I have a question, I want to edit customer information, but I only want to update record of one customer at a time. I tried to add where _SESSION['customerCode'] but it doesn't seem to work.
<?php
$connection =
mysql_connect("com-db-02.student-cit.local", "team16", "DbSLzU")
or die (mysql_error());
$db = mysql_select_db("team16") or die(mysql_error());
$FName = $_POST['fname'];
$LName = $_POST['lname'];
$Email = $_POST['custemail'];
$Address = $_POST['address'];
$Town = $_POST['town'];
$County = $_POST['county'];
$Eircode = $_POST['eircode'];
$Phone = $_POST['phone'];
$query = mysql_query("UPDATE CUSTOMER set custFName = '$FName', custLName = '$LName', custemail = '$Email' where customerCode = "$_SESSION['customerCode']"") or die(mysql_error());
?>
I get an error unexpected '$_SESSION' (T_VARIABLE)
Also is it possible to add not update those fields that are blank, so if customer wants to change their address only, other fields won't get wiped out
You have a mistake on your concatination. Make it like this .$_SESSION['customerCode']
Try the code below.
session_start();
$custCode = $_SESSION['customerCode'];
$query = mysql_query("UPDATE CUSTOMER set custFName = '$FName', custLName = '$LName', custemail = '$Email' where customerCode = ".$custCode) or die(mysql_error())
Also is it possible to add not update those fields that are blank, so
if customer wants to change their address only, other fields won't get
wiped out
This was already been answered here before. Search for MySQL COALESCE
You can check the following:
https://dba.stackexchange.com/a/36748
https://stackoverflow.com/a/15525287/4672534
Related
Im trying to make a simple ordersystem where the user inputs basic contact information, to this I want to add a fixed value that will allways be sent to the database in this case the price for the product. Also I want the date when the order is placed to also be sent to the database. I have solved the the user input part with a simple input form but have no idea how to get a fixed value for price or pris in this case and the date when the form i submitted to always be sent to the database along with the users contact information.
The code I have right now looks like this:
<?php /*Detta är kod för Order*/ include('input.php');?>
<?php if(!empty($_POST)){
//Contact
$mail = $_POST['mail'];
$first_name = $_POST['fname'];
$last_name = $_POST['lname'];
$adress = $_POST['adress'];
$phone = $_POST['phone'];
//Zip code
$zip = $_POST['zip'];
$city = $_POST['city'];
//Orders
$type = $_POST['type'];
$price = $_POST['price'];
$many = $_POST['many'];
$date = $_POST['date'];
$img = $_POST['img'];
$paymentstatus = $_POST['paymentstatus'];
$sqlContact = "INSERT INTO Contact (Mail, FName, LName, Adress, Phone) Values('$mail', '$first_name', '$last_name', '$adress', '$phone');";
$sqlZipCode = "INSERT INTO ZipCode (Zip, City) Values('$zip', '$city')";
$sqlOrders = "INSERT INTO Orders (Type, Price, Many, Date, IMG, Paymentstatus) Values('$typ','$pris','$antal','$datum','$img', '$betaldstatus')";
$resultKontakt = mysql_query($sqlKontakt) or die(mysql_error() . mysql_errno());
$resultPostNr = mysql_query($sqlPostNr) or die(mysql_error() . mysql_errno());
$resultOrders = mysql_query($sqlOrders) or die(mysql_error() . mysql_errno());
}
https://www.dropbox.com/s/x8c53o2865hln58/Input.php
https://www.dropbox.com/s/5yyq33uux0tqd2h/Order.php
How have worked around so that I get a fixed value "49" for the price and also so that the user can input the current date but I don't want this to be visible for the user and also not in the HTML-form as the information for the price is stated on the site and the date is to se when the order is submitted but it has to be as an attribute because I also need to show the data "submitted orders" on an Adminpage.
First of all: Never show your DB-password in a forum!
To your date-question: Use the DB-date now() of mysql so you get a reliable date:
$sqlOrders = "INSERT INTO Orders (Typ, Pris, Antal, Datum, IMG, BetaldStatus) Values('$typ','$pris','$antal',now(),'$img', '$betaldstatus')";
To your Price: (still not clear to me what you exactly want.
$pris = 49;
You have disabled the text field 'pris' but still somebody may edit the '$pirs' variable using a proxy tool and change the price, so i suggest according to the product the user has selected get the price and insert into the table, do not receive the price using the form (using post variable).
I'm trying to do an update without replace the empty fields, for examplo, if i have field number 1 and it is empty nothing happens in database but if field number 2 has some content i want it to be updated. the thing happens is when i do it the empty field goes to the database and REPLACE the content of the field for an empty value.
I need an example of how can i do it.
PD: I am using PHP OOP.
This is my query:
$conio = "UPDATE affiliates SET nickname = '$nickname', fullname = '$fullname' , email = '$email', skype = '$skype', country = '$country', address = '$address', city = '$city', zip = '$zip', bankname = '$bankname', bankaccount = '$bankaccount', beneficiary = '$beneficiary', username = '$username', password = '$password', whene = '$whene' WHERE id = '$users'";
mysqli_query($this->link, $conio) or die (mysqli_error($this->link));
Example: If you want to update the input where the value is not null.
<?php
...
$sql = "UPDATE affiliates SET ";
$sql_where = "WHERE id = '$users'";
$sql_set = "";
$firstName = $_POST['firstName'];
if(!empty($firstName))
$sql_set .= "firstName = '$firstName',";
$lastName = $_POST['lastName'];
if(!empty($lastName))
$sql_set .= "lastName = '$lastName',";
and the same thing for all the other inputs ...
...
mysql_query($sql.$sql_set.$sql_where);
Of course there are better ways of writing this code (ex: using for loop on elements of $_POST), but that's the concept, ...
header ('Refreash: 1;url=registrationform.php');
include 'dbconnect.php';
$id = $_POST['id'];
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$email = $_POST['email'];
$password = $_POST['password'];
$DOB = $_POST['dob'];
$gender = $_POST['gender'];
$telephone = $_POST['telephone'];
$memberTypeID = $_POST['memberTypeID'];
$Active = $_POST['Active'];
$sql = "UPDATE user SET firstName = '$firstName', lastName = '$lastName', email = '$email', password = '$password', DOB = '$DOB', gender = '$gender', telephone = '$telephone', memberTypeID = '$memberTypeID', Active = '$Active' WHERE userID = $id";
$result=mysql_query($sql)or die ("COULD NOT UPDATE USER!!");
This is the code i am using to enter the DOB back into the database, when entered it returns 0000-00-00.
Try what is inside $_POST['dob']..Also if the input value is not a valid date value then don't try to insert it. So if its not a valid value then make the dob as null and also make your table structure compatible to allow NULL values.If your $_POST['dob'] doesn't contains a valid date value in YYYY-MM-DD format then that value will be inserted as 0000-00-00 in the database.
So try something like the following
$DOB = NULL;
if(isset($_POST['dob']) && trim($_POST['dob']) != '')
//make necessary validateions and assign the value
$DOB = $newValue;//Assume $newValue contains new date value in YYYY-MM-DD format
Also don't use mysql_ functions anymore since they are deprecated. Try using mysqli_ functions and prepare statements because your code is vulnerable to sql injections
i have this piece of code that allow user to edit their profile from the form using php and mysql when i echo the submitted or changed value it display the right and the edit value but nothing change in the database can anyone help me to solve this problem
this is the part that i am updating the query
if you need any addition files let me know and thank you
search.php
//submit whatthe user types into the database
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$country = $_POST['country'];
$spec = $_POST['specialization'];
///errroor in updating the dataabse
$edit_query = mysql_query("UPDATE user SET first_name= '$fname', last_name= '$lname', address= '$country', specialization_name= '$spec' WHERE user_name = '$username'") or die(mysql_error());
$username is not defined. As result the query is executed for no database row.
Please use prepared statements instead of sql injectionable mysql_query().
You need to initialise the userName variable.
Try this.....
$edit_query = mysql_query("UPDATE `user` SET first_name= '".$fname."', last_name= '".$lname."', address= '".$country."', specialization_name= '".$spec."' WHERE user_name = '".$username."'") or die(mysql_error());
//Make sure that your $username hold some valid value.
$username is required and your query is vulnerable by sql injection. so use mysql_real_escape_string() function
$fname = mysql_real_escape_string($_POST['fname']);
$lname = mysql_real_escape_string($_POST['lname']);
$country = mysql_real_escape_string($_POST['country']);
$spec = mysql_real_escape_string($_POST['specialization']);
$edit_query = mysql_query("UPDATE user SET first_name= '$fname', last_name= '$lname', address= '$country', specialization_name= '$spec' WHERE user_name = '$username'") or die(mysql_error());
i am using the following update query to update my code. it works fine on local server but not working on live server, can some one kindly tell me what may be the reason
<?php
if (isset($_POST['submitContactInfo'])) {
$socityId = $_SESSION['socityid'];
$city = $_POST['city'];
$pin = $_POST['pin'];
$state = $_POST['state'];
$telephone = $_POST['telephone'];
$mobile = $_POST['mobile'];
$email = $_POST['email'];
$address = $_POST['address'];
$sql = "UPDATE `_acappv1`.`society_profile` SET `ADDR` = '$address', `CITY` = '$city', `PIN` = '$pin', `STATE` = '$state', `TEL` = '$telephone', `MOBILE` = '$mobile', `EMAIL` = '$email' WHERE `society_profile`.`SOCIETY_ID` = '$socityId'; ";
$res = mysql_query($sql);
}
?>
One thing i noticed as when i click on submit button, on serverside the page refreshed, while on client side page does not refresh and adds the data.
Thank you so much to all of you, i got my issue solved by making a small change to mysql query, by removing the _acappv1. (database name), and it start working.