i have this code in PHP and a database sql.. the situation is .. if i type the 1, 2 or 3 (productID) .. the textbox will be populated and field with database values.. but when i run the program.. fortunately it has no errors.. but when i type the id or 1 and click the submit button.. it doesnt get the neccessary values.. sorry for this im a complete newbie and im practicing PHP for a while now.. any help will do.. thank you..
<?php
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user'])){
header("Location: index.php");
}
$res = mysql_query("SELECT * FROM users WHERE user_id=".$_SESSION['user']);
$userRow = mysql_fetch_array($res);
?>
<?php
require('dbconnect.php');
$id = (isset($_REQUEST['productID']));
$result = mysql_query("SELECT * FROM tblstore WHERE productID = '$id'");
$sql = mysql_fetch_array($result);
if(!$result){
die("Error: Data not found");
} else {
$brandname = $sql['brandname'];
$price = $sql['price'];
$stocks = $sql['stocks'];
}
?>
<html>
<body>
<p>
hi' <?php echo $userRow['username']; ?> Sign Out
</p>
<form method="post">
<table align="center">
<tr>
<td>Search Apparel:</td>
<td><input type="text" name="search" name="productID" /></td>
</tr>
<tr>
<td>Brandname:</td>
<td><input type="text" name="brandname" value="<?php echo $brandname; ?>"/ </td>
</tr>
<tr>
<td>Price:</td>
<td><input type="text" name="price" value="<?php echo $price; ?>"/></td>
</tr>
<tr>
<td>Stocks:</td>
<td><input type="text" name="stocks" value="<?php echo $stocks; ?>"/></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Search" /></td>
</tr>
</table>
</form>
</body>
</html>
your getting the id incorrectly, you have:
<?php
$_REQUEST['productID']=8; //for testing
$id = (isset($_REQUEST['productID']));
if you check it you will find the output is true\false as returned by isset
var_dump($id); //true
what you should use is:
<?php
if(isset($_REQUEST['productID'])){ //maybe also check its a number and or valid range
$id=$_REQUEST['productID'];
}
Related
I am going to fetching table values in a html table along checkbox in each row and then inserting values in another database table from multi check boxes in php.
Only the values of checked boxes should be submitted to that table.
db name "laboratory":
test: fetching values.
package: inserting table.
view
Status
Active
Inactive
<?php
$conn=mysqli_connect("localhost","root","","laboratory") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
$query="SELECT * FROM test";
$result=mysqli_query($conn,$query);
if ($result) {
while ($record=mysqli_fetch_array($result)) {
Please try to follow this code and implement in your program . Hope that this will cooperate you much
if(isset($_POST['name'])){
$name = $_POST['name'];
$status = $_POST['status'];
if(empty($name) || empty($status)){
echo "Field Must Not be empty";
} else{
$conn=new mysqli("localhost","root","","test");
if($conn){
$query = "SELECT * FROM userdata limit 5";
$stmt = $conn->query($query);
$val = '<form action="" method=""> ';
$val .= '<table> ';
if ($stmt) { ?>
<form action="" method="post">
<table>
<?php while ($result=$stmt->fetch_assoc()) { ?>
<tr>
<td><?php echo $result['post']; ?></td>
<td><input value="<?php echo $result['post']; ?>" type="checkbox" name="check[]" /></td>
</tr>
<?php } ?>
<tr>
<td>Actual Price </td>
<td>Discount</td>
<td>Final Price</td>
</tr>
<tr>
<td><input type="text" name="actual"/></td>
<td><input type="text" name="discount"/></td>
<td><input type="text" name="final"/></td>
</tr>
<tr>
<td>Description</td>
<td><textarea name="description" id="" cols="30" rows="10"></textarea></td>
</tr>
<tr>
<td><input type="submit" value="Submit" /></td>
<td><input type="reset" value="Cancel" /></td>
</tr>
</table>
</form>
<?php }} }}?>
<?php
if(isset($_POST)){
echo "<pre>";
print_r($_POST);
echo "<pre>";
}
?>`enter code here`
First of all you have to decide that what are you using either mysqli or mysql, if you are using mysqli then you have to improve your code
$query="SELECT * FROM test";
$result=mysqli_query($conn,$query);
if ($result) {
while ($record=mysqli_fetch_array($result)) {
and when you want to insert the checked data will be inserted in package table. If package table in another database then you have to give us the full detail i mean tell us the database name of package table.
here is my index page.inserted all the data to the database and also show on the same page but the main problem is that on update.php page I can not retrieve the data
//that main problem is here and I can't be retrieved the data on this page and always sow that: Warning: mysql_fetch_array() expects parameter 1 to be resource, object given in C:\wamp\www\phonebook\update.php on line 12
index.php
<?php require_once('dbconnect.php'); ?>
<html>
<head>
<title> </title>
</head>
<body>
<h1> phone book </h1>
<form method="post">
<table>
<tr>
<td>fname </td><td> <input type="text" name="firstname" required /> </td>
</tr>
<tr>
<td>lname </td><td> <input type="text" name="lastname" required /> </td>
</tr>
<tr>
<td>mobile </td><td> <input type="text" name="mobile" required /> </td>
</tr>
</table>
<input type="submit" name="submit" value="submit" >
</form>
<!-- $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ show $$$$$$$$$$$$$$$$$$$$$$$$$$ -->
<br> data </br>
<table border="1">
<tr>
<th>id</th> <th>firstname</th> <th>lastname</th> <th>mobile</th><th>update</th><th>delete</th>
</tr>
<?php
$conn = mysqli_connect('localhost','root','','phonebook');
$show = mysqli_query($conn,"SELECT * FROM contacts");
while($row = mysqli_fetch_array($show))
{
?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['firstname']; ?></td>
<td><?php echo $row['lastname']; ?></td>
<td><?php echo $row['mobile']; ?></td>
<td>update</td>
<td><a href="delete.php?id=<?php echo $row['id']; ?>" onclick="return confirm('sure want to delete')" >delete</a></td>
</tr>
<?php } ?>
</table>
</body>
</html>
<?php
//require_once("function.php");
//$obj = new data();
if(isset($_POST{"submit"}))
{
//echo "<pre>";print_r($_POST);die;
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$mobile = $_POST['mobile'];
//$obj->insert($fname,$lname,$mobile);
$connect = mysqli_connect('localhost','root','','phonebook');
$insert = mysqli_query($connect,"insert into contacts(firstname,lastname,mobile) values('".$fname."','".$lname."','".$mobile."')");
if ($insert)
{ ?>
<script> alert('record inserted'); </script>
<?php
}
else
{ ?>
<script> alert('record not inserted'); </script>
<?php
}
header('Location:index.php');
}
?>
update.php
//check the code here
<?php require_once('dbconnect.php');
if(isset($_GET['id']) && is_numeric($_GET['id']) )
{
$id=$_GET['id'];
}
?>
<?php
$conn = mysqli_connect('localhost','root','','phonebook');
$result=mysqli_query($conn,"SELECT * FROM contacts WHERE id='$id'");
$fetch=mysql_fetch_array($result);
//$conn = mysqli_connect('localhost','root','','phonebook');
//$show = mysqli_query($conn,"SELECT * FROM contacts");
//while($row = mysqli_fetch_array($show))
?>
<html>
<head>
<title>update page</title>
</head>
<body>
<form method="post" name="update" action="update.php">
<table>
<tr>
<td>fname </td><td> <input type="text" name="firstname" value= "<?php echo $fetch['firstname']; ?>" required /> </td>
</tr>
<tr>
<td>lname </td><td> <input type="text" name="lastname" value="<?php echo $fetch['lastname']; ?>" required /> </td>
</tr>
<tr>
<td>mobile </td><td> <input type="text" name="mobile" value= "<?php echo $fetch['mobile']; ?>" required /> </td>
</tr>
</table>
<input type="submit" name="submit" value="submit" >
</form>
</body>
</html>
Switch to using mysqli_fetch_array() (note the i) instead of mysql_fetch_array
try this:
$conn = mysqli_connect('localhost','root','','phonebook');
$result=mysqli_query($conn,"SELECT * FROM contacts WHERE id='$id'");
$fetch=mysqli_fetch_array($result);
You must not use mysql_*, it's deprecated. Use PDO or MySQLi instead
You shouldn't mix mysql_* and mysqli_*
Just create ONE mysqli instance instead of creating it for every file you have.
Maximize the use of variables too. This way you only have to change something once.
Please sanitize/escape user input before passing it into your SQL query. Otherwise your application is vulnerable to SQL injection attacks.
i edited my code as below but the issue is that each time i click on the edit link, all of the products are being displayed instead of only the one beside which i clicked the edit link.
note: Sorry for posting another question relating to my other one. I could not add any more comments.
<?php
include_once("db_connect.php");
if(isset($_POST['update']))
{
$prod_id = $_POST['prod_id'];
$prod_name=$_POST['prod_name'];
$prod_brand=$_POST['prod_brand'];
$prod_price=$_POST['prod_price'];
// checking empty field
if(empty($prod_price))
{
//if name field is empty
if(empty($prod_price))
{
echo "<font color='red'>Price field is empty.</font><br/>";
}
}
else
{
//updating the table
//$result=mysql_query("UPDATE tblretprod SET prod_price='$prod_price' WHERE prod_id=$prod_id");
$result=mysql_query("UPDATE tblretprod SET prod_price='".$prod_price."' WHERE prod_id='".$prod_id."';");
//redirectig to the display page. In our case, it is index.php
header("Location: update.php");
}
}
?>
<?php
$prod_id = $_GET['prod_id'];
$result=mysql_query("SELECT a.prod_name, a.prod_brand, b.prod_price FROM tblproduct a, tblretprod b where a.prod_id = b.prod_id") or die(mysql_error());
?>
<html>
<title>Edit Product</title>
<body>
Home
<br/><br/>
<form name="edit" method="post" action="updprod.php">
<table border="0">
<?php
while($res=mysql_fetch_array($result))
{
$prod_name = $res['prod_name'];
$prod_brand = $res['prod_brand'];
$prod_price = $res['prod_price'];
?>
<tr>
<td>Product Name</td>
<td>
<input type="text" disabled="disabled" name="prod_name" value = "<?php echo $prod_name;?>"> </td>
</tr>
<tr>
<td>Brand</td>
<td>
<input type="text" disabled="disabled" name="prod_brand" value = "<?php echo $prod_brand;?>"> </td>
</tr>
<tr>
<td>Product Price</td>
<td>
<input type="text" name="prod_price" value = "<?php echo $prod_price;?>">
<input type="hidden" name="prod_id" value = "<?php echo $_GET['prod_id'];?>">
</td>
</tr>
<?php } ?>
<tr>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table>
</form>
</body>
</html>
Add in your select query in WHERE clause:
AND a.prod_id = ".$prod_id."
query:
"SELECT
a.prod_name,
a.prod_brand,
b.prod_price
FROM
tblproduct a, tblretprod b
where
a.prod_id = b.prod_id
AND a.prod_id = ".intval($prod_id).""
To make the query safer against SQL Injection i've added intval function like Kickstart well pointed out.
I am running while loop and fetch 3 records from database. and then update it on same page. Every record have submit button. But after edit when i submit the form it catchs the values of last record only and update other rows with the last record values. Please if somebody help me out i'll be very thankful. Remember it catches the exact (id) but the other parameters are only of last row.
<form method="post" action="">
<table width="700" border="1">
<tr><th><?php echo $_SESSION['teamtwo']; ?></th></tr>
<tr>
<th>Player Name</th>
<th>Runs</th>
<th>Edit</th>
<th>Save</th>
</tr>
<?php
$team = new DBConnection();
$condition = "WHERE teamname = '".$_SESSION['teamtwo']."' and datecreated = CURDATE()";
$sel_player = $team->SelectRecord(array("*"),"`match`","$condition");
//$sel_player = mysql_query("SELECT * FROM `match` WHERE teamname = '$team1' and datecreated = CURDATE()") or die(mysql_error());
while($get_player = mysql_fetch_array($sel_player))
{
$totalruns = $get_player['runs_bat'];
$totalballs = $get_player['ball_bat'];
#$strike = $totalruns / $totalballs * 100;
?>
<tr>
<td><input type="text" name="player_name" value="<?php echo $get_player['player_name']; ?>" disabled="disabled" /></td>
<td><input type="text" name="runs" value="<?php echo $get_player['runs_bat']; ?>" size="1" /></td>
<td><button>Edit</button></td>
<td><input type="submit" value="Save" name="team" /></td>
</tr>
<?php
} ?>
</table>
</form>
<?php } ?>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['team'])){
$runs = $_POST['runs'];
$balls = $_POST['ball'];
$object = new DBConnection();
$arr_Field=array("runs_bat","ball_bat","player_status","how_out","opposite_bowl","opposite_player","sr","overs","bowl_ball","runs_ball","extra","madien");
$arr_Values=array("$runs","$balls","$status","$how_out","$opposite_bowler","$opposite_player","$sr","$over","$bowls","$score","$extra","$madien");
$condition = "WHERE id = '".$_REQUEST['player']."'";
//echo $_REQUEST['player'];
//echo $runs.$balls;
$object->UpdateRecord("`match`",$arr_Field,$arr_Values,"$condition") or die(mysql_error());
//header("Location:extra.php?update");
}
the problem is you are having one form and when you submit the form it will submit the last rows values because you are having same name for all 3 rows inside 1 form.
Solution:-
Create form element inside the while loop and close it inside the while loop itself . Like this you will have 3 forms each for 3 rows.
Code Example:-
while($get_player = mysql_fetch_array($sel_player))
{
$totalruns = $get_player['runs_bat'];
$totalballs = $get_player['ball_bat'];
#$strike = $totalruns / $totalballs * 100;
?>
<form>
<tr>
<td><input type="text" name="player_name" value="<?php echo $get_player['player_name']; ?>" disabled="disabled" /></td>
<td><input type="text" name="runs" value="<?php echo $get_player['runs_bat']; ?>" size="1" /></td>
<td><button>Edit</button></td>
<td><input type="submit" value="Save" name="team" /></td>
</tr>
</form>
<?php
} ?>
1.
you need to make input array in while because name attribute is overwriting in loop
<td><input type="text" name="player_name[<?php echo $get_player['id']?>]" value="<?php echo $get_player['player_name']; ?>" disabled="disabled" /></td>
<td><input type="text" name="runs[<?php echo $get_player['id']?>]" value="<?php echo $get_player['runs_bat']; ?>" size="1" /></td>
2.
you have all text boxes mean if press submit button of one row, then also you will get all textboxes as php side so make hidden variable in form to get which button clicked
//write javascript in your page
<script>
function setPlayerId(id) {
document.getElementById('playerid').value=id;
}
</script>
//take hidden field into form
<input type='hidden' name='playerid' value='0'>
//write down onlick button event
<input type="submit" value="Save" name="team" onClick="setPlayerId('<?php <?php echo $get_player['id']?>?>')"/>
3.
Now in php you will get that as below
echo $_POST['player_name'][$_POST['playerid']];
// same way you can do your insert or update.
this code must work
<form method="post" action="">
<table width="700" border="1">
<tr><th><?php echo $_SESSION['teamtwo']; ?></th></tr>
<tr>
<th>Player Name</th>
<th>Runs</th>
<th>Edit</th>
<th>Save</th>
</tr>
<?php
$team = new DBConnection();
$condition = "WHERE teamname = '".$_SESSION['teamtwo']."' and datecreated = CURDATE()";
$sel_player = $team->SelectRecord(array("*"),"`match`","$condition");
//$sel_player = mysql_query("SELECT * FROM `match` WHERE teamname = '$team1' and datecreated = CURDATE()") or die(mysql_error());
while($get_player = mysql_fetch_array($sel_player))
{
$totalruns = $get_player['runs_bat'];
$totalballs = $get_player['ball_bat'];
#$strike = $totalruns / $totalballs * 100;
?>
<tr>
<td><input type="text" name="player_name" value="<?php echo $get_player['player_name']; ?>" disabled="disabled" /></td>
<td><input type="text" name="runs<?=$get_player['id']?>" value="<?php echo $get_player['runs_bat']; ?>" size="1" /></td>
// you didnt write this i added
<input type="text" name="ball<?=$get_player['id']?>" value="<?php echo $get_player['ball_bat']; ?>" size="1" />
<td><button>Edit</button></td>
<td><input type="submit" value="Save" name="team" /></td>
</tr>
<?php
} ?>
</table>
</form>
<?php } ?>
</div>
</div>
</body>
</html>
<?php
if(isset($_POST['team'])){
$runsname = 'runs'.$_GET['player'];
$ballsname = 'ball'.$_GET['player'];
$runs = $_POST[$runsname];
$balls = $_POST[$ballsname];
$object = new DBConnection();
$arr_Field=array("runs_bat","ball_bat","player_status","how_out","opposite_bowl","opposite_player","sr","overs","bowl_ball","runs_ball","extra","madien");
$arr_Values=array("$runs","$balls","$status","$how_out","$opposite_bowler","$opposite_player","$sr","$over","$bowls","$score","$extra","$madien");
$condition = "WHERE id = '".$_REQUEST['player']."'";
//echo $_REQUEST['player'];
//echo $runs.$balls;
$object->UpdateRecord("`match`",$arr_Field,$arr_Values,"$condition") or die(mysql_error());
//header("Location:extra.php?update");
}
my problem goes like this:
my home page has tables with rows pulled from the database (while loops)
each row has a - cell in which he can add an event to that specific row
in order to do that i send the row id as a $_GET variable from the home page table
and in the "add event" page i store it as a variable
but when i submit my addevent form without filling it properly (as i coded) it simply refreshes the form only without the row id in the url therefor also the query i do in the beginning of the page for pulling the row data can no longer execute and that pops a PHP error
for the id variable which i sign it the $_GET and the query (mysql fetch array).
also of course all the data which i display in the form from that query is gone.
any suggestions on how to approach this ? thanks in advance, Regards.
EDIT:** kill the new guy! -Sorry i guess
home page where i send the id :
$sql = "SELECT * FROM alarms WHERE alarmstatus = 'OFF' and starttime='::' ORDER BY clientid ASC";
$query = mysql_query($sql);
echo "<table cellpadding='1px' border='1px' bordercolor='#0066FF' cellspacing='0'>
<form action='hpage.php' method='get'>";
while($fetch = mysql_fetch_array($query)) {
echo "<tr>
<td>
".$fetch['clientid']."</td>
<td>".$fetch['controller']."</td>
<td>".$fetch['typeid']."</td>
<td style='color: red'>".$fetch['alarmstatus']."</td>
<td>".$fetch['starttime']."</td>
<td>".$fetch['endtime']."</td>
<td><a href='includes/editalarm.php?id=".$fetch['id']."'>Edit</a></td>
<td><a href='includes/addevent.php?id=".$fetch['id']."'>Add event</a></td>
<td><a href='includes/deletealarm.php?id=".$fetch['id']."'>Delete</a></td>
</tr>";
}
the add event where i get the variable and make the query:
$alarmid = $_GET['id'];
$sql = "SELECT * FROM alarms WHERE id=".$alarmid;
$query = mysql_query($sql);
$fetch = mysql_fetch_array($query);
?>
the form:
<table cellpadding="2px" cellspacing="0" >
<form action="addevent.php" method="post">
<tr>
<td>סניף:</td>
<td><input style="width:200px; background-color: #d6d6d6;" readonly name="client" value="<?php echo $fetch['clientid']; ?>" /></td>
</tr>
<tr>
<td>בקר:</td>
<td><input style="width:200px; background-color: #d6d6d6;" readonly name="controller" value="<?php echo $fetch['controller']; ?>" /></td>
</tr>
<tr>
<td>אזעקה:</td>
<td><input style="width:200px; background-color: #d6d6d6;" readonly name="controller" value="<?php echo $fetch['typeid']; ?>" /></td>
</tr>
<tr>
<td>מוקדן:</td>
<td>
<?php
$sql = "SELECT * FROM users WHERE privilege = '2'";
$query = mysql_query($sql);
echo "<select name='user' style='width:207px;'>";
echo "<option>..</option>";
while ($fetch2 = mysql_fetch_array($query)){
echo "<option>".$fetch2['username']."</option>";
}
echo "</select>";
?>
</td>
</tr>
<tr>
<td>איש קשר:</td>
<td><input type="text" name="contact" /></td>
</tr>
<tr>
<td>הודעה:</td>
<td><input type="text" style="width:200px; height:100px" name="message" /></td>
</tr>
<tr>
<td>תשובה:</td>
<td><input type="text" style="width:200px; height:100px" name="answer" /></td>
</tr>
<tr>
<td>שעה:</td>
<td>
<select name="eventhour">
<option value ="default"></option>
<?php
for($i = 0; $i<60; $i++){
$value = $i;
if($i<=9){
$value= "0".$i;
}
echo "<option>".$value."</option>";
}
?>
</select>
<select name="eventminute">
<option value ="default"></option>
<?php
for($i = 0; $i<24; $i++){
$value = $i;
if($i<=9){
$value= "0".$i;
}
echo "<option>".$value."</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td>
<input type="submit" name="save" value="שמור" />
<input type="submit" name="cancell" value="בטל" />
</td>
<td></td>
</tr>
</form>
Your form action is POST. If you change that to GET then you will have the form as $_GET.