There are 02 tables called item and customer.
item(item_id, item_name)
customer(cus_id, iid, cus_name)
I just tried to store item_id from item to the iid in the customer.
but it always showing null values.
My database is item_sales.
Here is my PHP code
<html>
<title></title>
<head></head>
<body>
<?php
$hostname = "localhost";
$database = "item_sales";
$username = "root";
$password = "";
$con = mysql_pconnect($hostname, $username, $password);
error_reporting(0);
?>
<form action="index.php" method="post" enctype="multipart/form-data">
<p>Customer Name : <input type="text" name="cus_name" /><br/><br/> </p>
<p>Select an Item:
<select name="iid">
<?php
$sql = mysql_query("SELECT * FROM item");
mysql_select_db($database,$con);
while($sqlv = mysql_fetch_array($sql))
{ ?>
<option id="<?php echo $sqlv['item_id']; ?>"><?php echo $sqlv['item_name']; ?></option>
<?php } ?>
</select>
</p>
<?php
if(isset($_POST['submit']))
{
$sql2 = "SELECT * FROM item WHERE iid='%item_id%'";
mysql_select_db($database,$con);
$mydata = mysql_query($sql2);
$cus_name = $_POST['cus_name'];
$sql3 = "INSERT INTO customer (cus_id, iid, cus_name) VALUES ('', '$_POST[iid]', '$cus_name')";
mysql_query($sql3);
}
?>
<input type="submit" name="submit" value="Add Sale" />
</form>
</body>
</html>
The reason it is not working is that you are attempting to save the iid select into the iid field, and I'm guessing the iid field in customer is a numeric type field, like INT - using the POST variable like this, you are going to be saving the text of the SELECT rather than the val.
What you need to do to fix this particular problem is set a "value" on each of the select options. You've set an ID but thats no real help here.
<select name="iid">
<?php
$sql = mysql_query("SELECT * FROM item");
mysql_select_db($database,$con);
while($sqlv = mysql_fetch_array($sql))
{ ?>
<option value="<?php echo $sqlv['item_id']; ?>"><?php echo $sqlv['item_name']; ?></option>
<?php } ?>
</select>
This is besides the point your code is very dangerous. I would recommend you do not use the original mysql functions as, 1) they don't offer any real protection from malicious users, and 2) they will be removed from PHP support very soon.
See this SO article on how to replace the mysql functionality from your PHP code : How can I prevent SQL injection in PHP?
That article also might help you understand the dangers your code offers.
The correct code is following :
<html>
<title></title>
<head></head>
<body>
<?php
$hostname = "localhost";
$database = "item_sales";
$username = "root";
$password = "";
$con = mysql_pconnect($hostname, $username, $password);
error_reporting(0);
?>
<form action="index.php" method="post" enctype="multipart/form-data">
<p>Customer Name : <input type="text" name="cus_name" /><br/><br/> </p>
<p>Select an Item:
<select name="iid">
<?php
$sql = mysql_query("SELECT * FROM item");
mysql_select_db($database,$con);
while($sqlv = mysql_fetch_array($sql))
{ ?>
<option value="<?php echo $sqlv['item_id']; ?>"><?php echo $sqlv['item_name']; ?></option>
<?php } ?>
</select>
</p>
<?php
if(isset($_POST['submit']))
{
$sql2 = "SELECT * FROM item";
mysql_select_db($database,$con);
$mydata = mysql_query($sql2);
$cus_name = $_POST['cus_name'];
$iid = $_GET['item_id'];
$sql3 = "INSERT INTO customer (cus_id, iid, cus_name) VALUES ('', '$_POST[iid]', '$cus_name')";
mysql_query($sql3);
}
?>
<input type="submit" name="submit" value="Add Sale" />
</form>
</body>
</html>
Related
I am struggling with deleting data in my database with my drop-down menu.
My drop-down menu looks like this
<form method="post" action="admin.php">
<h3>Delete a user</h3>
<select name="username">
$sql = mysqli_query($connection, "SELECT username FROM users");
while ($row = $sql->fetch_assoc()){
?>
<option value="username" name="username">
<?php echo $row['username']; ?></option>
<?php } ?>
<input type="submit" name="delete" value="Delete User">
</form>
And this is displaying the users all good like i want it, so here is the php for it
<?php
include('connect.php');
if(isset($_POST['delete'])) {
$username = $_POST['username'];
mysqli_query("DELETE FROM `users` WHERE `username` = '$username' ");
echo "User was deleted!";
}
?>
So when i hit the submit button "Delete User", it looks like i get sent to admin.php and nothing happens.
How can i fix this?
Thanks.
Replace name="username" from <option></option>
Echo value in value of option.
Connection variable missing in admin.php page
Updated Code
<select name="username">
<?php
$sql = mysqli_query($connection, "SELECT username FROM users");
while ($row = $sql->fetch_assoc()){?>
<option value="<?php echo $row['username']; ?>"><?php echo $row['username']; ?></option>
<?php }?>
</select>
admin.php
$stmt = $connection->prepare("DELETE FROM `users` WHERE `username` = ?");
$stmt->bind_param('s', $username);
$stmt->execute();
1.<option value="username" name="username"> Need to be <option value="<?php echo $row['username']; ?>">
2.Connection variable is missing . Need to be:-
mysqli_query($connection,"DELETE FROM `users` WHERE `username` = '$username' ");
Modified code need to be:-
Form code:-
<?php
//comment these two lines when code started working fine
error_reporting(E_ALL);
ini_set('display_errors',1);
include('connect.php');
?>
<form method="post" action="admin.php">
<h3>Delete a user</h3>
<select name="username">
<?php
$sql = mysqli_query($connection, "SELECT username FROM users");
while ($row = mysqli_fetch_assoc($sql)){?>
<option value="<?php echo $row['username']; ?>"><?php echo $row['username']; ?></option>
<?php }?>
</select>
<input type="submit" name="delete" value="Delete User">
</form>
Php code:-
<?php
//comment these two lines when code started working fine
error_reporting(E_ALL);
ini_set('display_errors',1);
include('connect.php');
if(isset($_POST['delete'])) {
$username = $_POST['username'];
if(mysqli_query($connection,"DELETE FROM `users` WHERE `username` = '$username' ")){
echo "User was deleted!";
}
}
?>
Note:- Always do some error-reporting so that you will get error and rectify that.
Your query is vulnerable to SQL INJECTION so read about prepared statements and use them.
Change
<option value="username" name="username">
<?php echo $row['username']; ?></option>
To
<option value="<?php echo $row['username'] ?>" name="username">
<?php echo $row['username']; ?></option>
You are not putting the value in select option that's why nothing happens
Just replace
<option value="username" name="username">
<?php echo $row['username']; ?></option>
<?php } ?>
with
<option value="<?php echo $row['username']; ?>">
<?php echo $row['username']; ?></option>
<?php } ?>
It will work for you.
I am currently working on a school project and I need a little help. I am writing PHP/SQL code for a page where, when the user submits a form, a query runs that loops through and displays the user text input and also the value associated with the <select> dropdown.
(For a visual idea of what I mean, visit http://themanaclub.com/themarketplace2/themarketplace2.php)
Here is my code:
<?php
include_once ('connection2.php');
if (($_SERVER["REQUEST_METHOD"] == "POST") && (isset($_POST['card_catalog_form']))) {
$card_name = mysqli_real_escape_string($conn, $_POST['card_name']);
$card_label = mysqli_real_escape_string($conn, $_POST['card_genre']);
$insert_card_genre_query = sprintf("INSERT into card_catalog (card_name, label_id) VALUES ('%s', %u)",
$card_name,
$card_label);
$insert_card_genre = mysqli_query($conn, $insert_card_genre_query) or die (mysqli_error($conn));
$last_record = mysqli_insert_id($conn);
}
$card_genre_query = "SELECT card_genre.genre_id, card_label from `card_genre` order by genre_id desc";
$card_genre = mysqli_query($conn, $card_genre_query) or die(mysqli_error($conn));
$get_card_genre_query = "SELECT card_catalog.id, card_name, label_id, card_label from card_catalog left join card_genre on label_id = genre_id";
$get_card_genre = mysqli_query($conn, $get_card_genre_query) or die(mysqli_error($conn));
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>The Marketplace By The Mana Club</title>
<link rel="stylesheet" type="text/css" href="stylesheets2/tmp2.css">
</head>
<body>
<?php include('templatestuff2/top_of_tmp2.php'); ?>
<main>
<h1>Card Input Form:</h1>
<form id="card_name_entry" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post" enctype="multipart/form-data">
<h4>What Card Are You Looking For?</h4>
<textarea name="card_label" rows="5" cols="30" placeholder="Write the name of the card here"></textarea>
<p>
<select name="card_genre">
<?php while ($row_card_genre = mysqli_fetch_assoc($card_genre)) { ?>
<option value="<?php echo $row_card_genre['genre_id'];?>"><?php echo $row_card_genre['card_label'];?><?php echo $row_card_genre['card_name'];?></option>
<?php } ?>
</select>
</p>
<?php $query = "SELECT label_id from `card_catalog` right join `card_genre` on genre_id"; ?>
<p id="textareasubmit"><input type="submit"></p>
<input type="hidden" name="card_catalog_form">
</form>
<section id="all_questions">
<ul>
<?php while ($row_card_genre = mysqli_fetch_assoc($get_card_genre)) { ?>
<li><?php echo $row_card_genre['card_label'];?></li>
<?php }
$row_card_genre = mysqli_data_seek($get_card_genre, 0);
?>
</ul>
</section>
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" method="post" enctype="multipart/form-data">
<p id="deletethissubmit"><input type="submit" value="Delete This"></p>
<input type="hidden" name="card_catalog_delete">
<input type="hidden" name="genre_id" value="<?php echo $row_card_catalog['label_id'];?>"
</form>
<p>You're asking this at
<?php
date_default_timezone_set('America/New_York');
echo date('g:i a T \o\n l, F j, Y');
?>
</p>
<p id="backtothemarketplace">Back To The Marketplace</p>
<?php
/*if (isset($_POST['card_genre'])) {
$query = "SELECT card_catalog.card_name, card_catalog.label_id, card_genre.genre_id, card_genre.card_label FROM card_catalog, card_genre WHERE card_genre.genre_id = ?";
$stmt = mysqli_prepare($conn, $query);
$stmt->bind_param('s', $_POST['card_genre']);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
echo $row['card_name']." - ".$row['label_id'];
echo "<br />";
}
}*/
?>
</main>
<?php include('templatestuff2/bottom_of_tmp2.php'); ?>
</body>
</html>
If anybody has any help or constructive criticism, it would be greatly appreciated (I'm a PHP/SQL newbie so I'll take all the help that I can get).
Thanks
Messed around with the code and I fixed it. The id is now being displayed and it links to the correct page.
All that was wrong with my code was that I mixed up some of the variables and ids.
Thank you all for your help.
I am trying update an id that has a foreign key to another table of names. I have a drop menu and in the drop menu I have name from table NAME_TEST. I need to select the name but the insert that I want is:
INSERT INTO (test) values (the value that i need is the ID of selected name)
Code:
<html> <h1>Update form</h1></html>
<?php
if (isset($_POST['submit'])) {
$connect = mysqli_connect('localhost', 'root', '', 'test');
$query = "UPDATE test SET location_name='".$_POST['new_location']."' WHERE id='".$_POST['location']."' LIMIT 1";
$res = mysqli_query($connect, $query);
if (!$res) {
die("Something went wrong");
}
}
// This is the code to load the select options
$connect = mysqli_connect('localhost', 'root', '', 'test');
$query = 'SELECT * FROM name_test';
$res = mysqli_query($connect, $query);
echo "Choose setup";
$options = array();
while($row = mysqli_fetch_assoc($res)) {
$options[] = $row;
}
?>
<form method="POST" action="<?= $_SERVER['PHP_SELF'] ?>"><BR><BR>
<select name="location">
<option value="0">--- Select an option ---</option>
<?php foreach ($options as $option): ?>
<option value="<?= $option['id'] ?>"><?= $option['name'] ?></option>
<?php endforeach; ?>
</select><br /><BR><BR>
<B> New name:</B> <BR> <input type="text" name="new_location"><br /><BR><BR>
<input type="submit" name="submit" value="Update" />
</form>
You can use a join for this. The idea is something like this:
INSERT INTO t(nameid)
select nameid
from names n
where n.name = ?;
t is the table you want to insert into. names is the table that has the name id and the name.
My goal to my code is to show the count query for the number of batchcode in table batchcodes to my textbox and if i click the button it will save to the batchcode table...my batchcode field is
'id','batchcode'
my current code:
<?php
ob_start();
?>
<html>
<head>
<title>test</title>
</head>
<body>
<?php
include('include/connect.php');
$query = "SELECT DISTINCT count(batchcode) FROM batchcodes";
while( $rows = mysql_fetch_array($query)) {
}
?>
<?php
if(isset($_POST['save'])){
$var = $query+1;
$sql = "INSERT INTO batchcodes(batchcode) VALUES ('$var')";
}
?>
<form method="post" action="index.php" >
<input type="text" value="batch<?php echo $query; ?>" />
<input type="submit" name"save" />
</form>
</body>
</html>
In my code im suffering from error like Undefined variable query and warning mysql_fetch_array expects parameter 1...I need your help guys.
Use mysql_query.
$query = mysql_query("SELECT DISTINCT count(batchcode) AS nb_batchcode FROM batchcode");
while($row= mysql_fetch_array($query)) {
$batchcode=$row['nb_batchcode'];
}
<input type="text" name="save" value="batch<?php echo $batchcode; ?>" />
You should use mysql_query function to execute the query
$query = mysql_query("SELECT DISTINCT count(batchcode) as batchcode FROM batchcodes");
$sql = mysql_query("INSERT INTO batchcodes(batchcode) VALUES (". $var .")");
Here's how I did it on PHP based on my SQL data
<li>
<label> OR #: </label>
<?php
include('php/connect-db.php');
$sql = mysql_query("SELECT MAX(or_num)+1 AS inc_or FROM tbl_admission");
while($row = mysql_fetch_array($sql)){
$nextOR=$row['inc_or'];
}
?>
<input type="text" name="asID" value="<?php echo $nextOR; ?>" disabled>
OR_num is my integer and auto-incremented key in my table "tbl_admission" :)
Use $row instead of $query to get result from query.Try below code can help you.
<?php
ob_start();
?>
<html>
<head>
<title>test</title>
</head>
<body>
<?php
include('include/connect.php');
$query = "SELECT DISTINCT count(batchcode) as batchcode FROM batchcodes";
while( $rows = mysql_fetch_array($query)) {
}
?>
<?php
if(isset($_POST['save'])){
$var = $row[0] + 1;
$sql = "INSERT INTO batchcodes(batchcode) VALUES (". $var .")";
}
?>
<form method="post" action="index.php" >
<input type="text" name="save" value="batch<?php echo $query; ?>" />
<input type="submit"
</form>
</body>
</html>
I've got an admin area where the admins can set the level of repair and it shows on a progress bar in the users area. I have it all working apart from updating the mySQL database to the value submitted.
My database has a table called 'users' and fields 'UserID', 'Username', 'Password', 'progress', 'admin'.
Here is the code I'm using to try and make the magic happen:
<?php
$query="SELECT * FROM users";
$result=mysql_query($query);
$num=mysql_numrows($result);
?>
<form id="chooseuseredit" method="post" action="<?php echo $PHP_SELF;?>">
<select name="ChooseUser">
<?php
$i=0;
while ($i < $num) {
$f1=mysql_result($result,$i,"UserID");
$f2=mysql_result($result,$i,"Username");
$f3=mysql_result($result,$i,"progress");
$f4=mysql_result($result,$i,"admin");
?>
<option value="<?php echo $f1; ?>"><?php echo $f2; ?></option>
<?php
$i++;
}
?>
</select>
<input type="submit" name="chooseSubmit" id="chooseSubmit" value="Choose User" />
</form>
<?php
if(isset($_POST['chooseSubmit']) )
{
$varID = $_POST['ChooseUser'];
$errorMessage = "Jesus Christ Benton, Choose a User!!";
?>
<br>
<p><strong>Editing UserID: <?php echo "$varID"; ?></strong></p>
<p>Progress:<br>
<form name="edituserform" method="post" action="<?php echo $PHP_SELF;?>">
<select name="editinguser">
<option value="0">Phone Not Recieved</option>
<option value="20">Phone Recieved</option>
<option value="40">Parts Recieved</option>
<option value="60">Repair Started</option>
<option value="80">Repair Finished</option>
<option value="100">Posted Back</option>
</select>
<input type="hidden" name="edituserid" id="edituserid" value="<?php echo "$varID"; ?>" />
<input type="submit" name="edituser" id="edituser" value="Edit" />
</form>
<?php
if(isset($_POST['edituser'])){
$add = $_POST['edituser'];
$varIDe = $_POST['edituserid'];
$errorMessage = "Jesus Christ Benton, Choose a User!!";
$query1 = mysql_query("UPDATE users SET progress = $add WHERE UserID = $varIDe");
mysql_query($query1) or die("Cannot update");
echo $add;
echo $varIDe;
}
?>
<?php
}
?>
I'm not sure if the variables are working or not, or if it's the way I've used the submit button before? Its got me a little stumped.
You're query should be
$query1 = mysql_query("UPDATE users SET progress = '$add' WHERE UserID = $varIDe");
Don't forget the quotes
and it would be best to change your
mysql_query($query1) or die("Cannot update");
to mysql_query($query1) or die("MySQL ERROR: ".mysql_error());
to get it to display errors
edit
Found a few errors
mysql_numrows should be mysql_num_rows
and major error
$query1 = mysql_query("UPDATE users SET progress = $add WHERE UserID = $varIDe");
is running a query, change it to
$query1 = "UPDATE users SET progress = '".$add."' WHERE UserID = '".$varIDe."'";
I think your getting the wrong variable
if(isset($_POST['edituser'])){
$add = $_POST['edituser']; // this is a button
should be :
if(isset($_POST['editinguser'])){
$add = $_POST['editinguser']; // this is a select list
But please read the following about SQL Injection
When something's going wrong, with respect to query, you better debugging, adding one: or die ( mysql_error ( ) ) ; and then the error message is displayed.
$query1 = mysql_query("UPDATE `users` SET `progress` = '".$add."' WHERE UserID = '".$varIDe."'");
if(mysql_query($query1))
{
//DO SOME ACTION
}
else
{
die(mysql_error());
}