I am trying to put together a form that is populated from data in a MySQL. Then I want to allow the visitor to change information in that form and by pressing a button, update the database with the new information. This is going to be used by only about 700 people or less to update their member information and access to the form will be through an email that the member gets, so it doesn't have to be a bullet proof system.
I am giving the member a link that displays their member information (that part works) It is just when I attempt to send them to the last page that would do the update is where I get the 500 Server Error. Here is some of my code from the form for them to update. It populates the fields from the database and allows the member to edit the field :
<form name="update" action="submitupdate.php" method="POST" />
<input type="hidden" name="id" value="<?=$record['id']?>"
<tr><b>Business Name: </b></br><input type="text" size="55" name="business_name" value="<?=$record['business_name']?>" ></tr></br></br>
Here is my submitupdate.php (That I get the 500 Server error on):
$con = mysql_connect("lxxxxx", "xxxxxx", "xxxxx");
mysql_select_db("xxxxxx", $con);
if(!$con){
die("Can not connect " . mysql_error());
}
$id = $_POST['id'];
$business_name = $_POST['business_name'];
$phone = $_POST['phone'];
$fax = $_POST['fax'];
$address1 = $_POST['address1'];
$address2 = $_POST['address2'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$website = $_POST['website'];
$contact = $_POST['contact'];
$email = $_POST['email'];
if(isset($_POST['update'])) {
$UpdateQuery = "UPDATE members SET business_name='$_POST[business_name]', phone='$_POST[phone]', fax='$_POST[fax]', address1='$_POST[address1]', address2='$_POST[address2]', city='$_POST[city]', state='$_POST[state]', zip='$_POST[zip]', website='$_POST[website]', contact='$_POST[contact]', email='$_POST[email]', update_flag='$_POST[update_flag]', WHERE id='$id'";
mysql_query($UpdateQuery, $con);
$retval = mysql_query($UpdateQuery, $con);
if ($retval )
{
$sql = "SELECT * FROM members WHERE id = $id";
$my_Data = mysql_query($sql,$con);
while($record = mysql_fetch_array($my_Data)) {
?>
</br>
Then I just want to display the updated record
<tr><b>Business Name: </b></br><input type="text" size="55" name="business_name" value="<?=$record['business_name']?>" ></tr></br></br>
<tr><b>Phone: </b></br><input type="text" size="55" name="phone" value="<?=$record['phone']?>" > </tr></br></br>
Related
Trying to update the logged in users details using a form. The details are already in the form when the page loads so if the user wants to change thier mobile number for example they delete the current number, insert the new number and click update.
I get this message when I click update " Unknown column 'Adrian93' in 'where clause' " Adrian93 is the username
<?php
require('dbConnection.php');
require('checklogin.php');
if(isset($_POST['update']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$DOB = $_POST['dob'];
$natInsNo = $_POST['natInsNo'];
$address = $_POST['address'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = {$_SESSION['username']}";
$results = mysqli_query($conn, $query) or die (mysqli_error($conn));
}
?>
Ralphs comment "Probably has to do with your squirly brackets. I'd set $username = $_SESSION['username'] before your query then just do WHERE username='$username' Also be careful for SQL injections, I'd use prepared statements in you're case as you're taking form inputs and directly placing them in your query" solved the query. Runs now without any errors.
<?php
require('checklogin.php');
if(isset($_POST['update']))
{
$firstName = $_POST['firstName'];
$lastName = $_POST['lastName'];
$DOB = $_POST['dob'];
$natInsNo = $_POST['natInsNo'];
$address = $_POST['address'];
$email = $_POST['email'];
$mobile = $_POST['mobile'];
$password = $_POST['password'];
$username = $_SESSION['username'];
$query = "UPDATE users SET firstName='$firstName', lastName='$lastName', DOB='$DOB', natInsNo='$natInsNo', address='$address', email='$email', mobile='$mobile', password='$password' WHERE username = '$username'";
$results = mysqli_query($conn, $query) or die (mysqli_error($conn));
}
?>
I am new to php/mysql and I am learning quite a bit. I have hit a snag with my checkboxes.
I have looked and everything I have come across is not making sense to me.
Pretty much I am doing a site where the admin can add a user and there are checkboxes that will say what the user is interested in. (more than one can be selected.
Example
Interested in what sports. (these are checkboxes users can select)
Baseball
Football
Hockey
and so on
How can I have it where the choices are stored in the database?
Here is what I have so far.
HTML
<div class="col-md-8">
<label style="margin-right:10px; width:130px"><input name="interested[]" type="checkbox" value="a6"><span class="cats">Baseball</span></label>
<label style="margin-right:10px; width:130px"><input name="interested[]" type="checkbox" value="a6"><span class="cats">Football</span></label>
<label style="margin-right:10px; width:130px"><input name="interested[]" type="checkbox" value="a6"><span class="cats">Hockey</span></label>
</div>
PHP
<?php
//error_reporting(E_ALL);
//ini_set("display_errors", 1);
// Pick up the form data and assign it to variables
$id = #$_POST['id'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$altemail = $_POST['altemail'];
$notes = $_POST['notes'];
$company = $_POST['company'];
$address = $_POST['address'];
$home = $_POST['home'];
$cell = $_POST['cell'];
$telephone = $_POST['telephone'];
$category = $_POST['category'];
$usertype = $_POST['usertype'];
$assigned = $_POST['assigned'];
$othercat = $_POST['othercat'];
$interested=$_POST['interested'];
//Get data in local variable
$id = #$_POST['id'];
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$altemail = $_POST['altemail'];
$notes = $_POST['notes'];
$company = $_POST['company'];
$address = $_POST['address'];
$home = $_POST['home'];
$cell = $_POST['cell'];
$telephone = $_POST['telephone'];
$category = $_POST['category'];
$usertype = $_POST['usertype'];
$assigned = $_POST['assigned'];
$othercat = $_POST['othercat'];
$interested=$_POST['interested'];
// You have to loop through the array of checked box values ...
$interested="";
foreach($interested as $entry){
$interested .= $entry.",";
}
if ($fname=="" || $email=="")
{
echo "All fields must be entered, hit back button and re-enter information";
}else{
$query="INSERT INTO users(`id`, `fname`, `lname`, `email`, `notes`,`company`,`address`,`cell`,`home`,`telephone`,`category`,`usertype`,`assigned`,`altemail`,`othercat`,`interested`) VALUES('$id','$fname','$lname','$email','$notes','$company','$address','$telephone','$category','$usertype','$assigned','$altemail','$othercat','$cell','$home','$interested')";
Like I mentioned, I am brand new to PHP/Mysql. I have only been doing it for about 8 days now. I have come quite a ways with it but this has me stumped.
Any help would be appreciated. Not trying to put myself down, but with all the others that I have looked at and no being able to grasp, please kind of dumb it down for me.
Thanks in advance.
I am trying to update user profile by overwriting current data in the MySql.
It isn't working properly its stating it echos my "the name doesn't exist"
Here is my php code:
``````
<?php
// see if the form has been completed
session_start();
include_once("php_includes/check_login_status.php");
include_once("php_includes/db_conx.php");
// Initialize any variables that the page might echo
$u = "";
$firstname = "";
$surname = "";
$gender = "Male";
$country = "";
$weight = "";
$height = "";
$password = "";
$password2 = "";
if(isset($_GET["u"])){
$u = preg_replace('#[^a-z0-9]#i', '', $_GET['u']);
}
$sql = "SELECT * FROM users WHERE username='$u' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// check if the user exists in the database
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$firstname = $row["firstname"];
$surname = $row["surname"];
$weight = $row["weight"];
$height = $row["height"];
$email = $row["email"];
$gender = $row ["gender"];
}
if (isset($_POST['submit'])){
$firstname = $_POST['firstname'];
$surname = $_POST['surname'];
$weight = $_POST['weight'];
$height = $_POST['height'];
$email = $_POST['email'];
$gender = $_POST['gender'];
mysql_connect ("localhost","root","pass123"); mysql_select_db('worldoi5_social');
// check if that user exist
$exists = mysql_query ("SELECT * FROM users WHERE username='$u' ") or die ("query cant connect");
if (mysql_num_rows ($exists) != 0) {
// update the description in the database
mysql_query("UPDATE users SET firstname='$firstname', surname='$surname', weight='$weight', height='$height' WHERE username='$u'") or die ("update could not be applied");
echo "successful";
} else echo "the name does not exist";
}
?>
I have made the code work with less code, but since i have added more it stopped working, and the data reads fine, I do not see the errors or mistake.
here is a bit of the HTML aswell:
<form action="user1.php" method="POST">
<div>
<p>First Name: <input type="text" name="firstname" id="firstname" value="<?=$firstname?>"></p>
<p>Surname: <input type="text" name="surname" id="surname" value="<?=$surname?>"></p>
<p>Weight: <input type="text" name="weight" id="weight" value="<?=$weight?>"></p>
<p>Height: <input type="text" name="height" id="height" value="<?=$height?>"></p>
<p> <input type="submit" name="submit" id="submit" value="Update Description"></p>
</div>
</form>
</body>
I figured out the answer:
from the php code line
$exists = mysql_query ("SELECT * FROM users WHERE username='$u' ")
the single and double quots where messed up so i had to use it like this;
$exists = mysql_query ("SELECT * FROM users WHERE firstname='" . $firstname . "'")
then it read it properly also i decided to use firstname as the selective
I am new to PHP so please be patient with me! I am trying to set up a user login page but every time I click log in it won't recognize the data that is already in the database. I currently have 7 sections in a the table but only taking data from 2 sections. I am unsure where abouts I am going wrong could be the php or the MySQL queries Would someone help me please!
<?PHP
$email = "";
$pword = "";
$errorMessage = "";
$num_rows = 0;
function quote_smart($value, $handle) {
if (get_magic_quotes_gpc()) {
$value = stripslashes($value);
}
if (!is_numeric($value)) {
$value = "'" . mysql_real_escape_string($value, $handle) . "'";
}
return $value;
}
if ($_SERVER['REQUEST_METHOD'] == 'POST'){
$email = $_POST['Email'];
$pword = $_POST['Password'];
$email = htmlspecialchars($email);
$pword = htmlspecialchars($pword);
$e_mail = "root";
$pass_word = "";
$database = "the_travel_cult";
$server = "127.0.0.1";
$db_handle = mysql_connect($server, $e_mail, $pass_word);
$db_found = mysql_select_db($database, $db_handle);
if ($db_found) {
$email = quote_smart($email, $db_handle);
$pword = quote_smart($pword, $db_handle);
$SQL = "SELECT * FROM user_login WHERE Email='$email' AND Password='$pword'";
$result = mysql_query($SQL);
$num_rows = mysql_num_rows($result);
//if(!$result) die ('Unable to run query:'.mysql_error());
if ($result) {
if ($num_rows > 0) {
session_start();
$_SESSION['user_login'] = "1";
header ("Location: SignedIn.php");
}
else {
session_start();
$_SESSION['user_login'] = "";
//$errorMessage = "Not Registered";
header ("Location: Register.php");
}
}
else {
$errorMessage = "Error logging on";
}
mysql_close($db_handle);
}
else {
$errorMessage = "Error logging on";
}
}
?>
<FORM NAME ="form1" METHOD ="POST" ACTION ="HomePage.php">
<form method=post action=”login.php”>
<p><center><strong>Email Addres:</strong></center><br>
<center><input type=”text” name= 'email' value="<?PHP print $email;?>" size=40 maxlength=100></center>
<p><center><strong>Password</strong></center><br>
<center><input type=”text” name= 'password' value="<?PHP print $pword;?>" size=40 maxlength=20></center>
<P align = center>
<INPUT TYPE = "Submit" Name = "Submit1" VALUE = "Login">
<form action="Register.php"> <input type="submit" value="Sign Up"> </form>
First off, congratulations on starting to code. I hope you're having fun!
It looks like you might have a case of "case sensitivity" going on. I noticed that you have the following code at the top:
$email = $_POST['Email'];
$pword = $_POST['Password'];
However, in your HTML, you're actually passing those variables named in all lowercase. Try changing either the code at the top to:
$email = $_POST['email'];
$pword = $_POST['password'];
Or the name of your inputs to "Email" and "Password" (again, notice the uppercase first letter). An easy way to check if the problem is here (vs something in the query) is to
var_dump($_POST);
to see what exactly your script is getting from the form submission.
For more information, see PHP's http://php.net/manual/en/language.variables.basics.php or check out a related post to see how you can make your own case insensitivity check though be warned: it's more work. PHP: Case-insensitive parameters
Hi Guys I am having a problem that when adding form data into a database. For some reason the data is not inserted. here is my code:
<?php include_once 'secure/connect.php'; ?>
<?php
$name = "Your Name";
$email = "Your Best Email";
$msg_to_user = "";
if ($_POST['name'] != ""){
//Be sure to filter this data to deter SQL injection
$name = $_POST['name'];
$name = stripslashes($name);
$name = strip_tags($name);
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$sql = mysql_query("SELECT * FROM newsletter WHERE email='$email'");
$numRows = mysql_num_rows($sql);
if(!$email){
$msg_to_user = '<h4><font color="FF0000">Please Type an email address ' . $name . '</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<h4><font color="FF0000">' . $email . ' is already in our system</font></h4>';
} else {
$sql_insert = mysql_query("INSERT INTO newsletter (name, email, dateTime) VALUES ('$name', '$email', now())") or die (mysql_error());
$msg_to_user = '<h4><font color="0066FF">Thanks' . $name . ', You have been added successfully</font></h4>';
$name = "";
$email = "";
}
}
?>
And my html form looks like this:
<div class="topForm">
<H3 style="text-align:center">SIGN UP FOR OUR NEWSLETTER</H3>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<input type="text" name="name" value="<?php echo $name; ?>"/>
<input type="text" name="email" value="<?php echo $email; ?>"/><br/>
<input name="mySubmitBtn" type="submit" value="SUBMIT">
<?php echo $msg_to_user; ?>
</form>
</div>
Many thanks in advance all
Phillip
This is what I have now and nothing is still working...
<?php
$name = "Your Name";
$email = "Your Best Email";
$msg_to_user = "";
if ($_POST['name'] != ""){
include_once 'secure/connect.php';
//Be sure to filter this data to deter SQL injection
$name = $_POST['name'];
$name = stripslashes($name);
$name = strip_tags($name);
$email = $_POST['email'];
$email = stripslashes($email);
$email = strip_tags($email);
$sql = mysql_query("SELECT * FROM newsletter WHERE email='$email'");
$numRows = mysql_num_rows($sql);
if(!$email){
$msg_to_user = '<h4><font color="FF0000">Please Type an email address ' . $name . '</font></h4>';
} else if ($numRows > 0) {
$msg_to_user = '<h4><font color="FF0000">' . $email . ' is already in our system</font></h4>';
} else {
$sql_insert = mysql_query("INSERT INTO newsletter (name, email) VALUES ('".$name."', '".$email."')") or die (mysql_error());
$msg_to_user = '<h4><font color="0066FF">Thanks' . $name . ', You have been added successfully</font></h4>';
$name = "";
$email = "";
}
}
?>
without regard to other errors or inconsistencies. also let me note that you should use mysqli or pdo. but php uses time()
$sql_insert = mysql_query("
INSERT INTO newsletter
(name, email, dateTime)
VALUES
('$name', '$email', ".time().")
");
or if you want a date time instead of the timestamp you can use the date() function.
You have to change now() from your code. And Use Following code.
$time = time() ;
$sql_insert = mysql_query("INSERT INTO newsletter (name, email, dateTime) VALUES ('".$name."', '".$email."', '".$time."' )") or die (mysql_error());
make sure you are connected to the database ! see what echo mysql_error(); says
if a form was submitted, catch the values, and then sanitize
insert query
ps: see what the following do:
if(isset($_POST['name']) ...
echo mysql_insert_id();
time() not now()
see the id of the new data inserted
your code, should work, if you follow these steps, and if you are connected to the database