Update MySQL fields w/ update button - php

I'm attempting to update all of the fields displayed from a MySQL table. The delete feature currently works, but I'm not getting any output whatsoever for the update feature. I feel like I'm missing something very basic. Any input is appreciated!
<form action="" method="post">
<?php
$con = mysqli_connect($host,$username,$password,$dbname);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$query = mysqli_query($con,"SELECT * FROM customers");
while($row = mysqli_fetch_array($query))
{
echo "<tr>";
echo "<td><input type=\"text\" name=\"FirstName\" value=\"" . htmlspecialchars($row['FirstName'], ENT_QUOTES, 'UTF-8') . "\"></td>";
echo "<td><input type=\"text\" name=\"LastName\" value=\"" . htmlspecialchars($row['LastName'], ENT_QUOTES, 'UTF-8') . "\"></td>";
echo "<td>" . htmlspecialchars($row['email'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['address'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['phone'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['product'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['firmware'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['purchase_date'], ENT_QUOTES, 'UTF-8') . "</td>";
echo '<td align="center"><input type="hidden" name="email" value="';
echo htmlspecialchars($row['email'], ENT_QUOTES, 'UTF-8');
echo '"><input type="submit" name="delete" value="X"> </td>';
echo "</tr>";
echo '<tr><td colspan="9"><input type="hidden" name="email" value="';
echo htmlspecialchars($row['email'], ENT_QUOTES, 'UTF-8');
echo '"><input type="submit" name="edit" value="Update"></td></tr>';
}
echo "</table>";
?>
<?php
if(isset($_POST['delete'])) {
$email = $_POST['email'];
$delete = "DELETE FROM customers WHERE email = '$email'";
if ($con->query($delete) === TRUE) {
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . $con->error;
}
if (isset($_POST['edit'])) {
$email = $_POST['email'];
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
$edit = "UPDATE customers SET Firstname = '$FirstName', LastName = '$LastName' WHERE email = '$email'";
if ($con->query($edit) === TRUE) {
echo $edit;
echo "Record updated successfully";
} else {
echo $edit;
echo "Error updating record: " . $con->error;
}
}
$conn->close();
}
?>
</form>


check your spelling on conn
Try this:
<form action="" method="post">
<?php
$conn = mysqli_connect($host,$username,$password,$dbname);
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
// $query = mysqli_query($conn,"SELECT * FROM customers");
$query = $conn->query("SELECT * FROM customers");
while($row = $query->fetch_assoc())
{
echo "<tr>";
echo "<td><input type=\"text\" name=\"FirstName\" value=\"" . htmlspecialchars($row['FirstName'], ENT_QUOTES, 'UTF-8') . "\"></td>";
echo "<td><input type=\"text\" name=\"LastName\" value=\"" . htmlspecialchars($row['LastName'], ENT_QUOTES, 'UTF-8') . "\"></td>";
echo "<td>" . htmlspecialchars($row['email'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['address'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['phone'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['product'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['firmware'], ENT_QUOTES, 'UTF-8') . "</td>";
echo "<td>" . htmlspecialchars($row['purchase_date'], ENT_QUOTES, 'UTF-8') . "</td>";
echo '<td align="center"><input type="hidden" name="email" value="';
echo htmlspecialchars($row['email'], ENT_QUOTES, 'UTF-8');
echo '"><input type="submit" name="delete" value="X"> </td>';
echo "</tr>";
echo '<tr><td colspan="9"><input type="hidden" name="email" value="';
echo htmlspecialchars($row['email'], ENT_QUOTES, 'UTF-8');
echo '"><input type="submit" name="edit" value="Update"></td></tr>';
}
echo "</table>";
?>
<?php
if(isset($_POST['delete'])) {
$email = $_POST['email'];
$delete = "DELETE FROM customers WHERE email = '$email'";
if ($conn->query($delete) === TRUE) {
echo "Record deleted successfully";
} else {
echo "Error deleting record: " . $conn->error;
}
if (isset($_POST['edit'])) {
$email = $_POST['email'];
$FirstName = $_POST['FirstName'];
$LastName = $_POST['LastName'];
$edit = "UPDATE customers SET Firstname = '$FirstName', LastName = '$LastName' WHERE email = '$email'";
if ($conn->query($edit) === TRUE) {
echo $edit;
echo "Record updated successfully";
} else {
echo $edit;
echo "Error updating record: " . $conn->error;
}
}
$conn->close();
}
?>
</form>

Related

MYSQLI Real Escape String not working with apostrophe's [duplicate]

This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
How to prevent XSS with HTML/PHP?
(9 answers)
Closed 17 days ago.
I have the following code:
<?php
/*
Template Name: trial_app_review
*/
get_header();
?>
<div class="form-container">
<form style="margin-top: 150px;" method="post">
<?php
// Connect to the MySQL database using the MySQLi object
$mysqli = new mysqli('host', 'user', 'password', 'db');
// Check for errors
if ($mysqli->connect_error) {
echo "Error: " . $mysqli->connect_error;
} else {
// Check if the button was clicked
if (isset($_POST['insert_btn'])) {
// Get the values of the row that the button belongs to
$WK = $_POST['WK']; $WK = mysqli_real_escape_string($mysqli, $WK);
$Trial_Year = $_POST['Trial_Year']; $Trial_Year = mysqli_real_escape_string($mysqli, $Trial_Year);
$Trial_Dates = $_POST['Trial_Dates'];$Trial_Dates = mysqli_real_escape_string($mysqli, $Trial_Dates);
$Trial_Club = $_POST['Trial_Club']; $Trial_Club = mysqli_real_escape_string($mysqli, $Trial_Club);
$Trial_Classes = $_POST['Trial_Classes']; $Trial_Classes = mysqli_real_escape_string($mysqli, $Trial_Classes);
$Ring_Width = $_POST['Ring_Width']; $Ring_Width = mysqli_real_escape_string($mysqli, $Ring_Width);
$Ring_Height = $_POST['Ring_Height']; $Ring_Height = mysqli_real_escape_string($mysqli, $Ring_Height);
$double_yes_no = $_POST['double_yes_no']; $double_yes_no = mysqli_real_escape_string($mysqli, $double_yes_no);
$FeePd = $_POST['FeePd']; $FeePd = mysqli_real_escape_string($mysqli, $FeePd);
$num_days = $_POST['num_days']; $num_days = mysqli_real_escape_string($mysqli, $num_days);
$start_date = $_POST['start_date']; $start_date = mysqli_real_escape_string($mysqli, $start_date);
$Trial_City = $_POST['Trial_City']; $Trial_City = mysqli_real_escape_string($mysqli, $Trial_City);
$Trial_St = $_POST['Trial_St']; $Trial_St = mysqli_real_escape_string($mysqli, $Trial_St);
$trial_sec = $_POST['trial_sec']; $trial_sec = mysqli_real_escape_string($mysqli, $trial_sec);
$Trial_Email = $_POST['Trial_Email']; $Trial_Email = mysqli_real_escape_string($mysqli, $Trial_Email);
$Trial_Website = $_POST['Trial_Website']; $Trial_Website = mysqli_real_escape_string($mysqli, $Trial_Website);
$end_date = $_POST['end_date']; $end_date = mysqli_real_escape_string($mysqli, $end_date);
$street_addr = $_POST['street_addr']; $street_addr = mysqli_real_escape_string($mysqli, $street_addr);
$distckwk = $_POST['distckwk']; $distckwk = mysqli_real_escape_string($mysqli, $distckwk);
$club_id = $_POST['club_id']; $club_id = mysqli_real_escape_string($mysqli, $club_id);
$pend_id = $_POST['ID']; $pend_id = mysqli_real_escape_string($mysqli, $pend_id);
$query = "INSERT INTO Calendar (pend_id, WK, Trial_Year, Trial_Dates, Trial_Club, Trial_City, Trial_St, Trial_Classes, Ring_Width, Ring_Height, double_yes_no, Trial_FName, Trial_Email,
Trial_Website, FeePd, start_date, end_date, street_addr, distckwk, club_id,Pend_Confirm)
VALUES ('$pend_id', '$WK', '$Trial_Year', '$Trial_Dates', '$Trial_Club', '$Trial_City', '$Trial_St', '$Trial_Classes', '$Ring_Width', '$Ring_Height', '$double_yes_no', '$trial_sec',
'$Trial_Email', '$Trial_Website', '$FeePd', '$start_date', '$end_date', '$street_addr','$distckwk', '$club_id',CONCAT('Confirmed-', CURRENT_DATE()))";
$result = $mysqli->query($query);
if ($result) {
$update = "UPDATE PendingCalendar SET Pend_Confirm = CONCAT('Confirmed-', CURRENT_DATE()) WHERE ID = '$pend_id'";
$update_result = $mysqli->query($update);if ($update_result) {
echo '<script>window.location.href = "https://nadac.com/success.php";</script>';
} else {
echo "Error: " . $mysqli->error;
}
} else {
echo "Error: " . $mysqli->error;
}
}
else {
// Execute a SELECT query and check for errors
$result = $mysqli->query("SELECT * FROM PendingCalendar WHERE Pend_Confirm IS NULL OR Pend_Confirm ='' ORDER BY WK DESC");
if (!$result) {
echo "Error: " . $mysqli->error;
} else {
// Add the stylesheet
echo "<style>
table {
border-collapse: collapse;
}
table, td, th {
border: 1px solid black;
padding: 5px;
}
</style>";
// Create the updated HTML table
echo "<table>\n";
echo " <tr>\n";
echo " <th>Action</th>\n";
echo " <th>WK</th>\n";
echo " <th>Trial_Year</th>\n";
echo " <th>Trial_Club</th>\n";
echo " <th>Trial_Classes</th>\n";
echo " <th>Ring_Width</th>\n";
echo " <th>Ring_Height</th>\n";
echo " <th>double_yes_no</th>\n";
echo " <th>Fee Pd</th>\n";
echo " <th>start_date</th>\n";
echo " <th>end_date</th>\n";
echo " </tr>\n";
// Iterate over the results and print each row
while ($row =
$result->fetch_assoc()) {
// Print the table row
echo " <tr>\n";
echo " <td>\n";
echo " <form method='post' >\n";
echo " <input type='hidden' name='ID' value='" . $row['ID'] . "'>\n";
echo " <input type='hidden' name='WK' value='" . $row['WK'] . "'>\n";
echo " <input type='hidden' name='Trial_Year' value='" . $row['Trial_Year'] . "'>\n";
echo " <input type='hidden' name='Trial_Club' value='" . $row['Trial_Club'] . "'>\n";
echo " <input type='hidden' name='Trial_Classes' value='" . $row['Trial_Classes'] . "'>\n";
echo " <input type='hidden' name='Ring_Width' value='" . $row['Ring_Width'] . "'>\n";
echo " <input type='hidden' name='Ring_Height' value='" . $row['Ring_Height'] . "'>\n";
echo " <input type='hidden' name='double_yes_no' value='" . $row['double_yes_no'] . "'>\n";
echo " <input type='hidden' name='FeePd' value='" . $row['FeePd'] . "'>\n";
echo " <input type='hidden' name='start_date' value='" . $row['start_date'] . "'>\n";
echo " <input type='hidden' name='end_date' value='" . $row['end_date'] . "'>\n";
echo " <input type='hidden' name='Trial_Dates' value='" . $row['Trial_Dates'] . "'>\n";
echo " <input type='hidden' name='Trial_City' value='" . $row['Trial_City'] . "'>\n";
echo " <input type='hidden' name='Trial_St' value='" . $row['Trial_St'] . "'>\n";
echo " <input type='hidden' name='Trial_Email' value='" . $row['Trial_Email'] . "'>\n";
echo " <input type='hidden' name='Trial_Website' value='" . $row['Trial_Website'] . "'>\n";
echo " <input type='hidden' name='street_addr' value='" . $row['street_addr'] . "'>\n";
echo " <input type='hidden' name='distckwk' value='" . $row['distckwk'] . "'>\n";
echo " <input type='hidden' name='club_id' value='" . $row['club_id'] . "'>\n";
echo " <input type='hidden' name='trial_sec' value='" . $row['trial_sec'] . "'>\n";
echo " <button type='submit' name='insert_btn'>Insert</button>\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>" . $row['WK'] . "</td>\n";
echo " <td>" . $row['Trial_Year'] . "</td>\n";
echo " <td>" . $row['Trial_Club'] . "</td>\n";
echo " <td>" . $row['Trial_Classes'] . "</td>\n";
echo " <td>" . $row['Ring_Width'] . "</td>\n";
echo " <td>" . $row['Ring_Height'] . "</td>\n";
echo " <td>" . $row['double_yes_no'] . "</td>\n";
echo " <td>" . $row['FeePd'] . "</td>\n";
echo " <td>" . $row['start_date'] . "</td>\n";
echo " <td>" . $row['end_date'] . "</td>\n";
echo " </tr>\n";
} echo "</table>\n";
}
}
}
?>
</form>
</div>
And it works. But when a column has an apostrophe, it removes everything after the apostrophe.
I am definitely a beginner, but I thought the escape string would prevent that from happening?
I made a test record and using something like this: NADAC,Testing'testing"testing it gets shortened to: NADAC,Testing
What am I missing?

My delete button is not functioning as expected

I'm stuck in the delete function, I wonder why my delete button is not functioning, and I already edited my code.
<?php
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
$semester = ($_POST["semester"]);
$level = ($_POST["level"]);
}
?>
Here is the form method:
<form method="post" action="<?php echo($_SERVER["PHP_SELF"]);?>" enctype="multipart/form-data">
Here is to display the data in table form, and SELECT * is functioning
$sql = mysqli_query ($connection, "SELECT * FROM subject");
echo " <table>
<th>Semester</th>
<th>Level</th>
</tr>";
while($record = mysqli_fetch_assoc ($sql)){
echo "<tr>";
echo "<td>" . $record['semester'] . "</td>";
echo "<td>" . $record['level'] . "</td>";
echo "<td>" . "<input type=submit name=delete value=Delete>" . "</td>";
echo "</tr>";
}
This is the delete button code
if (isset($_POST['delete']))
{
$delete = mysqli_query ($connection, "DELETE FROM subject WHERE semester = '($_POST[semester])'");
}

Try this :
while($record = mysqli_fetch_assoc ($sql)){
echo "<tr>";
echo '<form action="mypage.php" method="post">';
echo "<td>" . $record['semester'] . "</td>";
echo "<td>" . $record['level'] . "</td>";
echo "<td>" . $record['course'] . "</td>";
echo "<td>" . $record['subject'] . "</td>";
echo "<td>" . $record['section'] . "</td>";
// And add field form hidden
echo '<input type="hidden" name="semester" value="'.$record['semester'].'">';
echo "<td>" . '<input type="submit" name="delete" value="Delete">' . "</td>";
echo "</form>";
echo "</tr>";
}
if (isset($_POST['delete']) && isset($_POST['semester']))
{
$stmt = $connection->prepare('DELETE FROM subject WHERE semester = ?');
// if $_POST['semester'] is integer else see http://php.net/manual/en/mysqli-stmt.bind-param.php
$stmt->bind_param('i', $_POST['semester']);
$stmt->execute();
}

Sending bcc emails only for selected checkbox values

I am trying to send the same email only to selected users. I am printing values from table and want to select specific users to send an email.
<form name="unos" action="mail-proizvodi.php" method="post">
<?
echo "<table border='5'>
<tr>
<th> </th>
<th>ID</th>
<th>NAZIV</th>
<th>ADRESA</th>
<th>DRZAVA</th>
<th>GRAD</th>
<th>EMAIL</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo '<td><input type="checkbox" name="email[]" value="' . $row['ID'] . '"></td>';
echo "<td>" . $row['ID'] . "</td>";
echo "<td>" . $row['NAZIV'] . "</td>";
echo "<td>" . $row['ADRESA'] . "</td>";
echo "<td>" . $row['DRZAVA'] . "</td>";
echo "<td>" . $row['GRAD'] . "</td>";
echo "<td>" . $row['EMAIL'] . "</td>";
echo "</tr>";
}
echo "</table>";
?>
<input type="submit" name="submit" value="submit">
</form>
my mail-proizvodi.php code
$mail=$_POST['email'];
echo "Dzenad catic";
$query= "SELECT `EMAIL` FROM `clanovi` WHERE ID='$mail[0]'";
if(sizeof($mail)>1)
{
for($i=1; $i<sizeof($mail); $i++)
{
$query.=" OR ID = '$mail[$i]' ";
}
}
$result=mysqli_query($con,$query);
while(FALSE!==($row=mysqli_fetch_row($result))) {
$bccfields[] = $row['EMAIL'];
}
echo sprintf("<a href=mailto:test#test.ba?bcc=%s />\n",
urlencode(implode(',',$bccfields)));
echo "Send" ;
Post I am receiving is an array. And when I do var_dump($mail) I get
array
0 => string '20' (length=2)
1 => string '30' (length=2)
Any help or advice is appreciated. Thanks in advance.

I am posting solution for the problem I had in case someone else face similar mistake.
$mail=$_POST['email'];
$query= "SELECT `EMAIL` FROM `clanovi` WHERE ID ='$mail[0]'";
if(sizeof($mail)>1)
{
for($i=1; $i<sizeof($mail); $i++)
{
$query.=" OR ID = '$mail[$i]' ";
}
}
$result=mysql_query($query);
if (!$result) {
echo "Could not successfully run query ($query) from DB: " . mysql_error();
exit;
}
if (mysql_num_rows($result) == 0) {
echo "No rows found, nothing to print so am exiting";
exit;
}
while(FALSE!==($row=mysql_fetch_assoc($result))) {
$bccfields[] = $row['EMAIL'];
}
echo sprintf("<a href=mailto:prodaja#alternativa.ba?bcc=%s />\n",
urlencode(implode(',',$bccfields)));
echo "Send" ;
mysql_free_result($result);

PHP MSSQL Query Search

I have been batting this around for a while and can not get the variables working for a search. Can connect fine and return results defined as a proper mssql_query and also am fine order by on variables etc but trying to get a text search implemented is not returning results not sure why.
<?php
$link = mssql_connect('SERV13\\RALSQL12', 'RA4joomla', 'Fenestron1');
if (!$link || !mssql_select_db('RALNHV', $link)) {
die('Unable to connect or select database!');
}else{
echo"";
}
if(isset($_REQUEST['submit'])){
$firstname=$_POST['FirstName'];
$surname=$_POST['Surname'];
$query = 'SELECT * FROM lEmployee WHERE FirstName LIKE '%".$firstname."%' OR Surname LIKE '%".$surname."%'';
$q=mssql_query($sql);
}
else{
$query = 'SELECT * FROM lEmployee';
$q = mssql_query($query);
}
?>
<form method="post">
<table width="200" border="1">
<tr>
<td>Name</td>
<td><input type="text" name="firstname" value="<?php echo $firstname;?>" /></td>
<td>Email</td>
<td><input type="text" name="surname" value="<?php echo $surname;?>" /></td>
<td><input type="submit" name="submit" value=" Find " /></td>
</tr>
</table>
</form>
<?php
// Check if there were any records
echo "<table class='table'>";
echo "<tr>";
echo "<th><a href='?orderBy=FirstName'>FirstName</a></th><th><a href='?orderBy=Surname'>Surname</a></th><th><a href='?orderBy=EmployeeNo'>Trigram</a></th><th>Office Phone</th><th>Mobile</th><th><a href='?orderBy=EmployeeJobTitle'>Job Title</a></th><th><a href='?orderBy=Name'>Base</a></th>";
echo "</tr>";
while ($row = mssql_fetch_array($query)) {
echo "<tr>";
echo "<td>" . '' . iconv("CP1252", "UTF-8", $row['FirstName']) . '' . "</td>";
echo "<td>" . '' . iconv("CP1252", "UTF-8", $row['Surname']) . '' . "</td>";
echo "<td>" . '' . $row['EmployeeNo'] . '' . "</td>";
echo "<td>" . '' . $row['Phone'] . '' . "</td>";
echo "<td>" . '' . $row['Mobile'] . '' . "</td>";
echo "<td>" . '' . $row['EmployeeJobTitle'] . '' . "</td>";
echo "<td>" . '' . $row['Name'] . '' . "</td>";
echo "</tr>";
}
echo "</table>";
?>

I am 100% agree with nickL you have some formating issue in your query try to replace your search query by this:
$firstname=$_POST['firstname'];
$surname=$_POST['surname'];
$query = "SELECT * FROM lEmployee WHERE FirstName LIKE '%".$firstname."%' OR Surname LIKE '%".$surname."%'";
$q=mssql_query($sql);
php is a case sensitive language your post variables name are wrong replace the code and try again, if not succeeded try echo $query and run it in query browser in sql server.
hope this will fix the issue.

Passing a selected mysql_fetch_array() value to a processing script

This script takes all values from the users table and outputs them in a 'send friend request' type scenario for a social network I'm building. So how do I successfully pass $row['id'] to process-request.php?
$userid = $_SESSION['userid'];
$results = mysql_query("SELECT * FROM users");
while($row = mysql_fetch_array($results)) {
if($userid != $row['user_pid']) {
echo $row['firstname'] . " " . $row['lastname'];
echo "<form method='POST' action='processing/process-request.php'>";
echo '<input name="accepted" type="submit" value="Send User Request" /><br />';
echo '<input name="AddedMessage" placeholder="Add a message?" type="textbox" />';
echo '<br>Select Friend Type: ' . '<br />Full: ';
echo '<input name="full_friend" type="checkbox"';
echo '<input type="hidden" name="id" value="' . $row["id"] . '" />';
echo '</form>';
echo "<br /><hr />";
} elseif ($userid == $row['user_pid']) {
echo $row['firstname'] . " " . $row['lastname'];
echo "<br />";
echo "You all are already friends";
}
}

Since you're already using sessions,
$_SESSION['row-id'] = $row['id'];

Categories