the form already has an existing submit button which you can select difficulty(1st combo) and location(2nd combo) and then i submit this to display a video and a text field
under the field i have an addtional drop down box which is yes or no
then inside this code i want to submit a separate value using an if inisde an if it works fine on the 1st difficulty and location in the lists but nothing else and i cant see what im doing wrong a new pair of eyes would be great PS i will be upgrading this to PDO eventually
<?php
if(strpos($drop, 'norm') !== false && $ruavalue == 0)
{
Echo "RUA: ";
$RUAresult = mysql_query("SELECT Answer FROM options");
echo "<select name='ruacombo'>";
while($RUArow = mysql_fetch_assoc($RUAresult))
echo "<option value = '".$RUArow['Answer']."'>".$RUArow['Answer']."</option>";
echo "</select>";
echo '<form action="" method="post">';
echo "<input name=\"boss\" type=hidden value=".$_POST['tier_two'].">";
echo "<input name=\"main\" type=hidden value=".$_COOKIE['ID_my_site'].">";
echo '<input type="submit" name="ruasubmit" value="RUA!" />';
echo '</form>';
if (isset($_POST['ruasubmit']))
{
$ruaboss = $_POST['boss'];
$ruauser = $_POST['main'];
$ruasql = "UPDATE `RUASEXCELL` SET `$ruaboss`=1 WHERE Username = '$ruauser'";
$add_rua = mysql_query($ruasql);
}
In your while loop, you need to access the associative array keys as a string like so:
while($RUArow = mysql_fetch_assoc($RUAresult))
echo "<option value = '".$RUArow['Answer']."'>".$RUArow['Answer']."</option>";
Also, please look into using mysql_real_escape_string() to prevent SQL injection. In its current state, this script, and your database can be blown to pieces by a stray quote.
Related
I am attempting to get the sql row that a user checks with a checkbox and post the id to a script that will save the users selected rows to a db so they can pull "saved" rows at a later data.
Below is my code -- the issue is when I post the checkbox value it is appearing as "1" and I am not sure why this is happening. All checkbox values are appearing as "1".
require('./wp-blog-header.php');
$current_user = wp_get_current_user();
$school = $_POST['school'];
$connection = mysql_connect('198.71.225.63:3306', 'newmslsuper', '');
mysql_select_db('msl_data');
$query = "INSERT INTO searches (ID, school, type) VALUES('$current_user->ID', '$school', '1')";
mysql_query($query);
$search = mysql_query("SELECT * FROM `data` WHERE `school` LIKE '%$school%'");
$count=mysql_num_rows($search);
if ($count==0) {
echo 'Sorry your search for'; echo " $school "; echo 'returned no results. Please try again.';
}
else {
$fields_num1 = mysql_num_fields($search);
echo "<form action='save.php' method='post'>";
echo "<p>Check the box next to a Scholarship you would like to save and hit the SAVE button.<p/><table><tr><th>Save Search</th>";
// printing table headers
for($i=0; $i<$fields_num1; $i++)
{
$field1 = mysql_fetch_field($search);
echo "<th>{$field1->name}</th>";
}
echo "</tr>\n";
// printing table rows
while($row = mysql_fetch_array($search)){
foreach($row as $rowarray)
while($row1 = mysql_fetch_row($search)){
echo "<tr>";
echo "<td><input type='checkbox' value='$rowarray' name='cell'></td>";
// $row is array... foreach( .. ) puts every element
// of $row1 to $cell1 variable
foreach($row1 as $cell1)
echo "<td>$cell1</td>";
echo "</tr>\n";
}
}
}
echo "<input type='submit' value='SAVE'>";
mysql_close(); //Make sure to close out the database connection
Your checkboxes should be as array as they are multiple. The reason why you get them all as 1 as they override each other.
<form method='post' id='form' action='page.php'>
<input type='checkbox' name='checkboxvar[]' value='Option One'>1
<input type='checkbox' name='checkboxvar[]' value='Option Two'>2
<input type='checkbox' name='checkboxvar[]' value='Option Three'>3
<input type='submit'>
</form>
<?php
if(isset($_POST['submit']){
$v = $_POST['checkboxvar'];
foreach ($v as $key=>$value) {
echo "Checkbox: ".$value."<br />";
}
}
?>
TBH, this thing was a mess. The base of your problem was a) only having a single named element (as the other answer pointed out) and b) trying to give it an array as a value. But even after fixing that this was never going to work.
You had your database results inside four separate loops, I don't know what the thinking was there. As well, if you presented me with this web page, I could easily erase your entire database with a single click.
Here's what it looks like after 5 minutes of work. I'd still not call this a reasonable script, but hopefully it will give you something to learn from. You need to make a priority to learn about preventing SQL injection, and the first way to do this is to stop using a database engine that's been unsupported for 5 years. PDO is the easiest alternative as it's built into PHP for nearly a decade now. It provides convenient methods for dumping a result set into an array easily.
<html>
<head>
<link rel="stylesheet" type="text/css" href="results.css">
</head>
</html>
<?php
require('./wp-blog-header.php');
$current_user = wp_get_current_user();
$school = $_POST['school'];
$db = new PDO("mysql:host=198.71.225.63;dbname=msl_data", "newmslsuper", "");
$stmt = $db->prepare("INSERT INTO searches (ID, school, type) VALUES(?,?,?)";
$stmt->execute(array($current_user->ID, $school, 1));
$stmt = $db->prepare("SELECT * FROM `data` WHERE `school` LIKE ?");
$stmt->execute(array("%$school%"));
// put it in an array. presto!
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (count($result) === 0) {
echo "Sorry your search for '$school' returned no results. Please try again.";
}
else {
$fields = array_keys($result[0]);
echo "<form action='save.php' method='post'>";
echo "<p>Check the box next to a Scholarship you would like to save and hit the SAVE button.<p/><table><tr><th>Save Search</th>";
// assume "id" field is first
unset($fields[0]);
// printing table headers
foreach($fields as $field) {
echo "<th>$key</th>";
}
echo "</tr>\n";
// printing table rows
// just one loop
foreach($result as $row) {
echo "<tr>";
// assume the column is named "id"
echo "<td><input type='checkbox' value='$row[id]' name='cell[]'></td>";
unset($row["id"]);
foreach($row as $cell) {
echo "<td>$cell</td>";
}
echo "</tr>\n";
}
echo "<input type='submit' value='SAVE'>";
echo "</form>";
}
?>
I print this form in a web page with php:
<?php
include("connectDB.php");
$mySQL=new MySQL();
$queryResult=$mySQL->query("SELECT nombre, precio, id_producto FROM productos");
echo "<form action= 'checkout.php'> method=''POST'";
while($datos=$mySQL->fetch_array($queryResult))
{
$n = 1;
$nombre=$datos['nombre'];
$id_producto=$datos['id_producto'];
$precio=$datos['precio'];
echo "<h1>$nombre</h1>";
echo "<input type=\"checkbox\" name=\"$id_producto\" value=\"$nombre\"> Cantidad: <input type=\"number\" name=\"points\" min=\"1\" max=\"20\" step=\"1\" value=\"1\"><br>";
echo "<h3> Precio: $precio<br>";
}
echo "<br>";
echo "<input type=\"submit\" class=\"button\" value=\"Comprar\">";
echo "</form>";
?>
So it displays a list (which is a form within) of items which can be selected or checked, on submit, I want to do the $_POST[''] of only the checked items, how could I solve this?
When such checkboxes are printed, only those values which were checked are submitted.
If i understood you correctly you wanted to retrieve those that got posted, which you can follow with this simple method
foreach($_POST as $post_key => $post_value){
//Check that the particular input is int and numeric, since i believe the name is the id
if(is_numeric($post_key) && is_int($post_key){
//Here goes your code, $post_key is the id and $post_value is the $nombre
//Although i admit that i have no idea what nombre is since it is in another language. Forgive me if id_producto is not numeric and unique.
}
}
I am trying to get the $w['id'] value for a mysql row and pass it to another page using a hidden input field and variable $blog_id. Here is the code for the first page:
$query = "SELECT * FROM blog WHERE username = '$username' ORDER BY created_date DESC;";
$result = $mysqli->query($query);
$rows = resultToArray($result);
// var_dump($rows);
foreach($rows as $r => $w) {
echo "<tr>\n";
echo "<td>{$w['title']}\n";
echo "<td>{$w['id']}\n";
echo "<td>{$w['created_date']}</td>\n";
echo "<td>{$w['updated_date']}</td>\n";
echo "<td style=\"border:none\">{$w['template']}</td>\n";
$blog_id = $w['id'];
echo "<input type=\"hidden\" name=\"id\" value=\"$blog_id\" />\n";
echo "<td style=\"border:none\"><button type=\"submit\" name=\"view\">View</button></td>\n";
echo "<td style=\"border:none\"><button type=\"submit\" name=\"edit\">Edit</button></td>\n";
echo "<td style=\"border:none\"><button type=\"submit\" name=\"delete\"><font color=\"red\">Delete</font></button></td>";
echo "</tr>\n";
}
?>
In my html table the values echo correctly but when I try to grab the $w['id'] value and pass it using, say, the edit button to the next page the value is always the lowest id value in the mysql table.
The code for the critical part in the second page is:
sec_session_start();
$username = $_SESSION['username'];
// $blog_id = $_SESSION['blog_id'];
if(isset ($_POST['edit'])) {
$blog_id = $_POST['id'];
$result = $mysqli->query("SELECT * FROM blog WHERE id = '$blog_id'");
if($result->num_rows > 0) {
$rows = resultToArray($result);
foreach($rows as $r => $w) {
?>
<body id="blog_editor">
<?php var_dump($_POST); ?>
The value of var_dump($_POST) is always ["id"]=>string(2) "43" whereas the foreach loop on the first page produces lots of different IDs.
Does anybody know what I am doing wrong or have an alternative way of doing the same kind of thing which might work?
You use a foreach and echo many different id.
I don't see any SUBMIT button or <form> tag.
What you can do is, inside the foreach loop, create a form with is own button:
<?php
foreach($rows as $r => $w) {
echo '<form action="page.php" ...>
echo ....
echo '<input type="submit">
}
?>
OR if you have multiple results inside one only form then you have to change the name of your element (which will be later give the value to `$_POST['id']) every time the loop loops.
To do this change this line:
echo "<input type=\"hidden\" name=\"id\" value=\"$blog_id\" />\n";
1) to this:
echo "<input type='hidden' name='id".$blog_id."' value='$blog_id' />\n";
and then when you call $_POST you'll have $_POST['idXX'] where XX = number of the ID
2) or TO this to create an array with all IDs on it:
echo "<input type='hidden' name='id[]' value='$blog_id' />\n";
and then $_POST['id'] will be an array
Hey so I am trying to grab the user input text within a textarea but it is not working out too well. What is happening is that we are grabbing a text (movie review) from our server and we want the user to be able to update it and then send it back to the server. Anyone know what we are doing wrong??
We arent getting any error, it just that we are unable to grab the textarea field data. We are pretty new to php and html so I am assume it is some small typeo we are overlooking.
UPDATE: Full fills here.
http://dl.dropbox.com/u/21443163/Reviews.php
http://dl.dropbox.com/u/21443163/updateReview.php
while($RecordSetMovieRow = odbc_fetch_array($RecordSetMovie))
{
echo "<tr>";
$review = $RecordSetMovieRow['Review'];
echo "<td align = 'center'>" . $RecordSetMovieRow['FirstName']. $RecordSetMovieRow['LastName'] . "</td>";
echo "<td align = 'center'><textarea name = 'textarea' rows = '5' cols= '40'>" . $review . "</textarea></td>";
$textarea = $_GET['textarea'];
$u = $Re[0];
echo "<td><form action = 'updateReview.php?id=".$RecordSetMovieRow['ReviewID']."&review=$textarea' method = 'POST'><input type='submit' value='Update'></form></td>";
echo "</tr>";
}
echo "</table>";
odbc_close($Conn);
If you want to send large blocks of data to the database then enclose everything in a form with the method=POST name/attribute
<form action="updatingScript.php" name="myForm" method="POST" >
<textarea name="textArea" rows="5" cols="40"><?=$review ?></textarea>
</form>
Then in your updatingScript.php do this
if(isset($_POST['myForm'])) {
$textInfo = mysql_real_escape_string($_POST['textArea']);
//move this info in your database
mysql_connect("localhost", "root", "");
mysql_select_db("myDb")
$query="UPDATE myTable SET userTextInfo='$textInfo' WHERE userId='$userId' ";
$result=mysql_query($query);
}
Also set error_reporting(E_ALL); at the beginning of your PHP script as this will display what went wrong (in response to your "we aren't getting any errors")
You mention method='POST' in your form definition (which is right), but attempt to check $_GET['textarea'] (which is wrong either way). I'd suggest fixing the latter: sending large blocks of text in URL itself is usually not great.
Don't forget to get rid of the &review=$textarea as well; no need to send the content twice, in two different variables. )
Your code, with just a few minor tweaks to make it get the proper data from the form. The credit goes to raina77ow, though - his answer is absolutely correct. I just saw that you requested some code, so here it is.
Also, you need to have the form tags such that the textarea is WITHIN them, otherwise it is not part of the form, and it's data does not get posted (that edit is included below).
echo '<form action = 'updateReview.php?id=".$RecordSetMovieRow['ReviewID']."' method = 'POST'>'; // Moved this outside of the while - BUT it needs to be BEFORE the <table> tag also!
echo '<table>'; // If this is not where you want your opening table tag, that's fine - but move the opening FORM tag to BEFORE the opening Table tag
while($RecordSetMovieRow = odbc_fetch_array($RecordSetMovie))
{
echo "<tr>";
$review = $RecordSetMovieRow['Review'];
echo "<td align = 'center'>" . $RecordSetMovieRow['FirstName']. $RecordSetMovieRow['LastName'] . "</td>";
echo "<td align = 'center'><textarea name = 'textarea' rows = '5' cols= '40'>" . $review . "</textarea></td>";
$textarea = $_POST['textarea']; // Changed from $_GET["textarea"] because you are using method='post' in form
$u = $Re[0];
echo "<td><input type='submit' value='Update'></td>";
echo "</tr>";
}
echo "</table>";
echo '</form>'; // Moved this to the end of the form, so data from form will get passed
odbc_close($Conn);
I have a dropdown box which is populated through MySQL:
echo "<form>";<br>
echo "Please Select Your Event<br />";
echo "<select>";
$results = mysql_query($query)
or die(mysql_error());
while ($row = mysql_fetch_array($results)) {
echo "<option>";
echo $row['eventname'];
echo "</option>";
}
echo "</select>";
echo "<input type='submit' value='Go'>";
echo "</form>";
How do i make it that if one clicks submit it will display a value from a MySQL db
Thanks for the help
Just change your query like SELECT result FROM somedb WHERE eventname = '".$eventname."'
Then you just do: (remember to check before while has user already requested info)
The value was: <?php print $row["result"]; ?>
Remember to check $_POST["eventname"] with htmlspecialchars before inserting it to query.
1) Give a name to your <select>, i.e. <select name='event'>.
2) Redirect your form to the display page (and set method POST): <form method='POST' action='display.php'>
3) just display the selected value: <?php echo $_POST['event']; ?>
If you want to use the same page, give a name to your submit button and then do this:
<?php
if (isset($_POST['submit']))
echo $_POST['event'];
?>
Hope it helps.