I'm trying to update my database through forms.
Part of the code is working because it retrieves data from the table and displays it in the form but the sql update code is not changing values at the backend.
Snippet of code is shown below, any help at all will be appreciated:
<html>
<head>
<body>
<?php
$con = mysql_connect("localhost","user","pass");
if(!$con){
die("Cannot Connect to database:" . mysql_error());
}
mysql_select_db("intranet",$con);
$sql = "SELECT * FROM progress_sheet";
$myData = mysql_query($sql,$con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$_POST[jobdescription]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
echo "<table border=1>
<tr>
<th>Job Description</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=save.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['hidden'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "</table>";
?>
</body>
</head>
</html>
*
In your code more than one errors are found,
1 Missing single quotes and double quotes.
2 The form is posted to another file save.php (quotes is also missing)
<html>
<head>
<body>
<?php
$con = mysql_connect("localhost","user","pass");
if(!$con){
die("Cannot Connect to database:" . mysql_error());
}
mysql_select_db("intranet",$con);
$sql = "SELECT * FROM progress_sheet";
$myData = mysql_query($sql,$con);
if(isset($_POST['update'])){
$jobdescription = $_POST['jobdescription']; // See here
$id = $_POST['hidden']; // See here
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$id'";
mysql_query($UpdateQuery, $con);
};
echo "<table border=1>
<tr>
<th>Job Description</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action='' method='post'>"; // See Here. The form is posted to another page
echo "<tr>";
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "</table>";
?>
</body>
</head>
</html>
$UpdateQuery = 'UPDATE progress_sheet SET jobdescription="'.mysql_real_escape_string(isset($_POST['jobdescription']) ? $_POST['jobdescription'] : '').'" WHERE id='.(isset($_POST['hidden']) ? $_POST['hidden']*1 : 0);
And stop using mysql_* functions and move to mysqli_* functions as the ones you are using are deprecated.
This is basic example with simple checks to prevent sql injections. Note that mysql functions are deprecated. You can use mysqli functions.
<html>
<head>
<body>
<?php
$con = mysql_connect("localhost","user","pass");
if(!$con){
die("Cannot Connect to database:" . mysql_error());
}
mysql_select_db("intranet",$con);
$sql = "SELECT * FROM progress_sheet";
$myData = mysql_query($sql,$con);
if(isset($_POST['update'])){
//do basic checks to prevent sql injections
$jobdescription = isset($_POST['jobdescription']) ? trim($_POST['jobdescription'] : '');
$hidden = isset($_POST['hidden']) ? trim($_POST['hidden'] : '');
$jobdescription = mysql_real_escape_string($jobdescription);
$hidden = mysql_real_escape_string($hidden);
if(empty($jobdescription) || empty($hidden)){
//handle errors here
//exit;
//or do error logging $errors[] = "Your error message"
//or redirect with header(...);
}
$UpdateQuery = "UPDATE progress_sheet SET jobdescription='$jobdescription' WHERE id='$hidden'";
mysql_query($UpdateQuery, $con);
};
echo "<table border=1>
<tr>
<th>Job Description</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=save.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=jobdescription value=" . $record['jobdescription'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['id'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "</table>";
?>
</body>
</head>
</html>
At the top of your .php files you should enable error reporting, which will help you with debugging:
<?php
// Turn off error reporting
error_reporting(0);
// Report runtime errors
error_reporting(E_ERROR | E_WARNING | E_PARSE);
// Report all errors
error_reporting(E_ALL);
// Same as error_reporting(E_ALL);
ini_set("error_reporting", E_ALL);
// Report all errors except E_NOTICE
error_reporting(E_ALL & ~E_NOTICE);
?>
Related
I have multiple text boxes within a table on my web page which is populated from a form on my website users fill out. I have the feature of being able to delete each row as well as edit each row of data displayed on my website. The problem I'm having with it is only the last row of the table can be edited/deleted. For example, When I click the delete button on the first row of the table, it deletes the last row for some reason and not the first row. Also, it's the same with the update/edit button, only the last row can be modified and not anything above the last row of the table on my website.
More information:
form_id is the primary key within my database.
My code:
<?php
$con = #mysql_connect("localhost","root","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("formsystem", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE form SET form_name='$_POST[name]', form_description='$_POST[description]' WHERE form_id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
$sql = "SELECT * FROM form";
$myData = mysql_query($sql,$con);
echo "<table>
<tr>
<th>Title</th>
<th>Description</th>
<th></th>
<th></th>
<th></th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=findGroup.php method=post>";
echo "<tr>";
echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
echo "</tr>";
}
echo "</table>";
?>
Update
Enclose the form element properly:
<?php
$con = #mysql_connect("localhost","root","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("formsystem", $con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE form SET form_name='".$_POST['name']."', form_description='".$_POST['description']."' WHERE form_id='".$_POST['hidden']."';";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM form WHERE form_id='".$_POST['hidden']."';";
mysql_query($DeleteQuery, $con);
};
$sql = "SELECT * FROM form";
$myData = mysql_query($sql,$con);
echo "<table>
<tr>
<th>Title</th>
<th>Description</th>
<th></th>
<th></th>
<th></th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=findGroup.php method=post>";
echo "<tr>";
echo "<td>" ."<input type=text name=name value='" . $record['form_name'] . "'/> </td>";
echo "<td>" ."<input type=text name=description value='" . $record['form_description'] . "'/> </td>";
echo "<td>" ."<input type=hidden name=hidden value='" . $record['form_id'] . "'/></td>";
echo "<td>" ."<input type=submit name=update value='update" . "'/> </td>";
echo "<td>" ."<input type=submit name=delete value='delete" . "'/> </td>";
echo "</tr>"
echo "</form>";
}
echo "</table>";
?>
And for security issue, it's better to wrap variable using mysqli_real_escape_string, for example:
"DELETE FROM form WHERE form_id='".mysqli_real_escape_string($_POST['hidden'])."';";
But this is another question, here is the thread.
First off, check these potential issues:
You are connecting as root. Not recommended. You should connect as a MySQL user with M.A.D rights on that table (modify, add, delete).
Have you checked the MySQL & system/PHP logs to see if any errors are being reported? Then you can adjust your code based on those errors.
Have you attempted to run the delete statement manually to confirm that it deletes the desired row?
In your code, have you tried using the $sql = DELETE... syntax on your delete statement?
I decided to make my database with an active hyperlink so when I find a record I click on an email address and and email is opened. BUT I have a problem with update, When I want to make a correction to the entry and when I press update the email disappears and I get:
Notice: Undefined index: Mail in /Applications/XAMPP/xamppfiles/htdocs/robocze/mydata_dodaj_test_1.php on line 36
I can add records but I can't update...
Can You please help me, thank You
the code:
<?php
session_start();
if(!isset($_SESSION["sess_user"])){
header("location:login.php");
} else {
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Baza Klientów</title>
</head>
<body>
<h3>Welcome, <?=$_SESSION['sess_user'];?>! Logout </h3>
<input type="button" onclick="location.href='mydata_dodaj_test_1.php';" value="Powrót do wyszukiwania" />
<input type="button" onclick="location.href='index.php';" value="MENU powrót" />
<h2><b><center>Wyszukiwanie Klientów ITalents</center></b></h2>
<?php
}
?>
<?php
$con = mysql_connect("","","","");
if (!$con){
die("Błąd połączenia: " . mysql_error());
}
mysql_select_db("baza",$con);
if(isset($_POST['update'])) {
$UpdateQuery = "UPDATE Klienci SET id='$_POST[id]', Firma='$_POST[Firma]', Mail='$_POST[Mail]', Data='$_POST[Data]', Konsultant='$_POST[Konsultant]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery,$con);
};
if(isset($_POST['add'])) {
$AddQuery = "INSERT INTO Klienci (id, Firma, Mail, Data, Konsultant) VALUES ('$_POST[uid]','$_POST[uFirma]','$_POST[uMail]','$_POST[uData]','$_POST[uKonsultant]')"; // this is the 36 line
mysql_query($AddQuery,$con);
};
if(isset($_POST['search']))
{
$valueToSearch = $_POST['valueToSearch'];
$query = "SELECT * FROM Klienci WHERE CONCAT(Firma, Mail, Konsultant) LIKE '%".$valueToSearch."%'";
$search_result = filterTable($query);
}
else {
$query = "SELECT * FROM Klienci ORDER BY id ASC";
$search_result = filterTable($query);
}
function filterTable($query)
{
$con = mysql_connect("","","","");
if (!$con){
die("Błąd połączenia: " . mysql_error());
}
mysql_select_db("baza",$con);
$filter_Result = mysql_query($query, $con);
return $filter_Result;
};
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<input type=text name=valueToSearch placeholder=wpisz>";
echo "<input type=submit name=search value=Szukaj>";
echo "<table align=center style=text-align:center border=5>
<tr>
<th>ID</th>
<th>Firma</th>
<th>Mail</th>
<th>Data</th>
<th>Konsultant</th>
</tr>";
while($row = mysql_fetch_array($search_result)) {
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=int name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=varchar name=Firma value=" . $row['Firma'] . " </td>";
echo "<td>" . "<a href='mailto:{$row['Mail']}'>" . $row['Mail'] . " </td>";
echo "<td>" . "<input type=date name=Data value=" . $row['Data'] . " </td>";
echo "<td>" . "<input type=varchar name=Konsultant value=" . $row['Konsultant'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<tr>";
echo "<td><input type=text name=uid></td>";
echo "<td><input type=varchar name=uFirma></td>";
echo "<td><input type=text name=uMail></td>";
echo "<td><input type=text name=uData></td>";
echo "<td><input type=text name=uKonsultant></td>";
echo "<td>" . "<input type=submit name=add value=dodaj" . " </td>";
echo "</form>";
echo "</table>";
?>
<input type="button" onclick="location.href='mydata_dodaj_test_1.php';" value="Powrót do wyszukiwania" />
<input type="button" onclick="location.href='index.php';" value="MENU powrót" />
</body>
</html>
As error stated undefined index in your update statement
$UpdateQuery = "UPDATE Klienci SET id='$_POST[id]', Firma='$_POST[Firma]', Mail='$_POST[Mail]', Data='$_POST[Data]', Konsultant='$_POST[Konsultant]' WHERE id='$_POST[hidden]'";
you are accessing $_POST[Mail] which is no where in your form.
I have a table which displays
-Staff ID (Primary Key)
-Staff Name
-Staff Position
All the data loads in to my grid, the grid has an update button witch should let me to update it but it returns original result after clicking update.
<html>
<head>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "root", "");
if (!$conn){
die("Can not connect: " . mysql_error());
}
mysql_select_db("pizza_shop",$conn);
if (isset($_POST['submit']) && $_POST['submit'] == 'update'){
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
mysql_query($UpdateQuery);
}
$sql = "SELECT * FROM staff";
$myData = mysql_query($sql, $conn);
echo "<table border=1>
<tr>
<th>Staff Name<th>
<th>Staff Position<th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=#edit_staff.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name =staffname value=" . $record['StaffName'] ." </td>";
echo "<td>" . "<input type=text name =staffposition value=" . $record['Position'] ." </td>";
echo "<td>" . "<input type=hidden name=hiddenid value=" . $record['StaffID'] . "</td>";
echo "<td>" . "<input type=submit name = update values=Update" . "</td>";
echo "</form>";
}
echo "</table>";
$conn = null;
?>
</body>
</html>
You need to change your update query from
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
to
$UpdateQuery = "UPDATE staff SET StaffName='".$_POST['staffname']."', Position='".$_POST['staffposition']."' WHERE StaffID='".$_POST['hiddenid']."'";
What you were doing is $_POST[staffname] which must be like as $_POST['staffname'] and always try to check using error_reporting(E_ALL) function and need to check that your values are set or not
This question already has answers here:
Why would $_FILES be empty when uploading files to PHP?
(22 answers)
Closed 8 years ago.
I am trying to build a file uploader, with a youtube tutorial that doesn't cover files, and right now I am stuck on the name. Using $_Files returns nothing and I am unsure as to why. :/
I tried to echo it out, but nothing comes back.
Everything else seems to work though.
<html>
<head>
</head>
<body>
<?php
error_reporting(-1);
ini_set('display_errors', 'On');
$con = mysql_connect("localhost","root","root");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("example",$con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE repo SET location='$_POST[location]', name='$_POST[name]', description='$_POST[description]' WHERE location='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM repo WHERE location='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
if(isset($_POST['add'])){
$AddQuery = "INSERT INTO repo (name, id, image, location, partners, description, date) VALUES ('$image_name', '','$_POST[uimage]', '$_POST[ulocation]', '$_POST[upartners]', '$_POST[udescription]', NOW())";
mysql_query($AddQuery, $con);
};
$sql = "SELECT * FROM repo";
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>Image</th>
<th>Name</th>
<th>Location</th>
<th>Partners</th>
<th>Description</th>
<th>Date</th>
</tr>";
while($record = mysql_fetch_array($myData)){
?>
<form action="mydata5.php"
method="post" enctype="multipart/form-data">
<?php
echo "<tr>";
echo "<td>" . "<img src=Assets/Images/" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=topic value=" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=name value=" . $record['location'] . " </td>";
echo "<td>" . "<input type=text name=name value=" . $record['partners'] . " </td>";
echo "<td>" . "<input type=text name=description value=" . $record['description'] . " </td>";
echo "<td>" . "<input type=text name=description value=" . $record['date'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['location'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=mydata5.php method=post>";
echo "<tr>";
// echo "<td><input type=file name=uimage></td>";
?>
<td><input type="file" name="uimage" id="uimage"></td>
<?php
$file = $_FILES['uimage']['tmp_name'];
$image_name = mysql_real_escape_string($_FILES['uimage']['name']);
echo $_FILES['uimage']['error'];
echo "<td><input type=hidden name=uname></td>";
echo "<td><input type=text name=ulocation></td>";
echo "<td><input type=text name=upartners></td>";
echo "<td><input type=text name=udescription></td>";
echo "<td>" . "<input type=submit name=add value=add" . " </td>";
echo "</form>";
echo "</table>";
mysql_close($con);
?>
</body>
</html>
You need to add enctype="multipart/form-data" in the form tag.
For file type fields you need to add enctype attribute in your form so that uploaded files can be access using $_FILES
Update form starting tag with below
<form action="mydata5.php"
method="post" enctype="multipart/form-data">
Check your Insert Query.You are using $_POST for image name. That is wrong.
I'm just a beginner in terms of programming, so I'm just referring all my codes through tutorials. Luckily, I found this online tutorial in youtube where users are allowed to add, update, and delete data in mysql using php. I follow all his instructions, I got it working but then it stopped when I added css on it.
This is not a general issue, I just need some help. If anyone can help me, much appreciated. Thank you so much.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "rssfeed";
$connect = mysql_connect($servername, $username, $password, $dbname);
if (!$connect) {
die("Connection failed. Error" . mysql_error());
}
$database = mysql_select_db($dbname, $connect);
if (!$database) {
die("Can't select database");
}
$sql = "SELECT * FROM record";
$data = mysql_query($sql, $connect);
if (isset($_POST['update'])){
$updateQuery = "UPDATE record SET name = '$_POST[name]', url = '$_POST[url]', description = '$_POST[desc]' WHERE name = '$_POST[hidden]'";
mysql_query($updateQuery, $connect);
header("Location: maintenance.php");
};
if (isset($_POST['delete'])){
$deleteQuery = "DELETE FROM record WHERE name = '$_POST[hidden]'";
mysql_query($deleteQuery, $connect);
header("Location: maintenance.php");
};
if (isset($_POST['add'])){
$addQuery = "INSERT INTO record (name, url, description) VALUES ('$_POST[iName]', '$_POST[iUrl]', '$_POST[iDesc]')";
mysql_query($addQuery, $connect);
header("Location: maintenance.php");
};
echo "<div class=center>
<table id=myTable border=1>
<tr>
<th> Name </th>
<th> URL </th>
<th> Description </th>
</tr>";
while($record = mysql_fetch_array($data)) {
echo "<form method=post action=maintenance.php>";
echo "<tr>";
echo "<td>" . "<input type=text name=name id=name value=" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=url id=url value=" . $record['url'] . " </td>";
echo "<td>" . "<textarea rows=1 cols=50 wrap=physical name=desc id=desc>" . strip_tags($record['description']) . "</textarea></td>";
echo "<input type=hidden name=hidden value=" . $record['name'] . ">";
echo "<td>" . "<input type=submit name=update id=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete id=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
echo "<table border=1>";
echo "<form method=post action=maintenance.php>";
echo "<tr>";
echo "<td><input type=text name=iName></td>";
echo "<td><input type=text id=url name=iUrl></input></td>";
echo "<td><textarea rows=1 cols=50 name=iDesc></textarea></td>";
echo "<td>" . "<input type=submit name=add id=add value=add" . " </td>";
echo "</tr>";
echo "</form>";
echo "</table>";
echo "</div>";
mysql_close($connect);
?>
In your queries, $_POST[name] should be $_POST[\"name\"]. BUT, this is terrible, you are very open to SQL injections.
Please have a read of this and stop using mysql_query (it's deprecated)
you have several errors in your echo output..
echo "<td>" . "<input type=text name=name id=name value=" . $record['name'] . " </td>";
You have forgot the single quotes for each html-element-attribute and the bigger then at the end of multiple input elements...
try this:
echo "<td><input type='text' name='name' id='name' value='" . $record['name'] . "'> </td>";