Updating data dyanamically using php - php

The values are not updated in mysql database while using the following code.
I wanted to update database hell with the new values entered in textbox.
<?php
$con=mysql_connect("localhost","host","pass");
mysql_select_db("Host",$con);
if(isset($_POST['update'])){
$upd= "UPDATE hell SET name='".$_POST['name']."'
WHERE rno='".$_POST['rno']."'";
mysql_query($upd,$con);
}
$sql="SELECT * FROM hell";
$rec=mysql_query($sql,$con);
?>
<html>
<body>
<table width="600" border="1" cellspacing="1" cellpadding="1">
<tr>
<th>Name</th>
<th>Roll No.</th>
</tr>
<?php
while($arr=mysql_fetch_assoc($rec))
{
echo "<form action=untitled2.php method=post>";
echo "<tr>";
echo "<td>"."<input type=text name='name' value='".$arr['name']."'>"."
</td>";
echo "<td>".$arr['rno']."</td>";
echo "<input type=hidden name='rno' id='rno' value='".$arr['rno']."'>";
echo "<td>"."<input type=submit value='update'>"."</td>";
echo "</tr>";
echo "</form>";
}
?>
</table>
</body>
</html>


So many errors in your code :
1) Dont use mysql_*. It is deprecated and removed from PHP 7. Use mysqli_* or PDO.
2) Mysql connection should be used like this :
$con = mysql_connect("localhost","host","pass");
mysql_select_db("Host",$con);
3) Your update query is wrong and it's execution.
Try this :
$upd= "UPDATE hell SET name='".$_POST['name']."' WHERE rno='".$_POST['rno']."'";
mysql_query($upd,$con);
4) Select query execution should be like this :
$sql="SELECT * FROM hell";
$rec=mysql_query($sql,$con);
5) You can not use form inside table. It's invalid html format.
6) Read this : How can I prevent SQL injection in PHP?

Related

How to select from database according to current time

I am making a school portal system and right now I am making the page for students to view homework. I want their homework to be highlighted in red, or not shown at all if the current date is past the due date. How can I do this?
My code for the page
<?php
//including the database connection file
include_once("connection.php");
$id= $_GET['id'];
//fetching data in descending order (lastest entry first)
$result = mysqli_query($conn, "SELECT * FROM homework where class_id= '$id'");
?>
<html>
<head>
<title>View IS</title>
</head>
<body>
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>Task</td>
<td>Date Set </td>
<td>Date Due </td>
</tr>
<?php
//while($res = mysql_fetch_array($result))
while($res = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>".$res['description']."</td>";
echo "<td>".$res['dateset']."</td>";
echo "<td>".$res['datedue']."</td>";
}
?>
</table>
</body>
Database:

Instead of a query, use a prepared statement with bind_param which is much safer. Then just compare the dates to check if $res['datedue'] passed or not. This should be it:
<?php
include_once("connection.php"); //including the database connection file
date_default_timezone_set('America/Los_Angeles'); //set the default time zone to your time zone (this is just an example)
$result = $conn->prepare("SELECT * FROM homework WHERE class_id=?");
$result->bind_param("i", (int)$_GET['id']);
$result->execute();
$result2 = $result->get_result();
?>
<html>
<head>
<title>View IS</title>
</head>
<body>
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>Task</td>
<td>Date Set </td>
<td>Date Due </td>
</tr>
<?php
while($res = $result2->fetch_array(MYSQLI_ASSOC)) {
if (date("Y-m-d") > $res['datedue']) {
echo "<tr style=\"color: red;\">";
echo "<td>".$res['description']."</td>";
echo "<td>".$res['dateset']."</td>";
echo "<td>".$res['datedue']."</td>";
echo "</tr>";
} else {
echo "<tr>";
echo "<td>".$res['description']."</td>";
echo "<td>".$res['dateset']."</td>";
echo "<td>".$res['datedue']."</td>";
echo "</tr>";
}
}
?>
</table>
</body>
You could also use $time = new DateTime; and then $time->format("Y-m-d") instead of date("Y-m-d").
More about time zones.

You should use parameterized prepared statements instead of manually building your queries.
I have used the date function to compare the dates if the date is greater then I've put some style while in else there is no style. I have gave you the idea now you can modify accordingly.
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>Task</td>
<td>Date Set </td>
<td>Date Due </td>
</tr>
<?php
//while($res = mysql_fetch_array($result))
$current_date=date("Y-m-d");
while($res = mysqli_fetch_array($result)) {
if($current_date > $res['datedue'] ){
?>
<tr style='color:red;'>;
<?php
}else {
<tr>
}
echo "<td>".$res['description']."</td>";
echo "<td>".$res['dateset']."</td>";
echo "<td>".$res['datedue']."</td>";
</tr>
}
?>
</table>
Reference

Don`t use concated raw SQL.
Use variable binding to prevent SQL injections.
<?php
$stmt = $mysqli->prepare("SELECT * FROM homework where class_id= ?");
$stmt->bind_param('i', (int)$_GET['id']); // bind vairable and cast it to integer (it is a good practice when you get data from outside)
$stmt->execute();
$result = $stmt->get_result();
while($res = $result->fetch()){
// Your code here
var_dump($res);
}
I will suggest using PDO instead of mysqli. You can read more about SQL Injections here: How can I prevent SQL injection in PHP?
Don't use select * (wildcard)
SELECT description, dateset, datedue, datedue < NOW() AS is_expired FROM homework where class_id= ?
Check the value of is_expired to see which results you will mark in red
I haven't tried the code but I guess it will work as expected

how to delete single row using php

Dear please help me
i am getting some error in my code
this is my view.php page
<html>
<body>
<table style="border:#333 solid" border="2">
<tr>
<td>ID:</td>
<td>NAME:</td>
<td>EMAIL:</td>
<td>MOBILE:</td>
<td>EDIT:</td>
<td>DELETE:</td>
</tr>
<?php
include_once('connect.php');
$query="select * from emp";
$conn=mysqli_query($con,$query);
if(isset($conn))
{
echo"This is all data of table.";
}
else
{
die("query is not execute". mysqli_error());
}
while($row=mysqli_fetch_array($conn))
{
?>
<tr>
<td><?php echo $row['emp_id']; ?></td>
<td><?php echo $row['emp_name']; ?></td>
<td><?php echo $row['emp_address'] ?></td>
<td><?php echo $row['emp_salary'] ?></td>
<td><font color="#FF0000">EDIT</font></td>
<td><font color="#FF0000">DELETE</font></td>
</tr>
<?PHP
}
?>
</table>
</body>
</html>
and this is my delete.php file:
<?php
include_once('connect.php');
$id=$_GET['emp_id'];
$query="delete from emp where emp_id='$id'";
$del=mysqli_query($con,$query);
if($del)
{
echo"record has been deleted";
}
else
{
die("Record is not deleted it is query error.".mysqli_error());
}
?>
How can I access the ID of the view.php in the delete.php file and how to delete a single row in my db table.
I don't understand how to access the id of view.php.
In this program I don't delete the selected row. Please tell me how to delele data.
please anyone help me.

You are sending edit.php?id= so need to get id from query string using GET['id']
$id = $_GET['id'];

change the code in delete.php as follow
<?php
include_once('connect.php');
$id=$_GET['id'];
$query="delete from emp where emp_id='$id'";
$del=mysqli_query($con,$query);
if($del)
{
echo"record has been deleted";
}
else
{
die("Record is not deleted it is query error.".mysqli_error());
}
?>

Please also realize that using $_GET data within your queries is only asking for trouble, especially when it's not escaped properly. You're opening your self up to SQL injection attacks.
Make use of mysql_real_escape_string if you're going to be using mysql_* functions, just realize that it has been deprecated in PHP 5.5.
You also have the option of using MySQLi or PDO would be preferable since they both make use of prepared statements as mentioned in this previous question How can I prevent SQL-injection in PHP?

Trouble with UPDATE using php and mysql

I am having difficulty using the UPDATE command on a functioning database.
What I am attempting to do:
On an existing database I want to update a specific field (sdate) using a date picker and have the value be saved into the database.
What is happening:
I am able to access the database (the echo of one of the elements (row[0]) works) but I am not able to get the date picker's value to get saved into the database.
Can someone point me in the right direction please?
Here is the main html code:
<?php include '../include/header.php'; ?>
<?php include '../include/datepicker.php'; ?>
<?php include '../include/format.php'; ?>
<fieldset>
<legend>Presale Units in Stock</legend>
<table border=1>
<tr>
<th>Id</th>
<th>Ship Date</th>
<th>Button?</th>
</tr>
<tr>
<form>
<?php include '../include/junk.presale.mysql.php'; ?>
</table>
<button type="reset" value="Reset">Reset</button>
</form>
</tr>
</fieldset>
<br>
<?php include '../include/footer.php'; ?>
Here is junk.presale.mysql.php:
<?php
// Get database credentials
require 'config.php';
$dbtable = "assembly2";
$col1 = "id";
$col4 = "sdate";
$comm = "SELECT * FROM $dbtable";
/* Create a new mysqli object with database connection parameters */
$conn= new mysqli($dbhost,$dbuser,$dbpass,$dbname);
if(mysqli_connect_errno()) {
echo "Connection Failed: " . mysqli_connect_errno();
exit();
}
// Assembly array
if ($result = $conn->query($comm)) {
/* fetch object array */
while ($row = $result->fetch_row()) {
if(($row[5]=="presale")or($row[4]!=0)) {
echo "<tr>";
echo "<td>$row[0]</td>";
echo "<td><input type=\"text\" name=\"sdate\" class=\"datepicker\"></td>";
echo "<td><input name=\"update\" type=\"submit\" id=\"update\" value=\"Update\"></td>";
if(isset($_POST["update"])){
$entry4 = $_POST["sdate"];
$cmd = "UPDATE $dbtable SET $col4=$entry4 WHERE $col1=$row[0]";
// use prepared statements to increase security
if ($stmt = mysqli_prepare($conn,$cmd)){
mysqli_stmt_execute($stmt);
}
// Close statement and connection
mysqli_stmt_close($stmt);
}
echo "</tr>";
}
}
}
/* free result set */
$result->close();
// Close statement and connection
mysqli_close($conn);
?>
Any help is much appreciated!

As for as i understand your problem you want to update each row of a table by clicking update button.
for this you have to create multiple form not a single form. Your logic is not correct. use the below
code a hopes that will solve your problem.
<?php include '../include/header.php'; ?>
<?php include '../include/datepicker.php'; ?>
<?php include '../include/format.php'; ?>
<fieldset>
<legend>Presale Units in Stock</legend>
<table border="1">
<tr>
<th>Id</th>
<th>Ship Date</th>
<th>Button?</th>
</tr>
<?php include '../include/junk.presale.mysql.php'; ?>
</table>
<br>
<?php include '../include/footer.php'; ?>
Here is you another file.
// Assembly array
if ($result = $conn->query($comm)) {
/* fetch object array */
while ($row = $result->fetch_row()) {
if(($row[5]=="presale")or($row[4]!=0)) {
echo "<tr>";
echo "<form id=\"form-$row[0]\" name=\"form-name-$row[0]\" method=\"post\">";
echo "<td>$row[0]</td>";
echo "<td><input type=\"text\" name=\"sdate\" class=\"datepicker\"></td>";
echo "<td><input type=\"hidden\" name=\"rec_id\" value=\"$row[0]\"></td>";
echo "<td><input name=\"update\" type=\"submit\" id=\"update\"
value=\"Update\"> </td>";
echo "</form>";
echo "</tr>";
}
}
}
if(isset($_POST["update"])){
$entry4 = $_POST["sdate"];
$rec_id = $_POST["rec_id"];
$cmd = "UPDATE $dbtable SET $col4='$entry4' WHERE $col1=$rec_id";
// use prepared statements to increase security
if ($stmt = mysqli_prepare($conn,$cmd)){
mysqli_stmt_execute($stmt);
}
// Close statement and connection
mysqli_stmt_close($stmt);
}

Pass a dynamic variable through URL php

I'm not sure about the title, I tried my best.
I have a table displayed with information from a database using this file
display.php
<?php
mysql_connect("localhost", "root", "root") or die(mysql_error());
mysql_select_db("tournaments") or die(mysql_error());
$result = mysql_query("SELECT * FROM tournies")
or die(mysql_error());
echo '<table id="bets" class="tablesorter" cellspacing="0" summary="Datapass">
<thead>
<tr>
<th>Tournament <br> Name</th>
<th>Pot</th>
<th>Maximum <br> Players</th>
<th>Minimum <br> Players</th>
<th>Host</th>
<th></th>
<th></th>
</tr>
</thead>
<tbody>';
while($row = mysql_fetch_array( $result )) {
$i=0; if( $i % 2 == 0 ) {
$class = "";
} else {
$class = "";
}
echo "<tr" . $class . "><td>";
echo $row['tour_name'];
$tour_id = $row['tour_name'];
echo "</td><td>";
echo $row['pot']," Tokens";
echo "</td><td class=\"BR\">";
echo $row['max_players']," Players";
echo "</td><td class=\"BR\">";
echo $row['min_players']," Players";
echo "</td><td class=\"BR\">";
echo $row['host'];
echo "</td><td>";
echo "<input id=\"delete_button\" type=\"button\" value=\"Delete Row\" onClick=\"SomeDeleteRowFunction(this)\">";
echo "</td><td>";
echo "<form action=\"join.php?name=$name\" method=\"POST\" >";
echo "<input id=\"join_button\" type=\"submit\" value=\"Join\">";
echo "</td></tr>";
}
echo "</tbody></table>";
?>
Basically I want the user to press a button from a row of the table and they go to a new page called join.php. I need the persons username and the name of the tournament from the row the clicked.
For example here's my page:
When they click the join button at the end of row one it should send them to
'join.php?name=thierusernamehere&tourname=dfgdds'
Any help much appreciated. Thanks.

echo '<td>Join</td>'

There are many way to approach.
The easiest way is just echo 'JOIN';
or you can use a form with hidden input and submit button.
BUT
Your code is really a mess, try to make your code more maintainable and readable. And do NOT use any mysql_* functions, they are deprecated.
Read more about PDO:
http://php.net/manual/en/book.pdo.php
http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/

checkbox in a table in php

I have table which will be populated (from reading from mysql table). I should provide the user an option to select a row and delete it from the database. Till now I have populated the table (by reading from the mysql). But I dont know how to add a checkbox to each row. This is what I have till now.
<html>
<body>
<?php
$username="root";
$password="root";
$database="test";
mysql_connect(localhost,$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM table1";
$result=mysql_query($query);
$num=mysql_numrows($result);
mysql_close();
?>
<?php
$i=0;
echo "<table width='600' cellpadding='5' cellspacing='5' border='1'>";
while ($i < $num) {
$f1=mysql_result($result,$i,"sno");
$f2=mysql_result($result,$i,"lastname");
$f3=mysql_result($result,$i,"firstname");
?>
<font face="Arial, Helvetica, sans-serif"><?php echo "<tr><td> $f1 </td><td>$f2 </td>
<td> $f3 </td></tr>"; ?></font>
<?php
$i++;
}
echo "</table>";
?>
</body>
</html>
Can anyone please help me how to add a checkbox to each row.
Thanks

Just add the HTML code for rendering a checkbox in your php code e.g
<?php echo "<tr><td> $f1 </td><td>$f2 </td>
<td> $f3 </td><td></td><td><input type=\"checkbox\" name=\"checkbox\" value=\"\" id=\"checkbox\"></td></tr>"; ?>
Note the backslashes before the double quotes.

Sadly, i still cannot comment on answers. But i want to improve Max answered code.
I would use this instead :
<?php echo "<tr><td> $f1 </td><td>$f2 </td>
<td> $f3 </td><td></td><td><input type=\"checkbox\" name=\"checkbox[$f1]\" value=\"\" id=\"checkbox\"></td></tr>"; ?>
please note that i add '$f1' variable after 'checkbox' on name variable, so you can post checked row all at once. You can change '$f1' variable into some unique value that suit your needs. I think you'll need it since you want to add checkbox on your data rows. ;)

Categories