I am trying that the user who is logged in can delete his own posts so only he should see the delete button on his posts. I was thinking by my own that I had to bind the user who is logged in to the posts/img ID and then he should see the button. I'm struggling with this a bit so every useful comment is appreciated!
PHP
<?php
$result = $mysqli->query("SELECT users.user_id, users.username,
picas.img_id, picas.user_id, picas.name, picas.description, picas.created_at
FROM users
JOIN picas ON users.user_id = picas.user_id
ORDER BY picas.created_at DESC");
while($pica = $result->fetch_assoc()) {
$ses_user = $_SESSION['username'];
echo '<div class="image_post">';
if(isset($ses_user) == $pica['user_id'] && $pica['img_id']) {
echo '<form action="logic/delete_post.php?id='.$pica['img_id'].'" method="POST">
<input type="hidden" name="id" value="?id='.$pica['img_id'].'" />
<input type="submit" name="deleteSubmit" value="Delete" class="delete_post" />
</form>';
}
echo '<div class="user_avatar"><img src="avatars/'.$pica['username'].'.jpeg" /></div>
<div class="user_name">'.$pica['username'].'</div> <br><br><br><br>
<div class="timeago">'.$diff.'</div>
<div class="image_description">'.$pica['description'].'</div>
<img src="'.$pica['name'].'" />
<div class="clear"></div>
</div>';
}
?>
Your problem is that you are checking isset($ses_user) == $pica['user_id'] being isset() a function that returns a bool.
What you want to check is if the current user is the owner.
The correct condition should be:
...
if(isset($ses_user) && ($ses_user == $pica['username']) && $pica['img_id']) {
echo '<form action="logic/delete_post.php?id='.$pica['img_id'].'" method="POST">
<input type="hidden" name="id" value="?id='.$pica['img_id'].'" />
<input type="submit" name="deleteSubmit" value="Delete" class="delete_post" />
</form>';
}
...
Related
I start by showing a list of businesses I have stored in a db. There is a form to search by industry or state. When showing a list of search results, I also provide the option to move the businesses to different tables. After submitting the form to move a business to a different table, the list refreshes to default result list, and we have to enter search term again.
I've tried assigning $_POST values to dynamic urls in the action url of my forms, I've tried assigning $_POST values to the value="" parameter of my forms.
<?php
if (isset($_POST['update']) && ($_POST['update'] == 'true')){
$sql = 'INSERT INTO table1 (columns,columns,columns)
SELECT columns,columns,columns
FROM table2 WHERE id = 1';
if (mysqli_query($db, $sql)) {}
}
?>
<div>
<form action="./?action=list" method="POST">
<input type="hidden" name="search" value="true" />
<input placeholder=" INDUSTRY" type="text" size="15" name="kw" />
<select name="state" onchange='this.form.submit()'>
<option value=''>BY STATE</option>
<?php require('includes/stateselect.php'); ?>
</select>
<input type="submit" value="SEARCH">
</form>
</div>
<table>
<?php
$sql = 'SELECT * FROM db.table ';
if ((isset($_POST['kw'])) && (!empty($_POST['kw']))){
$sql .=' WHERE `kw` LIKE \'%'.$_REQUEST['kw'].'%\' OR `biz` LIKE \'%'.$_POST['kw'].'%\' ';
}
if ((isset($_POST['state'])) && (!empty($_POST['state']))){
$sql .=' WHERE `state` = \''.$_POST['state'].'\' ';
}
if ($result = mysqli_query($db, $sql)){
while ($row = mysqli_fetch_array($result)) {
echo '<tr><form method="POST" action="./?action=list">
<input type="hidden" name="id" value="'.$row['id'].'" />
<input type="hidden" name="update" value="true" />
<td>'.$row['kw'] .'</td><td>'. $row['state'].'</td>';
echo '<td>
<select name="move">
<option>--Fresh--</option>
<option value="dnc">DNC</option>
</select>';
echo '<input type="submit" value="submit">';
echo '</td></form></tr>';
}
}
?>
</table>
We want to be able to search for lawyers, then disposition them from the list as we call them, but retain our search results.
You can store the search term inside a session so that you can use that term multiple times in your form. Store the search term in the session like this,
if ((isset($_POST['kw'])) && (!empty($_POST['kw']))){\
$_SESSION['search_term] = $_POST['kw'];
$sql .=' WHERE `kw` LIKE \'%'.$_REQUEST['kw'].'%\' OR `biz` LIKE
\'%'.$_POST['kw'].'%\' ';
}
You could try to re-set the kw as a hidden input within the second form to retain the search terms, like this :
<?php
if (isset($_POST['update']) && ($_POST['update'] == 'true')){
$sql = 'INSERT INTO table1 (columns,columns,columns)
SELECT columns,columns,columns
FROM table2 WHERE id = 1';
if (mysqli_query($db, $sql)) {}
}
?>
<div>
<form action="./?action=list" method="POST">
<input type="hidden" name="search" value="true" />
<input placeholder=" INDUSTRY" type="text" size="15" name="kw" />
<select name="state" onchange='this.form.submit()'>
<option value=''>BY STATE</option>
<?php require('includes/stateselect.php'); ?>
</select>
<input type="submit" value="SEARCH">
</form>
</div>
<table>
<?php
$sql = 'SELECT * FROM db.table ';
if ((isset($_POST['kw'])) && (!empty($_POST['kw']))){
$sql .=' WHERE `kw` LIKE \'%'.$_REQUEST['kw'].'%\' OR `biz` LIKE \'%'.$_POST['kw'].'%\' ';
}
if ((isset($_POST['state'])) && (!empty($_POST['state']))){
$sql .=' WHERE `state` = \''.$_POST['state'].'\' ';
}
if ($result = mysqli_query($db, $sql)){
while ($row = mysqli_fetch_array($result)) {
echo '<tr><form method="POST" action="./?action=list">
<input type="hidden" name="id" value="'.$row['id'].'" />
<input type="hidden" name="update" value="true" />
<td>'.$row['kw'] .'</td><td>'. $row['state'].'</td>';
echo '<td>
<select name="move">
<option>--Fresh--</option>
<option value="dnc">DNC</option>
</select>';
// added below blocks
if (!empty($_POST['kw'])){
echo '<input type="hidden" name="kw" value="'.$_POST['kw'].'" />';
// echo '<input type="hidden" name="search" value="true" />';
}
if (!empty($_POST['state'])){
echo '<input type="hidden" name="state" value="'.$_POST['state'].'" />';
}
echo '<input type="submit" value="submit">';
echo '</td></form></tr>';
}
}
?>
</table>
Question.php
<?php
include 'Pre-function.php'
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" href="CSS/Start.css">
</head>
<body>
<div class="nav">
Home
News
Contact
</div>
<div class="question">
<div class="A4">
<form action="Answer.php" method="post">
<?php getQuestion($conn); ?>
<input type="submit" name="Submit" value="Submit">
</form>
</div>
</div>
</body>
</html>
Its html page to ask question
Pre-function.php
<?php
include 'conn.php';
function getQuestion($conn) {
$query = "SELECT * FROM question ";
$result = mysqli_query($conn, $query);
if($result){
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$question_id = $row['question_id'];
$question_body = $row['question_body'];
$option_a = $row['option_a'];
$option_b = $row['option_b'];
echo '
<h2 class="qtitle">'.$question_body.'</h2>
<label for='.$question_body.'>Yes</label>
<input type="radio" name="'.$question_id.'" value="Yes">
<input type="hidden" name="option_a" value="'.$option_a.'">
<label for="'.$question_body.'">No</label>
<input type="radio" name="'.$question_id.'" value="No">
<input type="hidden" name="option_b" value="'.$option_b.'">
<input type="hidden" name="submitted" value="submitted"><hr>';
}
}
}
?>
Basically this form asked question whether yes or no using radio button. $option_a == 'Yes' and $option_b == 'No'. The question is like this "Are you have fever ?". So when i submit the value did not pass to the 'Answer.php' page.
'Answer.php' page.
<?php
include 'conn.php';
if(isset($_POST['Submit']) && !empty($_POST['Submit'])){
echo $_POST['option_a'];
echo 'succeed';
}
else{
echo 'no data';
}
?>
In this page have error undefined_index value but still echo succeed.
Your HTML code should look like the following:
<input type="radio" name="whatevername" value="Yes">
<input type="hidden" name="whatevername" value="No">
You can use PHP to insert whatever values you want but you need the radio button name to be the same.
Then if you want to echo that in PHP you'd use:
echo $_POST['whatevername']; //same name you used in the form
You are passing value as name for radio buttons
name="'.$option_a.'"
This will result you in name ="Yes"
And you are trying to fetch echo $_POST['option_a']; where option_a is not defined.
Try this
<input type="radio" name="'.$question_id.'" value="Yes">
<input type="hidden" name="option_a" value="'.$option_a.'">
Same for other radio button
Try this one :
<?php
include 'conn.php';
function getQuestion($conn) {
$query = "SELECT * FROM question ";
$result = mysqli_query($conn, $query);
if($result){
echo '<div class="A4">';
while ($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){
$question_id = $row['question_id'];
$question_body = $row['question_body'];
$option_a = $row['option_a'];
$option_b = $row['option_b'];
echo '
<div class="A4">
<h2 class="qtitle">'.$question_body.'</h2>
<form action="Answer.php" method="post">
<label for='.$question_body.'>Yes</label>
<input type="radio" name="radioQuestions[]" value="'.$question_id.'-'.$option_a.'">
<label for="'.$question_body.'">No</label>
<input type="radio" name="radioQuestions[]" value="'.$question_id.'-'.$option_b.'">
<input type="hidden" name="submitted" value="submitted"><hr>';
}
echo'
<input type="submit" name="Submit" value="Submit">
</form>
</div>';
}
}
?>
<?php
include 'conn.php';
if(isset($_POST['submitted']) && !empty($_POST['submitted'])){
$questionAndOptions = $_POST['radioQuestions'];
foreach ($questionAndOptions as $questionAndOption) {
$arrQuestionAndOption = explode("-", $questionAndOption);
echo $arrQuestionAndOption[0]; //question
echo $arrQuestionAndOption[1]; //option
}
echo 'succeed';
}
else{
echo 'no data';
}
?>
how can i submit a pre checked checkbox on submit?
right now i have
$checked= 'checked="checked"';
<input type="checkbox" name="entity_id['.$row['entity_id'].']" value="Yes" '.$checked.'>
on submit, this is not getting posted, only when checked/unchecked by hand.
my $checked is actually coming from a for-each mysql query.
any help is appreciated.
UPDATE
<form method="post">';
if($hass_lights == 'Yes'){$user->getLights($userid);}
exit('
<br><b>Google is requiring access to your basic profile information.</b><br><br>
<input type="submit" class="btn btn-text" style="height:40px; width:100px" name="authorized" value="Allow" /> <input type="submit" class="btn btn-text" style="height:40px; width:100px" name="authorized" value="Deny" />
</form>
');
function getLights($userID){
$stmt = $this->db->prepare("SELECT * FROM hass_entities WHERE id = :id AND devicetype= 'light' ORDER BY friendly_name ASC");
$stmt->bindParam(':id',$userID);
$stmt->execute();
$userData = $stmt->fetchAll();
echo '
<div class="container">
<button type="button" class="btn btn-info" data-toggle="collapse" style="width:120px" data-target="#lights">Lights</button>
<br/><div id="lights" class="collapse"><br/><table border=0>';
foreach( $userData as $row ) {
if($row['enabled'] == 'Yes'){
$checked = 'checked="checked"';
}else{
$checked = '';
}
echo '<tr><td><label id="'.$row['entity_id'].'">'.$row['friendly_name'].' </label></td><td><input type="checkbox" name="entity_id['.$row['entity_id'].']" value="Yes" '.$checked.'></td></tr>';
}
echo '</table></div></div><br/>';
}
-Dennis
Try this:
<input type="checkbox" name="entity_id['.$row['entity_id'].']" value="Yes" checked>
Your input field is been written in an echo statement? Would be good to see the entire form, but here is your code working:
<form method=POST>
<?php
var_dump($_POST);
$row = [];
$row['entity_id'] = 1;
$checked= 'checked="checked"';
echo '<input type="checkbox" name="entity_id['.$row['entity_id'].']" value="Yes" '.$checked.'>';
?>
<button type="submit">submit</button>
</form>
I am updating the code of my search page, for some reason if you search any users for example there are three users with the name "Peter" and if you search for them the first Peter prints only the inputs:
<input type="hidden" name="chatting_with" value="userexample"/><input type="hidden" name="chatting_logusr" value="userexample"/><input id="prponclick" class="openchatmsgdevices" type="submit" value="Enviar un mensaje" />
But the rest print correctly with the form:
<form target="u-n" method="POST" action="open_new_chat_with_user"><input type="hidden" name="chatting_with" value="userexample"/><input type="hidden" name="chatting_logusr" value="userexample"/><input id="prponclick" class="openchatmsgdevices" type="submit" value="Enviar un mensaje" /></form>
Heres the full code:
<?php
session_start();
include("../DD/ddd.php");
$logged_user = $_SESSION['valid_user'];
if(!$logged_user){return false;}
$query = "SELECT searched_for FROM searches WHERE `user` = '$logged_user' ORDER BY id_search DESC LIMIT 1";
$run_query = $all_conn->query($query);
$rows_searches = $all_conn->query($query)->fetch();
$searched_for = $rows_searches['searched_for'];
$no_allowed_spaces = preg_replace('/\s/', '', $searched_for);
$query_info = "SELECT * FROM user_info WHERE nombre LIKE '%".$searched_for."%' OR `user` LIKE '%".$searched_for."%'";
echo '<div class="n-ovf" style="overflow:auto;">';
if(strlen($searched_for) >= 1)
{echo '<div id="search-ico-con"><div id="s-ico-con"></div><div id="s-l-dvsr-con"><div id="s-l-dvsr"></div></div><div id="s-txt-con"><h3>'.$searched_for.'</h3></div></div><div id="s-dvsor"></div>'.
'<div id="search-hastag-con"><div id="s-hastag-con"><h1>#</h1></div><div id="shtag-l-dvsr-con"><div id="shtag-l-dvsr"></div></div><div id="shtag-txt-con"><h3>'.$no_allowed_spaces.'</h3></div></div><div id="shtag-dvsor"></div>';}
foreach($all_conn->query($query_info) as $got_users){
if(strlen($searched_for) == 0){echo '<div class="search-for-something"><h3>Buscar algo....</h3></div>'; return false;}
echo '<div class="searched-content-info">
<div style="float:left; width:100%; height:0.1px; position:relative; z-index:9586;" class="container-buttons-search-user">
<form target="u-n" method="POST" action="open_new_chat_with_user"><input type="hidden" name="chatting_with" value="'.$got_users['user'].'"/><input type="hidden" name="chatting_logusr"
value="'.$logged_user.'"/><input id="prponclick" class="openchatmsgdevices" type="submit" value="Enviar un mensaje" />
</form>
<input type="button" value="Visitar árbol"/>
</div>'.
'<div class="searched-photo"><img src="'.$got_users['foto'].'"></div>
<div class="searched-names"><h3>'.$got_users['nombre'].'</h3></div>
</div>
<div class="divisor-search-user"></div>';
}
echo '<div class="all-searched-content-divisor"></div>';
echo '</div>';
?>
It's all going wrong. I need to output a form onto my website that will do 1 of 2 things:
If the user already has content in the database, provide a form that posts to self to update the existing content.
If the user does not have content in the database, provide a form to let the user add information to the database.
The forms should submit to themselves to keep coding tidy. I'm getting into a right mess. I'll show what I have so far, but I'm getting in a muddle.
//look in db to see if content exists, if it does set variable
$result = mysql_query(
"SELECT * from tbl_profiles
WHERE user_id = $who
");
while($row = mysql_fetch_array($result))
{
$profileText = $row['text'];
}
// Check if user has content in db
$result = mysql_query(
"SELECT * FROM tbl_profiles WHERE user_id='$who'");
if(mysql_fetch_array($result) !== false){
echo
'<form action="../edit/indexUpdate.php" method="post" name="edit">
Comments:<br />
<textarea name="updatedText" id="comments">' .
$profileText .'
</textarea><br />
<input type="submit" value="Submit" />
</form>'
;}
else{
$profileText = $row['text'];
echo
"<form action='../edit/index.php' method='post' name='add'>
Comments:<br />
<textarea name='comments' id='comments'>" .
$profileText
."</textarea><br />
<input type='submit' value='Submit' />
</form>"
;}?>
You've pretty much got the functionality there, just needs tidying up.
Try something like this:
<?php
//look in db to see if content exists, if it does set variable
$profileText="";
if($result = mysql_query("SELECT * from tbl_profiles WHERE user_id = $who")) {
while($row = mysql_fetch_array($result))
{
$profileText .= $row['text'];
}
?>
<form action="../edit/indexUpdate.php" method="post" name="edit">
Comments:<br />
<textarea name="updatedText" id="comments">
<?php echo $profileText; ?>
</textarea><br />
<input type="submit" value="Submit" />
</form>
<?php
} else {
?>
<form action='../edit/index.php' method='post' name='add'>
Comments:<br />
<textarea name='comments' id='comments'>
<?php echo $profileText; ?>
</textarea><br />
<input type='submit' value='Submit' />
</form>
<?php
}
?>
The basic idea is to add a record if new and update if not. What you can do is use an id to represent the record or -1 if it's a new entry
Something along the lines of:
//Defaults
$recordid=-1;
$name='';
$comments='';
//look in db to see if content exists, if it does set variable
$result = mysql_query(
"SELECT * from tbl_profiles
WHERE user_id = $who
");
// Check if user has content in db
$result = mysql_query(
"SELECT * FROM tbl_profiles WHERE user_id='$who'");
if(mysql_fetch_array($result) !== false){
//Yes. Get the id
$recordid = $result->id;
//Get the values
$name= $result->name;
$comments= $result->name;
}
<form action="../edit/index.php" method="post" name="formdata">
<input type="hidden" name="recordid" value="<? echo htmlspecialchars($recordid) ?>">
<input type="hidden" name="name" value="<? echo htmlspecialchars($name) ?>">
<textarea name="comments" id="comments"><? echo htmlspecialchars($comments) ?></textarea>
<input type="submit" value="submit"/>
</form>
This way a new form will have a -1 but an existing will have an id.
As an additional point it is very important to sanitize your inputs for SQL and what you output in HTML to stop SQL Injections. For your reference on this:
SQL
Little Bobby Tables
Cross Site Scripting