Hey my code keeps on giving me an error when trying to update it on submit
This is my code (I also have tinymce on the textarea but never had any issue with it before.)
<form method="post">
<legend>Edit PClass</legend>
<div class="form-group">
<label for="descr">Description</label>
<textarea type="text" class="form-control" rows="6" id="descr" name="descr" placeholder="Description"></textarea>
</div>
<input type="submit" class="btn btn-default" name="Csubmit" value="Submit">
</form>
<?php
if (isset($_POST['Csubmit']))
{
$descr = $_POST['descr'];
$sql= "UPDATE INTO pclass(descr) VALUES ('".mysqli_real_escape_string($con,$descr)."')";
mysqli_query($con, $sql) or die(mysqli_error($con));
echo $sql;
$_SESSION['message']="PClass Edited";
}
?>
Your update query is wrong
Your update query should be like this :
UPDATE table_name
SET column1=value, column2=value2,...
WHERE some_column=some_value
So, update your query as below :
$sql= "UPDATE `pclass` set `descr`='".mysqli_real_escape_string($con,$descr)."'";
Hope it helps.
perhaps more like this?
$sql= "UPDATE `pclass` set `descr`='".mysqli_real_escape_string($con,$descr)."'";
that said,you ought to use prepared statements rather than embedding variables directly into your sql.
Related
I already connected my sql to database, but my isset post does not work
<div class="container" style="margin-top:60px;margin-bottom:60px;">
<div class="form-group pull-right">
</div>
<div class="row">
<p> Set Start DateTime<p>
<input type="datetime-local" name="start"><br><br>
<button type="submit" class="btn btn-primary" name="submit1">SUBMIT</button>
<br><br>
<p> Set Deadline<p>
<input type="datetime-local" name="end"><br><br>
<button type="submit" class="btn btn-primary" name="submit2">SUBMIT</button>
<br><br>
</div>
</div>
<?php
if(isset($_POST['submit1'])){
$name = $_POST['start'];
$sql = "UPDATE tbdeadline SET
start = '$name'
WHERE id = '1'
";
if ($this->con->query($sql) === TRUE){
echo '<script>window.location.href="deadline.php"</script>';
}
else{
echo 'error';
}
}
?>
I want to update datetime in my "user" database whose table name is "start" and id = "1"
But my html is getting nowhere. It is not showing any error or anything else.
What am I doing wrong, how can I fix this?
I think value from is not send via $_POST. If I want to check if form is send I use
<input type="hidden" name="submit1" value="1" />
And check via
if (isset($_POST['submit1'])
Try it.
The sql code is vulnerable to SQL injection - or it would be if it were not within single quotes rather than double. Using single quotes means that any PHP variable within must be escaped - easier to use double quotes and the values of the variables will be OK.
<p> Set Start DateTime<p>
<input type='datetime-local' name='start'><br><br>
<button type='submit' class='btn btn-primary'>SUBMIT</button>
<br><br>
<p> Set Deadline<p>
<input type='datetime-local' name='end'><br><br>
<button type='submit' class='btn btn-primary'>SUBMIT</button>
<br><br>
</div>
</div>
<?php
if( isset( $_POST['start'],$_POST['end'] )){
$name = $_POST['start'];
$end = $_POST['end'];
/* This is vulnerable to SQL injection !! */
/* use double quotes around sql or better mysqli/PDO and `prepared statements` */
$sql = "UPDATE tbdeadline SET start = '$name' WHERE id = '1'";
if( $this->con->query($sql) === TRUE ){
echo '<script>window.location.href='deadline.php'</script>';
} else{
echo 'error';
}
}
?>
You forgot to add the values for your Submit buttons.
You need to update your Submit buttons like below:
<button type="submit" class="btn btn-primary" name="submit1" value="start">SUBMIT</button>
<button type="submit" class="btn btn-primary" name="submit2" value="end">SUBMIT</button>
Also make sure your form method must be POST like below:
<form method="post">
If you still get isset error then you need to debug your $_POST to check whether form data is coming via form or not. Add below code before if condition to test:
print_r($_POST); die;
And use MySqli Prepared Statements for updating your query to make it more Secure.
Follow below link to learn more:
http://php.net/manual/en/mysqli.quickstart.prepared-statements.php
I have a form to submit with post, to my table in my database. However whenever I hit submit is says failure. I had several validation scripts that I removed to try and figure out why the form was not submitting.
I checked many of the answered questions regarding INSERT using mysqli_query, but none seemed to answer my question. I am aware the HTML structure is probably poor, this is just to get the script working correctly first. its really not complicated, I don't understand whats wrong here.
I have a registration form, and my other forms on the site I'm working on all work fine, update date their tables correctly. Don't know what I'm missing here.
<?php
include('db.php');
$event_name='';
$place='';
$time='';
$date='';
$description='';
$event_name=strip_tags($_POST['event_name']);
$place=strip_tags($_POST['place']);
$time=strip_tags($_POST['time']);
$date=strip_tags($_POST['date']);
$description=strip_tags($_POST['event_description']);
if(isset($_POST['submit'])) {
$query = "INSERT INTO user_posts (title, location, time, date, description)";
$query .= "VALUES ($event_name','$place','$time','$date','$description')";
if (mysqli_query($connection, $query)) {
echo "<h2> your post has been submitted </h2>";
}
else {
die('failure');
}
}
and the html form
<body>
<div class="box-1">
<form action="create_post_script.php" method="post" id="event_form">
<div class="box-2">
<input type="text" name="event_name" placeholder="event title" />
</div>
<div class="box-3">
<input type="text" name="place" placeholder="location" id="box-3" />
</div>
<div class="box-4">
<input type="time" name="time" id="box-4" />
</div>
<div class="box-4">
<input type="date" name="date" id="box-4" />
</div>
<div class="box-5">
<h4> <center> ... </center> </h4>
<textarea class="text-area" name="event_description" id="event_form" >
</textarea>
<input type="submit" value="submit" name="submit" placeholder="submit"/>
</div>
<div class="box-6">
<div class="box-7">
<h4> </h4>
</div>
</div>
</form>
</div>
When I hit submit, the resulting page confirms my connection and says 'failure', is this because of the way that I have the submit input field for the <text-area>?
try this
$query = "INSERT INTO user_posts (title, location, time, date, description) ";
$query .= "VALUES ('$event_name','$place','$time','$date','$description')";
you missing single quotes
<?php
$query = "INSERT INTO user_posts (title, location, time, date, description)";
$query .= "VALUES ('$event_name','$place','$time','$date','$description')";
// ^^^
// here missing single quotes
echo $query;
?>
Code look's fine, but only one thing you're missing a single quote ' in inserting values.
$query .= "VALUES ($event_name','$place','$time','$date','$description')";
Change To
$query .= "VALUES ('$event_name','$place','$time','$date','$description')";
I have been trying to solve this and need some help. I have a user that logs in and I am passing that variable through Sessions. The main pages are templates that populate based on a key word search (I am passing the variable as a POST) and fill in based off of the information in the database.Now I am creating a way for the users to comment. Below is my basic form. I am getting stuck when i want to bring through one of the values of the database. I will call it $place for this explanation.
while($row = mysqli_fetch_array($result)) {
$place=$row['place'];}
<form action="post_comment.php" method="POST">
<textarea name="comment" cols="50" rows="6" placeholder="Give Your Review!"></textarea><br/>
<input type="submit" value="Comment" class="btn btn-custom" role="button"/>
</form>
in the post_comment.php I have the following
$query="SELECT displayname FROM Users WHERE id='".$_SESSION['id']."' LIMIT 1";
$result2 = mysqli_query($link,$query);
$row = mysqli_fetch_array($result2);
$name=$row['name'];
$query="INSERT INTO `comments` (`comment`, `user`, `place`) VALUES ('".mysqli_real_escape_string($link, $_POST['comment'])."', '".mysqli_real_escape_string($link, $name)."', '".mysqli_real_escape_string($link, $place)."'";
mysqli_query($link, $query);
Can someone explain how to bring $place over to post_comment?
Thank you!
Guessing $place is an id, I would write it in the form as a hidden field, then you can read it also in your post vars.
So you would write your form like this:
<form action="post_comment.php" method="POST">
<input type="hidden" name="place" value="<? echo $place; ?>" />
<textarea name="comment" cols="50" rows="6" placeholder="Give Your Review!"></textarea><br/>
<input type="submit" value="Comment" class="btn btn-custom" role="button"/>
</form>
There's no problem with your $name variable.
However, for $place, you can use a PHP Session. Using a PHP Session is more secure than using a hidden field if you have sensitive information. Having a hidden field will allow users to manually edit the information by using Inspect Element.
1st PHP File
while($row = mysqli_fetch_array($result)) {
$place=$row['place'];}
session_start();
$_SESSION["place"] = $place;
post_comment.php
session_start(); //include at the start of your PHP Script
$comment = mysqli_real_escape_string($link, $_POST['comment']);
$name = mysqli_real_escape_string($link, $_POST["name"]);
$place = mysqli_real_escape_string($link, $_SESSION["place"]);
$query="INSERT INTO `comments` (`comment`, `user`, `place`) VALUES ('$comment', '$name', '$place')";
what is the issue with this code , I'm using a form to insert some values into a database , i have a controller setup like that. when i submit the form , the value was not posted in the database, but if i remove all others fields and left only 2 fields in the form and post it ,it works so there's something that i miss,been trying to resolve for more than 6 hours .please some help :
//database insertion
if (isset($_POST['VideoTITLE']))
if (isset($_POST['ByArtist']))
if (isset($_POST['GroupName']))
if (isset($_POST['URL']))
if (isset($_POST['VideoDate']))
{
try
{
$sql = 'INSERT INTO videoclip SET
VideoTITLE = :VideoTITLE,
ByArtist = :ByArtist,
GroupName = :GroupName,
URL = :URL,
VideoDate = CURDATE()
';
$s = $pdo -> prepare($sql);
$s -> bindValue(':VideoTITLE',$_POST['VideoTITLE']);
$s -> bindValue(':ByArtist',$_POST['ByArtist']);
$s -> bindValue(':GroupName',$_POST['GroupName']);
$s -> bindValue(':URL',$_POST['URL']);
$s -> execute();
}
catch(PDOException $e)
{
$error = 'error adding submitted data' . $e-> getMessage();
include 'error.html.php';
exit();
}
header('Location:.');
exit();
}
here's my html form setup:
<form action="?" method="post" class="form-horizontal">
<legend>Song Info</legend>
<fieldset>
<label>Song Title </label>
<input type="text" id="VideoTITLE" name="VideoTITLE" placeholder="song name…">
<label>Artist </label>
<input type="text" id="ByArtist" name="ByArtist" placeholder="artist name…">
<label>Musical Group</label>
<input type="text" id="GroupName" name="GroupName" placeholder="Type something…">
<label>Poster link</label>
<input type="text" id="URL" name="URL" placeholder="Type something…">
</fieldset><br>
<input type="submit" class="btn btn-success" value="Post video">
</form>
Its a couple of problems, maybe more:
You have isset($_POST['VideoDate']) in your if condition which will always be false since VideoDate is not in your form. You should take this out since you seem to want to set it using CURDATE() in your insert script.
your insert statement is incorrect. mysql inserts typically look like INSERT INTO TABLE_NAME (COL1, COL2) values('VALUE1', 'VALUE2'); so you should change your insert code to look like
$sql = 'INSERT INTO videoclip (VideoTITLE, ByArtist, GroupName, URL, VideoDate) values (:VideoTITLE, :ByArtist, :GroupName, :URL, CURDATE())';
Your syntax is incorrect for INSERT. It should be something like:
$sql = 'INSERT INTO videoclip (VideoTITLE, ByArtist, GroupName, URL, VideoDate)
VALUES (:VideoTITLE, :ByArtist, :GroupName, :URL, CURDATE())';
In addition, $_POST['VideoDate'] is not valid as you do not have it in your form.
You're doing the if statements wrong.
if (isset($_POST['VideoTITLE']) && isset($_POST['ByArtist']) && isset($_POST['GroupName'])
&& isset($_POST['URL']) && isset($_POST['VideoDate'])) {
....
}
This is basic programming stuff, so you might want to get a good introductory book to programming or PHP.
I have set up the following form:
<form name="pric" method="post" action="up.php">
<div id="prices_col">Season A<br>
<input type='text' name="date0" maxlength="13" size="15" style="font-size: 9px;" value="<?php echo $_date[0]?>" />
</div>
<div align="middle"><input type="submit" value="EDIT"></div>
</form>
Information in database right now was like this ($_date[0] contains):
04/06 - 25/06
After posting the information, it decided to run the expression and I got something like:
-1.333333333
I use the following code:
$_date[0] = trim($_POST["date0"]);
mysql_query("UPDATE price SET _date=".$_date[0]." WHERE id='0'") or die(mysql_error());
How can I stop it from executing? I need to store the value as a plain text to the database.
mysql_query("UPDATE `price` SET `_date`='".mysql_real_escape_string(trim($_POST["date0"]))."' WHERE `id`=0") or die(mysql_error());
as _date is a text field and mysql_real_escape_string for security