We Keep Coding

PHP form input value doesn't work

I like to have a standard value filled in the input field.
I have this code:
$stma = $conn->prepare("SELECT * FROM `users` WHERE ID = '".$_GET['gebruiker']."' ");
$stma->execute();
$row_count = $stma->rowCount(); // returns 1
foreach ($conn->query($stma) as $rows) {
$Username = $rows['Username'];
}
/// my form
echo '<form method="POST" >
<table>
<th colspan="3"><h1>Gebruiker bewerken</h1></th>
<tr>
<th>
<h3>Gebruikersnaam: </h3>
</th>
<td>
<input style="width: 70%;" type="text" READONLY value="'.$Username.'" >
// the value must be filled in this input field
</td>
</tr>
<tr>
<th>
<h3>Wachtwoord: </h3>
</th>
<td>
<input style="width: 70%;" type="password" name="wachtwoord" REQUIRED>
</td>
</tr>
<tr>
<th>
</th>
<td colspan="2">
<input type="submit" name="bewerken" class="button" style="vertical-align:middle" value="Opslaan">
</td>
</tr>
'.$error.'
</table>
</form>';
The code doesn't fill in the value i got from the database.
I still get an empty form field.
My query returns 1 result row (i checked)
Does someone see my mistake?
I don't see the mistake i've made (it must me my mistake, it worked for me on other forms too)

To make sure it outputs all errors and warnings (for debugging), this might help:
ini_set('display_errors', 1);
ini_set('display_startup_errors', 1);
error_reporting(E_ALL);
Place above mentioned code at the top of your file.
And you might want to prevent any SQL injection as well:
$stma = $conn->prepare("SELECT * FROM `users` WHERE ID = ? ");
$stma->bindParam(1, $_GET['gebruiker'], PDO::PARAM_INT);
$stma->execute();
$stma->debugDumpParams(); // you could use this to check whether or not all parameters are set correctly
$row_count = $stma->rowCount(); // returns 1
foreach ($conn->query($stma) as $rows) {
$Username = $rows['Username'];
}

Below is a working example.
PHP
try {
$conn = new PDO('mysql:host=localhost;dbname=YourDBname', 'root', '');
} catch (PDOException $e) {
echo $e->getMessage();
}
$id = $_GET['gebruiker'];
$sql = "SELECT * FROM `users` WHERE id = :id";
$stm = $conn->prepare($sql);
$stm->execute(['id'=>$id]);
$user = $stm->fetchObject();
$username = $user->username;
HTML
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Test</title>
</head>
<body>
<form action="POST">
<input type="text" value="<?php echo (isset($username)) ? $username : 'No value' ; ?>">
</form>
</body>
</html>
If your set gebruiker from your url, then you just have do it like: script.php?gebruiker = 1 You can replace 1 with any ID value that exists in your table.

please try this code
$stma = $conn->prepare("SELECT * FROM `users` WHERE ID = '".$_GET['gebruiker']."' ");
$stma->execute();
$row_count = $stma->rowCount(); // returns 1
foreach ($conn->query($stma) as $rows) {
$Username = $rows['Username'];
}
**please replace this code**
$res = $conn->query("SELECT * FROM users WHERE ID = '".$_GET['gebruiker']."' ");
$allRows = $res->fetch_assoc();
$Username = $allRows['UserName'];

My script is updating all fields when I just edit one

my problem it's I'm trying to develop a back-end where I need to update but my problem is, when I update one field my script update all fields and all data of my mysqli database.
My code for now is:
<html>
<body>
<?php
ini_set('display_errors', 1);
error_reporting(~0);
$serverName = "localhost";
$userName = "root";
$userPassword = "";
$dbName = "hotel_vaniet";
$strCustomerID = null;
if(isset($_GET["cod"]))
{
$cod = $_GET["cod"];
}
$serverName = "localhost";
$userName = "root";
$userPassword = "";
$dbName = "hotel_vaniet";
$conn = mysqli_connect($serverName,$userName,$userPassword,$dbName);
$sql = "SELECT * FROM quartos WHERE cod=$cod";
$query = mysqli_query($conn,$sql);
$result=mysqli_fetch_array($query,MYSQLI_ASSOC);
?>
<div id="main">
<form action="editar_quartos_final.php" name="frmAdd" method="post">
<br><h1>Página de Edição</h1>
<br><hr/>
<div id="login2">
<table width="284" border="1">
<tr>
<th width="120">Tipo</th>
<td width="238"><input type="text" name="tipo" size="50" value="<?php echo $result["tipo"];?>"></td>
</tr>
<tr>
<th width="120">Capacidade</th>
<td><input type="text" name="capacidade" size="50" value="<?php echo $result["capacidade"];?>"></td>
</tr>
<tr>
<th width="120">Preço p/ Noite</th>
<td><input type="text" name="preco" size="50" value="<?php echo $result["preco"];?>"></td>
</tr>
<tr>
<th width="120">Reservado</th>
<td><input type="text" name="reservado" size="50" value="<?php echo $result["reservado"];?>"></td>
</tr>
</table>
<br><input id="submitbuttoneditar" type="submit" value=" Editar " name="submit"/><br />
</div>
</form>
<?php
mysqli_close($conn);
?>
</body>
</html>
This the first page ,this page send me to another where makes all changes. The second page :
<html>
<head>
<title>Página de Edição do Cliente</title>
</head>
<body>
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "hotel_vaniet";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE quartos SET
tipo = '".$_POST["tipo"]."' ,
capacidade = '".$_POST["capacidade"]."' ,
preco = '".$_POST["preco"]."' ,
reservado = '".$_POST["reservado"]."'
WHERE cod=cod";
if ($conn->query($sql) === TRUE) {
echo "Dados actualizados com sucesso!";
header("Location: quartos.php");
} else {
echo "Erro na edição dos dados! " . $conn->error;
header("Location: quartos.php");
}
$conn->close();
?>
</body>
</html>

On your first page you have $cod variable which equals $_GET["cod"].
On your second page $cod variable is not defined. So your try to update
WHERE cod=cod
means - update where value of field cod is the same as value of field cod. And as it is true for all records - all your records are updated.
So, the solution is to pass your $cod value to your second script.
For example, you can do it with a hidden field from your first form:
<form action="editar_quartos_final.php" name="frmAdd" method="post">
<br><h1>Página de Edição</h1>
<br><hr/>
<input type="hidden" name="cod" value="<?php echo $cod?>" />
<div id="login2">
<table width="284" border="1">
<tr>
<th width="120">Tipo</th>
<td width="238"><input type="text" name="tipo" size="50" value="<?php echo $result["tipo"];?>"></td>
</tr>
<tr>
See this field with hidden type?
And in your second script use $_POST['cod']:
$sql = "UPDATE quartos SET
tipo = '".$_POST["tipo"]."' ,
capacidade = '".$_POST["capacidade"]."' ,
preco = '".$_POST["preco"]."' ,
reservado = '".$_POST["reservado"]."'
WHERE cod=" . $POST['cod'];
And of course, your code is vulnerable to sql injections.
So you should start using prepared statements asap.

my php function cant run when i call it in submit form

I have a proble: I have a function in the html head, and then in the body I have a form type submit and run the function onsubmit. It seeems I cant reach the function or go to function to insert details to database. I cant complete this idea. Please help me this.
<?php
function sida() {
$host = "localhost";
$username = "root";
$password = "";
$databasename = "vinhcv_truonghoc";
$connect = mysql_connect($host, $username, $password);
$db = mysql_select_db($databasename);
if (isset($_POST['comment']) && isset($_POST['name'])) {
$comment = $_POST['comment'];
$name = $_POST['name'];
$q = "insert into comments values('', '$name', '$comment', CURRENT_TIMESTAMP)";
echo $q;
$insert = mysql_query($q);
if (!$insert) { echo mysql_error(); }
$id = mysql_insert_id($insert);
$select = mysql_query("select name, comment, post_time from comments where name = '$name' and comment='$comment' and id='$id'");
if ($row = mysql_fetch_array($select)) {
$name = $row['name'];
$comment = $row['comment'];
$time = $row['post_time'];
?>
<div class="comment_div">
<p class="name">Posted By:<?php echo $name;?></p>
<p class="comment"><?php echo $comment;?></p>
<p class="time"><?php echo $time;?></p>
</div>
<?php
}
exit;
}
}
?>
and the form in the body:
<form method="POST" onsubmit="sida()">
<textarea id="comment" placeholder="Write Your Comment Here....."></tetarea>
<br>
<input type="text" id="username" placeholder="Your Name">
<br>
<input type="submit" value="Post Comment">
</form>
<div id="all_comments">
<?php
$host = "localhost";
$username = "root";
$password = "";
$databasename = "vinhcv_truonghoc";
$connect = mysql_connect($host,$username,$password);
$db = mysql_select_db($databasename);
$comm = mysql_query("select name,comment,post_time from comments order by post_time desc");
while($row = mysql_fetch_array($comm))
{
$name = $row['name'];
$comment = $row['comment'];
$time = $row['post_time'];
?>
<div class="comment_div">
<p class="name">Posted By:<?php echo $name;?></p>
<p class="comment"><?php echo $comment;?></p>
<p class="time"><?php echo $time;?></p>
</div>
<?php
}
?>
</div>
In the body it can connect to database to get information, that mean not thing wrong when connect with database, so why it cant insert to database?

What you need to do is commented:-
<form method="POST" ><!-- remove onsubmit="sida()"-->
<textarea id="comment" placeholder="Write Your Comment Here....." name = "comment"></textarea><!-- add name attribute -->
<br>
<input type="text" id="username" placeholder="Your Name" name = "username"><!-- add name attribute -->
<br>
<input type="submit" value="Post Comment">
</form>
<div id="all_comments">
<?php
$data = array(); // define empty array
if(isset($_POST["comment"]) && isset($_POST["username"])){ // check with posted value not button value
$host="localhost";
$username="root";
$password="";
$databasename="vinhcv_truonghoc";
$i = 0; // DEFINE COUNTER
$connect=mysqli_connect($host,$username,$password,$databasename); // mysql_* is deprecated so use mysqli_* or PDO
if($connect){ // IF CONNECTION ESTABLISHED
$comment = mysqli_real_escape_string($connect,$_POST['comment']); // Prevent from SQL Injection
$username = mysqli_real_escape_string($connect,$_POST['username']); // Prevent from SQL Injection
$query = mysqli_query ($connect,"INSERT INTO comments (username,comment) VALUES ('".$username."','".$comment."')"); // check and change table name as well as column name
if($query){
echo "Inserted Successfully";
}else{
echo "Problem occur in insertion because of".mysqli_error($connect);
}
$comm = mysqli_query($connect,"select name,comment,post_time from comments order by post_time desc");
if($comm){ // IF QUERY EXECUTED
while($row=mysqli_fetch_array($comm)){
$data[$i]["name"] = $row['name']; // ASSIGN VALUES TO THE ARRAY
$data[$i]["comment"] = $row['comment'];
$data[$i]["time"] = $row['post_time'];
$i++;
}
}else{
echo "Query execution failed because of".mysqli_error($connect);
}
}else{
echo'connection problem because of'.mysqli_connect_error();
}
}else{
echo "All fields are need to fill properly";
}
?>
<?php foreach ($data as $dat){?> <!-- ITERATE THROUGH ARRAY -->
<div class="comment_div">
<p class="name">Posted By:<?php echo $data['name'];?></p>
<p class="comment"><?php echo $data['comment'];?></p>
<p class="time"><?php echo $data['time'];?></p>
</div>
<?php } ?>
</div>

Seems like you are not passing any parameters to the $_POST array. You need to pass the name attribute to your input fields. Since you are going to run a PHP server-side function you need to use the action attribute.
Like this:
<form method="POST" action="sida()">
<textarea name="comment" id="comment" placeholder="Write Your Comment Here....."></textarea>
<br>
<input name="name" type="text" id="username" placeholder="Your Name">
<br>
<input type="submit" value="Post Comment" name="submit">
</form>

$host="localhost";
$username="root";
$password="";
$databasename="vinhcv_truonghoc";
function connect() {
global $host,$username,$password,$databasename;
$con=mysql_connect($host,$username,$password) or die ("ConnectionFailed");
mysql_select_db($databasename,$con) or exit ("Failed to connect");
return $con; }
function iud($query) //Insert,Update,Delete {
$con=connect();
$result=mysql_query($query,$con);
$n=mysql_affected_rows($con);
mysql_close($con);
return $n; }
function select ($query) //Select {
$con=connect();
$result=mysql_query($query,$con);
mysql_close($con); return $result; }
if(isset($_REQUEST['submit'])) {
$name=$_REQUEST['name'];
$comment=$_REQUEST['comment'];
$query="INSERT INTO `comments`(`name`, `comment`, `post_time`)
VALUES('$name','$comment',CURRENT_TIMESTAMP)";
$n=iud($query);
echo $n; }
?>
<html> <head></head> <body> <form method="GET"> <table>
<tr> <td>Name</td> <td><Input type="text" name="name" id=""
class="" placeholder="Name.."></td> </tr>
<tr> <td>Comment</td> <td><textarea name="comment" rows="5" cols="40" placeholder="Comment
Here.."> </textarea></td> </tr>
<tr> <td></td> <td><Input type="submit" name="submit" id="" class="" value="submit">
</td> </tr>
</table> </form>
<!-- Showing Result --> <table> <?php $query="Select * from comments ORDER BY coid DESC"; //Coid Is A Primary Key
$result=select($query); $n=mysql_num_rows($result); if($n>0) {
while($data=mysql_fetch_array($result)) extract($data); } ?>
<tr> <td><?php echo #$name; ?></td> </tr> <tr> <td><?php
echo #$comment; ?></td> </tr> </table>
</body> </html>
I hope It will Work For you :)

PHP page to run MySQL query

I need a PHP+HTML page which would ask for two values from user i.e. password & id_category.
So far I have coded the PHP as:
<?php
$servername = "localhost";
$username = "username";
$password = "password";
$dbname = "db1";
// Create connection
$conn = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "select user_id,mobile from test_user_table where id_category like '912' or id_category like '912%' or id_category like '%912%' or id_category like '%912'";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
// output data of each row
while($row = $result->fetch_assoc()) {
echo "id: " . $row["user_id"]. " - Mobile: " . $row["mobile"]. "<br>";
}
} else {
echo "0 results";
}
$conn->close();
?>
I need a HTML page which would ask for those two variables and pass on to this code i.e. value of password to $password & id_category to the select statement (instead of 912)
Pls help

You html will be something look like below
<!DOCTYPE html>
<html>
<title>Login Form</title>
<body>
<form action="form_submit" method="post">
<table>
<tr>
<td>Username</td>
<td>:</td>
<td><input type="text" name="username" /></td>
</tr>
<tr>
<td>Password</td>
<td>:</td>
<td><input type="password" name="username" /></td>
</tr>
<tr>
<td>Category</td>
<td>:</td>
<td><select name="category">
<option value="192">Category 1</option>
<option value="193">Category 2</option>
<option value="194">Category 3</option>
<option value="195">Category 4</option>
</select></td>
</tr>
</table>
</form>
</body>
</html>
Since I user method as POST you should get the value on form_submit.php as
<?php
$username = $_POST['username'];
$password = $_POST['password'];
$category = $_POST['category'];
?>

This should be help:
HTML:
<form name="login" method="post">
Username<input type="text" name="username"/>
Password<input type="password" name="password"/>
Category<input type="text" name="category"/>
<input type="submit" name="submit"/>
</form>
PHP:
<?
if (isset ($_POST["submit"]){
$username = mysqli_real_escape_string( $_POST["username"]);
$password = mysqli_real_escape_string( $_POST["password"]);
$category = mysqli_real_escape_string( $_POST["category"]);
// YOUR QUERY
$sql = "
SELECT columns FROM table WHERE
username = '$username' AND
password = '$password' AND (
categoryid LIKE '$category' OR
categoryid LIKE '%$category' ....
)
";
}//if end
?>

PHP form : not updating mysql database

I have virtually no programming experience and trying this first project, I am a bit stuck on how to update the database, so I click on edit and the correct record gets loaded into the edit screen update.php
When I click update, I get the message from updated.php saying that the database has been updated, but the database does not get updated, when I display the records they are the same as before the update, thanks in advance for all your help.
the following code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Form Edit Data</title>
</head>
<body>
<table border=1>
<tr>
<td align=center>Form Edit Employees Data</td>
</tr>
<tr>
<td>
<table>
<?
$user_name = "";
$password = "";
$database = "";
$server = "localhost";
mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database);
$id = $_GET['id'];
$order = "SELECT * FROM MY_ID where ID = ' " .$id . " ' ";
$result = mysql_query($order);
$row = mysql_fetch_array($result);
?>
<form method="post" action="edit_data.php"?id=<?= $id ?>>
<input type="text" name="id" value="<? echo "$row[ID]"?>">
<tr>
<td>First Name</td>
<td>
<input type="text" name="FirsName" size="20" value="<? echo "$row[FirstName]"?>">
</td>
</tr>
<tr>
<td>Sur Name</td>
<td>
<input type="text" name="SurName" size="40" value="<? echo "$row[SurName]"?>">
</td>
</tr>
<tr>
<td>Address</td>
<td>
<input type="text" name="Address" size="40" value="<? echo "$row[Address]"?>">
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit" value="submit">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
and here is the other file
<?php
$user_name = "";
$password = "";
$database = "";
$server = "";
mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database);
$id = $_REQUEST['ID'];
$FirstName = trim(mysql_real_escape_string($_POST["FirstName"]));
$SurName = trim(mysql_real_escape_string($_POST["SurName"]));
$Address = trim(mysql_real_escape_string($_POST["Address"]));
$sql = "UPDATE MY_ID SET FirstName='$FirstName',SurName='$SurName',Address='$Address' WHERE ID='$id'";
$result=mysql_query($sql);
if ($result){
echo "Successful";
echo "<BR>";
echo "<a href='edit.php'>View result</a>";
}
else {
echo "ERROR";
}
?>

Looks like you forget the double quotation mark and the full stop. You should write it as: '".$example."'
$sql = "UPDATE MY_ID SET FirstName='".$FirstName."',SurName='".$SurName."',Address='".$Address.:' WHERE ID='".$id."'";

It is because your form method is POST, and you are trying to GET ID.
Probably ID returns null.
My suggestion is to put a hidden input in your form as with name="ID", then read it in your posted page as $_POST["ID"];

Yes, the answer is as Mansours said. You should not use single quota to your variable.
So, it's bad practice writing code something like this:
<input type="text" value="<?php echo "$row[name]"; ?>">
it should be
<input type="text" value="<?php echo $row['name']; ?>">
it would be clear, and also, when inserting or updating the record you should write as follow:
$sql = "UPDATE MY_ID SET FirstName='" . $FirstName . "',
SurName='" . $SurName . "',
Address='" . $Address . "'
WHERE ID='" . $id . "'";
mysql_query($sql);