Cant update values in mysql database php - php

I am trying to update a record on my admin mysql table. But still no changes when i try this method.. I can't see the problem wth this code..
Info.php
<?php
$query = "SELECT * from admin where username = '{$_SESSION['login_user']}'";
$result = mysqli_query($conn,$query);
while($row=mysqli_fetch_assoc($result))
{
echo '<input type="text" class="form-control" name="user_id" disabled value='.$row['user_id'].'>';
echo '<input type="text" class = "form-control" name = "lastname" value='.$row['lname'].'>';
echo '<input type="text" class = "form-control" name = "firstname" value='.$row['fname'].'>';
echo '<input type="text" class = "form-control" name = "middlename" value='.$row['mname'].'>';
echo '<input type="text" class = "form-control" name = "address" value='.$row['address'].'>';
echo '<input type="text" class = "form-control" name = "contact" value='.$row['contact'].'>';
echo '<input type="text" class = "form-control" name = "email_add" value='.$row['email_add'].'>';
echo '<input type="text" class = "form-control" name = "username" value='.$row['username'].'>';
echo '<input type="password" class = "form-control" name = "password" value='.$row['password'].'>';
echo '<input type="password" class = "form-control" name = "confirmPassword" value='.$row['conf_pass'].'>';
}?>
<button type="submit" class="btn btn-primary" name="update">Submit</button>
update.php ---- I don't know what's the problem with it.
<?php
include('pgconnect.php');
if(isset($_GET['update'])){
$acctid = $_GET['user_id'];
$lname = $_GET['lastname'];
$fname = $_GET['firstname'];
$mname = $_GET['middlename'];
$address = $_GET['address'];
$contact = $_GET['contact'];
$email = $_GET['email_add'];
$user = mysql_real_escape_string($_GET['username']); # use whatever escaping function your db requires this is very important.
$pass = mysql_real_escape_string($_GET['password']);
$confpass = mysql_real_escape_string($_GET['confirmPassword']);
$sql = "UPDATE admin SET lname='$lname', fname='$fname', mname ='$mname', address='$address' contact = $contact, email_add = '$email', username ='$user',password = '$pass', conf_pass = '$confpass' where user_id = '$acctid'";
$result = mysqli_query($conn,$sql);
echo "$sql";
if($result){
echo"Succesully Updated!";
}
else
{
echo"Cannot be Updated!";
}
mysqli_close($conn);
}?>


To understand the mechanism behind forms:
index.html:
<form action="update.php?param=234" method="post">
<input type="text" name="firstfield" />
<button name="update">Submit</button>
</form>
update.php:
<?php
echo $_GET['param']; //should output 234
echo $_POST['firstfield']; //should output whatever you put in your textfield
var_dump($_POST['update']); //should return something
as you noticed, the parameter after ? in your action is passed as GET value and all the other values are POST values.

Related

PHP Form array has empty values when inserting into MySQL table

I'm having an issue inserting php form array values into a MySQL table. Right now the form itself pulls worker information from another table to populate the fields and their values. Right now there are only three workers that would populate those fields, however as more workers get added, there could be as many as 40. When I add just the first worker from the form, all the information inserts normally. However, when I add more than one, the title and employeeId fields are blank and I can't figure out why. Any help would be greatly appreciated.
Here is the form:
<form method = 'POST' action = 'addworkers.php'>
<?php
$sql2 = "select * from workers where companyId = 1";
$result2 = mysqli_query($conn,$sql2);
$numRows = mysqli_num_rows($result2);
$check = 0;
while($row2 = $result2->fetch_assoc()) {
$employeeId = $row2["id"];
$name = $row2["name"];
echo '<input type="checkbox" name="employeeId[]" value="' . $employeeId . '">';
echo "$name\n";
echo '<input type = "hidden" value="' . $companyId . '" name = "companyId[]"/>';
echo '<input type = "hidden" value="' . $jobNumber . '" name = "jobNumber[]"/>';
echo 'Site Title : <input type = "text" name = "title[]"/><br/>';
}
?>
<input type="hidden" name="count" value="<?php echo "$numRows"; ?>"/>
<input type = 'submit' value = 'SEND'/>
</form>
Then the addworkers.php code
require_once("dbConfig.php");
session_start();
$timestamp = date("Y-m-d");
if (isset($_SESSION['loginname'])) {
$companyId = isset($_POST['companyId']) ? $_POST['companyId'] : "" ;
$jobNumber = isset($_POST['jobNumber']) ? $_POST['jobNumber'] : "" ;
$employeeId = isset($_POST['employeeId']) ? $_POST['employeeId'] : "" ;
$title = isset($_POST['title']) ? $_POST['title'] : "" ;
foreach($title as $key=>$value){
if (!empty($value)) {
$query = "insert into `Jobs` (id, companyId, jobId, employeeId, siteTitle, dateAdded) values (NULL,'$companyId[$key]', '$jobNumber[$key]','$employeeId[$key]','$value','$timestamp')";
$result = mysqli_query($conn,$query);
}
}
} else {
echo "Error";
}
I changed the echo "Error" line but the output was clear.
It must be a problem with how the array is counted but I'm not sure how to fix it. in the form, if I check the boxes next to each row, all the information is entered into the table properly. If I only check the second and/or third line, it doesn't include the Site Title and the employeeId is reversed.
Here is the output of the form:
<form method = 'POST' action = 'insertworkers.php'>
<input type="checkbox" name="employeeId[]" value="1">Mike
<input type = "hidden" value="1" name = "companyId"/>
<input type = "hidden" value="12345" name = "jobNumber"/>
Site Title : <input type = "text" name = "title[]"/>
<input type="checkbox" name="employeeId[]" value="2">Steve
<input type = "hidden" value="1" name = "companyId"/>
<input type = "hidden" value="12345" name = "jobNumber"/>
Site Title : <input type = "text" name = "title[]"/>
<input type="checkbox" name="employeeId[]" value="3">Roger
<input type = "hidden" value="1" name = "companyId"/>
<input type = "hidden" value="12345" name = "jobNumber"/>
Site Title : <input type = "text" name = "title[]"/>
<input type="hidden" name="count" value="3"/>
<input type = 'submit' value = 'SEND'/>
</form>
I also changed the foreach loop to a for loop since the array depth should be the same as all fields will be mandatory
require_once("dbConfig.php");
session_start();
$counter = "".$_POST["count"]."";
$timestamp = date("Y-m-d");
if ( isset( $_SESSION['loginname'] ) ) {
$companyId = isset($_POST['companyId']) ? $_POST['companyId'] : "" ;
$jobNumber = isset($_POST['jobNumber']) ? $_POST['jobNumber'] : "" ;
$employeeId = isset($_POST['employeeId']) ? $_POST['employeeId'] : "" ;
$title = isset($_POST['title']) ? $_POST['title'] : "" ;
for($i=0, $count = count($employeeId);$i<$count;$i++){
if (!empty($employeeId)) {
$query = "insert into `customerJobs` (id, companyId, jobId, employeeId, siteTitle, dateAdded) values (NULL,'$companyId', '$jobNumber','$employeeId[$i]','$title[$i]','$timestamp')";
$result = mysqli_query($conn,$query);
}
}
} else {
echo "Error";
}

I'm Unable to set value of textbox using php variable

I'm trying to set value of html input type text textboxes to empty when user clicks Search button and empID is not matched, but its giving error:
mysqli_num_rows() expects parameter 1 to be mysqli_result
Here is code:
<html>
<body>
<form action="" method="post">
<h2>Employee Form</h2>
<input type="text" name="empID">
<input type="submit" name="searchRec" value="Search" />
<hr>
Employee ID: <input type="text" name="empIDC" value="<?php echo htmlentities($employeeID); ?>">
<br><br>
Name: <input type="text" name="name" value="<?php echo htmlentities($Name); ?>">
<br><br>
Address: <input type="text" name="address" value="<?php echo htmlentities($Address); ?>">
<br><br>
</form>
<?php
if( isset( $_REQUEST['searchRec'] ))
{
$employeeID = ($_POST["empID"]);
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "bc140_DB";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT empID, Name, Address, Dateofbirth, Salary, Timein from Employee where empID == $employeeID";
$result = mysqli_query($conn, $sql);
if(mysqli_num_rows($result > 0)){ while($row = mysqli_fetch_array($result, MYSQL_ASSOC)) { $employeeID = $row['empID']; $Name = $row['Name']; $Address = $row['Address']; $Dateofbirth = $row['Dateofbirth']; $Salary = $row['Salary']; $timestamp = $row['timeIn']; } }else{ $employeeID = ""; $Name = ""; $Address = ""; $Dateofbirth = ""; $Salary = ""; $timestamp = ""; }
}
?>
</body>
</html>

1st : Change your code order otherwise you will get undefined error . your trying the embed the variable with html before creating the variable .
2nd : should be use single = not == empID = $employeeID
3rd : your mixing mysql with mysqli here mysql_fetch_array($result, MYSQL_ASSOC)
Change to
mysqli_fetch_array($result,MYSQLI_ASSOC);
4th: And also use isset() to confirm that variable exists or not if exists echo it otherwise echo the empty string .
5th: change your if like this if(mysqli_num_rows($result)>0){ }
file.php
<?php
if( isset( $_REQUEST['searchRec'] ))
{
......
$employeeID = $row['empID'];
$Name = $row['Name'];
$Address = $row['Address'];
$Dateofbirth = $row['Dateofbirth'];
$Salary = $row['Salary'];
$timestamp = $row['timeIn'];
......
}
?>
<html>
<body>
.....
Employee ID: <input type="text" name="empIDC" value="<?php if(isset($employeeID)){ echo htmlentities($employeeID); } else { echo ""; } ?>">
.....
</body>
</html>

you have forgotten ';' value="<?php echo htmlentities($employeeID); ?>"

how to use the current value of a select option inside input field

I'm using phpmyadmin in Xampp, where I have made two tables;
Table 1: Category with its attributes as cat_id and cat_name (where cat_id is a Primary Key)
Table 2: Item with its attributes as item_id, item_name, item_price ... cat_id (where item_id is a Primary Key and cat_id is a Foreign Key)
I have also made the correct relationship in phpmyadmin.
The problem is to use the value i.e. cat_id of the selected cat_name in a select tag inside php.
ps. Im aware of being a subject to SQL Injection.
PHP
<?php
require ('config.php');
if(isset($_POST['check']))
{
if(isset($_POST['button']))
{
$catname = $_POST['cat'];
$que1 = "SELECT * FROM category WHERE cat_name = '$catname'";
$res1 = mysql_query($que1);
$row = mysql_fetch_array($res1);
$cat_db = $row['cat_name'];
if($catname == $cat_db || $catname == "")
{
echo "Catergory: $catname already exits. Failed to be inserted.";
}
else
{
$que = "INSERT INTO category (cat_name) VALUES('$catname')";
$res = mysql_query($que);
echo "Catergory: $catname inserted successfully.";
}
die();
}
if(isset($_POST['item_name']))
{
$i_id = $_POST['item_id'];
$i_name = $_POST['item_name'];
$i_quan = $_POST['item_quantity'];
$i_size = $_POST['item_size'];
$i_price = $_POST['item_price'];
$cat_id = $_POST['cat_id'];
$que = "INSERT INTO item(item_name, item_quantity, item_size, item_price, cat_id) VALUES('$i_name','$i_quan','$i_size','$i_price', '$cat_id')";
$run = mysql_query($que);
if(!$run)
echo "Item Details failed to Update.";
}
}
?>
HTML
<!DOCTYPE html>
<html>
<head>
<link rel = "stylesheet" href = "login.css">
</head>
<body>
<form action = "" method = "POST">
<p><label class = "field">Add Category:</label></p>
<input type = "text" name = "cat" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+" title = "Please enter your Category Name">
<button type= "submit" onclick = "location.href = '';" id = "savebutton" name = "button">Add Now</button>
<p><label class = "field">Add Item:</label></p>
<select name="cate">
<?php
$que1 = "SELECT * FROM category";
$res1 = mysql_query($que1);
while($row = mysql_fetch_array($res1))
{
$cat_id_db = $row['cat_id']; //use array over here
$cat_db = $row['cat_name']; //use array over here
?>
<option value="<?php echo $cat_id_db; ?>" ><?php echo $cat_db;?></option>
<?php } ?>
</select>
<?php
$que1 = "SELECT * FROM category WHERE cat_name = '$cat_db'"; //yahan masla hai bhai, how do i set '$cat_db' into a static variable?
$res1 = mysql_query($que1);
$row = mysql_fetch_array($res1);
$cat_db_id = $row['cat_id'];
?>
<p><label class = "field">Category ID:</label></p>
<input type = "text" name = "cat_id" value = "<?php echo $cat_id_db; ?>" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+"> <!-- this is the PROBLEM how do i use the value of a selected option ONLY? -->
<p><label class = "field">Item ID:</label></p>
<input type = "text" name = "item_id" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+"title = "Please enter your Item ID">
<p><label class = "field">Item Name:</label></p>
<input type = "text" name = "item_name" class = "textbox-300" pattern = "[a-zA-Z ]+"title = "Please enter your Item Name">
<p><label class = "field">Item Quantity:</label></p>
<input type = "text" name = "item_quantity" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+"title = "Please enter your Item Quantity">
<p><label class = "field">Item Size:</label></p>
<input type = "text" name = "item_size" class = "textbox-300" pattern = "[a-zA-Z0-9\.\, ]+"title = "Please enter your Item Size">
<p><label class = "field">Item Price:</label></p>
<input type = "text" name = "item_price" class = "textbox-300" pattern = "[a-zA-Z0-9\.\, ]+"title = "Please enter your Item Price">
<input type = "hidden" name = "check">
<input type = "submit" class = "button" name = "sub" value = "Save">
</form>
</body>
</html>

You will have the id of selected sub cat. so write a query to fetch the cat_id.
select * from sub_category where item_id = "posted id" and you will get the main category id.

Thanks to a member here i found the answer so im posting it here, in case anyone comes here looking for the same thing.
<select name="cate" onchange="changeInput(this.value);">
<?php //your php code here ?>
</select>
<p><label class = "field">Category ID:</label></p>
<input type = "text" name = "cat_id" id="cat_id" value = "change select to see me change" class = "textbox-300" pattern = "[a-zA-Z0-9\. ]+" title = "Please enter your Item Price">
</form>
<script>
var changeInput = function (val){
var input = document.getElementById("cat_id");
input.value = val;
}
</script>

previous/next record button php/mysql woes

My question deals with my next/previous buttons. I can get my update/delete buttons to work, but I'm so ready to tear out my hair when dealing with the next/previous buttons. Any help would be spectacular! Here's my code. Also, I'm pretty new to PHP so if this is bad coding, please let me know and point me in the right direction so I can fix my mistakes. Thanks!!!
session_start();
include "connectionfile.php";
if (isset($_POST['fname']) &&
isset($_POST['lname']) &&
isset($_POST['email']) &&
isset($_POST['login']) &&
isset($_POST['password']) &&
isset($_POST['super']) &&
isset($_POST['foldername']))
{
$id = get_post('id');
$fname = get_post('fname');
$lname = get_post('lname');
$email = get_post('email');
$login = get_post('login');
$password = hash('sha256', get_post('password'));
$super = get_post('super');
$foldername = get_post('foldername');
if ($_POST['submit']==0){
$query = mysql_query("SELECT * FROM `Logins` WHERE ID < '".$id."' ORDER BY ID DESC LIMIT 1;");
while($row = mysql_fetch_array($query)){
$id = $row['ID'];
$fname = $row['fname'];
$lname = $row['lname'];
$email = $row['email'];
$login = $row['login'];
$password = $row['password'];
$super = $row['super'];
$foldername = $row['foldername'];
}
}else if ($_POST['submit']==1){
$query = "UPDATE Logins SET fname = '$fname', lname='$lname', email='$email".'#carouselclinical.com'."', login='$login', password='$password', super='$super', foldername='$foldername'";
$query .= "WHERE ID = '$id';";
if (!mysql_query($query, $connect))
echo "INSERT failed: $query<br />" .
mysql_error() . "<br /><br />";
}else if($_POST['submit']==2){
$delete_query = "DELETE FROM Logins WHERE ID = '".$id."';";
mysql_query($delete_query);
$rc = mysql_affected_rows();
echo "Rows Affected " . $rc;
}
if ($_POST['submit']==3){
$query = mysql_query("SELECT * FROM `Logins` WHERE ID= '". $id ."' ORDER BY ID ASC LIMIT 1;");
while($row = mysql_fetch_array($query)){
$id = $row['ID'];
$fname = $row['fname'];
$lname = $row['lname'];
$email = $row['email'];
$login = $row['login'];
$password = $row['password'];
$super = $row['super'];
$foldername = $row['foldername'];
}
}
}
mysql_close($connect);
function get_post($var)
{
return mysql_real_escape_string($_POST[$var]);
}
?>
<form action="" method="post"><pre>
id <input type="text" readonly="readonly" name="id" value="<?php echo "$id"; ?>" />
First Name <input type="text" name="fname" value="<?php echo "$fname"; ?>" />
Last Name <input type="text" name="lname" value="<?php echo "$lname"; ?>" />
Email <input type="text" name="email" value="<?php echo "$email"; ?>" /> There's no need to put #carouselclinical.com.
Login <input type="text" name="login" value="<?php echo "$login"; ?>"/>
Password <input type="text" name="password" value="<?php echo "$password"; ?>"/>
Super? <input type="text" name="super" value="<?php echo "$super"; ?>" />
foldername <input type="text" name="foldername" value="<?php echo "$foldername"; ?>" />
<button name="submit" value="0">Previous</button>
<button name="submit" value="1">UPDATE</button>
<button name="submit" value="2">Delete</button>
<button name="submit" value="3">Next</button>
</pre>
Home <br />
Log out
</form>

Try adding an else right above mysql_close($connect);. My guess is that on the initial page load you are not posting any values, so no action is taken. This will create a default ID if none is defined in your top if.
else{
$query = mysql_query("SELECT * FROM `Logins` ORDER BY ID ASC LIMIT 1;");
while($row = mysql_fetch_array($query)){
$id = $row['ID'];
$fname = $row['fname'];
$lname = $row['lname'];
$email = $row['email'];
$login = $row['login'];
$password = $row['password'];
$super = $row['super'];
$foldername = $row['foldername'];
}
Also, on your if ($_POST['submit']==3), you need to change the = to > in your $query so you can get the next record. Currently you would be selecting the same ID, not the next higher.
$query = mysql_query("SELECT * FROM `Logins` WHERE ID > '". $id ."' ORDER BY ID ASC LIMIT 1;");
Finally, when doing Previous/Next you also need to take into consideration how you will deal with Previous when you are on the first ID, and Next when you are on the last id, as you will return an empty result set from MySQL.

Unable to edit mysql row using form

I am trying to create a form that will edit rows from my db table. (Based on some code I got from a StackOverflow page.)
I am able to populate the form with relevant data, but when I submit the form, the row isn't updated. In fact, some of my columns are deleted.
What did I do wrong?
edit.php
<?php
$UID = (int)$_GET['f'];
$query = mysql_query("SELECT * FROM user_feeds WHERE feed_id = '$UID'") or die(mysql_error());
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$feedtitle = $row['feed_title'];
$feedurl = $row['feed_url'];
$feedorder = $row['feed_order'];
$feedowner = $row['feed_owner'];
}
?>
<form action="update.php" method="post">
<input type="hidden" name="ID" value="<?=$UID;?>">
Title:<br /> <input type="text" name="ud_feedtitle" value="<?=$feedtitle?>"><br>
URL: <br /> <input type="text" name="ud_feedurl" value="<?=$feedurl?>"><br>
Order: <br /> <input type="text" name="ud_feedorder" value="<?=$feedorder?>"><br>
Owner:<br /> <input type="text" name="ud_feedowner" value="<?=$feedowner;?>"><br>
<input type="Submit">
</form>
<?php
}else{
echo 'No entry found. Go back';
}
?>
</div>
</body>
</html>
update.php
<?php
$ud_ID = $_REQUEST["ID"];
$ud_feedtitle = $_POST["feed_title"];
$ud_feedurl = $_POST["feed_url"];
$ud_feedorder = $_POST["feed_order"];
$ud_feedowner = $_POST["feed_owner"];
$query = "UPDATE user_feeds SET feed_title = '$ud_feedtitle', feed_url = '$ud_feedurl', feed_order = '$ud_feedorder', feed_owner = '$ud_feedowner', WHERE feed_id = '$ud_ID'";
$res = mysql_query($query);
if ($res)
echo "<p>Record Updated<p>";
else
echo "Problem updating record. MySQL Error: " . mysql_error();
?>

Reason:
The name of the input field is the same name by which $_POST is populated. The variables you are currently requesting :
$_POST["feed_title"];, $_POST["feed_url"];, $_POST["feed_order"];, $_POST["feed_owner"];
are all empty as they don't exist. When updating, you are replacing the values in your table with blank values.
Solution:
In your update.php, the following should be there instead.
$ud_ID = $_POST["ID"];
$ud_feedtitle = $_POST["ud_feedtitle"]; //corresponding to <input type="text" name="ud_feedtitle" ...
$ud_feedurl = $_POST["ud_feedurl"]; //corresponding to <input type="text" name="ud_feedurl" ...
$ud_feedorder = $_POST["ud_feedorder"]; //corresponding to <input type="text" name="ud_feedorder" ...
$ud_feedowner = $_POST["ud_feedowner"]; //corresponding to <input type="text" name="ud_feedowner" ...

Categories