We Keep Coding

How can I successfully edit in my update php code?

I'm looking for solution on how to edit the inside of my modal -the title and the note. Below is my code, I want to edit inside the button which is in modal. After successfully updated the data, I want to display the updated data by calling the homepage (hh.php) which is in my code.
Below is my code:
<?php
if(isset($_GET['id'])){
$con=mysqli_connect("localhost","root","","task");
$qi=mysqli_query($con,"SELECT * FROM note WHERE id = ".$_GET['id']);
while($row=mysqli_fetch_assoc($qi)){
$tit = $row['title'];
$not = $row['note'];
}
}
?>
<html>
<head>
<script src="jquery-1.10.2.min.js"></script>
<style>
body
{
margin:0;
}
.submitted{
margin:0px;
}
.modal
{
width:100%;
height:100%;
position:fixed;
top:0;
display:none;
}
.modal_close
{
width:100%;
height:100%;
background:rgba(0,0,0,.8);
position:fixed;
top:0;
}
.close
{
cursor:pointer;
}
.note{
text-align:center;
}
#note{
font-family: Javanese text;
}
.call_modal{
font-family: myFirstFont;
}
.modal_main
{
width:50%;
height:400px;
background:#fff;
z-index:4;
position:fixed;
top:16%;
border-radius:4px;
left:24%;
display:none;
-webkit-animation-duration: .5s;
-webkit-animation-delay: .0s;
-webkit-animation-fill-mode: both;
-moz-animation-fill-mode: both;
-o-animation-fill-mode: both;
-webkit-backface-visibility: visible!important;
-webkit-animation-name: fadeInRight;
}
#-webkit-keyframes fadeInRight{0%{opacity:0;-webkit-transform:translateX(20px)}100%{opacity:1;-webkit-transform:translateX(0)}}
::-webkit-input-placeholder{
font-size: 13.4px;
}
button
{
padding:20px;
border-radius:5px;
background:#808080;
border:none;
font-size:18px;
color:#fff;
margin:8%;
}
</style>
<script>
$(document).ready(function(){
$(".call_modal").click(function(){
$(".modal").fadeIn();
$(".modal_main").show();
});
});
$(document).ready(function(){
$(".close").click(function(){
$(".modal").fadeOut();
$(".modal_main").fadeOut();
});
});
$(document).ready(function(){
$(".submitted").click(function(){
$(".modal").fadeOut();
$(".modal_main").fadeOut();
});
});
</script>
</head>
<body>
<button class="call_modal" style="cursor:pointer;"> Edit Task </button>
<div class="modal">
<div class="modal_close close"></div>
<div class="modal_main">
<div class="note"> <?php
$nameErr = $emailErr = $genderErr = $websiteErr = "";
$name = $email = $gender = $comment = $website = "";
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["comment"])) {
$comment = "";
} else {
$comment = test_input($_POST["comment"]);
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<div id="name">Task Name:<textarea name="title" rows="1.8" cols="20" style="margin-top: 50px"><?php echo $tit;?></textarea></div>
<textarea name="note" rows="15" cols="90" style="margin-top: 20px" placeholder="Note"><?php echo $not;?></textarea>
<br><br>
<input type="submit" name="submit" class="submitted" value="Submit">
<?php
$con=mysqli_connect("localhost","root","","task");
if(isset($_POST['submit'])){
$message=$_POST['note'];
$title=$_POST['title'];
$qw='UPDATE note SET title = $title, note = $message';
mysqli_query($con,$qw);
$r="SELECT * FROM note";
$result = mysqli_query($con, $r);
while($row = mysqli_fetch_assoc($result)){
if($row['title']==$_POST['title']){
header("location:hh.php");
}
else{
echo 'Title already exist!';
}
}
}
?>
</form>
<img src="i783wQYjrKQ.png" class="close" style="line-height: 12px;
margin-top: 1px;
margin-right: 2px;
position:absolute;
top:0;
right:0;">
</div>
</div>
</body>
</html>

Taking a quick look at the code, you are leaving yourself wide open to a SQL injection attack.
<?php
if(isset($_GET['id']))
{
$con = mysqli_connect("localhost","root","","task");
$qi = mysqli_query($con, "SELECT 'title', 'note' FROM note WHERE id = ".$_GET['id']);
$row = mysqli_fetch_assoc($qi))
$tit = $row['title'];
$not = $row['note'];
}
?>
I'd look at using PHP PDO library to safe guard against using values passed in from a web page directly in SQL code.
I'd use something more akin to:
$host = 'localhost';
$db = 'task';
$user = 'root';
$pass = '';
$charset = 'utf8mb4';
$dsn = "mysql:host=$host;dbname=$db;charset=$charset";
$options = [
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION,
PDO::ATTR_DEFAULT_FETCH_MODE => PDO::FETCH_ASSOC,
PDO::ATTR_EMULATE_PREPARES => false,
];
try {
$pdo = new PDO($dsn, $user, $pass, $options);
} catch (\PDOException $e) {
throw new \PDOException($e->getMessage(), (int)$e->getCode());
}
$stmt = $pdo->prepare('SELECT title, note FROM note WHERE id = :id');
$stmt->execute(['id' => $_GET['id']]);
$row = $stmt->fetch();
$tit = $row['title'];
$not = $row['note'];
Obviously the connection details etc would be held in a separate external file such that they don't have to be included with every PHP file where DB access is required.

Connecting tables PHP

I'm a number of days busy with a PHP script.
This is what I want:
- People can type their ZIP code. If their ZIP code is in table1 than do .. if their ZIP code is in table2 than do... If their ZIP code is in none of the tables than ...
- I can insert ZIP code with other data example name.
But I don't know how to build this. I have searched on the internet I have tried to get what I have. But the function to search in other tables en than do that. It don't work for me
This is what I have:
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Plusgas - Postcode invoeren</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="bootstrap/bootstrap.min.css">
<link href="https://fonts.googleapis.com/css?family=Courgette" rel="stylesheet">
<script src="bootstrap/bootstrap.min.js"></script>
<style>
body{
font-family: Courgette;
}
.submit{
background-color: purple;
color:white;
text-size:24px;
padding: 6px;
border-radius: 5px;
border:1px solid white;
font-size: 24px;
}
.submit:hover{
background-color: white;
color: purple;
box-shadow: 0px 0px 20px white;
}
h1{
font-size: 14px;
}
td,th{
padding: 4px;
text-align: center;
}
</style>
</head>
<?php
$servername = "localhost";
$username="*";
$password="*";
$dbname="*";
$id="";
$postcode="";
$provincie="";
$website="";
$contactpersoon="";
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);
//connect to mysql database
try{
$conn =mysqli_connect($servername,$username,$password,$dbname);
}catch(MySQLi_Sql_Exception $ex){
echo("error in connecting");
}
//get data from the form
function getData()
{
$data = array();
$data[1]=$_POST['postcode'];
$data[2]=$_POST['provincie'];
$data[3]=$_POST['website'];
$data[4]=$_POST['contactpersoon'];
return $data;
}
//search
if(isset($_POST['search']))
{
$info = getData();
$search_query="SELECT * FROM postcodes WHERE id = '$info[0]'";
$search_result=mysqli_query($conn, $search_query);
if($search_result)
{
if(mysqli_num_rows($search_result))
{
while($rows = mysqli_fetch_array($search_result))
{
$id = $rows['id'];
$postcode = $rows['postcode'];
$provincie = $rows['provincie'];
$website = $rows['website'];
$contactpersoon = $rows['contactpersoon'];
}
}else{
echo("no data are available");
}
} else{
echo("result error");
}
}
//insert
if(isset($_POST['insert'])){
$info = getData();
$insert_query="INSERT INTO `postcodes`(`postcode`, `provincie`, `website`, `contactpersoon`) VALUES ('$info[1]','$info[2]','$info[3]','$info[4]')";
try{
$insert_result=mysqli_query($conn, $insert_query);
if($insert_result)
{
if(mysqli_affected_rows($conn)>0){
echo("Postcode is toegevoegd");
}else{
echo("Postcode is niet toegevoegd");
}
}
}catch(Exception $ex){
echo("error inserted".$ex->getMessage());
}
}
?>
<body>
<div class="container-fluid">
<div class="row">
<div class="col-lg-4">
<form method ="post" action="">
<h1>ID nummer (voor filterern)</h1>
<input type="number" name="id" class="form-control" placeholder="ID No. /Automatic Number Genrates" value="<?php echo($id);?>" disabled>
<div class="form-group row">
<div class="col-xs-6">
<h1>Postcode</h1>
<input type="text" name="postcode" class="form-control" placeholder="Postcode" value="<?php echo($postcode);?>" required>
</div>
<div class="col-xs-6">
<h1>Provinicie</h1>
<input type="text" name="provincie" class="form-control" placeholder="Provinicie" value="<?php echo($provincie);?>" required>
</div>
</div>
<h1>Website</h1>
<select name="website" class="form-control" value="<?php echo($website);?>">
<option value="websiteZH">Website Zuid-Holland</option>
<option value="websiteNH">Website Noord-Holland</option>
<option value="websiteZL">Website Zeeland</option>
<option value="websiteUT">Website Utrecht</option>
</select>
</div>
<div class="col-xs-6">
<h1>Contactpersoon</h1>
<input type="text" name="contactpersoon" class="form-control" placeholder="Contactpersoon" value="<?php echo($contactpersoon);?>" required>
</div>
</div>
<div>
<input type="submit" class="btn btn-success btn-block btn-lg" name="insert" value="Add">
</div>
</form>
</div>
<div class="col-lg-8">
<h2>Student Data</h2>
<?php
$servername = "localhost";
$username = "*";
$password = "*";
$dbname = "*";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id,postcode,provincie,website,contactpersoon FROM postcodes";
$result = $conn->query($sql);
echo "<table border='1'>
<tr>
<th>Search ID</th>
<th>Postcode</th>
<th>Provinicie</th>
<th>Website</th>
<th>Contactpersoon</th>
</tr>";
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['postcode'] . "</td>";
echo "<td>" . $row['provincie'] . "</td>";
echo "<td>" . $row['website'] . "</td>";
echo "<td>" . $row['contactpersoon'] . "</td>";
echo "</tr>";
}
} else {
echo "0 results";
}
$conn->close();
?>
</div>
</div>
</body>
</html>

I'm not realy sure what you want to achieve, what goes wrong, but for sure i see one problem - your function getData() returns array indexed 1..4. Then you get it in search part and you search for $info[0], and that is never set.
2nd of all - this is dangerous way of coding. If someone mean will use your code, he can use SQL injections. Not to manting, that even by mystake someone can use ' (apostroph) and crash SQL query. You should always escape data passed to queries, ie by using real_escape_string() or prepared statements.

PHP ChatRoom. Username is not showing, only messages

I'm trying to make a Chat Room using PHP ( It is working BTW ), but only the messages are displaying, not their usernames. I have created the Databases for them, username and msg. I don't know why their usernames aren't displaying
<? php
//$uname = $_REQUEST['uname'];
//$msg = $_REQUEST['msg'];
$uname = (isset($_REQUEST['uname']) ? $_REQUEST['uname'] : '');
$msg = (isset($_REQUEST['msg']) ? $_REQUEST['msg'] : null);
$con = mysql_connect('localhost', 'root', '');
mysql_select_db('chatbox', $con);
mysql_query("INSERT INTO logs (`username` , `msg`) VALUES ('$uname', '$msg')");
$result1 = mysql_query("SELECT * FROM logs ORDER by id DESC");
while ($extract = mysql_fetch_array($result1)) {
echo "<span class = 'uname'>".$extract['username'].
"</span>: <span class = 'msg'> ".$extract['msg'].
"</span><br/>";
}
?>
<?php $con=mysql_connect('localhost',
'root',
'');
mysql_select_db('chatbox',
$con);
$result1=mysql_query("SELECT * FROM logs ORDER by id DESC");
while($extract=mysql_fetch_array($result1)) {
echo"<span class = 'uname'>" . $extract['username'] ."</span>: <span class = 'msg'> " . $extract['msg'] ."</span><br/>";
}
?>
<?php ?>
<html>
<head>
<script src="http://code.jquery.com/jquery-1.9.0.js"></script>
<style>
* {
margin: 0;
}
body {
padding-right: 250px;
padding-left: 250px;
margin: 0;
background-color: darkkhaki;
}
textarea {
resize: none;
width: 100%;
height: 300px;
background-color: #efefef;
}
a {
background-color: cadetblue;
padding: 15px 25px 15px 25px;
text-decoration: none;
color: white;
}
a:hover {
background-color: chartreuse;
}
</style>
</head>
<body>
<form name="form1">
Enter your Username
<input type="text" name="uname">
<br/>Enter your Message
<br/>
<textarea name="msg"></textarea>
<br/>
<br/>
Send
<br/>
<br/>
<div id="chatlogs">
Loading Chat...
</div>
</form>
<script>
function submitChat() {
if (form1.uname.value == '' || form1.msg.value == '') {
alert('Please Input Username and Message');
return;
}
var uname = form1.uname.value;
var msg = form1.msg.value;
var xmlhttp = new XMLHttpRequest();
xmlhttp.onreadystatechange = function() {
if (xmlhttp.readyState == 4 && xmlhttp.status == 200) {
document.getElementById('chatlogs').innerHTML = xmlhttp.responseText;
}
}
xmlhttp.open('GET', 'insert.php?uname' + uname + '&msg=' + msg, true);
xmlhttp.send();
}
</script>
</body>
</html>
. Feel free to point out the mistakes.

Replace
insert.php?uname
with
insert.php?uname=
Updated Code:
xmlhttp.open('GET', 'insert.php?uname=' + uname + '&msg=' + msg, true);
You are not inserting uname

Can not get values in database using angular.js and php

i am unable to fill database after post by the user using angular.js and PHP.After clicking on submit button the row is created inside MySQL database but no values is there.Please cehck my code below.
add_data.html:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" ng-app="Add_Data">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CRUD APPLICATION</title>
<script src="js/angularjs.js" type="text/javascript"></script>
<script src="js/create.js" type="text/javascript"></script>
<style>
#dv1{
border:1px solid #DBDCE9; margin-left:auto;
margin-right:auto;width:220px;
border-radius:7px;padding: 25px;
}
.info{
border: 1px solid;margin: 10px 0px;
padding:10px;color: #00529B;
background-color: #BDE5F8;list-style: none;
}
.err{
border: 1px solid; margin: 10px 0px;
padding:10px; color: #D8000C;
background-color: #FFBABA; list-style: none;
}
</style>
</head>
<body>
<div id='dv1'>
<form ng-controller="FrmController">
<ul>
<li class="err" ng-repeat="error in errors"> {{ error}} </li>
</ul>
<ul>
<li class="info" ng-repeat="msg in msgs"> {{ msg}} </li>
</ul>
<h2>Sigup Form</h2>
<div>
<label>Name</label>
<input type="text" ng-model="username" placeholder="User Name" style='margin-left: 22px;'>
</div>
<div>
<label>Email</label>
<input type="text" ng-model="useremail" placeholder="Email" style='margin-left: 22px;'>
</div>
<div>
<label>Password</label>
<input type="password" ng-model="userpassword" placeholder="Password">
</div>
<button ng-click='SignUp();' style='margin-left: 63px;margin-top:10px'>SignUp</button>
</form>
</div>
</body>
</html>
create.js:
var app=angular.module('Add_Data',[]);
app.controller('FrmController',function($scope,$http){
$scope.errors = [];
$scope.msgs = [];
$scope.SignUp=function(){
$scope.errors.splice(0, $scope.errors.length); // remove all error messages
$scope.msgs.splice(0, $scope.msgs.length);
$http.post('php/create.php', {'uname': $scope.username, 'pswd': $scope.userpassword, 'email': $scope.useremail}
).success(function(data, status, headers, config) {
if (data.msg != '')
{
$scope.msgs.push(data.msg);
}
else
{
$scope.errors.push(data.error);
}
}).error(function(data, status) { // called asynchronously if an error occurs
// or server returns response with an error status.
$scope.errors.push(status);
});
}
});
create.php:
<?php
$data = json_decode(file_get_contents("php://input"));
$usrname = mysql_real_escape_string($data->uname);
$upswd = mysql_real_escape_string($data->pswd);
$uemail = mysql_real_escape_string($data->email);
$con = mysql_connect('localhost', 'root', '******');
mysql_select_db('AngularTest', $con);
$qry_em = 'select count(*) as cnt from users where email ="' . $uemail . '"';
$qry_res = mysql_query($qry_em);
$res = mysql_fetch_assoc($qry_res);
if ($res['cnt'] == 0) {
$qry = 'INSERT INTO users (name,pass,email) values ("' . $usrname . '","' . $upswd . '","' . $uemail . '")';
$qry_res = mysql_query($qry);
if ($qry_res) {
$arr = array('msg' => "User Created Successfully!!!", 'error' => '');
$jsn = json_encode($arr);
print_r($jsn);
} else {
$arr = array('msg' => "", 'error' => 'Error In inserting record');
$jsn = json_encode($arr);
print_r($jsn);
}
} else {
$arr = array('msg' => "", 'error' => 'User Already exists with same email');
$jsn = json_encode($arr);
print_r($jsn);
}
?>
When user is clicking of signup button one row is created inside the database but the three field is showing blank.I am also getting the message user created successfully on the page.Please help me to resolve this error.

Not able to retrieve data from database PHP, AJAX

this is my first post here.
I am making a simple website in which user can comment and its comment will be saved in database.
I have created a table in database with three columns "id", "name", "comment" (name is not imp.).
Now i wanted to make a "See more" button. I Have three files in root directory "config.php","index.php","ajax_more.php".
This is my ajax_more.php
<?php
include("config.php");
if(isSet($_POST['lastmsg']))
{
$lastmsg=$_POST['lastmsg'];
$result=mysql_query("select * from commenttable where id<'$lastmsg' order by id desc limit 5");
$count=mysql_num_rows($result);
while($row=mysql_fetch_array($result))
{
$id=$rows['id'];
$name=$rows['name'];
$comment=$rows['comment'];
?>
<li>
<?php echo "#" . $id . '<br/>' . '<br/>' . $comment . '<br/>' . '<br/>' . '<hr size="0"/>'; ?>
</li>
<?php
}
?>
<div id="more<?php echo $id; ?>" class="morebox">
more
</div>
<?php
}
?>
this is index.php
<?php
include('config.php');
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<div id="fb-root"></div>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/
libs/jquery/1.3.0/jquery.min.js"></script>
<script type="text/javascript">
$(function() {
//More Button
$('.more').live("click",function()
{
var ID = $(this).attr("id");
if(ID)
{
$("#more"+ID).html('<img src="moreajax.gif" />');
$.ajax({
type: "POST",
url: "ajax_more.php",
data: "lastmsg="+ ID,
cache: false,
success: function(html){
$("ol#updates").append(html);
$("#more"+ID).remove();
}
});
}
else
{
$(".morebox").html('The End');
}
return false;
});
});
</script>
<style>
body{font-family:Arial,Helvetica,sans-serif;
width:50%;
position:relative;
margin-left:auto;
margin-right:auto;
}
a { text-decoration:none; color:#0066CC}
a:hover { text-decoration:underline; color:#0066cc }
*
{ margin:0px; padding:0px }
ol.timeline
{ list-style:none}ol.timeline li{ position:relative;border-bottom:1px #dedede dashed; padding:8px; }ol.timeline li:first-child{}
.morebox
{
font-weight:bold;
color:#333333;
text-align:center;
border:solid 1px #333333;
padding:8px;
margin-top:8px;
margin-bottom:8px;
-moz-border-radius: 6px;-webkit-border-radius: 6px;
}
.morebox a{ color:#333333; text-decoration:none}
.morebox a:hover{ color:#333333; text-decoration:none}
#container{margin-left:60px; width:580px }
</style>
<title>Comment box</title>
</head>
<body>
<center>
<form action="index.php" method="POST">
<table font-family="inherit">
<tr><td colspan="2">Comment: </td></tr>
<tr><td colspan="5"><textarea name="comment" rows="10" cols="50"></textarea></td></tr>
<tr><td colspan="2"><input type="submit" name="submit" value="Comment"></td></tr>
</table>
</form>
<div id='container'>
<ol class="timeline" id="updates">
<?php
$dbLink = mysql_connect("mysql17.000webhost.com", "a1360777_tester", "9868364058?");
mysql_query("SET character_set_results=utf8", $dbLink);
mb_language('uni');
mb_internal_encoding('UTF-8');
$getquery=mysql_query("SELECT * FROM commenttable ORDER BY id DESC LIMIT 5");
while($rows=mysql_fetch_array($getquery))
{
$id=$rows['id'];
$name=$rows['name'];
$comment=$rows['comment'];
?>
<li>
<?php echo "#" . $id . '<br/>' . '<br/>' . $comment . '<br/>' . '<br/>' . '<hr size="0"/>'; ?>
</li>
<?php } ?>
</ol>
<div id="more<?php echo $id; ?>" class="morebox">
more
</div>
</div>
</body>
</html>
This is my config.php
<?php
mysql_connect("mysql17.000webhost.com","a1360777_tester","9868364058?");
mysql_select_db("a1360777_test");
$name=$_POST['name'];
$comment=$_POST['comment'];
$submit=$_POST['submit'];
$dbLink = mysql_connect("mysql17.000webhost.com", "a1360777_tester", "9868364058?");
mysql_query("SET character_set_client=utf8", $dbLink);
mysql_query("SET character_set_connection=utf8", $dbLink);
if($submit)
{
if($comment)
{
$insert=mysql_query("INSERT INTO commenttable (name,comment) VALUES ('$name','$comment') ");
?>
<script type="text/javascript">
window.location = "http://sonymobile.comule.com/";
</script>
<?php
}
else
{
echo "Please Fill out all Fields";
}
}
?>
After i click on more button it posts only (echo) '#' from ajax and not the comment.
please help, Dont getting what to do.

Change your while statement to a foreach as such:
$row=mysql_fetch_array($result);
foreach($row as $key)
{
$id=$key['id'];
$name=$key['name'];
$comment=$key['comment'];
?>
<li>
<?php echo "#" . $id . '<br/>' . '<br/>' . $comment . '<br/>' . '<br/>' . '<hr size="0"/>'; ?>
</li>
<?php
}
?>
<div id="more<?php echo $id; ?>" class="morebox">
more
</div>
<?php
}
?>
Let me know if that works