Update statement using variable - php

It seems my code doesn't show the query after using the edit function of my system and after pressing the save/submit button, Im trying to use the variable passing through the url and using the $_GET to show only the user's own account, I know my code has a conflict around the update statement of Mysql, Please help.
My question is: How do I make the query appear after pressing the save button in the form?
Here is my code:
<?PHP
include ("dbcon1.php");
//GET THE VARIABLE USERNAME THROUGH THE URL
$username=$_GET['username'];
?>
<html>
<head>
</head>
<body>
<form method="post">
<table>
<?PHP
//GETS ONLY THE QUERY DEPENDING ON THE URL (edit2.php?USERNAME=$USERNAME)
$customerquery=mysql_query("select * from customerinfo where username='$username'");
$customerrows=mysql_fetch_array($customerquery);
?>
//FORM THAT HAS THE USER'S INFORMATION
<tr><td>First name:</td><td><input type="text" name="fname" value="<?PHP echo $customerrows['fname'];?>"></td></tr>
<tr><td>Last name:</td><td><input type="text" name="lname" value="<?PHP echo $customerrows['lname'];?>"></td></tr>
<tr><td>Address:</td><td><input type="text" name="address" value="<?PHP echo $customerrows['address'];?>"></td></tr>
<tr><td>Contact Number:</td><td><input type="text" name="contactno" value="<?PHP echo $customerrows['contactno'];?>"></td></tr>
<tr><td>Username:</td><td><input type="text" name="username" value="<?PHP echo $customerrows['username'];?>"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password" value="<?PHP echo $customerrows['password'];?>"></td></tr>
//SAVE BUTTON
<tr><td><input type="submit" name="submit" value="Save"></td></tr>
</table>
</form>
</body>
</html>
<?PHP
include('dbcon1.php');
include('dbcon.php');
//SAVE BUTTON WHEN PRESSED, UPDATES THE TABLE
if(isset($_POST['submit'])){
$username=$_GET['username'];
$fname=$_POST['fname'];
$lname=$_POST['lname'];
$address=$_POST['address'];
$contactno=$_POST['contactno'];
$username=$_POST['username'];
$password=$_POST['password'];
//UPDATE THE TABLE
mysql_query("update customerinfo set fname='$fname',lname='$lname',address='$address',contactno='$contactno',username='$username',password='$password' where username='$username'");
header("location:index5.php?username=$username");
}
?>
<table border='1'>
<?PHP
include('dbcon.php');
include('dbcon1.php');
//GET THE VARIABLE USERNAME THROUGH THE URL
$username = $_GET['username'];
//SHOW THE USER THAT IS CURRENTLY LOGGED IN
//TABLE OF INFORMATION ABOUT THE USER
$customerquery = mysqli_query($con,"SELECT * FROM customerinfo WHERE username = '$username'");
while($customerrows=mysqli_fetch_array($customerquery)){
?>
<tr>
<td>Id</td><td>First Name</td><td>Last Name</td><td>Address</td><td>Contact No</td <td>Username</td><td>Password</td><td>Edit</td>
</tr>
<tr>
<td><?PHP echo $customerrows['id'];?></td>
<td><?PHP echo $customerrows['fname'];?></td>
<td><?PHP echo $customerrows['lname'];?></td>
<td><?PHP echo $customerrows['address'];?></td>
<td><?PHP echo $customerrows['contactno'];?></td>
<td><?PHP echo $customerrows['username'];?></td>
<td><?PHP echo $customerrows['password'];?></td>
//EDIT BUTTON
<td><input type="button" value="edit" onClick="window.location='edit2.php?username=<?php echo $username ?>'"></td>
</tr>
<?PHP } ?>
</table>
Log-out


Firstly Your Query has an Error
$customerquery=mysql_query("select * from customerinfo where username='".$username."' ");
AND
mysql_query("UPDATE customerinfo SET fname='".$fname."',lname='".$lname."',address='".$address."',contactno='".$contactno."',username='".$username."',password='".$password."' WHERE username='".$username."' ");

Related

How to pass values from from to sql query

I'm new to php programming. I'm kind of confused and I can't find any helpful information online. I'm trying to build a school manangement system from scratch. What I need is to get all the 'offered courses' from the database and put it in a form and allow the student to add the classes directly from the row. How can I do that?
I created a form and an input where the student might enter the course number and register for class. And it works fine. But I feel like it's not practical.
Here is my code
<?php
session_start();
// include("config.php");
include("functions.php");
// $sql="SELECT `course_num`, `professors`.`name` AS pName, `courses`.`name`AS cName , max_students FROM `courses`, `student_courses`,`professors` WHERE `professors`.`id`=`courses`.`professor_teaching` AND `student_id`= '".$_SESSION['student_id']."'";
// $result = mysqli_query($link, $sql);
$result = viewAllCourses();
?>
<form method="post" action="functions.php">
<table>
<tr>
<th><label>Course No.</label></th>
<th><label>Course Name</label></th>
<th><label>Professor</label></th>
<th><label>Max. Students</label></th>
<th><label>Action</label></th>
</tr>
<?php
if(mysqli_num_rows($result)){
while ($row = mysqli_fetch_assoc($result)) {
?>
<tr>
<td><label name="course_num"><?php echo $row['course_num'];?>
<input type="hidden" name ="coursenumber" value=<?php $row['course_num']?>>
</label></td>
<td><label><?php echo $row['cName'];?></label>
</td>
<td><label><?php echo $row['pName']; ?></label></td>
<td><label><?php echo $row['max_students']; ?></label></td>
<td><input type="submit" name="add" value="add"></td>
</tr>
</form>
</table>
<?php
}
}
?>
and then in the functions.php I have this code:
if (isset($_GET['add'])) {
$link = conn();
echo "TST";
exit;
$courseNum= $_POST['coursenumber'];
$record = mysqli_query($link, "INSERT INTO `student_courses`
(`student_id`, `course_id_num`)
VALUES ('".$_SESSION['student_id']."', '$courseNum')");
}
But it does nothing.
I tried adding an input tag for the course_number and passing it from there. But it doesn't work. What is the right way to do this?

You're the same names for the inputs in all the rows. When you submit the form, $_POST['coursenumber'] will just be the last course number in the table, not the one the user clicked on. You can put the course number in the value of the add button, rather than a hidden input. When a form has multiple submit buttons, the value comes from the one that was clicked.
You need to fix the order of the </form> and </table> tags, so they nest properly.
<?php
if(mysqli_num_rows($result)){
while ($row = mysqli_fetch_assoc($result)) {
?>
<tr>
<td><label name="course_num"><?php echo $row['course_num'];?>
</label></td>
<td><label><?php echo $row['cName'];?></label>
</td>
<td><label><?php echo $row['pName']; ?></label></td>
<td><label><?php echo $row['max_students']; ?></label></td>
<td><input type="submit" name="add" value="<?php echo $row['course_num'];?>"></td>
</tr>
</table>
</form>
<?php
}
}
?>
Also, since you're submitting the form with method="POST", the button will be $_POST['add'], not $_GET['add'].
You should use a prepared statement to protect against SQL-injection.
if (isset($_POST['add'])) {
$link = conn();
$courseNum= $_POST['add'];
$stmt = mysqli_prepare("INSERT INTO student_courses (student_id, course_id_num) VALUES (?, ?)");
mysqli_stmt_bind_param($stmt, "ii", $_SESSION['student_id'], $courseNum);
mysqli_stmt_execute($stmt);
}
If you want to pass multiple fields, you can put a separate form with multiple hidden inputs into each row, rather than making the whole table a form.
<?php
if(mysqli_num_rows($result)){
while ($row = mysqli_fetch_assoc($result)) {
?>
<tr>
<td><label name="course_num"><?php echo $row['course_num'];?>
</label></td>
<td><label><?php echo $row['cName'];?></label>
</td>
<td><label><?php echo $row['pName']; ?></label></td>
<td><label><?php echo $row['max_students']; ?></label></td>
<td><form action="functions.php" method="post">
<input type="hidden" name="coursenumber" value="<?php echo $row['course_num'];?>">
<niput type="hidden" name="something" value="<?php echo $row['something'];?>">
<input type="submit" name="add" value="add">
</form></td>
</tr>
</table>
<?php
}
}
?>
Then the functions.php script can use $_POST['course_num'] and $_POST['something'] to get these parameters.

how do fetching and then inserting from multi check boxes in php

I am going to fetching table values in a html table along checkbox in each row and then inserting values in another database table from multi check boxes in php.
Only the values of checked boxes should be submitted to that table.
db name "laboratory":
test: fetching values.
package: inserting table.
view
Status
Active
Inactive
<?php
$conn=mysqli_connect("localhost","root","","laboratory") or die(mysql_error());
mysql_select_db("test") or die(mysql_error());
$query="SELECT * FROM test";
$result=mysqli_query($conn,$query);
if ($result) {
while ($record=mysqli_fetch_array($result)) {

Please try to follow this code and implement in your program . Hope that this will cooperate you much
if(isset($_POST['name'])){
$name = $_POST['name'];
$status = $_POST['status'];
if(empty($name) || empty($status)){
echo "Field Must Not be empty";
} else{
$conn=new mysqli("localhost","root","","test");
if($conn){
$query = "SELECT * FROM userdata limit 5";
$stmt = $conn->query($query);
$val = '<form action="" method=""> ';
$val .= '<table> ';
if ($stmt) { ?>
<form action="" method="post">
<table>
<?php while ($result=$stmt->fetch_assoc()) { ?>
<tr>
<td><?php echo $result['post']; ?></td>
<td><input value="<?php echo $result['post']; ?>" type="checkbox" name="check[]" /></td>
</tr>
<?php } ?>
<tr>
<td>Actual Price </td>
<td>Discount</td>
<td>Final Price</td>
</tr>
<tr>
<td><input type="text" name="actual"/></td>
<td><input type="text" name="discount"/></td>
<td><input type="text" name="final"/></td>
</tr>
<tr>
<td>Description</td>
<td><textarea name="description" id="" cols="30" rows="10"></textarea></td>
</tr>
<tr>
<td><input type="submit" value="Submit" /></td>
<td><input type="reset" value="Cancel" /></td>
</tr>
</table>
</form>
<?php }} }}?>
<?php
if(isset($_POST)){
echo "<pre>";
print_r($_POST);
echo "<pre>";
}
?>`enter code here`

First of all you have to decide that what are you using either mysqli or mysql, if you are using mysqli then you have to improve your code
$query="SELECT * FROM test";
$result=mysqli_query($conn,$query);
if ($result) {
while ($record=mysqli_fetch_array($result)) {
and when you want to insert the checked data will be inserted in package table. If package table in another database then you have to give us the full detail i mean tell us the database name of package table.

PHP MYSQL - UPDATE user profile with SESSION

I'm trying to update user profile with session. Suppose, the user profile page will update accordingly to the profile of the logged in user. Here's the sample code of user_profile.php:-
<?php
session_start();
ob_start();
include("../function/dbconnect.php");
include("header.php");
?>
<html>
<body>
<?php
if(isset($_SESSION['VALID_USER'])){
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."'");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);
?>
<form action="user_profile.php" method="POST">
<div>Your Profile</div>
<table border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td><div>Username:</div></td>
<td><input type="text" name="username" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><div align="left" id="tb-name">Password:</div></td>
<td><input type="text" name="password" value="<?php echo $query2['password']; ?>" /></td>
</tr>
</table>
<input type="submit" name="submit" value="Update" />
</form>
<?php
// close while loop
}}
?>
<?php
// close connection;
mysql_close();
?>
</br>
</body>
</html>
The page returns blank. There are several other codes that I'm working on for the user_profile.php page too but, the results that I get are the same... I used below codes for admin to update user profile.
include('function/dbconnect.php');
if(isset($_GET['id']))
{
$id=$_GET['id'];
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$user_type = $_POST['user_type'];
$query3 = mysql_query("UPDATE tbl_staffs
SET username='$username', email='$email', password='$password', WHERE id='$id'");
if ($query3)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_list.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_list.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE id='$id'");
$query2=mysql_fetch_array($query1);
<form method="post">
<tr>
<td><b>Username:</b></td><td><input type="text" name="username" style="width:255px" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><b>Email:</b></td><td><input type="text" name="email" style="width:255px" value="<?php echo $query2['email']; ?>" /></td>
</tr>
<tr>
<td><b>Password:</b></td><td><input type="text" name="password" style="width:255px" value="<?php echo $query2['password']; ?>" /></td>
</tr>
<tr>
<td colspan="2" align="right">
<br />
<span title="Click to update the user details"><input type="submit" name="submit" value="Update" /></span>
</td>
</tr>
</table>
</form>
<?php
}
?>
Apparently, it works fine as it is. Though, when I tried to imply the codes for user so that they can update their own profile, the codes won't work. Where am I doing it wrong?

first check your session is exist or not and then replace ".mysql_real_escape_string($_SESSION["VALID_USER"])." in your query by a variable like
$VALID_USER=mysql_real_escape_string($_SESSION["VALID_USER"]);
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='$VALID_USER");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='$' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);

database field data not appearing in form textbox in PHP

i have this code in PHP and a database sql.. the situation is .. if i type the 1, 2 or 3 (productID) .. the textbox will be populated and field with database values.. but when i run the program.. fortunately it has no errors.. but when i type the id or 1 and click the submit button.. it doesnt get the neccessary values.. sorry for this im a complete newbie and im practicing PHP for a while now.. any help will do.. thank you..
<?php
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user'])){
header("Location: index.php");
}
$res = mysql_query("SELECT * FROM users WHERE user_id=".$_SESSION['user']);
$userRow = mysql_fetch_array($res);
?>
<?php
require('dbconnect.php');
$id = (isset($_REQUEST['productID']));
$result = mysql_query("SELECT * FROM tblstore WHERE productID = '$id'");
$sql = mysql_fetch_array($result);
if(!$result){
die("Error: Data not found");
} else {
$brandname = $sql['brandname'];
$price = $sql['price'];
$stocks = $sql['stocks'];
}
?>
<html>
<body>
<p>
hi' <?php echo $userRow['username']; ?> Sign Out
</p>
<form method="post">
<table align="center">
<tr>
<td>Search Apparel:</td>
<td><input type="text" name="search" name="productID" /></td>
</tr>
<tr>
<td>Brandname:</td>
<td><input type="text" name="brandname" value="<?php echo $brandname; ?>"/ </td>
</tr>
<tr>
<td>Price:</td>
<td><input type="text" name="price" value="<?php echo $price; ?>"/></td>
</tr>
<tr>
<td>Stocks:</td>
<td><input type="text" name="stocks" value="<?php echo $stocks; ?>"/></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Search" /></td>
</tr>
</table>
</form>
</body>
</html>

your getting the id incorrectly, you have:
<?php
$_REQUEST['productID']=8; //for testing
$id = (isset($_REQUEST['productID']));
if you check it you will find the output is true\false as returned by isset
var_dump($id); //true
what you should use is:
<?php
if(isset($_REQUEST['productID'])){ //maybe also check its a number and or valid range
$id=$_REQUEST['productID'];
}

How to call php function from html form action?

I want to call php function in form action and i want to pass id as a argument. What I am doing is, in html form database column values will be displayed in text boxes, If I edit those values and click 'update' button values in database should be updated and 'Record updated successfully'message should be displayed in same page. I tried below code but not working. Let me know the solution. Thanks in advance.
<html>
<head>
<link rel="stylesheet" type="text/css" href="cms_style.css">
</head>
<?php
$ResumeID = $_GET['id'];
$con = mysql_connect("localhost", "root", "");
mysql_select_db("engg",$con);
$sql="SELECT * from data WHERE ResumeID=$ResumeID";
$result = mysql_query($sql);
$Row=mysql_fetch_row($result);
function updateRecord()
{
//If(!isset($_GET['id']))
//{
$NameoftheCandidate=$_POST[NameoftheCandidate];
$TelephoneNo=$_POST[TelephoneNo];
$Email=$_POST[Email];
$sql="UPDATE data SET NameoftheCandidate='$_POST[NameoftheCandidate]', TelephoneNo='$_POST[TelephoneNo]', Email='$_POST[Email]' WHERE ResumeID=$ResumeID ";
if(mysql_query($sql))
echo "<p>Record updated Successfully</p>";
else
echo "<p>Record update failed</p>";
while ($Row=mysql_fetch_array($result)) {
echo ("<td>$Row[ResumeID]</td>");
echo ("<td>$Row[NameoftheCandidate]</td>");
echo ("<td>$Row[TelephoneNo]</td>");
echo ("<td>$Row[Email]</td>");
} // end of while
} // end of update function
?>
<body>
<h2 align="center">Update the Record</h2>
<form align="center" action="updateRecord()" method="post">
<table align="center">
<input type="hidden" name="resumeid" value="<? echo "$Row[1]"?>">
<? echo "<tr> <td> Resume ID </td> <td>$Row[1]</td> </tr>" ?>
<div align="center">
<tr>
<td> Name of the Candidate</td>
<td><input type="text" name="NameoftheCandidate"
size="25" value="<? echo "$Row[0]"? >"></td>
</tr>
<tr>
<td>TelephoneNo</td>
<td><input type="text" name="TelephoneNo" size="25" value="<? echo "$Row[1]"?>"></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="Email" size="25" value="<? echo "$Row[3]"?>">
</td>
</tr>
<tr>
<td></td>
<td align="center"><input type="submit" name="submitvalue" value="UPDATE" ></td>
</tr>
</div>
</table>
</form>
</body>
</html>

try this way
HTML
<form align="center" action="yourpage.php?func_name=updateRecord" method="post">
PHP
$form_action_func = $_POST['func_name'];
if (function_exists($form_action_func)) {
updateRecord();
}

write form action="" and then write your php code as below
note : use form method as get
<?php
if(isset($_GET['id']))
{
call your function here
}
?>
in function access all values using $_GET['fieldname']

simple way make your "Submit " and "Update" action performed on same page then
if(isset($_POST['update']))
{
//perform update task
update($var1,var2,$etc); // pass variables to function
header('Location: http://www.example.com/');// link to your form
}
else if(isset($_POST['submit']))
{
//perform update task
submit($var1,$var2,$etc);// pass variables to function
header('Location: http://www.example.com/'); // link to next page after submit successfully
}
else
{
// display form
}

Categories