I need to delete a record, in this case a categories from my forum, from the database based on its id.
<?php
if(isset($_SESSION['signed_in']) && $_SESSION['user_level'] == 1)
{
?>
<td>
<form method="post">
<input type="hidden" value="<?= ['cat_id']; ?>">
<input type="submit" name="submit" value="Remover" />
</form>
<?php
if(isset($_POST['submit']))
{
mysql_query("DELETE FROM categories where cat_id = 'cat_id'");
}
?>
</td>
<?php
}
?>
i cant get a "good" way to do it... :(
EDIT: This is for a programming lesson not a real forum!!
Your HTML Input Field needs a name so it can be identified by your PHP.
Then, in your Code Block where you attempt to delete the category, you need to acces the category id using the $_POST array.
Another thig you want to do is read up onj the dangers of SQL injections.
If you're just playing around with PHP and MySQL at the moment: Go Ahead. But if you actually want to develop, maybe you should read up on a few other things as well, even if it seems like overkill at first: PHP The Right Way.
Nontheless, try this:
<?php
if(isset($_SESSION['signed_in']) && $_SESSION['user_level'] == 1)
{
?>
<td>
<form method="post">
<input type="hidden" name="hid_catid" id="hid_catid" value="<?php echo $cat_id; ?>">
<input type="submit" name="submit" value="Remover" />
</form>
<?php
if(isset($_POST['submit']))
{
$query = "DELETE FROM categories where cat_id = '".(int)$_POST['hid_catid']."'";
mysql_query($query);
}
?>
</td>
<?php
}
?>
--> hidden field should have name and id to use
--
Thanks
Your hidden input field needs a name to be accessable after the post. Also I am not sure if ['cat_id'] is the correcty way to reference this variable. Where does it come from?
<form method="post">
<input type="hidden" name="cat_id" value="<?= $cat_id ?>">
<input type="submit" name="submit" value="Remover" />
</form>
Then your query has to look like this to correctly grab the id from the post.
mysql_query("DELETE FROM categories where cat_id = " . mysql_real_escape_string($_POST['cat_id']));
Related
At the bottom of this code you'll see an 'Accept Offer' button, when I click on that another piece of code gets executed as you can see on the bottom of this post.
For example this project has 3 bidders, so 3 times bidder_id and writer_bid so I use 'foreach' and load it in divs, works fine, but now I need to store those variables in a database, which technically works but it doesn't store the bids from the row I pull them from, it just takes the data from the last row, that is if I place the code at the bottom of this thread in my header.
However when I put it inside the loop it executes three times, I saw that when I got an error message that I had to close 3 times cause there are 3 rows in the database table that I pull the data from.
How can I prevent this, and either have it load once when the code is inside the foreach loop, or have it pull the correct writer_bid and bidder_id to store.
<div class="WB-Bottom-block lefts">
<?php $getBidders=" AND project_id=$project_id"; $bidders=getBidder($getBidders); foreach($bidders as $bidder) {
$bidder_id=$bidder['writer_id'];
$writer_bid=$bidder['writer_bid'];
?>
<div class="findwriters_boxes">
<div class="findwriters_right">
<div style="float:right;margin-top:6px;width:170px;">
<input type="hidden" name="writer_bid" id="writer_bid" value="<?php echo $writer_bid; ?>" />
<input type="hidden" name="bidder_id" id="bidder_id" value="<?php echo $bidder_id; ?>" />
<input type="submit" class="homebtn11" name="submit" id="submit" value="Accept Offer"/>
</div>
</div>
</div><?php } ?>
Below the code that needs to be executed and that results in issues, whether I place it inside the foreach loop, or inside the header instead.
As you can see I tried to store it in input fields so that it stays there so the header can pull it on refresh of the page / click of the button.
<?php if(isset($_POST['todo']) && $_POST['todo']=='submit_project') {
$balance=get_client_balance_info($current_user->ID);
$writer_bid=$_POST['writer_bid'];
$bidder_id=$_POST['bidder_id'];
if($balance >= $_POST['writer_bid']) {
global $wpdb;
$sql3="UPDATE `wp_project` SET `writer_id` = '".$bidder_id."' WHERE `id` =". $project_id;
$wpdb->query($sql3);
$sql4="UPDATE `wp_project` SET `price` = '".$writer_bid."' WHERE `id` =". $project_id;
$wpdb->query($sql4);
$sql5="UPDATE `wp_project` SET `status` = '2' WHERE `id` =". $project_id;
$wpdb->query($sql5);
$success_msg="You accepted a bid, the money will be deducted from your account.";
}
else $fail_msg="Your balance is not sufficient.";
I think you should make a form for each div that you are adding right now you are putting the bidder_id in the different inputs but the same name.
So it will get the last inputs, maybe it's better to specify the inputs with the row id or to separate the forms or make the input names as array.
I hope this helps you.
I fixed it with the help of Diar Selimi like this:
<div style="float:right;margin-top:6px;width:170px;">
<form action="" name="frmeditor" method="post" id="frmeditor" >
<input type="hidden" name="todo" id="todo" value="submit_project" />
<input type="hidden" name="writer_bid" id="writer_bid" value="<?php echo $writer_bid; ?>" />
<input type="hidden" name="writer_id" id="writer_id" value="<?php echo $writer_id; ?>" />
<input type="submit" class="homebtn11" name="submit" id="submit" value="Accept Offer"/>
</form>
Before that my form and value="submit_project" tags were scattered all over the place!
I have a data base 'School'. It has only one table - 'Words'. There are word_id, word_name, word_description in it. I want to pull a random description and display it on a page. Then I want to input a word and see if the word has the same description as the random one that was pulled. What am I doing wrong? Here is the code -
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<title>Изпит</title>
</head>
<body>
<?php
$connection = mysqli_connect('localhost', 'root', '', 'school');
if(!$connection){
echo 'NOT OK';
exit;
}
if(isset($_POST['submit_description'])){
$q = mysqli_query($connection, ' SELECT word_description
FROM words ORDER BY rand() LIMIT 1
');
$row=mysqli_fetch_assoc($q);
if($row){
$_POST['word_description'] = $row['word_description'];
echo $_POST['word_description'];
}
}
if(isset($_POST['submit_word'])){
$word_name = $_POST['word_name'];
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
$result=mysqli_query($connection, $q2);
$count=mysqli_num_rows($result);
if($count==1){
echo 'Позна ве.';
}else{
echo 'Не позна ве.';
}
}
?>
<br><br><br>
<form method="POST">
<input type="submit" name="submit_description" value="Искай описание.">
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
</form>
<form method="POST">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
</body>
</html>
I think you have some typos.
This line of code here:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
Should be like this:
$q2="SELECT * FROM words WHERE word_name='".$word_name."' and word_description='".$_POST['word_description']."'";
1) There is a typo in $_POST['word_description'] in your query:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_description='".$_POST['word_decsription']."'";
2) Also, I would recommend using the word_id instead of the word description to make the verification... you would need to write it in a <input name="word_id" type="hidden" value="..." /> in your form to pass it along.
What would be even better, to prevent people from knowing the answer by looking at the code (in case they would know what word matches what id), you could encode the value in the hidden field to be md5($word_id.$word_name) and then in your query you check "WHERE MD5(CONCAT(word_id, word_name))='".$_POST['word_md5']."'" (assuming your hidden input is now called "word_md5).
EDIT:
After looking at the HTML I see what your problem is:
<form method="POST">
<input type="submit" name="submit_description" value="Искай описание.">
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
</form>
<form method="POST">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
This should all be in the same <form> element:
<form method="POST">
The word description is: <?php echo $_POST['word_description']; ?>
<input type="hidden" name="word_description" value="<?php echo $_POST['word_description']?>">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
When the form is submitted, the $_POST array should contain the word_description AND the word_name submitted.
EDIT 2:
If you wish to use the id, you would have to first add it to your SELECT query:
$q = mysqli_query($connection, ' SELECT word_id, word_description
FROM words ORDER BY rand() LIMIT 1
');
Then you'd need to set it to some variable, and then later in your HTML:
<form method="POST">
The word description is: <?php echo $_POST['word_description']; ?>
<input type="hidden" name="word_id" value="<?php echo $word_id?>">
<input type="text" name="word_name">
<input type="submit" name="submit_word" value="Провери дума.">
</form>
Your second SQL query should then look like:
$q2="SELECT * FROM words WHERE word_name='$word_name' and word_id='".$_POST['word_id']."'";
Note: it is a bad practice to change the $_POST array in your code.
This array is populated by the request sent by the client and things can get confusing if you change the values there.
It is better to create another variable and set it to the value from the $_POST (example: $word_description = $_POST['word_description'];).
This way, you can still use array_key_exists('word_description', $_POST) to verify if the client actually sent something.
Hello there first time doing this, Basically I am rather confused on how to Re-populate text boxes from the database.
My current issue is that basically I have two tables in my database 'USER' and 'STATISTICS'.
Currently what is working is that my code is looking up the values of 'User_ID' in the 'USER' table and populating the values in the drop down list.
What I want from there is for the text fields to populate corresponding to those values from the database looking up the 'User_ID' E.G 'goal_scored' , 'assist', 'clean_sheets' and etc.
I am pretty baffled I have looked up on various different questions but cannot find what im looking for.
<?php
$link = mysql_connect("localhost","root","");
mysql_select_db("f_club",$link);
$sql = "SELECT * FROM user ";
$aResult = mysql_query($sql);
?>
<html>
<body>
<title>forms</title>
<link rel="stylesheet" type="text/css" href="css/global.css" />
</head>
<body>
<div id="container">
<form action="update.php" method="post">
<h1>Enter User Details</h1>
<h2>
<p> <label for="User_ID"> User ID: </label> <select id="User_ID" id="User_ID" name="User_ID" >
<br> <option value="">Select</option></br>
<?php
$sid1 = $_REQUEST['User_ID'];
while($rows=mysql_fetch_array($aResult,MYSQL_ASSOC))
{
$User_ID = $rows['User_ID'];
if($sid1 == $id)
{
$chkselect = 'selected';
}
else
{
$chkselect ='';
}
?>
<option value="<?php echo $id;?>"<?php echo $chkselect;?>>
<?php echo $User_ID;?></option>
<?php }
?>
I had to put this in because everytime I have text field under the User_ID it goes next to it and cuts it off :S
<p><label for="null"> null: </label><input type="text" name="null" /></p>
<p><label for="goal_scored">Goal Scored: </label><input type="text" name="Goal_Scored" /></p>
<p><label for="assist">assist: </label><input type="text" name="assist" /></p>
<p><label for="clean_sheets">clean sheets: </label><input type="text" name="clean_sheets" /></p>
<p><label for="yellow_card">yellow card: </label><input type="text" name="yellow_card" /></p>
<p><label for="red_card">red card: </label><input type="text" name="red_card" /></p>
<p><input type="submit" name="submit" value="Update" /></p></h2>
</form>
</div>
</body>
</html>
If anyone can help with understanding how to get to the next stage would be much appreciated thanks x
Rather than spending time on something complicated like AJAX, I'd recommend going the simple route of pages with queries, such as user.php?id=1.
Craft a user.php file (like yours) and if id is set (if isset($_GET['id'])) select that user from the database (after having sanitised your input, of course) with select * from users where id = $id (I of course assume you have an id for each user).
You can still have the <select>, but remember to close it with </select>. You might end up with something like this:
<form method="get">
<label for="user">Select user:</label>
<select name="id" id="user">
<option value="1">User 1</option>
...
</select>
<submit name="submit" value="Select user" />
</form>
This will send ?id=<id> to the current page and you can then fill in your form. If you further want to edit that data, create a new form with the data filled in with code like <input type="text" name="goal_scored" value="<?php echo $result['goal_scored']; ?>" /> then make sure the method="post" and listen on isset($_POST['submit']) and update your database.
An example:
<?php
// init
// Use mysqli_ instead, mysql_ is deprecated
$result = mysqli_query($link, "SELECT id, name FROM users");
// Create our select
while ( $row = mysqli_fetch_array($link, $result, MYSQL_ASSOC) ) {?>
<option value="<?php echo $result['id']; ?>"><?php echo $result['name'] ?></option>
<?php}
// More code ommitted
if (isset($_GET['id'])) {
$id = sanitise($_GET['id']); // I recommend creating a function for this,
// but if only you are going to use it, maybe
// don't bother.
$result = mysqli_query($link, "SELECT * FROM users WHERE id = $id");
// now create our form.
if (isset($_POST['submit'])) {
// data to be updated
$data = sanitise($_POST['data']);
// ...
mysqli_query($link, "UPDATE users SET data = $data, ... WHERE id = $id");
// To avoid the 'refresh to send data thing', you might want to do a
// location header trick
header('Location: user.php?id='.$id);
}
}
Remember, this is just an example of the idea I'm talking about, lots of code have been omitted. I don't usually like writing actually HTML outside <?php ?> tags, but it can work, I guess. Especially for smaller things.
The way I've structured my form data is by creating them in a while loop, but each time they are created the form will take a unique id.
So my question is, how do I access them individually and update specified data to a MYSQL server.
I've attempted to do it in the code at the end of the script, but I'm not sure how to access the forms individually
<?php
include 'user_data.php';
include 'core.inc.php';
$query = mysql_query("SELECT `post_text` FROM `posts`,`sub_posts` WHERE sub_posts.post_id = posts.id AND sub_posts.user_id='$user_id'");
while($row = mysql_fetch_array($query)){
?><?php echo $row[post_text].'<br>'?>
<form action="<?php $curent_file ?>" method="POST">
<textarea name="answer_field" > </textarea><br />
<input type="submit" value="Submit Answer">
<input type="hidden" name="post_id" value="<?php echo $row['post_id']; ?>" />
</form>
<?php
}//While Loop
if (isset($_POST['answer_field']) && !empty($_POST['answer_field'])){
$answer = mysql_real_escape_string($_POST['answer_field']);
$id = intval($_POST ['post_id']);
$query = "UPDATE `sub_posts` SET `sub_answer`='$answer' WHERE `post_id`='$id'";
}
?>
Only a single form gets posted when clicking the "submit" field. The form name does not get submitted by itself. Instead, you would place the post ID to which the form corresponds as a hidden field:
<input type="hidden" name="post_id" value="<?php echo $row['post_id']; ?>" />
And then later:
$answer = mysql_real_escape_string ($_POST ['answer']);
$id = intval ($_POST ['post_id']);
$query = "UPDATE `sub_posts` SET `sub_answer`='{$answer}' WHERE `post_id`={$id}";
Note that you definitely need to escape the answer before putting it in the query and make sure that the ID is a number. Otherwise, you're opening up your code to SQL injection attacks.
So, I have a page with a bunch of workorders on it. Each workorder is a row in a single table, and gets put on the page with a while() statement.
I'm trying to update each row with a simple form that I put inside the while(), and an UPDATE/WHERE statement to actually add the information to the table.
Instead of adding it to the specific row, it adds it to Every row. The only thing I can think of is that my WHERE condition is wrong, but I can't seem to figure it out. Maybe it just needs fresh eyes, or maybe I'm heading in Completely the wrong direction.
Also, any specific instructions on security, a better way to do it, etc. would be very helpful. I'm learning PHP on the fly and could use a helping hand. :)
<?php
$query = "SELECT * FROM client_information";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
$which_ad = $row['ID'];?>
<b>Name:</b> <? echo $row['billing_name']; ?> <br>
<b>Job Type:</b> <? echo $row['job_type']; ?> <br>
<b>Size:</b> <? echo $row['size']; ?> <br>
<b>Text:</b> <? echo $row['text']; ?> <br>
<b>Notes:</b> <? echo $notes; ?> <br>
<br><br>
<form action="small_update.php" method="POST">
<strong>Email Message:</strong><br>
<textarea rows="8" cols="60" name="email_message"></textarea>
<input type="submit" name="submit" value="Submit"></form>
<?
$email_message = htmlspecialchars ("{$_POST['email_message']}", ENT_QUOTES);
if (mysql_errno() != 0) {
die(mysql_error());
}
mysql_query(
"UPDATE client_information
SET email_message='$email_message'
WHERE ID='$which_ad'"
);
if (mysql_errno() != 0) {
die(mysql_error());
}
}
?>
You don't specify the id in your form:
<form action="small_update.php" method="POST">
<strong>Email Message:</strong><br>
<textarea rows="8" cols="60" name="email_message"></textarea>
<input type="hidden" name="id" value="<?php echo $which_ad; ?>">
<input type="submit" name="submit" value="Submit">
</form>
you need to also make sure you know what id was submitted:
"UPDATE client_information
SET email_message='$email_message'
WHERE ID='$_POST['id']'"
Of course, you're wide open to attacks like this as everyone else is saying. You need to look into mysqli or pdo to sanitize your input...
Ans also upon inspection you're evaluating your post data in the loop. Don't do that. Just do your evaluation before everything else is processed on the page...
<?php
if($_POST)
{
//run processing here
}
// do your fetch code here and display the forms...