I have been teaching myself code for the past 3 months now and I am working on a project that is outside my level of knowledge. So on the site we're creating, we have a page where the user creates a profile and anyone who visits the site see's that information, the information they input is stored in a database table. What I am trying to do is only display that information for that specific user. Right now I have created three different users and when I login to each one it displays the same information for each user. I am sure this question has been answered i just dont know how to word it. Below is the input form and .php file i am currently using.
<div class="modal-body">
<form action="edit_profile.php" method="post">
<input type="text" class="form-control" id="exampleInputEmail1" placeholder="Name" name="name" required="">
<br>
<textarea class="form-control" name="about_me" rows="3" placeholder="About Me (300 Characters Max)"></textarea></textarea>
<br>
<input type="text" class="form-control" id="exampleInputEmail" placeholder="My Specialties" name="specialty" required="">
<br>
<input type="text" class="form-control" id="exampleInputEmail" placeholder="City" name="city" required="">
<br>
<input type="text" class="form-control" id="exampleInputEmail" placeholder="State" name="state" required="">
<br>
<input type="email" class="form-control" id="exampleInputEmail" placeholder="Email" name="email" required="">
<br>
<input type="text" class="form-control" id="exampleInputEmail" placeholder="Website" name="website" required="">
<br>
<input type="email" class="form-control" id="exampleInputEmail" name="facebook" placeholder="Facebook Link">
<br>
<input type="email" class="form-control" id="exampleInputEmail" name="instagram" placeholder="Instagram Link">
<br>
<input type="email" class="form-control" id="exampleInputEmail" name="twitter" placeholder="Twitter Link">
<br>
<input type="email" class="form-control" id="exampleInputEmail" name="google" placeholder="Google+ Link">
<br>
<input type="submit" class="btn btn-primary" value="submit">
<button type="button" class="btn btn-default" data-dismiss="modal">Close</button>
</form>
</div>
</div>
</div>
</div>
<!-- End Edit Profile Modal -->
<h4><strong>About Me: </strong></h4>
<?php echo $row['about_me'];?>
<h4><strong>My Specialties: </strong></h4>
<?php echo $row['specialty'];?>
<h4><strong>Location: </strong> </h4>
<?php echo $row['city'];?>, <?php echo $row['state'];?>
<h4><strong>Get Connected: </strong></h4>
<h5><strong>Email:</strong> <?php echo $row['email'];?> </h5>
<h5><strong>Website:</strong> <?php echo $row['website'];?></h5>
<h5><strong>Facebook:</strong> <?php echo $row['facebook'];?></h5>
//DATABASE CONNECT
<?php
$host="localhost";
$username="XXXXXXX";
$password="XXXXXXX";
$db_name="photographer_directory";
$tbl_name="qls3_profile";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$result = mysql_query("SELECT * FROM qls3_profile");
$row = mysql_fetch_array($result);
?>
<?php
include_once('includes/db_connect.php');
$name=$_POST['name'];
$about_me=$_POST['about_me'];
$specialty=$_POST['specialty'];
$city=$_POST['city'];
$state=$_POST['state'];
$email=$_POST['email'];
$website=$_POST['website'];
$facebook=$_POST['facebook'];
$instagram=$_POST['instagram'];
$twitter=$_POST['twitter'];
$google=$_POST['google'];
// Insert data into mysql
$sql="INSERT INTO $tbl_name(name, about_me, specialty, city, state, email, website, facebook, instagram, twitter, google)VALUES('$name', '$about_me', '$specialty', '$city', '$state', '$email', '$website', '$facebook', '$instagram', '$twitter', '$google')";
$result=mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='insert.php'>Back to main page</a>";
}
else {
echo "ERROR";
}
header( 'Location: userprofile.php' ) ;
?>
<?php
// close connection
mysql_close();
?>
You want to use a SQL SELECT ... FROM ... WHERE clause. It is best if you learn if for yourself: http://www.w3schools.com/sql/sql_where.asp
Related
I have a form where users can register other accounts. It was working fine until I changed the data type of the column date to data type date (I was using varchar so I changed it to date). After changing the datatype, the registration stopped working. I don't get an error but I can't see the new account when I try to view the records.
Here's my form:
<div class="main">
<div class="one">
<div class="register">
<center><h3>Add Account</h3></center>
<form name="reg" action="code_exec.php" onsubmit="return validateForm()" method="post">
<div>
<label>ID</label>
<input type="text" name="id" required>
</div>
<div>
<label>First Name</label>
<input type="text" name="firstname" required>
</div>
<div>
<label>Last Name</label>
<input type="text" name="lastname" required>
</div>
<div>
<label>Email</label>
<input type="text" name="email" placeholder="user#teamspan.com" required>
</div>
<div>
<label>Username</label>
<input type="text" name="username" required>
</div>
<div>
<label>Password</label>
<input type="password" name="password" required>
</div>
<div>
<label>Street Address</label>
<input type="text" name="street" required>
</div>
<div>
<label>Town/Suburb</label>
<input type="text" name="town" required>
</div>
<div>
<label>City</label>
<input type="text" name="city" required>
</div>
<div>
<label>Contact</label>
<input type="text" name="contact" required>
</div>
<div>
<label>Gender</label>
<select name="gender" required>
<option disabled selected hidden>Select Gender</option>
<option value="Male">Male</option>
<option value="Female">Female</option>
</select>
</div>
<div>
<label>User Levels</label>
<select name="user_levels" required>
<option disabled selected hidden>Select Access Level</option>
<option value="0">Employee</option>
<option value="1">Administrator</option>
<option value="2">Manager</option>
<option value="1">HR</option>
</select>
</div>
<div>
<label>Date</label>
<input type="text" readonly="readonly" name="date" value="<?php echo date("m/j/Y");?>" required>
</div>
<div>
<label>Sick Leave</label>
<input type="text" name="sickleave" required>
</div>
<div>
<label>Vacation Leave</label>
<input type="text" name="vacationleave" required>
</div>
<div>
<label>Picture (Link)</label>
<input type="text" name="picture" value="img/emp/" required>
</div>
<div>
<label></label>
<input type="submit" name="submit" value="Add Account" class="button" style="color: white;" />
<a href="hr_panel.php"><input type="button" value="Back" class="button" style="color: white;" />
</div>
</form>
</div>
</div>
And here's code_exec.php
<?php
session_start();
include('connection.php');
$id=$_POST['id'];
$username=$_POST['username'];
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$email=$_POST['email'];
$street=$_POST['street'];
$town=$_POST['town'];
$city=$_POST['city'];
$contact=$_POST['contact'];
$gender=$_POST['gender'];
$password=$_POST['password'];
$user_levels=$_POST['user_levels'];
$date=$_POST['date'];
$picture=$_POST['picture'];
$sickleave=$_POST['sickleave'];
$vacationleave=$_POST['vacationleave'];
mysqli_query($bd, "INSERT INTO employee(id, firstname, lastname, username, email, street, town, city, contact, gender, password, user_levels, date, picture, sickleave, vacationleave)
VALUES ('$id', '$firstname', '$lastname', '$username', '$email', '$street', '$town', '$city', '$contact', '$gender', '$password', '$user_levels', '$date', '$picture', '$sickleave', '$vacationleave')");
echo "<script>alert('Successfully Added!'); window.location='register.php'</script>";
mysqli_close($con);
?>
Database Schema:
DB Schema
As others have already stated, your date format may not be correct. And you need to look at securing your queries against sql injection.
In order to get you date issue fixed try replacing:
$date=$_POST['date'];
With:
$date=date('Y-m-d', strtotime($_POST['date']));
The Date format for sql is described as YYYY-MM-DD meaning a four digit year-two digit month - two digit day.
You need to convert the received date from your input date :
$dt = \DateTime::createFromFormat('m/j/Y', $_POST['date']);
See this StackOverflow answer for more informations.
Moreover, as #Syscall said, you should also pay attention to your query which is open to SQL injections. To prevent that, you should use a PDO statement, for example :
$stmt = $pdo->prepare('SELECT * FROM employees WHERE name = :name');
$stmt->execute(array('name' => $name));
Example taken from How can I prevent SQL injection in PHP?
I am building a simple client management system that allows users to input client data into a form populated in a modal. The idea is that when the user completes the form in the modal by clicking Create New Client, new client information will be stored into the predefined mysql table named client. I am using a nearly identical php script throughout the site to create new users which works fine.
The primary difference with this script is that is called from a form that is enclosed within a modal that is enclosed within divs. Could that possibly be inhibiting my scripting from following through on the query?
There are no error messages other than my own defined if else calls. The data will echo on Submit but information will not actually insert into the data in mysql. I'm still new to anything beyond html and css, so any help will be greatly appreciated and reciprocated as I continue to get a handle on this journey. Reference code below
newclient.php
<?php
session_start();
include 'dbh.php';
error_reporting(E_ALL);
ini_set('display_errors', 1);
$comname = $_POST['comname'];
$primcon = $_POST['primcon'];
$addr = $_POST['addr'];
$city = $_POST['city'];
$state = $_POST['state'];
$zip = $_POST['zip'];
$phn = $_POST['phn'];
$websi = $_POST['websi'];
$email = $_POST['email'];
$activ = $_POST['activ'];
$sql = "INSERT INTO client (comname, primcon, addr, city, state, zip, phn,
websi, email, activ )
VALUES ('$comname', '$primcon', '$addr', '$city', '$state', '$zip', '$phn',
'$websi', '$email', '$activ')";
$result = mysqli_query($conn, $sql);
echo $comname;
echo $primcon;
echo $addr;
echo $city;
echo $state;
echo $zip;
echo $phn;
echo $websi;
echo $email;
echo $activ;
//header("Location: login.html");
admin.html - where users actually create new clients (modal content only)
<div class="modal-content">
<div class="modal-header">
<span class="close">×</span>
<h2>New Client Registration</h2>
</div>
<div class="modal-body">
<form align="center"
action="http://localhost:1234/housenotes/newclient.php" method="POST">
<input type="text" placeholder="Company Name" name="comname"
required>
<input type="text" placeholder="Primary Contact" name="primcon"
required>
<input type="text" placeholder="Street Address" name="addr"
required> <br>
<input type="text" placeholder="City" name="city" required>
<input type="text" placeholder="State" name="state" required>
<input type="text" placeholder="Zip" name="zip" required> <br>
<input type="text" placeholder="Phone Number" name="phn"
required>
<input type="text" placeholder="Website" name="websi" required>
<input type="text" placeholder="Email" name="email" required>
<br>
<input type="radio" name="activ" value="Potential" checked>
Potential
<input type="radio" name="activ" value="Engaged"> Engaged
<input type="radio" name="activ" value="Active"> Active<br>
<button type="submit" class="button" style="width:15%;">Create
New Client</button>
</form>
</div>
<div class="modal-footer">
<h3>housenotes</h3>
</div>
Again, any help would be greatly appreciated! Thanks in advance!
This question already has answers here:
PHP code is not being executed, but the code shows in the browser source code
(35 answers)
Closed 8 years ago.
I am using wamp server and trying to create simple sign up page with html forms and php script; but the problem is whenever I am hitting on submit button on html page, it is directly showing the entire content of php file in next browser instead of executing the php file.
the following is my form code(index.php)
<form id="login" action="register.php" method="post">
<p>
<label for="first name" >First Name</label>
<input type="text" name="fname" value="" />
</p>
<p>
<label for="last name" >Last Name</label>
<input type="text" name="lname" value="" class="radius2" />
</p>
<p>
<label for="gender" >Gender</label>
<input type="text" name="gender" />
</p>
<p>
<label for="username" >Email</label>
<input type="text" name="username" />
</p>
<p>
<label for="password" >Password</label>
<input type="password" name="password" />
</p>
<p>
<input type="submit" name="submit">Login</input>
</p>
</form>
the following is my php code
$bd = mysqli_connect("localhost", "root","yash1991","shaunak") or die("Could not connect database");
echo" hello1";
mysqli_query($bd,"INSERT INTO users (fname, lname, gender, email_id, username, password) VALUES ("$fname", "$lname", "$gender", "$username", "$password")");
mysqli_close($bd);
?>
I suppose that you running WAMP server, and stored your files (index.php & register.php) in folder inside "C:\wamp\www\" and you access your index page using url "127.0.0.1/stack/index.php"
Check your index.php file with the following code:
<form id="login" action="register.php" method="post">
<p>
<label for="First Name">First Name</label>
<input type="text" name="fname" value="" />
</p>
<p>
<label for="last Name">Last Name</label>
<input type="text" name="lname" value="" class="radius2" />
</p>
<p>
<label for="gender">Gender</label>
<input type="text" name="gender" />
</p>
<p>
<label for="username">Email</label>
<input type="text" name="username" />
</p>
<p>
<label for="password">Password</label>
<input type="password" name="password" />
</p>
<p>
<input type="submit" name="submit" value="Login" />
</p>
</form>
Check your register.php file with the following code:
<?php
session_start();
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$gender=$_POST['gender'];
$username=$_POST['username'];
$password=$_POST['password'];
echo "hello ";
$bd= mysqli_connect("localhost","root","yash1991","shaunak") or die ("Could not connect DB");
$try = mysqli_query($bd, "INSERT INTO users (`fname`, `lname`, `gender`, `email_id`, `password`) VALUES ('$fname', '$lname', '$gender', '$username', '$password')");
if($try === false)
{
echo '<br />error - ';
echo mysqli_error($bd);
} else {
echo '<br />all good';
}
mysqli_close($bd);
?>
i want that when ever a login user want they can change their record(address,etc). for such purpose i make a autofill form for the current login user.Now the Problem is that the data won,t be updated..
My Form Code IS........
<?php session_start();
include 'conn.php';
include '../includes/layouts/header.php';
if(!isset($_SESSION['user']))
{
header("location:signin.php");
}
$sql="SELECT * FROM signup";
$qry=mysql_query($sql);
$rows=mysql_fetch_array($qry);
?>
<div id="main">
<div id="navigation">
</div>
<div id="page">
<h2>Login Section</h2>
<p>Welcome to LMS</p>
<form method="post" action="update.php">
<div class="reg_section">
<h3>Your Personal Information</h3>
<input type="text" name="fname" value="<?php echo $rows[1];?>" placeholder="First Name"><br>
<input type="text" name="lname" value="<?php echo $rows[2];?>" placeholder="Last Name"><br>
<input type="text" name="uname" value="<?php echo $rows[3];?>" placeholder="Desired Username"><br>
<input type="text" name="email" value="<?php echo $rows[4];?>" placeholder="Email"><br>
<input type="text" name="department" value="<?php echo $rows[5];?>" placeholder="Department"><br>
<input type="text" name="id" value="<?php echo $rows[6];?>" placeholder="Id #"/><br>
<input type="text" name="phone" value="<?php echo $rows[7];?>" placeholder="Phone #"/><br>
</div>
<div class="reg_section">
<h3>Your Password</h3>
<input type="password" name="pass" value="<?php echo $rows[8];?>" placeholder="Your Password"><br>
<input type="password" name="cpass" value="<?php echo $rows[8];?>" placeholder="Confirm Password">
</div>
<div class="reg_section">
<h3>Your Address</h3>
<input type="text" name="address" value="<?php echo $rows[9];?>" placeholder="Address">
</div>
<p class="submit"><input type="submit" name="submit" value="Update Info"></p>
</form>
</div>
</div>
My PHP CODE IS..........
<?php session_start();
if(isset($_POST['submit']))
{
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$user=$_POST['uname'];
$email=$_POST['email'];
$depart=$_POST['department'];
$id=$_POST['id'];
$phone=$_POST['phone'];
$pass=$_POST['pass'];
$address=$_POST['address'];
$qry="UPDATE signup SET First_Name=$$fname,Last_Name=$$lname,Username=$$user,Email=$$email,Department=$$depart,Employe_Id=$$id,Phone=$$phone,Password=$$pass,Address=$$address WHERE Username=$$user";
if(mysql_query($qry))
{
header('location:setting.php');
}
}
?>
Can any one know that what is the error...
try this sql
$qry="UPDATE signup
SET First_Name='$fname', Last_Name='$lname', Username='$user', Email='$email',Department='$depart', Employe_Id='$id', Phone='$phone', Password='$pass', Address='$address'
WHERE Username='$user' LIMIT 1 ";
As mentioned in my first comment above you have a problem in how you construct your query. You were using double dollar chars ($$) which does not make any sense. The result is that you run an empty query which explains why not record is updated.
As a first step alter your query like this:
$qry = "UPDATE signup SET
First_Name='$fname', Last_Name='$lname', Username='$user',
Email='$email', Department='$depart', Employe_Id='$id',
Phone='$phone', Password='$pass', Address='$address'
WHERE Username='$user'";
You do not implement any form of error handling, that is why you don't see the error you get from mysql. Please take a look at some tutorials about how to do that.
Also consider my second comment about preventing sql injections. At least, as some kind of "hot fix" you should use mysql_real_ecape() on all user input you integrate into your query. But as said, the only real solution is to switch to "prepared statements".
This is my setting.php code:
<?php session_start();
include 'conn.php';
include '../includes/layouts/header.php';
if(!isset($_SESSION['user']))
{
header("location:signin.php");
}
if(isset($_SESSION['update']))
{
echo $_SESSION['update'];
unset($_SESSION['update']);
}
$sql="SELECT * FROM signup";
$qry=mysql_query($sql);
$rows=mysql_fetch_array($qry);
?>
<div id="main">
<div id="navigation">
<div class="">
Welcome to LMS
<ul>
<li><?php echo $_SESSION['user']; ?>
<ul>
<li>Send Leave Application</li>
<li>Setting</li>
<li>Logout</li>
</ul>
</div>
</div>
<div id="page">
<form method="post" action="update.php">
<div class="reg_section">
<h3>Your Personal Information</h3>
<input type="text" name="fname" value="<?php echo $rows[1];?>" placeholder="First Name"><br>
<input type="text" name="lname" value="<?php echo $rows[2];?>" placeholder="Last Name"><br>
<input type="text" name="uname" value="<?php echo $rows[3];?>" placeholder="Desired Username"><br>
<input type="text" name="email" value="<?php echo $rows[4];?>" placeholder="Email"><br>
<input type="text" name="department" value="<?php echo $rows[5];?>" placeholder="Department"><br>
<input type="text" name="id" value="<?php echo $rows[6];?>" placeholder="Id #"/><br>
<input type="text" name="phone" value="<?php echo $rows[7];?>" placeholder="Phone #"/><br>
</div>
<div class="reg_section">
<h3>Your Password</h3>
<input type="password" name="pass" value="<?php echo $rows[8];?>" placeholder="Your Password"><br>
<input type="password" name="cpass" value="<?php echo $rows[8];?>" placeholder="Confirm Password">
</div>
<div class="reg_section">
<h3>Your Address</h3>
<input type="text" name="address" value="<?php echo $rows[9];?>" placeholder="Address">
</div>
<p class="submit"><input type="submit" name="submit" value="Update Info"></p>
</form>
</div>
</div>
<?php include '../includes/layouts/footer.php' ?>
and this is the Update.php code:
<?php session_start();
include 'conn.php';
if(isset($_POST['submit']))
{
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$user=$_POST['uname'];
$email=$_POST['email'];
$depart=$_POST['department'];
$id=$_POST['id'];
$phone=$_POST['phone'];
$pass=$_POST['pass'];
$address=$_POST['address'];
$msg="Record Update Successfuly";
$qry="UPDATE signup SET First_Name='$fname',Last_Name='$lname',Username='$user',Email='$email',Department='$depart',Employe_Id='$id',Phone='$phone',Password='$pass',Address='$address' WHERE Username='$user'";
if(mysql_query($qry))
{
header('location:setting.php');
echo $_SESSION['update']=$msg;
}
else
{
echo mysql_error();
}
}
?>
now, I want that only logged-in users can change their record and the form should contain their own data, but I can't.
When I log into the page then it will only show the first record of the database, but I want it to show only the logged-in user record.
How can I do it?
......
I won't go into the discussion of using mysql when you should consider adoptiing mysqli or pdo.
You are selecting all records within you query. You only need to select the desired one. Assuming that you are setting the user is within the session you could call it like so.
Eg: $sql="SELECT * FROM signup WHERE userId = '$_SESSION['userId']'";