Updating database based on certain ID - php

I have a table within my database containing subscriptions, each subscription has a name, id and a notes column.
I'm trying to allow the user to update the notes column through a text area on the webpage. All of the subscriptions are in a list on the page which allows the user to click on them to view that specific subscription.
How would I make sure the note that is updated is correct with the id of the subscription they have clicked on?
I currently have this code.
<form method="POST" action="noteAction.php">
<textarea id="notes" name="noteValue">$notes</texarea>
<input type="submit" name="submit"/>
</form>
This is what I think my noteAction.php should look like however I cannot get it working.
mysql_connect ("host", "user", "password") or die ('Error: ' . mysql_error());
mysql_select_db("database_name") or die ('Data error:' . mysql_error());
$text = mysql_real_escape_string($_POST['noteValue']);
$query="UPDATE `subscription` SET `notes`= '$text' WHERE `id` = '$id'";
mysql_query($query) or die ('Error updating database ' . mysql_error());
Any help would be great, thanks.

Use hidden element to store your id inside it.
<form method="POST" action="noteAction.php">
<textarea id="notes" name="noteValue">$notes</texarea>
<input type="hidden" name="id" value="id" value="your id goes here" />
<input type="submit" name="submit"/>
</form>

When you're putting the note in the form, you must have an id for that note kicking about somewhere, after you retrieved it from the database. If you only selected the note contents in that query, select the ID as well. Then pass the ID over in a hidden field, and you have the ID to use in the MySQL query (which is correct).
<input type="hidden" name="note-id" value="note_id_here">

Related

If input exists from one table update it on another one

Im trying to make like a refill code that will refill my table.
I have one table that have my refill code in it and other table that stores the balance of the account.
table1: card_credit (table that stores the balance of the account)
table2:card_refill (table that have me refill code)
I have created this code with session and PHP. Now I'm stuck and dont know how to move forward.
I want to make when i write in the refill code from table card_refill that its take the amount of credit into value in table card_refill
refill.php
<strong>Refill</strong>
<form action="refill.php" method"post">
<input type="text" name="refillcode"/>
<br>
<input type="submit" name="Submit" value="Refill" />
</form>
<?php
// starting the session
session_start();
if (isset($_POST['Submit'])) {
$_SESSION['refillcode'] = $_POST['refillcode'];
}
?>
Here is a possible solution, I am just don't know, where the card_id comes from.
This is inserting a new record into your card_credit table.
// starting the session before any output
session_start();
//include here the database connection file!
//for example:
//include('db_connection.php');
if (isset($_POST['Submit'])) {
//First do a validation here, is the refillcode number, exists, etc...
//Insert it into the table
$sql = "INSERT INTO card_credit (card_id, value) VALUES ('[YOUR_CARD_ID_HERE]', " . intval($_POST['refillcode']) . ")";
//Link is the resource variable when you created the mysqli_connect
mysqli_query($link, $sql);
//Redirect here if you want
}
?>
<!-- HTML CODE STARTS HERE -->
<strong>Refill</strong>
<form action="refill.php" method="post">
<input type="text" name="refillcode"/>
<br>
<input type="submit" name="Submit" value="Refill" />
</form>

Populating radio buttons?

i have written some code that populates radio buttons with data from a database. I am having some problems with this code though, for one the form allows me to select multiple radio buttons at once which it shouldn't. Another issue is that the text shown besides the button itself is the values from the "customerID" column in the table when it should the values from the "lastName" column in the table and the value of the radio button should be the values in the "customerID" field which seems fine. If you wanted to know the actual structure of the columns in the table, the "customerID" column is first, "firstName" is second (but not needed in this form) and "lastName" is third.
Here is my current code :
<?php
$conn = mysql_connect("localhost", "twa312", "dam6av9a");
mysql_select_db("warehouse312", $conn)
or die ('Database not found ' . mysql_error() );
$sql = "select customerID, lastname from customer";
$rs = mysql_query($sql, $conn)
or die ('Problem with query' . mysql_error());
while ($row=mysql_fetch_array($rs)) {
$options .= '<input type="radio" id="custID" name="custID" value="'.$row[0].'" />'.$row[1];
}
?>
<form method="GET" action="task8.php" id="custinfo">
Choose name:<?php echo $options; ?><br>
<p><input type="submit" name="submit" value="Submit"/> <input type="reset" value="Reset" />
</form>
Any help with solving this would be really great!
It doesn't matter what the order of the columns is in your database... it matters the order you're selecting the fields in. Since you first select lastName, you need to replace $row[1] with $row[0].
Also, try changing the id so that it is unique.
I think problem due to same id in radio button . Please make sure all the radio button should be same name.
To fix the multiple radio buttons being allowed to be checked you must change the name attribute, they all need to have the same name attribute, the radio buttons are grouped by the name attribute.

Setting value in mysql table using html button

I got a table with dynamic data with 5 td-s. First one is for the ID, second one for date, third for the name of the author, fourth for some properties and in the last one i got two buttons. I want them to change the value of the $status in applications table. For that I made 2 php files in which I added the mysql update function for each of the buttons. But I don't know why when I press the buttons it does everything in the php except it doesn't change the value of $status. Please let me know where I am wrong and how can I make it work. Thanks in advance.
The html code of the buttons (the last td):
<form action="status1.php">
<input type="submit" name="approve" value=" + ">
</form>
<form action="status2.php">
<input type="submit" name="refuse" value=" - ">
</form>
The PHP code for the buttons - status1.php (status2.php is the same but it changes the $status value to 2 instead of 1)
<?php
require_once('config.php');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
mysql_query('set names windows-1251', $link);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
$id=$_GET['id'];
$qry="UPDATE applications SET status=1 WHERE id='$id'";
$result = mysql_query($qry);
if($result) {
header("location: applications.php");
exit();
}
else {
die("Query failed");
}
?>
You are using $_GET['id'] as identifier, but as far as I can see in the code, you are not actually sending any GET information apart from the submit button itself. So your query is currently actually updating the row WHERE id=''. That's why you don't get errors, but you don't get your desired result either.
Change the action parameter of your form to status1.php?id=$id, or add something like <input type="hidden" name="id" value="$id"/> inside the form.
Well, are you getting any errors? Comment out the header("location: applications.php"); line so you will see if it throws any. Also try adding something like echo $qry so you can visually verify that the query is correct.
Also, you should read up on SQL injection and how to protect against it. Directly sticking user input into the query like that can open the door to nastiness. Also, you aren't checking user input for apostrophes which can break your query. I personally use PDO, which makes it a lot easier and a bit safer.
Another suggestion, rather than having to maintain two separate submission PHP files, just put your two submit buttons like this:
<input type="submit" name="status" value=" + ">
<input type="submit" name="status" value=" - ">
Then change the form action to the name of the consolidated php file and in that file, just evaluate the value of the status like:
$status = 0;
if ($_GET["status" == " + ") $status = 1;
If you install PDO, you'd do the meat of the DB update like this:
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_DATABASE, DB_USER, DB_PASSWORD);
$sql = $pdo->prepare("UPDATE applications SET status=? WHERE id=?");
$sql->execute(array($status, $_GET["id"]));
..which would be a little safer than what you're doing now.
Disclaimer: I'm just a hobbyist PHP programmer, so there may be better ways than I've mentioned :)
use this instead of ur form tag
for form 1
<from method="get" action="status1.php">
<input type="hidden" name="id" value="1"/>
<input type="submit" name="approve" value=" + "/>
</form>
for form2
<from method="get" action="status2.php">
<input type="hidden" name="id" value="2"/>
<input type="submit" name="refuse" value=" - "/>
</form>

Saving text area into mySQL database field PHP

Hi i am using openWYSIWYG as a text editor for a text area. I then am trying to post the contents of the text area to a field in my database.
This is the code i have so far -
<?php
$text = $_GET['Comments'];
mysql_connect ("localhost", "user", "password") or die ('Error: ' . mysql_error());
mysql_select_db("databasename") or die ('Data error:' . mysql_error());
$query="INSERT INTO KeepData (player_data)VALUES ('$text')";
mysql_query($query) or die ('Error updating database' . mysql_error());
?>
I can connect to the database, and when i click submit it adds a blank entry into the field? how would i get it so it keeps all the formatted data?
Many thanks
update
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<textarea id="Comments" name="Comments">
example text
</textarea>
<input type="submit" name="mysubmit" value="Save Post" />
</form>
DIM3NSION
Try something like the following:
<?php
if ($_POST['submit']) {
mysql_connect ("localhost", "user", "password") or die ('Error: ' . mysql_error());
mysql_select_db("databasename") or die ('Data error:' . mysql_error());
$text = mysql_real_escape_string($_POST['comments']);
$query="INSERT INTO KeepData (player_data) VALUES ('$text')";
mysql_query($query) or die ('Error updating database' . mysql_error());
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<textarea name="comments">Example Comment</textarea>
<input name="submit" type="submit" value="submit" />
</form>
You must save an format coded version elsewhere on a hidden textarea (much like here on StackOverflow, if you type **text** it will come out as text, in the database, they probably save it as **text** and render it with PHP.
Once the formatted version is saved, render it with PHP when you get the data from the database.
Is your form POSTing or GETing (you said POSTing in your post)? You have $_GET['Comments'], but if your form's action is POST, you need to use $_POST['Comments'];
if you add echo $text;exit; after you assign $text, do you see anything?
You should use mysql_escape_string function because of mysql injection and if text contains ' you'll get error.
Check if your have <form action='get'>. If it is just <form> get used by default
Check that your wisywig have name='Comments' attribute.
Escape the $text with mysql_real_escape_string. It can contain SQL-illegal symbols, like '. This function escapes them with \
(recommendation) do not use mysql_*, it is deprecated of PHP 5.3 and will be removed.
(recommendation) appending user input to sql query is always a risk of SQL-injection. Use prepared statements
just add the onclick event something like
<button onclick=" $('#txtEditor').val($('.Editor-editor').html());" type="Publish" id="Publish" name="Publish" class="btn btn-primary">Publish</button>
remember the #txtEditor has to match with the form id, this works well, and note the .html will save it to database with the color,Bold and many more effect if you added any (that is the wysiwyg fuction)
then for your php code that send to database, do something like this
$anything = ($_POST['txtEditor']);
$anything you which to use as variable,dont forget the txtEidtor is the form id. with this your wysiwyg is up and working.

Update Mysql column field based on email address

My DB has columns: ID, first_name, email, password, level
I have a form that i am trying to update the 'level' column based on the 'email address' entered of the existing user.
Right now i have a basic form that just inserts the info, but i need it to update existing users based on the email value.
This is what i have
<form action="update.php" method="post">
<input type="hidden" name="action" value="update" />
<fieldset>
<label for="email" />Email Address:</label>
<input value="" type="text" name="email" id="email" />
<label for="level" />Level:</label>
<input value="vip" type="text" name="level" id="level" />
<input class="button" type="image" src="/img/right/get-started-button.png" />
</fieldset>
</form>
----update.php------
<?php
$email = $_POST['email'];
$level = $_POST['level'];
mysql_connect ("localhost", "username", "pass") or die ('Error: ' . mysql_error());
mysql_select_db ("db_name");
$query="INSERT INTO users (email, level)VALUES ('".$email."','".$level."')";
mysql_query($query) or die ('Error updating database');
echo "Database Updated With: " .$email. " ".$level ;
?>
Not knowing what version of MySQL your using, you can use INSERT ON DUPLICATE KEY UPDATE syntax if your on 5+: http://dev.mysql.com/doc/refman/5.0/en/insert-on-duplicate.html
If your using an older version then a simple select id limit 1 should suffice to find if the record exists.
BTW: you should be using mysql_real_escape_string (or similar) before you execute your sql statement. Its also a good idea to always use back ticks ` around your field names just in case you hit a reserved word or invalid symbol in your field names.
I'm not sure If i uderstand your question correctly, but if you are looking for the sql update:
UPDATE users Set level='some_value' WHERE email="some_email_address"
So you could do:
$query="UPDATE users SET level='" .$level."' WHERE email='" .$email."'";
That is if I understood your question correctly.
As in you are trying to update an existing table, based on the email address typed into the form.

Categories