if (isset($_POST['update'])){
$UpdateQuery = "UPDATE eventcalendar SET Title='$_POST[title]', Detail='$_POST[detail]' WHERE ID='$_GET[ID]'";
mysql_query($UpdateQuery, $con);
}
$sql = "SELECT * FROM eventcalendar";
$myData = mysql_query($sql,$con);
echo "<table border=1'>
<tr>
<th>Id</th>
<th>Title</th>
<th>Detail</th>
<th>Event Date</th>
<th>Date Added</th>
</tr>";
while($row = mysql_fetch_array($myData)){
echo "<form action=details.php method=post>";
echo "<tr>";
echo "<td>" . $row['ID'] . "</td>";
echo "<td>" . "<input type=text name=title value=" . $row['Title'] . " </td>";
echo "<td>" . "<input type=text name=detail value=" . $row['Detail'] . " </td>";
echo "<td>" . $row['eventDate'] . "</td>";
echo "<td>" . $row['dateAdded'] . "</td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysql_close($con);
This is my code, yet when i try to execute it, it execute all my rows in my table instead of the only 1 I edited. I've searched for like 2 hours but still can't find it. Does any of you know maybe how I can fix this?
Looks like you need to include the ID in the form action.
echo '<form action="details.php?ID='.$row['ID'].'" method="post">';
This will allow the use of the $_GET['ID'] value in your update query.
Alternatively, add the ID as a hidden field in your form like
echo '<input type="hidden" name="ID" value="'.$row['ID'].'">';
And change the SQL query to use $_POST['ID'] instead of $_GET['ID'].
$UpdateQuery = "UPDATE eventcalendar SET Title='$_POST[title]', Detail='$_POST[detail]' WHERE ID='$_POST[ID]'";
Something you also need to look into is escaping the input that you're using with your SQL statement.
Aside from the SQL Injection issues, your problem is that:
You're using $_GET[ID] in your query, instead of $_POST[ID]
You aren't posting the ID back to the form at all. Try adding this:
echo "<input type='hidden' name='ID' value='{$row[ID]}'>";
Your $_POST[title], $_POST[detail] and $_GET[ID]are interpreted as plain strings, not as the evaluated value, to get the evaluated value, you have to make use of concatenation.
Update this part :
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE eventcalendar SET Title='$_POST[title]', Detail='$_POST[detail]' WHERE ID='$_GET[ID]'";
mysql_query($UpdateQuery, $con);
}
to this:
if (isset($_POST['update']))
{
$UpdateQuery = "UPDATE eventcalendar SET Title='". $_POST['title']. "', Detail='". $_POST['detail']. "' WHERE ID='". $_POST['ID']. "'";
mysql_query($UpdateQuery, $con);
}
Related
I am working with three database tables.
users
class
user_class
I'm making a page so that student can be assigned to classes using a checkbox. How do I get it so that if the value of a student being in a class is currently in the database, the checkbox for that class will already have the student value checked.
<?php
$showAllStudents = "SELECT * FROM users";
mysqli_query($mysqli, $showAllStudents) or die ('Error finding Students');
$result = mysqli_query($mysqli, $showAllStudents);
echo"<table border='1' cellspacing='10' align='center'>";
echo "<tr><th></th><th>User ID</th><th>User Name</th><th>First Name</th>
<th>Second Name</th></tr>";
while ($row = $result->fetch_object()){
echo "<tr>";
echo "<td><input type='checkbox' id='" .$row->userID . "'
name='check_box[]' value='" .$row->userID . "' /></td>";
echo "<td>" .$row->userID . "</td>";
echo "<td>" .$row->username . "</td>";
echo "<td>" .$row->forename . "</td>";
echo "<td>" .$row->surname . "</td>";
echo "</tr>";
}
if (isset($_POST['submitClassStudent'])) {
//get ID from header
$classID = $_GET['id'];
//print_r ($_POST);
//for each ticked checkbox convert to a UserID variable
foreach ($_POST['check_box'] as $userID) {
$editClassStudentQuery = "INSERT INTO `user_class`(userID, classID)
VALUES('$userID', '$classID')";
$insert_row = $mysqli->query($editClassStudentQuery) or die($mysqli->error . __LINE__);
if ($insert_row) {
header('Location: classeditor.php');
} else {
echo "Error: " . $editClassStudentQuery . "<br>" . $mysqli->error;
}
}
}
?>
To mark a checkbox as already checked you just need to add checked as one of its attributes.
<input type="checkbox" id="already-checked" checked> Already checked
W3 Schools
if the user exists then echo 'checked' in tag
Example: echo "<input type ='checkbox'";if(YourConditionHere)echo "checked>";else echo ">";
I have multiple text boxes within a table on my web page which is populated from a form on my website users fill out. I have the feature of being able to delete each row as well as edit each row of data displayed on my website. The problem I'm having with it is only the last row of the table can be edited/deleted. For example, When I click the delete button on the first row of the table, it deletes the last row for some reason and not the first row. Also, it's the same with the update/edit button, only the last row can be modified and not anything above the last row of the table on my website.
More information:
form_id is the primary key within my database.
My code:
<?php
$con = #mysql_connect("localhost","root","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("formsystem", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE form SET form_name='$_POST[name]', form_description='$_POST[description]' WHERE form_id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
$sql = "SELECT * FROM form";
$myData = mysql_query($sql,$con);
echo "<table>
<tr>
<th>Title</th>
<th>Description</th>
<th></th>
<th></th>
<th></th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=findGroup.php method=post>";
echo "<tr>";
echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
echo "</tr>";
}
echo "</table>";
?>
Update
Enclose the form element properly:
<?php
$con = #mysql_connect("localhost","root","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("formsystem", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE form SET form_name='".$_POST['name']."', form_description='".$_POST['description']."' WHERE form_id='".$_POST['hidden']."';";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='".$_POST['hidden']."';";
mysql_query($DeleteQuery, $con);
};
$sql = "SELECT * FROM form";
$myData = mysql_query($sql,$con);
echo "<table>
<tr>
<th>Title</th>
<th>Description</th>
<th></th>
<th></th>
<th></th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=findGroup.php method=post>";
echo "<tr>";
echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
echo "</tr>"
echo "</form>";
}
echo "</table>";
?>
And for security issue, it's better to wrap variable using mysqli_real_escape_string, for example:
"DELETE FROM form WHERE form_id='".mysqli_real_escape_string($_POST['hidden'])."';";
But this is another question, here is the thread.
First off, check these potential issues:
You are connecting as root. Not recommended. You should connect as a MySQL user with M.A.D rights on that table (modify, add, delete).
Have you checked the MySQL & system/PHP logs to see if any errors are being reported? Then you can adjust your code based on those errors.
Have you attempted to run the delete statement manually to confirm that it deletes the desired row?
In your code, have you tried using the $sql = DELETE... syntax on your delete statement?
I'm trying to make a HTML table as a frontend to a mySQL database. The table displays fine and I can type in the edits I want to make to each row of the table but when I press the submit button the changes aren't actually made. Can anyone see where I'm going wrong?
<?php
include("db.php");
$sql = "SELECT * FROM `artist`";
$result = mysqli_query($conn, $sql);
if (isset($_POST['update'])){
$artID = $_POST['artID'];
$artName = $_POST['artName'];
$key = $_POST['hidden'];
$UpdateQuery = "UPDATE `artist` SET `artID` = '$artID', `artName` = '$artName' WHERE `artist`.`artID` = '$key'";
mysqli_query($conn,$UpdateQuery);
header("Location: {$_SERVER['HTTP_REFERER']}");
exit;
};
echo "<table border='1'>";
echo "<tr>";
echo "<th>ID</th>";
echo "<th>Name</th>";
echo "</tr>";
if ($result->num_rows > 0) {
echo "<form id ='artisttable' action ='getartiststable.php' method ='post'>";
// output data of each row
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" ."<input type='text' name ='artID' value ='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='text' name ='artName' value ='" . $row["artName"] . "' </td>";
echo "<td>" . "<input type = 'hidden' name ='hidden' value='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='submit' name ='update'" . " </td>";
echo "</tr>";
}
echo "</form>";
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
The db.php file simply includes the connection info to the mySQL database and I'm 100% sure there's nothing wrong with it as it retrieves the table correctly it just doesn't update.
You are putting form tag inside tr which is not allowed td are only allowed
so you have to remove that tr from there.
You have to use jquery or you can replace the table with some other grid structure so that it can look the same and the form can be placed there as well
One more suggestion Don't mix the php and html together separate them for the clean code
If you do all these you code will be like this
Your form is being constructed with multiple elements with the same name. When you submit the form it is using the last elements as the values so regardless of the record you want updated the last record is being updated (or throwing an error because of string encapsulation). You should use parameterized queries as well.
So instead of:
if ($result->num_rows > 0) {
echo "<form id ='artisttable' action ='getartiststable.php' method ='post'>";
// output data of each row
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" ."<input type='text' name ='artID' value ='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='text' name ='artName' value ='" . $row["artName"] . "' </td>";
echo "<td>" . "<input type = 'hidden' name ='hidden' value='" . $row['artID'] . "' </td>";
echo "<td>" . "<input type='submit' name ='update'" . " </td>";
echo "</tr>";
}
echo "</form>";
echo "</table>";
Use:
if ($result->num_rows > 0) {
// output data of each row
while($row = mysqli_fetch_array($result)) {?>
<form class='artisttable' action ='getartiststable.php' method ='post'>
<tr>
<td><input type='text' name ='artID' value ='<?php echo $row['artID'];?>' /></td>
<td><input type='text' name ='artName' value ='<?php echo $row["artName"];?>' /></td>
<td><input type = 'hidden' name ='hidden' value='<?php echo $row['artID'];?>' /></td>
<td><input type='submit' name ='update'" . " </td>
</tr>
</form>
<?php } ?>
</table>
So you get a form for each data set. Here's a link on prepared statements with mysqli: http://php.net/manual/en/mysqli.quickstart.prepared-statements.php. You also should update your mark up. Tables for formatting aren't the best approach. Your inputs also weren't closed missing >.
Also this changed artisttable from an id to class because there will be multiples. Update CSS/JS accordingly.
I have a table which displays
-Staff ID (Primary Key)
-Staff Name
-Staff Position
All the data loads in to my grid, the grid has an update button witch should let me to update it but it returns original result after clicking update.
<html>
<head>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "root", "");
if (!$conn){
die("Can not connect: " . mysql_error());
}
mysql_select_db("pizza_shop",$conn);
if (isset($_POST['submit']) && $_POST['submit'] == 'update'){
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
mysql_query($UpdateQuery);
}
$sql = "SELECT * FROM staff";
$myData = mysql_query($sql, $conn);
echo "<table border=1>
<tr>
<th>Staff Name<th>
<th>Staff Position<th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=#edit_staff.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name =staffname value=" . $record['StaffName'] ." </td>";
echo "<td>" . "<input type=text name =staffposition value=" . $record['Position'] ." </td>";
echo "<td>" . "<input type=hidden name=hiddenid value=" . $record['StaffID'] . "</td>";
echo "<td>" . "<input type=submit name = update values=Update" . "</td>";
echo "</form>";
}
echo "</table>";
$conn = null;
?>
</body>
</html>
You need to change your update query from
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
to
$UpdateQuery = "UPDATE staff SET StaffName='".$_POST['staffname']."', Position='".$_POST['staffposition']."' WHERE StaffID='".$_POST['hiddenid']."'";
What you were doing is $_POST[staffname] which must be like as $_POST['staffname'] and always try to check using error_reporting(E_ALL) function and need to check that your values are set or not
so I have this code that other Stack members have helped me fine tune and correct some errors, the code all works as it should but there is one small detail, after successfully editing one record and clicking the update button ALL of the existing records that are in the database load into the page. Here is my code below:
<?php
$con = mysql_connect("localhost", "root", "M1q2w3e4r");
if (!$con) {
die("Can not connect: " . mysql_error());
}
mysql_select_db("inventory",$con);
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE invoice SET `inv_number`='$_POST[inv_number]', `from_date`='$_POST[from_date]', `to_date`='$_POST[to_date]',`date_type`='$_POST[date_type]', `notes`='$_POST[notes]' WHERE id='$_POST[id]'";
mysql_query($UpdateQuery, $con);
};
$where = '';
if(!empty($_GET) && !empty($_GET['edit'])) {
$where = ' where id='.$_GET['edit'];
}
$sql = "SELECT * FROM invoice".$where;
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>Inv #</th>
<th>From</th>
<th>To</th>
<th>Type</th>
<th>Notes</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action='edit.php' method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='inv_number' value='" . $record['inv_number'] . "'> </td>";
echo "<td>" . "<input type='text' id='from' name='from_date' value='" . $record['from_date'] . "'> </td>";
echo "<td>" . "<input type='text' id='to' name='to_date' value='" . $record['to_date'] . "'> </td>";
echo "<td>" . "<input type='text' name='date_type' value='" . $record['date_type'] . "'> </td>";
echo "<td>" . "<input type='text' name='notes' value='" . $record['notes'] . "'> </td>";
echo "<td>" . "<input type='hidden' name='id' value='" . $record['id'] . "'> </td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['id'] . "'> </td>";
echo "<td>" . "<input type='submit' name='update' value='update'>" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysql_close($con);
?>
I know it has to do with the form action="edit.php", as it refreshes the page the id number in the url is pulled out. So I tried this:
echo "<form action='edit.php?edit=<?php echo $_REQUEST["id"]; ?>' method='post'>";
but this only led to my edit.php to display as a blank page. If anyone can help me figure out how to prevent all the database records from being displayed in the page after clicking the update button it would really help.
I might do this, for example, if I just wanted to show the record that was just updated:
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE invoice SET `inv_number`='$_POST[inv_number]', `from_date`='$_POST[from_date]', `to_date`='$_POST[to_date]',`date_type`='$_POST[date_type]', `notes`='$_POST[notes]' WHERE id='$_POST[id]'";
mysql_query($UpdateQuery, $con);
$where = ' where id='.$_POST[id];
}
else {
$where = '';
if(!empty($_GET) && !empty($_GET['edit'])) {
$where = ' where id='.$_GET['edit'];
}
}
You could also use REQUEST instead of GET and make a hidden input field with the name "edit" in your form.