I have made a script which saves a few lines of PHP to a .php file. All my scripts work perfectly fine, but just this page is starting to get annoying.
Explaination of what is happening in the GIF:
1: I change the settings - the last 2 settings need to appear when you enable the 2nd setting called "Custom style". That works fine and all.
2: So you enable it and for some reason it completely wipes the other 2 settings (the "primarycolor" and "adminbg").
How can this happen? What am I doing wrong? My script is below if you want to try it out yourself.
<?php
if (isset($_POST["submit"])) {
$string = '<?php
$customoptions = '. $_POST["customoptions"] .';
$primarycolor = "'. $_POST["primarycolor"] .'";
$adminbg = "'. $_POST["adminbg"] .'";
?>';
$fp = fopen("includes/userstyle.php", "w");
fwrite($fp, $string);
fclose($fp);
}
include("includes/userstyle.php");
?>
<form action="" name="customopt" method="post">
<table>
<tr>
<td>Panel language</td>
<td>
<select onchange="this.options[this.selectedIndex].value && (window.location = this.options[this.selectedIndex].value);">
<option><?php echo $lang['chooselanguage']; ?></option>
<option value="dashboard.php?lang=en">English</option>
<option value="dashboard.php?lang=nl">Dutch</option>
</select>
</td>
</tr>
<tr>
<td>Custom Style</td>
<td><select name="customoptions" id="customoptions"><option value="true" <?php if($customoptions == true){ echo 'selected'; }; ?>><?php echo $lang['enabled']; ?></option><option value="false" <?php if($customoptions == false){ echo 'selected'; }; ?>><?php echo $lang['disabled']; ?></option></select></td>
</tr>
<?php if($customoptions) { ?>
<tr>
<td>Primary Color</td>
<td><input name="primarycolor" type="text" id="primarycolor" value="<?php echo $primarycolor; ?>"></td>
</tr>
<tr>
<td>Background Color</td>
<td><input name="adminbg" type="text" id="adminbg" value="<?php echo $adminbg; ?>"></td>
</tr>
<?php } ?>
</table>
<input type="submit" name="submit" value="<?php echo $lang['ok']; ?>">
</form>
EDIT: userstyle.php
<?php
$customoptions = true;
$primarycolor = "555";
$adminbg = "fff";
?>
When you post your form for the second time, you post empty values, and they are saved to file, as expected.
You should add something like
if (isset($_POST["submit"]) && !empty($_POST['primarycolor']) && !empty($_POST['adminbg'])) {
// ...
But actually there can be another validation rules.
And as others noticed in comments — this is, even in educational purposes, very stupid idea to save user data into php file and then execute that file. The simplest alternative — save settings to a json file with json_encode, then decode, and don't forget to html-escape them with at least htmlspecialchars.
Related
I'm pretty new to coding with php and SQL, so I'm probably going to have a lot of questions. But as the title states, I'm getting this error...
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
I'm not sure what this is referring to. I've gone over the code as much as I can, but I can't find a syntax error. Maybe it's something I just don't know yet.
<?php
// including the database connection file
include_once("config.php");
if(isset($_POST['update']) && isset($_GET['site']))
{
$sitenumber = $_POST['sitenumber'];
$videolink = $_POST['videolink'];
$daynight = $_POST['daynight'];
$maxtents = $_POST['maxtents'];
$maxpersons = $_POST['maxpersons'];
$geography = $_POST['geography'];
$view = $_POST['view'];
$forestcover = $_POST['forestcover'];
$waterfront = $_POST['waterfront'];
$firepit = $_POST['firepit'];
$description = $_POST['description'];
$reslink = $_POST['reslink'];
// checking empty fields
if(empty($sitenumber) || empty($videolink) || empty($daynight) ||
empty($maxtents) || empty($maxpersons) || empty($geography) ||
empty($view) || empty($forestcover) || empty($waterfront) ||
empty($firepit) || empty($description) || empty($reslink)) {
if(empty($sitenumber)) {
echo "<font color='red'>Site Number field is empty.</font><br/>";
}
if(empty($videolink)) {
echo "<font color='red'>YouTube Link field is empty.</font><br/>";
}
if(empty($daynight)) {
echo "<font color='red'>Day or overnight field is empty.</font>
<br/>";
}
if(empty($maxtents)) {
echo "<font color='red'>Maximum Tents field is empty.</font><br/>";
}
if(empty($maxpersons)) {
echo "<font color='red'>Maximum Persons field is empty.</font>
<br/>";
}
if(empty($geography)) {
echo "<font color='red'>Geography field is empty.</font><br/>";
}
if(empty($view)) {
echo "<font color='red'>View field is empty.</font><br/>";
}
if(empty($forestcover)) {
echo "<font color='red'>Forest Cover field is empty.</font><br/>";
}
if(empty($waterfront)) {
echo "<font color='red'>Waterfront Access field is empty.</font>
<br/>";
}
if(empty($firepit)) {
echo "<font color='red'>Firepit field is empty.</font><br/>";
}
if(empty($description)) {
echo "<font color='red'>Description field is empty.</font><br/>";
}
if(empty($reslink)) {
echo "<font color='red'>Reservation Link Access field is empty.
</font><br/>";
}
} else {
//updating the table
$result = mysqli_query($mysqli, "UPDATE sites SET
sitenumber='$sitenumber',videolink='$videolink',daynight='$daynight',
maxtents='$maxtents',maxpersons='$maxpersons',geography='$geography',
view='$view',forestcover='$forestcover',waterfront='$waterfront',
firepit='$firepit',description='$description',reslink='$reslink' WHERE
sitenumber=$sitenumber");
//redirectig to the display page. In our case, it is index.php
//header("Location: index.php");
}
}
echo mysqli_error($mysqli);
?>
<?php
//getting id from url
$sitenumber = $_GET['site'];
//selecting data associated with this particular id
$result = mysqli_query($mysqli, "SELECT * FROM sites WHERE
sitenumber=$sitenumber");
while($res = mysqli_fetch_array($result))
{
$sitenumber = $res['sitenumber'];
$videolink = $res['videolink'];
$daynight = $res['daynight'];
$maxtents = $res['maxtents'];
$maxpersons = $res['maxpersons'];
$geography = $res['geography'];
$view = $res['view'];
$forestcover = $res['forestcover'];
$waterfront = $res['waterfront'];
$firepit = $res['firepit'];
$description = $res['description'];
$reslink = $res['reslink'];
}
echo mysqli_error($mysqli);
?>
<html>
<head>
<title>Edit Data</title>
</head>
<body>
Home
<br/><br/>
<form name="form1" method="post" action="edit.php">
<table border="0">
<tr>
<td>Site Number</td>
<td><input type="number" name="sitenumber" value="<?php echo
$sitenumber;?>"></td>
</tr>
<tr>
<td>YouTube Link</td>
<td><input type="url" name="videolink" value="<?php echo
$videolink;?>"></td>
</tr>
<tr>
<td>Day or Overnight</td>
<td><select name="daynight" value="<?php echo $daynight;?>">
<option value="Day">Day</option>
<option value="Overnight">Overnight</option></td>
</tr>
<tr>
<td>Maximum Tents</td>
<td><input type="number" name="maxtents" value="<?php echo
$maxtents;?>"></td>
</tr>
<tr>
<td>Maximum Persons</td>
<td><input type="number" name="maxpersons" value="<?php echo
$maxpersons;?>"></td>
</tr>
<tr>
<td>Geography</td>
<td><input type="text" name="geography" value="<?php echo
$geography;?>"></td>
</tr>
<tr>
<td>View</td>
<td><input type="text" name="view" value="<?php echo $view;?>">
</td>
</tr>
<tr>
<td>Forest Cover</td>
<td><input type="text" name="forestcover" value="<?php echo
$forestcover;?>"></td>
</tr
<tr>
<td>Waterfront Access</td>
<td><select name="waterfront" value="<?php echo $waterfront;?>">
<option value="Yes">Yes</option>
<option value="No">No</option></td>
</tr>
<tr>
<td>Firepit Availability</td>
<td><select name="firepit" value="<?php echo $firepit;?>">
<option value="Yes">Yes</option>
<option value="No">No</option></td>
</tr>
<tr>
<td>Site Description</td>
<td><input type="text" name="description" value="<?php echo
$description;?>"></td>
</tr>
<tr>
<td>Reservation Link</td>
<td><input type="url" name="reslink" value="<?php echo $reslink;?
>"></td>
</tr>
<td><input type="hidden" name="site" value="<?php echo
$_GET['site'];?>"></td>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table>
</form>
</body>
</html>
Sorry for the long code here, but I felt it was a little necessary to see the full context here.
There is also a break somewhere with the variables. The sitenumber variable isn't updating, and every variable after that is getting this error...
Notice: Undefined variable: videolink in C:\wamp\www\code\edit.php on line 124
So, this is kind of a two pronged problem. Help would be greatly appreciated.
Correct this :
$result = mysqli_query($mysqli, "SELECT * FROM sites WHERE sitenumber='".$sitenumber."' ");
And this :
$result = mysqli_query($mysqli, "UPDATE sites SET
sitenumber='$sitenumber',videolink='$videolink',daynight='$daynight',
maxtents='$maxtents',maxpersons='$maxpersons',geography='$geography',
view='$view',forestcover='$forestcover',waterfront='$waterfront',
firepit='$firepit',description='$description',reslink='$reslink' WHERE
sitenumber='$sitenumber'");
Your SQL query seems good, but the problem can come from the values of your variables.
Since your query is not escaped properly (and it should be for better security), I would advise you to debug your query before executing.
This way you will be able to understand what is going to be executed in your database.
If you don't use xdebug, you can just put your query into a variable and then dump it using var_dump.
Then, open phpmyadmin (I assume you have an access to it, at least), and paste the value of your variable (which is your query) into the SQL editor. Then execute it and you should have a message explaining where the error is.
It will help you understand why it is important to use prepared statement by seeing which variable has a wrong value (meaning it includes a ' or a ", for instance).
I hope it will help
This question already has an answer here:
Post form and update multiple rows with mysql
(1 answer)
Closed 3 days ago.
Given this form, shown as a table:
<form action="multi.php" name="multi[]" method="POST" class="forms">
<table class="table-hovered">
<tr>
<th class="text-left highlight">attività svolta</th>
<th class="text-left highlight">categoria</th>
</tr>
<?php
foreach ($_POST['item'] as $k => $v)
{
$q_item = "SELECT * FROM eventi WHERE id = '".$v."'";
$qu_item = mysql_query($q_item);
while($res = mysql_fetch_array($qu_item))
{
?>
<tr>
<td><?php echo $res['descrizione'];?></td>
<td>
<select name="categoria">
<option value="<?php echo $res['categoria'];?>" selected><?php echo $res['categoria'];?>
<option value="80"> 80
<option value="40"> 40
<option value="70"> 70
</select>
</td>
<input type="hidden" name="idd" value="<?php echo $res['id'];?>">
</tr>
<?php
}
}
?>
</table>
<input type="submit" name="submit" value="modify" />
</form>
I am trying to edit multiple entries, using the code below:
<?php
$utente = $_SESSION["username"];
$id = $_POST["idd"];
$categoria = $_POST["categoria"];
if (!$id or !$categoria){
echo "Error";
}
else
if ($categoria!=='80' && $categoria!=='40' && $categoria!=='70'){
echo "Error";
}
else{
$sql="UPDATE eventi SET categoria='$categoria' WHERE id='$id'";
$update=mysql_query($sql);
echo "Entry modified correctly";
}
?>
As you see, this code changes just one item. I have tried making it recursive. Maybe using a "foreach" is the way to go.
Any hints are appreciated. And sorry for using an old version of PHP (I haven't switched to version 7 yet).
As you have same names for both input and select the last value of each of them overwrites previous values. For passing multiple values in inputs with same names - use [] notation:
<select name="categoria[]">
<option value="<?php echo $res['categoria'];?>" selected><?php echo $res['categoria'];?>
<option value="80"> 80
<option value="40"> 40
<option value="70"> 70
</select>
<input type="hidden" name="idd[]" value="<?php echo $res['id'];?>">
After that - check your $_POST values with print_r - you will see that
$_POST[categoria] and $_POST[idd] are arrays and you can iterate over them with for or foreach.
Btw, inserting an <input> right after </td> produces invalid html.
There's no need to create any hidden input element in the first place, you just have to change the name attribute of <select> element in the following way,
name="categoria[<?php echo $res['id'] ?>]"
So your code should be like this,
<form action="multi.php" name="multi[]" method="POST" class="forms">
<table class="table-hovered">
<tr>
<th class="text-left highlight">attività svolta</th>
<th class="text-left highlight">categoria</th>
</tr>
<?php
foreach ($_POST['item'] as $k => $v){
$q_item = "SELECT * FROM eventi WHERE id = '".$v."'";
$qu_item = mysql_query($q_item);
while($res = mysql_fetch_array($qu_item)){
?>
<tr>
<td><?php echo $res['descrizione'];?></td>
<td>
<select name="categoria[<?php echo $res['id'] ?>]">
<option value="<?php echo $res['categoria'];?>" selected><?php echo $res['categoria'];?>
<option value="80"> 80
<option value="40"> 40
<option value="70"> 70
</select>
</td>
</tr>
<?php
}
}
?>
</table>
<input type="submit" name="submit" value="modify" />
</form>
And this is how you can process your form to perform UPDATE operation,
foreach($_POST['categoria'] as $id => $categoria){
$sql="UPDATE eventi SET categoria='". $categoria . "' WHERE id='" . $id . "'";
// execute your query
}
Note: If you want to see the complete array structure, do var_dump($_POST);
Im trying to display my database value into the textbox using drop down menu. which is i did and it is displaying. the problem here is that when i choose an item in the drop down list, it goes back to the first choice or last choice, the explanation i got was, my loop is selecting all of the items in the field causing the drop down menu to go back to the first choice when i click on other items. can you help me with the code on how to stop going back to the first choice when i select other options. Here is my whole code. i also use functions.
home.php
<?php
session_start();
include('dbconnect.php');
include('functions.php');
if(isset($_POST['brandname'])){
$id = $_POST['brandname'];
$result = mysql_query("SELECT * FROM tblstore WHERE brandname = '$id'");
while($row = mysql_fetch_array($result)){
$price = $row['price'];
$stocks = $row['stocks'];
}
}
?>
<html>
<body>
<form method="POST" name="">
<table align="center">
<tr>
<td>Choose here:</td>
<td>
<select name = "brandname" onchange = "this.form.submit()">
<?php dropdown() ?>
</select>
</td>
</tr>
<tr>
<td>Quantity:</td>
<td><input type="text" name="qty" id="qty" value="" /></td>
</tr>
<tr>
<td>Price:</td>
<td><input type="text" name="price" id="price" value="<?php echo $price ?>" disabled/></td>
</tr>
<tr>
<td>Stocks:</td>
<td><input type="text" name="stocks" id="stocks" value="<?php echo $stocks ?>" disabled/></td>
</tr>
<tr>
<td>Total:</td>
<td><input type="text" name="total" id="total" disabled/></td>
</tr>
<tr>
<td></td>
</tr>
</table>
</form>
<div align = "center">
hi' <?php echo $userRow['username']; ?> Sign Out
</div>
</body>
</html>
functions.php
<?php
function dropdown(){
$all = mysql_query("SELECT * FROM tblstore");
while($row = mysql_fetch_array($all)){
echo "<option value = '".$row['brandname']."' selected='selected'>" .$row['brandname'] . "</option>";
}
}
feel free to edit the whole code.. im a beginner in php and learning my way to it. thanks
Can add the multiple option if you need to select multiple
<select name="brandname" multiple>
<option value="Select">Select</option>
<?php
do {
?>
<option value="<?php echo $row['brandname']?>"> <?php echo $row['brandname'] ?></option>
<?php
} while ($row = mysql_fetch_assoc($all));
?>
</select>
I am creating a page that would allow the user to select an existing address, or input a new one, here are my codes.
<table cellpadding="10px">
<tr>
<td><input type="radio" id="huhu" name="huhu" value="<?php echo $_SESSION['home_address']; ?>"></td><td><?php echo $_SESSION['home_address']; ?></td>
</tr>
<tr>
<td><input type="radio" id="huhu" name="huhu" value="New"></td><td><input type="text" placeholder="New Address" id="newAdd" name="newAdd" disabled></td>
</tr>
</table>
and here are my codes at the next page.
<?php
if(isset($_POST['newAdd'])){
$_SESSION['home_address'] = $_POST['newAdd'];
echo $_POST['newAdd']."<br>";
}
else{
$_SESSION['home_address'];
}
echo $_SESSION['home_address'];
?>
When i click on the existing address, it just deletes it. and does not store anything. but when i input a new on in the text area. it works.
I need to make it so that when the user clicks the address, the same address from the existing session displays.
please help. thank you.
I think you have missed session_start() method in your PHP file. Try to add the following code at the beginning of PHP file
if (!isset($_SESSION))session_start();
if your session info is correctly set.. this should work out.
<?php
session_start();
// for my testing....
$_SESSION['home_address'] = 'curr_session_address';
var_dump($_POST);
var_dump($_SESSION);
$s_addr = isset($_SESSION['home_address']) ? $_SESSION['home_address'] : '';
$p_addr = isset($_POST['newAdd']) ? $_POST['newAdd'] : '';
if ( !empty($p_addr) ) {
$_SESSION['home_address'] = $p_addr;
echo "new_address = $p_addr<br>";
}
else {
echo "session_address = $s_addr<br>";
}
?>
<form method='post' action='?'>
<table cellpadding="10px">
<tr>
<td><input type="radio" id="huhu" name="huhu" value="<?php echo $_SESSION['home_address']; ?>"></td>
<td><?php echo $_SESSION['home_address']; ?></td>
</tr>
<tr>
<td><input type="radio" id="huhu" name="huhu" value="New"></td>
<td><input type="text" placeholder="New Address" id="newAdd" name="newAdd"></td>
</tr>
</table>
<input type='submit' value='submit'>
</form>
Try this one.
if(empty($_POST['newAdd'])){
$_SESSION['home_address'] = $_POST['huhu'];
}
else if(!empty($_POST['newAdd'])){
$_SESSION['home_address'] = $_POST['newAdd'];
}
and i suggest that you dont use $_SESSION in your radio button page. it leads to complications and it will always be over written.
Good day every one, i am trying to check if a radio button were clicked, and iwant the value of that clicked radio button to pass on a variable, i will used that variable to compare records in database with the same values from it. and display all records on list box??
but when i try to run this code nothings happen
<td><input type="radio" name="1stChoice" value="TESDA" ></td><br>
<td align = "center">
<select name="course1">
<?php
include('dbconnection.php');
if(isset($_POST['1stChoice'])) {
if($_POST['1stChoice'] == 'TESDA') {
$choose='TESDA';
} elseif($_POST['1stChoice'] == 'CHED') {
$choose='CHED';
}
}
$mysql_select=mysql_query("select * from courses where Institution = '$choose' ",$mysql);
while($row=mysql_fetch_array($mysql_select))
{
?>
<option><?php $row['Program']; ?></option></td>
</select>
<?php } ?>
</tr>
<td width="20%">2nd choice:</td>
<td><input type="radio" name="2ndChoice" value="CHED" ></td>
<td><input type="radio" name="2ndChoice" value="TESDA" ></td><br>
<td align = "center">
<select name="course2">
<?php
include('dbconnection.php');
if(isset($_POST['2ndChoice'])) {
if($_POST['2ndChoice'] == 'TESDA') {
$choose='TESDA';
} elseif($_POST['2ndChoice'] == 'CHED') {
$choose='CHED';
}
}
$mysql_select=mysql_query("select * from courses where Institution = '$choose' ",$mysql);
while($row=mysql_fetch_array($mysql_select))
{
?>
<option><?php $row['Program']; ?></option></td>
</select>
<?php } ?>
I tested your code and as far as I can see, you're not echoing your <?php $row['Program']; ?> which should read as <?php echo $row['Program']; ?>
This is for both your <option> tags.
I also didn't notice any form tags <form></form>, so you will need to add those if you're not presently using them.
Using a submit button could be useful also. Although I'm not sure if you're using JS/jQuery with your code.
<input type="submit" name="submit" value="Submit">
Here is what I used to test it with, along with a few additions/modifications:
(I added form tags, a submit button and the echo for the <select> tags)
<form action="" method="post">
<td><input type="radio" name="1stChoice" value="TESDA" ></td><br>
<input type="submit" name="submit" value="Submit">
<td align = "center">
<select name="course1">
<?php
include('dbconnection.php');
if(isset($_POST['1stChoice'])) {
if($_POST['1stChoice'] == 'TESDA') {
$choose='TESDA';
} elseif($_POST['1stChoice'] == 'CHED') {
$choose='CHED';
}
}
$mysql_select=mysql_query("select * from courses where Institution = '$choose' ",$mysql);
while($row=mysql_fetch_array($mysql_select))
{
?>
<option><?php echo $row['Program']; ?></option></td>
</select>
<?php } ?>
</tr>
<td width="20%">2nd choice:</td>
<td><input type="radio" name="2ndChoice" value="CHED" ></td>
<td><input type="radio" name="2ndChoice" value="TESDA" ></td><br>
<td align = "center">
<select name="course2">
<?php
include('dbconnection.php');
if(isset($_POST['2ndChoice'])) {
if($_POST['2ndChoice'] == 'TESDA') {
$choose='TESDA';
} elseif($_POST['2ndChoice'] == 'CHED') {
$choose='CHED';
}
}
$mysql_select=mysql_query("select * from courses where Institution = '$choose' ",$mysql);
while($row=mysql_fetch_array($mysql_select))
{
?>
<option><?php echo $row['Program']; ?></option></td>
</select>
</form>
<?php } ?>
This is not a php work. IF your html is good, your browser will check the checked radio button. See! In your code, name must start with a letter or a _(underscore).
So, replace all name='2ndChoice' with
<td><input type="radio" name="ck_2ndChoice" value="CHED" ></td>
<td><input type="radio" name="ck_2ndChoice" value="TESDA" ></td><br>
and all name='1stChoice' with name='ck_1stChoice'