I'm just a beginner in terms of programming, so I'm just referring all my codes through tutorials. Luckily, I found this online tutorial in youtube where users are allowed to add, update, and delete data in mysql using php. I follow all his instructions, I got it working but then it stopped when I added css on it.
This is not a general issue, I just need some help. If anyone can help me, much appreciated. Thank you so much.
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "rssfeed";
$connect = mysql_connect($servername, $username, $password, $dbname);
if (!$connect) {
die("Connection failed. Error" . mysql_error());
}
$database = mysql_select_db($dbname, $connect);
if (!$database) {
die("Can't select database");
}
$sql = "SELECT * FROM record";
$data = mysql_query($sql, $connect);
if (isset($_POST['update'])){
$updateQuery = "UPDATE record SET name = '$_POST[name]', url = '$_POST[url]', description = '$_POST[desc]' WHERE name = '$_POST[hidden]'";
mysql_query($updateQuery, $connect);
header("Location: maintenance.php");
};
if (isset($_POST['delete'])){
$deleteQuery = "DELETE FROM record WHERE name = '$_POST[hidden]'";
mysql_query($deleteQuery, $connect);
header("Location: maintenance.php");
};
if (isset($_POST['add'])){
$addQuery = "INSERT INTO record (name, url, description) VALUES ('$_POST[iName]', '$_POST[iUrl]', '$_POST[iDesc]')";
mysql_query($addQuery, $connect);
header("Location: maintenance.php");
};
echo "<div class=center>
<table id=myTable border=1>
<tr>
<th> Name </th>
<th> URL </th>
<th> Description </th>
</tr>";
while($record = mysql_fetch_array($data)) {
echo "<form method=post action=maintenance.php>";
echo "<tr>";
echo "<td>" . "<input type=text name=name id=name value=" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=url id=url value=" . $record['url'] . " </td>";
echo "<td>" . "<textarea rows=1 cols=50 wrap=physical name=desc id=desc>" . strip_tags($record['description']) . "</textarea></td>";
echo "<input type=hidden name=hidden value=" . $record['name'] . ">";
echo "<td>" . "<input type=submit name=update id=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete id=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
echo "<table border=1>";
echo "<form method=post action=maintenance.php>";
echo "<tr>";
echo "<td><input type=text name=iName></td>";
echo "<td><input type=text id=url name=iUrl></input></td>";
echo "<td><textarea rows=1 cols=50 name=iDesc></textarea></td>";
echo "<td>" . "<input type=submit name=add id=add value=add" . " </td>";
echo "</tr>";
echo "</form>";
echo "</table>";
echo "</div>";
mysql_close($connect);
?>
In your queries, $_POST[name] should be $_POST[\"name\"]. BUT, this is terrible, you are very open to SQL injections.
Please have a read of this and stop using mysql_query (it's deprecated)
you have several errors in your echo output..
echo "<td>" . "<input type=text name=name id=name value=" . $record['name'] . " </td>";
You have forgot the single quotes for each html-element-attribute and the bigger then at the end of multiple input elements...
try this:
echo "<td><input type='text' name='name' id='name' value='" . $record['name'] . "'> </td>";
Related
Basically I am not getting any errors when I press update or add. Can anyone help me out? I want it so when I press add it adds that data to the database, and when I press update it updates the database with that value.
<html>
<head>
<title>Subcontractors Data</title>
</head>
<body>
Logout
Homepage
<?php
//make connection
$con = mysqli_connect("localhost","root","");
if(!$con){
die("Can not connect " . mysqli_error());
}
//select db
mysqli_select_db($con , 'subcontractor');
$sql="SELECT * FROM subcontractors";
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE subcontractors SET ID='$_POST[ID]', Name='$_POST[Name]', Surname='$_POST[Surname]', FPA='$_POST[FPA]', Performance='$_POST[Performance]' WHERE ID='$_POST[hidden]'";
mysqli_query($con, $UpdateQuery);
};
if(isset($_POST['add'])){
$AddQuery = "INSERT INTO subcontractors (ID, Name, Surname, FPA, Performance) VALUES ('$_POST[aID]','$_POST[aName]','$_POST[aSurname]','$_POST[aFPA]','$_POST[aPerformance]')";
mysqli_query($con, $AddQuery);
};
$my_Data=mysqli_query($con,$sql);
echo "<table border=1>";
echo"<tr>";
echo"<th>ID</th>";
echo"<th>Name</th>";
echo"<th>Surname</th>";
echo"<th>FPA</th>";
echo "<th>Performance</th>";
echo "</tr>";
while($record=mysqli_fetch_assoc($my_Data)){
echo "<form action=editsub.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name='ID' value=".$record['ID'] ." </td>";
echo "<td>" . "<input type=text name='Name' value=".$record['Name'] . " </td>";
echo "<td>" . "<input type=text name='Surname' value=".$record['Surname'] . " </td>";
echo "<td>" . "<input type=text name='FPA' value=".$record['FPA'] . "% </td>";
echo "<td>" . "<input type=text name='Performance' value=".$record['Performance'] . "% </td>";
echo "<input type=hidden name='hidden' value=" . $record['ID'] . ">";
echo "<input type=submit name='update' value='update'>";
echo "</tr>";
echo "</form>";
}
echo "<form action=editsub.php mehtod=post>";
echo "<tr>";
echo "<td><input type=text name='aID'></td>";
echo "<td><input type=text name='aName'></td>";
echo "<td><input type=text name='aSurname'></td>";
echo "<td><input type=text name='aFPA'></td>";
echo "<td><input type=text name='aPerformance'></td>";
echo "<td>" . "<input type=submit name='add' value='add'" . " </td>";
echo "</form>";
echo "</table>";
mysqli_close($con);
?>
</body>
</html>
This way you can check error.
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
I decided to make my database with an active hyperlink so when I find a record I click on an email address and and email is opened. BUT I have a problem with update, When I want to make a correction to the entry and when I press update the email disappears and I get:
Notice: Undefined index: Mail in /Applications/XAMPP/xamppfiles/htdocs/robocze/mydata_dodaj_test_1.php on line 36
I can add records but I can't update...
Can You please help me, thank You
the code:
<?php
session_start();
if(!isset($_SESSION["sess_user"])){
header("location:login.php");
} else {
?>
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Baza Klientów</title>
</head>
<body>
<h3>Welcome, <?=$_SESSION['sess_user'];?>! Logout </h3>
<input type="button" onclick="location.href='mydata_dodaj_test_1.php';" value="Powrót do wyszukiwania" />
<input type="button" onclick="location.href='index.php';" value="MENU powrót" />
<h2><b><center>Wyszukiwanie Klientów ITalents</center></b></h2>
<?php
}
?>
<?php
$con = mysql_connect("","","","");
if (!$con){
die("Błąd połączenia: " . mysql_error());
}
mysql_select_db("baza",$con);
if(isset($_POST['update'])) {
$UpdateQuery = "UPDATE Klienci SET id='$_POST[id]', Firma='$_POST[Firma]', Mail='$_POST[Mail]', Data='$_POST[Data]', Konsultant='$_POST[Konsultant]' WHERE id='$_POST[hidden]'";
mysql_query($UpdateQuery,$con);
};
if(isset($_POST['add'])) {
$AddQuery = "INSERT INTO Klienci (id, Firma, Mail, Data, Konsultant) VALUES ('$_POST[uid]','$_POST[uFirma]','$_POST[uMail]','$_POST[uData]','$_POST[uKonsultant]')"; // this is the 36 line
mysql_query($AddQuery,$con);
};
if(isset($_POST['search']))
{
$valueToSearch = $_POST['valueToSearch'];
$query = "SELECT * FROM Klienci WHERE CONCAT(Firma, Mail, Konsultant) LIKE '%".$valueToSearch."%'";
$search_result = filterTable($query);
}
else {
$query = "SELECT * FROM Klienci ORDER BY id ASC";
$search_result = filterTable($query);
}
function filterTable($query)
{
$con = mysql_connect("","","","");
if (!$con){
die("Błąd połączenia: " . mysql_error());
}
mysql_select_db("baza",$con);
$filter_Result = mysql_query($query, $con);
return $filter_Result;
};
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<input type=text name=valueToSearch placeholder=wpisz>";
echo "<input type=submit name=search value=Szukaj>";
echo "<table align=center style=text-align:center border=5>
<tr>
<th>ID</th>
<th>Firma</th>
<th>Mail</th>
<th>Data</th>
<th>Konsultant</th>
</tr>";
while($row = mysql_fetch_array($search_result)) {
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=int name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=varchar name=Firma value=" . $row['Firma'] . " </td>";
echo "<td>" . "<a href='mailto:{$row['Mail']}'>" . $row['Mail'] . " </td>";
echo "<td>" . "<input type=date name=Data value=" . $row['Data'] . " </td>";
echo "<td>" . "<input type=varchar name=Konsultant value=" . $row['Konsultant'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</form>";
}
echo "<form action=mydata_dodaj_test_1.php method=post>";
echo "<tr>";
echo "<td><input type=text name=uid></td>";
echo "<td><input type=varchar name=uFirma></td>";
echo "<td><input type=text name=uMail></td>";
echo "<td><input type=text name=uData></td>";
echo "<td><input type=text name=uKonsultant></td>";
echo "<td>" . "<input type=submit name=add value=dodaj" . " </td>";
echo "</form>";
echo "</table>";
?>
<input type="button" onclick="location.href='mydata_dodaj_test_1.php';" value="Powrót do wyszukiwania" />
<input type="button" onclick="location.href='index.php';" value="MENU powrót" />
</body>
</html>
As error stated undefined index in your update statement
$UpdateQuery = "UPDATE Klienci SET id='$_POST[id]', Firma='$_POST[Firma]', Mail='$_POST[Mail]', Data='$_POST[Data]', Konsultant='$_POST[Konsultant]' WHERE id='$_POST[hidden]'";
you are accessing $_POST[Mail] which is no where in your form.
I'm trying to build a SELECT query that allows me to use the form the results are returned in to process an UPDATE to a selected row. The warning I'm receiving appears on line 36 of my code. I thought I set the code up correctly to build the table, then populate it, but I can't find my error. I saw several versions of this quetions asked, but I didn't see one that talked about object given. Any help would be appeciated.
<html>
<head>
</head>
<body>
<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted>
</tr>";
while($record = mysql_fetch_array($result))
{
if ($result->num_rows > 0){
echo "<form action=mynewform.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=text name=client value=" . $record['Client'] . " </td>";
echo "<td>" . "<input type=text name=lastname value=" . $record['LastName'] . " </td>";
echo "<td>" . "<input type=text name=datereceived value=" . $record['DateReceived'] . " </td>";
echo "<td>" . "<input type=text name=finalreview date value=" . $record['FinalReviewDate'] . " </td>";
echo "<td>" . "<input type=text name=datedelivered value=" . $record['DateDelivered'] . " </td>";
echo "<td>" . "<input type=text name=dateaqccepted value=" . $record['DateAccepted'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";
if (isset($_POST[update])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysql_query($UpdateQuery, $con);
};
?>
<?php
$connection->close();
?>
</body>
</html>
EDITED CODE
<html>
<head>
</head>
<body>
<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted</th>
</tr>";
while($record = mysqli_fetch_array($result))
{
if ($result->num_rows > 0){
echo "<form action='mynewform'.php method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . " </td>";
echo "<td>" . "<input type='text' name='client' value='" . $record['Client'] . " </td>";
echo "<td>" . "<input type='text' name='lastname' value='" . $record['LastName'] . " </td>";
echo "<td>" . "<input type='text' name='datereceived' value='" . $record['DateReceived'] . " </td>";
echo "<td>" . "<input type='text' name='finalreviewdate' value='" . $record['FinalReviewDate'] . " </td>";
echo "<td>" . "<input type='text' name='datedelivered' value='" . $record['DateDelivered'] . " </td>";
echo "<td>" . "<input type='text' name='dateaccepted' value='" . $record['DateAccepted'] . " </td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['Project'] . " </td>";
echo "<td>" . "<input type='submit' name='update' value=update'" . " </td>";
echo "<td>" . "<input type='submit' name='delete' value=delete'" . " </td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysqli_query($conn, $sql);
};
?>
<?php
$conn->close();
?>
</body>
</html>
SECOND EDIT
<html>
<head>
</head>
<body>
<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
echo "<table border=1>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted</th>
</tr>";
while($record = mysqli_fetch_array($result))
{
if ($result->num_rows > 0){
echo "<form action='mynewform.php' method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . "' /></td>";
echo "<td>" . "<input type='text' name='client' value='" . $record['Client'] . "'/></td>";
echo "<td>" . "<input type='text' name='lastname' value='" . $record['LastName'] . "' /></td>";
echo "<td>" . "<input type='text' name='datereceived' value='" . $record['DateReceived'] . "' /></td>";
echo "<td>" . "<input type='text' name='finalreviewdate' value='" . $record['FinalReviewDate'] . "' /></td>";
echo "<td>" . "<input type='text' name='datedelivered' value='" . $record['DateDelivered'] . "' /></td>";
echo "<td>" . "<input type='text' name='dateaccepted' value='" . $record['DateAccepted'] . "' /></td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['Project'] . "' /></td>";
echo "<td>" . "<input type='submit' name='update' value=update'" . "' /></td>";
echo "<td>" . "<input type='submit' name='delete' value=delete'" . "' /></td>";
echo "</tr>";
echo "</form>";
}
}
echo "</table>";
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysqli_query($conn, $sql);
};
?>
<?php
$conn->close();
?>
</body>
</html>
Aside from the previous notes in the comments. I haven't seen any other answer/comments on your HTML elements so I will add an answer on those.
The HTML you will generate with this PHP will be invalid. Attributes need to be quoted and the input elements need to be closed.
So for example your current code
echo "<form action=mynewform.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";
would output:
<form action=mynewform.php method=post>
<tr>
<td><input type=text name=project value=what ever projects value is</td>
which is invalid the element named project here is never closed and its value would just be what. (or in some browsers; since mark up is invalid unexpected results should be expected)
Your PHP should be:
echo "<form action='mynewform.php' method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='project' value='" . $record['Project'] . "' /> </td>";
which should give you
<form action='mynewform.php' method='post'>
<tr>
<td><input type='text' name='project' value='what ever projects value is' /></td>
Notice how the syntax highlighting is different in the second example vs. the first.
Additionally please look at http://php.net/manual/en/mysqli.quickstart.prepared-statements.php, or a bit less secure approach but better than what you currently have, http://php.net/manual/en/mysqli.real-escape-string.php.
For a longer read on the whole topic see:a) How can I prevent SQL injection in PHP?b) http://php.net/manual/en/security.database.sql-injection.phpc) https://www.owasp.org/index.php/SQL_Injection_Prevention_Cheat_Sheet
Update:
Here's the structure I'd take (aside from the SQL injection hole):
<?php
$servername = "localhost";
$username = "xxx";
$password = "xxx";
$dbname = "oldga740_SeniorProject";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Projects SET Project='$_POST[project]', Client='$_POST[client]', LastName='$_POST[lastname]', DateReceived='$_POST[datereceived]', FinalReviewDate='$_POST[finalreviewdate]', DateDelivered='$_POST[datedelivered]', DateAccepted='$_POST[dateaccepted]' WHERE Project='$_POST[hidden]";
mysqli_query($conn, $sql);
}
$sql = "SELECT * FROM Projects";
$result = $conn->query($sql);
?>
<html>
<head>
</head>
<body>
<table border='1'>
<tr>
<th>Project</th>
<th>Client</th>
<th>Last Name</th>
<th>Date Received</th>
<th>Final Review Date</th>
<th>Date Delivered</th>
<th>Date Accepted</th>
</tr>
<?php
if ($result->num_rows > 0){
while($record = mysqli_fetch_array($result)) {?>
<form action='mynewform.php' method='post'>
<tr>
<td><input type='text' name='project' value='<?php echo $record['Project'];?>' /></td>
<td><input type='text' name='client' value='<?php echo $record['Client'];?>'/></td>
<td><input type='text' name='lastname' value='<?php echo $record['LastName'];?>' /></td>
<td><input type='text' name='datereceived' value='<?php echo $record['DateReceived'];?>' /></td>
<td><input type='text' name='finalreviewdate' value='<?php echo $record['FinalReviewDate'];?>' /></td>
<td><input type='text' name='datedelivered' value='<?php $record['DateDelivered'];?>' /></td>
<td><input type='text' name='dateaccepted' value='<?php echo $record['DateAccepted'];?>' /></td>
<td><input type='hidden' name='hidden' value='<?php echo $record['Project'];?>' /></td>
<td><input type='submit' name='update' value='update' /></td>
<td><input type='submit' name='delete' value='delete' /></td>
</tr>
</form>
<?php
}
}
$conn->close();
?>
</table>
</body>
</html>
change mysql_fetch_array($result) to $result->fetch_array()
if ($result->num_rows > 0){
while($record = $result->fetch_array())
{
echo "<form action=mynewform.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=project value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=text name=client value=" . $record['Client'] . " </td>";
echo "<td>" . "<input type=text name=lastname value=" . $record['LastName'] . " </td>";
echo "<td>" . "<input type=text name=datereceived value=" . $record['DateReceived'] . " </td>";
echo "<td>" . "<input type=text name=finalreview date value=" . $record['FinalReviewDate'] . " </td>";
echo "<td>" . "<input type=text name=datedelivered value=" . $record['DateDelivered'] . " </td>";
echo "<td>" . "<input type=text name=dateaqccepted value=" . $record['DateAccepted'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['Project'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
}
you can't merrage mysql and mysqli
You connect MYSQL by using mysqli_,and when you want to get result,still need mysqli_.
This an sample from official:
`$mysqli = new mysqli("localhost", "my_user", "my_password", "world");
/* check connection */
if ($mysqli->connect_errno){
printf("Connect failed: %s\n", $mysqli->connect_error);
exit();
}
$sql = "SELECT a.uid, a.role AS roleid, b.role,FROM tbl_usr a INNER JOIN tbl_memrole b ON a.role = b.id ";
if ($result = $mysqli->query($sql)) {
while($obj = $result->fetch_object()){
$line.=$obj->uid;
$line.=$obj->role;
$line.=$obj->roleid;
}
}
$result->close();
unset($obj);
unset($sql);
unset($query);`
This question already has answers here:
Why would $_FILES be empty when uploading files to PHP?
(22 answers)
Closed 8 years ago.
I am trying to build a file uploader, with a youtube tutorial that doesn't cover files, and right now I am stuck on the name. Using $_Files returns nothing and I am unsure as to why. :/
I tried to echo it out, but nothing comes back.
Everything else seems to work though.
<html>
<head>
</head>
<body>
<?php
error_reporting(-1);
ini_set('display_errors', 'On');
$con = mysql_connect("localhost","root","root");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("example",$con);
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE repo SET location='$_POST[location]', name='$_POST[name]', description='$_POST[description]' WHERE location='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM repo WHERE location='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};
if(isset($_POST['add'])){
$AddQuery = "INSERT INTO repo (name, id, image, location, partners, description, date) VALUES ('$image_name', '','$_POST[uimage]', '$_POST[ulocation]', '$_POST[upartners]', '$_POST[udescription]', NOW())";
mysql_query($AddQuery, $con);
};
$sql = "SELECT * FROM repo";
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>Image</th>
<th>Name</th>
<th>Location</th>
<th>Partners</th>
<th>Description</th>
<th>Date</th>
</tr>";
while($record = mysql_fetch_array($myData)){
?>
<form action="mydata5.php"
method="post" enctype="multipart/form-data">
<?php
echo "<tr>";
echo "<td>" . "<img src=Assets/Images/" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=topic value=" . $record['name'] . " </td>";
echo "<td>" . "<input type=text name=name value=" . $record['location'] . " </td>";
echo "<td>" . "<input type=text name=name value=" . $record['partners'] . " </td>";
echo "<td>" . "<input type=text name=description value=" . $record['description'] . " </td>";
echo "<td>" . "<input type=text name=description value=" . $record['date'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['location'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "<form action=mydata5.php method=post>";
echo "<tr>";
// echo "<td><input type=file name=uimage></td>";
?>
<td><input type="file" name="uimage" id="uimage"></td>
<?php
$file = $_FILES['uimage']['tmp_name'];
$image_name = mysql_real_escape_string($_FILES['uimage']['name']);
echo $_FILES['uimage']['error'];
echo "<td><input type=hidden name=uname></td>";
echo "<td><input type=text name=ulocation></td>";
echo "<td><input type=text name=upartners></td>";
echo "<td><input type=text name=udescription></td>";
echo "<td>" . "<input type=submit name=add value=add" . " </td>";
echo "</form>";
echo "</table>";
mysql_close($con);
?>
</body>
</html>
You need to add enctype="multipart/form-data" in the form tag.
For file type fields you need to add enctype attribute in your form so that uploaded files can be access using $_FILES
Update form starting tag with below
<form action="mydata5.php"
method="post" enctype="multipart/form-data">
Check your Insert Query.You are using $_POST for image name. That is wrong.
so I have this code that other Stack members have helped me fine tune and correct some errors, the code all works as it should but there is one small detail, after successfully editing one record and clicking the update button ALL of the existing records that are in the database load into the page. Here is my code below:
<?php
$con = mysql_connect("localhost", "root", "M1q2w3e4r");
if (!$con) {
die("Can not connect: " . mysql_error());
}
mysql_select_db("inventory",$con);
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE invoice SET `inv_number`='$_POST[inv_number]', `from_date`='$_POST[from_date]', `to_date`='$_POST[to_date]',`date_type`='$_POST[date_type]', `notes`='$_POST[notes]' WHERE id='$_POST[id]'";
mysql_query($UpdateQuery, $con);
};
$where = '';
if(!empty($_GET) && !empty($_GET['edit'])) {
$where = ' where id='.$_GET['edit'];
}
$sql = "SELECT * FROM invoice".$where;
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>Inv #</th>
<th>From</th>
<th>To</th>
<th>Type</th>
<th>Notes</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action='edit.php' method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='inv_number' value='" . $record['inv_number'] . "'> </td>";
echo "<td>" . "<input type='text' id='from' name='from_date' value='" . $record['from_date'] . "'> </td>";
echo "<td>" . "<input type='text' id='to' name='to_date' value='" . $record['to_date'] . "'> </td>";
echo "<td>" . "<input type='text' name='date_type' value='" . $record['date_type'] . "'> </td>";
echo "<td>" . "<input type='text' name='notes' value='" . $record['notes'] . "'> </td>";
echo "<td>" . "<input type='hidden' name='id' value='" . $record['id'] . "'> </td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['id'] . "'> </td>";
echo "<td>" . "<input type='submit' name='update' value='update'>" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysql_close($con);
?>
I know it has to do with the form action="edit.php", as it refreshes the page the id number in the url is pulled out. So I tried this:
echo "<form action='edit.php?edit=<?php echo $_REQUEST["id"]; ?>' method='post'>";
but this only led to my edit.php to display as a blank page. If anyone can help me figure out how to prevent all the database records from being displayed in the page after clicking the update button it would really help.
I might do this, for example, if I just wanted to show the record that was just updated:
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE invoice SET `inv_number`='$_POST[inv_number]', `from_date`='$_POST[from_date]', `to_date`='$_POST[to_date]',`date_type`='$_POST[date_type]', `notes`='$_POST[notes]' WHERE id='$_POST[id]'";
mysql_query($UpdateQuery, $con);
$where = ' where id='.$_POST[id];
}
else {
$where = '';
if(!empty($_GET) && !empty($_GET['edit'])) {
$where = ' where id='.$_GET['edit'];
}
}
You could also use REQUEST instead of GET and make a hidden input field with the name "edit" in your form.