Sooooo....
Why is this not changing the content to my database?
<?php
if(isset($_POST['submit']))
{
if( isset($_POST['post_body']) )
{
$post_body = $_POST['post_body'];
$id = $_POST['id'];
$sql = "UPDATE forum_post SET post_body='$post_body' WHERE post_id='$id'";
$res = mysqli_query($mysql, $sql);
}
if( isset($_POST['post_title']) )
{
$post_title = $_POST['post_title'];
$id = $_POST['id'];
$sql = "UPDATE forum_post SET post_title='$post_title' WHERE post_id='$id'";
$res = mysqli_query($mysql, $sql);
}
}
?>
<form action="<?php $_PHP_SELF ?>" method="POST" class="form-horizontal">
<fieldset>
<legend>Edit</legend>
<div class="form-group">
<input type="hidden" name="id" value="<?php echo $post_id; ?>">
<label for="inputTitle" class="col-lg-2 control-label">Title</label>
<div class="col-lg-5">
<input type="text" class="form-control" id="post_title" name="post_title" placeholder="<?php echo $post_title; ?>" value="<?php echo $post_title; ?>">
</div>
</div>
<div class="form-group">
<label for="inputTitle" class="col-lg-2 control-label">Created</label>
<div class="col-lg-5">
<p><?php echo $post_created;?></p>
</div>
</div>
<div class="form-group">
<label for="textArea" class="col-lg-2 control-label">Textarea</label>
<div class="col-lg-10">
<textarea type="text" name="post_body" id="post_body" rows="8" class="col-md-12" value="<?php echo $post_body; ?>" class="form-control" rows="3">
<?php echo $post_body; ?>
</textarea>
<span class="help-block">Here goes the content.</span>
</div>
<div class="col-md-2"><a href class="col-md-2 btn btn-danger btn-block" ng-show="showme" ng-click="showme=false">Back</a></div>
<input class="pull-right col-md-10 btn btn-primary btn-default" id="submit" type="submit" value="Submit" name="submit"/>
</div>
</fieldset>
</form>
I want this to update my post's content & title for now.
Why is this not updating my database?
I can't see errors, nothing.
I can fill the form, press update, no error.
Console is empty too.
Wheres the problem?
You have to escape your values.
$sql = "UPDATE forum_post SET post_body='$post_body' WHERE post_id='$id'";
Could be :
$sql = "UPDATE forum_post SET post_body='".$post_body."' WHERE post_id='".$id."'";
And warning about the injections !
try to echo the error mysql_error() like this
<?php
if(isset($_POST['submit']))
{
if( isset($_POST['post_body']) )
{
$post_body = $_POST['post_body'];
$id = $_POST['id'];
$sql = "UPDATE forum_post SET post_body='$post_body' WHERE post_id='$id'";
$res = mysqli_query($mysql, $sql);
if($res)
{
echo "updated";
} else
{
echo mysqli_error();
}
}
if( isset($_POST['post_title']) )
{
$post_title = $_POST['post_title'];
$id = $_POST['id'];
$sql = "UPDATE forum_post SET post_title='$post_title' WHERE post_id='$id'";
$res = mysqli_query($mysql, $sql);
if($res)
{
echo "updated";
} else
{
echo mysqli_error();
}
}
}
?>
Related
I want to update my form using PHP and SQL but update query not working. select query working but update not working. there is no error. when I am using a select query for show value in the input field and it's working. I am trying much think but not figure out what is the error. I am trying much think but not figure out what is the error.
<?php
include 'connection.php';
include 'config.php';
if (isset($_GET['edit'])) {
{
$topHeading=$_POST['topHeading'];
$mainHeading=$_POST['mainHeading'];
$bottomHeading=$_POST['bottomHeading'];
$filesname = $_FILES['file']['name'];
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["file"]["name"]);
// Select file type
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Valid file extensions
$extensions_arr = array("jpg","jpeg","png","gif","svg");
// Check extension
if( in_array($imageFileType,$extensions_arr) ){
// Convert to base64
$image_base64 = base64_encode(file_get_contents($_FILES['file']['tmp_name']) );
$images = 'data:image/'.$imageFileType.';base64,'.$image_base64;
$sql = "update banner set topHeading='$topHeading', filesname='$filesname', images='$images', mainHeading='$mainHeading', bottomHeading='$bottomHeading' where id='$id'";
if (mysqli_query($connection, $sql)) {
echo "Done";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($connection);
}
// mysqli_close($connection);
// Upload file
move_uploaded_file($_FILES['file']['tmp_name'],$target_dir.$filesname);
if($sql)
{
echo "";
}
else
{
echo "<script>alert('Data not inserted');</script>";
}
}
}
}
$query = mysqli_query($connection, "select * from banner");
while ($row = mysqli_fetch_array($query)) {
echo "<b><a href='editbanner.php?id={$row['id']}'>{$row['topHeading']}</a></b>";
echo "<br />";
}
if (isset($_GET['edit'])) {
echo '<div class="form" id="form3"><br><br><br><br><br><br>
<Span>Data Updated Successfuly......!!</span></div>';
}
?>
<?php
if (isset($_GET['id'])) {
$id = $_GET['id'];
$count = 0;
$mysqli = mysqli_query($connection,"SELECT * FROM banner");
foreach($mysqli as $row){
$count++;
?>
<form class="form-horizontal" method="post" name="form1" id="form1" enctype="multipart/form-data">
<div class="form-group label-floating form-rose">
<label for="brandname" class="control-label col-xs-2">Brand Name of Stock Broker</label>
<div class="col-xs-12">
<input type="text" name="topHeading" id="brandname" class="form-control" value="<?php echo $row["topHeading"]; ?>"/>
<span class="error" id="pointfn"></span>
</div>
</div>
<div class="form-group label-floating form-rose">
<label for="name" class="control-label col-xs-2">Contact Person</label>
<div class="col-xs-12">
<input type="text" name="mainHeading" id="name" class="form-control" value="<?php echo $row["mainHeading"]; ?>"/>
<span class="error" id="pointln"></span>
</div>
</div>
<div class="form-group label-floating form-rose">
<label for="designation" class="control-label col-xs-2">Designation</label>
<div class="col-xs-12">
<input type="text" name="bottomHeading" id="designation" class="form-control" value="<?php echo $row["bottomHeading"]; ?>"/>
<span class="error" id="designationln"></span>
</div>
</div>
<div class="label-floating form-rose file-upload">
<div class="file-select">
<div class="file-select-button" id="fileName">Upload Logo</div>
<div class="file-select-name" id="noFile">No file chosen...</div>
<input type="file" name="file" id="chooseFile" required>
</div>
</div>
<div class="form-group label-floating form-rose">
<div class="col-xs-12"> <input type='checkbox' name='checkbox' id="checkbox" required /> <label for="checkbox" class="col-xs-10 term">I accept the terms and condition</label>
</div>
</div>
<button type="submit" name="edit" value="Submit" id="formT" class="button-cta cta btn" onClick="return validateForm()"> I am Interested!</button>
</form>
<?php }} ?>
</body>
</html>
$id is missing above your update query...
$id = $_REQUEST['id'];
$sql = "update banner set topHeading='$topHeading', filesname='$filesname', images='$images', mainHeading='$mainHeading', bottomHeading='$bottomHeading' where id='$id'";
I am having two different database tables questions and choices where i am inserting questions in one table and multiple choices in another table where questions table id is foreign key in choices table.
Questions:
Questions_number Text
1 What is HTML?
2 What is PHP?
Choices:
id question_number is_correct text
1 1 1 markup
2 1 0 Hyext
3 1 0 Hyper text markup language
4 2 0 hsdfd
5 2 0 frfwer
6 2 1 Hypertext Preprocessor
If i am trying to edit question number 1 then i need to fetch all the details of questions,Choices and correct option as well.But when i am trying to edit the record for choices as well i am getting the same data which i am getting for question.
HTML:
<?php session_start();
include 'includes/db.php';
$id = (int)$_GET['id'];
$sql = "SELECT * FROM questions q WHERE q.question_number = $id ";
$oppointArr =array();
$result = mysqli_query($mysqli,$sql);
if (mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_array($result))
{
$oppointArr = $row;
echo "Text: " . $row["text"]. "<br>";
}
} else {
echo "0 results";
}
?>
<form class="form-horizontal" action="updatequestions.php" method="post" role="form">
<?php if(isset($msg)) {?>
<div class="<?php echo $msgclass; ?>" id="mydiv" style="padding:5px;"><?php echo $msg; ?></div>
<?php } ?>
<input type='hidden' value='<?=$id;?>' name='question_number'>
<h2>Edit A Question</h1>
<div class="form-group">
<label for="questionno" class="col-sm-2 control-label">Question Number</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="<?php echo $oppointArr['question_number'];?>"
name="question_number" id="question_number" readonly>
</div>
</div>
<div class="form-group">
<label for="question" class="col-sm-2 control-label">Question</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="<?php echo $oppointArr['text'];?>" name="question_text" id="question_text">
</div>
</div>
<input type='hidden' value='<?=$id;?>' name='id'>
<h2>Edit A Choice</h1>
<div class="form-group">
<label for="choice #1" class="col-sm-2 control-label">Choice #1</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="<?php echo $oppointArr['choice1'];?>" name="choice1" id="choice1">
</div>
</div>
<div class="form-group">
<label for="choice #2" class="col-sm-2 control-label">Choice #2</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="<?php echo $oppointArr['choice2'];?>" name="choice2" id="choice2">
</div>
</div>
<div class="form-group">
<label for="choice #3" class="col-sm-2 control-label">Choice #3</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="<?php echo $oppointArr['choice3'];?>" name="choice3" id="choice3">
</div>
</div>
<div class="form-group">
<label for="Correct Choice Number:" class="col-sm-2 control-label">Correct Choice Number:</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="<?php echo $oppointArr['is_correct'];?>" name="is_correct" id="is_correct">
</div>
</div>
<div class="col-sm-offset-2">
<button type="submit" class="btn btn-default" name="submit_user" id="subject">Submit</button>
<button type="cancel" class="btn btn-raised">Cancel</button>
</div>
</form>
Updatequestions:
<?php
include 'includes/db.php';
if(isset($_POST['submit_user']))
{
$questiontext = $_POST['question_text'];
$id=$_POST['question_number'];
$correct_choice = $_POST['correct_choice'];
$choices = array();
$choices[1] = $_POST['choice1'];
$choices[2] = $_POST['choice2'];
$choices[3] = $_POST['choice3'];
$choices[4] = $_POST['choice4'];
$choices[5] = $_POST['choice5'];
$query = "UPDATE questions SET text='$questiontext' WHERE question_number = $id";
$insert_row = $mysqli->query($query) or die($mysqli->error.__LINE__);
if($insert_row) {
foreach($choices as $choice => $value){
if($value != ''){
if($correct_choice == $choice){
$is_correct = 1;
} else {
$is_correct = 0;
}
$query = "UPDATE choices SET is_correct='$is_correct', text='$value' WHERE question_number=$id";
$insert_row = $mysqli->query($query) or die($mysqli->error.__LINE__);
if($insert_row){
continue;
} else {
die('Error : ('.$mysqli->errno . ') '. $mysqli->error);
}
}
}
$msg = 'Question has been added';
}
}
?>
If i try to update the record all the fields are updating with the same data.
WARNING: Do not create SQL statements by concatenating the data with SQL. Use prepared statements.
As for your problem, you use the foreign key of the question to update choices. The key is not the primary key of choices and is not unique. Try using the unique primary key for your SQL.
Instead of this:
$query = "UPDATE choices SET is_correct='$is_correct', text='$value' WHERE question_number=$id";
try this:
$query = "UPDATE choices SET is_correct='$is_correct', text='$value' WHERE id=$choice ";
But of course you should really try to do it all over again using prepared statements instead!
<form class="form-horizontal" action="updatequestions.php" method="post" role="form">
<?php if(isset($msg)) {?>
<div class="<?php echo $msgclass; ?>" id="mydiv" style="padding:5px;"><?php echo $msg; ?></div>
<?php } ?>
<input type='hidden' value='<?=$id;?>' name='question_number'>
<h2>Edit A Question</h1>
<div class="form-group">
<label for="questionno" class="col-sm-2 control-label">Question Number</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="<?php echo $oppointArr['question_number'];?>"
name="question_number" id="question_number" readonly>
</div>
</div>
<div class="form-group">
<label for="question" class="col-sm-2 control-label">Question</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="<?php echo $oppointArr['text'];?>" name="question_text" id="question_text">
</div>
</div>
<input type='hidden' value='<?=$id;?>' name='id'>
<h2>Edit A Choice</h1>
<?php
$choicesql = "SELECT * FROM `choices` WHERE question_number = $id ";
$ChoicetArr =array();
$choiceresult = mysqli_query($mysqli,$choicesql);
$inc=1;
$correctAns ="";
if (mysqli_num_rows($choiceresult) > 0)
{
while($rows = mysqli_fetch_array($choiceresult))
{
$ChoicetArr[] = $rows;
?>
<div class="form-group">
<label for="choice #<?php echo $inc;?>" class="col-sm-2 control-label">Choice #<?php echo $inc;?></label>
<div class="col-sm-5">
<input type="hidden" name="choice_id<?php echo $inc;?>" value="<?php echo $rows['id'];?>">
<input type="text" class="form-control" value="<?php echo $rows['text'];?>" name="choice<?php echo $inc;?>" id="choice<?php echo $inc;?>">
</div>
</div>
<?php
//print_r($rows);
if($rows['is_correct']=="1"){
$correctAns = '<input type="hidden" name="choice_id'.$inc.'" value="'.$rows['id'].'"><div class="form-group">
<label for="Correct Choice Number:" class="col-sm-2 control-label">Correct Choice Number:</label>
<div class="col-sm-5">
<input type="text" class="form-control" value="'.$inc.'" name="is_correct" id="is_correct">
</div>
</div>';
}
$inc++;
}
}
echo $correctAns;
?>
<div class="col-sm-offset-2">
<button type="submit" class="btn btn-default" name="submit_user" id="subject">Submit</button>
<button type="cancel" class="btn btn-raised">Cancel</button>
</div>
</form>
updatequestions.php
<?php
include 'includes/db.php';
if(isset($_POST['submit_user']))
{
$questiontext = $_POST['question_text'];
$id=$_POST['question_number'];
$correct_choice = $_POST['is_correct'];
$choices = array();
$choices[] = array("question"=>$_POST['choice1'], "answer"=>$_POST['choice_id1']);
$choices[] = array("question"=>$_POST['choice2'], "answer"=>$_POST['choice_id2']);
$choices[] = array("question"=>$_POST['choice3'], "answer"=>$_POST['choice_id3']);
$choices[] = array("question"=>$_POST['choice4'], "answer"=>$_POST['choice_id4']);
$choices[] = array("question"=>$_POST['choice5'], "answer"=>$_POST['choice_id5']);
$query = "UPDATE questions SET text='$questiontext' WHERE question_number = $id";
$insert_row = $mysqli->query($query) or die($mysqli->error.__LINE__);
if($insert_row)
{
$inc= 0;
foreach($choices as $choice => $value){
if(count($value)>0){
$answerInc = $choice+1;
if($correct_choice == $answerInc){
$is_correct = 1;
} else {
$is_correct = 0;
}
$text= $value['question'];
$answer = $value['answer'];
//echo "<br>".$text;
//print_r($value);
echo $answerInc;
echo "<br>";
echo $query = "UPDATE choices SET is_correct='$is_correct', text='$text' WHERE id=$answer";
$insert_row = $mysqli->query($query) or die($mysqli->error.__LINE__);
if($insert_row){
continue;
} else {
die('Error : ('.$mysqli->errno . ') '. $mysqli->error);
}
}
$inc++;
}
$msg = 'Question has been Updated Successfully';
header("location:searchquestions.php");
exit;
}
}
?>
Im having a problem in updating the database,
This is my first page,
<div class="col-md-4">
<div class="createnewbox">
<form name="Edit Admin Infomation" class="form-horizontal" method="post" action="adminUpdateProductDetail.php?cat=<?php echo $product['categoryid']; ?>&code=<?php echo $product['productname']; ?>">
<h2>Edit Product Information</h2>
<div class="form-group">
<label class="col-sm-2 control-label">Name</label>
<br/>
<br/>
<div class="col-md-11">
<input type="text" class="form-control" value="<?php echo $product['productname']; ?>" name="productname">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Price</label>
<br/>
<br/>
<div class="col-md-11">
<input type="text" class="form-control" value="<?php echo $product['price']; ?>" name="price">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Dimension</label>
<br/>
<br/>
<div class="col-md-11">
<input type="text" class="form-control" value="<?php echo $product['dimension']; ?>" name="dimension">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Description</label>
<br/>
<br/>
<div class="col-md-11">
<textarea type="text" class="form-control" rows="8" name="productinfo">
<?php echo $product[ 'productinfo']; ?>
</textarea>
</div>
</div>
<div class="form-group">
<div class="col-md-11">
<input type="submit" value="Update Information" class="btn btn-success">
<script>
function reset() {
location.reload();
}
</script>
<button class="btn btn-info" onclick="reset()">undo</button>
</div>
</div>
<?php ?>
</form>
</div>
</div>
This is my adminUpdateProductDetail.php,
<?php
include 'adminNavBar.php';
require 'dbfunction.php';
$con = getDbConnect();
$price = $_POST['price'];
$name = $_POST['productname'];
$info = $_POST['productinfo'];
$dimension = $_POST['dimension'];
$cat= $_GET['cat'];
$code= $_GET['code'];
?>
<div class="space">
<div class="container">
<div class="row">
<?php
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE product SET price = '$price', productname = '$name', productinfo = '$info', dimension = '$dimension' WHERE categoryid = '$cat' AND productname = '$code'";
if (mysqli_query($con, $sqlQueryStr)) {
$recordid = mysqli_insert_id($con);
mysqli_query($con, $sqlQueryStr);
}
mysqli_close($con);
echo "$name Product details updated.";
} else {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
</div>
</div>
</div>
I gotten no error message, the system echo out success. But my database was not updated. I not sure where when wrong.
Try this
<?php
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE product SET price = '$price', productname = '$name', productinfo = '$info', dimension = '$dimension' WHERE categoryid = '$cat' AND productname = '$code'";
if (mysqli_query($con, $sqlQueryStr)) {
$result = mysqli_query($con, $sqlQueryStr);
if($result === FALSE){
printf("Erreur : %s\n", mysqli_error($link));
}
$recordid = mysqli_insert_id($con);
}
mysqli_close($con);
echo "$name Product details updated.";
} else {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
</div>
The doc to help you: http://php.net/manual/en/mysqli.query.php#example-1766 procedural style
mysqli_insert_id always after the mysqli_query update request.
No error with the connection but can be with the query
When I submit this form this error appears NO SQL INJECTION.
The action of this form is the same file ..
I tried to do a lot of solutions and nothing works!
How can I escape that error? There is no change on the database.
Here is the php code
<?php
include '../inc/config.php';
include 'dbc.php';
page_protect();
if(!checkAdmin()) {
header("Location: login.php");
exit();
}
$ads_id = (isset($_GET['id']) ? $_GET['id'] : NULL);
if (!is_numeric($ads_id)) { die ('No SQL INJECTION') ;};
if ($ads_id) {
$img_ads_info = $mysqli->query("SELECT * FROM `ads_image` WHERE `id` = '$ads_id'");
$row = $img_ads_info->fetch_object();
$section_id = $row->user_id;
$ads2 = $mysqli->query("SELECT users.company_name FROM ads_image,users where
ads_image.user_id = users.id AND ads_image.user_id='$section_id'");
$row2 = $ads2->fetch_object();
?>
<div class="panel panel-default ">
<div class="panel-heading" id="accordion"><span class="glyphicon
glyphicon-comment"></span><?php echo $row->description; ?></div>
<div class="panel-body">
<form role="form" action="manage_images_ads.php" method="POST">
<div class="form-group">
<input type="hidden" name="id" value="<?php echo $row->id;
?>" />
<label>اسم المؤسسة المعلنة</label>
<input required name="company_name" class="form-
control" type="text" maxlength="255" value="<?php echo $row2->company_name; ?>"/>
</div>
<div class="form-group">
<label>عنوان الإعلان</label>
<input required name="title" class="form-control"
type="text" maxlength="255" value="<?php echo $row->title; ?>"/>
</div>
<div class="form-group">
<label>صورة الإعلان</label>
<img src="upload/<?php echo $row->up; ?>" />
</div>
<div class="form-group">
<label>عدد المشاهدات</label>
<input required name="views" class="form-control"
type="text" maxlength="255" value="<?php echo $row->views; ?>"/>
</div>
<div class="form-group">
<label>رابط الإعلان</label>
<input required name="ad_link" class="form-control"
type="text" maxlength="255" value="<?php echo $row->ad_link; ?>"/>
</div>
<button style="float:left" type="submit"
value="submit" class="btn btn-success btn-md" id="btn-chat">Send</button>
</div>
</form>
<?php
if(isset($_POST['submit'])) {
$title = $mysqli->real_escape_string($_POST['title']);
$ad_link = $mysqli->real_escape_string($_POST['ad_link']);
$views = $mysqli->real_escape_string($_POST['views']);
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$sql = "UPDATE ads_image SET `title`='$title',`ad_link`='$ad_link',`views`='$views'
WHERE `id`='$ads_id'";
if ($mysqli->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $mysqli->error;
}
$mysqli->close();
}
}
?>
The reason is that your form has 'method="POST"' while php is looking for id in the $_GET superarray. Just change
$ads_id = (isset($_GET['id']) ? $_GET['id'] : NULL);
to
$ads_id = (isset($_POST['id']) ? $_POST['id'] : NULL);
and it should start work properly.
please help me with MySQL UPDATING
This is my code for updating records:
<?php
if ( isset($_GET['id'])) {
$id = $_GET['id'];
$sql = mysqli_query($link, "SELECT * FROM changelog WHERE id='".$_GET['id']."'");
$row = mysqli_fetch_array($sql);
}
if ( isset($_POST['novavsebina'])) {
$novavsebina = $_POST['novavsebina'];
$id = $_POST['id'];
$sql = mysqli_query($link, "UPDATE changelog SET vsebina = '" . $novavsebina . "' WHERE id='".$_POST['id']."', date='".$_POST['date']."'");
header('Location: changelog.php');
}
?>
<div class="container main">
<div class="row">
<div class="page-header">
<h1>Changelog <small>Urejanje</small></h1>
</div>
<form role="form" action="uredi.php" method="post" accept-charset="utf-8">
<textarea name="novavsebina"><?php echo $row['vsebina']; ?></textarea>
<input type="hidden" name="id" value="<?php echo $row['id'] ?>">
<input type="date" name="date" value="<?php echo $row['date']; ?>" placeholder="">
<button type="submit" style="margin-top: 20px" class="btn btn-primary"><i class="glyphicon glyphicon-plus"></i> Dodaj</button>
</form>
</div>
</div>
When Im trying to update it won't update, not even give me error...
You're getting errors. You're just not checking them.
Your query has a syntax error:
"WHERE id='".$_POST['id']."', date='".$_POST['date']."'"
should be
"WHERE id='".$_POST['id']."' AND date='".$_POST['date']."'"