PHP executes but doesnt execute SQL update correctly - php

I have a table which displays
-Staff ID (Primary Key)
-Staff Name
-Staff Position
All the data loads in to my grid, the grid has an update button witch should let me to update it but it returns original result after clicking update.
<html>
<head>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "root", "");
if (!$conn){
die("Can not connect: " . mysql_error());
}
mysql_select_db("pizza_shop",$conn);
if (isset($_POST['submit']) && $_POST['submit'] == 'update'){
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
mysql_query($UpdateQuery);
}
$sql = "SELECT * FROM staff";
$myData = mysql_query($sql, $conn);
echo "<table border=1>
<tr>
<th>Staff Name<th>
<th>Staff Position<th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=#edit_staff.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name =staffname value=" . $record['StaffName'] ." </td>";
echo "<td>" . "<input type=text name =staffposition value=" . $record['Position'] ." </td>";
echo "<td>" . "<input type=hidden name=hiddenid value=" . $record['StaffID'] . "</td>";
echo "<td>" . "<input type=submit name = update values=Update" . "</td>";
echo "</form>";
}
echo "</table>";
$conn = null;
?>
</body>
</html>


You need to change your update query from
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
to
$UpdateQuery = "UPDATE staff SET StaffName='".$_POST['staffname']."', Position='".$_POST['staffposition']."' WHERE StaffID='".$_POST['hiddenid']."'";
What you were doing is $_POST[staffname] which must be like as $_POST['staffname'] and always try to check using error_reporting(E_ALL) function and need to check that your values are set or not

Related

Being able to delete data from the click of a button on a page which also deletes the data from the database

I have multiple text boxes within a table on my web page which is populated from a form on my website users fill out. I have the feature of being able to delete each row as well as edit each row of data displayed on my website. The problem I'm having with it is only the last row of the table can be edited/deleted. For example, When I click the delete button on the first row of the table, it deletes the last row for some reason and not the first row. Also, it's the same with the update/edit button, only the last row can be modified and not anything above the last row of the table on my website.
More information:
form_id is the primary key within my database.
My code:
<?php
$con = #mysql_connect("localhost","root","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("formsystem", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE form SET form_name='$_POST[name]', form_description='$_POST[description]' WHERE form_id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
$sql = "SELECT * FROM form";
$myData = mysql_query($sql,$con);
echo "<table>
<tr>
<th>Title</th>
<th>Description</th>
<th></th>
<th></th>
<th></th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=findGroup.php method=post>";
echo "<tr>";
echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
echo "</tr>";
}
echo "</table>";
?>

Update
Enclose the form element properly:
<?php
$con = #mysql_connect("localhost","root","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("formsystem", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE form SET form_name='".$_POST['name']."', form_description='".$_POST['description']."' WHERE form_id='".$_POST['hidden']."';";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='".$_POST['hidden']."';";
mysql_query($DeleteQuery, $con);
};
$sql = "SELECT * FROM form";
$myData = mysql_query($sql,$con);
echo "<table>
<tr>
<th>Title</th>
<th>Description</th>
<th></th>
<th></th>
<th></th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=findGroup.php method=post>";
echo "<tr>";
echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
echo "</tr>"
echo "</form>";
}
echo "</table>";
?>
And for security issue, it's better to wrap variable using mysqli_real_escape_string, for example:
"DELETE FROM form WHERE form_id='".mysqli_real_escape_string($_POST['hidden'])."';";
But this is another question, here is the thread.

First off, check these potential issues:
You are connecting as root. Not recommended. You should connect as a MySQL user with M.A.D rights on that table (modify, add, delete).
Have you checked the MySQL & system/PHP logs to see if any errors are being reported? Then you can adjust your code based on those errors.
Have you attempted to run the delete statement manually to confirm that it deletes the desired row?
In your code, have you tried using the $sql = DELETE... syntax on your delete statement?

php: Using <form> tag to sum a new value to an existing value in php

I am creating a webpage that is similar to a points system. It consists of a table with name and points columns. The user inputs a number, which then adds that value to the existing number in the table. My question is how would I be able to add those two values and update the table(database)?
<?php
$con = mysql_connect("xxx, xxx, xxx);
if (!$con) {
die("can not connect:" . mysql_error());
}
mysql_select_db("points", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE coach_tbl set coachscore = coachscore + '$add' WHERE coach_score = '$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if (isset($_POST['submit'])){
$AddQuery = "INSERT INTO coach_tbl (coach_name, coach_score) VALUES('$_POST[name]', '$_POST[score]')";
mysql_query($AddQuery, $con);
};
$sql = "SELECT * FROM coach_tbl ORDER BY coach_score DESC";
echo "<table border=1>
<tr>
<th>NAME</th>
<th>Score</th>
</tr>";
$myData = mysql_query($sql, $con);
while($record = mysql_fetch_array($myData)) {
echo "<form action=index.php method=post>";
echo "<tr>";
echo "<td><input type=text name=coachname value='" . $record['coach_name'] . "'> </td>";
echo "<td><input type=text name=coachscore value='" . $record['coach_score'] . "'> </td>";
echo "<td><input type=hidden name=hidden value='" . $record['coach_score'] . "'> </td>";
echo "<td><input type=submit name=update value=update'" . "'> </td>";
echo "<td><input type=number min="1" max="10" name=add value=add'" . "'> </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysql_close($con);
?>
If there are any questions I will gladly elaborate on anything. I am also fairly new to php.

Let's say you have an html form like so:
<form action="update.php" method="POST">
<input type="number" name="updateData" value=""/>
<input type="submit">
</form>
and an update.php:
<?php
//assuming you want 1-10 points max to be added each time
if( isset($_POST['updateData']) && $_POST['updateData'] >=1 && $_POST['updateData'] >=10){
//set to user inputed value
$insertData = $_POST['updateData'];
$sql = "UPDATE point_table SET points = points + $insertData WHERE id = 1";
//you will need to finish off the query by checking connecting with your database.
}
?>

SQL UPDATE code not changing database data

I'm trying to update my database through forms.
Part of the code is working because it retrieves data from the table and displays it in the form but the sql update code is not changing values at the backend.
Snippet of code is shown below, any help at all will be appreciated:
<html>
<head>
<body>
<?php
$con = mysql_connect("localhost","user","pass");
if(!$con){
die("Cannot Connect to database:" . mysql_error());
}
mysql_select_db("intranet",$con);
$sql = "SELECT * FROM progress_sheet";
$myData = mysql_query($sql,$con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$_POST[jobdescription]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
echo "<table border=1>
<tr>
<th>Job Description</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=save.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['hidden'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "</table>";
?>
</body>
</head>
</html>
*

In your code more than one errors are found,
1 Missing single quotes and double quotes.
2 The form is posted to another file save.php (quotes is also missing)
<html>
<head>
<body>
<?php
$con = mysql_connect("localhost","user","pass");
if(!$con){
die("Cannot Connect to database:" . mysql_error());
}
mysql_select_db("intranet",$con);
$sql = "SELECT * FROM progress_sheet";
$myData = mysql_query($sql,$con);
if(isset($_POST['update'])){
$jobdescription = $_POST['jobdescription']; // See here
$id = $_POST['hidden']; // See here
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$id'";
mysql_query($UpdateQuery, $con);
};
echo "<table border=1>
<tr>
<th>Job Description</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action='' method='post'>"; // See Here. The form is posted to another page
echo "<tr>";
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "</table>";
?>
</body>
</head>
</html>

$UpdateQuery = 'UPDATE progress_sheet SET jobdescription="'.mysql_real_escape_string(isset($_POST['jobdescription']) ? $_POST['jobdescription'] : '').'" WHERE id='.(isset($_POST['hidden']) ? $_POST['hidden']*1 : 0);
And stop using mysql_* functions and move to mysqli_* functions as the ones you are using are deprecated.

This is basic example with simple checks to prevent sql injections. Note that mysql functions are deprecated. You can use mysqli functions.
<html>
<head>
<body>
<?php
$con = mysql_connect("localhost","user","pass");
if(!$con){
die("Cannot Connect to database:" . mysql_error());
}
mysql_select_db("intranet",$con);
$sql = "SELECT * FROM progress_sheet";
$myData = mysql_query($sql,$con);
if(isset($_POST['update'])){
//do basic checks to prevent sql injections
$jobdescription = isset($_POST['jobdescription']) ? trim($_POST['jobdescription'] : '');
$hidden = isset($_POST['hidden']) ? trim($_POST['hidden'] : '');
$jobdescription = mysql_real_escape_string($jobdescription);
$hidden = mysql_real_escape_string($hidden);
if(empty($jobdescription) || empty($hidden)){
//handle errors here
//exit;
//or do error logging $errors[] = "Your error message"
//or redirect with header(...);
}
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$hidden'";
mysql_query($UpdateQuery, $con);
};
echo "<table border=1>
<tr>
<th>Job Description</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=save.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "</table>";
?>
</body>
</head>
</html>
At the top of your .php files you should enable error reporting, which will help you with debugging:
<?php
// Turn off error reporting
error_reporting(0);
// Report runtime errors
error_reporting(E_ERROR | E_WARNING | E_PARSE);
// Report all errors
error_reporting(E_ALL);
// Same as error_reporting(E_ALL);
ini_set("error_reporting", E_ALL);
// Report all errors except E_NOTICE
error_reporting(E_ALL & ~E_NOTICE);
?>

MySQL - UPDATE and DELETE QUERY not working

I'm just a beginner in terms of programming, so I'm just referring all my codes through tutorials. Luckily, I found this online tutorial in youtube where users are allowed to add, update, and delete data in mysql using php. I follow all his instructions, I got it working but then it stopped when I added css on it.
This is not a general issue, I just need some help. If anyone can help me, much appreciated. Thank you so much.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "rssfeed";
$connect = mysql_connect($servername, $username, $password, $dbname);
if (!$connect) {
die("Connection failed. Error" . mysql_error());
}
$database = mysql_select_db($dbname, $connect);
if (!$database) {
die("Can't select database");
}
$sql = "SELECT * FROM record";
$data = mysql_query($sql, $connect);
if (isset($_POST['update'])){
$updateQuery = "UPDATE record SET name = '$_POST[name]', url = '$_POST[url]', description = '$_POST[desc]' WHERE name = '$_POST[hidden]'";
mysql_query($updateQuery, $connect);
header("Location: maintenance.php");
};
if (isset($_POST['delete'])){
$deleteQuery = "DELETE FROM record WHERE name = '$_POST[hidden]'";
mysql_query($deleteQuery, $connect);
header("Location: maintenance.php");
};
if (isset($_POST['add'])){
$addQuery = "INSERT INTO record (name, url, description) VALUES ('$_POST[iName]', '$_POST[iUrl]', '$_POST[iDesc]')";
mysql_query($addQuery, $connect);
header("Location: maintenance.php");
};
echo "<div class=center>
<table id=myTable border=1>
<tr>
<th> Name </th>
<th> URL </th>
<th> Description </th>
</tr>";
while($record = mysql_fetch_array($data)) {
echo "<form method=post action=maintenance.php>";
echo "<tr>";
echo "<td>" . "<input type=text name=name id=name value=" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=url id=url value=" . $record['url'] . " </td>";
echo "<td>" . "<textarea rows=1 cols=50 wrap=physical name=desc id=desc>" . strip_tags($record['description']) . "</textarea></td>";
echo "<input type=hidden name=hidden value=" . $record['name'] . ">";
echo "<td>" . "<input type=submit name=update id=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete id=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
echo "<table border=1>";
echo "<form method=post action=maintenance.php>";
echo "<tr>";
echo "<td><input type=text name=iName></td>";
echo "<td><input type=text id=url name=iUrl></input></td>";
echo "<td><textarea rows=1 cols=50 name=iDesc></textarea></td>";
echo "<td>" . "<input type=submit name=add id=add value=add" . " </td>";
echo "</tr>";
echo "</form>";
echo "</table>";
echo "</div>";
mysql_close($connect);
?>

In your queries, $_POST[name] should be $_POST[\"name\"]. BUT, this is terrible, you are very open to SQL injections.
Please have a read of this and stop using mysql_query (it's deprecated)

you have several errors in your echo output..
echo "<td>" . "<input type=text name=name id=name value=" . $record['name'] . " </td>";
You have forgot the single quotes for each html-element-attribute and the bigger then at the end of multiple input elements...
try this:
echo "<td><input type='text' name='name' id='name' value='" . $record['name'] . "'> </td>";

Php Populate Table and Update

Guys I cant see why it is that my code will only Update the last row on the table. It will populate the entire HTML page with a table with the info from phpAdmin. I can then change this info, on the html page. It all works fine if there is only one record, anymore than one and it only takes effect on the last row. I am new to all this, so excuse the code, here it is......
<html>
<?php
$con = mysql_connect("localhost","root");
if(!$con){
die("Cant get there Bren: " . mysql_error());
}
mysql_select_db("Web_Data",$con);
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Vehicles SET Vehicle_Id='$_POST[Vehicle_Id]',
Registration='$_POST[Registration]',Make='$_POST[Make]',Model='$_POST[Model]',
Classification='$_POST[Classification]',Rental_Price='$_POST[Rental_Price]',
Current_Status='$_POST[Current_Status]',Mileage='$_POST[Mileage]'
WHERE Vehicle_Id='$_POST[hidden]'";
echo "<center> Vechicle Id '$_POST[hidden]' succesfully VEHICLE UPDATED </center>";
mysql_query($UpdateQuery, $con);
};
$sql = "Select * From Vehicles";
$myData = mysql_query($sql,$con);
echo" <center> <table border = 3>
<tr>
<th>Vehicle_Id</th>
<th>Registration</th>
<th>Make</th>
<th>Model</th>
<th>Classification</th>
<th>Rental_Price</th>
<th>Current_Status</th>
<th>Mileage</th>
</tr></center>";
while($record = mysql_fetch_array($myData)){
echo "<form action = UpdateWD.php method=post>";
echo "<tr>";
echo "<td>" . "<input type = text name = Vehicle_Id value=" . $record['Vehicle_Id'] . " </td>";
echo "<td>" . "<input type = text name = Registration value=" . $record['Registration'] . " </td>";
echo "<td>" . "<input type = text name = Make value=" . $record['Make'] . " </td>";
echo "<td>" . "<input type = text name = Model value=" . $record['Model'] . " </td>";
echo "<td>" . "<input type = text name = Classification value=" . $record['Classification'] . " </td>";
echo "<td>" . "<input type = text name = Rental_Price value=". $record['Rental_Price'] . " </td>";
echo "<td>" . "<input type = text name = Current_Status value=" . $record['Current_Status'] . " </td>";
echo "<td>" . "<input type = text name = Mileage value=" . $record['Mileage'] . " </td>";
echo "<td>" . "<input type = hidden name = hidden value=" . $record['Vehicle_Id'] . " </td>";
echo "<td>" . "<input type = submit name = update value= update" . " </td>";
echo "</from>";
}
echo"</table>";
mysql_close($con);
?>
<br><br><br>
<footer>
Copyright © 2013 ABU LTD
About -
Privacy Policy -
Contact Us
Logout
</footer> <!--footer-->
</html>

See here:
Use while loop to display all fetched records.
<?php
// Make a MySQL Connection
$sql = "Select * From Vehicles";
$myData = mysql_query($sql,$con) or die(mysql_error());
while($row = mysql_fetch_array($myData)){
echo $row['Vehicle_Id'];
}
?>
And mysql_query can't use multiple queries.
The easiest thing is to just run them separately. I believe you can do multi query but I haven't tried it.
Just get the idea how you can run multiple queries using foreach loop.
$updateArray = array(21=>300,23=>200,24=>100);
foreach($updateArray as $id=>$value)
{
$query = "UPDATE cart SET cart_qty='$value' WHERE cart_id = '$id'";
mysql_query($query,$link);// $link is specified above
}

here is my mistake
hours and hours and all it was
echo "<td>" . "<input type = 'submit' name = 'update' value= 'update'" . " />";
echo "</td>";
echo "</tr>";
echo "</form>";
had "form" spelt "from" & didnt close the </tr>

Categories