i need an help from you all.
i had created an form using PHP. it's a school application registration form. it has one page only.
i need to generate registration number(session id used as registration number here) for everyone who opens the form.
instead of creating a session i have used ID for all. that is when some one submits the form, it checks the DB and if the registration number is there, it will increment one value and add the current form to DB.
my code here
<td>Application No : <input type="hidden" name="disablusr_dummyid" autocomplete="off" style="background:#f0efed;" value="00<?php
include('config.php');
$q="select MAX(auto_gen_id) from application_form";
$result=mysql_query($q);
$data=mysql_fetch_array($result);
$max_val=$data[0];
echo $max_val+1;
?>"/>
<input type="hidden" name="applicant_id" autocomplete="off" value="00<?php
include('config.php');
$wer = "select MAX(auto_gen_id) from application_form";
$resultgh = mysql_query($wer);
$dates = mysql_fetch_array($resultgh);
$erfdqwe = $dates[0];
echo $erfdqwe+1;
?>" />
<input type="hidden" name="txt_applicant_id" style="display:none;" autocomplete="off" value="<?php
include('config.php');
$werqw = "select MAX(auto_gen_id) from application_form";
$resultghasw = mysql_query($werqw);
$dataqsax = mysql_fetch_array($resultghasw);
$erfdqweqti = $dataqsax[0];
echo $erfdqweqti+1;
?>" /></td>
but what is happening is when multiple users are using the form same session ID is generated and only one user is able to save the form and it reflects in DB. other forms are being not submitted and not added to DB.
help me in this error.. thanks in advance.
The solution here is not the use the hidden fields for the IDs :
At this moment u have something like this :
"INSERT INTO (id, ..., ...) VALUES('".addslashes($_POST['applicant_id']."', ...)
You should refactor your logic to calculate the id afterwards meaning that u drop the hidden fields and do this :
<?php
if (!empty($_POST)) {
$wer = "select MAX(auto_gen_id) from application_form";
$resultgh = mysql_query($wer);
$dates = mysql_fetch_array($resultgh);
$erfdqwe = $dates[0];
$new_applicant_id = $erfdqwe+1;
}
And then use the $new_applicant_id into the INSERT sql.
On a sidenote your code is vulnerable for SQL injection and is using outdated functions.
You should try to move to mysqli or PDO and preferable use prepared statements
Related
I have a form in HTML which posts two values hostname and ip_address.
<form action="demo-select.php" method="post" />
<p>HOSTNAME/IPADDRESS: <input type="text" name="HOSTNAME" name="IP_ADDRESS" /></p>
<input type="submit" value="Submit" />
</form>
If I enter the hostname/ip_address and submit it, it will take me to demo-select.php script.
In demo-select.php script I'm able to get the output for hostname from my MySQL db. How should I get the output based on ip_address?
$value = $_POST['HOSTNAME'];
$query = "SELECT * FROM <tablename> WHERE HOSTNAME='$value'";
$result = mysql_query($query);
This script connects to a MySQL db and gets the output based on the hostname. What modifications should I make to get the output based on ip_address as well?
Table columns:
HOSTNAME
IP_ADDRESS
cpus
MEMORY
HTML:
You can't assign two names to an HTML element. I'd suggest that you either use two fields or use a dropdown / radio button along with the form field for the user to specify whether they're entering a hostname or an ip_address:
<form action="demo-select.php" method="post" />
<select name="address_type">
<option value="ip"> IP Address </option>
<option value="host"> Host Name </option>
</select>
<input type="text" name="host_name_or_address" />
<input type="submit" value="Submit" />
</form>
An assumption here is that you'd want the user to enter as input only one of hostname or ip_address in a single submit. If you want both to be relayed to the PHP at once, then please get rid of the select dropdown and use two input fields instead.
PHP:
Check what's been received in address_type and determine what query to use accordingly:
$address_type = $_POST['address_type'];
$value = $_POST['host_name_or_address'];
if($address_type == "host"){
// If looking for partial matches, use... WHERE HOSTNAME LIKE '%$value'
$sql = "SELECT * FROM <tablename> WHERE HOSTNAME = '$value' ";
}
else{
$sql = "SELECT * FROM <tablename> WHERE IP_ADDRESS = '$value' ";
}
Again, if you want both fields to be searched for at once, then along with the HTML edits indicated in the narration above, you'll have to receive in a PHP variable the value of the second input field too. Also then please get rid of the if-else construct here above and write a single, combined query as:
$sql = "SELECT * FROM <tablename> WHERE HOSTNAME = '$value1' AND IP_ADDRESS = '$value2' ";
Finally, please don't use mysql_*() functions in any PHP code. They're long deprecated and are very vulnerable to SQL Injection Attacks as Daniel has already suggested in his answer. Please have a look at MySQLi and PDO Prepared Statements instead. These utilities provide a cleaner way to write your queries and also a much safer mechanism to shield them against potential risks.
Being new to PHP and SQL, I have build a simple HTML form with 20 inputs, allowing users to enter specific data through input type=text or file. I have built a mysql database where this user data is inserted / saved. All is working, this is a major accomplishment for me.
I'm asking for help on this next step, I think this step would be called “edit”?
This step would allow users to recall the mysql data they entered, at a later time, to edit and save. Would like to have this recalled data injected directly into the original HTML form. Now, it seems necessary to have a method, (possibly a HTML form ”id “input), that calls from the data base, the specific record (including all 20 data inputs) that is associated with this user. Am I thinking correctly?
I'm asking for help / direction with simple yet detailed approach to solve this step. Note, my few attempts at this “edit” step, using some examples, have failed. I do not have a firm grasp of this PHP, yet have strong desire to become proficient.
This is a model, stripped down version of my current working code. I eliminated the $connection = mysql_connect.
This is the PHP I built, working great!
<?php
require('db.php');
if (isset($_POST['first_name'])){
$first_name = $_POST['first_name'];
$favorite_color = $_POST['favorite_color'];
$trn_date = date("Y-m-d H:i:s");
$query = "INSERT into `form_data` (first_name, favorite_color, trn_date) VALUES ('$first_name', '$favorite_color', '$trn_date')";
$result = mysql_query($query);
if($result){
echo "<div class='form'><h1>First Name & Favorite Color POST to db was successfull.</h1>
<br/><h3>Click here to return <a href='https://jakursmu.com/tapcon_builder/tb_form_data_1.1.php'>TapCon Builder</a></h3>
</div>";
}
}else{
?>
This is the HTML user form, works great with the PHP script:
<div class="form">
<h1>First Name & Favorite Color "POST" to db Test</h1>
<form target="_blank" name="registration" action=" " method="post">
<p> First Name<input name="first_name" type="text" placeholder="First Name" /> </p>
<p> Favorite Color <input name="favorite_color" type="text" placeholder="Favorite Color" /> </p>
<p> <input type="submit" name="submit" value="Submit / Update to db" /></p>
</form>
</div>
Suppose the user queries the database using their “first_name”, when this “edit” step is completed, the final result will render / inject the users “first_name” and “favorite_color” back into the original HTML form. Does this make sense?
The database I created for this help post, looks like this:
database image
When a user wishes to edit their data, they can enter their "first_name", in a form text input, (im assuming?) where their "first_name" will be found in the data base. The ouutput result of this database query will be injected into the original form, ready for any user edit.
User Edit for: Results (in origingal form):
Jack Jack Black
Jeff Jeff Green
Randall Randall Red
So on.........
I hope this explanation makes sense where any experienced help or direction is offered.
Thanks for viewing!
just for practice purposes, but can look into prepared statements at you liesure time.
first create ur php file
<form method="post" action="edit.php">
<?php
//in ur php tag. select items from the row based on an id you've passed on to the page
$sql = "select * from 'form_data' where blah = '$blah'";
$result = mysqli_query($connection, $sql);
if($result){
$count = mysqli_num_rows($result);
if($count > 0) {
while($row = mysqli_fetch_assoc($result)){
$name = $row['firstname'];
$lname = $row['lastname'];
//you can now echo ur input fields with the values set in
echo'
<input type="text" value="'.$name.'" >
';//that how you set the values
}
}
}
?>
</form>
Finally you can run and update statement on submit of this you dynamically generated form input.
Also please switch to mysqli or pdo, alot better that the deprecated mysql.
look into prepared statements too. Hope this nifty example guides you down the right path...
I need help for my web service project where user create an order when submit the order form, Driver get notification with accept or reject the order and when he accept order details list display to him. these all process done with order form submission. my all coding working fine. I don't understand where from get id of current order list. plz give solution. thx
<?php
if(isset($_POST['order_form']))
{
mysql_connect('localhost','root','');
mysql_select_db('live_help');
$user = $_POST['user'];
$password = $_POST['mobile'];
$password = $_POST['address'];
$password = $_POST['order_item'];
$password = $_POST['price'];
$sql= mysql_query("insert into `json_web`(user,mobile,address,order_item,price) values('$user','$mobile','$address','$order_item','$price')");
if($sql)
{
echo 'Value Saved';
}
}
?>
<form name="order_form" action="" method="post">
<input type="text" name="user">
<input type="text" name="mobile">
<input type="text" name="address">
<input type="text" name="order_item">
<input type="text" name="price">
<input type="submit" name="field1" value="Submit" />
</form>
use mysql_insert_id(); to grap the last insert id. Take a look for more information
mysql_insert_id()
Warning:
mysql_* is deprecated as of PHP 5.5.0, and will be removed in the future. Instead, the MySQLi or PDO_MySQL extension should be used. See also MySQL: choosing an API guide and related FAQ for more information. Alternatives to this function include:
After your mysql_query(); you can do this:
$id = mysql_insert_id();
mysql_insert_id(); retrieves the ID of the last inserted element to the database.
Use mysqli_insert_id() as from documentation
mysqli::$insert_id -- mysqli_insert_id — Returns the auto generated id used in the last query
In order to use mysql_insert_id() you need to add another field into the database table so you can have distinct order id for each order.
Perhaps you already have it, if not, add it:
ALTER TABLE `json_web` ADD order_id INT(10) NOT NULL AUTOINCREMENT;
Then just select from database, use mysql_insert_id()
Cheers
I am new to PHP and working on small local webpage and database that takes user information and database stores the same user information .If i Login with ADMIN it shows all data. My requirement is that the loggined user is an admin, then he has a right to edit all the informtion of the users that i stored in the database.And this is to be done using GET method . How it will be working?
Heres some example code purely to demonstrate how to update a table using a GET method form. The code doesn't have any kind of error checking and assumes you already know how to connect to your database (and that its MySQL).
Assuming you've landed on a page which invites you to edit data, which record you're editing is referenced by an 'id' variable on the URL which matches a numerical primary key in your database table.
<?php
$SQL = "SELECT myField1,myField2 FROM myTable WHERE myKeyField = '".intval($_GET['id'])."'";
$QRY = mysql_query($SQL);
$DATA = mysql_fetch_assoc($QRY);
?>
<form method='get' action='pageThatStoresData.php'>
<input type='hidden' name='key' value='<?php echo $_GET['id']; ?>' />
<input type='text' name='myField1' value="<?php echo $DATA['myField1']; ?>" />
<input type='text' name='myField2' value="<?php echo $DATA['myField2']; ?>" />
<button type='submit'>Submit</button>
</form>
So, this will give you a page that takes the data out of your table, displays it in a form with pre-filled values and on submit, will go to a URL like:
http://mydomain.com/pageThatStoresData.php?key=1&myField1=someData&myField2=someMoreData
In that page, you can access variables 'key', 'myField1', 'myField2' via the $_GET method.
Then you just need to update your table within that page:
$SQL = "UPDATE myTable
SET myField1 = '".mysql_real_escape_string($_GET['myField1'])."',
myField2 = ".mysql_real_escape_string($_GET['myField1'])."
WHERE key = '".intval($_GET['key'])."'
";
$QRY = mysql_query($SQL);
PLEASE NOTE: The code above is unsuitable for a straight copy/paste as it doesn't do any error checking etc, its purely a functional example (and typed straight in here so I apologise if there are any typos!).
HI everyone
I have a html application form which have username,password,age etc .NOw i am able to store these values into database without any problem.Now i want to add a edit button if user want to edit his profile..
1.First tell me where i should put this Edit Button.I think i should place it into user'home page where he is redirected after confirming username and password...
Now i want to know how he can do edit opearation in existing data which is stored in database.
I know very well how to retrive data from database.Now tell me in which form this data should be retrived from database..Should i retrive it in that application form agina(how) or i should retrive it in a file(but then how to send back).
I have no idea what to do and please tell me how this data will be updated(i think at the place of insert command i should use update command)..Plz tell me in deatil.I will be thankfull to you
By my opinion the edit ubtton must be in the user profile.
As for the update - create primary key ofr one of the columns and update by it, something like
$sql = 'UPDATE table SET username='.$user_name.', password ='.$pass.' WHERE id = '.$user_id
Dont forget to make server side validation of the data too.
Here is simple solution:
<?php
if(isset($_GET['user_id'))
{
$sql = 'SELECT id, username, password from users_table WHERE id='.$users_id;
if ($result = $mysqli_object->query($sql)) {
$row = $result->fetch_assoc()
}
echo '<form action="" method="post">';
echo '<input type="text" name="username" value="'.$row['username'].'"';
echo '<input type="password" name="password" value="'.$row['password'].'"';
echo '<input type="hidden" name="id" value="'.$row['id'].'"';
echo '<input type="submit" value="save" />';
}elseif(isset($_POST['id'])){
$user_name = $_POST['username'];
$pass = $_POST['password'];
$user_id = $_POST['id'];
$sql = 'UPDATE table SET username='.$user_name.', password ='.$pass.' WHERE id = '.$user_id
if($result = $mysqli_object->query($sql))
echo 'Profile updated';
else
echo $mysqli_object->error;
}else{
echo 'You are not supposed to be on this page!';
}
?>
I haven`t tested it so it could have any syntax mistakes. You can read a little bit more for the mysqli (MySQL Improved Extension) in the PHP documentation.
If you are trying to develop an application(not just playing with PHP) you should better try some of the available free frameworks, they will do most of the work instead of you.
Good luck