I almost have it but I am missing something. The form is being sent and the row is being created but there is not data. It is blank (both the email and the database). I know it is something simple I am missing but I cannot figure it out.
There is no errors, the form disappears like it is supposed to. I am getting an email but there is no userdata in it. It creates a row in the database, but again there is no data being put in the row.
If anyone can look at my code below and tell me what I am missing to make the inputed info be seen, I would sure appreciate it.
I have searched and searched and tried different things but I cannot get it to send the info.
AJAX_Quote.php
<?php
include_once('class/class_email.php');
$connect = mysqli_connect("localhost","admin","password","database");
$FName = $_POST['Form_FName'];
$LName = $_POST['Form_LName'];
$Email = $_POST['Form_Email'];
$Company = $_POST['Form_Company'];
$Number = $_POST['Form_Number'];
$Comments = $_POST['Form_Comments'];
$EID = $_POST['eid'];
//$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `id`='$EID' LIMIT 1;";
//$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link);
//$row = mysql_fetch_assoc($R_GetEquipment);
$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `id`='$EID' LIMIT 1;";
$result = mysqli_query($connect,$SQL_GetEquipment);
$row = mysqli_fetch_assoc($result);
$EmailBody = "$FName $LName has requested a quote from NAPE on Item $EID\n
Information on quote request: \n
Name: $FName $LName \n
Email: $Email \n
Company: $Company \n
Number: $Number \n
Comments: $Comments \n
\n
Information Requested for: {$row['itemname']}\n
The URL to {$row['itemname']} is: http://www.domain.com/new-product.php?Item=$EID
\n
Click to send a quote now:\n
http://www.domain.com/Admin/send-quote.php?id=$EID ";
$e = new email();
//First value is the URL of your server, the second the port number
$e->set_server( 'mail.domain.com', 26);
//First value is your username, then your password
$e->set_auth('noreply#domain.com', 'nape112233');
//Set the "From" setting for your e-mail. The Name will be base64 encoded
$e->set_sender( 'Quote Requested', 'noreply#domain.com' );
//for one recipient
$send_to = array('email#gmail.com');
//you may also specify multiple recipients by creating an array like this:
//$send_to = array('foo1#localhost.local', 'foo2#localhost.local', 'foo3#localhost.local');
$subject = 'Quote Request from NAPE';
$body = "$EmailBody";
if( $e->mail($send_to, $subject, $body, $headers) == true )
{
//message was received by the smtp server
//['last'] tends to contain the queue id so I like to save that string in the database
echo 'last: '.htmlspecialchars($e->srv_ret['last']).'';
}else{
//something went wrong
echo 'all: '.nl2br(htmlspecialchars($e->srv_ret['all'])).'';
echo 'full:'.nl2br(htmlspecialchars($e->srv_ret['full'])).'';
}
mysqli_query($connect,"INSERT INTO users (`fname`,`lname`,`email`,`company`,`number`)
VALUES ('$FName','$LName','$Email','$Company','$Number')");
?>
My form code
<form id="contact" name="contact" action="#" method="post" style="width:600px">
<br />
<table width="80%">
<tr>
<td width="36%">*First Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_FName" name="Form_FName" />
</td>
</tr>
<tr>
<td width="36%">*Last Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_LName" name="Form_LName" />
</td>
</tr>
<tr>
<td width="36%">Company Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_Company" name="Form_Company" />
</td>
</tr>
<tr>
<td>*Your E-Mail:</td>
<td> </td>
<td>
<input type="text" id="Form_Email" name="Form_Email" />
</td>
</tr>
<tr>
<td width="36%">*Phone Number:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_Number" name="Form_Number" />
</td>
</tr>
<tr>
<td width="36%" h>Comments:</td>
<td width="3%"> </td>
<td width="61%">
<textarea id="Form_Comments" name="Form_Comments" cols="25" rows="3"></textarea>
</td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
<tr>
<td width="36%" align="center" colspan="3">
<button id="send">Request Quote</button>
</td>
</tr>
<tr>
<td colspan="5"> </td>
</tr>
<tr>
<td width="100%" colospan="3">
<b><?php echo $itemname; ?></b>
<br />
<br /> Manufacturer: <?php echo $manufactuer;?>
<br /> Model: <?php echo $model;?>
<br /> Category: <?php echo $category;?>
<br />
</td>
</tr>
</table>
</form>
</div>
<!-- basic fancybox setup -->
<script type="text/javascript">
$(document)
.ready(function () {
$(".modalbox").fancybox();
$("#contact").submit(function () {
return false;
});
$("#send").on("click", function () {
{
// if both validate we attempt to send the e-mail
// first we hide the submit btn so the user doesnt click twice
$("#send").replaceWith("<em>Your request has been sent...</em>");
$.ajax({
type: "POST",
url: "AJAX_Quote.php",
data: $("#idForm").serialize(),
success: setTimeout(function () { parent.$.fancybox.close(); }, 2000)
});
}
});
});
</script>
The name of your form inputs is of the format name="Form_FName" but in your PHP you refer to them as $FName = $_POST['fname'];. The correct PHP would be $FName = $_POST['Form_FName'];
Also I suggest escaping your input fields to avoid SQL injection. Check out mysqli_real_escape_string.
http://php.net/manual/en/mysqli.real-escape-string.php
Related
So I'm having a challenge with a subscription system that I've been building.
I'm using a simple login php page to validate the username and password of the user against the DB, once authenticated the script creates a secure session and calls the edit_subscription.php file and passes the ID of the user through the Url.
The edit_subscription.php file takes the ID and pulls the user info using MYsql
and loads their info into a form. The user can then edit or modify their subscription details and press the submit button to update the DB.
Everything works except the mysql Update back to the DB.
I've managed to narrow the problem down to the ID variable
If I hardcode the variable into the update command it works and the db is updated
If I hardcode the ID into a variable used in the update command, it works up to a point. if I move that hardcoded variable in front of line 42 the update command will no longer work.
I think it's something to do with the post command, but even when I load the old ID into a hidden form and try to have it repost for the update command it still doesn't work and treats the variable as if it's empty.
I've tried for hours to get this working, and just can seem to get it going.
anyone have any suggestions pertaining to specifically this issue
(please don't comment of security or, best practices unless it relates specifically to the issue described thanks)
<?
$id = htmlspecialchars($_GET['ID']);
$username="****";
$database="****";
$host="****";
$pass ="****";
mysql_connect($host,$username,$pass);
#mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT * FROM `****`.`****` WHERE `Subscriber ID` = '$id' LIMIT 1");
$name_old=mysql_result($result,0,"Name");
$address1_old=mysql_result($result,0,"Address 1");
$address2_old=mysql_result($result,0,"Address 2");
$city_old=mysql_result($result,0,"City");
$prov_old=mysql_result($result,0,"Prov");
$postal_old=mysql_result($result,0,"Postal");
$country_old=mysql_result($result,0,"Country");
$email_old=mysql_result($result,0,"Email");
$qty_old=mysql_result($result,0,"qty");
$status_old=mysql_result($result,0,"Status");
$ezine_old=mysql_result($result,0,"Ezine");
$mailout_old=mysql_result($result,0,"Mailout");
$password_old=mysql_result($result,0,"Password");
$nameErr = $emailErr = $passwordErr = "";
$name=$_POST['name'];
$email=$_POST['email'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$city=$_POST['city'];
$province=$_POST['prov'];
$postal=$_POST['postal'];
$country=$_POST['country'];
$password=$_POST['password'];
$mailout=$_POST['mailout'];
$ezine=$_POST['ezine'];
$status="Subscribed";
$qty=$_POST['qty'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["password"])) {
$passwordErr = "* Password is required";
}
if (empty($_POST["name"])) {
$nameErr = "* Name is required";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "* Invalid Characters";
}
}
if(isset($_POST['mailout'])){}
else{
$mailout="NO";
}
if(isset($_POST['ezine'])){}
else{
$ezine="NO";
}
if (empty($_POST["email"])) {
$emailErr = "* Email is required";
} else {
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "* Invalid email";
}
}
if($name != NULL AND $nameErr == ""){
if($email != NULL AND $emailErr == ""){
if($password != NULL AND $passwordErr == ""){
mysql_query("UPDATE `Subscribers` SET
`Name` ='$name',
`Email` = '$email',
`Address 1` = '$address1',
`Address 2` = '$address2',
`City` = '$city',
`Prov` = '$province',
`Postal` = '$postal',
`Country` = '$country',
`Password` = '$password',
`qty` = '$qty',
`Status` = '$status',
`Mailout` = '$mailout',
`Ezine` = '$ezine',
WHERE `Subscriber ID` = $id");
mysql_close();
echo ("<p align=\"center\"><font color=\"red\">Thank you for updating your subscription, you should receive an email confirmation shortly</font></p>");
}
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table width="100%" border="0">
<tr>
<td width="11%" align="right">Name</td>
<td width="3%"> </td>
<td width="47%"><input type="text" name="name" value="<?php echo $name_old;?>">
<font color="red"> <?php echo $nameErr;?></font></td>
<td width="39%" bgcolor="#CCCCCC"><input type="checkbox" name="ezine" value="YES"
<? if($ezine_old =="YES"){echo "checked";} ?>>
Subscribe by email</td>
</tr>
<tr>
<td width="11%" align="right">Address 1</td>
<td> </td>
<td width="47%"><input type="text" name="address1" value="<?php echo $address1_old;?>"></td>
<td bgcolor="#CCCCCC"><input type="checkbox" name="mailout" value="YES" <? if($mailout_old =="YES"){echo "checked";} ?>>
Subscribe by Post </td>
</tr>
<tr>
<td width="11%" align="right">Address 2</td>
<td> </td>
<td width="47%"><input type="text" name="address2" value="<?php echo $address2_old;?>"></td>
<td bgcolor="#CCCCCC"><input type="text" name="qty" value="<?php echo $qty_old;?>" size="5">
# of copies.</td>
</tr>
<tr>
<td align="right">City</td>
<td> </td>
<td><input type="text" name="city" value="<?php echo $city_old;?>"></td>
<td> </td>
</tr>
<tr>
<td align="right">Province</td>
<td> </td>
<td><input type="text" name="prov" value="<?php echo $prov_old;?>" >
<td> </td>
</tr>
<tr>
<td align="right">Postal</td>
<td> </td>
<td><input type="text" name="postal"value="<?php echo $postal_old;?>" ></td>
<td></td>
</tr>
<tr>
<td align="right">Country</td>
<td> </td>
<td><input type="text" name="country" value="<?php echo $country_old;?>" ></td>
<td> </td>
</tr>
<tr>
<td align="right">Email</td>
<td> </td>
<td colspan="2"><input type="text" name="email" value="<?php echo $email_old;?>">
<font color="red"><?php echo $emailErr;?></font></td>
</tr>
<tr>
<td align="right">Password</td>
<td> </td>
<td colspan="2"><input type="password" name="password" value="<?php echo $password_old;?>">
<font color="red"> <?php echo $passwordErr;?></font></td>
</tr>
<tr>
<td align="right"> </td>
<td> </td>
<td> </td>
<td></td>
</tr>
<tr>
<td align="right"> </td>
<td><img src="images/shim.png" width="20" height="20" /></td>
<td><input type="Submit" ></td>
<td> </td>
</tr>
</table>
<p> </p>
</form>
There is a comma after
Ezine = '$ezine' ,
Remove it. Also you shall also use mysqli extension or PDO sql . mysql_ is deprecated
As you said, there is a lot wrong with that code.. however to satisfy your question here is the simple answer:
You left an extra comma in your update statement.
`Ezine` = '$ezine',
In the future try always checking if the query went through.
$result = mysql_query(..);
if($result) {
// it worked
} else {
// it failed
echo mysql_error(); // or mysqli_error($link); or $link->error, etc.
}
Best of luck
At present I have set 4 variables, the values of which are then stored into mysql. This works fine. However, I don't want to set the values but write a line of code that takes these values from my form (on the same page). I have set the form method to POST and added specialchars to help security. Can someone pretty please show me one or two lines of code so I don't have to write ="John Doe". Please remember that I am very new all of this
<?php
// Connect to the Database
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "topsecretDontTell";
$dbname = "gaming";
$connection = mysqli_connect($dbhost,$dbuser,$dbpass,$dbname);
// Show error if connection fails
if(mysqli_connect_errno()){
die("Database connection failed: " .
mysqli_connect_error() .
" (" . mysqli_connect_errno() .")"
);
}
?>
<?php
// ordertbl
$customer_name = "John Doe";
$game_id = 3;
$reservation_start = "2015-01-05";
$requested_days = 1;
// removes single quotes (escapes strings)
$customer_name = mysqli_real_escape_string($connection, $customer_name);
//add into ordertbl
$query = "INSERT INTO ordertbl (customer_name,game_id,reservation_start,requested_days) VALUES ('{$customer_name}',{$game_id},'{$reservation_start}', {$requested_days})";
//Run query and test if there was a query error
$result = mysqli_query($connection, $query);
if (!$result) {
die("Database query failed.");
}
?>
<?php
//determine the name of the game via its id using a function
function GameTitle ($game_id){
$message = "";
if ($gameid ==1){
$message = "Fantasy World";
}
else if ($gameid ==2){
$message = "Sir Wags A Lot";
}
else if ($gameid ==3){
$message = "Take a Path";
}
else if ($gameid ==4){
$message = "River Clean Up";
}
else if ($gameid ==5){
$message = "PinBall";
}
else if ($gameid ==6){
$message = "Ghost girl";
}
else if ($gameid ==7){
$message = "Dress up";
}
else if ($gameid ==8){
$message = "Where is my hat?";
}
else {
$message = "Invalid ID";
}
return $message;
}
?>
</body>
</html>
<!--Link to the style sheet-->
<link href="styles.css" rel="stylesheet" type="text/css">
</head>
<!--Create Header (logo, title and navigation bar)-->
<body>
<div id='main'>
<div id='titleImage'><img title='Home' src='images/GLLogo.png' width='700' height='190' alt='Games Library Title' /></div>
<div id='menu-wrapper'>
<div id='menu'>
<ul>
<li><a href='index.html'>Home</a></li>
<li class='current_page_item'><a href='#'>Reservations</a></li>
</ul>
</div>
</div>
<!--Make the form-->
<div class="form">
<h1>Reservations</h1>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table width="755" border="3" cellpadding="6">
<tr>
<td width="195" align="right" bgcolor="#FF0000"><label for="customer_name">Name:</label></td>
<td width="370"><input name="customer_name" autofocus type="text" id="customer_name" size="35" maxlength="90" required autocomplete="off" /></td>
</tr>
<tr>
<td align="right" bgcolor="#FF0000"><label for="game_id">Game's ID:</label></td>
<td><input name="game_id" type="number" id="game_id" size="35" maxlength="50" min="1" /></td>
</tr>
<tr>
<td width="195" align="right" bgcolor="#FF0000"><button onClick="GameTitle(); return false">Search</button></td>
<td><input name="Result" type="text" id="demo" size="35" maxlength="50" /></td>
</tr>
<tr>
<td align="right" bgcolor="#FF0000"><label for="Loan">Number of Days you wish to borrow the Game</label></td>
<td><select name="requested_days" id="requested_days">
<option selected="1">1</option>
<option value="2">2</option>
<option value="3">3</option>
<option value="4">4</option>
<option value="5">5</option>
</select></td>
</tr>
<tr> <!--put date into value field to get a calendar-->
<td align="right" bgcolor="#FF0000"><label for="reservation">Reservation Date:</label></td>
<td><input id="reservation_start" input name="reservation_start" type="" value="" placeholder="YYYY/MM/DD" pattern="(?:19|20)[0-9]{2}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1[0-9]|2[0-9])|(?:(?!02)(?:0[1-9]|1[0-2])-(?:30))|(?:(?:0[13578]|1[02])-31))" title="The date should be in the exact format: YYYY-MM-DD with leading zeros where necessary"/>
</tr>
<tr>
<td align="right" bgcolor="#FF0000"><label for="mysearch2">Enter your search string here : </label></td>
<td><input {background-colour: #E5F5EF;} id="mysearch2" type="search" placeholder="search"size="35" maxlength="50"/>
</tr>
<tr>
<td align="right" bgcolor="#FF0000"><input type="reset" name="Reset" id="button" value="Reset Form" /></td>
<td><input type="submit" name="button2" id="button2" value="Submit Form" /></td>
</tr>
</table>
</form>
</div>
</div>
</body>
</html>
<?php
// get rid of data in cache and close
mysqli_close($connection);
?>
Use the following, taking the POST variable from your form's <input name="customer_name"... element:
$customer_name=stripslashes($_POST['customer_name']);
$customer_name=mysqli_real_escape_string($connection,$_POST['customer_name']);
which will allow for names containing apostrophes like John O'Reilly.
Plus, you have function GameTitle ($game_id) therefore you most likely meant to use function GameTitle ($gameid)
You should use $_POST. In that array are post data. For example:
$customer_name = $_POST['name'];
I am working on a web based contact list for a friend. I have the html portion all done and working on the PHP scripts and such. I have the main page as a table in a while loop enclosed in form tags. I need two things to happen but not sure how to get this accomplished.
First, each row has to have two submit buttons, which one goes to edit and the other to details, and carries over the values in the global $_POST.
Second, the list will be about 300 rows, so i am using a while loop to create the table.
I have the form working and passing the data but it is always passing the last row of the table. Here is my main page with the table:
<?php
if
(!isset ($_SESSION['username']))
{
session_start();
}
?>
<html>
<head>
<title>Client Contact List</title>
</head>
<?php
$user1 = implode(',',$_SESSION);
//DB information
require_once('/includes/db.php');
//Declaring edit and details
$edit = "<INPUT type='image' src='/addressbook/images/edit.png' onclick='\addressbook\edit.php'>";
$details = "<INPUT type='image' src='/addressbook/images/contact.gif' name='details' onclick='f1.action='\addressbook\contact_details.php'>";
//Table declarations and such
mysql_connect("$host", "$username", "$password") or die(mysql_error());
mysql_select_db("$db_name")or die("cannot select DB");
$result = mysql_query("SELECT * FROM contacts") or die(mysql_error());
$num=mysql_numrows($result);
$user1 = implode(',',$_SESSION);
$userresults = "SELECT first FROM i_user where userid IN $user1";
$user = mysql_query($userresults);
// print_r ($_SESSION);
// print_r ($_POST);
?>
<body style="background-image: url('Images/background_login.jpg');">
<br><br><br><br><br><br>
<table>
<br><br>
<tr><td width="500">Welcome Back, <?php echo $user; ?></td><td width="500"></td><td width="300"><form name="search" method="post" id="searchform" action="<?php echo $_SERVER['PHP_SELF'];?>"><label for="searchtext">Search: </label><input type="text" name="name" /> <input type="submit" name="submit" value="Search" /></form>
</td></tr>
</table>
<br>
<form name="f1" method="post" action="/addressbook/edit.php">
<table border="1">
<tr>
<?php
echo "<table border='1'>";
echo "<tr>
<th>First</th>
<th>Last</th>
<th>Company</th>
<th>Primary Email</th>
<th>Secondary Email</th>
<th>Primary Phone</th>
<th>Second Phone</th>
<th>Action</th>
</tr>";
$i=0;
while ($i<$num) {
$id = mysql_result($result,$i,"id");
$first = mysql_result($result, $i, "first");
$last = mysql_result($result,$i, "last");
$company = mysql_result($result, $i, "company");
$email1 = mysql_result($result,$i, "email1");
$email2 = mysql_result($result,$i, "email2");
$phone = mysql_result($result,$i, "phone");
$mobile = mysql_result($result,$i, "mobile");
// Print out the contents of each row into a table
echo "<tr><td width = '100'><center><input type='hidden' value='$first' name='first'>";
echo $first;
echo "</center></td><td width = '100'><center><input type='hidden' value='$last' name='last'>";
echo $last;
echo "</center></td><td width = '100'><center><input type='hidden' value='$company' name='company'>";
echo $company;
echo "</center></td><td width = '100'><center><input type='hidden' value='$email1' name='email1'>";
echo $email1;
echo "</center></td><td width = '100'><center><input type='hidden' value='$email2' name='email2'>";
echo $email2;
echo "</center></td><td width = '100'><center><input type='hidden' value='$phone' name='phone'>";
echo $phone;
echo "</center></td><td width = '100'><center><input type='hidden' value='$mobile name='mobile'>";
echo $mobile;
echo "</center></td><td width = '100'><center>";
echo $edit;
echo "    ";
echo $details;
echo "</td></center></tr>";
echo "<input type='hidden' value='$id name='id'></td>";
$i++;
}
?>
</tr>
</table>
</form>
</body>
</html>
This get directed to either the details or edit page. Below is the edit page....
<?php
if
(!isset ($_SESSION['username']))
{
session_start();
}
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Contact Information</title>
</head>
<?php
//DB information
require_once('/includes/db.php');
mysql_connect("$host", "$username", "$password") or die(mysql_error());
mysql_select_db("$db_name")or die("cannot select DB");
$id = $_POST['id'];
$first = $_POST['first'];
$last = $_POST['last'];
$company = $_POST['company'];
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$phone = $_POST['phone'];
$mobile = $_POST['mobile'];
//pulling the record id from the main login page.
$first=$_POST['first'];
$query="SELECT * FROM contacts where last=$last";
$result=mysql_query($query);
print_r($_POST);
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<body style="background-image: url('Images/background_login.jpg');">
<br><br><br><br><br>
<!-- First Table with the back and search option but disabled for now -->
<table>
<br>
<tr>
<td width="500">
<input type='button' value='Back' onClick='history.go(-1)'>
</td>
<td width="500"></td>
<td width="300">
<!-- <form name="search" method="post" id="searchform" action="<?php echo $_SERVER['PHP_SELF'];?>">
<label for="searchtext">Search: </label>
<input type="text" name="name" /> <input type="submit" name="submit" value="Search" />
</form> -->
</td>
</tr>
</table>
<br><br>
<center>
<!-- Second Table with form data pulled out for Identify -->
<table>
<tr>
<th>
<table>
<tr>
<td bgcolor="silver" colspan="4"><center>Identify</center></td>
</tr>
<tr>
<td width="100"><center><b>Title</b></center></td>
<td width="100"></td>
<td width="150"><center><b>Company Name</b></center></td>
</tr>
<tr>
<td width="100"><input value="Title"></td>
<td width="100"></td>
<td width="100"><? echo $company ?></td>
</tr>
<tr><td colspan="4"></td></tr>
<tr>
<td width="100"><center><b>First Name</b></center></td>
<td width="100"></td>
<td width="100"><center><b>Last Name</b></center></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
</table>
</th> <!-- Space between the contact info and Indenty -->
<td width="100">
</td>
<th>
<td> <!-- Third Table with form data pulled out -->
<table>
<tr>
<td bgcolor="silver" colspan="4"><center>Contact Information</center></td>
</tr>
<tr>
<td width="100"><center><b>Office Phone</b></center></td>
<td width="100"></td>
<td width="150"><center><b>Mobile Name</b></center></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
<tr>
<td colspan="4"></td>
</tr>
<tr>
<td width="100"><b>Primary Email</b></td>
<td width="100"></td>
<td width="150"><b>Secondary Email</b></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
</table>
</td>
</th>
<tr height="100"> <td colspan="9"></td> </tr>
<th class="style2">
<table>
<tr width="400"></tr>
<tr>
<td bgcolor="silver" colspan="4"><center>Applications Used</center></td>
</tr>
<tr>
<td width="100"></td>
</tr>
<tr>
<td colspan="4"></td>
</tr>
<tr>
<td width="100"></td>
</tr>
<tr>
<td width="100"></td>
<td width="100"></td>
<td width="100"></td>
<td width="100"></td>
</tr>
</table>
</th>
<td width="200"></td>
<td>
<th class="style2">
<table>
<tr>
<td bgcolor="silver" colspan="4"><center>Internal Information</center></td>
</tr>
<tr>
<td width="100"><center><b>Account Mgr</b></center></td>
<td width="100"></td>
<td width="150"><center><b>Client Relations</b></center></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
<tr><td colspan="4"></td></tr>
<tr>
<td width="200"><center><b>Acct Development</b></center></td>
<td width="100"></td>
<td width="100"><center><b>Project Mgr</b></center></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
</table>
</th>
</td>
</table>
</center>
</body>
</html>
Any thoughts on how to get this done?
Put the form tag inside the loop. And place the submit button inside the form tag.
It sounds like you need a lot of form, instead of a form with a lot of field.
Yet another suggestion.. jqgrid may be a good thing to use here. look it up if you got a chance.
The problem is you are creating a ton of elements that have the same name... Every row has a input by the name of email1, email2, phone, mobile, etc.
when you submit the form it just takes the value of the last html element with the given name. So it will alwyas give you the last row.
What you can do is only have 1 hidden input for each attribute. Then when you select a row, you can set the values for the hidden inputs using javascript.
HOWEVER, to make it more simple... You are already storing all of the users data in a database so you don't need to pass it all to the next page. Just pass the id to the next page, then when you get to the next page perform a select query to get all of that user's data.
This way you can have 1 hidden input for the id. When the user selects the row they want to edit use Javascript to set the value of that input.
Each button should look something like this:
echo "<input type=\"button\" onclick=\"document.form.id=$id\">";
The input should look something like this:
echo "<input type=\"hidden\" name=\"id\"/>";
Then on the edit page use :
$id = $_POST['id'];
$query = "SELECT id, first, last, company, email1, email2, phone, mobile
FROM contacts WHERE ID=$id"
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$id = $row['id'];
$first = $row['first'];
etc...
G'Day
I have a php page that I want to edit an entry but for the life of me I can not figure out why it is coming up with this erro.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= po_postcode = '4060', email ='-', phone = '732997688', fax = '' WHERE id='1'' at line 1
HELP I am desperate and going insane. (Similar Code works on another page but not this one)....
Can someone PLEASE HELP.
{
<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<table width="347" border="0" align="center">
<tr valign="baseline">
<td align="right" nowrap="nowrap"><p align="center"><img src="hartwell_banner.JPG" width="624" height="134" /></p>
</tr>
</table>
<table align="center">
<tr valign="baseline">
<td width="290" align="right" nowrap="nowrap"><div align="left"><h2 align="left"><p align="left">Enter a New Contact</p></h2></div></td>
<td width="290" align="center" nowrap="nowrap"><div align="left"><h2 align="center"><p align="center">Return to Index</p>
</h2>
</div></td>
</tr>
</table>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<table align="center">
<tr valign="baseline">
<td width="98" align="right" nowrap="nowrap"><div align="left">ID:</div></td>
<td width="329"><input type="text" name="id" value="<?php echo $id; ?>" size="40" readonly = "readonly" /> * </td>
</tr>
<tr valign="baseline">
<td width="98" align="right" nowrap="nowrap"><div align="left">Name:</div></td>
<td width="329"><input type="text" name="name" value="<?php echo $name; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Street </div></td>
<td><input type="text" name="po_street" value="<?php echo $po_street; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Suburb</div></td>
<td><Input type ="text" name="po_suburb" value="<?php echo $po_suburb; ?> " size="30" maxlength="50" >*</td>
<tr valign="baseline">
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">State</div></td>
<td><Input type ="text" name="po_state" value="<?php echo $po_state; ?>" size="5" maxlength="3" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Postcode</div></td>
<td><Input type ="text" name="po_postcode" value="<?php echo $po_postcode; ?>" size="5" maxlength="4"/> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Email:</div></td>
<td><input type="text" name="email" value="<?php echo $email; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Phone:</div></td>
<td><input name="phone" type="text" value="<?php echo $phone; ?>" size="12" maxlength="10" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Fax:</div></td>
<td><input name="fax" type="text" value="<?php echo $fax; ?>" size="12" maxlength="10" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </td>
<td> <input type="submit" name="submit" value="Submit"> * Denotes Required Field<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?> </td>
</tr>
<tr valign="baseline">
<td colspan="2" align="right" nowrap="nowrap"><div align="center"><img src="hartwell_costs.JPG" alt="" width="340" height="147" /></div></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (isset($_POST['id']))
{
// get form data, making sure it is valid
$id = mysql_real_escape_string(htmlspecialchars($_POST['id']));
$name = mysql_real_escape_string(htmlspecialchars($_POST['name']));
$po_street = mysql_real_escape_string(htmlspecialchars($_POST['po_street']));
$po_suburb = mysql_real_escape_string(htmlspecialchars($_POST['po_suburb']));
$po_state = mysql_real_escape_string(htmlspecialchars($_POST['po_state']));
$po_postcode = mysql_real_escape_string(htmlspecialchars($_POST['po_postcode']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$phone = mysql_real_escape_string(htmlspecialchars($_POST['phone']));
// check that firstname/lastname fields are both filled in
if ($id == '' || $name == '' || $po_street == '' || $po_suburb == ''|| $po_state == '' || $po_postcode == ''|| $email == '' || $phone == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax, $error);
}
else
{
// save the data to the database
mysql_select_db($database_hartwell, $hartwell);
mysql_query("UPDATE contact SET id= '$id', name='$name', po_street ='$po_street', po_suburb = '$po_suburb', po_state = '$po_state', = po_postcode = '$po_postcode', email ='$email', phone = '$phone', fax = '$fax' WHERE id='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
{
//if the 'id' isn't valid, display an error
echo 'ID Not Valid!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
mysql_select_db($database_hartwell, $hartwell);
$result = mysql_query("SELECT * FROM contact WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$id = $row['id'];
$name = $row['name'];
$po_street = $row['po_street'];
$po_suburb = $row['po_suburb'];
$po_state = $row['po_state'];
$po_postcode = $row['po_postcode'];
$email = $row['email'];
$phone = $row['phone'];
$fax = $row['fax'];
// show form
renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax,'');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'No ID Value!';
}
}
?>
The error is right there in your query, just like the error message says:
, = po_postcode = '$po_postcode',
^
|
+ this doesn't belong here
remove the equal sign here:
'$po_state', = po_postcode
mysql_query("UPDATE contact SET id= '$id', name='$name', po_street ='$po_street', po_suburb = '$po_suburb', po_state = '$po_state', po_postcode = '$po_postcode', email ='$email', phone = '$phone', fax = '$fax' WHERE id='$id'")
So the problem is here = po_postcode = '$po_postcode',
I created a database with user's first name, last name, email, and temp password. When a user logs in for the first time they are shown a profile with the information already in the database as well as some additional fields they must fill in. On clicking submit the form should then update their profile in the database but it doesn't. The database is called 'users'. Could someone please tell me what I'm doing wrong?
<?php
$testerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$tester = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["tester"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
include "scripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM users WHERE id='$testerID' AND username='$tester' AND password='$password' LIMIT 1"); // query the person
$row = mysql_fetch_array($sql);
$fname = $row['fname'];
$lname = $row['lname'];
$email = $row['email'];
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tester Home</title>
</head>
<body>
<table width="886">
<tr>
<td width="876"><h1>Welcome
<?php
echo $fname;
?>
to the Closed Beta</h1></td>
</tr>
</table>
<p> </p>
<div id="content">
<?php
$date = getdate();
// Parse the form data and add inventory item to the system
if (isset($_POST['$new_password'])) {
$new_email = mysql_real_escape_string($_POST['email']);
$new_password = mysql_real_escape_string($_POST['new_password']);
$phone_model = mysql_real_escape_string($_POST['phone_model']);
$carrier = mysql_real_escape_string($_POST['carrier']);
$sql_update = mysql_query("UPDATE users SET email='$new_email', password='$new_password', phone_model='$phone_model', carrier='$carrier' WHERE id='$testerID'");
}
if(is_null($test_start)){
echo "
<form action=\"index.php\" enctype=\"multipart/form-data\" name=\"myForm\" id=\"myform\" method=\"post\">
<table width=\"90%\" border=\"0\" cellspacing=\"0\" cellpadding=\"6\">
<tr>
<td width=\"20%\" align=\"right\">ID: </td>
<td width=\"80%\"><label>
$testerID
</label></td>
</tr>
<tr>
<td align=\"right\">Username: </td>
<td><label>
$tester
</label></td>
</tr>
<tr>
<td align=\"right\">First Name: </td>
<td><label>
$fname
</label></td>
</tr>
<tr>
<td align=\"right\">Last Name: </td>
<td><label>
$lname
</label></td>
</tr>
<tr>
<td align=\"right\">Email Address: </td>
<td><label>
<input type=\"text\" name=\"email\" id=\"email\" value=\"\"/>
</label></td>
</tr>
<tr>
<td align=\"right\">Old password: (the one you were assigned)</td>
<td><label>
<input type=\"text\" name=\"old_password\" id=\"old_password\" value=\"$password\"/>
</label></td>
</tr>
<tr>
<td align=\"right\">New Password: </td>
<td><label>
<input type=\"text\" name=\"new_password\" id=\"newPassField\" />
</label></td>
</tr>
<tr>
<td align=\"right\">Confirm New Password: </td>
<td><label>
<input type=\"text\" name=\"confirm_password\" id=\"newPassField\" />
</label></td>
</tr>
<tr>
<td align=\"right\">Phone Model: </td>
<td><label>
<input type=\"text\" name=\"phone_model\" id=\"phone_model\" value=\"$phone_model\"/> (a 4 digit number)
</label></td>
</tr>
<tr>
<td align=\"right\">Carrier: </td>
<td><label>
<input type=\"text\" name=\"carrier\" id=\"carrier\" cols=\"64\" rows=\"5\" value=\"$carrier\"/>
</label></td>
</tr>
<input type=\"submit\" name=\"button\" id=\"button\" value=\"Update\" />
</table>
</form>";
}else{
}
?>
</div>
<p> </p>
</body>
</html>
You have isset($_POST['$new_password']) instead of isset($_POST['new_password']). Notice the added $
if there is an error in your sql then the best way to find out what it is, is to add in error checking code
or die(mysql_error());
i have added it to the end of your query here
$sql_update = mysql_query("UPDATE users SET email='$new_email', password='$new_password', phone_model='$phone_model', carrier='$carrier' WHERE id='$testerID'") or die(mysql_error());
Where have you defined your mysql_select_db for the DB selection?
Also, I'm not quite used to apply for UPDATE selections, but you could use INSERT with a DUPLICATE value, if you know the ids or a similar column that is fixed for each user. Something like:
$query = "INSERT INTO users (_columns_) VALUES (_$columns_) ON DUPLICATE KEY UPDATE _column_='_$column_'";
Changing your columns and the posted values from the form with a post method, of course. Add there a WHERE clause if needed, even thought that would be something to look for on the db.