I have that people can add team names to my MySQL table. Now I want them to edit it. I have tried several tutorials but i can't figure it out. I like to know what i am doing wrong.
This is my admin.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
if(isset($_POST['team'])){
$team = $_POST['team'];
$ID = $_POST['id'];
$query = mysql_query("SELECT * FROM e2teams WHERE Team='$team' and ID='$ID'");
if(mysql_num_rows($query) > 0 ) { //check if there is already an entry for that username
echo "$team bestaat al!";
}
else{
mysql_query("INSERT INTO e2teams (Team) VALUES ('$team')");
header("location:e2admin.php");
}
}
mysql_close();
?>
<html>
<body>
<h1>Add teams</h1>
<form action="e2admin.php" method="POST">
<input type="text" name="team" placeholder="Team naam" /><br>
<input type="submit" value="Toevoegen" />
</form>
<?php
$table = "e2teams";
$sql = "SELECT * FROM e2teams";
$result = mysql_query($sql, $dbhandle);
if(mysql_num_rows($result) > 0){
while($row = mysql_fetch_array($result)) {
echo $row['Team']. "<a href='edit.php?edit=$row[1]'>Bewerk</a><br>";
}
}
?>
</body>
</html>
The add teams works. but the edit button doesn't work yet. If I click on edit I go to the edit.php page; here I want to add the new name and need the Team to change in the MySQL row.
This is my edit.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
if( isset($_GET['edit'])) {
$id = $_GET['edit'];
$res = mysql_query("SELECT * FROM e2teams");
$row= mysql_fetch_array($res);
}
if (isset ($_POST['nieuwenaam'])) {
$newname = $_POST['nieuwenaam'];
$id = $_POST['id'];
$sql = "UPDATE e2teams SET Team='$newname' WHERE id='$id'";
$res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=edit.php'>";
}
?>
<html>
<body>
<form action="edit.php" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="hidden" name="id" placeholder="idnaam" value"s" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>
I also like to know how to delete team names but this is maybe for a next question.
This should work:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");
$selected = mysql_select_db("login", $dbhandle);
$id = intval($_GET['edit']);
if($id > 0) {
$res = mysql_query("SELECT * FROM e2teams WHERE `id` = $id");
$row= mysql_fetch_array($res);
$newname = mysql_real_escape_string($_POST['nieuwenaam']);
if (!empty($newname)) {
$sql = "UPDATE e2teams SET Team='$newname' WHERE id=$id";
$res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=edit.php?edit=$id'>";
}
}
?>
<form action="edit.php?edit=<?= $id; ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>
Edit: Also, about the intval() and mysql_real_escape_string(). Since you were using $_GET without any filter, I've added intval() function on it. Without filtering $id you could've been easily attacked by some sort of e.g. SQL Injection. Same with mysql_real_escape_string(). You might read about this filter function in php manual. For further study I recommend changing mysql_ functions to PDO or mysqli prepared statements. Happy coding!
Check your edit form. You have to put the value attribute like this value="s" no like value"". I think thats all.
I assume when they click on the edit link it's passing the id of the team so the edit.php select should be something like:
$id = (int)$_GET['edit'];
if (!empty($id))
{
$sql = "SELECT * FROM e2teams WHERE id='$id'";
$result = mysqli_query($sql);
$row = mysql_fetch_assoc($res);
}
//... keep the rest of code as is
Now you need to change the HTML form to:
<form action="edit.php?edit=<?php echo $row['id'] ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" value="<?php echo $row['Team'] ?>" /><br>
<input type="hidden" name="id" placeholder="idnaam" value"<?php echo $row['id'] ?>" /><br>
<input type="submit" value="Update" />
</form>
Related
I would like to create a form to delete the MySQL record. After checking lots of post here and other website, I am still confused about how to achieve it. Could someone guide me what wrong is with my code?
<?php
$server_name = 'xxxxxx';
$user_name = 'xxxxxx';
$password = 'xxxxxx';
$db_name = 'xxxxxx';
$conn = new mysqli($server_name, $user_name, $password, $db_name);
if(!$conn) {
die("Fail to connect to the database $conn->connect_error");
}
$conn->query('SET NAMES UTF8');
require_once('conn.php');
$id = $_POST['value'];
$sql = sprintf("DELETE FROM users WHERE id=%d", $id);
$result = $conn->query($sql);
if(!$result) {
die($conn->error);
}
if ($conn->affected_rows >= 1) {
echo 'Delete successfully';
} else {
echo 'Fail to delete the data';
}
$result = $conn->query("SELECT * from users");
if(!$result) {
die($conn->error);
}
while($row = $result->fetch_assoc()) {
echo "id: $row[id]";
echo "<form action='delete.php' method='POST'>
<input type='hidden' name='id_to_delete' value='$row[id]'>
<input type='submit' name='delete' value='Delete'>
</form>";
echo "username: $row[username]<br>";
}
?>
<form method="POST" action="delete.php">
<label for="test">Username: </label>
<input type="text" id="test" name="name">
<label for="test">Password: </label>
<input type="text" id="test" name="password">
<input type="submit">
</form>
I can see a couple of potential problems with the code:
First, you use $_POST['value'] in the PHP to get the $id to delete but you want to be using $_POST['id_to_delete'] because that is the name you have given to the html hidden input in the row's form (<input type='hidden' name='id_to_delete' value='$row[id]'>).
Second, the delete attempt will happen regardless of whether the form was submitted or not so you want to check whether there is actually an id to delete making sure it is a number.
For example:
...
$id = filter_input(INPUT_POST, 'id_to_delete', FILTER_VALIDATE_INT);
if($id!==null && $id!==false) {
$sql = sprintf("DELETE FROM users WHERE id=%d", $id);
$result = $conn->query($sql);
if(!$result) {
die($conn->error);
}
if($conn->affected_rows >= 1) {
echo 'Delete successfully';
}
else {
echo 'Fail to delete the data';
}
}
...
PLEASE NOTE: This is not production ready code! Do not use in a public facing environment! You will need to do a lot more work on validating who can post data to this php otherwise anyone could send a post request to the page and delete all your users regardless of whether they loaded the form or not.
i develop captcha that require the user to answer a question that randomly display. My database consist of id,question,answer. The problem is although i enter correct answer it still redirected me to error.php instead of success.php.
<?php
$database_db="test2";
$user_db="root";
$password_db="";
$host_db="localhost";
$link = mysqli_connect($host_db, $user_db, $password_db, $database_db);
/* check connection */
if (mysqli_connect_errno())
{
die ("couldnot connect: ".mysqli_connect_error());
exit();
}
if (array_key_exists("answer", $_POST) AND array_key_exists("question", $_POST))
{
$id = intval($_POST['question']);
$sql="SELECT question, answer FROM captcha WHERE question='$id' AND answer='".mysqli_real_escape_string($link, $_POST['answer'])."'";
$result = mysqli_query($link, $sql) or exit('$sql failed: '.mysqli_error($link));
$num_rows = mysqli_num_rows($result);
if($num_rows > 0)
{
header("Location: success.php");
}
else
{
header("Location: error.php");
}
exit;
}
else
{
$query = "SELECT id, question FROM `captcha` ORDER BY RAND() LIMIT 1";
if ($result = mysqli_query($link, $query))
{
if ($row = mysqli_fetch_assoc($result))
{
$id = $row["id"];
$question = $row["question"];
}
}
}
?>
<html>
<body>
<form method="post">
<?php echo $question; ?><br />
<input type="hidden" name="question" id="question" value="<?php echo $id; ?>" />
<input type="text" name="answer" id="answer" /><br />
<input type="submit" name="submit" value="submit" /><br />
</form>
</body>
</html>
It looks like you're querying the wrong column for a match to $id:
"SELECT question, answer FROM captcha WHERE question='$id' AND ... "
I think this should be:
"SELECT question, answer FROM captcha WHERE id='$id' AND ... "
I want to display the data for user 1 from database A right after he logged in, right now the page showing all the data from the table.
currently I have 2 table which is for user login and user transaction. so after they logged in, i want them to be able to view their own record. After do searching, im thinking that it has something to do with session.
can someone help me?
connection.php
<?php
$mysql_host = "localhost";
$mysql_user = "root";
$mysql_pass = "";
$mysl_database = "mockup";
$conn = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysl_database, $conn);
?>
login.php
<?php
include("connection.php");
if(isset($_POST["submit"])) {
$username = $_POST["username"];
$password = $_POST["password"];
$sql = "SELECT * FROM user
WHERE username='$username' AND password='$password'";
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);
if($numRows==1) {
session_start();
$_SESSION["ID"] = $ID;
header("Location: ./profile_page.php");
} else {
echo "Invalid Login Information";
}
}
?>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<table>
<tr><td>User Name</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="password" /></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="Login" /></td></tr>
</table>
</form>
profile_page.php
<?php
session_start(); // start the session
include("connection.php");
$ID = $_SESSION["ID"]; // store the user id into session
$sql = "SELECT * FROM transaction WHERE ID='$ID'";
$result = mysql_query($sql);
if($row = mysql_fetch_array($result)) {
$deposit = $row["deposit"];
echo "
<table>
<tr><td>transaction</td><td> : </td><td>$transaction</td></tr>
</table>
";
}
?>
connection.php
<?php
$mysql_host = "localhost";
$mysql_user = "root";
$mysql_pass = "";
$mysl_database = "database_name";
$conn = mysql_connect($mysql_host, $mysql_user, $mysql_pass);
mysql_select_db($mysl_database, $conn);
?>
login.php
<?php
include("connection.php");
if(isset($_POST["submit"])) {
$username = $_POST["username"];
$pass = $_POST["pass"];
$sql = "SELECT * FROM tbl_user
WHERE username='$username' AND pass='$pass'";
$result = mysql_query($sql);
$numRows = mysql_num_rows($result);
if($numRows==1) {
session_start();
$_SESSION["userid"] = $userid;
header("Location: ./profile_page.php");
} else {
echo "Invalid Login Information";
}
}
?>
<form action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post">
<table>
<tr><td>User Name</td><td><input type="text" name="username" /></td></tr>
<tr><td>Password</td><td><input type="password" name="pass" /></td></tr>
<tr><td></td><td><input type="submit" name="submit" value="Login" /></td></tr>
</table>
</form>
profile_page.php
<?php
session_start(); // start the session
include("connection.php");
$user_id = $_SESSION["userid"]; // store the user id into session
$sql = "SELECT * FROM tbl_user WHERE user_id='$user_id'";
$result = mysql_query($sql);
if($row = mysql_fetch_array($result)) {
$username = $row["username"];
$name = $row["name"];
$email = $row["email"];
echo "
<table>
<tr><td>User Name</td><td> : </td><td>$username</td></tr>
<tr><td>Name</td><td> : </td><td>$name</td></tr>
<tr><td>Email</td><td> : </td><td>$email</td></tr>
</table>
";
}
?>
you can protect and access the user data after they logged in sucessfully by the help of session.
you could use session_start() for start new session or resume existing session.
<?php
session_start();
if(empty($_SESSION['user_sesion_variable']))
{
header("location:login.php");
die();
}
// here go your user database value
I'm currently managing a little database for a club and I'm starting to feel more and more pressure to update the thing to PHP5. The only thing is that I'm not quite a 100% sure on how to convert this structure without messing up the whole thing. (Or starting from scratch)
Could you guys tell me if this is easily editable/updatable or if I should redo everything? (The total file is 800 lines, so I hope to not have to redo it :P)
So I open the databse with:
//Database connection settings
$mysql_server = "localhost";
$mysql_user = "user";
$mysql_password = "pass";
$mysql_database = "database";
//Connect using settings
$connection = mysql_connect("$mysql_server","$mysql_user","$mysql_password")
or die ("Unable to connect to MySQL server.");
$db = mysql_select_db("$mysql_database")
or die ("Unable to select requested database.");
Then I can create users with:
if($changeme ==1) //if user pressed save, then update table
{
$name = mysql_real_escape_string($_POST["name"]);
mysql_query("INSERT INTO Members (name,) VALUES
('$name')") or die(mysql_error());
//show end text
echo "Edit complete!<br />
<form><input type='button' onClick=\"parent.location='users.php'\" value='OK'></form>";
}else{//user didn't press save
?>
<!--Edit form-->
<form action="users.php?new=1&changeme=yes" method="post">
Naam:<br>
<input name="name" type="text" value="" size="79"><br>
<input type="submit" name="Submit" value="Create">
<input type='button' onClick="parent.location='users.php'" value='Back to list'>
</form>
}
I left out everything but name to make it shorter, it has like 30 fields.
Next we can also edit the profiles like this:
if($changeme ==1) //if user pressed save, then update table
{
$id = $_POST['id']; //get ID from form
$name = $_POST["name"];
mysql_query("UPDATE Members SET name='$name' WHERE id='$id'") or die(mysql_error());
//show end text
echo "Edit complete!<br />
<form><input type='button' onClick=\"parent.location='users.php'\" value='OK'></form>";
}else{//user didn't press save
$id = $_GET['edit'];
$sql = "SELECT * FROM Members WHERE id='$id'";
$self = mysql_query($sql);
while ($row = mysql_fetch_array($self)) {
$name = $row["name"];
}
?>
<!--Edit form-->
<form action="users.php?edit=<?php echo $id ?>&changeme=yes" method=post>
<input type="hidden" name="id" value="<?php echo $id ?>">
Name:<br>
<input name="name" type="text" value="<?php echo $name ?>" size="79"><br>
<input type="submit" name="Submit" value="Change">
<input type='button' onClick="parent.location='users.php'" value='Back to list'>
</form>
<?php
}//didn't press save
I'm trying to figue out how to make my search.php script work with mySQL. I can't get the information to show up. Not sure where the problem is.
PAGE 1:
<form action="search_result.php" method="GET">
<input type="text" name="reg" />
<input type="submit" value="Search" />
</form>
PAGE 2:
<?php
$host="localhost";
$username="XXXXXXXXXXX";
$password="XXXXXXXXXXX";
$db_name="XXXXXXXXXXXX";
$tbl_name="reg_add";
mysql_connect("$host", "$username", "$password") or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$record = $_POST['record']; // if coming from e.g. a form
$result=mysql_query(" SELECT * FROM reg_add WHERE reg='" . mysql_real_escape_string($record) . "'");
$row = mysql_fetch_assoc($result);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$reg = $row['reg'];
?>
<input name="reg" value="<? echo "$record" ?>">
<input name="first_name" value="<? echo "$first_name" ?>">
<input name="last_name" value="<? echo "$last_name" ?>">
You form is method GET and in your PHP you use this:
$record = $_POST['record']; // if coming from e.g. a form
How are you gonna get the POST['record'] if your form has the method GET?
I guess you should or change your form to:
method="POST"
or change your $record in php to:
$record = $_GET['record'];
Try this version:
You form:
<form action="search_result.php" method="POST">
<input type="text" name="reg" id="reg" />
<input type="submit" name="Submit" id="Submit" value="Search" />
</form>
search_result.php :
<?php
$host ="localhost";
$username ="XXXXXXXXXXX";
$password ="XXXXXXXXXXX";
$db_name ="XXXXXXXXXXXX";
$tbl_name ="reg_add";
/* Connect to MySQL database */
mysql_connect("$host", "$username", "$password") or die("Error connecting to database");
mysql_select_db("$db_name")or die("Error selecting database");
$error = '';
if (isset($_POST['Submit'])) {
if (!empty($_POST['reg'])) {
$record = $_POST['reg']; // if coming from e.g. a form
$query = mysql_query("SELECT * FROM reg_add WHERE reg='" . mysql_real_escape_string($record) . "'");
$result = mysql_num_rows($query);
if ($result != 0) {
$row = mysql_fetch_array($query);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$reg = $row['reg'];
} else {
$error = 'No result have been found!';
}
} else {
$error = 'You have not entered the search field, Go back.';
}
}
if (!empty($error)) { echo $error; }
?>
<input name="reg" value="<? echo $record; ?>">
<input name="first_name" value="<? echo $first_name; ?>">
<input name="last_name" value="<? echo $last_name; ?>">
mysql_connect("$host", "$username", "$password")
Not your problem, but no need for quotes around variables:
mysql_connect($host, $username, $password);
mysql_select_db($db_name);
You should set the variable $record somewhere:
$record = $_POST['record']; // if coming from e.g. a form
$result=mysql_query(" SELECT * FROM reg_add WHERE reg='" . mysql_real_escape_string($record) . "'");
This is just wrong:
$first_name=mysql_result($result,"first_name");
$last_name=mysql_result($result,"last_name");
$reg=mysql_result($result,"reg");
And should be:
$row = mysql_fetch_assoc($result);
$first_name = $row['first_name'];
$last_name = $row['last_name'];
$reg = $row['reg'];
Also: you shouldn't use mysql_* functions anymore. Use either mysqli_* or PDO.
And remember that if something doesn't work you can check mysql_error() to see any error doing a query.
Syntax of mysql_result() is wrong. According to the manual, it should be
string mysql_result ( resource $result , int $row [, mixed $field = 0 ] )
SO the correct way to use it would be like
mysql_result($result, 1, "first_name");