this piece of code i have below reads data from a database, what i want to make is that when you click submit on the following form, it would write the same data to another database and when denied, it would also submit it to another different database. Can you help? since i can't get how to do it.
<?php
} else if ($usertype == 1) {
$server = "localhost";
$user = "";
$pass = "r=Sc!~";
$db = "";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db) or mysqli_error($mysqli);
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
?>
<?php
echo " Overrides today: " . $num_rows;
?>
<form method="post" action="dbheads.php" name="HeadWritingForm" id="HeadWritingForm" autocomplete="off">
<fieldset>
<?php
while($row = mysqli_fetch_array($overrides)) {
echo "First Name: " . $row['name'] . "<br />";
echo "<br />Mid. Name: " . $row['mname'] . "<br />";
echo "<br />Fam. Name: " . $row['fname'] . "<br />";
echo "<br />Student ID: " . $row['sid'] . "<br />";
echo "<br />Scolarship: " . $row['sc'] . "<br />";
echo "<br />Phone No: " . $row['phone'] . "<br />";
echo "<br />Email: " . $row['email'] . "<br />";
echo "<br />Class: " . $row['class'] . "<br />";
echo "<br />Section: " . $row['section'] . "<br />";
echo "<br />Semester: " . $row['semester'] . "<br />";
}
?>
<br />
<div>
<label for="comments" accesskey="c">Notes & Comments:</label><br />
<textarea name="comments" cols="35" rows="10">
</textarea><br>
</div>
<br>
<input type="submit" class="submit" id="submit" value="Accept" /> <input type="submit" value="Deny"><br>
</fieldset>
</form>
enter code here
<?php
$server = "localhost";
$user = "";
$pass = "r=Sc!~";
$db1 = "Overrides ";
$db2 = "ONTHERDB";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db1) or mysqli_error($mysqli);
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
$mysqli = new Mysqli($server, $user, $pass, $db2) or mysqli_error($mysqli);
while($row = mysqli_fetch_array($overrides)) {
$QUERY="INSERT INTO $db2(name,mname,fname,sid,sc,phone,email,class,section,semester)VALUES($row[0],
$row[1],$row[2],$row[3],$row[4],$row[5],$row[6],$row[7],$row[8],$row[9],$row[10] );
mysqli_query($QUERY);
}
Related
Please advice me as value for session data question_number not getting incremented and passed in Codeigniter project
The old value question_number of 1 is always passed as the question number
the code is supposed to set question_number as 1 initially and then when the user submits the form the first time, and the form data is processed by the same document, the question number is supposed to be incremented by one and passed to the same form below
but unfortunately, this new question number is not passed to the hidden input type
see the code below
$con = mysqli_connect($dbhost, $dbuser, $dbpass, $dbName);
if (!$this->session->userdata("user_id")) {
header("location:" . base_url() . "login");
}
$_SESSION['error'] = '';
$_SESSION['success'] = '';
// template methods start here ==========================================
if (isset($_POST["LaunchTest"])) {
$test_id = addslashes($_POST['id']);
echo("test_id: " . $test_id . "<br />");
$session_id = addslashes($_POST['session_id']);
echo("session_id: " . $session_id . "<br />");
$counter = addslashes($_POST['counter']);
echo("counter: " . $counter . "<br />");
$score = addslashes($_POST['score']);
echo("score: " . $score . "<br />");
$question_number = addslashes($_POST['question_number']);
echo("question_number: " . $question_number . "<br />");
$answer = addslashes($_POST['hidden_answer']);
echo("answer: " . $answer . "<br />");
$user_choice = addslashes($_POST['radio_choice']);
echo("user_choice: " . $user_choice . "<br />");
$start_id = addslashes($_POST['start_id']);
echo("start_id: " . $start_id . "<br />");
$end_id = addslashes($_POST['end_id']);
echo("end_id: " . $end_id . "<br />");
$current_question= $question_number;
if ($user_choice==$answer) {
$score++;
}
$preventRepeat = [];
$question_number = $question_number+1;
echo("new Question number: " . $question_number . "<br />");
$new_question = $question_number;
$_SESSION['question_number'] = $question_number;
$organisation = $_SESSION['organisation'];
date_default_timezone_set('Africa/Lagos');
$today = date('m/d/Y h:i:s a', time());
$sql_query = "UPDATE cbt_attempts_tbl SET "
. "currentQuestion ='"
. $current_question . "',"
. "score ='"
. $score . "',"
. "created_date ='"
. $today . "'"
. " WHERE session_id = '"
. $session_id .
"'";
; //$displayedRowCount = $rowCount;
echo $sql_query . "<br />";
$result = mysqli_query($con, $sql_query) or die("No data returned from DB Query");
//$candidate_quest_count++;
echo "database updated succesfully. <br />";
$current_question++;
if ($question_number > $_SESSION['total_questions']) {
//calculate score
$score_output = calculateScore($score, $_SESSION['total_questions']);
//end test
header("location:" . base_url() . "score?id=" . $test_id .
"&test_session=" . $session_id. "score=". $score_output);
} else {
// myRandomNum = generateSecondRandomNumber();
$myRandomNum = generateRandomNumber($start_id, $end_id);
echo("myRandomNum: " . $myRandomNum . "<br />");
//$myRandomNum = preventRepeatingQuestions($myRandomNum);
$quesionAtRand_str = getQuestionAtRandom($myRandomNum, $con);
$QuestData_arr = explode("~", $quesionAtRand_str);
//echo("QuestData_arr is: " . $QuestData_arr . "<br />");
$Question = $QuestData_arr[1];
//echo("Question is: " . $Question . "<br />");
$OptA = $QuestData_arr[2];
//echo("OptA is: " . $OptA . "<br />");
$OptB = $QuestData_arr[3];
//echo("OptB is: " . $OptB . "<br />");
$OptC = $QuestData_arr[4];
//echo("OptC is: " . $OptC . "<br />");
$OptD = $QuestData_arr[5];
//echo("OptD is: " . $OptD . "<br />");
$Answer = $QuestData_arr[6];
//echo("Answer is: " . $Answer . "<br />");
}
}
?>
<?php include('admin_block.php'); ?>
<br/>
<?php
if (!isset($_GET["id"])) {
$_SESSION['error'] = '<label class="text-danger">nothing selected.</label><br />';
header("location:" . base_url() . "launchtest");
exit();
}
$test_id = addslashes($_GET['id']);
//display deleted succesfully
//header return to update screen
$organisation = $_SESSION['organisation'];
$user_name = $_SESSION['user_name'];
// main start
//-----FIRST TIME RUN STARTS HERE---
if (!isset($test_session_id)) {
$arr_usr_choice = [];
$arr_correct_answer = [];
$arr_usr_choice[0] = "nothing";
$arr_correct_answer[0] = "nothing";
$candidate_quest_count = 1;
$question_number = 1;
$preventRepeat = [];
$counter = 1;
$current_question = 1;
$score = 0;
$_SESSION["score"] = 0;
$test_session_id = generateTestSessionId();
//echo("test_session_id is: " . $test_session_id . "<br />");
//gettestdetails from summary table
$testDetails = getTestDetailsFromSummary($con, $test_id);
//echo("testDetails: " . $testDetails . "<br />");
$dataFromSmryTble_arr = explode("~", $testDetails);
$test_name= $dataFromSmryTble_arr[2];
//echo("test_name: " . $test_name . "<br />");
$type = $dataFromSmryTble_arr[6];
//echo("type: " . $type . "<br />");
$subject = $dataFromSmryTble_arr[5];
//echo("subject: " . $subject . "<br />");
$total_questions = $dataFromSmryTble_arr[3];
//echo("total_questions: " . $total_questions . "<br />");
$start_id = $dataFromSmryTble_arr[0];
//echo("start_id: " . $start_id . "<br />");
$end_id = $dataFromSmryTble_arr[1];
//echo("end_id: " . $end_id . "<br />");
$_SESSION['total_questions'] = $total_questions;
loadDetailsToAttemptsTbl(
$con,
$test_id,
$test_session_id,
$test_name,
$type,
$subject,
$total_questions,
$start_id,
$end_id
);
//1. get test takers first name and lastname
if (!isset($_SESSION['firstname']) || !isset($_SESSION['lastname'])) {
header("location:" . base_url() . "enter_student_details?id=" . $test_id .
"&test_session=" . $test_session_id);
}
$firstname = $_SESSION['firstname'];
$lastname = $_SESSION['lastname'];
$output = displayFirstQuestion($con, $test_session_id); // duisplays one Question
//echo("output is: " . $output . "<br />");
$QuestData_arr = explode("~", $output);
//echo("output is: " . $output . "<br />");
$Question = $QuestData_arr[1];
//echo("Question is: " . $Question . "<br />");
$OptA = $QuestData_arr[2];
//echo("OptA is: " . $OptA . "<br />");
$OptB = $QuestData_arr[3];
//echo("OptB is: " . $OptB . "<br />");
$OptC = $QuestData_arr[4];
//echo("OptC is: " . $OptC . "<br />");
$OptD = $QuestData_arr[5];
//echo("OptD is: " . $OptD . "<br />");
$Answer = $QuestData_arr[6];
//echo("Answer is: " . $Answer . "<br />");
$_SESSION['question_number'] = $question_number;
}
//-----FIRST TIME RUN ENDS HERE---
echo '<form method="post" action="'. $_SERVER['PHP_SELF'].'?id=' . $test_id .
'&test_session=' . $test_session_id .'"';
echo '<h2 class="section-heading animated">'. $test_name .'</h2>';
echo '<TABLE class="my_style" border="0"><TR><TD>' . $firstname . " ". $lastname . '</TD></TR></TABLE>';
echo '<font color="#fff"><table class="my_style" border="0" cellpadding="2">';
echo '<tr >';
echo '<td valign="top" >' . $_SESSION["question_number"] . '</td>';
echo '<td valign="top" colspan="3" scope="col"><b>' . $Question . '</b></td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">A.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="A" required /></td><td valign="top" >' . $OptA . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">B.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="B" /></td><td valign="top" >' . $OptB . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">C.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="C" /><td valign="top" >' . $OptC . '</td>';
echo '</tr >';
echo '<tr >';
echo '<td></td><TD WIDTH="2%">D.</TD><td WIDTH="2%"><input name="radio_choice" type="radio" value="D" /><td valign="top" >' . $OptD. '</td> <input type="hidden" value="'.$Answer.'" name="hidden_answer" /> ';
echo '</tr>';
echo '</tr >';
echo '<td colspan="4" ><input type="submit" style="background-color: #008CBA;" value="Next Question" name ="LaunchTest" onClick="checkRadios()"/>';
echo '<input type="hidden" name="id" value="'. $test_id.'"/>';
echo '<input type="hidden" name="question_number" value="'. $_SESSION["question_number"] .'"/>';
echo '<input type="hidden" name="session_id" value="'.$test_session_id.'"/>';
echo '<input type="hidden" name="counter" value="'.$counter.'"/>';
echo '<input type="hidden" name="score" value="'.$_SESSION["score"] .'"/>';
echo '<input type="hidden" name="start_id" value="'.$start_id.'"/>';
echo '<input type="hidden" name="end_id" value="'.$end_id.'"/>';
echo '</td>';
echo '</tr >';
echo '</table></font>';
echo '</form>';
// main end
?>
#Ynhockey was right. test_session_id was causing the issues
So, I am trying to figure out how do this this and it boggling me. THIS WILL NOT BE USED ONLINE LIVE SO SQL INJECTION I DONT' CARE ABOUT. What am I doing wrong/right?
<?php
$db = mysql_connect("localhost", "root", "root");
if (!$db) {
die("Database connect failed: " . mysql_error());
}
$db_select = mysql_select_db("UNii", $db);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
$comment = $_GET['comment'];
$id = $_GET['id'];
$sql = "UPDATE Dbsaved SET comment = '{$comment}' WHERE id = $id";
$comment1 = mysql_query($sql);
if (!$comment1) {
die("did not save comment: " . mysql_error());
}
echo $sql;
The main problem is with the statement itself, the connection is fine. I am trying to read $comment, and then update that into a MYSQL table and then have it read back in a different file.
EDIT: Mark up for the form I'm taking $comment from.
<!DOCTYPE html>
<html lang="en">
<LINK href="stylesheet.css" rel="stylesheet" type="text/css">
<script src ="js/validateform.js"></script>
<head>
<meta charset="UTF-8">
<title>UniHelp Home</title>
</head>
<body>
<div id="headeruni">
<h1>Welcome <?php echo $_GET["name"]; ?> to UniHelp!</h1>
</div>
<div id ="infouni">
<h3>Welcome to UniHelp. The social Network getting you connected to other people all over the University for any help you require!</h3>
</div>
<div id ="nameandemail">
<form action="formsend.php" method="post">
First name: <br> <input type="text" name="name"><br>
Email: <br> <input type="text" name="email"><br>
Comment: <br> <input type="text" name="message"><br>
<input type="submit" name="submit">
</form>`enter code here`
</div>
<div id="grabphpdiv">
<?php
$db = mysql_connect("localhost", "root", "root");
if (!$db) {
die("Database connect failed: " . mysql_error());
}
$db_select = mysql_select_db("UNii", $db);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
$result = mysql_query("SELECT * FROM Dbsaved", $db);
if (!$result) {
die ("Database query failed: " . mysql_error());
}
$comment = $_POST['$comment'];
while ($row = mysql_fetch_array($result)) {
echo "<div id='posts'>";;
echo "<h2>";
echo $row[1] . "";
echo "</h2>";
echo "<p>";
//echo $timestamp = date('d-m-y G:i:s ');
echo "<br>";
echo "<br>";
echo $row[2] . "";
echo "</p>";
echo "<p>";
echo $row[3] . "";
echo "</p>";
echo 'Delete';
echo "<br>";
echo "<br>";
echo 'Comment: <br>
<input type=text name=comment><br>
<a href=addcomment.php?id=' . $row[0]. '&comment='. $row['$comment'].'>Comment</a>';
echo "<p>";
echo $row['comment'] . "";
echo "</p>";
echo "</div>";
echo "<br>";
}
?>
</div>
</body>
<div id="footer">Copyright © James Taylor 2016</div>
</html>
I just ran this code:
$comment = "Hello World!";
$id = 1;
$sql = "UPDATE Dbsaved SET comment = '{$comment}' WHERE id = {$id}";
echo $sql;
and saw:
UPDATE Dbsaved SET comment = 'Hello World!' WHERE id = 1
which is a correct SQL statement, so if it is not working, you might want to play with SQL directly to get something working. Hope that helps!
SOLUTION:
$comment = $_GET['$comment'];
$id = $_GET['$id'];
while ($row = mysql_fetch_array($result)) {
echo "<div id='posts'>";;
echo "<h2>";
echo $row[1] . "";
echo "</h2>";
echo "<p>";
//echo $timestamp = date('d-m-y G:i:s ');
echo "<br>";
echo "<br>";
echo $row[2] . "";
echo "</p>";
echo "<p>";
echo $row[3] . "";
echo "</p>";
echo 'Delete';
echo "<br>";
echo "<br>";
echo $row[4] . "";
echo "<br>";
echo 'Comment: <br>
<form action="addcomment.php?id=' . $row[0]. '" method="post">
<input type=text name=comment><br>
<input type=submit name="submit">
</form>';
echo "<p>";
echo $row['comment'] . "";
echo "</p>";
echo "</div>";
echo "<br>";
}
?>
and:
<?php
$db = mysql_connect("localhost", "root", "root");
if (!$db) {
die("Database connect failed: " . mysql_error());
}
$db_select = mysql_select_db("UNii", $db);
if (!$db_select) {
die("Database selection failed: " . mysql_error());
}
$comment = $_POST['comment'];
$id = $_GET['id'];
$sql = "UPDATE Dbsaved SET comment = '$comment' WHERE id = $id ";
$comment1 = mysql_query($sql);
echo $sql;
if (!$comment1) {
die("did not save comment: " . mysql_error());
}
else {
header("location: UniHelpindex.php");
}
It was to do with mainly needing to get the id which was used in $row[0]' in the form created in the while loop. And actually using the correct syntax for the update Dbsaved... bit.
my code basically override requests (for classes that are full in capacity) submitted by students to specific professors. Let's say 2 students have requested an override to the same class, when a professor is logged in, the code fetches the two override requests with an option of accepting/denying, when i as a professor accept/deny a single override request, it does the action for both the override requests instead of the one i chose.
Basically it's not accepting/denying the requests as selected, its doing the same action for all overrides.
Code:
<?php
} else if ($usertype == 1) {
$server = "";
$user = "";
$pass = "";
$db = "";
$db2 = "";
$db3 = "";
$user1 = $_SESSION['username'];
$mysqli = new Mysqli($server, $user, $pass, $db) or mysqli_error($mysqli);
$mysqli2 = new Mysqli($server, $user, $pass, $db2) or mysqli_error($mysqli);
$mysqli3 = new Mysqli($server, $user, $pass, $db3) or mysqli_error($mysqli);
$status= $mysqli->query("SELECT status FROM Overrides WHERE professor = '$user1'")->fetch_object()->status;
$overrides = $mysqli->query("SELECT * FROM Overrides WHERE professor = '$user1'");
$num_rows = mysqli_num_rows($overrides);
?>
<form method="post" action="dbheads.php" name="HF" id="HF" autocomplete="off">
<script type="text/javascript">
function submitForm(action)
{
document.getElementById('HF').action = action;
document.getElementById('HF').submit();
}
</script>
<?php if ($status == 1) {
echo " Overrides today: " . $num_rows;
?>
<?php
while($row = mysqli_fetch_array($overrides)) { ?>
<fieldset> <?php
echo "First Name: " . $row['name'] . "<br />";
echo "<br />Mid. Name: " . $row['mname'] . "<br />";
echo "<br />Fam. Name: " . $row['fname'] . "<br />";
echo "<br />Student ID: " . $row['sid'] . "<br />";
echo "<br />Scolarship: " . $row['sc'] . "<br />";
echo "<br />Phone No: " . $row['phone'] . "<br />";
echo "<br />Email: " . $row['email'] . "<br />";
echo "<br />Subject: " . $row['subject'] . "<br />";
echo "<br />Section: " . $row['section'] . "<br />";
echo "<br />Semester: " . $row['semester'] . "<br />";
$name = $row['name'];
echo "<input type='hidden' name='name' value='$name'>";
$mname = $row['mname'];
echo "<input type='hidden' name='mname' value='$mname'>";
$fname = $row['fname'];
echo "<input type='hidden' name='fname' value='$fname'>";
$sid = $row['sid'];
echo "<input type='hidden' name='sid' value='$sid'>";
$sc = $row['sc'];
echo "<input type='hidden' name='sc' value='$sc'>";
$phone = $row['phone'];
echo "<input type='hidden' name='phone' value='$phone'>";
$email = $row['email'];
echo "<input type='hidden' name='email' value='$email'>";
$subject = $row['subject'];
echo "<input type='hidden' name='subject' value='$subject'>";
$section = $row['section'];
echo "<input type='hidden' name='section' value='$section'>";
$semester = $row['semester'];
echo "<input type='hidden' name='semester' value='$semester'>";
?>
<br />
<div>
<label for="comments" accesskey="c">Notes & Comments:</label><br />
<input type="textarea" name="comments" id="comments" cols="35" rows="10">
<br>
</div>
<br>
<script type="text/javascript">
function submitForm(action)
{
document.getElementById('HF').action = action;
document.getElementById('HF').submit();
}
</script>
...
<input type="button" onclick="submitForm('dbheads.php')" value="Accept" />
<input type="button" onclick="submitForm('dbheads2.php')" value="Deny" /></form>
</fieldset>
<br>
<?php } }
?>
<br />
dbheads.php
<?php
include_once 'includes/db_connect.php';
include_once 'includes/functions.php';
sec_session_start();
?>
<html>
<?php
$mysql_host = "";
$mysql_username = "";
$mysql_password = "r!~";
$mysql_database = "";
$user = $_SESSION['username'];
if (login_check($mysqli) == true) : ?>
<p>Welcome <?php echo htmlentities($user); ?>!</p>
<?php
$mysqli = new Mysqli($mysql_host, $mysql_username, $mysql_password, $mysql_database) or die(mysqli_error());
$status = 2;
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'");
$stmt->bind_param("s", $status);
$stmt->execute();
echo htmlentities(accepted);
?>
<?php else : ?>
<p>
<span class="error">You are not authorized to access this page.</span> Please login.
</p>
<?php endif; ?>
</html>
bheads2.php
<html>
<?php
$mysql_host = "";
$mysql_username = "";
$mysql_password = "";
$mysql_database = "";
$user = $_SESSION['username'];
if (login_check($mysqli) == true) : ?>
<p>Welcome <?php echo htmlentities($user); ?>!</p>
<?php
$mysqli = new Mysqli($mysql_host, $mysql_username, $mysql_password, $mysql_database) or die(mysqli_error());
$status = 5;
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'");
$stmt->bind_param("s", $status);
$stmt->execute();
echo htmlentities(denied);
?>
<?php else : ?>
<p>
<span class="error">You are not authorized to access this page.</span> Please login.
</p>
<?php endif; ?>
</html>
Any help on how can i fix this? I'm a beginner so ignore the messy code.
It seems you are updating the database with the following query
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE username='$user'")
Which is simply saying where the username is the person logged in or using the page will be updated to the status of your choosing, do you have a unique identifier for each row of overrides? Override_ID maybe.
If so I would fetch that data on your first page and put it into a hidden input like the other data and then use the following query:
$ovid = $_POST['ovid'];
$stmt = $mysqli->prepare("UPDATE Overrides SET status=? WHERE override_id='$ovid'")
EDIT:
You also seem to be updating WHERE username='$user'as opposed to WHERE professor='$user' on your update pages
I have a user data profile that I want to update when a user has filled out a form. When the update query is run values are being passed to the PHP script but not being changed in the table.
HTML of form:
echo "<br />";
echo "From this page you can change your profile details.";
echo "<br />";
echo "<br />";
echo "<form id='edit' action='../scripts/editscript.php' method='post' accept-charset='UTF-8'>";
echo "<label for='firstname'>First Name:</label>";
echo "<input type='text' id='firstname' name='firstname' />";
echo "<br />";
echo "<label for='lastname'>Last Name:</label>";
echo "<input type='text' id='lastname' name='lastname' />";
echo "<br />";
echo "<label for='username'>User Name:</label>";
echo "<input type='text' id='username' name='username' />";
echo "<br />";
echo "<label for='password'>Password:</label>";
echo "<input type='password' id='password' name='password' />";
echo "<br />";
echo "<label for='passwordconfirm'>Confirm Password:</label>";
echo "<input type='password' id='passwordconfirm' name='passwordconfirm' />";
echo "<br />";
echo "<label for='email'>E-Mail:</label>";
echo "<input type='email' id='email' name='email' />";
echo "<br />";
echo "<label for='like'>Something you like:</label>";
echo "<input type='text' id='like' name='like' />";
echo "<br />";
echo "<label for='dislike'>Something you dislike</label>";
echo "<input type='text' id='dislike' name='dislike' />";
echo "<br />";
echo "<label for='fact'>A fun fact about yourself:</label>";
echo "<input type='text' id='fact' name='fact' />";
echo "<br />";
echo "<label for='allow'>Do you want other people to see parts of your profile:</label>";
echo "<input type='radio' name='allow' value='yes' /> Yes";
echo "<input type='radio' name='allow' value='no' /> No";
echo "<br />";
echo "<br />";
echo "<input type='submit' name='submit' value='Confirm' />";
echo "</form>";
PHP script:
<?PHP
session_start();
$time = time();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt = str_replace("+",".",$salt);
$salt = '$2a$08$' . $salt;
$password = crypt($_POST['password'], $salt);
$email = $_POST['email'];
$like = $_POST['like'];
$dislike = $_POST['dislike'];
$fact = $_POST['fact'];
$allow = $_POST['allow'];
$UID = $_SESSION['user']['UID'];
if ($allow == 'yes') {
$allowvalue = 1;
} else {
$allowvalue = 0;
};
$con = mysqli_connect('localhost','//db_username','//db_pass','//table');
if (mysqli_connect_errno($con)) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = "UPDATE users SET firstname = '" . $firstname . "',
lastname = '" . $lastname . "',
username = '" . $username . "',
password = '" . $password . "',
email = '" . $email . "',
like = '" . $like . "',
dislike = '" . $dislike . "',
fact = '" . $fact . "',
allowview = " . $allowvalue . " WHERE UID = " . $UID . "";
mysqli_query($con,$query);
mysqli_close($con);
?>
I really don't get why this isn't going as expected. Any help is appreciated. :)
Prepared statements are not only good for avoiding sql infection but they will also help you organizing your code hence make your code more solid
<?php
session_start();
/*your variables*/
$time = time();
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$username = $_POST['username'];
$salt = substr(base64_encode(openssl_random_pseudo_bytes(17)),0,22);
$salt = str_replace("+",".",$salt);
$salt = '$2a$08$' . $salt;
$password = crypt($_POST['password'], $salt);
$email = $_POST['email'];
$like = $_POST['like'];
$dislike = $_POST['dislike'];
$fact = $_POST['fact'];
$allow = $_POST['allow'];
$UID = $_SESSION['user']['UID'];
if ($allow == 'yes') {
$allowvalue = 1;
} else {
$allowvalue = 0;
};
$mysqli = new mysqli("localhost", "//db_username", "//db_pass", "//table");
/* check connection */
if (mysqli_connect_errno()) {
echo ("Failed to connect to MySQL:: %s\n", mysqli_connect_error());
exit();
}
/* Prepare an update statement */
$query = "UPDATE users SET firstname = ?,
lastname = ?,
username = ?,
password = ?,
email = ?,
like = ?,
dislike = ?,
fact = ?,
allowview = ? WHERE UID = ?";
$stmt = $mysqli->prepare($query);
$stmt->bind_param("ssssssssii",$firstname, $lastname, $username, $password, $email,
$like, $dislike, $fact, $allowvalue, $UID);
/* Execute the statement */
$stmt->execute();
/* close connection */
$mysqli->close();
?>
do a
var_dump($_SESSION['user']['UID']);
most probably the id does not match the id in the db
I figured out what it was. One of the columns in my database was 'like'. This is a MySQL keyword so it was messing with my query, thanks for the suggestions anyway :)
I am trying to loop through all the tables in my database and select everything that has the same type. The following code works expect it only prints out the first entry it finds. For example if someone selects "chicken" to view recipes from it pulls out the first chicken recipe in that the database and thats it. I need it to loop through and get all recipes with type chicken. I have looked up different ways to approach this and none have worked. The for loop I tried using in this one is wrong as well so if anyone has a good approach for this please let me know! Also in my html code all the category's have the same name of "cate" but different values. If that helps.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html>
<head>
</head>
<body>
<?php
$db_server = "server";
$db_username = "name";
$db_password = "pass";
$con = mysql_connect($db_server, $db_username, $db_password);
if (!$con) {
die('Could not connect: ' . mysql_error());
}
$database = "Recipes";
$er = mysql_select_db($db_username);
if (!$er) {
print ("Error - Could not select the database");
exit;
}
//take info from search and looks through the database for recipe
$cate = $_POST['cate'];
$query = mysql_query("SELECT * FROM Recipes WHERE type ='$cate'");
$row = mysql_fetch_array($query);
for($row=1; $row <=$cate; $row++){
?>
<!-- Prints out the recipe -->
<table border ="1">
<tr> <h1>
<?php
print $row['title'];
?>
</h1>
</tr>
<tr>
<td>
<p> Ingredients: </p>
<?php
print $row['num_of_1'] . " ";
print $row['measure_1'] . " ";
print $row['ingredient_1'] . " ";
print ("<br />");
print $row['num_of_2'] . " ";
print $row['measure_2'] . " ";
print $row['ingredient_2'] . " ";
print ("<br />");
print $row['num_of_3'] . " ";
print $row['measure_3'] . " ";
print $row['ingredient_3'] . " ";
print ("<br />");
print $row['num_of_4'] . " ";
print $row['measure_4'] . " ";
print $row['ingredient_4'] . " ";
print ("<br />");
print $row['num_of_5'] . " ";
print $row['measure_5'] . " ";
print $row['ingredient_5'] . " ";
print ("<br />");
print $row['num_of_6'] . " ";
print $row['measure_6'] . " ";
print $row['ingredient_6'] . " ";
print ("<br />");
print $row['num_of_7'] . " ";
print $row['measure_7'] . " ";
print $row['ingredient_7'] . " ";
print ("<br />");
print $row['num_of_8'] . " ";
print $row['measure_8'] . " ";
print $row['ingredient_8'] . " ";
print ("<br />");
print $row['num_of_9'] . " ";
print $row['measure_9'] . " ";
print $row['ingredient_9'] . " ";
print ("<br />");
print $row['num_of_10'] . " ";
print $row['measure_10'] . " ";
print $row['ingredient_10'] . " ";
print ("<br />");
?>
</td>
<td>
<p> Instructions: </p>
<?php
print $row['instructions'];
print ("<br />");
?>
</td>
</tr>
</table>
<br />
<p>
Like this Recipe? Rate It!
<input type = "submit" value = "Good Ramen" />
</p>
<br />
<br />
<p>Add a Comment: </p>
<textarea name = "comment" rows = "10" cols = "100" > </textarea>
<br />
<input type = "submit" value = "Add Comment" />
<br />
<p> Comments: </p>
<?php
$comment_query = ("SELECT *");
while ($comment_query) {
date_default_timezone_get('UPC');
print ($row['username'] . " ");
print ($row['date_added']);
print ($row['comment']);
print ("<br />");
}
}
?>
</body>
</html>
Your loop should be like so:
for($row=0; $row < count($row); $row++){
Its very hard to say but try to replace the for loop
for($row=1; $row <=$cate; $row++){
with while loop
while($row = mysql_fetch_array($query)){
hello you have to do this
for ($row = mysql_fetch_array($query) ) and you ll access to your fields like $row[fields] the thing is every time theres a row the loop for will run
PS : they say that querin a db in a loop its not a good idea