SQL Update with form values not working - php

I'm trying to update a table with the form values although it doesn't seem to be updating in the database and there are no errors either.
<?php
session_start();
if(!isset($_SESSION["user"]) or !is_array($_SESSION["user"]) or empty($_SESSION["user"])) {
// redirect to login page
}
$dbhost = "localhost";
$dbname = "***";
$dbuser = "***";
$dbpass = "***";
// database connection
$conn = new PDO("mysql:host=$dbhost;dbname=$dbname",$dbuser,$dbpass);
// new data
$date = date('Y-m-d') ."\n";
$now = time(); $utc_time = $now - intval(date('Z', $now));
$time = date('H:i:s', $now);
$pname = $_POST['pname'];
$pdetails = $_POST['pdetails'];
$pabout = $_POST['pabout'];
$pwebsite = $_POST['pwebsite'];
$pyoutube = $_POST['pyoutube'];
$pfacebook = $_POST['pfacebook'];
$uID = $_POST['uID'];
$id = $_POST['id'];
$seshID = $_SESSION['user']['id'];
$conn->prepare($sql = "UPDATE pages SET pname='$pname', pdetails='$pdetails', pabout='$pabout', pwebsite='$pwebsite', pyoutube='$pyoutube', pfacebook='$pfacebook' WHERE id='$id' AND author_id='$seshID'");
?>

Make sure that you are getting all the data from POST method. For that you can echo all the variables... The basic reason for your script not working is that you are not sending the query to the database.. Use a script like this:
$stmt = $conn->prepare("UPDATE pages SET pname='$pname', pdetails='$pdetails', pabout='$pabout', pwebsite='$pwebsite', pyoutube='$pyoutube', pfacebook='$pfacebook' WHERE id='$id' AND author_id='$seshID'");
$stmt->execute();

Related

Postback script issues

Ive been really struggling to see the issue with my postback script,
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
//$adscendIp = "xx.xx.xx.xx"; // ip for adsc
//if($_SERVER['REMOTE_ADDR'] != $adscendIp)
//{
//die("Access Denied!");
//}
$campid = $_GET['campid']; // ID number of the campaign credited
$sid = $_GET['sid']; // The SubID that was passed in the campaign link
$rate = $_GET['rate']; // Commission earned (Will be negative if status is revoked)
$status = $_GET['status']; // Status of the lead. 1 for payable, 2 for revoked
$name = $_GET['name']; // Name of the campaign
$ip = $_GET['ip']; // IP address of the user
$cur = $_GET['cur'];
$sb1 = $_GET['sb1'];
if($status == "1")
{
mysqli_query($conn,"UPDATE users SET balance = '.$cur.' WHERE steamid = '.$sd1.'");
}
else
{
die("Revoked Lead!");
}
?>
Ive tried going to the link and putting the correct variables in the url and it seems to work, but when i try it on the offerwall its failing, is there anything you can see wrong with the script.
your all variable i.e campid, sid etc coming from any html form?
then in that form set method post. & then in php code get all parameters with $_POST...
$campid = $_POST['campid'];
$sid = $_POST['sid'];
$rate = $_POST['rate'];

how to paginate data fetched from databse

lets say if there are 13 records the latest 5 or from 9-13 in the first page,
from 4-8 in second page and 1-3 in the third page
i've tried this but its for the first page only
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "mysqli_login";
// Create connection
$connection= new mysqli($servername, $username, $password, $dbname);
$query = mysqli_query($connection, "SELECT name,submittedby,trn_date FROM new_record ORDER BY id DESC LIMIT 5")or die(mysqli_error($connection));
while ($row = mysqli_fetch_array($query)) {
$fileName = $row['name'];
$fileContents = file_get_contents("txt/$fileName");
$poster = $row['submittedby'];
$date = $row['trn_date'];
echo ("posted by :$poster | posted date : $date");
echo ("$fileContents");
}
?>
Your code should be like this
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "test_db";
// Create connection
$connection= new mysqli($servername, $username, $password, $dbname);
$current_page = 1; // 1=>refer to the first page, 2=> second page and so on..
if(!empty($_GET['page_no']){
$current_page = $_GET['page_no'];
}
$to = "5"; // it is no of record which you wants to show on each page, you can change it's value as per your need.
$from = ($current_page - 1) * $to;
$query = mysqli_query($connection, "SELECT name,submittedby,trn_date FROM new_record ORDER BY id DESC LIMIT $from , $to")or die(mysqli_error($connection));
while ($row = mysqli_fetch_array($query)) {
$fileName = $row['name'];
$fileContents = file_get_contents("txt/$fileName");
$poster = $row['submittedby'];
$date = $row['trn_date'];
echo ("posted by :$poster | posted date : $date");
echo ("$fileContents");
}
?>
your url should be something like http://localhost/projects/?page_no=1
replace "http://localhost/projects/" with your actual url
Hope this will help!!
Here's an article that discusses this topic. You need to offset your query based on the current page. So it will be LIMIT 5 OFFSET <amount based on the page>.

PHP PDO adding to database will not work? [calendar]

I found a calendar script anyways, Like the rest of my files I want them to run off one single config.php file. Every single script so far does, although I found a calendar script that is coded in PHP PDO the same language im coding the rest in although I Try and include config.php although for some reason it will not work.
Original code of the script: [Which worked]
<?php
$id = $_POST['id'];
$title = $_POST['title'];
$start = $_POST['start'];
$end = $_POST['end'];
try {
$bdd = new PDO('mysql:host=localhost;dbname=database2', 'root', 'mypassword');
} catch(Exception $e) {
exit('Unable to connect to database.');
}
// update the records
$sql = "UPDATE evenement SET title=?, start=?, end=? WHERE id=?";
$q = $dbh->prepare($sql);
$q->execu
te(array($title,$start,$end,$id));
?>
My edit of the script:
<?php
include "../inc/config.php";
$id = $_POST['id'];
$title = $_POST['title'];
$start = $_POST['start'];
$end = $_POST['end'];
// update the records
$sql = "UPDATE evenement SET title=?, start=?, end=? WHERE id=?";
$q = $dbh->prepare($sql);
$q->execute(array($title,$start,$end,$id));
?>
Config.php
<?php
$hostname = 'localhost';
$username = 'root';
$password = 'mypassword';
try {
$dbh = new PDO("mysql:host=$hostname;dbname=database2", $username, $password);
}
catch(PDOException $e)
{
echo $e->getMessage();
}
?>

New $_SESSION variable not created after query?

I'm trying to build a login process where, by using $_SESSION variables, the login credentials of the user are stored and used to show their relevant data from the database on screen (i.e. they will only see the school data that they work for).
<?php
session_start();
if(!isset($_SESSION['Initials'], $_SESSION['Surname']))
{
$host = "xxx";
$username = "xxx";
$password = "xxx";
$database_name = "xxx";
$table_name = "xxx";
mysql_connect($host, $username, $password) OR die("Can't
connect");
mysql_select_db($database_name) OR die("Can't connect to
Database");
$query = "SELECT Class FROM $table_name WHERE Initials = '".
$_SESSION['Initials']."' AND staff LIKE '%".$_SESSION['Surname']."'";
$result = mysql_query($query);
$class = mysql_fetch_array($result);
$count = mysql_num_rows($result);
if($count === NULL)
{
echo "ERROR";
}
else
{
$_SESSION['Class'] = $result;
echo "Class added to sessions";
}
}
?>
My initial problem where the query couldn't recognize the session variables was easily solved by adding the correct brackets for the if-statement. My next problem that has arisen here is that even though the query should be successfull (I don't receive an error message saying 'ERROR' when the $count is either FALSE or NULL) it's not creating the result array into a new session, because when I print the session array on a new page it's still only carrying over the 'Initials' and 'Surname' sessions.
What do I need to change to my query, or post-query process in order for that array (because it's bound to throw up multiple results) to be made into a new session?
Many thanks for the answers to my initial problem!
if(!isset($_SESSION['Initials'], $_SESSION['Surname'])) {
// code
}
u need { } brackets
if(!isset($_SESSION['Initials'], $_SESSION['Surname']))
$host = "xxxxx"; $username = "xxxxx"; $password = "xxxxx";
is
if(!isset($_SESSION['Initials'], $_SESSION['Surname'])) {
$host = "xxxxx";
}
$username = "xxxxx";
$password = "xxxxx";
I've found the answer - it turned out that I wasn't treating one of the session variables as a proper array and thus wouldn't load properly. I've added my script below so that people with similar problems in the future can use it as a reference point:
<?php
session_start();
// Server Details //
$host = "---";
$username = "---";
$password = "---";
$database_name = "---";
$table_name = "---";
// Connect Command //
mysql_connect($host, $username, $password) OR die("Can't
connect");
mysql_select_db($database_name) OR die("Can't connect to
Database");
// Query to call up the unique school name //
$query_school = mysql_query("SELECT DISTINCT School FROM $table_name
WHERE Initials = '".$_SESSION['---']."'
AND staff LIKE '%".$_SESSION['---']."'") or die( mysql_error());
$result_school = mysql_result($query_school, 0);
// Query to call up the unique centre no //
$query_centreno = mysql_query("SELECT DISTINCT CentreNo FROM
$table_name WHERE Initials = '".$_SESSION['---']."'
AND staff LIKE '%".$_SESSION['---']."'") or die( mysql_error());
$result_centreno = mysql_result($query_centreno, 0);
// The newly created sessions for school info //
$_SESSION['---'] = $result_school;
$_SESSION['---'] = $result_centreno;
// Query to call up the array of classes //
$query_class = mysql_query("SELECT Class FROM $table_name WHERE
Initials = '".$_SESSION['---']."'
AND staff LIKE '%".$_SESSION['---']."'") or die( mysql_error());
$query_class__array = array();
while($row = mysql_fetch_assoc($query_class))
$query_class_array[] = $row;
$_SESSION['---'] = $query_class_array;
?>

Updating mysql database through php with HTTP POST methods

It executes on application perfectly I double checked it. It sends all parameters properly and the problem is in php script it doesn't execute the query (update,delete) it execute the insert query properly. The php script works perfect with html form but I don't know where the problem is.
Here is my php script:
$mysql_host = "localhost";
$mysql_database = "locator";
$mysql_user = "root";
$mysql_password = "";
mysql_connect($mysql_host,$mysql_user,$mysql_password) or die(mysql_error());
mysql_select_db($mysql_database);
$uMail = $_POST['u_mail'];
$uIMEI = $_POST['u_IMEI'];
$uName = $_POST['u_name'];
$uPass = $_POST['u_pass'];
$tName = $_POST['t_names'];
$tIMEI = $_POST['t_IMEIs'];
$tDesc = $_POST['t_desc'];
mysql_query("UPDATE user_master SET t_names='$tName',t_IMEIs='$tIMEI',t_desc= '$tDesc' WHERE u_mail = '$uMail' AND u_IMEI = '$uIMEI'");
mysql_close();
?>
maybe you should escape your strings with mysql_real_escape_string()
$uMail = mysql_real_escape_string($_POST['u_mail']);
$uIMEI = mysql_real_escape_string($_POST['u_IMEI']);
$uName = mysql_real_escape_string($_POST['u_name']);
$uPass = mysql_real_escape_string($_POST['u_pass']);
$tName = mysql_real_escape_string($_POST['t_names']);
$tIMEI = mysql_real_escape_string($_POST['t_IMEIs']);
$tDesc = mysql_real_escape_string($_POST['t_desc']);
mysql_query("UPDATE user_master SET t_names='$tName',t_IMEIs='$tIMEI',t_desc= '$tDesc' WHERE u_mail = '$uMail' AND u_IMEI = '$uIMEI'");
and make sure $uMail and $uIMEI are set correctly

Categories