When I submit this form this error appears NO SQL INJECTION.
The action of this form is the same file ..
I tried to do a lot of solutions and nothing works!
How can I escape that error? There is no change on the database.
Here is the php code
<?php
include '../inc/config.php';
include 'dbc.php';
page_protect();
if(!checkAdmin()) {
header("Location: login.php");
exit();
}
$ads_id = (isset($_GET['id']) ? $_GET['id'] : NULL);
if (!is_numeric($ads_id)) { die ('No SQL INJECTION') ;};
if ($ads_id) {
$img_ads_info = $mysqli->query("SELECT * FROM `ads_image` WHERE `id` = '$ads_id'");
$row = $img_ads_info->fetch_object();
$section_id = $row->user_id;
$ads2 = $mysqli->query("SELECT users.company_name FROM ads_image,users where
ads_image.user_id = users.id AND ads_image.user_id='$section_id'");
$row2 = $ads2->fetch_object();
?>
<div class="panel panel-default ">
<div class="panel-heading" id="accordion"><span class="glyphicon
glyphicon-comment"></span><?php echo $row->description; ?></div>
<div class="panel-body">
<form role="form" action="manage_images_ads.php" method="POST">
<div class="form-group">
<input type="hidden" name="id" value="<?php echo $row->id;
?>" />
<label>اسم المؤسسة المعلنة</label>
<input required name="company_name" class="form-
control" type="text" maxlength="255" value="<?php echo $row2->company_name; ?>"/>
</div>
<div class="form-group">
<label>عنوان الإعلان</label>
<input required name="title" class="form-control"
type="text" maxlength="255" value="<?php echo $row->title; ?>"/>
</div>
<div class="form-group">
<label>صورة الإعلان</label>
<img src="upload/<?php echo $row->up; ?>" />
</div>
<div class="form-group">
<label>عدد المشاهدات</label>
<input required name="views" class="form-control"
type="text" maxlength="255" value="<?php echo $row->views; ?>"/>
</div>
<div class="form-group">
<label>رابط الإعلان</label>
<input required name="ad_link" class="form-control"
type="text" maxlength="255" value="<?php echo $row->ad_link; ?>"/>
</div>
<button style="float:left" type="submit"
value="submit" class="btn btn-success btn-md" id="btn-chat">Send</button>
</div>
</form>
<?php
if(isset($_POST['submit'])) {
$title = $mysqli->real_escape_string($_POST['title']);
$ad_link = $mysqli->real_escape_string($_POST['ad_link']);
$views = $mysqli->real_escape_string($_POST['views']);
if ($mysqli->connect_error) {
die("Connection failed: " . $mysqli->connect_error);
}
$sql = "UPDATE ads_image SET `title`='$title',`ad_link`='$ad_link',`views`='$views'
WHERE `id`='$ads_id'";
if ($mysqli->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $mysqli->error;
}
$mysqli->close();
}
}
?>
The reason is that your form has 'method="POST"' while php is looking for id in the $_GET superarray. Just change
$ads_id = (isset($_GET['id']) ? $_GET['id'] : NULL);
to
$ads_id = (isset($_POST['id']) ? $_POST['id'] : NULL);
and it should start work properly.
Related
I want to update my form using PHP and SQL but update query not working. select query working but update not working. there is no error. when I am using a select query for show value in the input field and it's working. I am trying much think but not figure out what is the error. I am trying much think but not figure out what is the error.
<?php
include 'connection.php';
include 'config.php';
if (isset($_GET['edit'])) {
{
$topHeading=$_POST['topHeading'];
$mainHeading=$_POST['mainHeading'];
$bottomHeading=$_POST['bottomHeading'];
$filesname = $_FILES['file']['name'];
$target_dir = "uploads/";
$target_file = $target_dir . basename($_FILES["file"]["name"]);
// Select file type
$imageFileType = strtolower(pathinfo($target_file,PATHINFO_EXTENSION));
// Valid file extensions
$extensions_arr = array("jpg","jpeg","png","gif","svg");
// Check extension
if( in_array($imageFileType,$extensions_arr) ){
// Convert to base64
$image_base64 = base64_encode(file_get_contents($_FILES['file']['tmp_name']) );
$images = 'data:image/'.$imageFileType.';base64,'.$image_base64;
$sql = "update banner set topHeading='$topHeading', filesname='$filesname', images='$images', mainHeading='$mainHeading', bottomHeading='$bottomHeading' where id='$id'";
if (mysqli_query($connection, $sql)) {
echo "Done";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($connection);
}
// mysqli_close($connection);
// Upload file
move_uploaded_file($_FILES['file']['tmp_name'],$target_dir.$filesname);
if($sql)
{
echo "";
}
else
{
echo "<script>alert('Data not inserted');</script>";
}
}
}
}
$query = mysqli_query($connection, "select * from banner");
while ($row = mysqli_fetch_array($query)) {
echo "<b><a href='editbanner.php?id={$row['id']}'>{$row['topHeading']}</a></b>";
echo "<br />";
}
if (isset($_GET['edit'])) {
echo '<div class="form" id="form3"><br><br><br><br><br><br>
<Span>Data Updated Successfuly......!!</span></div>';
}
?>
<?php
if (isset($_GET['id'])) {
$id = $_GET['id'];
$count = 0;
$mysqli = mysqli_query($connection,"SELECT * FROM banner");
foreach($mysqli as $row){
$count++;
?>
<form class="form-horizontal" method="post" name="form1" id="form1" enctype="multipart/form-data">
<div class="form-group label-floating form-rose">
<label for="brandname" class="control-label col-xs-2">Brand Name of Stock Broker</label>
<div class="col-xs-12">
<input type="text" name="topHeading" id="brandname" class="form-control" value="<?php echo $row["topHeading"]; ?>"/>
<span class="error" id="pointfn"></span>
</div>
</div>
<div class="form-group label-floating form-rose">
<label for="name" class="control-label col-xs-2">Contact Person</label>
<div class="col-xs-12">
<input type="text" name="mainHeading" id="name" class="form-control" value="<?php echo $row["mainHeading"]; ?>"/>
<span class="error" id="pointln"></span>
</div>
</div>
<div class="form-group label-floating form-rose">
<label for="designation" class="control-label col-xs-2">Designation</label>
<div class="col-xs-12">
<input type="text" name="bottomHeading" id="designation" class="form-control" value="<?php echo $row["bottomHeading"]; ?>"/>
<span class="error" id="designationln"></span>
</div>
</div>
<div class="label-floating form-rose file-upload">
<div class="file-select">
<div class="file-select-button" id="fileName">Upload Logo</div>
<div class="file-select-name" id="noFile">No file chosen...</div>
<input type="file" name="file" id="chooseFile" required>
</div>
</div>
<div class="form-group label-floating form-rose">
<div class="col-xs-12"> <input type='checkbox' name='checkbox' id="checkbox" required /> <label for="checkbox" class="col-xs-10 term">I accept the terms and condition</label>
</div>
</div>
<button type="submit" name="edit" value="Submit" id="formT" class="button-cta cta btn" onClick="return validateForm()"> I am Interested!</button>
</form>
<?php }} ?>
</body>
</html>
$id is missing above your update query...
$id = $_REQUEST['id'];
$sql = "update banner set topHeading='$topHeading', filesname='$filesname', images='$images', mainHeading='$mainHeading', bottomHeading='$bottomHeading' where id='$id'";
My problem is :When I press the button Delete Or Update ,they delete the information of the text boxes, and do nothing else,they do not show any error.I am new to programming, if someone can help me, I would be grateful.
P.S: Sorry for my bad English.
<?php
$servername = "localhost";
$username = "estgv15592";
$password = "estgv155922016";
$dbname = "estgv15592";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST["bt_registaraparelho"]))
{
$id=$_POST["id"];
$nome=$_POST["nome"];
$anomalias=$_POST["anomalias"];
$datarecepcao=$_POST["datarecepcao"];
$datareparacao=$_POST["datareparacao"];
$dataentrega=$_POST["dataentrega"];
$preco=$_POST["preco"];
$estado=$_POST["estado"];
$sql = ("UPDATE FICHA_DE_OBRA SET NOME = '$nome',ANOMALIAS = '$anomalias',CUSTO_ESTIMADO= '$preco',DATA_RECECAO= '$datarecepcao'
,DATA_REPARACA= '$datareparacao',DATA_ENTREGA= '$dataentrega' ,ESTADO= '$estado' WHERE ID_FICHAOBRA = $id");
mysqli_select_db('estgv15592');
$retval = mysqli_query( $conn, $sql);
if(! $retval ) {
die('Could not update data: ' . mysqli_error());
}
echo "Alterado com Sucesso\n";
mysqli_close($conn);
}
/////////////////////////////////////////////////////////////////
if(isset($_POST["btn_eliminar"]))
{
$id=$_POST["id"];
$sql = "DELETE FROM FICHA_DE_OBRA WHERE id='$id' ";
$result = mysqli_query($conn, $sql) or die(mysqli_error());
if(mysqli_affected_rows($result) > 0) echo 'Selected data rows Deleted';
mysqli_select_db('estgv15592');
$retval = mysqli_query( $conn, $sql);
if(! $retval ) {
die('Could not delete data: ' . mysqli_error());
}
echo "Deleted data successfully\n";
$result = mysqli_query($conn, $sql);
}
////////////////////////////////////////////////////////////////
if(isset($_POST["loadbtn"]))
{
$id = (integer) $_POST["id"];
$query = "SELECT NOME, TELEMOVEL,ANOMALIAS,CUSTO_ESTIMADO,DATA_RECECAO, DATA_REPARACA,DATA_ENTREGA, ESTADO,
PRECO FROM FICHA_DE_OBRA WHERE ID_FICHAOBRA = '$id' ";
$result = mysqli_query($conn, $query);
$details = mysqli_fetch_array($result);
$nome = $details["NOME"];
$telemovel = $details["TELEMOVEL"];
$anomalias = $details["ANOMALIAS"];
$custoestimado = $details["CUSTO_ESTIMADO"];
$datarececao = $details["DATA_RECECAO"];
$datareparacao = $details["DATA_REPARACA"];
$dataentrega = $details["DATA_ENTREGA"];
$estado = $details["ESTADO"];
$preco = $details["PRECO"];
}
$sql = "SELECT * FROM FICHA_DE_OBRA";
$result = mysqli_query($conn, $sql);
echo '<div class="absolute">';
echo '<form id="form" method="post">';
echo "<select name ='id'>";
echo "<option value=''>Selecione Número ficha Obra</option>";
echo '</div>';
while($row = mysqli_fetch_array($result))
{
echo "<option value='" . $row['ID_FICHAOBRA'] . "'>" . $row['ID_FICHAOBRA'] . "</option>";
}
echo "</select>";
$conn->close();
?>
<input type="submit" value="Load" name="loadbtn">
</div>
<br/>
</form>
<div class="container">
<div class="row">
<div class="col-lg-12 text-center">
<hr>
<div class="jumbotron">
<form method="post" autocomplete="disable" enctype="multipart/form-data">
<div class="input-group">
<span class="input-group-addon">ID:</span>
<input type="text" class="form-control" placeholder="" name="id" value="<?php echo $id;?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Nome:</span>
<input type="text" class="form-control" placeholder="" name="nome" value="<?php echo $nome;?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Telemovel:</span>
<input type="text" class="form-control" placeholder="" name="telemovel" value="<?php echo $telemovel?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Anomalias:</span>
<input type="text" class="form-control" placeholder="" name="anomalias" value="<?php echo $anomalias;?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Data Recepção:</span>
<input type="date" class="form-control" placeholder="" name="datarecepcao" value="<?php echo $datarececao?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Data Reparação:</span>
<input type="date" class="form-control" placeholder="" name="datareparacao" value="<?php echo $datareparacao;?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Data Entrega:</span>
<input type="date" class="form-control" placeholder="" name="dataentrega" value="<?php echo $dataentrega;?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Custo Estimado:</span>
<input type="number" step="0.01" class="form-control" placeholder="" name="precoestimado" value="<?php echo $custoestimado;?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Estado:</span>
<input type="text" class="form-control" placeholder="" name="estado" value="<?php echo $estado;?>" />
</div>
<div class="input-group">
<span class="input-group-addon">Preço:</span>
<input type="number" class="form-control" placeholder="" name="preco" value="<?php echo $preco;?>" />
</div>
<br>
<p>
<input align="left" type="submit" class="btn btn-primary btn-lg" name="bt_alterar" value="Update">
<input align="right" type="submit" class="btn btn-primary btn-lg" name="bt_eliminar" value="Delete">
</p>
<p
</p>
</div>
</div>
You have mixed up everything like mysql, mysqli, Multiple connections. Please use either mysql or mysqli for whole script. There is no need to select db so many time.
Your code need some modification like
$retval = mysqli_query( $sql, $conn ); Wrong
$retval = mysqli_query( $conn, $sql ); Right
Here is modified version of your code:
<?php
$servername = "localhost";
$username = "estgv15592";
$password = "estgv155922016";
$dbname = "estgv15592";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST["bt_registaraparelho"]))
{
$id=$_POST["id"];
$nome=$_POST["nome"];
$anomalias=$_POST["anomalias"];
$datarecepcao=$_POST["datarecepcao"];
$datareparacao=$_POST["datareparacao"];
$dataentrega=$_POST["dataentrega"];
$preco=$_POST["preco"];
$estado=$_POST["estado"];
$sql = ("UPDATE FICHA_DE_OBRA SET NOME = '$nome',ANOMALIAS = '$anomalias', CUSTO_ESTIMADO= '$preco', DATA_RECECAO= '$datarecepcao' , DATA_REPARACA= '$datareparacao', DATA_ENTREGA= '$dataentrega' , ESTADO= '$estado' WHERE ID_FICHAOBRA = $id");
/**Not needed. You have already have a active connection */
//mysql_select_db('estgv15592');
$retval = $conn->query($sql);
/**An integer greater than zero indicates the number of rows affected or retrieved. Zero indicates that no records were updated for an UPDATE statement, no rows matched the WHERE clause in the query or that no query has yet been executed. -1 indicates that the query returned an error.*/
if(!$retval && $conn->affected_rows != -1 ) {
die('Could not update data: ' . $mysqli->error);
}
echo "Alterado com Sucesso\n";
/**Not needed. Close the connection at the end*/
mysql_close($conn);
}
/////////////////////////////////////////////////////////////////
if(isset($_POST["btn_eliminar"]))
{
$id=$_POST["id"];
$sql = "DELETE FROM FICHA_DE_OBRA WHERE id='$id' ";
/*$result = $conn->query($sql) or die($mysqli->error);
if(mysql_affected_rows($result) > 0) echo 'Selected data rows Deleted';
*/
/**Not needed. You have already have a active connection */
//mysql_select_db('estgv15592');
$retval = $conn->query($sql);
if(!$retval && $conn->affected_rows != -1 ) {
die('Could not delete data: ' .$mysqli->error);
}
echo "Deleted data successfully\n";
//$result = mysqli_query($conn, $query);
}
////////////////////////////////////////////////////////////////
if(isset($_POST["loadbtn"]))
{
$id = (integer) $_POST["id"];
$query = "SELECT NOME, TELEMOVEL,ANOMALIAS,CUSTO_ESTIMADO,DATA_RECECAO, DATA_REPARACA,DATA_ENTREGA, ESTADO,
PRECO FROM FICHA_DE_OBRA WHERE ID_FICHAOBRA = '$id' ";
$result = $conn->query($conn, $query);
$details = $result->fetch_array(MYSQLI_ASSOC);
$nome = $details["NOME"];
$telemovel = $details["TELEMOVEL"];
$anomalias = $details["ANOMALIAS"];
$custoestimado = $details["CUSTO_ESTIMADO"];
$datarececao = $details["DATA_RECECAO"];
$datareparacao = $details["DATA_REPARACA"];
$dataentrega = $details["DATA_ENTREGA"];
$estado = $details["ESTADO"];
$preco = $details["PRECO"];
/* free result set */
$result->free();
}
$sql = "SELECT * FROM FICHA_DE_OBRA";
$result = $conn->query($conn, $sql);
echo '<div class="absolute">';
echo '<form id="form" method="post">';
echo "<select name ='id'>";
echo "<option value=''>Selecione Número ficha Obra</option>";
echo '</div>';
while($row = $result->fetch_array(MYSQLI_ASSOC))
{
echo "<option value='" . $row['ID_FICHAOBRA'] . "'>" . $row['ID_FICHAOBRA'] . "</option>";
}
echo "</select>";
/* free result set */
$result->free();
$conn->close();
?>
<input type="submit" value="Load" name="loadbtn">
</div>
<br/>
</form>
<div class="container">
<div class="row">
<div class="col-lg-12 text-center">
<hr>
<div class="jumbotron">
<form method="post" autocomplete="disable" enctype="multipart/form-data">
<div class="input-group"> <span class="input-group-addon">ID:</span>
<input type="text" class="form-control" placeholder="" name="id" value="<?php echo $id;?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Nome:</span>
<input type="text" class="form-control" placeholder="" name="nome" value="<?php echo $nome;?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Telemovel:</span>
<input type="text" class="form-control" placeholder="" name="telemovel" value="<?php echo $telemovel?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Anomalias:</span>
<input type="text" class="form-control" placeholder="" name="anomalias" value="<?php echo $anomalias;?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Data Recepção:</span>
<input type="date" class="form-control" placeholder="" name="datarecepcao" value="<?php echo $datarececao?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Data Reparação:</span>
<input type="date" class="form-control" placeholder="" name="datareparacao" value="<?php echo $datareparacao;?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Data Entrega:</span>
<input type="date" class="form-control" placeholder="" name="dataentrega" value="<?php echo $dataentrega;?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Custo Estimado:</span>
<input type="number" step="0.01" class="form-control" placeholder="" name="precoestimado" value="<?php echo $custoestimado;?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Estado:</span>
<input type="text" class="form-control" placeholder="" name="estado" value="<?php echo $estado;?>" />
</div>
<div class="input-group"> <span class="input-group-addon">Preço:</span>
<input type="number" class="form-control" placeholder="" name="preco" value="<?php echo $preco;?>" />
</div>
<br>
<p>
<input align="left" type="submit" class="btn btn-primary btn-lg" name="bt_alterar" value="Update">
<input align="right" type="submit" class="btn btn-primary btn-lg" name="bt_eliminar" value="Delete">
</p>
<p
</p>
</div>
</div>
I am currently trying to make a type blog site and I'm having trouble uploading the post in the edition of a post already created .
I'm currently using the Bootstrap and do not know if this will influence my code or not but the php error is in the lines of the form table.
<?php
include("includes/connect.php");
if (isset($_GET['edit'])) {
$edit_id = $_GET['edit'];
$edit_query = "select * from posts where post_id='$edit_id'";
$run_edit = mysql_query($edit_query);
while ($edit_row=mysql_fetch_array($run_edit)) {
$post_id = $edit_row['post_id'];
$post_title = $edit_row['post_title'];
$post_author = $edit_row['post_author'];
$post_keywords = $edit_row['post_keywords'];
$post_image = $edit_row['post_image'];
$post_content = $edit_row['post_content'];
}
}
?>
<div class="col-md-10" id="content-area">
<div class="container">
<div class="row">
<h2>Edit Post</h2>
<form method="post" action="edit_post.php?edit_form=<?php echo $edit_id ?>" enctype="multipart/form-data">
<fieldset class="form-group">
<label for="title">Title</label>
<input type="text" name="title" class="form-control" id="title" placeholder="title" value="<?php echo $post_title; ?>">
</fieldset>
<fieldset class="form-group">
<label for="author">Author</label>
<input type="text" name="author" class="form-control" id="author" placeholder="author" value="<?php echo $post_author; ?>">
</fieldset>
<fieldset class="form-group">
<label for="keywords">Keywords</label>
<input type="text" name="keywords" class="form-control" id="keywords" placeholder="keywords" value="<?php echo $post_keywords; ?>">
</fieldset>
<fieldset class="form-group">
<label for="image">Image</label>
<input type="file" name="image" class="form-control" id="image" placeholder="image">
<img src="../images/<?php echo $post_image; ?>" width="100" height="100">
</fieldset>
<fieldset class="form-group">
<label for="content">Content</label>
<textarea name="content" cols="20" rows="20" class="form-control" id="content" placeholder="content"><?php echo $post_content; ?></textarea>
</fieldset>
<input class="btn btn-primary" type="submit" name="submit" value="Update Post"></input>
</form>
</div>
</div>
</div>
</body>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.11.3/jquery.min.js"></script>
<script src="../js/bootstrap.min.js"></script>
</html>
<?php
if (isset($_POST['update'])) {
$update_id = $_GET['edit_form'];
$post_title1 = $_POST['title'];
$post_date1 = date('m-d-y');
$post_author1 = $_POST['author'];
$post_keywords1 = $_POST['keywords'];
$post_content1 = $_POST['content'];
$post_image1 = $_FILES['image']['name'];
$image_tmp = $_FILES['image']['tmp_name'];
if($post_title1=='' or $post_author1=='' or $post_keywords1=='' or $post_content1=='' or $post_image1=='') {
echo "<script>alert('Preencha todos os campos')</script>";
exit();
}
else {
move_uploaded_file($image_tmp, "../images/$post_image1");
$update_query = "update posts set post_title='$post_title1',post_date='$post_date1',post_author='$post_author1',post_image='$post_image1',post_keywords='$post_keywords1',post_content='$post_content1' where post_id='update_id'";
if (mysql_query($update_query)) {
echo "<script>alert('O seu post foi atualizado')</script>";
echo "<script>window.open('view_posts.php','_self')</script>";
}
}
}
?>
First of all, you should prevent SQL Injection.
Change this line:
$edit_id = $_GET['edit'];
To this:
$edit_id = (int)$_GET['edit'];
This way, php will always assume that the variable is an int.
The same on update code:
$update_id = $_GET['edit_form'];
To:
$update_id = (int)$_GET['edit_form'];
And then, you forgot to put $ inside SQL query, on update_id variable to run as a PHP variable:
$update_query = (...) where post_id='$update_id'";
PHP Code
<?php
if (!isset($_SESSION)) { session_start(); }
include "connect.php";
include "functions.php";
if (!isset($_SESSION['login']) || $_SESSION['login'] !== true) {
header('location: no_acces.php');
exit();
} else {
$id_user = $_SESSION['userid'];
$q_user = mysqli_query($conn, "SELECT * FROM users WHERE id = $id_user");
if (mysqli_num_rows($q_user) === 1) {
$r_user = mysqli_fetch_assoc($q_user);
} else {
unset($_SESSION['login']);
unset($_SESSION['userid']);
header('location: no_acces.php');
exit();
}
}
$error = "";
$userQuery = mysqli_query($conn, "SELECT username FROM users");
$user = mysqli_fetch_assoc($userQuery);
$id = $_GET['id'];
if (isset($_POST['edit_contact'])) {
$roepnaam = $_POST['roepnaam'];
$naam = $_POST['naam'];
$land = $_POST['land'];
$bedrijf = $_POST['bedrijf'];
$adres1 = $_POST['adres1'];
$adres2 = $_POST['adres2'];
$stad = $_POST['stad'];
$postcode = $_POST['postcode'];
$provincie = $_POST['provincie'];
$telefoon = $_POST['telefoon'];
$email = $_POST['email'];
$captcha= $_POST['g-recaptcha-response'];
if(!$captcha){
$error = "Er is een fout opgetreden";
}
if ($error == "") {
$insertUser = ("UPDATE address SET
roepnaam = '$roepnaam', naam = '$naam', bedrijf = '$bedrijf', telefoon = '$telefoon', email = '$email', adres1 = '$adres1', adres2 = '$adres2', stad = '$stad', postcode = '$postcode', provincie = '$provincie', land = '$land' WHERE id = $id");
if (mysqli_query($conn, $insertUser)) {
$_SESSION['edit_contact'] = true;
header('location: address_book.php');
} else {
$error = "Er is een fout opgetreden";
}
}
}
?>
HTML Code
<!DOCTYPE html>
<html lang="en">
<body>
<form action="" method="post">
<?php if ($error !== "") { ?>
<div class="row">
<div class="col-md-12 error">
<?php echo $error; ?>
</div>
</div>
<?php } ?>
<label for="firstName" class="control-label">Naam:</label>
<div class="row ">
<div class="col-md-6">
<input type="text" class="form-control" id="firstName" placeholder="Roepnaam" name="roepnaam" value="<?php if (isset($_POST['roepnaam'])) { echo $_POST['roepnaam']; } ?>" required/>
</div>
<div class="col-md-6">
<input type="text" class="form-control" id="lastName" placeholder="Naam" name="naam" value="<?php if (isset($_POST['naam'])) { echo $_POST['naam']; } ?>" required/>
</div>
</div>
<label for="username" class="control-label">Bedrijf:</label>
<div class="row ">
<div class="col-md-12">
<input type="text" class="form-control" id="username" placeholder="Bedrijf" name="bedrijf" value="<?php if (isset($_POST['bedrijf'])) { echo $_POST['bedrijf']; } ?>" required/>
</div>
</div>
<label for="password" class="control-label">Telefoonnummer:</label>
<div class="row ">
<div class="col-md-12">
<input type="text" class="form-control" id="password" placeholder="Telefoonnummer" name="telefoon" value="<?php if (isset($_POST['telefoon'])) { echo $_POST['telefoon']; } ?>" required/>
</div>
</div>
<label for="email" class="control-label">Email:</label>
<div class="row ">
<div class="col-md-12">
<input type="text" class="form-control" id="email" placeholder="E-mailadres" name="email" value="<?php if (isset($_POST['email'])) { echo $_POST['email']; } ?>" required/>
</div>
</div>
<label for="adres1" class="control-label">Adres:</label>
<div class="row">
<div class="col-md-12">
<input type="text" class="form-control" id="adres1" placeholder="Adres 1" name="adres1" value="<?php if (isset($_POST['adres1'])) { echo $_POST['adres1']; } ?>" required/>
</div>
</div>
<div class="row padding-top-10">
<div class="col-md-12">
<input type="text" class="form-control" id="adres2" placeholder="Adres 2" name="adres2" value="<?php if (isset($_POST['adres2'])) { echo $_POST['adres2']; } ?>"/>
</div>
</div>
<div class="row">
<div class="col-md-3">
<label for="postcode" class="control-label">Postcode:</label>
</div>
<div class="col-md-5">
<label for="city" class="control-label">Stad:</label>
</div>
<div class="col-md-4">
<label for="regio" class="control-label">Regio:</label>
</div>
</div>
<div class="row ">
<div class="col-md-3">
<input type="text" class="form-control" id="postcode" placeholder="Postcode" name="postcode" value="<?php if (isset($_POST['postcode'])) { echo $_POST['postcode']; } ?>" required/>
</div>
<div class="col-md-5">
<input type="text" class="form-control" id="city" placeholder="Stad" name="stad" value="<?php if (isset($_POST['stad'])) { echo $_POST['stad']; } ?>" required/>
</div>
<div class="col-md-4">
<input type="text" class="form-control" id="regio" placeholder="Provincie" name="provincie" value="<?php if (isset($_POST['provincie'])) { echo $_POST['provincie']; } ?>" required/>
</div>
</div>
<label for="land" class="control-label">Land:</label>
<div class="row ">
<div class="col-md-12">
<input type="text" class="form-control" id="password" placeholder="Land" name="land" value="<?php if (isset($_POST['land'])) { echo $_POST['land']; } ?>" required/>
</div>
</div>
<div class="row">
<div class="col-md-8 padding-top-10 ">
<div class="g-recaptcha " data-sitekey="6LcCsBoTAAAAAK72uzyJSrgWwD8xuF6jFIfgFaHX"></div>
</div>
</div>
<div class="row">
<div class="col-md-2 padding-top-10">
<input type="submit" name="edit_contact" class="btn btn-succes" value="Wijzigen">
</div>
<div class="col-md-2 padding-top-10">
<input type="text" name="delete_contact" action="delete_contact.php" class="btn btn-succes" value="Contact verwijderen">
</div>
</div>
</form>
</body>
</html>
PHP Code
<?php
if (!isset($_SESSION)) { session_start(); }
include "connect.php";
include "functions.php";
if (!isset($_SESSION['login']) || $_SESSION['login'] !== true || !isset($_SESSION['userid']) || $_SESSION['userid'] == "") {
header('location: login.php');
exit();
} else {
session_regenerate_id();
}
$id = $_GET['id'];
$query = "DELETE FROM address WHERE id= $id";
mysqli_query ($query);
if (mysql_affected_rows() == 1) {
header('location: addressbook.php');
} else {
echo "Verwijderen mislukt";
}
?>
I'm trying to make a delete button for my contacts within the addressbook. but everytime I click "Contact verwijderen" the webpage resets it self and the contact won't be deleted. Could anyone help me to fix this?
You input is a text input and you don't have a form asociated with it,create one and change the type of submit to submit
<form action="delete_contact.php" method="post">
//other inputs
<input type="submit" name="delete_contact" class="btn btn-succes" value="Contact verwijderen">
</form>
You are mixing MySQL and MySQLi functions:
mysqli_query ($query);
if (mysql_affected_rows() == 1)
You cannot mix MySQL with MySQLi, your code should be:
mysqli_query ($query);
if (mysqli_affected_rows($conn) == 1)
Add a normal link to delete the contact, you don't need a form.
<a href="delete_contact.php?id=<?php echo $id ?>">
Contact verwijderen
</a>
Im having a problem in updating the database,
This is my first page,
<div class="col-md-4">
<div class="createnewbox">
<form name="Edit Admin Infomation" class="form-horizontal" method="post" action="adminUpdateProductDetail.php?cat=<?php echo $product['categoryid']; ?>&code=<?php echo $product['productname']; ?>">
<h2>Edit Product Information</h2>
<div class="form-group">
<label class="col-sm-2 control-label">Name</label>
<br/>
<br/>
<div class="col-md-11">
<input type="text" class="form-control" value="<?php echo $product['productname']; ?>" name="productname">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Price</label>
<br/>
<br/>
<div class="col-md-11">
<input type="text" class="form-control" value="<?php echo $product['price']; ?>" name="price">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Dimension</label>
<br/>
<br/>
<div class="col-md-11">
<input type="text" class="form-control" value="<?php echo $product['dimension']; ?>" name="dimension">
</div>
</div>
<div class="form-group">
<label class="col-sm-2 control-label">Description</label>
<br/>
<br/>
<div class="col-md-11">
<textarea type="text" class="form-control" rows="8" name="productinfo">
<?php echo $product[ 'productinfo']; ?>
</textarea>
</div>
</div>
<div class="form-group">
<div class="col-md-11">
<input type="submit" value="Update Information" class="btn btn-success">
<script>
function reset() {
location.reload();
}
</script>
<button class="btn btn-info" onclick="reset()">undo</button>
</div>
</div>
<?php ?>
</form>
</div>
</div>
This is my adminUpdateProductDetail.php,
<?php
include 'adminNavBar.php';
require 'dbfunction.php';
$con = getDbConnect();
$price = $_POST['price'];
$name = $_POST['productname'];
$info = $_POST['productinfo'];
$dimension = $_POST['dimension'];
$cat= $_GET['cat'];
$code= $_GET['code'];
?>
<div class="space">
<div class="container">
<div class="row">
<?php
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE product SET price = '$price', productname = '$name', productinfo = '$info', dimension = '$dimension' WHERE categoryid = '$cat' AND productname = '$code'";
if (mysqli_query($con, $sqlQueryStr)) {
$recordid = mysqli_insert_id($con);
mysqli_query($con, $sqlQueryStr);
}
mysqli_close($con);
echo "$name Product details updated.";
} else {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
</div>
</div>
</div>
I gotten no error message, the system echo out success. But my database was not updated. I not sure where when wrong.
Try this
<?php
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE product SET price = '$price', productname = '$name', productinfo = '$info', dimension = '$dimension' WHERE categoryid = '$cat' AND productname = '$code'";
if (mysqli_query($con, $sqlQueryStr)) {
$result = mysqli_query($con, $sqlQueryStr);
if($result === FALSE){
printf("Erreur : %s\n", mysqli_error($link));
}
$recordid = mysqli_insert_id($con);
}
mysqli_close($con);
echo "$name Product details updated.";
} else {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
?>
</div>
The doc to help you: http://php.net/manual/en/mysqli.query.php#example-1766 procedural style
mysqli_insert_id always after the mysqli_query update request.
No error with the connection but can be with the query