i have a question regarding passing a php variable in the $_POST knowing that i named my buttons using the same variable because i want the buttons to have unique names.
while($row = mysql_fetch_array($query)){
$friend_id = $row['friend_id'];
$result = mysql_query("SELECT username FROM users WHERE user_id = '$friend_id'");
if (mysql_num_rows($result) > 0) {
$friendname = mysql_result($result,0,"username");
$friendname = sanitize($friendname);
echo '<input type = "submit" id='. $friend_id .' name ='.$friend_id.' class = "member" value ='. $friendname.' /><br>';
}
here where i am trying to pass it but it is not working
print_r($_POST);
if(isset($_POST['name'])){
$signers = mysql_query("SELECT friend_id FROM friends WHERE user_id = $session_user_id ");
$count = mysql_num_rows($signers);
if($count == 0){
echo "<p>you need to add team members</p>";
}
else{
while($row = mysql_fetch_array($signers)){
$signer_id .= $row['friend_id'];
}
echo '<p>'.$signer_id . '</p>';
}
$request = mysql_query("INSERT INTO requests VALUES ('','$user_id','$fid','$fname','$signer_id')");
}
else {
echo '<p> not working </p>';
}
both of those sections are in the same php page
You're not passing a variable around, you're passing a value so this line -
if(isset($_POST["'$friend_id'"])=== true){
needs to be changed to this -
if(isset($_POST['name'])){
The name attribute (along with the value) of each input is what is passed in a POST. You're just checking to see if the name parameter has a value, if it does then you can act on it with other code.
In addition please stop using mysql_* functions. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and consider using PDO.
The condition in the second piece of code should be without quotes:
if (isset($_POST[$friend_id])) {...
The part === true isn't necessary in this case, I've removed it.
You should look into predefining any variables you intend to use.
function input_post ($value, $default) {
return isset($_POST[$value]) ? $_POST['value'] : false;
}
Then use the post as so, this would prevent any not set errors
$friend_id = input_post('friend_id');
if ($friend_id) {
// If friend_id is set, do this
}
else {
// If friend_id is false or unset
}
Related
I have a very simple PHP function which checks the DB if the post is saved in the user's bookmarks or not. If it is saved as a bookmark in the table 'bookmarks', it should return a link to the bookmarks, if not, it should return a simple button.
This is the code that calls the function:
echo bookmark($id,'stories');
This is the PHP function:
function bookmark($id,$column) {
global $db_conx;
if($column = 'stories') { $col = 'storid'; }
elseif($column = 'discussions') { $col = 'discid'; }
elseif($column = 'articles') { $col = 'articleid'; }
elseif($column = 'videos') { $col = 'videoid'; }
else $col = 'resid';
$result = mysqli_query($db_conx, "SELECT * FROM bookmarks WHERE '$col'='$id' AND username='$log_username' LIMIT 1");
$num_rows = mysqli_num_rows($result);
if ($num_rows > 0) {
return "<a class='rllink' title='Saved in your bookmarks' href='https://hangar.flights/bookmarks'><i class='fa fa-bookmark'></i></a>";
}
else return "<a class='rllink' href="xxxx" title='Save this in your bookmarks'><i class='fa fa-bookmark-o'></i></a>";
};
For some weird reason, this doesn't seem to be working, although my other similar functions do work. Everywhere I call this function (with the correct parameters) it returns the else statement, even if the specific id is saved in the bookmarks and should return the first statement with a link to the bookmarks.
Anyone who sees what's wrong with it? I have tried adapting and changing it but nothing works.
You are using assignment-in-if:
if($column = 'stories')
When executed, this is what happens:
the value of $column becomes the string 'stories'
the if statement checks whether the new value of $column is truthy
This is almost certainly not what you want, and you'll probably want to do comparing-if statements that don't change the value(s) of the things you check:
if($column == 'stories')
This will check whether $column is currently equal to the string 'stories' without changing the value.
I have a webpage with a button on it. When the button it clicked it sends a request to a page with this code on it
$userName = "tdscott";
$url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$divID = explode('?', $url);
$id = 0;
$id = explode('#',$divID[1])[1];
$func = $divID[2];
$find = mysqli_fetch_array(mysqli_query($con,"SELECT likes FROM status WHERE id='$id'"))['likes'];
if ($func == "addLike")
{
$promoted = $userName . "-";
mysqli_query($con, "UPDATE status SET promotedBy = CONCAT(promotedBy,'$promoted') WHERE id='$id'");
$find++;
mysqli_query($con,"UPDATE status SET likes = '$find' WHERE id='$id'");
echo $find;
}//end if addLike
elseif($func === "removeLike")
{
echo "ERROR";
}//end if removeLike
elseif ($func === "getLikes")
{
echo $find;
}//end if getLikes
mysqli_close($con);
I left of the database connection information. But for some reason when this is called it produces inaccurate results. For example... Sometimes it will put multiple instances of $promoted in the promotedBy field in my table and sometimes it will update other rows in the table that the id does not equal the current $id. I am wondering if somehow it is getting the $id variable mixed up from when I submitted it with a different value before. Is there a way to reset the variables before I call it each time?
Please note: In the if statement, we are only looking at the addLike portion. I included the other just in case it was causing the problem.
unset($id);
Sorry should have done more research.
I'm posting from the HTML code shown in this jsfiddle to the PHP page for which the code is below. The issue is that the array $_POST['selectedpost'] isn't being received. That's the array containing which checkboxes were ticked. In the js fiddle I added in an example row to the table containing the checkboxes as normally these are generated using PHP and SQL.
<?php
include "connect2.php";
if (isset($_POST['selectedpost'])) {
$postschecked = $_POST['selectedpost'];
$length = count($postschecked);
}
else{
returnpage();
}
if (isset($_POST['deleteposts'])) {
foreach($postschecked as $post_id){
$sql = "DELETE FROM posts WHERE post_id='$post_id'";
mysql_query($sql);
}
returnpage();
}
if (isset($_POST['passposts'])) {
foreach($postschecked as $post_id){
$sql = "UPDATE posts SET moderation=1 WHERE post_id='$post_id'";
mysql_query($sql);
}
returnpage();
}
if (isset($_POST['editpost'])) {
if ($lenght==1){
foreach($postschecked as $post_id){
header("location:editpost.php?post_id=$post_id");
}
}
else{
returnpage();
}
}
if (isset($_POST['returnpost'])) {
if (isset($_POST['reasonreturned'])) {
foreach($postschecked as $post_id){
$sql = "SELECT description FROM posts WHERE post_id='$post_id'";
$query = mysql_query($sql);
$array = array();
while ($row = mysql_fetch_array($query, MYSQL_NUM)) {
$array[] = $row; }
$description = "".$array[0][0];
$description = $description . "<br/><br/><span style='color:red;font-size:18px;'>" . $_POST['reasonreturned'] . "</span>";
$sql = "UPDATE posts SET description='$description' WHERE post_id='$post_id'";
$query = mysql_query($sql);
}
}
foreach($postschecked as $post_id){
$sql = "UPDATE posts SET moderation=3 WHERE post_id='$post_id'";
$query = mysql_query($sql);
}
returnpage();
}
if ($length){
returnpage();
}
function returnpage(){
//header("location:moderate.php");
}
?>
http://jsfiddle.net/3A6az/2/
Also extra note, I am aware as to how un-efficient my code is in places and I'm also aware to the fact I should drop mysql and move to something like mysqli. Thank's for any help given
If you have more than 1 checkbox you need to use
name='selectedpost[]'
It will then be available to you with $_POST['selectedpost']; as an array.
Hope this helps!
You're using an unbracketed input <input type='checkbox' name='selectedpost' value='404'></input> plus you don't need </input> <(FYI)
If anything you shouldn't be using value='404' unless that's what you want to pass as a "value".
You probably meant to use multiple checkboxes and using name='selectedpost[]'
I.e.:
<input type='checkbox' name='selectedpost[]'>
Using square brackets [] are treated as an array.
Footnotes:
I would like to point out though, that switching to mysqli_* functions would be most beneficial. mysql_* functions are deprecated.
Using mysqli_* functions with prepared statements or PDO would be even better in order to protect yourself from SQL injection.
Here is a guide on how to prevent SQL injection: How can I prevent SQL injection in PHP?
N.B.: I also found a typo which may give you trouble if ($lenght==1){
You have the word $length in your code as well. Change it to if ($length==1){
I have 2 php pages. 1st php page is the following:
<?php
//code...
if(isset($_POST['value'])== true && empty($_POST['value']) == false){
echo"<a href='search_form_all_2.php'>See more results for </a>";
} ?>
the second page is the "search_form_all_2.php".
<?php
$value = mysql_real_escape_string($_POST['value']);
$name_and_surname = explode(" ", "$value ");
$name = $name_and_surname[0];
$surname = $name_and_surname[1];
$query = mysql_query(" SELECT `name`, `surname`, `email`, `user_id` FROM users
WHERE (surname LIKE '$name%' AND name LIKE '$surname%') OR (surname LIKE
'$surname%' AND name LIKE '$name%') ");
while($run = mysql_fetch_array($query)){
$surname = $run['surname'];
$name = $run['name'];
echo"$surname $name ";
}
?>
I want to make the $value in "search_form_all_2.php" to get the value of the first page that I have in if(isset($_POST['value'])== true && empty($_POST['value']) == false) of 1st page. How can I do this because when running "search_form_all_2.php" I get an erros message:Notice: Undefined index: value
You need to use GET in this case. POST values are only send when a form is submited.
if(isset($_POST['value'])== true && empty($_POST['value']) == false){
echo "<a href='search_form_all_2.php?value=".urlencode($_POST['value'])."'>See more results for </a>";
then on second page you retrieve the GET value
$value = mysql_real_escape_string($_GET['value']);
Be careful, GET values are visible to the user. They are part of a URL. Don't send confidential information.
Another way is to save the value in a COOKIE or in SESSION variable.
setcookie("TestCookie", $_POST['value']);
$value = $_COOKIE["TestCookie"];
BTW empty() always returns boolean value and it already checks if the variable is set, so you only need:
if(!empty($_POST['value'])
In your 1st page, you can pass an argument in the url... example:
echo "<a href='search_form_all_2.php?s=".urlencode($_POST['value'])."'>See more results for </a>";
Then, in your 2nd page, you can call the argument... example:
$value = mysql_real_escape_string($_GET['value']);
PS: You shouldn't be using mysql_* functions. Instead learn mysqli at the very least or PDO.
On search_form_all_2.php you can't access the data value because when you click a link, it is a GET request, not a POST request. I suggest you look up the differences.
However, if you use this to spit out the link:
echo"<a href='search_form_all_2.php?more={$_POST['value']}'>See more results for </a>";
You can then retrieve it with $_GET or $_REQUEST (if you want to be able to use GET or POST) on page 2:
$value = mysql_real_escape_string($_REQUEST['value']);
<?php
if(isset($_POST['submit'])) {
$fields = array('field1', 'field2', 'field3');
$conditions = array();
foreach($fields as $field){
if(isset($_POST[$field]) && $_POST[$field] != '') {
$conditions[] = "`".$field."` like '%" . mysql_real_escape_string($_POST[$field]) . "%'";
}
}
$query = "SELECT * FROM customer ";
if(count($conditions) > 0) {
$query .= "WHERE " . implode (' AND ', $conditions);
}
$result = mysql_query($query);
$say = mysql_num_rows($result);
if ($say == 0) {
echo "<tr>no result.</tr>";
} else {
echo '...';
while($row = mysql_fetch_array($result))
{
...
}}
} ?>
Why doesn't this code checking empty fields? It returns results that has empty field even form submits empty.
The only improvement I think of is trim():
if(isset($_POST[$field]) && trim($_POST[$field]) != '') {
however, I am sure it is not the issue.
Have you ever thought of printing the resulting query out?
Look, you're writing a program to create some string (SQL query). But for some reason never interested in this program's direct result, judging it by some indirect results. May be it's data/query logic makes such results, but the query itself is okay?
if the query is still wrong - continue debugging.
Echo everything involved - print variables, condition results, intermediate results in the loop - and look for inconsistencies
$query = "SELECT * FROM customer ";
if(count($conditions) > 0) {
$query .= "WHERE " . implode (' AND ', $conditions);
}
When form is submitted empty ($conditions=0) it returns all table (select * from customer).
Added an else condition and fixed. Thanks for print query advices.
For checking something is empty or not. You can use empty() method.
Check this:
empty()
isset() only check whether that object/variable is set or not. For more details check this
isset()