Update
Here's my form code
<form name = "form" method = "POST" action = "<?php echo $_SERVER['PHP_SELF']; ?>" align = "center">
<tr><td><input type = "text" name = "command"></td></tr>
<tr><td><input type = "submit" name = "submit" value = "Enter"></td></tr>
<tr><td><input type = "submit" name = "save" value = "Save"></td></tr>
</form>
So for this school project we have to make a text based game with PHP and Mysqli, and you have to have save function where it updates the players equipment and location in the database. For some reason, I can't get mine to work. I can echo the $_SESSION['location'] and it will display the users location fine.
When I click save I don't get a query error, but it doesn't update the location in the database either. For test purposes I tried to replace $updatelocation in the query with some random letters and it updated it in the database perfectly, but I can't figure out why it won't work when I have $updatelocation = $_SESSION['location']. My save code is below.
if(ISSET($_POST['save'])) {
$updatelocation = $_SESSION['location'];
$query = "UPDATE `isu`.`game_data` SET `location` = '$updatelocation' WHERE `game_data`.`user_id` =" . $_SESSION['id'];
mysqli_query($dbc,$query) or DIE ("Query problem");
}
Related
I have a php page which is showing data in a HTML table taken from a MySQL database. Part of the table has a submit button for people to click to like a row. When clicked it runs a form which reloads the page and attempts to process the new inputs. In the example below all the inputs "submit", "timestamp" and "timestamp2" are set after the button is clicked. In the example the query $jpgh1 works and immediately reloads the row with the updated ticks count. If I use $jpgh2 the page reloads but is not updated. I have tried encasing $rt1 and $rt2 in quotes but that doesn't work. The reason I have the $admin bit is because this is being tested on a live system and I don't want the other users to see the testing. Currently the two values for timestamp and timestamp2 are being shown in the fields on the selected row and they match the values which work in $jpgh1.
if(isset($_POST['submit'])) {
If((isset($_POST['timestamp'])) and (isset($_POST['timestamp2']))) {
$rt1 = $_POST['timestamp'];
$rt2 = $_POST['timestamp2'];
$jpgh1 = mysql_query('update topics set ticks=1 where timestamp=1486723327 and timestamp2=1487081058');
$jpgh2 = mysql_query('update topics set ticks=3 where timestamp=$rt1 and timestamp2=$rt2');
}
}
<?php if($_SESSION['username'] == $admin) {
$t1 = $dnn2['timestamp'];
$t2 = $dnn2['timestamp2'];
?>
<form action='' method='POST'>
<input type='text' id='timestamp' name='timestamp' value='<?php echo $t1; ?>'/><br/>
<input type='text' id='timestamp2' name='timestamp2' value='<?php echo $t2; ?>'/><br/>
<input type='submit' name='submit' value='Tick'/></form>
<?php
}
?>
Needless to say after I posted I found the answer.
if(isset($_POST['submit'])){
If((isset($_POST['timestamp'])) and (isset($_POST['timestamp2'])))
{
$rt1 = $_POST['timestamp'];
$rt2 = $_POST['timestamp2'];
$rt3 = "update topics set ticks=1 where timestamp=$rt1 and timestamp2=$rt2";
$jpgh3 = mysql_query($rt3);
}
}
I'm currently doing a project for my class project. I'm currently trying to update into the database but I get some errors along the way basically it's a radio button to setup to link to a update page. Any help and insights would be appreciated!
<html>
<head>
<title>asdf</title>
<link rel="stylesheet" type="text/css" href="Background.css">
</head>
<?php
session_start();
if(!isset($_SESSION["login"]))
header("location:admin.php");
?>
<body>
<h1 style="color:white"><u><center></center></u></h1>
<div id="BG"></div>
<form action = "update1.php" method = "GET">
<table border = 0>
<tr>
<td>Image: <input type = "text" name = "image" id = "image"></td>
<br/>
<td>Hero Name: <input type = "text" name = "heroes" id = "heroes"></td>
<br/>
<td>Role: <input type = "text" name = "roles" id = "roles"></td>
<br/>
<td>Attribute: <input type = "text" name = "attribute" id = "attribute"></td>
<br/>
<td>Description: <input type = "text" name = "description" id = "description"></td>
<br/>
<td>General: <input type = "text" name = "general" id = "general"></td>
<br/>
</tr>
</table>
</br>
<input type = "submit" name="update" value = "Update">
</form>
</center>
</html>
<?php
ini_set('display_errors', 1); ini_set('display_startup_errors', 1); error_reporting(E_ALL);
define("DB_USER","*****");
define("DB_PASSWORD","****");
define("DB_HOST","*****");
define("DB_NAME","*****");
$dbc=mysqli_connect(DB_HOST,DB_USER,DB_PASSWORD,DB_NAME);
if(isset($_GET['update']))
{
$image = $_GET['image'];
$heroes = $_GET['heroes'];
$roles = $_GET['roles'];
$attribute = $_GET['attribute'];
$description = $_GET['description'];
$general = $_GET['general'];
$sql = "update `Dota 2 select` set (`image` = '$image',`heroes` = '$heroes') WHERE (heroes= '$heroes', image = '$image')";
// $sql = "Update `Dota 2 select` SET (`image`= [$image]) = WHERE `image`)";
// $sql = "Update `Dota 2 select` SET (`image`= [$image],`heroes` =[$heroes],`roles` =[$roles],`attribute`=[$attribute],`description`=[$description],`general`=[$general]) = WHERE `heroes`='$heroes')";
// $sql = "Update `Dota 2 select` SET (`image`= [$image],`heroes`,`roles`,`attribute`,`description`,`general`) = WHERE (`image`,`heroes`,`roles`,`attribute`,`description`,`general`) = ('$image','$heroes','$roles','$attribute','$description','$general')";
if(!mysqli_query($dbc, $sql))
{
echo(mysqli_error($dbc));
}
else
{
echo 'Data successfully updated!';
}
mysqli_close($dbc);
}
?>
This is the error for this page
"
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(image = 'a',heroes = 'a') WHERE (heroes= 'a', image = 'a')' at line 1
"
Seems you are getting MySQL insert and update syntax mixed..
UPDATE `table` set `col1`='val1', `col2`='val2',....
which when set as a PHP var might look like
$sql = 'UPDATE `table` set `col1`=\''. $val1.'\', `col2`=\''.$val2.'\',....
More than one way to do that, but this is my preferred way. backticks around column names, and escaped apostrophes around values, since I use single quote strings here
The table name has invalid space !
You can set your instruction as :
"update Dota_2_select set image = $image , heroes = $heroes where heroes= $heroes, image = $image";
Removing the spaces between table name and using " instead of ' because you can call de php variables $ directly .
Your first where is wrong:
WHERE (heroes= '$heroes', image = '$image')";
It should be
WHERE (heroes= '$heroes' AND image = '$image')";
^^^^
You are also vulnerable to sql injection attacks
Your second one fails because you test for the existence of your $_GET value AFTER you already tried using it:
if (isset($_GET['Heroes'])) {
$Heroes = $_GET['heroes'];
...
}
I am working on a project in php, but I am stuck. I have a login form with 3 checkboxes and 2 text fields for username and password. Each checkbox represents a user, such as admin, student and lecturer. So when a user wants to login, he has to provide his username, password and check one of the checkboxes. So if the user is stored in the database as a student, he has to check the student checkbox and press the submit button. Then while processing, the system will check if this user is stored as student. If that is the case he can now login. Otherwise the login form comes back.
I have an array of checkboxes:
<Input type = "checkbox" name=" cool[] "value= "student">
<Input type = "checkbox" name=" cool[]" value=" admin">
<Input type = "checkbox" name=" cool[]" value=" lecturer">
<Input type = "submit" name= "submit" value= "login">
In the php part I have:
If (isset($_POST['submit'] ){
$user=$_POST['textfield_value_username'] ;
$pass=$_POST['textfield_value_passeord'] ;
$check=$_POST['cool'] ;
foreach ($check as $kio) {
$d= "select * from table-name
where = $user = 'value_from _db' , "
$pass= 'value_from_db' and $kio='value_in-db';
if($d) {
// do something...
}
}
}
This is an overview of the code. When I try it it doesn't work, but when I do select * and I use only $user and $pass it works. When I use only select * .... Where ... $Kio .. it works also. But when I combine all, it doesn't work and it doesn't give any error.
So, I don't know if I was clear, but this is all about the problem I have. I have been searching on internet but I got no result.
First of all you need to provide radio button in place of checkboxes because an user can be either admin or student/lecturer so change this to radio button and don't make any array just simply fetch values and jion them by AND condition in query
It's not work, because there are syntax errors in your code. It should be like this:
if (isset($_POST['submit'])) {
$user = $_POST['textfield_value_username'];
$pass = $_POST['textfield_value_passeord'];
$check = $_POST['cool'];
foreach ($check as $kio) {
$d = "select * from table-name where 'value_from _db' = '".$user."'"
. " AND 'value_from_db' = '".$pass."'"
. " AND 'value_in-db' = '".$kio."'";
//Query and fetch here
if ($row) {
// do something
}
}
}
Via post I send values to a php file that contains the following code:
// Prepare values for database
$username = $_SESSION['username'];
$event_title = $db -> real_escape_string($_POST['create_title_hidden']);
$event_type = $db -> real_escape_string($_POST['create_type_hidden']);
$event_town = $db -> real_escape_string($_POST['create_town_hidden']);
// 1. Identify users_id
$results = $db -> query("SELECT * FROM users WHERE username='$username'");
while ($result = $results->fetch_assoc()) {
$users_id = $result['id'];
}
// 2. Identify towns_id
$query = "SELECT * FROM towns WHERE town='$event_town'";
// Do Search
$results = $db -> query($query);
while ($result = $results -> fetch_assoc()) {
$towns_id = $result['id'];
}
My problem: The second query does not work, i.e. I cannot get the town_id.
I already checked my error log, there is no such error message.
Maybe there is something I forgot to include? Is it possible two have two different queries one after another in a php script?
EDITED:
Here comes my frontend with the form:
<form id="form_create_event" method="post" action="system/upload_event_tourist.php">
<p>
You can now create the event:
</p>
<!-- Forms cannot be nested inside forms, that's why the input fields from first view
need to be inserted into hidden input fields via jquery that will be transferred
via post to upload_event_tourist.php -->
<input type="hidden" id="create_title_hidden" name="create_title_hidden">
<input type="hidden" id="create_type_hidden" name="create_type_hidden">
<input type="hidden" id="create_start_hidden" name="create_start_hidden">
<input type="hidden" id="create_end_hidden" name="create_end_hidden">
<input type="hidden" id="create_picturepath_hidden" name="create_picturepath_hidden">
<input type="hidden" id="create_meetingpoint_hidden" name="create_meetingpoint_hidden">
<input type="hidden" id="create_description_hidden" name="create_description_hidden">
CREATE EVENT
<input type="submit" id="submit_create_event" name="submit_create_event">
</form>
<!-- #form_create_event -->
<script>
// Load form details into hidden input fields and Simulate click on submit
$('.button_create_event').on('click', function() {
// load form details into hidden input fields
var event_title = $('#create_title').val();
var event_type = $('#create_type').val();
var event_town = $('#create_town').val();
var event_start = $('#create_start').val();
var event_end = $('#create_end').val();
var event_picturepath = $('#create_picturepath').val();
var event_meetingpoint = $('#create_meetingpoint').val();
var event_description = $('#create_description').val();
$('#create_title_hidden').val(event_title);
$('#create_type_hidden').val(event_type);
$('#create_town_hidden').val(event_town);
$('#create_start_hidden').val(event_start);
$('#create_end_hidden').val(event_end);
$('#create_picturepath_hidden').val(event_picturepath);
$('#create_meetingpoint_hidden').val(event_meetingpoint);
$('#create_description_hidden').val(event_description);
$('#form_create_event').submit();
});
</script>
Trace out your variables.
$_POST['create_town_hidden']
is assigned by:
$('#create_town_hidden').val(event_town);
which calls the variable event_town. That variable is set here:
var event_town = $('#create_town').val();
which is supposed to select something with an id of 'create_town', but there is no element with that ID in your HTML. Fix that, and your problem is solved.
I have a little problem on database update activity.
Case study:
I created a form with PHP editing, and perform queries to retrieve the value of a record that wants to be updated. Excerpts of the script:
<?php
$row = mysql_fetch_assoc(mysql_query("SELECT id, field_1, field_2 FROM mytable WHERE id = $editid"));
?>
...
<form action="" method="post">
FIELD 1 <input type = "text" name = "f1v" value = "<? Php echo $ row ['field_1'];?>" />
FIELD 2 <input type = "text" name = "f2v" value = "<? Php echo $ row ['field_2'];?>" />
<input type="submit" />
</form>
....
// When the form posted
if ($_POST)
{
$f1v = $ _POST['f1v'];
$f2v = $ _POST['f2v'];
mysql_query("UPDATE mytable SET field_1 = '$f1v', field_2 = '$f2v' WHERE id = $editid") or die ();
// Redirect form
}
In this case I want when the form submited, there are activities to check whether there is a change in one or more fields values. Its logic approximately like this:
if ($ _POST)
{
// Compare
if the submitted value is different from the existing value in the record
{
Updated record
}
else
{
Do not update record
}
// Redirect form
}
Do you have any easy way to do it? Thank you for your help.
Don't bother checking. Just make sure the entry is valid and throw it in.
Keep two hidden fields with current values of the fields. After submitting the form check whether submitted values are different from the hidden field values.