I have a Drupal-7 local website and I have a form/button in an article. I want when the button is clicked to be able and track the username and the password of those who clicked the button. The form html code is the following:
<form action="mysql-query.php" method="post" onsubmit="return Press(this)">
<input type="text" name="email" style="display:none;">
<input type="submit" value="Press here" id="test">
</form>
I have created from phpmyadmin a new column on users table called button, which is an Int(1) with default value=0 and the mysql-query.php file contains this code:
<?php
$_POST["email"];
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "drupal";
// Create connection
$conn = mysql_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysql_connect_error());
}
mysql_select_db($dbname);
$sql = mysql_query("UPDATE users SET button='1' WHERE email=loggedInMail");
$output = mysql_query("SELECT name, mail FROM users WHERE button='1'");
?>
I clicked on the button, and checked users table, but all the users I created have a button 0 value. Any ideas of what's wrong?
change line:
$_POST["email"];
to
$postemail = $_POST["email"];
change line:
$sql = mysql_query("UPDATE users SET button='1' WHERE email=loggedInMail");
to
$sql = mysql_query("UPDATE users SET button='1' WHERE email='".$postemail."'");
Related
I created this for one of my projects. We have a webshop where users can enter their credentials and order products. The current solution puts all the data into a .csv-file and I was tasked with creating a mysql database as a new solution.
I added a simple HTML insert for the user to enter his name, but if I try to run the script I get a syntax error for line 19. I'm new to programming and therefore not sure what the error is here.
<!DOCTYPE html>
<html>
<body>
<?php
$servername = "localhost";
$username = "localhost";
$password = "";
$dbname = "test"
// create a variable
$Vorname=$_POST['Vorname'];
$Nachname=$_POST['Nachname'];
//Execute the query
mysqli_query($connect "INSERT INTO tbl_bestellungen(Vorname,Nachname)
VALUES('$Vorname','$Nachname')");
<?php include 'database.php';>
if(mysqli_affected_rows($connect) > 0){
echo "<p>Bestellung erfasst</p>";
} else {
echo "Bestellvorgang fehlgeschlagen<br />";
echo mysqli_error ($connect);
<h2>Text Input</h2>
<form>
Vorname:<br>
<input type="text" name="Vorname">
<br>
Nachname:<br>
<input type="text" name="Nachname">
<input type="submit" name="button1" value="Senden">
</form>
</body>
</html>
Thanks in advance.
Well you should do like this way:
$servername = "localhost";
$username = "localhost";
$password = "";
$dbname = "test"
$dbConn = mysqli_connect($servername, $username, $password, $dbname);
if(!$dbConn){
echo "No Db connected";
}
//above connection code should be in a separate file and include in all files or header
$Vorname=$_POST['Vorname'];
$Nachname=$_POST['Nachname'];
$query = "INSERT INTO tbl_bestellungen (Vorname,Nachname)
VALUES('$Vorname','$Nachname')";
or you can set query like
$query = "INSERT INTO tbl_bestellungen (Vorname,Nachname)
VALUES('".$Vorname."','".$Nachname."')";
if($dbConn->query($query)){
echo "Record inserted !";
}else{
echo "Record cannot be inserted !";
}
Before anyone says this is a duplicate, I have checked and tried the solutions from this previously asked question. My question is different, I believe, because I don't have a separate php file - it's coded with tags in my HTML (so everything is in the same document).
Here is my PHP (database info left empty):
<?php
session_start();
$dbhost = '****';
$dbuser = '****';
$dbpass = '****';
$dbname = '****';
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
$email=$_POST['email'];
$query="INSERT INTO tableName(email)
VALUES('$email')";
mysqli_free_result($result);
mysqli_close($connection);
?>
Here is my Materialize/HTML form:
<form action="/thankyou.php" method="POST">
<p class="input-header">Enter Your Email:</p>
<input id="email" type="email" name= "email" class="validate" required>
<br></br>
<input class="waves-light btn indigo lighten-2" type="submit">
<br></br>
<br></br>
<br></br>
</form>
Any ideas for why it's not working? I checked my MAMP phpmyadmin database and nothing is getting added. Please let me know if you have any suggestions! Thanks!
This will help you: As you haven't added mysqli_query and because of that it wasn't adding data. Also here I am checking whether the form is submitted as you mentioned it's a single file.
<?php
// check if form is submitted
if(!empty($_POST['email'])) {
$dbhost = '****';
$dbuser = '****';
$dbpass = '****';
$dbname = '****';
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
// this line prevents sql injection
$email = mysqli_real_escape_string($connection, $_POST['email']);
$query="INSERT INTO tableName(email) VALUES('$email')";
// this statement runs your query and actually adds data to mysql
if (mysqli_query($connection, $query)) {
echo "New record created successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($connection);
}
mysqli_close($connection);
}
?>
I am new here and noob in programming.
I have created a script that can change a database column but now I want to take database login info from user's and the changed value from user's when they give all info correctly the script changed the database column info which was given by the user's.
Here is my login.html source code :
<html>
<center>
<form action="db.php" method="post">
DB Host: <input type="text" name="host"><br>
DB Username: <input type="text" name="usr"><br>
DB Password: <input type="password" name="psw"><br>
DB Name: <input type="text" name="dbname"><br><br><br>
Admin changed Username: <input type="text" name="admusr"><br>
Admin Changed Password: <input type="password" name="admpsw"><br>
<input type="submit">
</form>
</center>
</html>
and here is my db.php source code which can update database column info manually
<?php
$servername = "localhost";
$username = "admin";
$dbname = "mydb";
$password = "1234";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
echo "Connected successfully";
mysqli_select_db($conn,"$dbname");
$sql = "UPDATE admins SET user_login='admin1',user_pass='1234' WHERE id=1";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
Is it possible to take value from user's and changed the database column info?
Sorry for bad english.
It's very bad idea... loads of security issues. But if you want to change it from received form values just change your query to this:
// escape received values
$usr = $conn->real_escape_string($_POST['usr']);
$psw = $conn->real_escape_string($_POST['psw']);
// use them in query
$sql = "UPDATE admins SET user_login='".$usr."',user_pass='".$psw."' WHERE id=1";
You got more field which is user filling... I don't know your exact table structure. But if you want to use all of them just add received escaped values to your query:
// escape received values
$usr = $conn->real_escape_string($_POST['usr']);
$psw = $conn->real_escape_string($_POST['psw']);
$host = $conn->real_escape_string($_POST['host']);
$dbname = $conn->real_escape_string($_POST['dbname']);
$admusr = $conn->real_escape_string($_POST['admusr']);
$admpsw = $conn->real_escape_string($_POST['admpsw']);
// use all of them in query depending on your table structure
$sql = "UPDATE admins SET user_login='".$usr."',user_pass='".$psw."' WHERE id=1";
Use $_POST variable to retrieve data that user entered on login.html page
like in db.php for $servername and $username use
$servername = $_POST['host'];
$username = $_POST['usr'];
This is my form:
<form action="add.php" method="post" enctype="multipart/form-data">
<input type="url" name="url"><br>
<input type="submit" value="Upload">
</form>
Here is my add.php:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "addimage";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "INSERT INTO addimage (url)
VALUES ('')";
if (mysqli_query($conn, $sql)) {
echo "New txt added successfully";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>
Now when I upload text, it shows
txt added successfully
BUT IN PHP MY ADMIN it shows no text in Url column.
I have created 2 columns in my data base Id and Url.
It shows id number(1,2,3....) but not inserted text in php my admin.
Now when I set the value in add.php as http:\
It shows http:\ in all the fields of Url
$sql = "INSERT INTO addimage (url) VALUES ('')";
You insert an empty string into your database...
Please add $_POST['url'], and sanitize it.
I am trying to display a Website Title on my Home Page. This website title is stored in the database named mywebsite and in table settings. I want to update this with an input type text's value. The title is displayed perfectly but when I write something in the text field and submit it, the database doesn't update. I think I am doing everything right and there isn't any error displaying on my page, but still it is not working. Can anyone figure out the error?
Here's my code:
<?php
// Some database detail
$host = 'localhost';
$username = 'root';
$password = '';
$database = 'mywebsite';
// Making connection
$con = mysqli_connect($host, $username, $password, $database);
// Making a sql query for "Website Title" and saving it in variable $query
$query = "SELECT * FROM settings WHERE NameOfSetting='Website Title'";
// Applying query
$result = mysqli_query($con, $query);
// Fetching data from database
$row = mysqli_fetch_array($result);
if (isset($_POST['submit'])) {
$title = $_POST['text'];
mysqli_query($con, "UPDATE settings SET TheSetting=$title WHERE NameOfSetting='Website Title'");
}
?>
<h1><?php echo $row['TheSetting']; ?></h1>
<form method="POST">
<input type="text" placeholder="Change the title" name="text">
<input type="submit" name="submit">
</form>
EDIT: When I enter any numbers in the field and then submit and refresh it works fine but it's only working with numbers not with alphabets. I don't know why?
This line:
SET TheSetting=$title
$title needs to be wrapped in quotes:
SET TheSetting='$title'
Sidenote: You may also want to change this line (as a security precaution):
$title = $_POST['text'];
to:
$title = mysqli_real_escape_string($con,$_POST['text']);
Try with
mysqli_query($con, "UPDATE settings SET TheSetting='$title' WHERE NameOfSetting='Website Title'");
Well you can always do some sort of error checking. I.e. using or die(mysqli_error);
$con = mysqli_connect($host, $username, $password, $database)or die(mysqli_error);
This will atleast give you an idea of what your proplem is. Use this error checking method every time you connect, query, or close a database.
use this code it will solve your problem.
<?php
// Some database detail
$host = 'localhost';
$username = 'root';
$password = '';
$database = 'mywebsite';
// Making connection
$con = mysqli_connect($host, $username, $password, $database)or die(mysqli_error());
// Making a sql query for "Website Title" and saving it in variable $query
$query = "SELECT * FROM settings WHERE NameOfSetting='Website Title'";
// Applying query
$result = mysqli_query($con, $query);
// Fetching data from database
$row = mysqli_fetch_array($result);
if (isset($_POST['submit'])) {
$title = $_POST['text'];
mysqli_query($con, "UPDATE settings SET TheSetting='".$title."' WHERE NameOfSetting='Website Title'");
}
?>
<h1><?php echo $row['TheSetting']; ?></h1>
<form method="POST">
<input type="text" placeholder="Change the title" name="text">
<input type="submit" name="submit">
</form>