I need a PHP+HTML page which would ask for two values from user i.e. password & id_category.
So far I have coded the PHP as:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "db1";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "select user_id,mobile from test_user_table where id_category like '912' or id_category like '912%' or id_category like '%912%' or id_category like '%912'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["user_id"]. " - Mobile: " . $row["mobile"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
I need a HTML page which would ask for those two variables and pass on to this code i.e. value of password to $password & id_category to the select statement (instead of 912)
Pls help
You html will be something look like below
<!DOCTYPE html>
<html>
<title>Login Form</title>
<body>
<form action="form_submit" method="post">
<table>
<tr>
<td>Username</td>
<td>:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input type="password" name="username" /></td>
</tr>
<tr>
<td>Category</td>
<td>:</td>
<td><select name="category">
<option value="192">Category 1</option>
<option value="193">Category 2</option>
<option value="194">Category 3</option>
<option value="195">Category 4</option>
</select></td>
</tr>
</table>
</form>
</body>
</html>
Since I user method as POST you should get the value on form_submit.php as
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$category = $_POST['category'];
?>
This should be help:
HTML:
<form name="login" method="post">
Username<input type="text" name="username"/>
Password<input type="password" name="password"/>
Category<input type="text" name="category"/>
<input type="submit" name="submit"/>
</form>
PHP:
<?
if (isset ($_POST["submit"]){
$username = mysqli_real_escape_string( $_POST["username"]);
$password = mysqli_real_escape_string( $_POST["password"]);
$category = mysqli_real_escape_string( $_POST["category"]);
// YOUR QUERY
$sql = "
SELECT columns FROM table WHERE
username = '$username' AND
password = '$password' AND (
categoryid LIKE '$category' OR
categoryid LIKE '%$category' ....
)
";
}//if end
?>
Related
I have been trying to create a CRUD for a project and everything works great, except the update part. When I click the href of the edit of the specified row it does appear on the input fields. However when I click the editbtn the variables of the specific row are not updated and i am redirected where I was and the url gives me ?user=edited meaning that it went through the decision but for some reason they werent updated.
In my database there is one table(users) with the following rows user_id, user_uid, user_email, user_pwd, user_status and user_level. I am fairly new to php so i was hoping that you could pinpoint my mistake/s.
The connection to the database
dbh.inc.php
<?php
$dbServername = "localhost";
$dbUsername = "username";
$dbPassword = "*******";
$dbName = "username_Project";
$conn = mysqli_connect($dbServername, $dbUsername, $dbPassword, $dbName );
?>
The index
admin_panel_users.php
<?php
session_start();
include 'includes/dbh.inc.php';
if (isset($_GET['edit'])) {
$id = $_GET['edit'];
$update = true;
$record= mysqli_query($conn, "SELECT * FROM users WHERE user_id=$id");
if ($record == 1 ) {
$n = mysqli_fetch_array($record);
$uid = $n['user_uid'];
$email = $n['user_email'];
$pwd = $n['user_pwd'];
$status = $n['user_status'];
$level = $n['user_level'];
}
}
?>
<!DOCTYPE html>
<html lang="en">
<head>
.....
</head>
<body>
<?php
$result = mysqli_query($conn,"SELECT * FROM users");?>
<table border='2'>
<tr>
<th>Username</th>
<th>Email</th>
<th>Password</th>
<th>Status</th>
<th>Level</th>
<th>Actions</th>
</tr>
<?php while($row = mysqli_fetch_array($result)){?>
<tr>
<td><?php echo $row['user_uid'];?> </td>
<td><?php echo $row['user_email'];?></td>
<td><?php echo $row['user_pwd'];?></td>
<td><?php echo $row['user_status'];?></td>
<td><?php echo $row['user_level'];?></td>
<td>
<a href="admin_panel_users.php?edit=<?php echo $row['user_id']; >"
class="edit_btn">
<span class="glyphicon glyphicon-pencil"></span></a>
<a href="includes/deleteusers.inc.php?user_id=<?php echo $row['user_id'];>">
<span class="glyphicon glyphicon-trash"></span></a></td>
</tr>
<?php } ?>
<tr>
<form class="something" action="includes/addusers.inc.php" method="POST">
<td><input type="text" name="uid" class="uid" placeholder="Username"
value="<?php echo $uid; ?>"></td>
<td><input type="text" name="email" class="email" placeholder="Email"
value="<?php echo $email; ?>"></td>
<td><input type="text" name="pwd" class="pwd" placeholder="Password"
value="<?php echo $pwd; ?>"></td>
<td><input type="text" name="status" class="status" placeholder="Status"
value="<?php echo $status; ?>"></td>
<td><input type="text" name="level" class="level" placeholder="Level"
value="<?php echo $level; ?>"></td>
<td>
<?php if ($update == true): ?>
<button type="submit" name="update" class="updatebtn">
<span class="glyphicon-pencil"></span> </button>
<?php else: ?>
<button type="submit" name="submit8" class="addbtnuser">
<span class ="glyphicon-plus"></span> </button>
<?php endif ?>
</td>
</form>
</tr>";
</table>";
<?php mysqli_close($conn); ?>
</body>
</html>
The functions
addusers.inc.php
<?php
include 'dbh.inc.php';
$uid = "";
$email = "";
$pwd = "";
$status = "";
$level = "";
$id = 0;
$update = false;
if (isset($_POST['submit8'])){
//INSERTS INTO
......
}
if (isset($_POST['update'])) {
$uid = mysqli_real_escape_string( $conn , $_POST['uid']);
$email = mysqli_real_escape_string( $conn , $_POST['email']);
$pwd = mysqli_real_escape_string( $conn , $_POST['pwd']);
$status = mysqli_real_escape_string( $conn , $_POST['status']);
$level = mysqli_real_escape_string( $conn , $_POST['level']);
$sql = "UPDATE users SET user_uid='$uid', user_email='$email',
user_pwd='$pwd', user_status='$status', user_level='$level' WHERE
user_id=$id";
mysqli_query($conn, $sql);
header ("Location: ../admin_panel_users.php?user=edited");
exit();
}
else{
header("Location: ../admin_panel_users.php");
exit();
}
From your addusers.inc.php, on the line that says:
$sql = "UPDATE users SET user_uid='$uid', user_email='$email',
user_pwd='$pwd', user_status='$status', user_level='$level' WHERE
user_id=$id";
It appears you didnt get the $id variable so as to update that particular row in your table. You defaulted it to 0 on line 8 of addusers.inc.php. So, it wont update any row at all because table rows start from 1 and increments.
On line 8, change it to
$id = $_GET['edit'] since you already passed it as a GET parameter here:
<a href="admin_panel_users.php?edit=<?php echo $row['user_id']; >"
class="edit_btn">
Your SQL text includes this:
WHERE user_id = $id
And $id is set to 0, so that's equivalent to
WHERE user_id = 0
my problem it's I'm trying to develop a back-end where I need to update but my problem is, when I update one field my script update all fields and all data of my mysqli database.
My code for now is:
<html>
<body>
<?php
ini_set('display_errors', 1);
error_reporting(~0);
$serverName = "localhost";
$userName = "root";
$userPassword = "";
$dbName = "hotel_vaniet";
$strCustomerID = null;
if(isset($_GET["cod"]))
{
$cod = $_GET["cod"];
}
$serverName = "localhost";
$userName = "root";
$userPassword = "";
$dbName = "hotel_vaniet";
$conn = mysqli_connect($serverName,$userName,$userPassword,$dbName);
$sql = "SELECT * FROM quartos WHERE cod=$cod";
$query = mysqli_query($conn,$sql);
$result=mysqli_fetch_array($query,MYSQLI_ASSOC);
?>
<div id="main">
<form action="editar_quartos_final.php" name="frmAdd" method="post">
<br><h1>Página de Edição</h1>
<br><hr/>
<div id="login2">
<table width="284" border="1">
<tr>
<th width="120">Tipo</th>
<td width="238"><input type="text" name="tipo" size="50" value="<?php echo $result["tipo"];?>"></td>
</tr>
<tr>
<th width="120">Capacidade</th>
<td><input type="text" name="capacidade" size="50" value="<?php echo $result["capacidade"];?>"></td>
</tr>
<tr>
<th width="120">Preço p/ Noite</th>
<td><input type="text" name="preco" size="50" value="<?php echo $result["preco"];?>"></td>
</tr>
<tr>
<th width="120">Reservado</th>
<td><input type="text" name="reservado" size="50" value="<?php echo $result["reservado"];?>"></td>
</tr>
</table>
<br><input id="submitbuttoneditar" type="submit" value=" Editar " name="submit"/><br />
</div>
</form>
<?php
mysqli_close($conn);
?>
</body>
</html>
This the first page ,this page send me to another where makes all changes. The second page :
<html>
<head>
<title>Página de Edição do Cliente</title>
</head>
<body>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "hotel_vaniet";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE quartos SET
tipo = '".$_POST["tipo"]."' ,
capacidade = '".$_POST["capacidade"]."' ,
preco = '".$_POST["preco"]."' ,
reservado = '".$_POST["reservado"]."'
WHERE cod=cod";
if ($conn->query($sql) === TRUE) {
echo "Dados actualizados com sucesso!";
header("Location: quartos.php");
} else {
echo "Erro na edição dos dados! " . $conn->error;
header("Location: quartos.php");
}
$conn->close();
?>
</body>
</html>
On your first page you have $cod variable which equals $_GET["cod"].
On your second page $cod variable is not defined. So your try to update
WHERE cod=cod
means - update where value of field cod is the same as value of field cod. And as it is true for all records - all your records are updated.
So, the solution is to pass your $cod value to your second script.
For example, you can do it with a hidden field from your first form:
<form action="editar_quartos_final.php" name="frmAdd" method="post">
<br><h1>Página de Edição</h1>
<br><hr/>
<input type="hidden" name="cod" value="<?php echo $cod?>" />
<div id="login2">
<table width="284" border="1">
<tr>
<th width="120">Tipo</th>
<td width="238"><input type="text" name="tipo" size="50" value="<?php echo $result["tipo"];?>"></td>
</tr>
<tr>
See this field with hidden type?
And in your second script use $_POST['cod']:
$sql = "UPDATE quartos SET
tipo = '".$_POST["tipo"]."' ,
capacidade = '".$_POST["capacidade"]."' ,
preco = '".$_POST["preco"]."' ,
reservado = '".$_POST["reservado"]."'
WHERE cod=" . $POST['cod'];
And of course, your code is vulnerable to sql injections.
So you should start using prepared statements asap.
I am trying to fetch some data from databse and display it into dropdownlist and get the selected data using php.
Code
<?php
if(isset($_POST['action']) && $_POST['action'] == 'Save'){
savecategory();
}
function savecategory() {
$category=$_POST["category"];
$servername = "localhost";
$username = "root";
$password = "******";
$dbname = "db";
$conn = new mysqli($servername, $username, $password, $dbname);
if (!conn) {
die("Connection Failed: " . mysqli_connect_error());
}
echo"Connected Successfully";
$sql = "INSERT INTO category_tbl(cat_name) VALUES ('$category')";
if(mysqli_query($conn,$sql))
{
echo"Successfully Saved";
}
else{
echo"save failed..!!";
}
}
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>gallery category</title>
</head>
<body>
<form action="<?php $_SERVER["PHP_SELF"]?>" method="post">
<!--division for category insertion-->
<div class="categoryEntry">
<table align="center">
<th colspan="2">Gallery Category</th>
<tr>
<td>Category</td>
<td> <input type="text" name="category"> </td>
</tr>
<tr>
<td> <input type="submit" name="action" value="Save"> </td> <td> <input type="submit" name="action" value="Cancel"> </td>
</tr>
</table>
</div>
<!-- end of category insertion div-->
<!-- start retreive category data into table -->
<hr>
<br><br><br>
<div>
<table align="center">
<th align="center" colspan="2"> Category List</th><br>
<tr><td>Select Your Category:</td>
<td><label>
<select name="Select" class="textfields" id="ddlcategory">
<option id="0">---Select your category---</option>
<?php
$servername = "localhost";
$username = "root";
$password = "******";
$dbname = "mydb";
$conn = new mysqli($servername, $username, $password, $dbname);
if (!conn) {
die("Connection Failed: " . mysqli_connect_error());
}
echo"Connected Successfully";
$sql=mysqli_query("SELECT * FROM category_tbl");
while($category=mysqli_fetch_array($sql)){
?>
<option id="<?php echo $category['cat_id']; ?>">
<?php echo $category['cat_name']; ?></option>
<?php
}
?>
</select>
</label>
</td>
</tr>
</table>
</div>
</form>
</body>
</html>
I have write code for retrieving data but it can't able to show data in drop downlist.
help needed..!! thanks..
I hope the following code solves your problem:
<?php
{
mysqli_select_db($conn, "db");
$sql = "SELECT * FROM category_tbl";
$query = mysqli_query($link1, $sql);
echo"<select name='category_tbl'>";
while($row = mysqli_fetch_array($query))
{
echo "<option value'" . $row['cat_id'] . "'>" . $row['cat_id'] . "</option>";
}
echo "</select>";
}
?>
Try the below code
<select>
<?php
$query= "Select * from DB_Table_Name>"; //Your Sql Query in a variable
$execute = mysqli_query($db,$query); // Execute your query..$db is your connection variable
while($row = mysqli_fetch_array($execute,MYSQLI_BOTH))
{?>
<option><?php echo $row['something']; ?></option> //Use Your Table Name Instead of Something
<?php
}
?>
</select>
I seem to have problem fixing this:
<?php
$username = "root";
$password = "";
$database = "learningnews";
$db = mysql_connect('localhost', $username, $password, $database);
$id = $_GET["title"];
$show = "SELECT * FROM learningnews.news where title = '$id'";
$ending = mysql_query($show);
$now = mysql_fetch_array($ending);
?>
<html>
<head>
<title>Edit Page</title>
</head>
<body>
<tr>
<td>
<table border="1">
<form method="post" action="newsedit.php">
<tr>
<td>
<input type="text" name="name" size="40" value="<?php echo "$now[title]" ?>">
</tr>
</td>
<tr>
<td>
<input type="text" name="name1" size="500" value="<?php echo "$now[content]" ?>">
</tr>
</td>
</form>
</tr>
</td>
</table>
</body>
</html>
I seem can't get to show of the title and the content that I have in my database so that I can edit it I get this error:
Notice: Undefined index: title in C:\xampp\htdocs\newsedit.php on line 6
Could someone help please ?
EDIT : Heres the code where I submit the news and ouput them.
EDIT2 : Re-posted the second php file. Here how it looks. This time, no error but it doesnt show the content and title i want .. in the input fields.
<?php
$id ="";
$username = "root";
$password = "";
$database = "learningnews";
$db = mysql_connect('localhost', $username, $password, $database);
$show = "SELECT * FROM learningnews.news where title = '$id'";
$ending = mysql_query($show);
$now = mysql_fetch_array($ending);
?>
<html>
<head>
</head>
<body>
<tr>
<td>
<table border="1">
<form method="post" action="newsedit.php">
<tr>
<td>
<input type="text" name="title" size="40" value="<?php echo "$now[title]" ?>">
</tr>
</td>
<tr>
<td>
<input type="text" name="content" size="500" value="<?php echo "$now[content]" ?>">
</tr>
</td>
</form>
</tr>
</td>
</table>
</body>
</html>
Basically, I need the ouput from first code to show in second and so I can edit it then update it.
<?php
if ( isset( $_GET['name'] ) )
{
$username = "root";
$password = "";
$database = "learningnews";
$db = mysql_connect('localhost', $username, $password, $database);
$id = $_GET["name"];
$show = "SELECT * FROM learningnews.news where title = '$id'";
$ending = mysql_query($show);
$now = mysql_fetch_array($ending);
}
?>
Because $_GET["title"]; was never defined. Not sure what are you trying to do with title.
You need to check if the variable is set with isset before you use it.
<?php
if(isset($_GET['title']))
$id = $_GET["title"];
?>
In your previous page's code you need to change the form method to GET so you can check your title with $_GET on the next page.
<form method="GET" action="admin.php">
<input type="text" name="title">
<textarea name="content"></textarea>
<input type="submit" value="posthorses"/>
</form>
I have virtually no programming experience and trying this first project, I am a bit stuck on how to update the database, so I click on edit and the correct record gets loaded into the edit screen update.php
When I click update, I get the message from updated.php saying that the database has been updated, but the database does not get updated, when I display the records they are the same as before the update, thanks in advance for all your help.
the following code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Form Edit Data</title>
</head>
<body>
<table border=1>
<tr>
<td align=center>Form Edit Employees Data</td>
</tr>
<tr>
<td>
<table>
<?
$user_name = "";
$password = "";
$database = "";
$server = "localhost";
mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database);
$id = $_GET['id'];
$order = "SELECT * FROM MY_ID where ID = ' " .$id . " ' ";
$result = mysql_query($order);
$row = mysql_fetch_array($result);
?>
<form method="post" action="edit_data.php"?id=<?= $id ?>>
<input type="text" name="id" value="<? echo "$row[ID]"?>">
<tr>
<td>First Name</td>
<td>
<input type="text" name="FirsName" size="20" value="<? echo "$row[FirstName]"?>">
</td>
</tr>
<tr>
<td>Sur Name</td>
<td>
<input type="text" name="SurName" size="40" value="<? echo "$row[SurName]"?>">
</td>
</tr>
<tr>
<td>Address</td>
<td>
<input type="text" name="Address" size="40" value="<? echo "$row[Address]"?>">
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit" value="submit">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
and here is the other file
<?php
$user_name = "";
$password = "";
$database = "";
$server = "";
mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database);
$id = $_REQUEST['ID'];
$FirstName = trim(mysql_real_escape_string($_POST["FirstName"]));
$SurName = trim(mysql_real_escape_string($_POST["SurName"]));
$Address = trim(mysql_real_escape_string($_POST["Address"]));
$sql = "UPDATE MY_ID SET FirstName='$FirstName',SurName='$SurName',Address='$Address' WHERE ID='$id'";
$result=mysql_query($sql);
if ($result){
echo "Successful";
echo "<BR>";
echo "<a href='edit.php'>View result</a>";
}
else {
echo "ERROR";
}
?>
Looks like you forget the double quotation mark and the full stop. You should write it as: '".$example."'
$sql = "UPDATE MY_ID SET FirstName='".$FirstName."',SurName='".$SurName."',Address='".$Address.:' WHERE ID='".$id."'";
It is because your form method is POST, and you are trying to GET ID.
Probably ID returns null.
My suggestion is to put a hidden input in your form as with name="ID", then read it in your posted page as $_POST["ID"];
Yes, the answer is as Mansours said. You should not use single quota to your variable.
So, it's bad practice writing code something like this:
<input type="text" value="<?php echo "$row[name]"; ?>">
it should be
<input type="text" value="<?php echo $row['name']; ?>">
it would be clear, and also, when inserting or updating the record you should write as follow:
$sql = "UPDATE MY_ID SET FirstName='" . $FirstName . "',
SurName='" . $SurName . "',
Address='" . $Address . "'
WHERE ID='" . $id . "'";
mysql_query($sql);