I want to display all rows by a php query and update all by a submit button in sql. I this way below a can display all row and update particular row by its own submit button. But I want to update all by a single submit button.
So for do it, I thank, I want to loop for update. But I cannot understand how to do it in this case.
Here is my code:
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<tr>
<td width="10%"><input type="text" name="date" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail" maxlength="100" value="'.$Detail.'"></td>
<input type="hidden" name="id" value="'.$id.'">
</tr>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>';}
?>
padSproccess.php
include("../db.php");
global $db;
if(isset($_POST['submit'])){
$date = mysqli_real_escape_string($dbh,$_POST['date']);
$title = mysqli_real_escape_string($dbh,$_POST['title']);
$name = mysqli_real_escape_string($dbh,$_POST['name']);
$Detail = mysqli_real_escape_string($dbh,$_POST['Detail']);
$id = mysqli_real_escape_string($dbh,$_POST['id']);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
// if successfully updated.
}
For this you need to update your code into
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}?>
<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<?php
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '<tr>
<td width="10%"><input type="text" name="date[]" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title[]" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name[]" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail[]" maxlength="100" value="'.$Detail.'"></td>
<input type="hidden" name="id[]" value="'.$id.'">
</tr>';
}?>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
Now within your padSproccess.php you'll receive an array of results within your variables which'll be updated using foreach loop
What you need to do first is have an overall form, not a form for each (unless you want to throw in javascript to fire off ajax calls). So what you'll need to do is make sure each row can be associated with a specific id:
<?php
include_once '../db.php';
$result = mysqli_query($dbh, "SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
?>
<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<thead>
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_assoc($result)) {
$id = $row['id'];
$name = $row['name'];
$date = $row['date'];
$title = $row['title'];
$Detail = $row['Detail'];
echo '
<tr>
<td width="10%"><input type="text" name="date[' . $id . ']" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title[' . $id . ']" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name[' . $id . ']" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail[' . $id . ']" maxlength="100" value="'.$Detail.'"></td>
</tr>
';
}
?>
</tbody>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
Then in padSproccess.php you'll receive an array of names, dates, titles and Details, each one keyed by the ID of the row. So that'll change to something like this:
<?php
include "../db.php";
if(isset($_POST['submit'])){
$ids = array_keys($_POST['name']);
foreach ($ids as $id) {
$date = mysqli_real_escape_string($dbh,$_POST['date'][$id]);
$title = mysqli_real_escape_string($dbh,$_POST['title'][$id]);
$name = mysqli_real_escape_string($dbh,$_POST['name'][$id]);
$Detail = mysqli_real_escape_string($dbh,$_POST['Detail'][$id]);
$id = mysqli_real_escape_string($id);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
}
// if successfully updated.
}
Try this. Of course for the database I've not started and it is possible errors.
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
?>
<form action="padSproccess.php" method="POST">
<?php
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<tr>
<td width="10%"><input type="text" name="ar['.$id.'][date]" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="ar['.$id.'][title]" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="ar['.$id.'][name]" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="ar['.$id.'][Detail]" maxlength="100" value="'.$Detail.'"></td>
</tr>
</table>
';}
?>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
<?php
include("../db.php");
global $db;
if(isset($_POST['submit'])){
foreach($_POST['ar'] as $id=>$dat){
$date = mysqli_real_escape_string($dbh,$dat['date']);
$title = mysqli_real_escape_string($dbh,$dat['title']);
$name = mysqli_real_escape_string($dbh,$dat['name']);
$Detail = mysqli_real_escape_string($dbh,$dat['Detail']);
$id = mysqli_real_escape_string($dbh,$id]);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
}
// if successfully updated.
}
?>
Related
I'm creating a form using HTML and PHP. I have created a form which I want to submit and save that data in database.
I'm trying to submit a form with data that comes from a while loop. All input values are getting generated by while loop.
The code looks like this.
<table width="1348" border="0" class="table table-striped" >
<tr>
<td width="106"> </td>
<td width="332"><strong>Product Code</strong></td>
<td width="375"><strong>Product Name</strong></td>
<td width="211"><strong>QTY</strong></td>
</tr>
<?php
$i = 0;
$rowset = mysql_query("select * from product_detail where productID='".$data['productCode']."'");
while($stuff = mysql_fetch_array($rowset)){
?>
<tr>
<td><input type="text" name="code[<?php echo $i?>]" value="<?php enter code hereecho $stuff['code'];?>"/></td>
<td><input type="text" name="name[<?php echo $i?>]" value="<?php echo $stuff['name'];?>" size="50"/></td>
<td><input type="text" name="qty[<?php echo $i?>]" value="<?php echo $stuff['qty'];?>" size="10"/></td>
</tr>
<?php $i++; }?>
<tr id="last">
</table>
<input type="submit" name="save id="save" class="btn btn-primary btn-lg"/>
This is the code to add the data to database.
$code=$_POST['code'.$i];
$name=$_POST['name'.$i];
$qty=$_POST['qty'.$i];
$query = mysqli_query($con,"insert into stock(productCode, productName, qty) values ('".$code."', '".$name."','".$qty."')") or die(mysqli_error($con));
First, use prepared statement with bind_param as your script is totally exposed to sql injection.
Second, you can add input type hidden for the number of rows
<form action="" method="POST">
<table width="1348" border="0" class="table table-striped" >
<tr>
<td width="106"> </td>
<td width="332"><strong>Product Code</strong></td>
<td width="375"><strong>Product Name</strong></td>
<td width="211"><strong>QTY</strong></td>
</tr>
<?php
$data['productCode'] = "1"; // sample data
$stmt = $con->prepare("SELECT * FROM product_detail WHERE productID = ?");
$stmt->bind_param("i", $data['productCode']);
$stmt->execute();
$result = $stmt->get_result();
$i = 0;
while($stuff = $result->fetch_assoc()) {
?>
<tr>
<td></td>
<td><input type="text" name="code[<?php echo $i; ?>]" value="<?php echo $stuff['code'];?>"/></td>
<td><input type="text" name="name[<?php echo $i; ?>]" value="<?php echo $stuff['name']; ?>" size="50" /></td>
<td><input type="text" name="qty[<?php echo $i; ?>]" value="<?php echo $stuff['qty']; ?>" size="10" /></td>
</tr>
<?php
$i++;
}
?>
<input type="hidden" name="count" value="<?php echo $i; ?>" />
<tr id="last">
</table>
<input type="submit" name="save" id="save" class="btn btn-primary btn-lg"/>
</form>
post count with the form
<?php
if (isset($_POST['save'])) {
$count = $_POST['count'];
for ($i = 0; $i < $count; $i++) {
$code = $_POST['code'][$i]; // check empty and check if interger
$name = $_POST['name'][$i]; // check empty and strip tags
$qty = $_POST['qty'][$i]; // check empty and check if interger
$stmt = $con->prepare("INSERT INTO stock (productCode, productName, qty) VALUES (?, ?, ?)");
$stmt->bind_param("iss",$code,$name,$qty);
$stmt->execute();
}
}
?>
You may also want to check if post values are empty with other necessary validation before insert
Since the table is dynamically filled, you need to use an array as the name attribute
<table>
<tr>
<th>Name</th>
<th>Present</th>
<th>Excused</th>
<th>Unexcused</th>
<th>Ext</th>
</tr>
<?php
$query = "select * from TbCard";
$sql = mysqli_query($connect, $query);
$count = 0;
while ($data = mysqli_fetch_array($sql)) {
?>
<tr>
<td>
<input name="tableRow[<?php echo $count; ?>]['dataName']" id='name' type='text' value="<?php echo $data['Name'];?>" readonly style='border:none;width:350px'></input>
</td>
<td>
<input name="tableRow[<?php echo $count; ?>]['status']" type="radio" value="Present"> Present
</td>
<td>
<input name="tableRow[<?php echo $count; ?>]['status']" type="radio" value="Excused"> Excused
</td>
<td>
<input name="tableRow[<?php echo $count; ?>]['status']" type="radio" value="Unexcused"> Unexcused
</td>
</tr>;
<?php
$count++;
}
?>
</table>
The php would be something like this, assuming that the data has values in it:
$tableRow = $_POST['tableRow'];
foreach($tableRow as $row){
/* here insert data from post */
echo $row['dataName'].' '.$row['status'].'<br/>';
}
To see the content of the array, use print_r($tableRow)
in this case i use a name tableRow
I am currently making a system for a client database management. There are four tables in mySQL for this system, which are; admin, staff, client, and project. The project table has one foreign key from the client table, which is the clientid.
Now, I have made forms for all these tables so that the user can input the data into them. Weirdly, the only form that can be updated successfully is the staff one. Both the client and project forms cannot be updated at all. It returns as successful, but the data are not altered.
Below is the staff update code.
<?php
include 'database.php';
$staffid = $_GET['staffid'];
$sql = "SELECT * FROM staff WHERE staffid='$staffid'";
$result = mysqli_query($conn,$sql);
while ($row=mysqli_fetch_array($result)){
$staffname = $row['staffname'];
$staffemail = $row['staffemail'];
$staffphone = $row['staffphone'];
}
if(isset($_POST['submit'])){
$staffname = $_POST['staffname'];
$staffemail = $_POST['staffemail'];
$staffphone = $_POST['staffphone'];
$sql = "UPDATE staff SET
staffname='$staffname',staffemail='$staffemail',staffphone='$staffphone' WHERE staffid='$staffid'";
$result = mysqli_query($conn,$sql);
if($result){
echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>";
}
else {
echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>";
}
}
?>
<form action="" method="post">
<table class ="table1">
<tr>
<td>Staff Name:</td> <td><input type="text" name="staffname" size="50" value="<?php echo $staffname;?>"></td>
</tr>
<tr>
<td>Staff Email:</td> <td><input type="text" name="staffemail" size="50" value="<?php echo $staffemail;?>"></td>
</tr>
<tr>
<td>Staff Phone No:</td> <td><input type="text" name="staffphone" size="50" value="<?php echo $staffphone;?>"></td>
</tr>
<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewstaff.php"'></td>
</table>
</form>
Okay now is the update code for the client table.
<?php
include 'database.php';
$clientid = $_GET['clientid'];
$sql = "SELECT * FROM client WHERE clientid='$clientid'";
$result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error());
while ($row=mysqli_fetch_array($result)){
$clientid = $row['clientid'];
$clientname = $row['clientname'];
$clientno = $row['clientno'];
$clientemail = $row['clientemail'];
$clientadd = $row['clientadd'];
}
if(isset($_POST['submit'])){
$clientid = $row['clientid'];
$clientname = $row['clientname'];
$clientno = $row['clientno'];
$clientemail = $row['clientemail'];
$clientadd = $row['clientadd'];
$sql = "UPDATE client SET clientid='$clientid',clientname='$clientname',clientno='$clientno',clientemail='$clientemail',clientadd='$clientadd' WHERE clientid='$clientid'";
$result = mysqli_query($conn,$sql) or die ("Error in query: $query. ".mysqli_error());
if($result){
echo "<table><td><tr><h4>Record has been updated successfully!<br></tr></td></h4></table>";
}
else {
echo "<h4>Record has <b>NOT</b> been updated successfully<br></h4>";
}
}
?>
<form action="" method="post">
<table class ="table1">
<tr>
<td>Client ID:</td> <td><input type="text" name="clientid" size="50" value="<?php echo $clientid;?>"></td>
</tr>
<tr>
<td>Client Name:</td> <td><input type="text" name="clientname" size="50" value="<?php echo $clientname;?>"></td>
</tr>
<tr>
<td>Client Phone No.:</td> <td><input type="text" name="clientno" size="50" value="<?php echo $clientno;?>"></td>
</tr>
<tr>
<td>Client Email:</td> <td><input type="text" name="clientemail" size="50" value="<?php echo $clientemail;?>"></td>
</tr>
<tr>
<td>Client Address:</td> <td><input type="text" name="clientadd" size="50" value="<?php echo $clientadd;?>"></td>
</tr>
<td><input type="submit" value="Update" name="submit"> <input type="button" value="View" name="view" onclick='location.href="viewclient.php"'></td>
</table>
</form>
Maybe I'm stupid or what but I've been trying to figure out the problem for 3 hours and I'm this close to crying lol. Been reading all the threads here about updating form but still, no answer. Hope that anyone here could help me. Thank you.
The code you use for the client table update uses this code:
if(isset($_POST['submit'])){
$clientid = $row['clientid']; // $row should be $_POST
$clientname = $row['clientname']; // $row should be $_POST
$clientno = $row['clientno']; // $row should be $_POST
$clientemail = $row['clientemail']; // $row should be $_POST
$clientadd = $row['clientadd']; // $row should be $_POST
But those $rows should be $_POST, else the updated data will be the same as the previous data (since $row is the result from the query SELECT * FROM client WHERE clientid='$clientid'). You do it correctly in the staff table update code:
if(isset($_POST['submit'])){
$staffname = $_POST['staffname'];
$staffemail = $_POST['staffemail'];
$staffphone = $_POST['staffphone'];
Please note that your your script is at risk of SQL Injection Attack. Have a look at what happened to Little Bobby Tables. Even if you are escaping inputs, its not safe!. Use prepared parameterized statements instead.
I've got a page showing the contents of my DB in form inputboxes like this:
<?php
while($row = mysql_fetch_array($result))
{
$namn = $row['namn'];
$mandag = $row['mandag'];
$tisdag = $row['tisdag'];
$onsdag = $row['onsdag'];
$torsdag = $row['torsdag'];
$fredag = $row['fredag'];
?>
<td width="100"></td>
<td><?=$namn?><input name="namn[]" type="hidden" value="<?=$namn?>"></td>
</tr>
<tr>
<td width="100">Mandag</td>
<td><input name="mandag[]" type="text" value="<?=$mandag?>"></td>
</tr>
<tr>
<td width="100">Tisdag</td>
<td><input name="tisdag[]" type="text" value="<?=$tisdag?>"></td>
</tr>
<tr>
<td width="100">Onsdag</td>
<td><input name="onsdag[]" type="text" value="<?=$onsdag?>"></td>
</tr>
<tr>
<td width="100">Torsdag</td>
<td><input name="torsdag[]" type="text" value="<?=$torsdag?>"></td>
</tr>
<tr>
<td width="100">Fredag</td>
<td><input name="fredag[]" type="text" value="<?=$fredag?>"></td>
</tr>
<?php } ?>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
After this I've added code to able to update the different DB entries by changing the content of the inputboxes and pressing the submit button:
<?php
if(isset($_POST['update']))
{
$namnValue = $_POST['namn'];
$mandagValue = $_POST['mandag'];
$tisdagValue = $_POST['tisdag'];
$onsdagValue = $_POST['onsdag'];
$torsdagValue = $_POST['torsdag'];
$fredagValue = $_POST['fredag'];
print_r($mandagValue);
$sql = "UPDATE anstalld SET mandag = '$mandagValue', tisdag = '$tisdagValue', onsdag = '$onsdagValue', torsdag = '$torsdagValue', fredag = '$fredagValue' WHERE namn = '$namnValue'";
echo $sql;
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
}
mysql_close($conn);
?>
The DB is being updated, however, the problem is that all my
$namnValue = $_POST['namn'];
$mandagValue = $_POST['mandag'];
$tisdagValue = $_POST['tisdag'];
$onsdagValue = $_POST['onsdag'];
$torsdagValue = $_POST['torsdag'];
$fredagValue = $_POST['fredag'];
are returning the result "Array", an not the actual Values from the inputboxes.
Therefore my SQL UPDATE ends up being
"UPDATE anstalld SET mandag = 'Array', tisdag = 'Array', onsdag =
'Array', torsdag = 'Array', fredag = 'Array' WHERE namn = 'Array'"
I'll appreciate any help I can get on this, thanks.
You need to delete [] on our input names:
<td><input name="onsdag" type="text" value="<?=$onsdag?>"></td>
instead of
<td><input name="onsdag[]" type="text" value="<?=$onsdag?>"></td>
^^
Otherwise they are considered as arrays.
Because of the name of your input fields
<input name="onsdag[]" type="text" value="<?=$onsdag?>">
you are sending arrays and not single values.
Change the names as the previous answer suggests
<input name="onsdag" type="text" value="<?=$onsdag?>">
or access them as arrays
$namnValue = $_POST['namn'][0];
$mandagValue = $_POST['mandag'][0];
...
my problem goes like this:
my home page has tables with rows pulled from the database (while loops)
each row has a - cell in which he can add an event to that specific row
in order to do that i send the row id as a $_GET variable from the home page table
and in the "add event" page i store it as a variable
but when i submit my addevent form without filling it properly (as i coded) it simply refreshes the form only without the row id in the url therefor also the query i do in the beginning of the page for pulling the row data can no longer execute and that pops a PHP error
for the id variable which i sign it the $_GET and the query (mysql fetch array).
also of course all the data which i display in the form from that query is gone.
any suggestions on how to approach this ? thanks in advance, Regards.
EDIT:** kill the new guy! -Sorry i guess
home page where i send the id :
$sql = "SELECT * FROM alarms WHERE alarmstatus = 'OFF' and starttime='::' ORDER BY clientid ASC";
$query = mysql_query($sql);
echo "<table cellpadding='1px' border='1px' bordercolor='#0066FF' cellspacing='0'>
<form action='hpage.php' method='get'>";
while($fetch = mysql_fetch_array($query)) {
echo "<tr>
<td>
".$fetch['clientid']."</td>
<td>".$fetch['controller']."</td>
<td>".$fetch['typeid']."</td>
<td style='color: red'>".$fetch['alarmstatus']."</td>
<td>".$fetch['starttime']."</td>
<td>".$fetch['endtime']."</td>
<td><a href='includes/editalarm.php?id=".$fetch['id']."'>Edit</a></td>
<td><a href='includes/addevent.php?id=".$fetch['id']."'>Add event</a></td>
<td><a href='includes/deletealarm.php?id=".$fetch['id']."'>Delete</a></td>
</tr>";
}
the add event where i get the variable and make the query:
$alarmid = $_GET['id'];
$sql = "SELECT * FROM alarms WHERE id=".$alarmid;
$query = mysql_query($sql);
$fetch = mysql_fetch_array($query);
?>
the form:
<table cellpadding="2px" cellspacing="0" >
<form action="addevent.php" method="post">
<tr>
<td>סניף:</td>
<td><input style="width:200px; background-color: #d6d6d6;" readonly name="client" value="<?php echo $fetch['clientid']; ?>" /></td>
</tr>
<tr>
<td>בקר:</td>
<td><input style="width:200px; background-color: #d6d6d6;" readonly name="controller" value="<?php echo $fetch['controller']; ?>" /></td>
</tr>
<tr>
<td>אזעקה:</td>
<td><input style="width:200px; background-color: #d6d6d6;" readonly name="controller" value="<?php echo $fetch['typeid']; ?>" /></td>
</tr>
<tr>
<td>מוקדן:</td>
<td>
<?php
$sql = "SELECT * FROM users WHERE privilege = '2'";
$query = mysql_query($sql);
echo "<select name='user' style='width:207px;'>";
echo "<option>..</option>";
while ($fetch2 = mysql_fetch_array($query)){
echo "<option>".$fetch2['username']."</option>";
}
echo "</select>";
?>
</td>
</tr>
<tr>
<td>איש קשר:</td>
<td><input type="text" name="contact" /></td>
</tr>
<tr>
<td>הודעה:</td>
<td><input type="text" style="width:200px; height:100px" name="message" /></td>
</tr>
<tr>
<td>תשובה:</td>
<td><input type="text" style="width:200px; height:100px" name="answer" /></td>
</tr>
<tr>
<td>שעה:</td>
<td>
<select name="eventhour">
<option value ="default"></option>
<?php
for($i = 0; $i<60; $i++){
$value = $i;
if($i<=9){
$value= "0".$i;
}
echo "<option>".$value."</option>";
}
?>
</select>
<select name="eventminute">
<option value ="default"></option>
<?php
for($i = 0; $i<24; $i++){
$value = $i;
if($i<=9){
$value= "0".$i;
}
echo "<option>".$value."</option>";
}
?>
</select>
</td>
</tr>
<tr>
<td>
<input type="submit" name="save" value="שמור" />
<input type="submit" name="cancell" value="בטל" />
</td>
<td></td>
</tr>
</form>
Your form action is POST. If you change that to GET then you will have the form as $_GET.
This question already has an answer here:
Closed 11 years ago.
Possible Duplicate:
Why isn't my image showing up?
I have a weird problem here. I have this line of code where it works on one page but it doesnt on another. The PHP code is as follows:
PHP Page That Shows Image
<table border=1>
<tr>
<td align=center>EDIT</td>
</tr>
<tr>
<td>
<table>
<?
$id = $_GET['product_id'];
$result = mysql_query("SELECT * FROM products WHERE serial = '$id'");
$info = mysql_fetch_array($result);
?>
<form method="post" action="editsuccess.php">
<input type="hidden" name="id" value="<? echo "$info[name]"?>">
<table border='0' width=100%>
<tr>
<td>Name</td>
<td>
<input type="text" name="name"
size="20" value="<? echo "$info[name]"?>">
</td>
</tr>
<tr>
<td>Description</td>
<td>
<input type="text" name="name"
size="20" value="<? echo "$info[description]"?>">
</td>
</tr>
<tr>
<td>Price</td>
<td>
<input type="text" name="address" size="40"
value="<? echo "$info[price]"?>">
</td>
</tr>
<tr>
<td>Image</td>
<td>
<? echo'<img src="../getImage.php?id=' . $info['serial'] .'"/>'?>
</td>
</tr>
<tr>
<td align="right">
<input type="submit"
name="submit value" value="Update Product">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
PHP Page That Doesnt Show Image
<?php
$id = $_GET['product_id'];
$query = mysql_query("SELECT * FROM products WHERE serial = '$id'")
or die(mysql_error());
while($info = mysql_fetch_array($query)) {
echo "";
$name = $info['name'];
$description = $info['description'];
$price = $info['price'];
$picture = $info['picture'];
}
?>
<form action="editsuccess.php?product_id=<?php echo $id; ?>" method="post">
Product ID:<br/>
<input type="text" value="<?php echo $id;?>" name="product_id" disabled/>
<br/>
Name:<br/>
<span id="sprytextfield1">
<input type="text" value="<?php echo $name;?>" name="name"/>
<span class="textfieldRequiredMsg">Enter Product Name</span></span><br/>
Description:<br/>
<span id="sprytextfield2">
<input type="text" value="<?php echo $description;?>" name="description"/>
<span class="textfieldRequiredMsg">Enter A Description</span></span><br/>
Price:<br/>
<span id="sprytextfield3">
<input type="text" value="<?php echo $price;?>" name="price"/>
<span class="textfieldRequiredMsg">Enter Price</span><span class="textfieldInvalidFormatMsg">Enter Numbers Only</span></span><br/>
Picture:<br/>
<?php echo '<img src="../getImage.php?id=' . $row['serial'] .'"/>'
?>
</br>
<input type="submit" value="Update Product"/>
</form>
The line of code i am talking about is this one:
<?php echo '<img src="../getImage.php?id=' . $row['serial'] .'"/>'
?>
Any ideas why it dont work???
-----EDIT--------
getImage.php code is as follows:
<?php
$host="localhost"; // Host name
$user="****"; // Mysql username
$passwd="****"; // Mysql password
$dbName="**********"; // Database name
// Connect to server and select databse.
mysql_connect("$host", "$user", "$passwd")or die("cannot connect");
mysql_select_db("$dbName")or die("cannot select DB");
$link = mysql_connect($host, $user, $passwd);
mysql_select_db($dbName);
$query = 'SELECT picture FROM products WHERE serial="' . $_GET['id'] . '"';
$result = mysql_query($query,$link);
$row = mysql_fetch_assoc($result);
header("Content-type: image/jpeg");
echo $row['picture'];
?>
First of all, try to avoid short tags (<?). Not every webserver is configured to understand them and it kind of conflicts with XML tags (which open with <?xml). So replace your <? with <?php to make sure your code always works on any webserver, regardless of it's configuration setting for short_open_tags.
Second, You're calling $row['serial'], but $row doesn't appear to be an array (at least it's not defined within the code you pasted here). Are you sure it shouldn't be $info['serial']?
But most importantly, whenever you allow user-input (like a $_GET) to determine your SQL query, always escape your code with mysql_real_escape_string, like this:
$result = mysql_query("SELECT * FROM products WHERE serial = '" . mysql_real_escape_string($id) . "'");
Or when you're sure that it's always an integer (e.g. if the field has INT datatype in your database), cast the value as an integer, like so:
$result = mysql_query("SELECT * FROM products WHERE serial = " . (int) $id);
You shooed to remove while cicluse
next code
while($info = mysql_fetch_array($query)) {
echo "";
$name = $info['name'];
$description = $info['description'];
$price = $info['price'];
$picture = $info['picture'];
}
?>
change just with
$info = mysql_fetch_array($query)
Try and tell us does is ok, and does is like you want. :)