Good day
I have a form that gets the case id from previous post, i then do a select with it and all works 100%
I then let them fill in data and upload files. all good, everything posts as should expect the caseid!!!!
code below.
<!---<input type="submit" value="Submit">-->
<?php
require_once("../models/config.php");
if(isUserLoggedIn()) {
if (!securePage($_SERVER['PHP_SELF'])){die();}
require_once("../models/header.php");
echo "<link href='../models/site-templates/default.css' rel='stylesheet' type='text/css' />";
//$servername = "***.****.***.***";
$servername = "***.****.***.***.****";
$username = "202";
$password = "202#202";
$dbname = "*********";
$caseid = $_REQUEST['caseid'];
echo "
<body>
<div id='wrapper'>
<div id='top'><div id='logo'></div></div>
<div id='content'>
<h1>Cases</h1>
<div id='left-nav'>";
include("../left-nav.php");
echo "</div><div id='main'>";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "
SELECT
id
, case_number
, date_entered
, name
, STATUS
, description
, cust_phone_no
, claim_number_c
, contactname_c
, contact_type_c
, telephonehome_c
, telephonebusiness_c
, telephonemobile_c
, policynumber_c
, billing_address_street
, billing_address_city
, billing_address_state
, billing_address_postalcode
, billing_address_country
, customer_name
FROM
*******.sp_case_view
where id = '$caseid'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
$caseid = $row["id"];
$case_number = $row["case_number"];
$date_entered = $row["date_entered"];
$name = $row["name"];
$status = $row["STATUS"];
$description = $row["description"];
$cust_phone_no = $row["cust_phone_no"];
$claim_number_c = $row["claim_number_c"];
$contactname_c = $row["contactname_c"];
$contact_type_c = $row["contact_type_c"];
$telephonehome_c = $row["telephonehome_c"];
$telephonebusiness_c = $row["telephonebusiness_c"];
$telephonemobile_c = $row["telephonemobile_c"];
$policynumber_c = $row["policynumber_c"];
$billing_address_street = $row["billing_address_street"];
$billing_address_city = $row["billing_address_city"];
$billing_address_state = $row["billing_address_state"];
$billing_address_postalcode = $row["billing_address_postalcode"];
$billing_address_country = $row["billing_address_country"];
$customer_name = $row["customer_name"];
echo "<a href='cases.php'><b>Back to Cases</b></a><br><br>";
echo "Customer Name: " . $customer_name ."<br>";
echo "<br>";
echo "Case Number: " . $case_number ."<br>";
echo "Created On: " . $date_entered ."<br>";
echo "<br>";
echo "Description: " . $description ."<br>";
echo "Phone Number: " . $cust_phone_no ."<br>";
echo "Claim Number: " . $claim_number_c ."<br>";
echo "Contact Person: " . $contactname_c ."<br>";echo "<br>";
echo "Address Details: <br>";
echo "Street: " . $billing_address_street ."<br>";
echo "City: " . $billing_address_city ."<br>";
echo "Province: " . $billing_address_state ."<br>";
//echo "Name: <input type='text' value='" . $description . "'><br>";
}
$up_id = uniqid();
require_once("../models/footer.php");
$conn->close();
}
else {
header('location: ../login.php');
}
$full_path = "c:/scott/source/";
$number_of_uploads = 4;
$allowed_file_types = array("jpg","gif","png","txt","zip","xls","doc","docx","xlsx","txt","pdf");
$upload_folder = "./uploads/";
$max_size_in_kb = 10000024;
$rename_files = 1;
echo $caseid;
function printForm()
{
global $allowed_file_types,$number_of_uploads,$max_size_in_kb;
print "<html>
<head>
<meta http-equiv='content-type' content='text/html; charset=utf-8' />
<title></title>
<meta name='description' content='' />
<meta http-equiv='Language' content='en' />
<meta name='language' content='en' />
<!--Progress Bar and iframe Styling-->
</head>
<body>
<br><b>Enter your closure details</b>
<!--<form action='upload.php' method='post'> -->
<form enctype='multipart/form-data' action='upload.php' method='post' name='upload-form' id='upload-form'>
<table>
<tr><td>Plumber Cost including vat: </td><td><input type='text' name='plumcost'></td></tr>
<tr><td>Enter description of work done: </td><td><input type='textarea' name='descrepair'></td></tr>
<tr>
<td>Old Geyser Make: </td><td><input type='text' name='geyserold'> </td>
</tr>
<tr>
<td>Old Geyser Serial Number: </td><td><input type='text' name='geyseroldserial'> </td>
</tr>
<tr>
<td>New Geyser Serial Number: </td><td><input type='text' name='geysernew'> </td>
</tr>
</table>
\n";
for($i=0;$i<$number_of_uploads;$i++)
{
if($i == '0') {
echo "Invoice";
}
elseif($i == '1') {
echo "POD";
}
elseif($i == '2') {
echo "Stocksheet";
}
elseif($i == '3') {
echo "Pictures Zipped";
}
print "<p><input type=\"file\" name=\"file[]\" /></p>\n";
}
print "<p><input type=\"hidden\" name=\"upload\" value=\"1\" /><input type=\"submit\" value=\"Upload\" /></p>\n</form>\n";
print "<p>Allowed file types: ." . implode($allowed_file_types, " ."). "</p>\n";
}
$fileNAMES = array();
if(isset($_POST['upload']))
{
for($i=0;$i<$number_of_uploads;$i++)
{
if(strlen($_FILES['file']['name'][$i]) > 0)
{
$filearray = explode(".", $_FILES['file']['name'][$i]);
$ext = end($filearray);
if($rename_files == 1)
{
if($i==0)
{
$fileNAMES[$i] = $caseid."invoice";
}
if($i==1)
{
$fileNAMES[$i] = $caseid."stocksheet";
}
if($i==2)
{
$fileNAMES[$i] = $caseid."POD";
}
if($i==3)
{
$fileNAMES[$i] = $caseid."picture";
}
}
else
{
$xperiods = str_replace("." . $ext, "", $_FILES['file']['name'][$i]);
$fileNAMES[$i] = str_replace(".", "", $xperiods);
}
if(!in_array(strtolower($ext), $allowed_file_types))
{
print "<p class=\"error\">FAILED: ". htmlspecialchars($_FILES['file']['name'][$i]) ."<br />ERROR: File type not allowed.</p>\n";
}
elseif($_FILES['file']['size'][$i] > ($max_size_in_kb*1024))
{
print "<p class=\"error\">FAILED: ". htmlspecialchars($_FILES['file']['name'][$i]) ."<br />ERROR: File size to large.</p>\n";
}
elseif(file_exists($upload_folder.$fileNAMES[$i] .".". $ext))
{
print "<p class=\"error\">FAILED: ". htmlspecialchars($fileNAMES[$i]) .".". $ext ."<br />ERROR: File already exists.</p>\n";
}
else
{
if(move_uploaded_file($_FILES['file']['tmp_name'][$i], $upload_folder.$fileNAMES[$i] .".". $ext))
{
print "<p>UPLOADED: ". htmlspecialchars($fileNAMES[$i]) .".". $ext ."</p>\n";
}
else
{
print "<p class=\"error\">FAILED: ". htmlspecialchars($_FILES['file']['name'][$i]) ."<br />ERROR: Undetermined.</p>\n";
}
}
}
}
printForm();
}
else
{
printForm();
}
?>
</form>
</div></body>
</html>
<?php } else {
echo "0 results";
echo $caseid;
} ?>
Related
I want to add loop to my sql query so that all the data from the table gets updated at one click. Right now only the last row is getting updated.
<?php
include_once 'db_connect.php';
if(isset($_POST['btn-signup']))
{
$PersonID = mysql_real_escape_string($_POST['PersonID']);
$FirstName = mysql_real_escape_string($_POST['FirstName']);
$Status = mysql_real_escape_string($_POST['Status']);
$Date = mysql_real_escape_string($_POST['Date']);
$uname = trim($uname);
$email = trim($email);
$upass = trim($upass);
// email exist or not
$query = "SELECT Date FROM status WHERE Date='$Date'";
$result = mysql_query($query);
$count = mysql_num_rows($result); // if email not found then register
if($count == 0){
if(mysql_query("INSERT INTO status(PersonID,FirstName,Status, Date) VALUES('$PersonID','$FirstName','$Status','$Date')"))
{
?>
<script>alert('successfully Added ');</script>
<?php
}
else
{
?>
<script>alert('error while registering you...');</script>
<?php
}
}
else{
?>
<script>alert('Sorry Attendence already taken ...');</script>
<?php
}
}
echo "<!DOCTYPE html>\n";
echo "<html>\n";
echo "<head>\n";
echo " <meta charset=\"utf-8\">\n";
echo " <meta http-equiv=\"X-UA-Compatible\" content=\"IE=edge\">\n";
echo " <title>Attendance</title>\n";
echo "</head>\n";
echo "<body>\n";
echo " \n";
echo "\n";
echo "\n";
include_once 'dbconnect.php';
$query = "SELECT * FROM attandance ";
$result = mysql_query($query);
echo "<h2>Mark Attendance</h2>\n";
echo "<form method=\"POST\" action=\"\">\n";
echo "<table border=\"2\">\n";
echo " <tr>\n";
echo " <th>PersonId</th>\n";
echo " <th>First Name</th>\n";
echo " <th>Status</th>\n";
echo " <th>Date</th>\n";
echo " </tr>\n";
while($row = mysql_fetch_array($result, MYSQL_ASSOC))
{
$PersonID=$row['PersonID'];
$FirstName=$row['FirstName'];
echo "<td> <input type=\"text\" name=\"PersonID\" value=\" $PersonID\"></td>\n";
echo "<td> <input type=\"text\" name=\"FirstName\" value=\" $FirstName\"></td>\n";
echo "<td><select name=\"Status\">\n";
echo " <option value=\"Present\">Present</option>\n";
echo " <option value=\"Absent\">Absent</option>\n";
echo " </select></td>\n";
echo "<td> <input type=\"date\" name=\"Date\" value=\" $Date\"></td>\n";
echo "</tr>\n";
}
echo " </table>\n";
echo "<input id=\"button\" type=\"submit\" name=\"btn-signup\" value=\"Mark\">\n";
echo "</form>\n";
echo "\n";
echo "\n";
echo "<a href='sheet.php'>Attendence Sheet</a>\n";
echo "</body>\n";
echo "</html>\n";
echo "\n";
?>
I am confused as i have used loop in the 2nd part to get value from the database and now i want to use loop to add those value in the database table. How can i add the code to the Insert SQL query in the first part of my code.
I'm trying to do a multiple edit function, the code goes through but the database is not updated. I figure the problem is that at WHERE id = $id no value gets called out because if I replace $id with an actual id e.g. id = 001 the entry 001 gets updated.
This page selects which entries get edited
<?php
if (!mysqli_connect_errno($con)) {
$queryStr = "SELECT * " . "FROM crewlist";
}
$result = mysqli_query($con, $queryStr);
while ($row = mysqli_fetch_array($result)) {
if (date("Y-m-d") > $row['start_date'] && date("Y-m-d") < $row['end_date']) {
echo "<tr><th>" . "<input type = 'checkbox' name = 'checkbox2[]' value='" . $row['crew_name']. "' >" . "</th>";
echo "<th>" . "" . $row["crew_name"] . "";
echo "<th>" . $row["crew_rank"] . "</th>";
echo "<th>" . $row["start_date"] . "</th>";
echo "<th>" . $row["end_date"] . "</th>";
echo "<th>" . $row["watchkeeping"] . "</th>";
echo "<th>" . $row["active"] . "</th>";
} else {
}
}
?>
This is the edit page
<?php include 'header.php'; ?>
<div id="container4"><?php
require ("dbfunction.php");
$con = getDbConnect();
$checkbox2 = $_POST['checkbox2'];
if (!mysqli_connect_errno($con)) {
$str = implode($checkbox2);
$queryStr = "SELECT * " .
"FROM crewlist WHERE ($str) && crew_id";
}
$result = mysqli_query($con, $queryStr);
?><form action="handlemultiedit.php" method="post"><?php
if ($_POST['submit']) {
$checkbox2 = $_POST['checkbox2'];
foreach ($checkbox2 as $crewname) {
?>
<input type="hidden" name="crew_id" value="<?php $id = isset($_GET['id']) ? $_GET['id'] : ''; ?>" />
<?php echo "<tr><th>" . $crewname . ":</th><br>";
echo " <tr>
<td>Shift 1:</td>
<td><input type=\"time\" name=\"start_hour\" value=\"start_hour\" id=\"start_hour\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour\" value=\"end_hour\" id=\"end_hour\" step=\"1800\" required>
</td>
</tr>
<tr>
<td>Shift 2:</td>
<td><input type=\"time\" name=\"start_hour2\" value=\"start_hour2\" id=\"start_hour2\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour2\" value=\"end_hour2\" id=\"end_hour2\" step=\"1800\" required>
</td>
</tr><br><br>";
?><?php
}?><td><input type="submit" value="Submit" ></td></form><?php
}
?>
print_r($_POST);
require 'dbfunction.php';
$con = getDbConnect();
$crew_id = $_POST["crew_id"];
$start_hour = $_POST["start_hour"];
$end_hour = $_POST["end_hour"];
$start_hour2 = $_POST["start_hour2"];
$end_hour2 = $_POST["end_hour2"];
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE crewlist SET start_hour = '$start_hour',end_hour = '$end_hour', start_hour2 = '$start_hour2',end_hour2 = '$end_hour2' WHERE crew_id = $crew_id";
mysqli_query($con, $sqlQueryStr);
}
//header('Location: crewlisting.php');
mysqli_close($con);
?>
Try placing single quotes (i.e. 's) around your final variable in your statement, as you have done with all of your other variables, i.e. change it to "WHERE crew_id = '$crew_id'";
my code basically override requests (for classes that are full in capacity) submitted by students to specific professors. Let's say 2 students have requested an override to the same class, when a professor is logged in, the code fetches the two override requests with an option of accepting/denying, when i as a professor accept/deny a single override request, it does the action for both the override requests instead of the one i chose.
Basically it's not accepting/denying the requests as selected, its doing the same action for all overrides.
Code:
<?php
} else if ($usertype == 1) {
$server = "";
$user = "";
$pass = "";
$db = "";
$db2 = "";
$db3 = "";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db) or mysqli_error($mysqli);
$mysqli2 = new Mysqli($server, $user, $pass, $db2) or mysqli_error($mysqli);
$mysqli3 = new Mysqli($server, $user, $pass, $db3) or mysqli_error($mysqli);
$status= $mysqli->query("SELECT status FROM Overrides WHERE professor = '$user1'")->fetch_object()->status;
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
?>
<form method="post" action="dbheads.php" name="HF" id="HF" autocomplete="off">
<script type="text/javascript">
function submitForm(action)
{
document.getElementById('HF').action = action;
document.getElementById('HF').submit();
}
</script>
<?php if ($status == 1) {
echo " Overrides today: " . $num_rows;
?>
<?php
while($row = mysqli_fetch_array($overrides)) { ?>
<fieldset> <?php
echo "First Name: " . $row['name'] . "<br />";
echo "<br />Mid. Name: " . $row['mname'] . "<br />";
echo "<br />Fam. Name: " . $row['fname'] . "<br />";
echo "<br />Student ID: " . $row['sid'] . "<br />";
echo "<br />Scolarship: " . $row['sc'] . "<br />";
echo "<br />Phone No: " . $row['phone'] . "<br />";
echo "<br />Email: " . $row['email'] . "<br />";
echo "<br />Subject: " . $row['subject'] . "<br />";
echo "<br />Section: " . $row['section'] . "<br />";
echo "<br />Semester: " . $row['semester'] . "<br />";
$name = $row['name'];
echo "<input type='hidden' name='name' value='$name'>";
$mname = $row['mname'];
echo "<input type='hidden' name='mname' value='$mname'>";
$fname = $row['fname'];
echo "<input type='hidden' name='fname' value='$fname'>";
$sid = $row['sid'];
echo "<input type='hidden' name='sid' value='$sid'>";
$sc = $row['sc'];
echo "<input type='hidden' name='sc' value='$sc'>";
$phone = $row['phone'];
echo "<input type='hidden' name='phone' value='$phone'>";
$email = $row['email'];
echo "<input type='hidden' name='email' value='$email'>";
$subject = $row['subject'];
echo "<input type='hidden' name='subject' value='$subject'>";
$section = $row['section'];
echo "<input type='hidden' name='section' value='$section'>";
$semester = $row['semester'];
echo "<input type='hidden' name='semester' value='$semester'>";
?>
<br />
<div>
<label for="comments" accesskey="c">Notes & Comments:</label><br />
<input type="textarea" name="comments" id="comments" cols="35" rows="10">
<br>
</div>
<br>
<script type="text/javascript">
function submitForm(action)
{
document.getElementById('HF').action = action;
document.getElementById('HF').submit();
}
</script>
...
<input type="button" onclick="submitForm('dbheads.php')" value="Accept" />
<input type="button" onclick="submitForm('dbheads2.php')" value="Deny" /></form>
</fieldset>
<br>
<?php } }
?>
<br />
dbheads.php
<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
sec_session_start();
?>
<html>
<?php
$mysql_host = "";
$mysql_username = "";
$mysql_password = "r!~";
$mysql_database = "";
$user = $_SESSION['username'];
if (login_check($mysqli) == true) : ?>
<p>Welcome <?php echo htmlentities($user); ?>!</p>
<?php
$mysqli = new Mysqli($mysql_host, $mysql_username, $mysql_password, $mysql_database) or die(mysqli_error());
$status = 2;
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'");
$stmt->bind_param("s", $status);
$stmt->execute();
echo htmlentities(accepted);
?>
<?php else : ?>
<p>
<span class="error">You are not authorized to access this page.</span> Please login.
</p>
<?php endif; ?>
</html>
bheads2.php
<html>
<?php
$mysql_host = "";
$mysql_username = "";
$mysql_password = "";
$mysql_database = "";
$user = $_SESSION['username'];
if (login_check($mysqli) == true) : ?>
<p>Welcome <?php echo htmlentities($user); ?>!</p>
<?php
$mysqli = new Mysqli($mysql_host, $mysql_username, $mysql_password, $mysql_database) or die(mysqli_error());
$status = 5;
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'");
$stmt->bind_param("s", $status);
$stmt->execute();
echo htmlentities(denied);
?>
<?php else : ?>
<p>
<span class="error">You are not authorized to access this page.</span> Please login.
</p>
<?php endif; ?>
</html>
Any help on how can i fix this? I'm a beginner so ignore the messy code.
It seems you are updating the database with the following query
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'")
Which is simply saying where the username is the person logged in or using the page will be updated to the status of your choosing, do you have a unique identifier for each row of overrides? Override_ID maybe.
If so I would fetch that data on your first page and put it into a hidden input like the other data and then use the following query:
$ovid = $_POST['ovid'];
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE override_id='$ovid'")
EDIT:
You also seem to be updating WHERE username='$user'as opposed to WHERE professor='$user' on your update pages
this piece of code i have below reads data from a database, what i want to make is that when you click submit on the following form, it would write the same data to another database and when denied, it would also submit it to another different database. Can you help? since i can't get how to do it.
<?php
} else if ($usertype == 1) {
$server = "localhost";
$user = "";
$pass = "r=Sc!~";
$db = "";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db) or mysqli_error($mysqli);
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
?>
<?php
echo " Overrides today: " . $num_rows;
?>
<form method="post" action="dbheads.php" name="HeadWritingForm" id="HeadWritingForm" autocomplete="off">
<fieldset>
<?php
while($row = mysqli_fetch_array($overrides)) {
echo "First Name: " . $row['name'] . "<br />";
echo "<br />Mid. Name: " . $row['mname'] . "<br />";
echo "<br />Fam. Name: " . $row['fname'] . "<br />";
echo "<br />Student ID: " . $row['sid'] . "<br />";
echo "<br />Scolarship: " . $row['sc'] . "<br />";
echo "<br />Phone No: " . $row['phone'] . "<br />";
echo "<br />Email: " . $row['email'] . "<br />";
echo "<br />Class: " . $row['class'] . "<br />";
echo "<br />Section: " . $row['section'] . "<br />";
echo "<br />Semester: " . $row['semester'] . "<br />";
}
?>
<br />
<div>
<label for="comments" accesskey="c">Notes & Comments:</label><br />
<textarea name="comments" cols="35" rows="10">
</textarea><br>
</div>
<br>
<input type="submit" class="submit" id="submit" value="Accept" /> <input type="submit" value="Deny"><br>
</fieldset>
</form>
enter code here
<?php
$server = "localhost";
$user = "";
$pass = "r=Sc!~";
$db1 = "Overrides ";
$db2 = "ONTHERDB";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db1) or mysqli_error($mysqli);
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
$mysqli = new Mysqli($server, $user, $pass, $db2) or mysqli_error($mysqli);
while($row = mysqli_fetch_array($overrides)) {
$QUERY="INSERT INTO $db2(name,mname,fname,sid,sc,phone,email,class,section,semester)VALUES($row[0],
$row[1],$row[2],$row[3],$row[4],$row[5],$row[6],$row[7],$row[8],$row[9],$row[10] );
mysqli_query($QUERY);
}
I have a user data profile that I want to update when a user has filled out a form. When the update query is run values are being passed to the PHP script but not being changed in the table.
HTML of form:
echo "<br />";
echo "From this page you can change your profile details.";
echo "<br />";
echo "<br />";
echo "<form id='edit' action='../scripts/editscript.php' method='post' accept-charset='UTF-8'>";
echo "<label for='firstname'>First Name:</label>";
echo "<input type='text' id='firstname' name='firstname' />";
echo "<br />";
echo "<label for='lastname'>Last Name:</label>";
echo "<input type='text' id='lastname' name='lastname' />";
echo "<br />";
echo "<label for='username'>User Name:</label>";
echo "<input type='text' id='username' name='username' />";
echo "<br />";
echo "<label for='password'>Password:</label>";
echo "<input type='password' id='password' name='password' />";
echo "<br />";
echo "<label for='passwordconfirm'>Confirm Password:</label>";
echo "<input type='password' id='passwordconfirm' name='passwordconfirm' />";
echo "<br />";
echo "<label for='email'>E-Mail:</label>";
echo "<input type='email' id='email' name='email' />";
echo "<br />";
echo "<label for='like'>Something you like:</label>";
echo "<input type='text' id='like' name='like' />";
echo "<br />";
echo "<label for='dislike'>Something you dislike</label>";
echo "<input type='text' id='dislike' name='dislike' />";
echo "<br />";
echo "<label for='fact'>A fun fact about yourself:</label>";
echo "<input type='text' id='fact' name='fact' />";
echo "<br />";
echo "<label for='allow'>Do you want other people to see parts of your profile:</label>";
echo "<input type='radio' name='allow' value='yes' /> Yes";
echo "<input type='radio' name='allow' value='no' /> No";
echo "<br />";
echo "<br />";
echo "<input type='submit' name='submit' value='Confirm' />";
echo "</form>";
PHP script:
<?PHP
session_start();
$time = time();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt = str_replace("+",".",$salt);
$salt = '$2a$08$' . $salt;
$password = crypt($_POST['password'], $salt);
$email = $_POST['email'];
$like = $_POST['like'];
$dislike = $_POST['dislike'];
$fact = $_POST['fact'];
$allow = $_POST['allow'];
$UID = $_SESSION['user']['UID'];
if ($allow == 'yes') {
$allowvalue = 1;
} else {
$allowvalue = 0;
};
$con = mysqli_connect('localhost','//db_username','//db_pass','//table');
if (mysqli_connect_errno($con)) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "UPDATE users SET firstname = '" . $firstname . "',
lastname = '" . $lastname . "',
username = '" . $username . "',
password = '" . $password . "',
email = '" . $email . "',
like = '" . $like . "',
dislike = '" . $dislike . "',
fact = '" . $fact . "',
allowview = " . $allowvalue . " WHERE UID = " . $UID . "";
mysqli_query($con,$query);
mysqli_close($con);
?>
I really don't get why this isn't going as expected. Any help is appreciated. :)
Prepared statements are not only good for avoiding sql infection but they will also help you organizing your code hence make your code more solid
<?php
session_start();
/*your variables*/
$time = time();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt = str_replace("+",".",$salt);
$salt = '$2a$08$' . $salt;
$password = crypt($_POST['password'], $salt);
$email = $_POST['email'];
$like = $_POST['like'];
$dislike = $_POST['dislike'];
$fact = $_POST['fact'];
$allow = $_POST['allow'];
$UID = $_SESSION['user']['UID'];
if ($allow == 'yes') {
$allowvalue = 1;
} else {
$allowvalue = 0;
};
$mysqli = new mysqli("localhost", "//db_username", "//db_pass", "//table");
/* check connection */
if (mysqli_connect_errno()) {
echo ("Failed to connect to MySQL:: %s\n", mysqli_connect_error());
exit();
}
/* Prepare an update statement */
$query = "UPDATE users SET firstname = ?,
lastname = ?,
username = ?,
password = ?,
email = ?,
like = ?,
dislike = ?,
fact = ?,
allowview = ? WHERE UID = ?";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("ssssssssii",$firstname, $lastname, $username, $password, $email,
$like, $dislike, $fact, $allowvalue, $UID);
/* Execute the statement */
$stmt->execute();
/* close connection */
$mysqli->close();
?>
do a
var_dump($_SESSION['user']['UID']);
most probably the id does not match the id in the db
I figured out what it was. One of the columns in my database was 'like'. This is a MySQL keyword so it was messing with my query, thanks for the suggestions anyway :)