Why is bakeryid variable not being posted in my form? The error I am receiving is
"Notice:Undefined variable bakeryid"
I have two pages, one displays the form and the second is the action for the form. The second form kept saying that it was undefined also. The bakeryid is the ID for each cakes order.
$sql = mysqli_query($con,"SELECT `firstname`, `bakeryid`, `order` FROM cakes");
$bakeryid = $_POST['bakeryid'];
?>
<table border='2'>
<th>First Name</th>
<th>Order</th>
<?php
echo '<form name="display" method="POST" action="cakephp.php">';
while($row = mysqli_fetch_array($sql))
{
echo "<tr>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['order'] . "</td>";
echo '<td><input type="hidden" name="bakeryid" value="' . $bakeryid . '"/></td>';
echo '<td><input type="hidden" name="memid" value="' . $memid . '"/><input type="submit" name="takeorder" value="Take Order" ></td>';
echo "</tr>";
}
echo "</form>";
echo "</table>";
Answer:
echo '<td><input type="hidden" name="bakeryid" value="' . $row['bakeryid'] . '"/></td>';
You set $bakeryid with $_POST['bakeryid'], but then define bakeryid with $bakeryid.
Please try:
$sql = mysqli_query($con,"SELECT `firstname`, `bakeryid`, `order` FROM cakes c INNER JOIN members m ON c.memid = m.memid");
$bakeryid = $_POST['bakeryid']; // this line is unnecessary
?> <table border='2'>
<th>First Name</th>
<th>Order</th>
<?php
echo '<form name="display" method="POST" action="cakephp.php">';
while($row = mysqli_fetch_array($sql))
{
echo "<tr>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['order'] . "</td>";
echo '<td><input type="hidden" name="bakeryid" value="' . $row['bakeryid'] . '"/></td>'; // this line changed
echo '<td><input type="hidden" name="memid" value="' . $memid . '"/><input type="submit" name="takeorder" value="Take Order" ></td>';
echo "</tr>";
}
echo "</form>";
$sql = mysqli_query($con,"SELECT `firstname`, `bakeryid`, `order` FROM cakes c INNER JOIN members m ON c.memid = m.memid");
$bakeryid = $_POST['bakeryid']; ?>
<table border='2'>
<th>First Name</th>
<th>Order</th>
<?php
echo '<form name="display" method="POST" action="cakephp.php">';
while($row = mysqli_fetch_array($sql))
{
echo '<tr>
<td>' . $row['firstname'] . '</td>
<td>' . $row['order'] . '</td>
<td><input type="hidden" name="bakeryid" value="' . $row['bakeryid'] . '"/></td>
<td><input type="hidden" name="memid" value="' . $memid . '"/>
<input type="submit" name="takeorder" value="Take Order" >
</td>
</tr>';
}
echo '</form></table>';
The reason bakeryid isn't appearing in the form, is when setting the fields value you are using $bakeryid which is set to a post that hasn't happened yet. You want to set the value to $row['bakeryid'] as above.
Related
I'm trying to update the rank column in the users table in MySQL using PHP, but when I try to change the values and press the update button, only the last one of the table rows is actually being updated. Here is an image of what the PHP table looks like on the webpage:
Here is the code:
<?php
include '../db/connect.php';
$con = $MySQLi_CON;
if (!$con){
die("Can not connect: " . mysql_error());
}
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE users SET rank='$_POST[rank]' WHERE user_id='$_POST[hidden]'";
$con->query($UpdateQuery);
}
$result = $MySQLi_CON->query("SELECT * FROM users")
or die(mysql_error());
echo "<table border=1>
<tr>
<th>ID</th>
<th>Username</th>
<th>Email</th>
<th>Rank</th>
</tr>";
echo "<form action='test3.php' method='post'";
while($record = $result->fetch_array()){
echo '<tr>';
echo '<td>' . $record['user_id'] . '</td>';
echo '<td>' . $record['username'] . '</td>';
echo '<td>' . $record['email'] . '</td>';
echo '<td>' . '<input type="number" name="rank' . [$record['user_id']] . '" />';
echo '<td>' . '<input type="hidden" name="hidden" value="' . $record['user_id'] . '"</td>';
echo '<td>' . '<input type="submit" name="update" value="update"' . '</td></tr>';
}
echo "</table>";
for($_POST['rank'] as $user_id=>$rank){
$UpdateQuery = "UPDATE users SET rank='$rank' WHERE user_id='$user_id'";
$con->query($UpdateQuery);
}
$con->close();
The problem is all rank of each row is using the same name rank and also the hidden, the browser will override all rank and hidden value with the latest element.
change <input type="number" name="rank" /> to <input type="number" name="rank[$record['user_id']]" />
receive in php with $_POST['rank'] in array format and loop each rank.
for($_POST['rank'] as $user_id=>$rank){
$UpdateQuery = "UPDATE users SET rank='$rank' WHERE user_id='$user_id'";
$con->query($UpdateQuery);
}
This is a table of students' ID numbers, with a button after each ID.
When I click on a button, I want it to open a new page called "score.php", and display the selected ID.
But the code doesn't work. It only show the text "ID", but not the number.
Here is "index.php"
<html>
<head>test</head>
<body>
<form method="post" action="score.php">
<?php
$result = mysql_query("SELECT * FROM term3_2556")
or die(mysql_error());
echo "<table border='1'>";
echo "<tr> <th>Student ID</th> </tr>";
while($row = mysql_fetch_array( $result )) {
echo "<tr>";
echo '<td>' . $row['student_id'] . '<input type="hidden" name="student_id" value=" ' . $_POST['student_id'] . ' " /> <button type="submit" name="btn_student_id" >Select</button> </td> ';
echo '</tr>';
}
echo "</table>";
?>
</form>
</body>
</html>
And here is "score.php"
<head>test</head>
<body>
<?php
$student_id = $_POST["student_id"];
echo '<p> ID: '.$student_id.'</p>';
?>
</body>
Since you are using a <button>, there is no need to use a <input type="hidden">. Just add the student_id as the button value -
<button type="submit" name="btn_student_id" value=" ' . $row['student_id'] . ' " >Select</button>
Then in you php just get the value from the clicked on button -
<?php
$student_id = $_POST["btn_student_id"];
echo '<p> ID: '.$student_id.'</p>';
?>
your index.php file will be:
<html>
<head>test</head>
<body>
<form method="post" action="score.php">
<?php
$result = mysql_query("SELECT * FROM term3_2556")
or die(mysql_error());
echo "<table border='1'>";
echo "<tr> <th>Student ID</th> </tr>";
while($row = mysql_fetch_array( $result )) {
echo "<tr>";
echo '<td>' . $row['student_id'] . '<input type="hidden" name="student_id" value=" ' . $row['student_id'] . ' " /> <button type="submit" name="btn_student_id" >Select</button> </td> ';
echo '</tr>';
}
echo "</table>";
?>
</form>
</body>
</html>
I am trying to filter my results using a series of dropdown boxes which are populated from other tables within the database, except for a primary option which is returned from the form as *
Currently the form submits the data as expected, but no results are returned. I suspect it is because the query is searching for * in the respective columns.
So the question is, can an asterisk be used as a wildcard in a WHERE statement?
And if not, how would I go about this instead?
offending code is included, i understand that using a $variable in a query is bad practice, but at this stage i'm searching for a functional solution, rather than production code.
cheers.
echo " <form method=\"post\" action=\"$self\">
<table>
<tr>
<th>ID</th>
<th>REGISTER</th>
<th>LOCATION</th>
<th>TYPE</th>
<th>CAPACITY</th>
<th>LENGTH</th>
<th>QTY</th>
<th>SERIAL#</th>
<th>CERT#</th>
<th>LAST INSPECTION</th>
<th>BY</th>
<th>DATE IN</th>
<th>DATE OUT</th>
<th>STATUS</th>
<th>NOTES</th>
</tr>";
?>
<!-- START OF FILTER ROW -->
<tr>
<td></td>
<td> <select name="register" id="register">
<option value="*">---</option>
<?php
$sql = "SELECT * FROM valid_registers";
foreach ($dbh->query($sql) as $row)
{
echo "<option value\"" . $row['register'] . "\">" . $row['register'] . "</option>";
}
?>
</select></td>
<td> <select name="location" id="location">
<option value="*">---</option>
<?php
$sql = "SELECT * FROM valid_locations";
foreach ($dbh->query($sql) as $row)
{
echo "<option value\"" . $row['location'] . "\">" . $row['location'] . "</option>";
}
?>
</select></td>
<td> <select name="type" id="type">
<option value="*">---</option>
<?php
$sql = "SELECT * FROM valid_types";
foreach ($dbh->query($sql) as $row)
{
echo "<option value\"" . $row['type'] . "\">" . $row['type'] . "</option>";
}
?>
</select> </td>
<td><input type="radio" name="capacity" id="cap_asc" value="cap_asc">
<
<input type="radio" name="capacity" id="cap_dec" value="cap_dec">
></td>
<td><input type="radio" name="length" id="length_asc" value="length_asc">
<
<input type="radio" name="length" id="length_des" value="length_des">
></td>
<td> </td>
<td> </td>
<td> </td>
<td><input type="radio" name="lastinsp" id="lastinsp_asc" value="lastinsp_asc">
<
<input type="radio" name="lastinsp" id="lastinsp_dec" value="lastinsp_dec">
></td>
<td> </td>
<td><input type="radio" name="datein" id="datein_asc" value="datein_asc">
<
<input type="radio" name="datein" id="datein_dec" value="datein_dec">
></td>
<td><input type="radio" name="dateout" id="dateout_asc" value="dateout_asc">
<
<input type="radio" name="dateout" id="dateout_dec" value="dateout_dec">
></td>
<td> <select name="status" id="status">
<option value="*">---</option>
<?php
$sql = "SELECT * FROM valid_status";
foreach ($dbh->query($sql) as $row)
{
echo "<option value\"" . $row['status'] . "\">" . $row['status'] . "</option>";
}
?>
</select> </td>
<td> </td>
<td><input type="submit" name="submit_filter" id="submit_filter" value="Filter"></td>
</tr>
<!--END OF FILTER ROW -->
<?
//get data from the db
if(isset($_POST['submit_filter'])) {
//fetch filter options
$register = $_POST['register'];
$location = $_POST['location'];
$type = $_POST['type'];
$status = $_POST['status'];
//prepare and execute the query
$sql = "SELECT * FROM register WHERE register=$reigster AND location=$location AND type=$type AND status=$status ";
}
else { $sql = "SELECT * FROM register"; }
foreach ($dbh->query($sql) as $row)
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['register'] . "</td>";
echo "<td>" . $row['location'] . "</td>";
echo "<td>" . $row['type'] . "</td>";
echo "<td>" . $row['capacity'] . "</td>";
echo "<td>" . $row['length'] . "</td>";
echo "<td>" . $row['qty'] . "</td>";
echo "<td>" . $row['serial'] . "</td>";
echo "<td>" . $row['cert'] . "</td>";
echo "<td>" . $row['lastinsp'] . "</td>";
echo "<td>" . $row['inspby'] . "</td>";
echo "<td>" . $row['datein'] . "</td>";
echo "<td>" . $row['dateout'] . "</td>";
echo "<td>" . $row['status'] . "</td>";
echo "<td>" . $row['notes'] . "</td>";
echo "<td><a href='" . $self . "?edit=" . $row['id'] . "'>Edit</a></td>";
//echo "<td><input type=\"submit\" name=\"edit\" id=\"edit\" value=\"Edit\" /></td>";
echo "<td><a href='" . $self . "?delete=" . $row['id'] . "'>Delete</a></td>";
//echo "<td><input type=\"submit\" name=\"delete\" id=\"delete\" value=\"Delete\" /></td>";
echo "</tr>";
}
echo "</table></form>";
}
No, the * is really only valid in the columns you select, not in the where clause.
The usual way to do this is to catch the * from the form and use that to modify the actual SQL statement by removing that part of the where clause altogether, something like (pseudo-code):
if param['userid'] == '*':
query = 'select name from users'
else:
query = 'select name from users where id = ?'
Although I have seen cases where parameterised queries needed a consistent number of parameters regardless of wild-carding (in some BIRT reports I've looked at where the query is modified dynamically but the parameter count is harder to change), so you would get something like:
if param['userid'] == '*':
query = 'select name from users where (id = ? or 1 = 1)'
else:
query = 'select name from users where id = ?'
That's a bit of a kludge but it's sometimes used to ease the developers workload. I'd rather do it the first way where possible.
To do that for multiple conditions, you can do something like:
joiner = " where "
query = "select something from mytable"
if param['userid'] != '*':
query = query + joiner + "user_id = '" + param['id'] + "'"
joiner = " and "
if param['age'] != '*':
query = query + joiner + "user_age = " + param['age']
joiner = " and "
if param['gender'] != '*':
query = query + joiner + "user_sex = '" + param['gender'] + "'"
joiner = " and "
keeping in mind that, unless you have already sanitised your param[] array values, you risk SQL injection attacks). I leave out the solution for that since it's irrelevant to the question at hand.
I am having problem in getting values from db. Iam new in php
I am using checkboxes to get values from database. Only checked values should be printed.
<form method="POST" action="gradoviexport.php" id="searchform">
<div id="GRADOVI BIH">
<h3>GRADOVI BOSNE I HERCEGOVINE</h3><hr/>
<input type="checkbox" name="gradovi[]" value="sarajevo"> Sarajevo
<input type="checkbox" name="gradovi[]" value="banovici"> Banovići
<input type="checkbox" name="gradovi[]" value="banjaluka"> Banja Luka
<input type="checkbox" name="gradovi[]" value="bihac"> Bihać
<input type="checkbox" name="gradovi[]" value="bileca"> Bileća
</div>
<div id="snimi">
<input type="submit" name="submit" value="EXPORT">
</div>
</form>
If Sarajevo is checked I want to print values from database. It does not have to be only one value checked If all values are checked it should print all values.
$con=mysqli_connect("$host","$username","$password", "$database");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
//connecting to db
$variable=$_POST['grad'];
foreach ($variable as $variablename)
{
$sql_select="SELECT * FROM `clanovi` WHERE `GRAD` = $variablename " ;
$queryRes = mysql_query($sql_select);
print"$sql_select";
}
echo "<table border='5'>
<tr>
<th>IME</th>
<th>PREZIME</th>
<th>FIRMA</th>
<th>ADRESA</th>
<th>TELEFON</th>
<th>FAX</th>
<th>MOBITEL</th>
<th>EMAIL </th>
<th>WEB_STRANICA </th>
<th>GRAD </th>
<th>KATEGORIJA </th>
</tr>";
while($row = mysqli_fetch_array($queryRes))
{
echo "<tr>";
echo "<td>" . $row['IME'] . "</td>";
echo "<td>" . $row['PREZIME'] . "</td>";
echo "<td>" . $row['FIRMA'] . "</td>";
echo "<td>" . $row['ADRESA'] . "</td>";
echo "<td>" . $row['TELEFON'] . "</td>";
echo "<td>" . $row['FAX'] . "</td>";
echo "<td>" . $row['MOBITEL'] . "</td>";
echo "<td>" . $row['EMAIL'] . "</td>";
echo "<td>" . $row['WEB_STRANICA'] . "</td>";
echo "<td>" . $row['GRAD'] . "</td>";
echo "<td>" . $row['KATEGORIJA'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
Assume you posted gradovi[] array values to submitted page.
Submit page:
$grad = array();
$grad = $_POST['gradovi']; //get array value
$grad = implode(',',$grad); //convert it into comma separated string
//Insert it into data base
Getting from database:
//fetch the gradovi field from the db like below
echo $row['gradovi']; // print all values
or
$grad = explode(',',$row['gradovi']);
foreach($grad as $check) {
echo $check; //print one by one
}
There is few errors in your code.
There is no escaping of the string from POST data. Use mysqli_real_escape_string
There is an error in your while loop. You redefining mysql query result.
Fixed code:
//connecting to db
$variable=$_POST['grad'];
foreach($variable as $key => $val) {
$variable[$key] = mysql_escape_string($val);
}
$sql_select="SELECT * FROM `clanovi` WHERE `GRAD` IN ('" . implode("','", $variable) . "')" ;
$queryRes = mysql_query($sql_select);
print"$sql_select";
Right now I have a table that displays menu items and I want an Admin to be able to delete and edit a particular line item. My delete.php code works correctly if I have the id equal to a particular number, but I want the id to be equal to the id of whichever row the delete button is in. So my question is how do I get that id number? Because what I'm doing now is not correct.
Here is my delete.php file:
<?php
$con = mysql_connect("localhost", "root", "");
if(!$con)
{
die('Could not connect: ' .mysql_error());
}
mysql_select_db("bics_place", $con);
echo "mysql connected";
$myid = $_POST['id'];
$sql = "DELETE FROM menu WHERE id='$myid'";
echo "sql = $sql";
if(!mysql_query($sql, $con))
{
die('Error: ' .mysql_Error());
}
echo "1 record deleted";
header("location:admin_menu.php");
mysql_close($con);
?>
This is the table being made in admin_menu.php
$result = mysql_query("SELECT * FROM menu");
echo "<table border='1' id='menu'>
<form method='post' action='delete.php'>
<tr>
<th> Id </th>
<th> Type </th>
<th> Product Name </th>
<th> Price </th>
<th></th>
<th></th>
</tr>";
while($row = mysql_fetch_assoc($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['type'] . "</td>";
echo "<td>" . $row['productName'] . "</td>";
echo "<td>" . $row['price'] . "</td>";
echo "<td>" . '<input type="submit" name="delete" value="Delete">' . "</td>";
echo "<td>" . '<input type="submit" name="edit" value="Edit">' . "</td>";
echo "</tr>";
}
echo "</form>";
echo "</table>";
Take on hidden field in your form.Then button onclick event set id into hidden field before submit.
<script>
function setId(idValue){
document.getElementById('myid').value=idValue;
}
</script>
echo "<table border='1' id='menu'>
<form method='post' action='delete.php'>
<input type="hidden" name="id" id="myid" value="" />
<tr>
<th> Id </th>
<th> Type </th>
<th> Product Name </th>
<th> Price </th>
<th></th>
<th></th>
</tr>";
while($row = mysql_fetch_assoc($result))
{
$myID = $row["id"];
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['type'] . "</td>";
echo "<td>" . $row['productName'] . "</td>";
echo "<td>" . $row['price'] . "</td>";
echo "<td>" . '<input type="submit" name="delete" value="Delete" onClick="setId('.$myID.');">' . "</td>";
echo "<td>" . '<input type="submit" name="edit" value="Edit">' . "</td>";
echo "</tr>";
}
echo "</form>";
echo "</table>";
Add a hidden field - id in the form :
while($row = mysql_fetch_assoc($result)) {
//your <td>'s here
echo '<input type="hidden" name="id" value="{$row[id]}">';
// echoes for form submit
}
Note : mysql_* functions are deprecated. You should use mysqli_ functions instead. Read here