My UPDATE query is failing although the syntax looks fine to me (I have another update query that works fine on the same page).
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("sitename") or die(mysql_error());
$id = $_GET['id'];
if (isset($_POST['submit'])){
$b = mysql_real_escape_string(trim($_POST['body']));
//**You have an error in your SQL syntax;** --> ?
mysql_query ("UPDATE body SET body= $b WHERE id = $id") or die (mysql_error() );
// $b is fine
echo "$b";
}
How the HTML review forms are rendered..
// Puts SQL Data into an array
$q = mysql_query("SELECT * FROM vote") or die (mysql_error());
// Now we loop through the database
echo "<br />";
while ($ratings = mysql_fetch_array($q))
{
//This outputs the doctors's name
echo "Doctor's name:" . $ratings['doctor_name'] ."<br />";
//This outputs a textarea for the user to submit comments
echo "<b>Your Experience: </b>";
echo "<form method='post' action='review_doctors.php'>
<textarea name='body'></textarea>
<input type='submit' name='submit' value='Send' id='submit'/>
</form>
";
echo "<br />";
echo "<p> </p>";
}
Why am I getting a SQL syntax error whenever a comment is submitted?
So, you're setting $id from the $_GET array which will probably not be set on submission of a form via post.
The update query you're running is inside a check for a POST (checking to see if $_POST['submit'] is set).
You probably want to send the value for the $id in the post body and pull it from the post array.
I fixed it to this:
// If submitted
if (isset($_POST['id'])){
//Capture what was typed in textarea
$b = mysql_real_escape_string(trim($_POST['body']));
$id = $_POST['id'];
mysql_query ("UPDATE vote SET body = '$b' WHERE id = $id") or die (mysql_error() );
// $b and $id are still fine
echo "$b";
echo "$id";
}
Also fixed the hidden input value:
while ($ratings = mysql_fetch_array($q))
{
//This outputs the doctors's name
echo "Doctor's name:" . $ratings['doctor_name'] ."<br />";
$id = $_POST['id'];
//This outputs a textarea for the user to submit comments
echo "<b>Your Experience: </b>";
echo "<form method='post' action='review_doctors.php'>
<textarea name='body'></textarea>
<input type='submit' name='submit' value='Send'/>
<input type='hidden' name='id' value='$ratings[id]' />
</form>
";
echo "<br />";
Related
This code is supposed to update my table, but it just refreshes the page. The query works, i tested it. its the submit button but i dont know why>
if(isset($_POST['nameupdate']))
{
echo('<hr>');
echo('Vul nieuwe waarde in');
$did = $jnm;
echo "<form method='post' data-ajax='false' action=''>";
echo "<input type='text' name='nmbox' value='".$did."'>";
echo "<input type='submit' name='nmupdate' value='Update'>";
echo "</form>";
if(isset($_POST['nmupdate']))
{
$opm = $_POST['nmbox'];
$query = "UPDATE users SET name = '$opm' WHERE username = '$jus'";
$stm = $con->prepare($query);
$stm->execute();
header("location:decdprofileedit.php");
}
}
You have to put nested if statement outside the first if statement
I have cleaned my code a little to have the following as my form. But I'm having trouble sending the data and Updating from the new update.php. The form works ok retrieving the data and displaying it. But on submission I get the ok update message but the record isn't changed in the database any ideas.
index.php
<?php
include 'connectdb.php';
// include 'query.php';
$sql = "SELECT id, WeightorMeasure FROM weightsmeasures";
$result = $conn->query($sql)
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<form action=\"update.php\"method=\"post\">";
echo "<input type=\"text\" name=\"id\" value = ".$row["id"].">";
echo "<input type=\"text\" name=\"WeightorMeasure\" value = ".$row["WeightorMeasure"] .">";
echo "<input type=\"submit\" value=\" Submit \" name=\"Update\">";
}
echo "</form>";
} else {
echo "0 results";
}
$conn->close();
?>
update.php
<?php
include 'connectdb.php';
$wm = $_POST['id'];
$id = $_POST['WeightorMeasure'];
$sql = "UPDATE weightsmeasures SET WeightorMeasure='$wm' WHERE id='$id'";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
$conn->close();
?>
Have changed to Below and now get this error.
Error updating record: Unknown column 'sdada' in 'field list'. So it looks like its trying to use the form value $wm as a column header in the table rather than the input value.
$wm = $_POST['WeightorMeasure'];
$id = $_POST['id'];
$sql = "UPDATE weightsmeasures SET WeightorMeasure=$wm WHERE id=$id";
$wm = $_POST['id'];
$id = $_POST['WeightorMeasure'];
Maybe you have these the wrong way round? :D
$wm = $_POST['WeightorMeasure'];
$id = $_POST['id'];
By the way your query is vuln to MySQL injection, please consider using prepared statements
You realize that you switched your ID and WeightOrMeasure in the variable assignments from your $_POST data?
This results in an update query that can't find the ID but does not run into a problem. Thus telling you that the operation was successful
I figure out following possible problem in your code.
mysqli_query($conn, $sql); //should be $conn->query($sql);
and this line
$wm = $_POST['id']; //$_POST['WeightorMeasure'];
$id = $_POST['WeightorMeasure'];//$_POST['id'];
the order is wrong. I hope you already have $conn object created in dpconnect.php file.
Ok found the problem was a mixture of the above having $_POST["WeightorMeasure"]; and $_POST["id"]; mixed up but the most important factor was that the table I was posting from contained Multiple Rows and on _POST to update.php it didn't know what to do with all the different rows as the SQL was only dealing with one row. Once I sent single rows through the post it worked fine. Now to learn and add prepared statements as suggested.
update.php
<?php
include 'connectdb.php';
$wm = $_POST["WeightorMeasure"];
$id = $_POST["id"];
echo $wm . "<br>";
echo $id . "<br";
$sql = "UPDATE weightsmeasures SET WeightorMeasure=\"$wm\", id=
$idWHERE id= $id";
if (mysqli_query($conn, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . mysqli_error($conn);
}
$conn->close();
?>
Manual single entry.
index.php
<?php
include 'connectdb.php';
// include 'query.php';
$sql = "SELECT id, WeightorMeasure FROM weightsmeasures WHERE id=11";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<form action=\"update.php\"method=\"post\">";
echo "<input type=\"text\" name=\"id\" value = ".$row["id"].">";
echo "<input type=\"text\" name=\"WeightorMeasure\" value = ".$row["WeightorMeasure"].">";
echo "<input type=\"submit\" value=\" Submit \" name=\"Update\">";
}
echo "</form>";
} else {
echo "0 results";
}
$conn->close();
?>
i have a system where a user searches for a film and reviews appear on a page with a button next to each review. The button can be selected to look at the individual review but i basically want a button that when selected it will look at all reviews on one page, the code i am using for the individual review is this
<?php
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE);
$searchfilm=$_POST['searchfilm'];
//Connect to database
//Filter search
$searchfilm = strtoupper($searchfilm);
$searchfilm = strip_tags($searchfilm);
$searchfilm = trim ($searchfilm);
$query = mysql_fetch_assoc(mysql_query("SELECT filmreview FROM review WHERE id = '$id'"));
$data = mysql_query("SELECT film.filmname, review.filmreview, review.reviewtitle, review.id FROM film, review WHERE film.filmid = review.filmid AND filmname = '$searchfilm'");
while($row = mysql_fetch_assoc($data))
{
// echo $row['filmname'];
// echo "<b>Film Name:</b> " .$searchfilm;
echo "<table border=\"2\" align=\"left\">";
echo "<tr><td>";
echo "<b>Review Title:</b> " .$row['reviewtitle'];
echo "<tr><td>";
echo $row['filmreview'];
echo "<p>";
echo "<form method='post' action='analyse1.php'>";
echo "<input type='hidden' name='reviewid' value='".$row['id']."'>";
echo "<input type='submit' name='submit' value='Analyse'>";
echo "</form>";
echo "</table>";
}
?>
you can fetch film reviews since film id inside review table
you could modify your code above and add another form to get all film reviews
when user click on a button it will redirect him/her to film_reviews.php
<?php
if(isset($_POST['submit']) && $_POST['submit'] == "getAllReviews"){
$filmID = mysql_real_escape_string($_POST['filmid']);
$sql = "SELECT * FROM review WHERE filmid = '$filmID'";
$res = mysql_query($sql);
if(is_resource($res)){
while($row = mysql_fetch_array($res)){
echo "<p>".$row['reviewtitle']."</p>";
echo "<p>".$row['filmreview']."</p>";
}
}
}
i try to make checkboxes. When i click checkbox it makes isPremium = 1 if i click a checked checkbox it makes isPremium = 0
However: when i click a checked checkbox it does not work..
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
require 'connectDB.php';
$mysql = new mysql();
$mysql->connect();
$dbResult = mysql_query("select * from profiles");
echo "<form action='#' method='post'>";
$dbResult = mysql_query("select * from profiles");
while ($info = mysql_fetch_array($dbResult)) {
if ($info['isPremium'] == 0)
echo "<input type=checkbox name='check2[]' id='check2' value=" . $info['id'] . ">";
else
echo "<input type=checkbox name='check1[]' id='check1' value=" . $info['id'] . " checked>";
echo $info['profileName'] . "<br />";
}
echo "<p><input type='submit' name='btnPremium' /></p>";
echo "</form>";
if (isset($_POST['btnPremium'])) {
if (isset($_POST['check2'])) {
$arrPremium = $_POST['check2'];
foreach ($arrPremium as $result) {
mysql_query("UPDATE profiles set isPremium=1 where id=" . $result . "");
}
}
else
{
$arrPremium = $_POST['check1'];
foreach ($arrPremium as $result2) {
mysql_query("UPDATE profiles set isPremium=0 where id=" . $result2 . "");
}
}
}
?>
when i click a checked checkbox it makes another checkbox unclick.
This is the checkbox page
I have refactored your code into this:
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
require 'connectDB.php';
$mysql = new mysql();
$mysql->connect();
$update = (isset($_POST['check']) && is_array($_POST['check']));
$dbResult = mysql_query("select * from profiles");
echo "<form action='#' method='post'>";
while ($info = mysql_fetch_array($dbResult))
{
if ($update)
{
$info['isPremium'] = (in_array($info['id'], $_POST['check']) ? 1 : 0);
mysql_query("UPDATE profiles SET isPremium = " . $info['isPremium'] . " WHERE id = " . $info['id']);
}
echo "<input type=checkbox name='check[]' value=" . $info['id'] . ($info['isPremium'] == 0 ? "" : "checked") . " />";
echo htmlspecialchars($info['profileName']) . "<br />";
}
echo "<p><input type='submit' name='btnPremium' /></p>";
echo "</form>";
?>
There were several problems with your original code:
Several HTML input elements with the same ID. This is wrong. We can have several elements with the same name attribute, but the id attribute should be unique for each element.
The database UPDATE code runs after displaying the form. This is wrong. In this case, we should update the database prior to generating the HTML output.
IMPORTANT: There is no need of two different POST arrays (check1 and check2). We only need one array. The checked boxes will be posted by the browser. The unchecked boxes will not be posted by the browser. As the id is the value, we can use the in_array function to verify if the checkbox for an item was checked or not.
It is a good idea to escape things you will output as HTML from the database. Otherwise, the application is vulnerable for some kinds of attack. The function htmlspecialchars is useful for this purpose.
If I understand correctly what you're trying to achieve, your code is needlessly complicated. You should use isset to check whether the value of a checkbox was included in the $_POST array. If yes, the checkbox was checked.
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<?php
require 'connectDB.php';
$mysql = new mysql();
$mysql->connect();
echo "<form action='#' method='post'>";
$dbResult = mysql_query("SELECT * FROM profiles");
$profileid = array();
while ($info = mysql_fetch_array($dbResult)) {
echo "<input type=\"checkbox\" name=\"" . $info['id'] . "\" " . ($info['isPremium'] != 0 ? "checked " : "") . "/>";
echo $info['profileName'] . "<br />";
$profileid[] = $info['id'];
}
echo "<p><input type='submit' name='btnPremium' /></p>";
echo "</form>";
if (isset($_POST['btnPremium'])) {
foreach ($profileid as $id) {
if (isset($_POST[$id])) {
mysql_query("UPDATE profiles SET isPremium=1 WHERE id=" . $id);
} else {
mysql_query("UPDATE profiles SET isPremium=0 WHERE id=" . $id);
}
}
}
?>
Checkboxes typically send the value "on" to the server, regardless of what value attribute is set. If you can, try to use radio buttons instead, as these send the proper value to the server. If that's not an option, have the name of the checkbox be check1[".$info['id']." and access array_keys($_POST['check1']).
I have this code that is displayed in a jquery dialog .load()'ed from a php script
$sql = '
SELECT
*
FROM
table
WHERE
id="'.$id.'"
';
$query = mysql_query($sql);
while($rows = mysql_fetch_array($query)) {
echo "Category: <input type='text' name='category[]' value=".$rows['category']." />";
}
this is part of a form that is posted to an external script to insert/update the db. The problem im having is how can I delete that column onclick by adding an a href "delete" after the input to be echoed, effectively deleting it from the db?
while($rows = mysql_fetch_array($query)) {
echo "Category: <input type='text' name='category[]' value=".$rows['category']." />";
echo "Delete";
}
In file the above link will redirect write as
if(isset($_GET['task']) && $_GET['task'] == 'delete'){
if(!isset($_GET['cat'])){
die('Invalid cat to delete');
}
$sql = "DELETE FROM tableName WHERE columnName = '".$_GET['cat']."' ";
mysql_query($sql);
}