b>'.$result['Usernames'].'</b></p>';
echo '<p class="tijd"><i><small>'. $result['date'] .'</small></i></p>';
echo '<p> '.$result['comment'].'</p>';
echo '<br>';
echo '<form method="post" action="">';
echo '<input type="submit" value="Delete Comment" name="delete" class="commentbutton" style="width:200px;">';
echo $result['date'];
echo '<br>';
echo '</form>';
$delete = $result['date'];
if(isset($_POST['delete'])){
$verwijderen = $db->prepare(" DELETE FROM comments WHERE comments.date = :datum LIMIT 1");
$verwijderen->bindParam("datum", $delete);
$verwijderen->execute();
}
echo '</div>';
} else if(isset($_SESSION['loggeduser'][0])) {
echo '<div class="commentdiv">';
echo '<p><b>'.$result['Usernames'].'</b></p>';
echo '<p class="tijd"><i><small>'. $result['date'] .'</small></i></p>';
echo '<p> '.$result['comment'].'</p>';
echo '<br>';
echo '<form method="post" action="">';
echo '<input type="submit" value="Delete Comment" name="delete" class="commentbutton" style="width:200px;">';
echo '<br>';
echo '</form>';
echo '</div>';
$delete = $result['date'];
if(isset($_POST['delete'])){
$verwijderen = $db->prepare(" DELETE FROM comments WHERE comments.date = :datum ");
$verwijderen->bindParam("datum", $delete);
$verwijderen->execute();
}
} else {
echo '<div class="commentdiv">';
echo '<p><b>'.$result['Usernames'].'</b></p>';
echo '<p class="tijd"><i><small>'. $result['date'] .'</small></i></p>';
echo '<p> '.$result['comment'].'</p>';
echo '</div>';
}
}
} catch(PDOException $a){
die("Error!: " . $a->getMessage());
}
?>
</div>
</body>
</html>
The query deletes all the comments of the page because it's in the while loop and you don't give a unique ID to be sure you delete the right comment from the DB. So the query is repeated as long as the page has comments deleting all the comments for the given date.
The solution could be :
Add a primary key to the comments table if it hasn't one yet,
Add the value of the primary key to value attribute of the delete button,
Put the delete query after the while loop,
Use the primary key you fetched from the delete button to delete the right comment,
Fix your code indentation (the most important).
The code would look like this :
// ...
echo '<button type="submit" value="'.$result['id_comment'].'" name="delete" class="commentbutton" style="width:200px;">'.$result['date'].'</button>';
// Then outside of the loop :
if (isset($_POST['delete']) && !empty['delete']) {
$verwijderen = $db->prepare("DELETE FROM comments WHERE id_comment = :id_comment");
$verwijderen->bindParam("id_comment", $_POST['delete']); // note that the $_POST['delete'] value is now the id of the comment.
$verwijderen->execute();
}
This must give you the idea. Good luck. ; )

undefined index using update statement

Im trying to update a field in my database by adding to the original number value that is already in there.
i have a system where staff are able to log in and update a the balance of a normal user. Currently i have a test user and staff. the users balance is set to 100. i have the following code:
<?php
if(isset($_POST['search'])){
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
$result = $mysqli->query( "SELECT * FROM Users WHERE Username ='$searchq'");
if ($result){
//fetch result set as object and output HTML
if($obj = $result->fetch_object())
{
echo '<div class="booksearched">';
echo '<form method="POST" id = "books" action="">';
echo '<div class="book-content"><h3>Student Username: '.$obj->Username.'</h3>';
echo '<br>';
echo '<div class="book-content"><i>First Name: <b>'.$obj->FirstName.'</b></i></div>';
echo '<div class="book-desc"><i>Last Name:<b> '.$obj->LastName.'</b></i></div>';
echo '<br>';
echo '<div class="book-qty"> Current Balance<b> '.$obj->Balance.'</b></div>';
echo 'New Balance: <input type="number" name="newBalance" value = "1" min = "1" />';
echo '<br><br>';
echo '<button name="submit_btn" class="save_order">Top Up</button>';
echo '</div>';
echo '</form>';
echo '</div>';
}
}
}
$newBalance="";
$newBalance = $_POST['newBalance'];
if(isset($_POST['submit_btn']) ){
$upsql = "UPDATE users SET Balance = Balance + '$newBalance' WHERE Username='" . $obj->Username . "'";
$stmt = $mysqli->prepare($upsql);
$stmt->execute();
}
?>
Ive tried a few things however i kept getting an error saying:
( ! ) Notice: Undefined index: newBalance
Im not sure what ive done wrong.
Any idea how to fix it?
Edit: Full code
<?php
session_start();
include_once("config.php");
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Search</title>
<link href="style/style.css" rel="stylesheet" type="text/css">
</head>
<body>
<br>
<div id="books-wrapper">
<!-- #content to center the menu -->
<div id="content">
<!-- This is the actual menu -->
<ul id="darkmenu">
<li>Home</li>
<li>New Books</li>
<li>Search</li>
<li>Update Balance</li>
</ul>
</div>
<div id = "welcome" >
Welcome, <?=$_SESSION['Username'];?>! <br> Logout
</div>
<br><br>
<h1 id = "mainHeader" >Update a Students Balance</h1>
<br>
<div id = "balanceupdate">
<form id = "adsearch" action="updateBalance.php" method="post">
<input type="text" name ="search" placeholder="Search For a Student">
<button name="submit" value="search">Search</button>
</form>
<br>
</div>
<?php
if(isset($_POST['search'])){
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
$result = $mysqli->query( "SELECT * FROM Users WHERE Username ='$searchq'");
if ($result){
//fetch result set as object and output HTML
if($obj = $result->fetch_object())
{
echo '<div class="booksearched">';
echo '<form method="POST" id = "books" action="">';
echo '<div class="book-content"><h3>Student Username: '.$obj->Username.'</h3>';
echo '<br>';
echo '<div class="book-content"><i>First Name: <b>'.$obj->FirstName.'</b></i></div>';
echo '<div class="book-desc"><i>Last Name:<b> '.$obj->LastName.'</b></i></div>';
echo '<br>';
echo '<div class="book-qty"> Current Balance<b> '.$obj->Balance.'</b></div>';
echo 'New Balance: <input type="number" name="newBalance" value = "1" min = "1" />';
echo '<br><br>';
echo '<button name="submit_btn" class="save_order">Top Up</button>';
echo '</div>';
echo '</form>';
echo '</div>';
}
}
}
$newBalance="";
if(isset($_POST['submit_btn']) && !empty($_POST['newBalance']) ){
$newBalance = $_POST['newBalance'];
$upsql = "UPDATE users SET Balance = Balance + '$newBalance' WHERE Username='" . $obj->Username . "'";
$stmt = $mysqli->prepare($upsql);
$stmt->execute();
}
?>
</body>
</html>
It's throwing that notice because you need to place $newBalance = $_POST['newBalance']; inside if(isset($_POST['submit_btn'])){...} and verify that it is not empty (or set).
$newBalance="";
if(isset($_POST['submit_btn']) && !empty($_POST['newBalance']) ){
$newBalance = $_POST['newBalance'];
$upsql = "UPDATE users SET Balance = Balance + '$newBalance'
WHERE Username='" . $obj->Username . "'";
$stmt = $mysqli->prepare($upsql);
$stmt->execute();
}
You can also use isset($_POST['newBalance']) instead of !empty($_POST['newBalance'])
Sidenote: You may want to add a submit type for your button.
echo '<button type="submit" name="submit_btn" class="save_order">Top Up</button>';
Yet, it may not be required; do try it if you're still experiencing problems.
Edit:
Under
echo '<div class="book-content"><h3>Student Username: '.$obj->Username.'</h3>';
add
echo '<input type="hidden" name="username" value = "'.$obj->Username.'" />';
then under
$newBalance = $_POST['newBalance'];
add
$username = $_POST['username'];
and modify your query to read as
$upsql = "UPDATE users SET Balance = Balance + '$newBalance'
WHERE Username='".$username ."'";
My quoting may be a bit off for
echo '<input type="hidden" name="username" value = "'.$obj->Username.'" />';
where you may have to change it to
echo '<input type="hidden" name="username" value = '".$obj->Username."' />';
Edit #2:
Another way to do this since you're already using sessions <?=$_SESSION['Username'];?> would be to assign a variable to it and pass it in your query.
$username = $_SESSION['Username'];
$upsql = "UPDATE users SET Balance = Balance + '$newBalance'
WHERE Username='".$username ."'";
Edit #3:
Where you have
if(isset($_POST['search'])){
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
replace it with
if(isset($_POST['search'])){
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
$student = $_POST['search'];
$_SESSION['student'] = $student;
echo $_SESSION['student']; // see what echos here
then in your query, do:
$upsql = "UPDATE users SET Balance = Balance + '$newBalance'
WHERE Username='".$student ."'";
If that doesn't work, I don't know what else to do that will be of further help. My tests were conclusive and worked. Your query may be failing, I have no more ideas at this point.
Base yourself on this scenario:
$_POST['search'] = "student1";
$student = $_POST['search'];
$_SESSION['student'] = $student;
// echo $_SESSION['student'];
$student2 = $student;
echo $student2; // will echo student1

PHP Update shows previous database entry's

I'm currently just coding around in my free time and follow up some random tutorials that other developers/coder's created in there spare time. Now I'm stuck with something very small. I have been trying to find a answer on the interwebz but I cant seem to find one, so here I'm hoping that someone is willing to read my PHP and HTML and see the error I created.
But before I share my code let me tell you what my problem is and what I try to achieve.
If you go to the following link "removed because problem is solved." and when you click on Home/About/Service/Random, you are able to edit one of these menu's. (title, posistion, visible). Now when I want to change the menu name "Home" to "Welcome" it correctly execute my SQL but for some reason, in the HTML Form it loads it's previous information. What I can do is copy the PHP and save it in a new php file and when clicking on submit it will change both menu/title/html form at the same time, but it wont show my succes and fail message anymore. I hope any of you understand what I'm trying to explain here and try to achieve. Now lets share the code.
PHP
<? find_selected_page(); ?>
<?
if (intval($_GET['info']) == 0){
redirect_to("content.php");
}
if(isset($_POST['submit'])){
$errors = array();
$required_fields = array('menu', 'position', 'visible');
foreach ($required_fields as $fieldname){
if (!isset($POST[$fieldname]) || (empty($_POST[$fieldname]) &&
!is_numeric($_POST[$fieldname]))) {
$errors [] = $fieldname;
}
}
$fields_with_lengths = array('menu' => 30);
foreach($fields_with_lengths as $fieldname => $maxlength) {
if(strlen(trim(mysql_prep($_POST[$fieldname]))) > $maxlength){
$errors[] = $fieldname;
}
}
$id = mysql_prep($_GET['info']);
$menu = mysql_prep($_POST['menu']); //use post array cuz we used post var to coll val in form
$position = mysql_prep($_POST['position']);
$visible = mysql_prep($_POST['visible']);
$query = "UPDATE information SET menu = '{$menu}', position = {$position}, visible = {$visible} WHERE id = {$id}";
$result = mysql_query($query, $connection);
if (mysql_affected_rows() == 1) {
$message = "The information was correctly updated.";
} else {
//failed
}
} else { //errors
}
?>
HTML
<? require_once ("includes/functions.php"); ?>
<? require_once ("includes/connect.php"); ?> //HERE IS MY CONNECTION TO MY DATABASE
///HERE IS MY PHP CODE
<? include ("includes/header.php"); ?>
<div id="content"> <!-- content here -->
<table id="table">
<tr>
<td id="nav">
<? echo navigation($sel_table1, $table2); ?>
</td>
<td id="main">
<h2>Edit Info <? echo $sel_table1['menu']; ?></h2>
<? if (!empty($message)) { echo "<p class=\"message\">" . $message . "</p>";} ?>
<form action="edit_info.php?info=<? echo urlencode($sel_table1['id']); ?>" method="post"/>
<p>Menu title
<input type="text" name="menu" value="<? echo ($sel_table1['menu']); ?>" id="menu">
</p>
<p>Position
<select name="position">
<?
$info_set = get_all_info();
$info_count = mysql_num_rows($info_set); //asks how many rows there are should be 3
for($count=1; $count <= $info_count+1; $count++){
echo "<option value='{$count}'";
if($sel_table1['position'] == $count){
echo "selected";
}
echo ">{$count}</option>";
}
?>
</select>
</p>
<p>Visible:
<input type="radio" name="visible" value="0"
<? if ($sel_table1['visible'] == 0){ echo "checked"; } ?>
/>No
<input type="radio" name="visible" value="1"
<? if ($sel_table1['visible'] == 1){ echo "checked"; } ?>
/>Yes
</p>
<input type="submit" name='submit' value="Edit information" />
</form> <br>
Cancel
</td>
</tr>
</table>
</div>
<? include ("includes/footer.php");?> //HERE I HAVE IF ISSET MYSQL CLOSE
And a more simple short version of the story is, I want to update the menu's with the success and failure message's without getting the old previous data in my HTML FORM
if needed for any reasons I have included the part of my functions.php where $sel_table and $table2 are staying.
function find_selected_page(){
global $sel_table1;
global $table2;
if (isset($_GET['info'])){
$sel_table1 = get_info_by_id($_GET['info']);
$sel_t2 = 0;
$table2 = NULL;
} else if (isset($_GET['page'])){
$table1 = 0;
$sel_table1 = NULL;
$table2 = get_pages_by_id($_GET['page']);
} else {
$table1 = NULL;
$sel_table1 = NULL;
$table2 = 0;
}
}
function navigation($sel_table1, $table2){
$output = "<ul class='info'>";
$info_set = get_all_info();
while ($info = mysql_fetch_array($info_set))
{
$output .= "<li"; if ($info["id"] == $sel_table1 ["id"]){
$output .= " class='selected'";
}
$output .= "><a href='edit_info.php?info=" . urlencode($info["id"]) . "'>{$info['menu']}</a></li>";
$page_set = get_pages_for_info($info["id"]);
$output .= "<ul class='pages'>";
while ($page = mysql_fetch_array($page_set))
{
$output .= "<li"; if ($page["id"] == $table2 ["id"]){
$output .= " class='selected'";
}
$output .= "><a href='content.php?page=" . urlencode($page["id"]) . "'>{$page['menu']}</a></li>"; }
$output .= "</ul>";
}
$output .= "</ul>";
return $output;
}

Insert update won't update in table and in database

Having trouble update in PHP the code is running no errors but when I enter a amount, it doesn't update in my tables and in my database please help. By the way I took some codes in my previous program so maybe some variable codes are no appropriate in the process. Thank you.
Here's the code:
load.php
<form method="POST" action="process-load.php">
<?php
require_once('connect/connect.php');
$id = mysql_escape_string($_GET['id']);
$sql = 'SELECT * FROM cards WHERE id='.$id.' LIMIT 0, 1';
$qry = mysql_query($sql);
$data = mysql_fetch_array($qry);
$html = '';
$html .= '<div class="box">';
$html .= '<b> Card #: '.$data['cardno'].'</b><br />';
$html .= '<b>Current Balance: </b>'.$data['balance'].'<br />';
$html .= '<b>Enter Addition Load: </b><input type="text" name="load" size="5" /><br />';
$html .= '<input type="hidden" value="'.$_GET['id'].'" name="id" />';
$html .= '<input type="hidden" value="'.$data['balance'].'" name="bal" />';
$html .= '<input type="submit" value="Submit" name="submit" />';
$html .= '</div>';
echo $html;
?>
</form>
process-load.php
<?php
session_start(); //don't forget to start session or else session will not be red
if(isset($_POST['submit'])) {
require_once('connect/connect.php');
$id = mysql_escape_string($_POST['id']);
$bal = $_POST['bal'];
$load = $_POST['load'];
$select_sql = 'SELECT balance FROM cards WHERE id="'.$id.'" LIMIT 0, 1';
$qry = mysql_query($select_sql);
$data = mysql_fetch_array($qry);
$new_bal = $data['balance'] + $bal;
$sql_update = 'UPDATE cards SET balance="'.mysql_escape_string($new_bal).'" WHERE id="'.$id.'"';
$qry2 = mysql_query($sql_update);
$bill = $bal += $load;
$_SESSION['profit'] += $bill; //add total bill always to your session
if($qry2) {
?>
<script>
alert('Thank you.\n New Balance: <?php echo $bill; ?>');
window.location.href = 'index.php?page=show';
</script>
<?php
} else {
?>
<script>
alert('Failed to load card.';);
window.location.href = 'index.php?page=show';
</script>
<?php
}
mysql_close($con);
}
?>
you need to echo out this thing
echo $sql_update = 'UPDATE cards SET balance="'.mysql_escape_string($new_bal).'" WHERE id="'.$id.'"';
check what you are getting here.

Categories