I am brand new to php and I am trying to teach myself to code. I am hoping that someone here can help a newb out. I have a database with 300 client records in it. I am using the following code to access the database. It works great but I am having two issues that I cannot seem to fix.
1) not all clients have a middle name listed and when the middle name field is blank it adds a
2) all 300 client records display at once. Is there a way I can set it to display only 1 to a max of 10 records at a time and use next previous buttons?
additionally, is there a way to search the database? for example a box, and I enter john in it and click search and it returns all records with John? If there is a video or walkthrough that is detailed enough I can figure it out if no one is able to provide me with the code.
Thank you in advance for the help.
<html>
<head>
</head>
<body>
<?php
$con = mysql_connect("localhost", "root", "");
if (!$con) {
die("can not connect: " . mysql_error());
}
mysql_select_db ("new_concepts" ,$con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE clients SET ClientID='$_POST[ClientID]', FirstName='$_POST[FirstName]', MiddleName='$_POST[MiddleName]', LastName='$_POST[LastName]', Diagnosis='$_POST[Diagnosis]', Gender='$_POST[Gender]', LevelCare='$_POST[LevelCare]', Counselor='$_POST[Counselor]' WHERE ClientID='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM clients WHERE ClientID='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
if(isset($_POST['add'])){
$AddQuery = "INSERT INTO clients (ClientID, FirstName, MiddleName, LastName, Diagnosis, Gender, LevelCare, Counselor) VALUES ('$_POST[uclientid]','$_POST[ufirstname]','$_POST[umiddlename]','$_POST[ulastname]','$_POST[udiagnosis]','$_POST[ugender]','$_POST[ulevelcare]','$_POST[ucounselor]')";
mysql_query($AddQuery, $con);
};
$sql = "SELECT * FROM clients";
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>First Name</th>
<th>Middle Name</th>
<th>Last Name</th>
<th>Client ID</th>
<th>Diagnosis</th>
<th>Gender</th>
<th>Level of Care</th>
<th>Counselor</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=mydata5.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=FirstName value=" . $record['FirstName'] . " </td>";
echo "<td>" . "<input type=text name=MiddleName value=" . $record['MiddleName'] . " </td>";
echo "<td>" . "<input type=text name=LastName value=" . $record['LastName'] . " </td>";
echo "<td>" . "<input type=text name=ClientID value=" . $record['ClientID'] . " </td>";
echo "<td>" . "<input type=text name=Diagnosis value=" . $record['Diagnosis'] . " </td>";
echo "<td>" . "<input type=text name=Gender value=" . $record['Gender'] . " </td>";
echo "<td>" . "<input type=text name=LevelCare value=" . $record['LevelCare'] . " </td>";
echo "<td>" . "<input type=text name=Counselor value=" . $record['Counselor'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['ClientID'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=mydata5.php method=post>";
echo "<tr>";
echo "<td><input type=text name=ufirstname></td>";
echo "<td><input type=text name=umiddlename></td>";
echo "<td><input type=text name=ulastname></td>";
echo "<td><input type=text name=uclientid></td>";
echo "<td><input type=text name=udiagnosis></td>";
echo "<td><input type=text name=ugender></td>";
echo "<td><input type=text name=ulevelcare></td>";
echo "<td><input type=text name=ucounselor></td>";
echo "<td>" . "<input type=submit name=add value=add" . " </td>";
echo "</form>";
echo "</table>";
mysql_close($con);
?>
</body>
</html>
Ok I changed the page to sqli but now when I try to add a record nothing happens and I cannot find the error, I had it working until I started adding more fields then first/last names. I think I have narrowed the error to
if ($stmt = $mysqli->prepare("INSERT clients (FirstName, MiddleName, LastName) VALUES (?,?, ?)"))
{
$stmt->bind_param("ss", $FirstName, $MiddleName, $LastName);
$stmt->execute();
$stmt->close();
}
But I have no idea how to fix it. I found the error!!! Ive only been learning php and MySQL for a week. I still have a lot to learn...
<?php
/*
Allows the user to both create new records and edit existing records
*/
// connect to the database
include("connect-db.php");
// creates the new/edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($first = '', $middle = '', $last = '', $ClientID = '', $error = '', $ID = '')
{ ?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>
<?php if ($ID != '') { echo "Edit Record"; } else { echo "New Record"; } ?>
</title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
</head>
<body>
<h1><?php if ($ID != '') { echo "Edit Record"; } else { echo "New Record"; } ?></h1>
<?php if ($error != '') {
echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
. "</div>";
} ?>
<form action="" method="post">
<div>
<?php if ($ID != '') { ?>
<input type="hidden" name="ID" value="<?php echo $ID; ?>" />
<p>ID: <?php echo $ID; ?></p>
<?php } ?>
<strong>First Name: *</strong> <input type="text" name="FirstName"
value="<?php echo $first; ?>"/><br/>
<strong>Middle Name: *</strong> <input type="text" name="MiddleName"
value="<?php echo $middle; ?>"/>
<strong>Last Name: *</strong> <input type="text" name="LastName"
value="<?php echo $last; ?>"/>
<strong>Client ID: *</strong> <input type="text" name="ClientID"
value="<?php echo $ClientID; ?>"/>
<strong>Diagnosis: *</strong> <input type="text" name="Diagnosis"
value="<?php echo $last; ?>"/>
<strong>Gender: *</strong> <input type="text" name="Gender"
value="<?php echo $last; ?>"/>
<strong>Counselor: *</strong> <input type="text" name="Counselor"
value="<?php echo $last; ?>"/>
<p>* required</p>
<input type="submit" name="submit" value="Submit" />
</div>
</form>
</body>
</html>
<?php }
/*
EDIT RECORD
*/
// if the 'ID' variable is set in the URL, we know that we need to edit a record
if (isset($_GET['ID']))
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// make sure the 'ID' in the URL is valid
if (is_numeric($_POST['ID']))
{
// get variables from the URL/form
$ID = $_POST['ID'];
$FirstName = htmlentities($_POST['FirstName'], ENT_QUOTES);
$MiddleName = htmlentities($_POST['MiddleName'], ENT_QUOTES);
$LastName = htmlentities($_POST['LastName'], ENT_QUOTES);
$ClientID = htmlentities($_POST['ClientID'], ENT_QUOTES);
// check that FirstName and LastName are both not empty
if ($FirstName == '' || $MiddleName == '' || $LastName == '' || $ClientID == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($FirstName, $MiddleName, $LastName, $ClientID, $error, $ID);
}
else
{
// if everything is fine, update the record in the database
if ($stmt = $mysqli->prepare("UPDATE clients SET FirstName = ?, MiddleName = ?, LastName = ?, ClientID = ?
WHERE ID=?"))
{
$stmt->bind_param("ssi", $FirstName, $MiddleName, $LastName, $ClientID, $ID);
$stmt->execute();
$stmt->close();
}
// show an error message if the query has an error
else
{
echo "ERROR: could not prepare SQL statement.";
}
// redirect the user once the form is updated
header("Location: view.php");
}
}
// if the 'ID' variable is not valid, show an error message
else
{
echo "Error!";
}
}
// if the form hasn't been submitted yet, get the info from the database and show the form
else
{
// make sure the 'ID' value is valid
if (is_numeric($_GET['ID']) && $_GET['ID'] > 0)
{
// get 'ID' from URL
$ID = $_GET['ID'];
// get the recod from the database
if($stmt = $mysqli->prepare("SELECT * FROM clients WHERE ID=?"))
{
$stmt->bind_param("i", $ID);
$stmt->execute();
$stmt->bind_result($ID, $FirstName, $MiddleName, $LastName, $ClientID);
$stmt->fetch();
// show the form
renderForm($FirstName, $MiddleName, $LastName, $ClientID, NULL, $ID);
$stmt->close();
}
// show an error if the query has an error
else
{
echo "Error: could not prepare SQL statement";
}
}
// if the 'ID' value is not valid, redirect the user back to the view.php page
else
{
header("Location: view.php");
}
}
}
/*
NEW RECORD
*/
// if the 'ID' variable is not set in the URL, we must be creating a new record
else
{
// if the form's submit button is clicked, we need to process the form
if (isset($_POST['submit']))
{
// get the form data
$FirstName = htmlentities($_POST['FirstName'], ENT_QUOTES);
$MiddleName = htmlentities($_POST['MiddleName'], ENT_QUOTES);
$LastName = htmlentities($_POST['LastName'], ENT_QUOTES);
$ClientID = htmlentities($_POST['ClientID'], ENT_QUOTES);
// check that FirstName and LastName are both not empty
if ($FirstName == '' || $MiddleName == '' || $LastName == '' || $ClientID == '')
{
// if they are empty, show an error message and display the form
$error = 'ERROR: Please fill in all required fields!';
renderForm($FirstName, $MiddleName, $LastName, $ClientID, $error);
}
else
{
// insert the new record into the database
if ($stmt = $mysqli->prepare("INSERT clients (FirstName, MiddleName, LastName, ClientID) VALUES (?, ?)"))
{
$stmt->bind_param("ss", $FirstName, $MiddleName, $LastName, $ClientID);
$stmt->execute();
$stmt->close();
}
// show an error if the query has an error
else
{
echo "ERROR: Could not prepare SQL statement.";
}
// redirec the user
header("Location: view.php");
}
}
// if the form hasn't been submitted yet, show the form
else
{
renderForm();
}
}
// close the mysqli connection
$mysqli->close();
?>
First, you're not escaping your value attributes. That's probably the cause of your <td that you're seeing.
You've got:
echo "<td>" . "<input type=text name=MiddleName value=" . $record['MiddleName'] . " </td>";
EDIT To demonstrate, the output from this assuming there was no MiddleName ("" should be: <td><input type=text name=MiddleName value= </td>, that doesn't look right. The output from below would be: <td><input type="text" name="MiddleName" value=""></td> now you can see that empty MiddleName value is "" in the HTML - an empty string there as well.
And it should be:
echo "<td><input type=\"text\" name=\"MiddleName\" value=\"" . $record['MiddleName'] . "\"></td>";
That should resolve that issue. Notice that I've placed \" around your attributes. This is not PHP, this is HTML, all attribute values should be enclosed in quotes (I could have used single quotes (') but I prefer double quotes).
The second problem is also a simple solution but again, not PHP - this is a SQL question.
A search is basically where X is like Y. There is actually an operator for this in SQL, LIKE. Now, this example isn't necessarily the most efficient means of searching, but it's definitely useful.
So you're getting the name from the request.
$name = $_REQUEST["query"];
// NEVER DO THE FOLLOWING, NOT EVER. Never trust input from a user, NEVER.
// Don't even think about putting input from the user in a query like this.
// If this input was: "'; DROP TABLE users; --" then you just lost your
// user database.
// $sql = "SELECT * FROM users WHERE FirstName LIKE '%" . $name . "%';";
// Do this instead (with mysqli, not mysql)
$sql = "SELECT * FROM users WHERE FirstName LIKE '%" . mysqli_real_escape_string($conn, $name) . "%';";
// Now search
$results = mysqli_query($conn, $sql);
// Do something with results.
And of course, finally - pagination. You want to paginate. That's a good idea. Here's a simple way to do that. First things first, you'll want to pass a piece of query data along with your request, like ?page=1 on the end of your URLs. This is important.
const PER_PAGE = 30;
if (array_key_exists($_REQUEST, "page")) {
$page = intval($_REQUEST["page"]);
} else {
$page = 1;
}
$offset = PER_PAGE * ($page - 1);
$sql = "SELECT * FROM users LIMIT " . $offset . ", " . PER_PAGE . ";";
$res = mysqli_query($conn, $sql);
// Render your page links:
// leave php, no need to echo every line of HTML.
// Fetch the count of total users with:
// SELECT COUNT(id) FROM users; -- replace id with your primary key field
// and then get your number of pages by '$count / PER_PAGE'
?>
<?php if ($pageCount > 1) { ?>
<div class="pagination">
<?php if ($page > 1) { ?>
Previous
<?php } else { ?>
<span>Previous</span>
<?php } ?>
<?php for ($i = 1; i < $pageCount; $i++) {
if ($page === $i) { ?>
<span class="current-page"><?php echo $i; ?></span>
<?php } else { ?>
<?php echo $i; ?>
<?php }
} ?>
<?php if ($page < $pageCount) { ?>
Next
<?php } else { ?>
<span>Next</span>
<?php } ?>
</div>
<?php } ?>
It is rather ugly with the embedded PHP, my apologies for that. There are other alternatives but I wouldn't want to push too much into one post for a newbie.
EDIT
Obviously you might want to make your pagination smarter. Like, if you have 10 pages you might not want to see: Previous 1 2 3 4 5 6 7 8 9 10 Next if you're onw page 7, you might just want to show: Previous 5 6 7 8 9 Next or some other alternative to keep your list from getting out of control. I didn't demonstrate this, I demonstrated the basic form of Pagination that you can start with and then you can try to modify that with to achieve your desired goals.
For further study I would like to give you some topics to research once you feel you've gotten a grasp on these and other basic tasks.
Prepared statements - while the way I showed you (using mysqli_real_escape_string()) is safer than adding the string directly to the query, prepared statements are even safer than that.
PDO - A seemingly logical next step up the chain of database access is PDO - basically building an ORM for you Database objects (and, I guess, also ORM).
Different pagination techniques, not just of rendering the links. But try your hand with "infinite scrolling." this will require some knowledge of AJAX.
AJAX - need to know some JavaScript and I'd recommend doing this, at first, without something like jQuery.
Something like jQuery, building interactive applications.
From there, I hope you're already finding new things to learn that are referenced when trying to seek the above. This is all basic web development knowledge that would be good to have.
For first part, you don't have quotes outputting correctly.
echo "<td>" . "<input type=text name=MiddleName value=" . $record['MiddleName'] . " </td>";
should be
echo "<td>" . '<input type="text" name="MiddleName" value="' . $record['MiddleName'] . '"/> </td>';
or
echo "<td><input type='text' name='MiddleName' value='{$record['MiddleName']}'></td>";
You can use variables inside double quotes in PHP. You can access array inside if you surround with curly braces, you can also access objects. I feel it is more readable but some like to concatinate.
For second par, you can use GET variables in url, such as index.php?page=1&per_page=10
For searching
$query = "SELECT * FROM clients WHERE FirstName = '$firstName'";
// or
$query = "SELECT * FROM clients WHERE FirstName LIKE '%$firstName%'";
Also, the mysql driver is being removed in the next version of PHP, as it has been deprecated for a while, mysqli should be used instead.
As Xeridea wrote check your html. And if you need to display 10 results change your sql request to
$sql = "SELECT * FROM clients LIMIT 10";
or if you need clienst 10 - 20
$sql = "SELECT * FROM clients LIMIT 10,10";
first 10 - from,
second how many
if you need select clients the name is John
$sql = "SELECT * FROM clients WHERE name = 'John';
Create dinamicly links depends on pages(you can set it in url $_GET request) and use LIMIT to flip pages. Good luck.
You just have to add below code before select query and use my select query.
$SearchString = ''; if(isset($_POST['searchtext']) &&
$_POST['searchtext']!=''){ $searchtext = $_POST['searchtext'];
$SearchString = " WHERE FirstName LIKE "'.$searchtext.' ";
mysql_query($AddQuery, $con); };
$sql = "SELECT * FROM clients".$SearchString;
Related
I have created a PHP form which adds to a database that I have created in PHP, however, I am trying to add a function which will stop the user from adding the same fruit into the database how would I try to do this as I have been trying to do it for a while thanks.
As you can see below the PHP script works fine by adding the variable's to the database however when it comes to implementing a check to make sure the fruit name does not match one from the database already I am struggling.
<?php
//SQLite Database test query
$db=sqlite_open("fruitshop.db");
if(isset( $_POST['fruit']) && strcmp($_POST['fruit'],"") != 0 ){ //Adds to Database
$item = sqlite_escape_string($_POST["fruit"]);
$number=$_POST['number'];
sqlite_query($db,"INSERT INTO fruit (fruit) VALUES ('$item')");
sqlite_query($db,"INSERT INTO stock (Number) VALUES ($number)");
$query = "SELECT * from stock, fruit WHERE stock.Item = fruit.id AND fruit.fruit = '$item', 'fruit' = '{$item}'";
$result=sqlite_query($db, $query);
echo "<table border=1>";
echo "<tr><th>Fruit</th><th>Qty</th>";
echo "<h2>". "Newly added Fruit"."</h2>";
while($row=sqlite_fetch_array($result,SQLITE_ASSOC ))
{
echo "<tr>";
echo "<td>" . $row['fruit.fruit'] . "</td><td>" . $row['stock.Number'] . "</td>";
echo "</tr>";
}
echo "</table>";
echo "<h2>". "Show All Fruits"."</h2>";
echo "<table border=1>\n";
//NOte the use of SQLITE_ASSOC
echo "</br>\n";
$result=sqlite_query($db,"SELECT * from stock, fruit WHERE stock.Item = fruit.ID"); //Shows Databse
echo "<th>Fruit</th><th>Qty</th>\n";
while($row=sqlite_fetch_array($result,SQLITE_ASSOC))
{
echo "<tr>\n";
echo "<td>" . $row['fruit.fruit'] . "</td>\n";
echo "<td>" . $row['stock.Number'] . "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
}
sqlite_close($db);
?>
<html>
<h2> Add Fruits to Database </h2>
<form name="CheckFruit" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Fruit
<input type="text" name="fruit" />
<br>
Stock
<input type="number" name="number" />
<br>
<input type="submit" value="Submit" />
</form>
</html>
You can use my updated code. Didn't get to try the code though but it should work. Also note how I used empty instead of strcmp. That's a more elegant PHP code.
<?php
//SQLite Database test query
$db=sqlite_open("fruitshop.db");
if(isset( $_POST['fruit']) && !empty($_POST['fruit']) ){ //Adds to Database
$item = sqlite_escape_string($_POST["fruit"]);
$number = $_POST['number'];
$test = sqlite_query($db, "SELECT * FROM fruit WHERE (fruit = '$item')");
if(sqlite_num_rows($test) == 0){
sqlite_query($db,"INSERT INTO fruit (fruit) VALUES ('$item')");
sqlite_query($db,"INSERT INTO stock (Number) VALUES ($number)");
} else {
// Just in case you want this too.
// echo "This database already contains a fruit called {$_POST['fruit]'}";
}
$query = "SELECT * from stock, fruit WHERE stock.Item = fruit.id AND fruit.fruit = '$item', 'fruit' = '{$item}'";
$result=sqlite_query($db, $query);
echo "<table border=1>";
echo "<tr><th>Fruit</th><th>Qty</th>";
echo "<h2>". "Newly added Fruit"."</h2>";
while($row=sqlite_fetch_array($result,SQLITE_ASSOC ))
{
echo "<tr>";
echo "<td>" . $row['fruit.fruit'] . "</td><td>" . $row['stock.Number'] . "</td>";
echo "</tr>";
}
echo "</table>";
echo "<h2>". "Show All Fruits"."</h2>";
echo "<table border=1>\n";
//NOte the use of SQLITE_ASSOC
echo "</br>\n";
$result=sqlite_query($db,"SELECT * from stock, fruit WHERE stock.Item = fruit.ID"); //Shows Databse
echo "<th>Fruit</th><th>Qty</th>\n";
while($row=sqlite_fetch_array($result,SQLITE_ASSOC))
{
echo "<tr>\n";
echo "<td>" . $row['fruit.fruit'] . "</td>\n";
echo "<td>" . $row['stock.Number'] . "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
}
sqlite_close($db);
?>
<html>
<h2> Add Fruits to Database </h2>
<form name="CheckFruit" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Fruit
<input type="text" name="fruit" />
<br>
Stock
<input type="number" name="number" />
<br>
<input type="submit" value="Submit" />
</form>
</html>
You could declare the fruit column as UNIQUE in your column schema, so the database will reject a duplicate value without further controls on your side.
If instead you want to check if the value is already present in your PHP code, you can do a query for that value and check if rows are returned. If rows are returned, a value is already present and you can handle that situation before doing your inserts
$query = "SELECT * from fruit WHERE fruit.fruit = '$item', 'fruit' = '{$item}'";
$result=sqlite_query($db, $query);
if (sqlite_num_rows($result) === 0) {
sqlite_query($db,"INSERT INTO fruit (fruit) VALUES ('$item')");
sqlite_query($db,"INSERT INTO stock (Number) VALUES ($number)");
} else {
// Value is already present
}
Note: I've never used SQLITE, so i hope the syntax is correct
I've been doing some work on my website control panel for a game I'm working on. But I can't seem to get the "Ban!" button to be "Unban!" if the result $row['banned'] is FALSE. I get it to output TRUE : FALSE depending on what it says in the table.
Any help getting this fixed would be greatly appreciated. I have struggled with this for a few days now and I felt like giving up once or twice but this has to be completed to help the admins on my game have it easier to check banned accounts and control the options.
p.s "connect.php" only has a few variables that are used and the mysql connect string.
<?php
require('connect.php');
if(isset($_POST['ban'])){
$id = $_POST['ban_rec_id'];
$query = "UPDATE accounts SET banned=1 WHERE id=$id";
$result = mysql_query($query);
}else if(isset($_POST['unban'])){
$id = $_POST['unban_rec_id'];
$query = "UPDATE accounts SET banned=0 WHERE id=$id";
$result = mysql_query($query);
}
$query = "SELECT id, uuid, name, REPLACE(REPLACE(banned,'0','FALSE'),'1','TRUE') AS banned FROM accounts ORDER BY id ASC";
$result = mysql_query($query);
echo "<center>
<table>
<tr>
<th>Acccount Id</th>
<th>Username</th>
<th>In-Game Name</th>
<th>Banned</th>";
if($ban === true){
echo "<th>Ban</th>";
}
echo "</tr>";
while ($row = mysql_fetch_array($result)) {
$id = $row['id'];
$username = $row['uuid'];
$gamename = $row['name'];
$banned = $row['banned'];
echo "<tr>";
echo "<td>" . $id . "</td>";
echo "<td>" . $username . "</td>";
echo "<td>" . $gamename . "</td>";
echo "<td>" . $banned . "</td>";
if($ban === true){
if($row['banned'] == FALSE){
echo "<td>"?>
<form id="ban" method="post" action="">
<input type="hidden" name="ban_rec_id" value="<?php print $id; ?>"/>
<input class="button-small" type="submit" name="ban" value="Ban!"/>
</form>
<?php "</td>";
} else {
echo "<td>"?>
<form id="unban" method="post" action="">
<input type="hidden" name="unban_rec_id" value="<?php print $id; ?>"/>
<input class="button-small" type="submit" name="unban" value="Unban!"/>
</form>
<?php "</td>";
}
}
echo "</tr>";
}
echo "</table></center>";
mysql_close($link);
?>
Try use string for FALSE instead since looks like you might have assigned it with String rather than Boolean value in your error-prone REPLACE(REPLACE(banned,'0','FALSE'),'1','TRUE'):
if($row['banned'] == 'FALSE')
So what actually is the problem with that? The code seems to be fine, in case the value in 'banned' column is false or true.
But you should check the right value type in your columns. If it is string (varchar, text etc) that is saying 'FALSE' or 'TRUE' you should use
'FALSE' instead of FALSE
i have here my codes regarding my checkboxes, but i got some errors when i click my submit button. though it prints all the values i selected on the checkbox but ive got an error on my sql script saying "Warning: mysqli_query() expects at least 2 parameters, 1 given in C:\xampp\htdocs\project\candidate\president2.php on line 21". i just want to save the values i selected on my database. pls help..
<?php session_start(); ?>
<?php
//server info
$server = 'localhost';
$user = 'root';
$pass = 'root';
$db = 'user';
// connect to the database
$mysqli = new mysqli($server, $user, $pass, $db);
// show errors (remove this line if on a live site)
mysqli_report(MYSQLI_REPORT_ERROR);
?>
<?php
if ($_POST['representatives']){
$check = $_POST['representatives'];
foreach ($check as $ch){
//this is my line 21 error. what i want here is to save the selected checkbox into my database but i got some error and i couldnt save it to my database
mysqli_query("INSERT INTO sample (name) VALUES ('". $ch ."') ");
echo $ch. "<br>";
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<html>
<head>
<script type="text/javascript">
<!--
function get_representatives_value()
{
for (var i=0; i < document.list.representatives.length; i++)
{
if (document.list.representatives[i].value = true)
{
return document.getElementById('txt').innerHTML =document.list.representatives[i].value
}
}
}
//-->
</script>
title></title>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
<link href="candidate.css" rel="stylesheet" type="text/css">
</head>
<body> <p id="txt"></p>
<form name="list" action="president2.php" method="post" onSubmit="return get_representatives_value()">
<div id="form">
<?php
// get the records from the database
if ($result = $mysqli->query("SELECT * FROM candidate_info WHERE position= 'representatives' AND department ='CCEITE' ORDER BY cand_id"))
{
// display records if there are records to display
if ($result->num_rows > 0)
{
// display records in a table
echo "<table border='1' cellpadding='10'>";
// set table headers
echo "<tr><th>Student ID</th><th>Candidate ID</td><th>Course</th><th colspan = '3'>Name</th></tr>";
while ($row = $result->fetch_object())
{
// set up a row for each record
echo "<tr>";
echo "<td>" . $row->cand_studid . "</td>";
echo "<td>".$row->cand_id."</td>";
echo "<td>" . $row->course . "</td>";
echo "<td coslpan ='5'>" . $row->fname . " ". $row->mname ." ". $row->lname ." </td>";
echo "<td><input type ='checkbox' name='representatives[]' id='". $row->studid ."' value='" . $row->fname . " ". $row->mname ." ". $row->lname . "'onchange='get_representatives_value()' /></td>";
echo "</tr>";
}
echo "</table>";
}
// if there are no records in the database, display an alert message
else
{
echo "No results to display!";
}
}
// show an error if there is an issue with the database query
else
{
echo "Error: " . $mysqli->error;
}
// close database connection
$mysqli->close();
echo "<input type='submit' name='representatives value='Submit' />";
?>
</div>
</form>
</body>
</html>
heres the preview of my output, first pic is i selected 2 candidate and the other is one.
The mysqli_query function requires the $mysqli link to be the first parameter. There are two ways you can fix your error. Below is the ERROR
mysqli_query("INSERT INTO sample (name) VALUES ('". $ch ."') ");
To fix this simply change it to one of the two below > (Id use the first option because you already use it in your code somewhere.)
$mysqli->query("INSERT INTO sample (name) VALUES ('". $ch ."') ");
OR
mysqli_query($mysqli, "INSERT INTO sample (name) VALUES ('". $ch ."') ");
As it says, the function mysqli_query() expects at least two parameters. According to the PHP documentation, the first parameter should be:
A link identifier returned by mysqli_connect() or mysqli_init()
Followed by the query as the second parameter. You don't appear to be using either of those functions in your code. Seeing that you declared a mysqli object, you probably meant to use $mysqli->query() instead.
Just take a look at my example and i'm hoping that it would helps you..:-
<?php
if(isset($_POST['team']))
{
foreach($_POST['team'] as $value){
$insert=mysql_query("INSERT INTO team('team') VALUES ('$value')");
}
}
?>
<html>
<body>
<form method="post" action="lol.php">
<input type="checkbox" name="team[]" value="IN"> India<br />
<input type="checkbox" name="team[]" value="DK"> Dark <br />
<input type="checkbox" name="team[]" value="LA"> lolax <br />
<input type="submit" name="submit" value="submit">
</form>
</body>
</html>
I am creating an insert process in php but I have a problem in my code. when I refresh my page, it will also submit and insert the data.
here is my code :
<form action="/drupal/node/1" method="post">
Name: <input type="text" name="name" />
Price: <input type="text" name="price" />
Minutes: <input type="text" name="minutes" />
<input type="submit" />
</form>
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// some code
mysql_select_db("zain", $con);
if (isset($_POST['name']) && isset($_POST['price']) && isset($_POST['minutes']))
{
$val_name = $_POST['name'];
$val_price = $_POST['price'];
$val_min = $_POST['minutes'];
$max_id_sql = mysql_query("SELECT MAX(id) FROM card_category");
$data = mysql_fetch_array($max_id_sql);
if ($data[0]==0)
{
$val_id = 1;
}
else
{
$val_id = $data[0] + 1;
}
mysql_query("INSERT INTO card_category (id, name, price, minutes) VALUES ($val_id,'$val_name',$val_price,$val_min )");
$_POST['name'] == NULL;
$_POST['price'] == NULL;
$_POST['minutes'] == NULL;
}
$result = mysql_query("SELECT * FROM card_category");
echo "<table border='1'>
<tr>
<th>id</th>
<th>name</th>
<th>price</th>
<th>mins</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['price'] . "</td>";
echo "<td>" . $row['minutes'] . "</td>";
echo "</tr>";
}
echo "</table>";
if (isset($_POST['lastname']))
{
print $_POST['lastname'];
}
mysql_close($con);
?>
my question is, how can I handle when I refresh the page and it will not submit the data?
thanks in advance
When you get the POST submission:
Process the data
Return a Redirect response
Get a GET request from the browser on the URL you redirect to
Respond to that with the HTML
If the browser is refreshed, it will resubmit the GET request which your PHP won't use to modify the database.
This is the POST-REDIRECT-GET pattern. There are some more details in this blog entry (which also has example PHP code in the comments).
How to fix refresh the page do not post the value using php:
if ($_SERVER['HTTP_CACHE_CONTROL']=="")
{
// process the data
}
If you look at $_SERVER['REQUEST_METHOD'] variable, it will say 'POST' when the user submitted data and 'GET' when he did not. So:
if($_SERVER['REQUEST_METHOD']=='POST')
{
// process the data
}
By the way, your code is eminently vulnerable to SQLI attacks ...
I would like to apologize if the duplicate of this question exist. i tried to find and could find anything here that could solve my problem..
I am using a form to get the input and update it in the mysql database, and then retrieve the records in the html form, and have defined the code for deleting the records individually through hyperlinks. however i want to do more, i want to use the checkboxes to delete the multiple records.
my code goes like this.
<?php
//include connection string
include('connection.php');
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post"/>
Username : <input type="text" name="user"/><br />
Password : <input type="password" name="pass"/><br />
<input type="submit" name="submit" value="Send"/>
</form>
<?php
// query to insert into database
if(isset($_POST['user']) && isset($_POST['pass'])) {
$user = empty($_POST['user']) ? die(mysql_error()) : mysql_escape_string($_POST['user']);
$pass = empty($_POST['pass']) ? die(mysql_error()) : sha1(mysql_escape_string($_POST['pass']));
$query = "INSERT INTO users(name, pass) VALUES ('$user', '$pass')";
$result = mysql_query($query) or die(mysql_error());
}
if(isset($_GET['id'])) {
//query to delete the records
$query = "DELETE FROM users WHERE id = " . intval($_GET['id']);
$result = mysql_query($query);
}
//query to retrieve records
$query = "SELECT * FROM users";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0 ) {
echo "<table cellpadding=10 border=1>";
while ($row = mysql_fetch_row($result)) {
echo "<tr>";
echo "<td>" . $row[0] . "</td>";
echo "<td>" . $row[1] . "</td>";
echo "<td>" . $row[2] . "</td>";
echo "<td>delete";
echo "</tr>";
}
echo "</table>";
}
?>
i would like you to know that i am a newbie to programming world and i am not so sure of how exactly html checkbox work and how do i use it to delete the multiple records. i want to know what extra code do i have to write for it, and i would appreciate a lot if someone explains me that extra code in brief..
thank you..
This is probably a good time for another form:
<?php
// query to insert into database ...
// ... etc...
if(isset($_POST["formDeleteSelected"])) {
//query to delete the records
$query = "DELETE FROM users WHERE id IN (" . implode(", ",$_POST["rowid"]) . ")";
$result = mysql_query($query);
header("Location: mycode.php"); // just so 'refresh' doesn't try to run delete again
exit();
}
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<?php
//query to retrieve records
$query = "SELECT * FROM users";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0 ) {
echo "<table cellpadding=10 border=1>";
while ($row = mysql_fetch_row($result)) {
echo "<tr>";
echo "<td><input type="checkbox" name="rowid[]" value=\"" . $row[0] . "\" /></td>";
echo "<td>" . $row[0] . "</td>";
echo "<td>" . $row[1] . "</td>";
echo "<td>" . $row[2] . "</td>";
echo "</tr>";
}
echo "</table>";
}
?>
<input type="submit" name="formDeleteSelected" text="Delete Selected" />
</form>
Or something like that (I haven't actually tried that code so there may be a typo). Also note that you should make sure to sanitize any form/get inputs for SQL Injection (plenty of information on that in other Stack Overflow questions).
First of all you need a checkbox and the id you want to delete:
<input id="delete" type="checkbox" name="delete" /><label for="delete">Delete user</label>
<input type="hidden" name="user_id" value="12345" />
You can then test if the checkbox has been set and then manually set the GET parameter to reuse your existing code:
if(isset($_POST['delete'])){
$_GET['id'] = $_POST['user_id'];
}
That's not the most elegant solution but a really simple one that should work with your code.
try an SQL query with a list of IDs
... WHERE id=$sentIds[0] OR id=$sentIds[1] OR ...
or use a set operation
... WHERE id IN ($i1,$i2 ... );
You sure have to send ids in the form for this to work, but You know that ;)