I'm a beginner with PHP. I watched a tutorial to create a form which modifies my wamp-created mysql database table. Copied the video at first, but then made my own table from scratch and tried to upgrade it.
My add row works correctly, but the update and remove do not. I think the WHERE clause is not correct, referencing reg_id.
I created a unique primary key, which auto-increments and cannot be modified; this is what I want to reference when changes are made (since it cannot be changed).
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE register SET First_Name='$_POST[first_name]', Last_Name='$_POST[last_name]', Breed='$_POST[breed]', Weight='$_POST[weight]', Age='$_POST[age]', Sex='$_POST[sex]' WHERE '$_POST[reg_id]'='$_POST[reg_id]'";
mysqli_query($con,$UpdateQuery);};
if (isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM register WHERE reg_id='$_POST[reg_id]'";
mysqli_query($con,$DeleteQuery);};
Here is the rest of it where the form is located:
while($record=mysqli_fetch_array($myData)){
echo "<form action=register.php method=post>";
echo "<tr>";
echo "<td>" . $record['reg_id'] . " </td>";
echo "<td>" . "<input type=text name=first_name value=" . $record['First_Name'] . " </td>";
echo "<td>" . "<input type=text name=last_name value=" . $record['Last_Name'] . " </td>";
echo "<td>" . "<input type=text name=breed value=" . $record['Breed'] . " </td>";
echo "<td>" . "<input type=int name=weight value=" . $record['Weight'] . " </td>";
echo "<td>" . "<input type=int name=age value=" . $record['Age'] . " </td>";
echo "<td>" . "<input type=text name=sex value=" . $record['Sex'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
Please help me fix it.
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE register SET First_Name='".$_POST['first_name']."',Last_Name='".$_POST['last_name']."', Breed='".$_POST['breed']."', Weight='".$_POST['weight']."', Age='".$_POST['age']."', Sex='".$_POST['sex']."' WHERE reg_id ='".$_POST['reg_id']."'";
mysqli_query($con,$UpdateQuery);
};
if (isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM register WHERE reg_id='".$_POST['reg_id']."'";
mysqli_query($con,$DeleteQuery);
};
should be enclosed by ' ,that is optional.add hidden will be more better
echo "<td><input type='hidden' name='reg_id' value='".$record['reg_id']."'></td>";
echo "<td><input type='submit' name='update' value='update'></td>";
echo "<td><input type='submit' name='delete' value='delete'></td>";
You are using $_POST without '.
Try this : {$_POST['first_name']} and replace all $_POST according to this.
So your update query will be like this :
"UPDATE register SET First_Name='{$_POST['first_name']}', Last_Name='{$_POST['last_name']}', Breed='{$_POST['breed']}', Weight='{$_POST['weight']}', Age='{$_POST['age']}', Sex='{$_POST['sex']}' WHERE reg_id='{$_POST['reg_id']}'";
There is no field with name reg_id, so your $_POST['reg_id'] will not work.Also please change your where condition. You are matching same value in where condition.
And your delete query will be :
"DELETE FROM register WHERE reg_id='{$_POST['reg_id']}'";
Your query is open for sql injection. Refer this :How can I prevent SQL injection in PHP?
display page
while($record = mysqli_fetch_array($myData)) {
echo "<table>";
echo "<tr>";
echo "<td>".$record['reg_id']."</td>";
echo "<td>".$record['First_Name']."</td>";
echo "<td>".$record['Last_Name']."</td>";
echo "<td>".$record['Breed']."</td>";
echo "<td>".$record['Weight']."</td>";
echo "<td>".$record['Age']."</td>";
echo "<td>".$record['Sex']."</td>";
echo "<td><a href='edit.php?reg_id=".$record['reg_id']."'>EDIT</a></td>";
echo "<td><a href='delete.php?reg_id=".$record['reg_id']."'>DELETE</a></td>";
echo "</tr>";
echo "</table>";
}
delete.php
<?php
if (isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM `register` WHERE `reg_id`={$_GET['reg_id']}'";
mysqli_query($con,$DeleteQuery);
header("Location: your display page");
};
?>
Edit Form
while($record = mysqli_fetch_array($myData)) {
echo '<form action="edit.php" method="Post">
<input type="text" name="First_Name" value="'.$record['reg_id'].'"/>
<input type="text" name="First_Name" value="'.$record['First_Name'].'"/>
<input type="text" name="Last_Name" value="'.$record['Last_Name'].'"/>
<input type="text" name="Breed" value="'.$record['Breed'].'"/>
<input type="text" name="Weight" value="'.$record['Weight'].'"/>
<input type="text" name="Age" value="'.$record['Age'].'"/>
<input type="text" name="Sex" value="'.$record['Sex'].'"/>
<imput type="submit" value="save" name="submit" />
</form>';
}
edit.php
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE `register` SET `First_Name`='{$_POST['first_name']}', `Last_Name`='{$_POST['last_name']}', `Breed`='{$_POST['breed']}', Weight='{$_POST['weight']}', `Age`={$_POST['age']}, Sex='{$_POST['sex']}' WHERE `reg_id`={$_GET['reg_id']}";
mysqli_query($con,$UpdateQuery);
header("Location: your display page");
};
Related
There are 3 id that been view from this table
$sql = mysqli_query($conn, "SELECT * FROM user_appointment WHERE event = '' ");
while($row = mysqli_fetch_assoc($sql)){
$id = $row["id"];
$date = $row["date"];
$office = $row['office'];
echo "<table>";
echo "<tr>";
echo "<td colspan='2'> <strong>Name: </strong>" . $row['first_name'] . " " . $row['middle_name'] . " " . $row['last_name'] . "</td>";
echo "<td><strong>You're request is: </strong>" . $row['event'] . "</td>";
echo "</tr>";
echo "<tr><td colspan='3'> <strong>Address: </strong>" . $row['address'] . " </td></tr>";
echo "<tr><td colspan='3'> <strong>Office to go: </strong>" . $row['office'] . " </td></tr>";
echo "<tr>";
echo "<td> <strong>Contact#: </strong>" . $row['phone'] . "</td>";
echo "<td> <strong>Request made from: </strong>" . $row['curdate'] . "</td>";
echo "<td> <strong>Time request: </strong>" . $row['time'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td colspan='3'><strong><i>Message: </i></strong><br>". $row['message'] . "</td>";
echo "</tr>";
echo "<tr> <td colspan='3'>";
echo "<center><form method='GET'>
<div class='center'>
<label for=''>Select Date:</label><br>
<input type='date' name='userDate' id='userDate' value='' required>
</div><br>
<button type='submit' name='approveSubmit' class='btn btn-success'>ACCEPT</button>
<button type='submit' name='rejectSubmit' class='btn btn-danger'>REJECT</button>";
echo "</form> </center>";
echo "</td></tr>";
echo "</table>";
echo 'Either I choose one of the users, it still getting the user id that been loop last';
if(isset($_GET['approveSubmit'])){
isset($_GET['userDate']);
$date = $_GET['userDate'];
header("location: ../approve_insert.php?id=$id&date=$date");
}
if(isset($_GET['rejectSubmit'])){
header("location: ../reject_insert.php?id=$id");
}
}
You are not passing the correct $id to your header: Location(...
To solve this you would need to pass the id of the user to the form as well, so this value become available when an user is clicked.
You can do this by adding an extra hidden input to the form you are creating
<input type='hidden' name='id' value='".$id."' />
Also there is no need to place the code that controls the action you want to do inside the loop that creates the table. Just place it above (or below) the code that generates the table
<?php
if(isset($_GET['approveSubmit'])){
$date = $_GET['userDate'];
header('location: ../approve_insert.php?id='.$_GET['id'].'&date='.$date);
exit;
}
if(isset($_GET['rejectSubmit'])){
header('location: ../reject_insert.php?id='.$_GET['id']);
exit;
}
$sql = mysqli_query($conn, "SELECT * FROM user_appointment WHERE event = '' ");
while($row = mysqli_fetch_assoc($sql)){
$id = $row["id"];
$date = $row["date"];
$office = $row['office'];
echo '... table start ...';
echo "<center><form method='GET'>
<div class='center'>
<label for=''>Select Date:</label><br>
<input type='date' name='userDate' id='userDate' value='' required>
</div><br>
<button type='submit' name='approveSubmit' class='btn btn-success'>ACCEPT</button>
<button type='submit' name='rejectSubmit' class='btn btn-danger'>REJECT</button>
<input type='hidden' name='id' value='".$id."' />
";
echo "</form> </center>";
echo '... table end ...';
}
Keep in my mind you would still need to sanitize the input of $_GET['id'] and $_GET['userDate'] before using it in your code/queries
My assumption at this point is that multiple users meet the conditions at the end of your loop. If your goal is to redirect to the location specified, from the first header location call, you'd have to prevent the loop from continuing. Typically this would be done with exit().
header("location: ../reject_insert.php?id=$id");
exit();
Also, you're going to get an error that you can't set headers because you've already output body content. The header("location...") can only be called before your echo ... statements.
Basically I am not getting any errors when I press update or add. Can anyone help me out? I want it so when I press add it adds that data to the database, and when I press update it updates the database with that value.
<html>
<head>
<title>Subcontractors Data</title>
</head>
<body>
Logout
Homepage
<?php
//make connection
$con = mysqli_connect("localhost","root","");
if(!$con){
die("Can not connect " . mysqli_error());
}
//select db
mysqli_select_db($con , 'subcontractor');
$sql="SELECT * FROM subcontractors";
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE subcontractors SET ID='$_POST[ID]', Name='$_POST[Name]', Surname='$_POST[Surname]', FPA='$_POST[FPA]', Performance='$_POST[Performance]' WHERE ID='$_POST[hidden]'";
mysqli_query($con, $UpdateQuery);
};
if(isset($_POST['add'])){
$AddQuery = "INSERT INTO subcontractors (ID, Name, Surname, FPA, Performance) VALUES ('$_POST[aID]','$_POST[aName]','$_POST[aSurname]','$_POST[aFPA]','$_POST[aPerformance]')";
mysqli_query($con, $AddQuery);
};
$my_Data=mysqli_query($con,$sql);
echo "<table border=1>";
echo"<tr>";
echo"<th>ID</th>";
echo"<th>Name</th>";
echo"<th>Surname</th>";
echo"<th>FPA</th>";
echo "<th>Performance</th>";
echo "</tr>";
while($record=mysqli_fetch_assoc($my_Data)){
echo "<form action=editsub.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name='ID' value=".$record['ID'] ." </td>";
echo "<td>" . "<input type=text name='Name' value=".$record['Name'] . " </td>";
echo "<td>" . "<input type=text name='Surname' value=".$record['Surname'] . " </td>";
echo "<td>" . "<input type=text name='FPA' value=".$record['FPA'] . "% </td>";
echo "<td>" . "<input type=text name='Performance' value=".$record['Performance'] . "% </td>";
echo "<input type=hidden name='hidden' value=" . $record['ID'] . ">";
echo "<input type=submit name='update' value='update'>";
echo "</tr>";
echo "</form>";
}
echo "<form action=editsub.php mehtod=post>";
echo "<tr>";
echo "<td><input type=text name='aID'></td>";
echo "<td><input type=text name='aName'></td>";
echo "<td><input type=text name='aSurname'></td>";
echo "<td><input type=text name='aFPA'></td>";
echo "<td><input type=text name='aPerformance'></td>";
echo "<td>" . "<input type=submit name='add' value='add'" . " </td>";
echo "</form>";
echo "</table>";
mysqli_close($con);
?>
</body>
</html>
This way you can check error.
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
I decided to make my database with an active hyperlink so when I find a record I click on an email address and and email is opened. BUT I have a problem with update, When I want to make a correction to the entry and when I press update the email disappears and I get:
Notice: Undefined index: Mail in /Applications/XAMPP/xamppfiles/htdocs/robocze/mydata_dodaj_test_1.php on line 36
I can add records but I can't update...
Can You please help me, thank You
the code:
<?php
session_start();
if(!isset($_SESSION["sess_user"])){
header("location:login.php");
} else {
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Baza Klientów</title>
</head>
<body>
<h3>Welcome, <?=$_SESSION['sess_user'];?>! Logout </h3>
<input type="button" onclick="location.href='mydata_dodaj_test_1.php';" value="Powrót do wyszukiwania" />
<input type="button" onclick="location.href='index.php';" value="MENU powrót" />
<h2><b><center>Wyszukiwanie Klientów ITalents</center></b></h2>
<?php
}
?>
<?php
$con = mysql_connect("","","","");
if (!$con){
die("Błąd połączenia: " . mysql_error());
}
mysql_select_db("baza",$con);
if(isset($_POST['update'])) {
$UpdateQuery = "UPDATE Klienci SET id='$_POST[id]', Firma='$_POST[Firma]', Mail='$_POST[Mail]', Data='$_POST[Data]', Konsultant='$_POST[Konsultant]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery,$con);
};
if(isset($_POST['add'])) {
$AddQuery = "INSERT INTO Klienci (id, Firma, Mail, Data, Konsultant) VALUES ('$_POST[uid]','$_POST[uFirma]','$_POST[uMail]','$_POST[uData]','$_POST[uKonsultant]')"; // this is the 36 line
mysql_query($AddQuery,$con);
};
if(isset($_POST['search']))
{
$valueToSearch = $_POST['valueToSearch'];
$query = "SELECT * FROM Klienci WHERE CONCAT(Firma, Mail, Konsultant) LIKE '%".$valueToSearch."%'";
$search_result = filterTable($query);
}
else {
$query = "SELECT * FROM Klienci ORDER BY id ASC";
$search_result = filterTable($query);
}
function filterTable($query)
{
$con = mysql_connect("","","","");
if (!$con){
die("Błąd połączenia: " . mysql_error());
}
mysql_select_db("baza",$con);
$filter_Result = mysql_query($query, $con);
return $filter_Result;
};
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<input type=text name=valueToSearch placeholder=wpisz>";
echo "<input type=submit name=search value=Szukaj>";
echo "<table align=center style=text-align:center border=5>
<tr>
<th>ID</th>
<th>Firma</th>
<th>Mail</th>
<th>Data</th>
<th>Konsultant</th>
</tr>";
while($row = mysql_fetch_array($search_result)) {
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=int name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=varchar name=Firma value=" . $row['Firma'] . " </td>";
echo "<td>" . "<a href='mailto:{$row['Mail']}'>" . $row['Mail'] . " </td>";
echo "<td>" . "<input type=date name=Data value=" . $row['Data'] . " </td>";
echo "<td>" . "<input type=varchar name=Konsultant value=" . $row['Konsultant'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<tr>";
echo "<td><input type=text name=uid></td>";
echo "<td><input type=varchar name=uFirma></td>";
echo "<td><input type=text name=uMail></td>";
echo "<td><input type=text name=uData></td>";
echo "<td><input type=text name=uKonsultant></td>";
echo "<td>" . "<input type=submit name=add value=dodaj" . " </td>";
echo "</form>";
echo "</table>";
?>
<input type="button" onclick="location.href='mydata_dodaj_test_1.php';" value="Powrót do wyszukiwania" />
<input type="button" onclick="location.href='index.php';" value="MENU powrót" />
</body>
</html>
As error stated undefined index in your update statement
$UpdateQuery = "UPDATE Klienci SET id='$_POST[id]', Firma='$_POST[Firma]', Mail='$_POST[Mail]', Data='$_POST[Data]', Konsultant='$_POST[Konsultant]' WHERE id='$_POST[hidden]'";
you are accessing $_POST[Mail] which is no where in your form.
This question already has answers here:
Why would $_FILES be empty when uploading files to PHP?
(22 answers)
Closed 8 years ago.
I am trying to build a file uploader, with a youtube tutorial that doesn't cover files, and right now I am stuck on the name. Using $_Files returns nothing and I am unsure as to why. :/
I tried to echo it out, but nothing comes back.
Everything else seems to work though.
<html>
<head>
</head>
<body>
<?php
error_reporting(-1);
ini_set('display_errors', 'On');
$con = mysql_connect("localhost","root","root");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("example",$con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE repo SET location='$_POST[location]', name='$_POST[name]', description='$_POST[description]' WHERE location='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM repo WHERE location='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
if(isset($_POST['add'])){
$AddQuery = "INSERT INTO repo (name, id, image, location, partners, description, date) VALUES ('$image_name', '','$_POST[uimage]', '$_POST[ulocation]', '$_POST[upartners]', '$_POST[udescription]', NOW())";
mysql_query($AddQuery, $con);
};
$sql = "SELECT * FROM repo";
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>Image</th>
<th>Name</th>
<th>Location</th>
<th>Partners</th>
<th>Description</th>
<th>Date</th>
</tr>";
while($record = mysql_fetch_array($myData)){
?>
<form action="mydata5.php"
method="post" enctype="multipart/form-data">
<?php
echo "<tr>";
echo "<td>" . "<img src=Assets/Images/" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=topic value=" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=name value=" . $record['location'] . " </td>";
echo "<td>" . "<input type=text name=name value=" . $record['partners'] . " </td>";
echo "<td>" . "<input type=text name=description value=" . $record['description'] . " </td>";
echo "<td>" . "<input type=text name=description value=" . $record['date'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['location'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=mydata5.php method=post>";
echo "<tr>";
// echo "<td><input type=file name=uimage></td>";
?>
<td><input type="file" name="uimage" id="uimage"></td>
<?php
$file = $_FILES['uimage']['tmp_name'];
$image_name = mysql_real_escape_string($_FILES['uimage']['name']);
echo $_FILES['uimage']['error'];
echo "<td><input type=hidden name=uname></td>";
echo "<td><input type=text name=ulocation></td>";
echo "<td><input type=text name=upartners></td>";
echo "<td><input type=text name=udescription></td>";
echo "<td>" . "<input type=submit name=add value=add" . " </td>";
echo "</form>";
echo "</table>";
mysql_close($con);
?>
</body>
</html>
You need to add enctype="multipart/form-data" in the form tag.
For file type fields you need to add enctype attribute in your form so that uploaded files can be access using $_FILES
Update form starting tag with below
<form action="mydata5.php"
method="post" enctype="multipart/form-data">
Check your Insert Query.You are using $_POST for image name. That is wrong.
Dont mind the security issues, this is just local testing, but when ever i click the update button none of the changes go through on the page or on the query and i get no erros.
<?php
$link = mysqli_connect("localhost", "root", "", "test") or die("could not connect");
if (isset($_POST['update'])) {
$updateQuery = (" UPDATE `test1` SET f_name = '$_POST[f_name]', l_name='$_POST[l_name]', email='$_POST[email]' WHERE id='$_POST[id]'");
mysqli_query($link, $updateQuery);
};
$query = ("SELECT * FROM `test1`");
$result = mysqli_query($link, $query);
echo "<table border=1
<tr>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
</tr>";
while($row = mysqli_fetch_array($result)) {
echo "<form method=post action=update.php>";
echo "<tr>";
echo "<td>" . "<input type=text name=f_name value=" . $row['f_name'] . " </td>";
echo "<td>" . "<input type=text name=l_name value=" . $row['l_name'] . " </td>";
echo "<td>" . "<input type=text name=email value=" . $row['email'] . " </td>";
echo "<td>" . "<input type=hidden name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=submit value=update" . " </td>";
echo "</tr>";
}
?>
change your form to
while($row = mysqli_fetch_array($result)) {
echo "<form method=post action=update.php>";
echo "<input type=hidden name=update>";
echo "<tr>";
echo "<td>" . "<input type=text name=f_name value=" . $row['f_name'] . " </td>";
echo "<td>" . "<input type=text name=l_name value=" . $row['l_name'] . " </td>";
echo "<td>" . "<input type=text name=email value=" . $row['email'] . " </td>";
echo "<td>" . "<input type=hidden name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=submit value=update" . " </td>";
echo "</tr>";
}
POST keys should be in quotes. Try this instead:
$updateQuery = "UPDATE test1 SET f_name = ".$_POST['f_name'].", l_name=."$_POST['l_name'].", email=".$_POST['email']." WHERE id=".$_POST['id'];
Try this:
$updateQuery = ("UPDATE `test1` SET f_name = '{$_POST['f_name']}', l_name='{$_POST['l_name']}', email='{$_POST['email']}' WHERE id='{$_POST['id']}'");
Also you can try echoing something inside your if (isset($_POST['update'])) { to make sure it is testing true.
Here is your problem:
if (isset($_POST['submit']) && $_POST['submit'] == 'update') {
The name of the submit button is submit not update, the value is update.