I have an inbox code for deleting messages.
If I select one single message it deletes all of them.
How can I fix this ?
Here is my code for delete_message.php :
<?php
$inboxbtn = $_POST['deleteinbox'];
$outboxbtn = $_POST['deleteoutbox'];
if ($inboxbtn)
{
$selectall = $_POST['selectall'];
if ($selectall)
{
$query = mysql_query("SELECT * FROM messages WHERE to_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
mysql_query("UPDATE messages SET to_delete='1' WHERE to_user='$user'");
}
echo "All messages have been deleted.";
}
else
{
$query = mysql_query("SELECT * FROM messages WHERE to_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
$msg_id = $row['id'];
$value = "cb" . "$msg_id";
$checkbox = $_POST[$value];
if ($value)
{
mysql_query("UPDATE `messages` SET `to_delete`='1' WHERE `to_user`='$user' AND `id`='$msg_id'");
}
}
echo "The selected messages have been deleted.";
}
}
elseif ($outboxbtn)
{
$selectall = $_POST['selectall'];
if ($selectall)
{
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
mysql_query("UPDATE messages SET from_delete='1' WHERE from_user='$user'");
}
echo "All messages have been deleted.";
}
else
{
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
$msg_id = $row['id'];
$value = "cb" . "$msg_id";
$checkbox = $_POST[$value];
if ($value)
{
mysql_query("UPDATE messages SET from_delete='1' WHERE to_user='$user' AND id='$msg_id'");
}
}
echo "The selected messages have been deleted.";
}
}
else echo "Choose a message to delete.";
?>
And here is the code in inbox.php that has the checkboxes
<?php
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user' AND from_delete='0' ORDER BY id DESC");
$numrows = mysql_num_rows($query);
if ($numrows != 0)
{
echo "<form action='delete_message.php' method='POST'>";
echo "<div class='messages'>
<div class='leftside'><input type='checkbox' name='selectall'><input type='submit' name='deleteoutbox' value='Delete' class'button'></div>
<div class='rightside'>Date</div>
Subject And Message
<div class='clear'></div>
<hr>
</div>";
while ($row = mysql_fetch_assoc($query))
{
$msg_id = $row['id'];
$msg_to_user = $row['to_user'];
$msg_to_id = $row['to_id'];
$msg_from_user = $row['from_user'];
$msg_from_id = $row['from_id'];
$msg_subject = $row['subject'];
$content = nl2br($row['content']);
$msg_date = $row['date'];
$msg_from_delete = $row['from_delete'];
$msg_to_delete = $row['to_delete'];
if (!$msg_from_delete)
{
echo "<div class='messages'>";
echo "<div class='leftside'>
<input type='checkbox' name='cb$msg_id' value='$msg_id'>
<a href='profile.php?id=$msg_to_id' target='_blank'>$msg_to_user</a>
</div>";
echo "<div class='rightside'>$msg_date</div>";
echo "<div id='center' style='margin-left:150px; margin-right:150px;'>
<span class='toggle'><a href='#' onClick='return false'>$msg_subject</a></span>
<div class='hiddenDiv'>
<br /><hr>
<b>$smiles </b>
<br /><br />
</div>
</div>";
echo "<div class='clear'>";
echo "<br /><br /><hr>";
echo "</div></div>";
}
}
echo "</form>";
}
else echo "You Have No Messages In Your Outbox"
?>
Then for the inbox messages it is the same as the outbox but in the inbox form.
How can I fix this ?
The below code is for outbox.php since that's what you have pasted.
First, change your checkbox from:
<input type='checkbox' name='cb$msg_id' value='$msg_id'>
To something like:
<input type='checkbox' name='outbox_ids[]' value='$msg_id'>
And the elseif for the outbox will be:
elseif ($outboxbtn)
{
$selectall = $_POST['selectall'];
if ($selectall)
{
$query = mysql_query("SELECT * FROM messages WHERE from_user='$user'");
while ($row = mysql_fetch_assoc($query))
{
mysql_query("UPDATE messages SET from_delete='1' WHERE from_user='$user'");
}
echo "All messages have been deleted.";
}
else
{
if(isset($_POST['outbox_ids']){
$outbox_msg_ids = array_map('mysql_real_escape_string', $_POST['outbox_ids']);
//all the checked msg id are now stored in $outbox_msg_ids,
//we will loop through the values and pass it to the update query
foreach($outbox_msg_ids as $msg_id){
mysql_query("UPDATE messages SET from_delete='1' WHERE to_user='$user' AND id='$msg_id'");
}
echo "The selected messages have been deleted.";
} //isset if block ends
}
}
Note:
Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
Related
I have a problem with updating value with PHP, it can get the data that I input but it cannot update it and render it to the read page.
<?php
require_once("session.php");
require_once("included_functions.php");
require_once("database.php");
new_header("VinceT");
$mysqli = Database::dbConnect();
$mysqli->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
if (($output = message()) !== null) {
echo $output;
}
echo "<h3>Update A Order</h3>";
echo "<div class='row'>";
echo "<label for='left-label' class='left inline'>";
if (isset($_POST["submit"])) {
$stmt = $mysqli->prepare("UPDATE VTCustomer SET CustomerFName=? WHERE CustomerID=?");
$stmt->execute([$_POST["CustomerFName"],$_POST["CustomerID"]]);
$stmt1 = $mysqli->prepare("UPDATE VTCustomer SET CustomerLName=? WHERE CustomerID=?");
$stmt1->execute([$_POST["CustomerLName"],$_POST["CustomerID"]]);
if($stmt) {
$_SESSION["message"] = $_POST["CustomerFName"]." has been updated";
} else {
$_SESSION["message"] = "Error! Could not update ".$_POST["CustomerFName"];
}
redirect("read.php");
} else {
if (isset($_GET["id"]) && $_GET["id"] !== "") {
$stmt = $mysqli->prepare("SELECT OrderID FROM OrderVinceT WHERE OrderID=?");
$stmt->execute([$_GET["id"]]);
if ($stmt) {
while ($row = $stmt->fetch(PDO::FETCH_ASSOC)) {
echo "<h3>Order ".$row["OrderID"]." Information</h3>";
}
echo "<form method='POST' action='update.php'>";
echo "<input type = 'hidden' name = 'OrderID' value = ' ".$row['OrderID']." ' />";
$stmt1 = $mysqli->prepare("SELECT CustomerFName FROM VTCustomer WHERE CustomerID=?");
$stmt1->execute([$_GET["id"]]);
if ($stmt1) {
while ($row1 =$stmt1 -> fetch(PDO::FETCH_ASSOC)) {
echo "<p>Customer First Name: <input type='text' name='CustomerFName' value='".$row1["CustomerFName"]."'></p>";
}
}
$stmt5 = $mysqli->prepare("SELECT CustomerLName FROM VTCustomer NATURAL JOIN OrderVinceT WHERE OrderVinceT.CustomerID=?");
$stmt5->execute([$_GET["id"]]);
if ($stmt5) {
while ($row5 =$stmt5 -> fetch(PDO::FETCH_ASSOC)) {
echo "<p>Customer Last Name: <input type='text' name='CustomerLName' value='".$row5["CustomerLName"]."'></p>";
}
}
echo "<input type='submit' name='submit' value='Update Order' class='tiny round button'/>";
echo "</form>";
echo "<br /><p>«:<a href='read.php'>Back to Main Page</a>";
echo "</label>";
echo "</div>";
} else {
$_SESSION["message"] = "Order could not be found!";
redirect("read.php");
}
}
}
new_footer("VinceT");
Database::dbDisconnect($mysqli);
?>
Do you guys have any idia why I cannot update this? I test queries in the console and it works just fine. The if statement that render out the message still receive the value of the input but it cannot update the database that render out in read.php
Hi I am trying to do a Registration that the users will put their name password and their answers to some questions and then an admin will manually answer to it if it's accepted.I did the system that loads their name password and answers in the database,and I also ran the things that will show the answers to the admin,but I can't figure a way to change a value just for one user not for all of them,I will leave you my codes and everything over here.
Here is my admin.viewapplications.php code
(Here,it shows everything fine,but I can't figure a way that the button to act just for one id not for all)
<?php
//include(__DIR__ . "/signup.php");
include("../resources/config.php");
//$name = $_POST['Name'];
//$mg = $_POST['MG'];
//$pg = $_POST['PG'];
//$rk = $_POST['RK'];
$sql = "SELECT id, name, tutorial, MG, PG, RK FROM rp_users WHERE tutorial = 2";
//$tutorial = "SELECT tutorial FROM rp_users";
$result = mysql_query($sql);
//$result2 = mysql_query($tutorial);
//$value = mysql_fetch_object($result2)
/*if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}*/
//if($value > 1)
//
while($row = mysql_fetch_array($result))
{
//$tutorial = row["tutorial"];
//f($tutorial == 2)
//}
$id = $row["id"];
$name = $row["name"];
$mg = $row["MG"];
$pg = $row["PG"];
$rk = $row["RK"];
echo "ID: " . $id."<br> <br>";
echo "Nume: " . $name."<br> <br>";
echo "MG: " . $mg."<br> <br>";
echo "PG: " . $pg."<br> <br>";
echo "RK: " . $rk."<br> <br>";
echo '<form action="./?p=applicationaccept" method="POST">';
echo '<input type="submit" name="accept" value="Accepta">';
echo '</form><br>';
echo '<form action="./?p=applicationdeny" method="POST">';
echo '<input type="submit" name="deny" value="Respinge">';
echo '</form><br> <br> <br>';
}
//}
//
?>
And here is my applicationaccept.php
<?php
include("../admin/admin.viewapplications.php");
include("../resources/config.php");
$iduser = $id;
$sql = "UPDATE rp_users SET tutorial=0";
$result = mysql_query($sql);
if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}
/*while($row = mysql_fetch_array($result))
{
}*/
?>
I think what you want to do is a simple UPDATE to your MySQL database..
but make sure you format the PHP code you're using otherwise it'll give you an ERROR!
Also you have to use 'mysqli' now in PHP!
<?php
$someID = '1';
$sql = "UPDATE `rp_users` SET `tutorial`= '0' WHERE `id` = $someID";
$result = mysqli_query($link, $sql);
if($result)
{
echo "Success";
}
else
{
echo ("Error");
}
?>
BTW I forgot to mntion the '$link' is the connection to your database!
As of my understanding of your question if your form action is applicationaccept.php and you are trying to update for one user in applicationaccept.php file, try this:
<?php
include("../admin/admin.viewapplications.php");
include("../resources/config.php");
$iduser = $_POST["id"]; // pass id as parameter in form
$sql = "UPDATE rp_users SET tutorial=0";// change this line to following line
$sql = "UPDATE rp_users SET tutorial=0 where id=$iduser";
$result = mysql_query($sql);
if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}
?>
Be aware your code is vulnerable
The page only show message when I click submit button, but now I want the message show inside the form after click submit button.How can I add some code or change the code following to make the message can run inside the form?
Here is my php code:
<?php
function topic_go($id){
echo "<meta http-equiv=\"refresh\" content=\"0;url=main_forum.php?act=topic&id=".$id."\">";
}
$id = $_GET['id'];
if(!$_SESSION['sign_in']){
$sql4= "SELECT * FROM categories WHERE level <".$_SESSION['userlevel']."+1";
$res4= mysql_query($sql4) or die (mysql_error());
$row4 = mysql_fetch_assoc($res4);
$sql5= "SELECT * FROM sub_categories WHERE sub_id ='".$id."'";
$res5 = mysql_query($sql5) or die (mysql_error());
$row5 = mysql_fetch_assoc($res5);
echo "<script type=\"text/javascript\">";
echo "alert('Please Login To Create Topic!');";
echo "window.location='main_forum.php?act=forum&id=".$row5['sub_id']."'";
echo "</script>";
}else{
if($id){
$sql="SELECT * FROM sub_categories WHERE sub_id = '".$id."'";
$res = mysql_query($sql) or die(mysql_error());
if(mysql_num_rows($res) == 0){
echo "The forum you are trying to create a topic on, does not exist!\n";
}else{
$row1 = mysql_fetch_assoc($res);
if ($row1['level'] == 1 && $admin_user_level == 0){
echo "You are not an administrator, you cannot post on this forum";
}else {
if (!$_POST['submit']) {
echo "<table bgcolor=\"#CFFAE4\" cellspacing=\"10\" align=\"center\">\n";
echo "<form method=\"post\" action=\"./main_forum.php?act=create&id=".$id."\">\n";
echo "<tr><td>Forum Sub Category</td><td><select name=\"cat\" style=\"font-size:16px;\">\n";
$sql2= "SELECT * FROM categories WHERE level <".$admin_user_level."+1";
$res2= mysql_query($sql2) or die (mysql_error());
while($row = mysql_fetch_assoc($res2)){
$sql3= "SELECT * FROM sub_categories WHERE sub_cid = '".$row['cat_id']."'";
$res3 = mysql_query($sql3) or die (mysql_error());
echo "<option value=\"0\">".$row['cat_name']."</option>\n";
while($row2 = mysql_fetch_assoc($res3)){
$selected = ($row2['sub_id'] == $id) ? " SELECTED" : "";
echo "<option value=\"".$row2['sub_id']."\"".$selected."> ".$row2['sub_name']."</option>\n";
}
}
echo "</select></td></tr>\n";
echo "<tr><td valign=\"top\">Topic Title</td><td><textarea name=\"title\" style=\"width:400px;height:50px;font-size:16px\"></textarea></td></tr>\n";
echo "<tr><td valign=\"top\">Message</td><td><textarea name=\"message\" style=\"width:500px;height:300px;font-size:20px;\"></textarea></td></tr>\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"button\" onClick=\"history.go(-1);\" value=\"Back\" class=\"btnz btnz_color\"> <input type=\"submit\" name=\"submit\" value=\"Create Topic\" class=\"btnz btnz_color\"></td></tr>\n";
echo "</form></table>\n";
}else{
$cat = $_POST['cat'];
$title = $_POST['title'];
$msg = $_POST['message'];
if($cat && $title && $msg){
$sql = "SELECT level FROM sub_categories WHERE sub_id ='".$cat."'";
$res = mysql_query($sql) or die (mysql_error());
if(mysql_num_rows($res)==0){
echo "This forum sub category does not exist!\n";
} else{
$row = mysql_fetch_assoc($res);
if ($row['level'] == 1 && $admin_user_level !=1){
echo "You are not an admin therefore you cannot post a new topic!";
}else{
if (strlen($title) < 3 || strlen($title) > 1000){
echo "The title must between 3 and 1000 characters!\n";
}else{
if(strlen($msg) < 3 || strlen($msg) > 10000){
echo "The message must between 3 and 10,000 characters!\n";
}else{
$date = date("m-d-y") . " at " . date("h:i:s");
$time = time();
$sql2 = "INSERT INTO topics (topic_cid, topic_title, topic_uid, topic_date, topic_time, topic_message)
VALUES('".$cat."','".$title."','".$_SESSION['userid']."','".$date."','".$time."','".$msg."')";
$res2 = mysql_query($sql2) or die (mysql_error());
$tid = mysql_insert_id();
topic_go($tid);
}
}
}
}
}else{
echo "Please supply all fields!\n";
} }} }
}
}?>
Thank You For Helping!
I want to send a message from a user (user A) to another user (user B) which those users are connected each other in the database. To be more specific.
We keep the connection of the users in a table in the database which we called friends. In this table we have two columns, username and friend.
I have the code in order to send data between the users but it doesn't perform any checking in order to see if the user A who wants to send a message to the user B are connected to each other. If the users are connected I want to allow them to send the message and if they are not I want to echo a notification that they are not allowed to send a message because they are not connected.
I can understand that I want an if condition where I perform the check to see if the users are connected and have the appropriate code below and if it is not connected then output the notification described above.
How can I create this checking?
I am using php and mysql
HERE IS MY CODE...
<?php
include_once 'header.php';
if (!$loggedin) die();
if (isset($_GET['view'])) {
$view = sanitizeString($_GET['view']);
} else {
$view = $username;
}
if (isset($_POST['text'])){
$text = sanitizeString($_POST['text']);
if ($text != ""){
$pm = substr(sanitizeString($_POST['pm']),0,1);
$time = time();
queryMysql("INSERT INTO messages VALUES(NULL, '$username', '$view', '$pm', $time, '$text')");
}
}
if ($view != "") {
if ($view == $username) {
$name1 = $name2 = "Your";
} else {
$name1 = "<a href='members.php?view=$view'>$view</a>'s";
$name2 = "$view's";
}
echo "<div class='main'><h3>$name1 Messages</h3>";
showProfile($view);
echo <<<_END
<form method='post' action='messages.php?view=$view'>
Type here to leave a message:<br />
<textarea name='text' cols='40' rows='3'></textarea><br />
Public<input type='radio' name='pm' value='0' checked='checked' />
Private<input type='radio' name='pm' value='1' />
<input type='submit' value='Post Message' /></form><br />
_END;
if (isset($_GET['erase'])) {
$erase = sanitizeString($_GET['erase']);
queryMysql("DELETE FROM messages WHERE id=$erase AND recip='$username'");
}
$query = "SELECT * FROM messages WHERE recip='$view' ORDER BY time DESC";
$result = queryMysql($query);
$num = mysql_num_rows($result);
for ($j = 0 ; $j < $num ; ++$j) {
$row = mysql_fetch_row($result);
if ($row[3] == 0 || $row[1] == $username || $row[2] == $username) {
echo date('M jS \'y g:ia:', $row[4]);
echo " <a href='messages.php?view=$row[1]'>$row[1]</a> ";
if ($row[3] == 0) {
echo "wrote: "$row[5]" ";
} else {
echo "whispered: <span class='whisper'>" . ""$row[5]"</span> ";
}
if ($row[2] == $username) {
echo "[<a href='messages.php?view=$view" . "&erase=$row[0]'>erase</a>]";
}
echo "<br>";
}
}
}
if (!$num) {
echo "<br /><span class='info'>No messages yet</span><br /><br />";
}
echo "<br /><a class='button' href='messages.php?view=$view'>Refresh messages</a>";
?>
</div><br /></body></html>
The checking system for my question is the below and it works..
<?php
include_once 'header.php';
if (!$loggedin) die();
if (isset($_GET['view'])) $view = sanitizeString($_GET['view']);
else $view = $username;
$result1 = mysql_num_rows(queryMysql("SELECT username,friend FROM friends
WHERE username='$username' AND friend='$view'"));
$result2 = mysql_num_rows(queryMysql("SELECT username,friend FROM friends
WHERE username='$view' AND friend='$username'"));
if (($result1 + $result2) > 1)
{
//REST OF THE CODE
}
?>
what we are doing is that for the result1 we are checking if the logged in username($username) is connected with the viewed profile ($view) and for the result2 we are doing vice versal, to be more specific we are checking in the result2 that if the username of the viewed profile($view) is connected with the ($username) then in the if statement we check that if those two result has more than one row in the table then they are both connected.
PS: sorry for my bad english
My first page to delete queries selected by user query.php which is working absolutely fine:
<form method=post action="delete.php">
List of queries<br/>
<?php
$ebits = ini_get('error_reporting');
error_reporting($ebits ^ E_NOTICE);
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("testdb") or die(mysql_error());
echo "<br />";
$query = "select * from queries ";
$result = mysql_query($query) or die(mysql_error());
$count=mysql_num_rows($result);
while($row = mysql_fetch_array($result))
{
print "<input type='checkbox' name='Query[]' value=\"".$row['queryId']."\"> ";
echo " ". $row['name']." ". $row["address"]." ". $row["contactNo"]."
". $row["query"];
echo "<br />";
}
?>
<input type="submit" value="Delete" name="Delete">
<br/>
</form>
I've tried with following codes for second page delete.php but nothing seems to work.
Code1:
<?php
if($_POST['Delete'])
{
if(count($_POST['checkbox']) > 0) {
foreach($_POST['checkbox'] as $checkbox)
{
$del_id=$checkbox;
$sql = "DELETE * FROM queries WHERE `queryId`= '$del_id'";
$result = mysql_query($sql);
mysql_error();
}
echo "Selected Rows deleted";
} else {
$NEW="Nothing to Delete";
}
}
?>
Code2:
<?php
if(($_POST['Delete']))
{
$count=array();
$count=$_POST['checkbox'];
for($i=0;$i<count($count);$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM queries WHERE queryId='$del_id' ";
$result = mysql_query($sql);
}
$NEW="Selected records Deleted";
}
var_dump($_POST['checkbox']);
var_dump($count);
?>
Your checkbox names are "Query", but you're accessing it as $_POST['checkbox']. This should be $_POST['Query'] instead.
EDIT checking from your updated code:
if($_POST['Delete']) {
if(count($_POST['Query']) > 0) {
foreach($_POST['Query'] as $checkbox) {
$del_id=$checkbox;
$sql = "DELETE * FROM queries WHERE queryId= '$del_id'";
$result = mysql_query($sql);
mysql_error();
}
echo "Selected Rows deleted";
}
else {
$NEW="Nothing to Delete";
}
}
Instead of this:
$del_id=$checkbox;
do this:
// if queryId is numeric
$del_id=intval($checkbox);
This makes sure that the value you're working with is numeric, instead of potential malicious input from your user. I'm going under the assumption that queryId is numeric. If it's not, then you need to do this:
// if queryId is not numeric:
$del_id = mysql_real_escape_string($checkbox);
Your DELETE syntax is incorrect:
$sql = "DELETE * FROM queries WHERE queryId= '$del_id'";
You want just DELETE FROM. Also if the value for queryId is numeric, you don't need the quotes around it:
$sql = "DELETE FROM `queries` WHERE `queryId` = $del_id";
Finally, your MySQL error call doesn't do anything useful as is:
mysql_error();
Here's how you should do this, along with the rest of the code:
if($_POST['Delete']) {
if(count($_POST['Query']) > 0) {
foreach($_POST['Query'] as $checkbox) {
$del_id= intval($checkbox);
$sql = "DELETE FROM `queries` WHERE `queryId` = $del_id";
$result = mysql_query($sql);
if(!$result) {
echo "There was an error in the query: " . mysql_error();
}
}
echo "Selected Rows deleted";
}
else {
$NEW="Nothing to Delete";
}
}