I want to give user possibility to delete other users. I made a script where user get list over all users with delete button. Button start the script but doesn't delete user from the list. Here is my code:
function get_userlist(){
$select_users = $this->db->prepare("SELECT user_id, fname, lname, email
FROM user");
$select_users->execute();
echo "<tbody>";
while($row = $select_users->fetch(PDO::FETCH_ASSOC)){
echo "<form action='' method=''><tr><td>".$row["user_id"]."</td><td>".$row["fname"]."</td><td>
".$row["lname"]."</td><td>".$row["email"]."</td><td>
<input type='hidden' name='user_id' value=".$row["user_id"] . " >
<input type='submit' name='submit_delete' value='Delete'></td>
</tr></form>";
}
echo "</tbody></table>";
}
function delete_user($user_id)
{
$delete_user = $this->db->prepare("DELETE FROM user WHERE user_id = :user_id");
$delete_user->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$delete_user->execute();
}
And file where I use those functions:
$user = new USER($con);
$user->get_userlist();
if(isset($_POST['submit_delete'])){
$user_id = $_POST['user_id'];
$user->delete_user($user_id);
}
What am I doing wrong?
You are not passing $user_id variable to your delete_user function. Edit your code like this:
function delete_user($user_id)
{
$delete_user = $this->db->prepare("DELETE FROM user WHERE user_id = :user_id");
$delete_user->bindParam(':user_id', $user_id, PDO::PARAM_INT);
$delete_user->execute();
}
Related
I got a form with picture and submit button, which sends the user_id of the connected user and picture_id of the picture that they want to save into the table called pins in MySQL Database. I tried to pin different pictures from different users. Insert of user_id works but the picture_id stays the same(the last picture in pictures table) even though I click on submit below different pictures. Is it because of the form, or am I referring to it in a wrong way?
Im placing here the php code with the picture and the button to save it.
<?php
session_start();
require_once __DIR__.'/connect.php';
$sUsername = $_SESSION['txtUsername'];
try {
$stmt = $db->prepare('SELECT * FROM pictures INNER JOIN users ON users.user_id = pictures.user_id');
$stmt->execute();
$aRows = $stmt->fetchAll();
foreach ($aRows as $aRow) {echo
"<form action='display.php' method='POST'>
<div class=item><img src=images/$aRow->path>
<span class=caption>Picture id:$aRow->picture_id</span>
<input type='submit' name='submit'>
</div>
</form>";}
if (isset($_POST['submit'])) {
try {
$stmt = $db->prepare('SELECT * FROM users WHERE username = :sUserName');
$stmt->bindValue(':sUserName', $sUsername);
$stmt->execute();
$row = $stmt->fetch();
$iUserId = $row->user_id;
$stmt = $db->prepare('INSERT INTO pins VALUES( null, :iUserId, :iPictureId )');
$stmt->bindValue(':iUserId', $iUserId);
$stmt->bindValue(':iPictureId', $aRow->picture_id);
$stmt->execute();
}catch (PDOEXception $ex){
echo $ex;
}
}
}catch (PDOEXception $ex){
echo $ex;
}
?>
I am trying to build a way to do an input field update check that looks to see if a user input field is empty or not. And then depending on answer if it is empty or not do more checks. So for example if the input field is empty I want it to be ignored so rest of code runs, And if there is a value inside of the input field some more checks will be done to check if it is inside the database or not, and if it is not inside the database then it must be inserted into the database, and if it is already in then just update that field.
The table is a relational one to a main table where inf_id is the main table and userid is the relational one i am working in
So I have tried to do it in different way however I keep running into problems and each time I make a mistake or something that doesn't work I get a HTTP 500 error page saying it can't be reached. I have also tried to do a change the name in the input to other things to see if that effects and different layouts or such neither works I feel like it is something small that I am missing out on
also tired but i may have done it incorrectly since I never really used this before
IF EXISTS (SELECT count(*) FROM `table` WHERE inf_id = $infid)
BEGIN UPDATE GOES HERE END ELSE BEGIN INSERT GOES HERE END
This is my Code in the form to check the database has inputs, if it doesn't it creates a blank input. However If there is values in the database then it will echo it out
$vId = $_GET['i']; //this is the users unique ID that is send in the query string for testing purpose
if (mysqli_num_rows($rs_username) == 0 ){
echo '<input type="text" name="currentusername[]" class="currentusername" placeholder="Current Bikes" >';
} else {
while ($rs_bike_rows = mysqli_fetch_assoc($rs_bikes)) {
echo '<input type="text" name="currentusername[]" class="currentusername" value="' . $row['currentusername'] . '">';
echo '<input type="hidden" name="userid[]" value="' . $row['userid'] . '">';
echo '<button type="button" onclick="return deleteFromDbBike('. $rs_bike_rows['oid'] .', '. $vId .');">Delete</button>';
}
}
This is to sanitize the inputs that the users inputs in a process file
if (isset($_POST['currentusername']) && $_POST['currentusername'] !== '') {
$currentusername = $_POST['currentusername'];
$allusername = '';
foreach ($vcurrentbike as $users) {
$allusername .= $users. ' ';
}
if (filter_var($allusername , FILTER_SANITIZE_STRING) === null) {
$vValidation++;
}
} else {
$currentusername= '';
}
later on in the process file to then check the input value and update/insert it
$user = $_POST['userid'];
if ($currentusername != '') {
for ($i = 0; $i < count($user); $i++) {
$userid = $bike[$i];
$valueuser = $currentusername[$i];
$sqlcheck = "Select `inf_id` FROM usertable WHERE inf_id = $vId";
$resultcheck = mysqli_query($conn,$sqlcheck);
if (mysqli_num_rows($resultcheck) >= 1) {
$stmt = $conn->prepare("UPDATE usertable SET currentusername = ? WHERE inf_id = ? and userid = ?");
$stmt->bind_param("sii", $currentperson, $infid, $ownedid);
$currentperson = $valueuser ;
$infid = $vid;
$ownedid = $userid;
$stmt->execute();
//the update code works (tried and tested) just using
//exit to see where the code goes.
exit('1');
} else {
//this is where the insert value would be however I can
//never get it to echo 0 when it exits; instead i just get a HTTP 500;
exit('0');
}
};
} else {
exit('fails');
}
In the End I want it to be able to check if the user has inputted values and then depending on if they have or have not then either insert or update it. and if the user hasn't just ignore it. and move onto the next field
Edit
it basically has 2 levels to this statement
Level 1:
1.1) if user input is empty then ignore it completely.
1.2) if user input has a value check it against the database
Level 2:
2.1) if the value exists in database then update the values
2.2) if the values don't exists then insert it into the database.
Error I'm running into is that if the value is not in the database to begin with it will create an empty input field.
Now when a user then adds text to the empty field it wants to update it but it doesn't exists. so through out errors at me as there is nothing to update
The States of the input field can be :
1) empty with no value at all
2) Has a value now added so it is not in the db
3) has a value from initial submission of form that is in db
EDIT 2: add more button
<button type="button" onclick="addMoreRows('user')"> Add More Current Usernames</button>
<div id="currentuser"></div>
var itemTypes = {
user:{
maxLimit: 4,
currentCount: 1,
selector: '#currentuser',
newElement: '<div class="moreusersadd"><input type="text" name="currentusernameadd[]" class="currentusernameadd" placeholder="Current Bikes" ><button class="delete" onclick="deleteRow(this, \'user\')">Delete</button></div>'
}
}
function addMoreRows(type){
var item = itemTypes[type];
if (item.currentCount < item.maxLimit) {
item.currentCount++;
$(item.selector).append(item.newElement);
}
else {
alert('You Have Reached the limits')
}
}
function deleteRow(event, type){
$(event).parent('div').remove();
itemTypes[type].currentCount--;
};
I think this is kind of what you want.
I used my own users table as an example but you should be able to just change the queries to your own tables and columns.
If you have any issue with it just show us your full table structure and I can update it.
<?php
include_once("web/connection.php");
echo "<form method='POST' action='test.php'>";
echo "<table>";
$sql = "SELECT * FROM users";
$stmt = DB::run($sql);
$count = $stmt->rowCount();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$id = $row['id'];
$username = $row['username'];
$password = $row['password'];
echo "<tr>";
echo "<td><input type='text' name='username_".$id."' value='".$username."'></td>";
echo "<td><input type='text' name='password_".$id."' value='".$password."'></td>";
echo "</tr>";
}
echo "<tr>";
echo "<td><input type='text' name='username' placeholder='Username'></td>";
echo "<td><input type='text' name='password' placeholder='Password'></td>";
echo "</tr>";
echo "<tr><td colspan='2'><input type='submit'></td></tr>";
echo "</table>";
echo "</form>";
for($i=1; $i<=$count; $i++){
if(isset($_POST['username_'.$i]) && isset($_POST['password_'.$i])){
$username = $_POST['username_'.$i];
$password = $_POST['password_'.$i];
$params = [$username,$password,$i];
$sql = "UPDATE users SET username=?, password=? WHERE id=?";
$stmt = DB::run($sql,$params);
}
}
if(isset($_POST['username']) && isset($_POST['password'])){
$username = $_POST['username'];
$password = $_POST['password'];
$params = [$username,$password];
$sql = "INSERT INTO users (username, password) VALUES (?,?)";
$stmt = DB::run($sql,$params);
}
?>
Edit
So this now has the added header to refresh the page and update the table after each submit.
I also added a check to make sure the new fields weren't blank so it wasn't adding an empty row. And you can now also add as many input rows as you want.
<?php
session_start();
include_once("web/connection.php");
echo "<form method='POST' action='test.php'>";
echo "<table>";
$sql = "SELECT * FROM users";
$stmt = DB::run($sql);
$count = $stmt->rowCount();
while($row = $stmt->fetch(PDO::FETCH_ASSOC)){
$id = $row['id'];
$username = $row['username'];
$password = $row['password'];
echo "<tr>";
echo "<td><input type='text' name='username_".$id."' value='".$username."'></td>";
echo "<td><input type='text' name='password_".$id."' value='".$password."'></td>";
echo "</tr>";
}
if(isset($_POST['no_of_inputs'])){
$_SESSION['new_number'] = $_POST['no_of_inputs'];
for($i=1; $i<=$_SESSION['new_number']; $i++){
echo "<tr>";
echo "<td><input type='text' name='new_username_".$i."' placeholder='Username'></td>";
echo "<td><input type='text' name='new_password_".$i."' placeholder='Password'></td>";
echo "</tr>";
}
}
echo "<tr><td colspan='2'><input type='submit'></td></tr>";
echo "</table>";
echo "</form>";
echo "<form method='POST' action='test.php'>";
echo "Add <input type='number' name='no_of_inputs' onchange='this.form.submit()'> rows";
echo "</form>";
for($i=1; $i<=$count; $i++){
if(isset($_POST['username_'.$i]) && isset($_POST['password_'.$i])){
$username = $_POST['username_'.$i];
$password = $_POST['password_'.$i];
$params = [$username,$password,$i];
$sql = "UPDATE users SET username=?, password=? WHERE id=?";
$stmt = DB::run($sql,$params);
}
}
if(isset($_SESSION['new_number'])){
for($i=1; $i<=$_SESSION['new_number']; $i++){
if((isset($_POST['new_username_'.$i]) && $_POST['new_username_'.$i]!="") && (isset($_POST['new_password_'.$i]) && $_POST['new_password_'.$i]!="")){
$username = $_POST['new_username_'.$i];
$password = $_POST['new_password_'.$i];
$params = [$username,$password];
$sql = "INSERT INTO users (username, password) VALUES (?,?)";
$stmt = DB::run($sql,$params);
header('location: test.php');
unset($_SESSION['new_number']);
}
}
}
?>
This works and is tested but if you want the basic table structure is:
CREATE TABLE `users` (
`id` int(11) NOT NULL AUTO_INCREMENT,
`username` varchar(255) NOT NULL,
`password` varchar(255) NOT NULL,
PRIMARY KEY (`id`)
)
In regards to the connection you can change the queries from how I did them like so:
Instead of:
$params = [$username,$password];
$sql = "INSERT INTO users (username, password) VALUES (?,?)";
$stmt = DB::run($sql,$params);
You could do something like this:
$stmt = $conn->prepare("INSERT INTO users (username, password) VALUES (?,?)");
$stmt->bind_param($username,$password);
$stmt->execute();
I have been able to display the data from my database on to my website and I'm trying to delete a single row.
Now the button works but it completely deletes everything as you may tell from the code.
I have no idea on how to assign the delete button to a specific row in my table, where it just deletes that data in that specific row.
On top of this I have one delete button that sits upon my table and have no clue on how to set separate delete buttons for each row given.
admin.php (Displaying my data)
<?php
echo "<table style='box'>";
echo "<tr><th>ID</th><th>First Name</th><th>Last Name</th><th>Role</th>
<th>Email</th><th>Username</th><th>Delete</th><th>Amend</th></tr>";
class TableRows extends RecursiveIteratorIterator {
function __construct($it) {
parent::__construct($it, self::LEAVES_ONLY);
}
function current() {
return "<td style='box'>" . parent::current(). "</td>";
}
function beginChildren(){
echo "<tr>";
}
function endChildren(){
echo "</tr>";
}
}
require 'connection.php';
try {
$stmt = $conn->prepare("SELECT id, FirstName, LastName, Role, Email, Username FROM users");
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
foreach(new TableRows(new RecursiveArrayIterator($stmt->fetchAll())) as $k=>$v){
echo $v;
}
}
catch (PDOException $e){
echo "Error: " . $e->getMessage();
}
$conn = null;
?>
<form method="post" action="delete.php">
<input <input class="btn-default" type="submit" name="login" value="Delete">
</form>
<?php
echo "</table>";
?>
delete.php
<?php
$servername = 'localhost';
$username = 'root';
$pass = 'root';
$database = 'tutor_database';
try {
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
//sql to delete record.
$sql = "DELETE FROM users WHERE id = id";
$conn->exec($sql);
echo "Record deleted!";
} catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
I would show an image but I don't have enough reputation points to display it.
The WHERE clause in your DELETE statement will always return to true. On every row, ID will always equal ID. Hence, everything is deleted. You need to pass a parameter to delete script to filter on the row you want deleted. You can do so by a hidden HTML input value using get="method" of <form>.
However, the key is how to obtain that id from webpage's select query. Additionally, you will want to put the input button at the end of each row to delete the corresponding row's id. For these two items, you might have to return to traditional loop onto web page instead of the RecursiveArrayIterator() because we need to add a non fetched object (form delete button) into table.
admin.php (notice form button as last table cell of each row)
...same code as above...
try {
$stmt = $conn->prepare("SELECT id, FirstName, LastName, Role, Email, Username FROM users");
$stmt->execute();
$result = $stmt->setFetchMode(PDO::FETCH_ASSOC);
while($row = $result->fetch()) {
?>
<tr>
<td style="box"> <?php echo $row['id']; ?></td>
<td style="box"> <?php echo $row['FirstName']; ?></td>
<td style="box"> <?php echo $row['LastName']; ?></td>
<td style="box"> <?php echo $row['Role']; ?></td>
<td style="box"> <?php echo $row['Email']; ?></td>
<td style="box"> <?php echo $row['Username']; ?></td>
<td>
<form method="get" action="delete.php">
<input type="hidden" name="rowid" value="<?php echo $row['id']; ?>">
<input class="btn-default" type="submit" name="login" value="Delete">
</form>
</td>
<tr>
<?php
}
}
catch (PDOException $e){
echo "Error: " . $e->getMessage();
}
$conn = null;
delete.php (notice $id generated from $GET() and used in delete query)
$servername = 'localhost';
$username = 'root';
$pass = 'root';
$database = 'tutor_database';
try {
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $pass);
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// OBTAIN ROWID FROM $_GET
if(isset($_GET['rowid'])) {
$id = $_GET['rowid'];
}
// DELETE SPECIFIED ROW
$sql = "DELETE FROM users WHERE id = ".$id;
$conn->exec($sql);
echo "Record deleted!";
} catch(PDOException $e) {
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
Trying to follow what you have. Have you tried setting the id to a var before doing?
$sql = "DELETE FROM users WHERE id = id";
Example:
$sql = "DELETE FROM users WHERE id = '$id'";
One problem is that your DELETE statement does not include a variable.
//sql to delete record.
$sql = "DELETE FROM users WHERE id = id";
You need something more like:
//sql to delete record.
$sql = "DELETE FROM users WHERE id = " . $id;
where $id is defined with the ID of the selected row.
Let's address another "hidden" problem.
Now the button works but it completely deletes everything as you may tell from the code.
Given the fact that you said this deletes ALL the records, I would guess that the id of each of your rows is the string 'id' and not a unique integer value.
DELETE FROM {table} WHERE id = {number} does not delete ALL records. It only deletes records matching the condition. You should make sure that you are setting id's correctly when adding rows. The id column should have the following properties: INT UNSIGNED NOT NULL AUTO_INCREMENT.
I am trying to create a button on my user list page to delete that row, or make that user an admin.
Here is the info for the user query and html:
<?php
$query = "SELECT * FROM users";
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute();
}
catch(PDOException $ex)
{
die("An Error has occured. Please contact the server administrator for assistance.");
}
$rows = $stmt->fetchAll();
?>
<?php foreach($rows as $row) : ?>
<?php
if($row['usertype'] == 2) {
$usertype = "<span style='color:#F7FE2E;'>Donator</span>";
} elseif($row['usertype'] == 3) {
$usertype = "<span style='color:red;'>Admin</span>";
} elseif($row['usertype'] == 4) {
$usertype = "<span style='color:orange;'>Owner</span>";
} else {
$usertype = "<span style='color:#585858;'>Normal</span>";
}
?>
<tr>
<!--<td><?php echo $row['id']; ?></td>-->
<td><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8');?></td>
<!--<td><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8');?></td>-->
<td><?php echo htmlentities($row['steamid'], ENT_QUOTES, 'UTF-8');?></td>
<td><?php echo $usertype?></td>
<td><form action="" method="post">
<input type="submit" name="admin" value="Promote" />
</form></td>
</tr>
<?php endforeach; ?>
And the code where I prepare and execute my update query:
if(!empty($_POST['admin']))
{
$query = "UPDATE `users` SET `usertype` = '3' WHERE `id` = " . $row['id'];
// $query_params = array(':id' => $row['id']);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute();
}
catch(PDOException $ex)
{
die("An Error has occured. Please contact the server administrator for assistance.");
}
}
Unfortunately I when I run this current setup, it updates the very last row. To further ask what I am looking for, is I have a list of users:
where "admin_b" is a button that forced $_POST['admin']
Billy admin_b
Bob admin_b
Jill admin_b
Jack admin_b
UPDATE:
So in my form I have an input with <input type="hidden" name="id" value="<?php $row['id']; ?>" /> and added this to my SQL $query = "UPDATE users SET usertype = '3' WHERE id = :id"; $query_params = array(':id' => $_POST['id']);
try
{
$stmt = $db->prepare($query);
$result = $stmt->execute();
}
catch(PDOException $ex)
{
die("An Error has occured. Please contact the server administrator for assistance.");
}
send an id with $_POST request, now you are always update user with id = $row['id']
WHERE `id` = " . $row['id'];
row[id]edit?=edit.php= ...
and let's say you have list all the members and beside them is an href, the code above will execute, it will display let's say Billy?edit.php=1, wherein 1 is his primary key, then for the next, when you scroll the cursor to the next href of the next user, Jim, it will display, Jim?edit.php=2, in your edit.php,
if(isset($_POST['edit])){
code goes here to make the user an admin..
You can also make an href for the delete, similar to this edit..
This is just an idea/hint that I can give to you, but your problem can be solved in many different ways, it just depends on your approach on how you could do it :D goodluck.
So, I have a simple script that allows you to choose between any of your "team names". When you choose and sumbit, it is then supposed to do a php setcookie with the value of the selection which is a hashed version of the team name.
Here is the relevant code:
<?php
include 'include/db.php';
if(isset($_POST['submitteam'])) {
$team_hash = $_POST['teams'];
setcookie('ver_aet', $team_hash, time()+2592000);
header('Location: index.php');
}
$email = $_COOKIE['ver_ame'];
//Find the User Id from the Email Hash
$sql_finduid = "SELECT * FROM users_sensitive WHERE email_hash = '$email'";
$sql_finduid_result = mysql_query($sql_finduid);
while ($row = mysql_fetch_array($sql_finduid_result)) {
$user_id = $row['user_id'];
} //End Find User Id
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
//Find the Team Id from the User Id above
$sql_findteams = "SELECT * FROM team_members WHERE user_id = '$user_id'";
$sql_findteams_result = mysql_query($sql_findteams);
if(mysql_num_rows($sql_findteams_result) < 1){
header('Location: registerteam.php?ver_ame=' . $email);
} else {
while ($row = mysql_fetch_array($sql_findteams_result)) {
$team_id = $row['team_id'];
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
if((mysql_num_rows($sql_findteams_result)) <= 1) {
$sql_findteamname = "SELECT * FROM teams WHERE team_id = '$team_id'";
$sql_findteamname_result = mysql_query($sql_findteamname);
while ($row = mysql_fetch_array($sql_findteamname_result)) {
$team_name = $row['team_name'];
$team_hash = $row['team_name_hash'];
}
setcookie('ver_aet', $team_hash, time()+2592000);
header('Location: index.php');
} else {
//setcookie('ver_ame', $teamname_hash, time()+2592000);
//setcookie('ver_aet', $email, time()+2592000);
//header('Location: index.php'); ?>
and the HTML
Select the team you would like to view: <br />
<form method="post" action="<?PHP echo $_SERVER['PHP_SELF']; ?>">
<select name="teams">
<?PHP
$sql_findteams = "SELECT * FROM team_members WHERE user_id = '$user_id'";
$sql_findteams_result = mysql_query($sql_findteams);
while ($row = mysql_fetch_array($sql_findteams_result)) {
$team_id = $row['team_id'];
/*
$sql_finduid = mysql_query("SELECT user_id FROM users WHERE email = '$email'");
$user_id = mysql_result($sql_finduid) or die(mysql_error());
*/
$sql_findteamname = "SELECT * FROM teams WHERE team_id = '$team_id'";
$sql_findteamname_result = mysql_query($sql_findteamname);
while ($row = mysql_fetch_array($sql_findteamname_result)) {
$team_name = $row['team_name'] . " ";
$team_hash = $row['team_name_hash'] . "<br />";
?>
<option value="<?= $team_hash; ?>"><?= $team_name . $team_hash; ?></option>
<?PHP
}
}
?>
</select>
<input type="submit" name="submitteam" value="Submit" />
</form>
</div>
</div>
</div>
basically, "if the submit button is clicked, set the cookie for the name of the team. If not clicked, continue. Find the cookie of your email, find out how many teams you belong to, if there is one team, make that your team cookie and continue, if not, show all available teams and allow the user to select one. loop"
I currently have the $team_hash echoing just to show that it is pulling the correct hash number (and it is). When I hit submit, it loops to the top of the page and does the setcookie statement. It sets a cookie but the cookie seems to end up having random percent signs throughout it after it is set.
What should be set: d2fea5c982b6cb3f5bffc4998d96cbe5
What is actually set: d2fea5c982b6cb3f5bffc4998d96cbe5%3Cbr+%2F%3E
Where are these extra things coming from?
The problem is that you're adding <br /> at the end of the hash when you're doing $team_hash = $row['team_name_hash'] . "<br />"; and when you're setting the value of the option, you're using $team_hash which contains a <br />. When you're doing the set cookie, the <br /> gets URL encoded hence why it's at the end of your cookie.
Simple change the line to:
$team_hash = $row['team_name_hash'];
You have a <br/> in there somehow, and PHP is url encoding it.
Right here
$team_hash = $row['team_name_hash'] . "<br />";