How to update data of selected product? - php

I have a list of my products in my online ordering system and I want to update the data of the selected product. What happens is when I click the Edit link, it will just post the values from the database to other page(Edit page) and the database will not update even if I already change a data.
ADMIN.PHP (Page where all the products are listed)
<a href=addprod.php?id='.$row['ID'].'>EDIT</a>
ADDPROD.PHP (Page where the admin can add/update the product)
echo'<form method="post" action="saveprod.php" class="product" style="margin-top:500px;" enctype="multipart/form-data">';
if (isset($_GET['id'])) {
include('db.php');
$id=$_GET['id'];
$result = mysql_query("SELECT * FROM products WHERE ID = $id");
echo'<input type="hidden" name="hiddenId" value="'.$id.'">
<table border="1" cellpadding="8px" width="100%">';
while($row3 = mysql_fetch_array($result)) {
$ID = $row3['ID'];
$Image = $row3['Image'];
$Product = $row3['Product'];
$Description = $row3['Description'];
$PricePack = $row3['PricePack'];
$PriceBox = $row3['PriceBox'];
$Discount = $row3['Discount'];
$Category = $row3['Category'];
}
echo'
<tr><td align="right">Image</td><td><input type="text" id="img" name="img" value="'.$Image.'"/> </td></tr>
<tr><td align="right"></td><td><input type="file" id="img" name="img" /></td </tr>
<tr><td align="right">Product</td><td><input type="text" id="prod" name="prod" value="'.$Product.'"/></td></tr>
<tr><td align="right">Description</td><td><textarea id="desc" name="desc" style="resize:none; height:100px; width:200px; ">'.$Description.'</textarea></td></tr>
<tr><td align="right">Price Pack</td><td><input type="text" id="pck" name="pck" value="'.$PricePack.'"/></td></tr>
<tr><td align="right">Price Box</td><td><input type="text" id="box" name="box" value="'.$PriceBox.'"/></td></tr>
<tr><td align="right">Discount</td><td><input type="text" id="disc" name="disc" value="'.$Discount.'"/></td></tr>
<tr><td align="right">Category</td><td><input type="text" id="cat" name="cat" value="'.$Category.'"/></td></tr>
<tr><td align="right"></td><td><input type="submit" value="Save"/></a> <input type="reset" value="Clear"/></td></tr>';
}
echo' </table> </form>';
SAVEPROD.PHP
<?php
include('db.php');
$id = $_POST['ID'];
$Image = $_POST['Image'];
$Product = $_POST['Product'];
$Description = $_POST['Description'];
$PricePack = $_POST['PricePack'];
$PriceBox = $_POST['PriceBox'];
$Discount = $_POST['Discount'];
$Category = $_POST['Category'];
mysql_query("UPDATE products SET Image='$Image', Product='$Product', Description='$Description', PricePack='$PricePack', PriceBox='$PriceBox', Discount='$Discount', Category='$Category' WHERE ID='$id'");
header("location: admin.php");
exit();
?>


Note:
Your post data name is incorrect.
Make sure that the column name, table name you have provided is correct. Be CASE SENSITIVE about it.
You should consider mysqli_* prepared statement at least to prevent SQL injections.
Your savepro.php should look like this:
<?php
include('db.php');
/* CHANGED THE WAY YOU CALL THE POST DATA BASED FROM YOUR HTML FORM */
$id = $_POST['hiddenId'];
$Image = $_POST['img'];
$Product = $_POST['prod'];
$Description = $_POST['desc'];
$PricePack = $_POST['pck'];
$PriceBox = $_POST['box'];
$Discount = $_POST['disc'];
$Category = $_POST['cat'];
mysql_query("UPDATE products SET Image='$Image', Product='$Product', Description='$Description', PricePack='$PricePack', PriceBox='$PriceBox', Discount='$Discount', Category='$Category' WHERE ID='$id'");
header("location: admin.php");
exit();
?>
If you did it in prepared statement, it would look like the one below. So you won't worry much about SQL injections. Just a simple sample:
$stmt = $YourConnection->prepare("UPDATE products SET Image=?, Product=?, Description=?, PricePack=?, PriceBox=?, Discount=?, Category=? WHERE ID=?");
$stmt->bind_param('sssssssi', $_POST["img"], $_POST["prod"], $_POST["desc"], $_POST["pck"], $_POST["box"], $_POST["disc"], $_POST["cat"], $_POST["hiddenId"]);
$stmt->execute();


On your saveprod.php you are trying to get the value of a non-existing element, check the name of each input field on your addprod.php, it should correspond on the request you are making on your saveprod.php
Here is an example of what you are doing:
ADDPROD.PHP
<input type="text" id="img" name="img" value="'.$Image.'"/>
SAVEPROD.PHP
$Image = $_POST['Image'];
Should be this way:
ADDPROD.PHP
<input type="text" id="img" name="img" value="'.$Image.'"/>
SAVEPROD.PHP
$Image = $_POST['img'];

Related

php page to list and update sqlite

I have the following code to display and modify a simple sqlite table
<?php
$db = new SQLite3("my_sqlite.db");
$query = "SELECT rowid, * FROM students";
$result = $db->query($query);
if( isset($_POST['submit_data']) ){
// Gets the data from post
$name = $_POST['name'];
$email = $_POST['email'];
$query = "UPDATE students set name='$name', email='$email'";
if( $db->exec($query) ){
echo "Data is updated successfully.";
}else{
echo "Sorry, Data is not updated.";
}
}
?>
<table border="1">
<form action="" method="post">
<tr>
<td>Name</td>
<td>Email</td>
</tr>
<?php while($row = $result->fetchArray()) {?>
<tr>
<td><input name="name" type="text" value="<?php echo $row['name'];?>"></td>
<td><input name="email" type="text" value="<?php echo $row['email'];?>"></td>
</tr>
<?php } ?>
<input name="submit_data" type="submit" value="Update Data">
</form>
</table>
PROBLEM: When I change some of the information and update, the whole column changes into the same change. E.g.: if I write a the name Nick, every name changes into Nick.

First, you should only do updates for one record at a time so each record needs its own update button. Attached is the corresponding rơwid of the record. you can use:
<input type="hidden" name="rowid" value="$row['rowid]">
You should add a WHERE clause to the update statement to know exactly which records should be updated.If you omit the WHERE clause, ALL records will be updated!

How to update old image if no image selected in php

I can all input type values view in my update page but, I can't display file input value for ex: photo. Here I can be displayed image location value in a separate part.
My problem for
When I update the only name or mother name or anyone without photo all fields values update correctly but my image is updated empty values. when I update with a photo and other details then only my photo updated correctly. so help me how to update photo values with edit without edit.....
update.php
<!doctype html>
<html>
<body>
<?php
error_reporting(E_ALL ^ E_DEPRECATED);
$upd = $_GET['upd'];
mysql_connect('localhost','root','');
mysql_select_db("display");
$slc = "SELECT * from photos WHERE firstname = '$upd'";
$run = mysql_query($slc);
while($row=mysql_fetch_array($run)){
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$location=$row['location'];
}
?>
<div class="update">
<table align="center" border="">
<tr>
<td colspan="4"><center><h1 style="color:red">Student Form Updation</h1>
</center></td></tr>
<form method="post" enctype="multipart/form-data" action="update.php?upd=<?
php echo $firstname; ?> "/>
<tr><td><label>First Name:</label></td><td>
<input type="text" name="firstname" value="<?php echo $firstname ?> " />
</td>
<td><label>Last Name:</label></td><td>
<input type="text"name="lastname" value="<?php echo $lastname?>" /></td>
</tr>
<td><label>Select Photo</label></td>
<td> <input type="file" name="image" class="ed" id="location" value= "<?php
echo $location?>"/> <?php echo '<img width="100px" height="100px"
src="'.$location.'">'; ?>
</td>
</tr>
<tr><td></td><td><input type="submit" name="update" value="Update"
id="button1" /></td>
<td><input type="submit" formaction="errview.php" value="View" id="button1"
/></td><td></td></tr>
</form>
</div>
<?php
if(isset($_POST['update']))
{
$nid = $_GET['upd'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$file=$_FILES['image']['tmp_name'];
$image=addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name= addslashes($_FILES['image']['name']);
move_uploaded_file($_FILES["image"]["tmp_name"],"photos/" . $_FILES["image"]
["name"]);
$location="photos/" . $_FILES["image"]["name"];
$update = "UPDATE photos SET firstname='$firstname', lastname =
'$lastname',location='$location' WHERE firstname='$nid'";
$run = mysql_query($update);
echo "<script>alert('Update SuccessFull!');location.href='update.php?
upd=$firstname'</script>";
}
?>
</body>
</html>

You Can Modify Your Update Code Like This:
If no image is selected It will not Update Your Image in Database It Will Only Update Your Image in the database if an image is selected
<?php
if (isset($_POST['update'])) {
$nid = $_GET['upd'];
$firstname = $_POST['firstname'];
$lastname = $_POST['lastname'];
$file = $_FILES['image']['tmp_name'];
$image = addslashes(file_get_contents($_FILES['image']['tmp_name']));
$image_name = addslashes($_FILES['image']['name']);
move_uploaded_file($_FILES["image"]["tmp_name"], "photos/" . $_FILES["image"]["name"]);
$location = "photos/" . $_FILES["image"]["name"];
if ((!($_FILES['image']['name']))) /* If there Is No file Selected*/ {
$update = "UPDATE photos SET firstname='$firstname', lastname =
'$lastname' WHERE firstname='$nid'";
} else /* If file is Selected*/ {
$update = "UPDATE photos SET firstname='$firstname', lastname =
'$lastname',location='$location' WHERE firstname='$nid'";
}
$run = mysql_query($update);
echo "<script>alert('Update SuccessFull!');location.href='update.php?
upd=$firstname'</script>";
}
?>

<?php
if(empty($image)){
$product_img1=$row_edit['image'];
}
else{
$temp_name1=$_FILES['product_img1']['tmp_name'];
move_uploaded_file($temp_name1,"product_images/$product_img1");
}
?>

How to write and display comments for specific products?

i am doing my graduation project e-commerce website http://www.fieldhockey-world.co.uk
and i want every user to be able to comment different products and to display the comments for the specific product not displaying all comments at once.
So far my comment code is :
<?php
include("storescripts/init.php"); //contains DB connect and functions
$username = mysql_real_escape_string($_POST['username']);
$id=$_POST['id'];
$comment = $_POST['comment'];
$submit = mysql_real_escape_string($_POST['submit']);
if (logged_in() == true) check ($SESSION['user_id'])
{
if ($submit){
if ($comment)
{$query = mysql_query("INSERT INTO `comments` (comment, username, id) VALUES ('$comment', '$username', '$id')");
$errors[] = 'You successfully posted a comment!';
}
else
{
$errors[] = '<span style="color:red;">Please write a comment first!</span>';
}
}
}else
{$errors[] = '<span style="color:red;">You must log in to post a comment!</span>';
}
?>
</h4>
<table width="400" border="0" bgcolor="#F8F8F8">
<tr>
<td>
<?php echo output_errors($errors) ?> //function to output the errors
<?php
$getquery = mysql_query("SELECT * FROM `comments` ORDER BY comment_id DESC");
while($rows=mysql_fetch_array($getquery))
{
$username =$rows['username'];
$comment_id = $rows['comment_id'];
$comment = $rows['comment'];
$date = $rows['date'];
$id = $rows['id'];
echo '<br>From : '. $username . ' ' . $date . '<br /><br /><em>' . $comment . '</em><hr>';
}
?>
<form action="" method="post">
<h4>Write a comment:</h4>
From:<br>
<input type="text" value="<?php echo $user_date['username']?>" size="15" name="username" readonly><br>
<input type="hidden" name="id" id="id" value="1" />
<textarea name="comment" cols="35" rows="5" id="comment"></textarea><br>
<input type="submit" name="submit" style=" background-color:orange; font-size:17px; border-radius:10px;" value="Post">
</form>
</td>
</tr>
</table>
my MySQL table is:
Tabel Comments
comment_id int /
comment text /
username varchar/
date timestamp
If you have any ideas please let me know.
Thanks indeed!!

Add a product ID key in the comments table, and create a relation for that key to the products table ID-field. Then only load comemnts matching the product ID the user is watching.
EDIT
Also, you should migrate away from native mysql functions to mysqli instead.
PHP.net about Mysqli

Adding to database with multiple text boxes

What I am trying to do with this script is allow users to update a url for their websites, and since each user isn't going to have the same amount of websites is is hard for me to just add $_POST['website'] for each of these.
Here is the script
<?php
include("config.php");
include("header.php");
include("functions.php");
if(!isset($_SESSION['username']) && !isset($_SESSION['password'])){
header("Location: pubs.php");
}
$getmember = mysql_query("SELECT * FROM `publishers` WHERE username = '".$_SESSION['username']."'");
$info = mysql_fetch_array($getmember);
$getsites = mysql_query("SELECT * FROM `websites` WHERE publisher = '".$info['username']."'");
$postback = $_POST['website'];
$webname = $_POST['webid'];
if($_POST['submit']){
foreach ( $_POST['website'] as $key => $value )
{
$update = mysql_query("UPDATE `websites` SET `postback` = '".mysql_real_escape_string($postback[$value])."' WHERE id = '$webname'");
}
}
print"
<div id='center'>
<span id='tools_lander'><a href='export.php'>Export Campaigns</a></span>
<div id='calendar_holder'>
<h3>Please define a postback for each of your websites below. The following variables should be used when creating your postback.<br />
cid = Campaign ID<br />
sid = Sub ID<br />
rate = Campaign Rate<br />
status = Status of Lead. 1 means payable 2 mean reversed<br />
A sample postback URL would be <br />
http://www.example.com/postback.php?cid=#cid&sid=#sid&rate=#rate&status=#status</h3>
<table class='balances' align='center'>
<form method='POST' action=''>";
while($website = mysql_fetch_array($getsites)){
print"
<tr>
<input type ='hidden' name='webid' value='".$website['id']."' />
<td style='font-weight:bold;'>".$website['name']."'s Postback:</td>
<td><input type='text' style='width:400px;' name='website[]' value='".$website['postback']."' /></td>
</tr>";
}
print"
<td style='float:right;position:relative;left:150px;'><input type='submit' name='submit' style='font-size:15px;height:30px;width:100px;' value='Submit' /></td>
</form>
</table>
</div>";
include("footer.php");
?>
What I am attempting to do insert the what is inputted in the text boxes to their corresponding websites, and I cannot think of any other way to do it, and this obviously does not works and returns a notice stating Array to string conversion
If there is a more logical way to do this please let me know.
UPDATE
I added a foreach statement, but this still doesn't seem to solve the problem. It doesn't update anything in the database.

I was able to fix the problem with some trial and error, Lawrence helped with the informing me to use a foreach statement. This is what I have ended up with.
<?php
include("config.php");
include("header.php");
include("functions.php");
if(!isset($_SESSION['username']) && !isset($_SESSION['password'])){
header("Location: pubs.php");
}
$getmember = mysql_query("SELECT * FROM `publishers` WHERE username = '".$_SESSION['username']."'");
$info = mysql_fetch_array($getmember);
$getsites = mysql_query("SELECT * FROM `websites` WHERE publisher = '".$info['username']."'");
$postback = $_POST['website'];
$webname = $_POST['webid'];
if($_POST['submit']){
$i = -1;
foreach ($postback as $key => $value)
{
$i ++;
print_r($webname[$i]);
$update = mysql_query("UPDATE `websites` SET `postback` = '".cleanQuery($postback[$key])."' WHERE `id` = '".$webname[$i]."'") or die("MySQL ERROR: ".mysql_error());
}
}
print"
<div id='center'>
<span id='tools_lander'><a href='export.php'>Export Campaigns</a></span>
<div id='calendar_holder'>
<h3>Please define a postback for each of your websites below. The following variables should be used when creating your postback.<br />
cid = Campaign ID<br />
sid = Sub ID<br />
rate = Campaign Rate<br />
status = Status of Lead. 1 means payable 2 mean reversed<br />
A sample postback URL would be <br />
http://www.example.com/postback.php?cid=#cid&sid=#sid&rate=#rate&status=#status</h3>
<table class='balances' align='center'>
<form method='POST' action=''>";
while($website = mysql_fetch_array($getsites)){
print"
<tr>
<input type ='hidden' name='webid[]' value='".$website['id']."' />
<td style='font-weight:bold;'>".$website['name']."'s Postback:</td>
<td><input type='text' style='width:400px;' name='website[]' value='".$website['postback']."' /></td>
</tr>";
}
print"
<td style='float:right;position:relative;left:150px;'><input type='submit' name='submit' style='font-size:15px;height:30px;width:100px;' value='Submit' /></td>
</form>
</table>
</div>";
include("footer.php");
?>

Why isn't my image showing up?

-------EDIT-------
hi guys, seeing that you solved this problem for me, i thought it would be a good idea to solve the same problem again but on a different page. i cannot get the image to show up.
<?php
$id = $_GET['product_id'];
$query = mysql_query("SELECT * FROM products WHERE serial = '$id'")
or die(mysql_error());
while($info = mysql_fetch_array($query)) {
echo "";
$name = $info['name'];
$description = $info['description'];
$price = $info['price'];
$picture = $info['picture'];
}
?>
<form action="editsuccess.php?product_id=<?php echo $id; ?>" method="post">
Product ID:<br/>
<input type="text" value="<?php echo $id;?>" name="product_id" disabled/>
<br/>
Name:<br/>
<input type="text" value="<?php echo $name;?>" name="name"/>
<br/>
Description:<br/>
<input type="text" value="<?php echo $description;?>" name="description"/>
<br/>
Price:<br/>
<input type="text" value="<?php echo $price;?>" name="price"/>
<br/>
Picture:<br/>
<? echo'<img src="../getImage.php?id=' . $info['serial'] .'"/>'?>
</br>
<input type="submit" value="Update Product"/>
</form>
This is a page where an admin can edit a product from a row in a table.
The image is not showing up for some reason.
Thanks for any suggestions.
------EDIT ENDS HERE--------
I still cannot get my PHP image to show up even after following the right method in uploading an image to the database. the following code is for displaying the image:
<form name="form1">
<input type="hidden" name="productid" />
<input type="hidden" name="command" />
</form>
<table border="0" cellpadding="2px" width="600px">
<?
$result=mysql_query("select * from products");
while($row=mysql_fetch_array($result)){
?>
<tr>
<td><?php '<img src="getImage.php?id=' . $row['serial'] .'"/>'
?>
</td>
<td> <b><?=$row['name']?></b><br />
<?=$row['description']?><br />
Price:<big style="color:green">
£<?=$row['price']?></big><br /><br />
<input type="button" value="Add to Cart" onclick="addtocart(<?=$row['serial']?>)" />
</td>
</tr>
<tr><td colspan="2"><hr size="1" /></td>
<? } ?>
</table>
the getImage.php looks like this:
...
$link = mysql_connect($host, $user, $passwd);
mysql_select_db($dbName);
$query = 'SELECT picture FROM products WHERE serial="' . $_GET['id'] . '"';
$result = mysql_query($query,$link);
$row = mysql_fetch_assoc($result);
echo $row['picture'];
?>
only the name, description and price is showing up on the webpage. my MySQL table looks like this:
serial
name
description
price
picture (blob)

You are not setting the correct Content-type header before echoing out the image data.
You MUST also escape the $_GET['id'] parameter.
// Escape $id
$id = mysql_real_escape_string($_GET['id']);
$link = mysql_connect($host, $user, $passwd);
mysql_select_db($dbName);
// Use the escaped $id
$query = "SELECT picture FROM products WHERE serial='$id'";
$result = mysql_query($query,$link);
if ($result) {
$row = mysql_fetch_assoc($result);
// Set the Content-type
// This assumes image/jpeg. If you have different image types,
// you'll need logic to supply the correct MIME type
// image/jpeg image/png image/gif, etc
header("Content-type: image/jpeg");
echo $row['picture'];
}
?>
In your main script, it looks like you are merely missing an echo
<td><?php '<img src="getImage.php?id=' . $row['serial'] .'"/>'
// Should be
<td><?php echo '<img src="getImage.php?id=' . $row['serial'] .'"/>'
// ------^^^^^^

Categories