I am trying to update multiple rows on submit of a form (in particular this one is the "hours" field.
I have it working but only one of the value updates vs all of them.
There is the possibility of having different values for each update.
The form code:
$query2 = "select * FROM work_hours WHERE formid = $formid ";
$result = $mysqli->query( $query2 );
$num_results = $result->num_rows;
if( $num_results > 0){
echo " <table border='0' align='center'>
<tr>
<td colspan='2' align='center'>
<strong> Time Away Break Down</strong>
</td>
</tr>
<tr>
<td align='center'>Date</td>
<td align='left'>Hours</td>
</tr>";
while( $row = $result->fetch_assoc() ){
extract($row);
echo " <tr>
<td class='hidden_sm' align='center'>
<input type='text' name='id' size='10' value='$id' class='dept' readonly style='width:30px;'>
<input type='text' name='date' size='40' value='$date' class='dept' readonly> <input type='text' name='end_date' size='40' value='$end_date' class='dept' readonly>
</td>
<td class='hidden_sm' align='left' >
<input type='text' name='hours' size='10' style='width:30px;' value='$hours' class='dept' >
</td>
</tr>
";
}
echo "<tr>
<td colspan='2' align='center'>
<input type='submit' name='Submit' value='Submit Request'>
</td>
</tr>
</form>
</table>";//end table
Submit Code:
$id = $_POST['id'];
$formid = $_POST['formid'];
$hours = $_POST['hours'];
include 'connect-db.php';
$stmt = $mysqli->prepare("UPDATE work_hours SET hours = ? WHERE formid = ?");
$stmt->bind_param('si',
$_POST['hours'],
$_POST['formid']);
$stmt->execute();
if ( $stmt ) {
echo "<p align='center'>Thank you, this request has been approved.<BR>You will be redirected in 5 seconds</p>";
} else {
echo "Error, you status cannot be updated. <BR> Please contact your system administrator.";
}
$stmt->close();
?>
Could anyone point me in the right direction to have all values update on submit, as I have had zero luck.
As well I do understand the need to prevent SQL Injections, and that I am working, so no need to remind me.
Thanks in advance!
Looks like you'll want to use a CASE statement as explained here:
How does MySQL CASE work?
Use a loop to build the statement and you're better off using the id as the identifier instead of formid, since the id is the unique value and you could have different results in the form.
Related
I'm creating a simple contact system with admin page. Admin can delete messages. I use
<form> tag and submit button to send them to action file but no rows will be deleted.
<?php
while ($row = mysqli_fetch_array($result)) {
$adminmsgn = $row['name'];
$adminmsge = $row['email'];
$adminmsgm = $row['msg'];
echo("
<form name='actions' action='delete.php' method='post'>
<tr>
<td style='color: white'>$adminmsgn</td>
<td style='color: white'>$adminmsge</td>
<td style='color: white'>$adminmsgm</td>
<td style='color: white'><input style='text-decoration: none;color: white' class='linkButton' type='submit' value='Delete'></td></form>
</tr>
");
}
?>
delete.php:
<?php include("connection.php");
mysqli_query($link, "DELETE FROM `msg` WHERE `name` = '$adminmsgn' AND `email`= '$adminmsge' AND `msg`= '$adminmsgm'");
header("Location: http://localhost:8080/contact/admincp.php");
?>
Your form needs the input values, probably hidden or something. Your form could look like this
while($row = mysqli_fetch_array($result)){
$adminmsgn=$row['name'];
$adminmsge=$row['email'];
$adminmsgm=$row['msg'];
echo("
<form name='actions' action='delete.php' method='post'>
<input type='hidden' name='adminmsgn' value='$adminmsgn' >
<input type='hidden' name='adminmsge' value='$adminmsge' >
<input type='hidden' name='adminmsgm' value='$adminmsgm' >
<tr>
<td style='color: white'>$adminmsgn</td>
<td style='color: white'>$adminmsge</td>
<td style='color: white'>$adminmsgm</td>
<td style='color: white'><input style='text-decoration: none;color: white' class='linkButton' type='submit' value='Delete'></td></form>
</tr>
");
}
In your delete.php simply add get the variables from $_POST or $_REQUEST.
And it is true you are open to SQL injection; therefore, try use mysql_real_escape_string on all the post variables. Your code should now look like this
<?php
include("connection.php");
$adminmsgn = mysql_real_escape_string($_POST['adminmsgn']);
$adminmsge = mysql_real_escape_string($_POST['adminmsge']);
$adminmsgm = mysql_real_escape_string($_POST['adminmsgm']);
mysqli_query($link,"DELETE FROM `msg` WHERE `name` = '$adminmsgn' AND `email`= '$adminmsge' AND `msg`= '$adminmsgm'");
header("Location: http://localhost:8080/contact/admincp.php");
?>
Not tested but it should sure work
I am trying to print out data which is stored in my database and then delete an aspect of it. See below example:
Database includes: id, room, time, date
my code is is as follows:
<?php
$sql = "SELECT id, room, timers, dates, remove FROM groom WHERE person = $a";
$result = $conn -> query ($sql);
if($result -> num_rows >0){
?>
<?php
while($row = $result -> fetch_assoc()){
?>
<tr>
<td> <?php echo $row["room"] ?> </td>
<td> <?php echo $row["timers"] ?> </td>
<td> <?php echo $row["dates"] ?> </td>
<td> <?php echo "Glassrooms" ?> </td>
<td>
<?php
echo
"<form action='' method='post'>
<input type='submit' name='1' value='Delete' />
</form>";
if(isset($_POST['1']))
{
$r = $row["id"];
$sqli ="UPDATE groom SET remove = '$a' WHERE id = $r";
$resultt = $conn -> query ($sqli);
echo
"<form action='removalgr.php' method='post'>
<input type='submit' name='usen' value='Confirm Deletion' />
</form>";
}
?> </td> </tr>
What i am doing is selecting all the data from a database groom where it relates to the person logged in. It prints it out fine in the following format which is perfect:
Room Time Date Area DeleteBooking
1 4 2/3/17 BB Delete
And the where it says delete is a button which allows for the booking to be deleted. However my problem is this:
when there is more than one booking, they all delete because below they are being called the same thing. see here:
<input type='submit' name='useb' value='Delete' />
Is it possible to call the above name something different everytime, or alternatively call it the id of the booking?
Hopefully this makes sense and any help would be greatly appreciated!!
Thanks
Add a hidden input with the ID of the item to be deleted.
echo
"<form action='' method='post'>
<input type='hidden' name='id' value='{$row['id']}'>
<input type='submit' name='1' value='Delete' />
</form>";
i've made a website, and i made a control panel for it for admin
now iwant to make admin able to add more users to be admins from the control panel
its worked
but i want to make him able to edit them also ( like the usernames and passwords )
i wrote the code but it didnt work and i think the problem maybe with the $editget = $_GET['euid']; it dosent give the number in the url that should be www.example.com/admin/index.php?adpa=users&euid=4 , so it should get me the number 4
i did the same thing with delectation it works and the GET gave me the number after deluid=
so where im going wrong
here is the code :
$eusername = $_POST['eusername'];
$epassword = $_POST['epassword'];
#===========================================================#
if (isset($_POST['edit']) and $_POST['edit'] == 'user') {
$editget = $_GET['euid'];
$edituserinfo = $db->query("update user set username='$eusername', password='$epassword' where user_id='$editget'");
if (isset($edituserinfo)) {
die ("
<center>
<div class='head'>تــــــــم</div>
<div class='bodypanel'>
<br>
تــــعديل بيـــانات الـــمدير بنـــجاح
<br>
<br>
</div>
</center>
<meta http-equiv='refresh' content='4; url=?cpages=users' />
");
}
}
and here is the edit form code :
if ($_REQUEST['euid']) {
$edituid = $db->query("select * from user where user_id='$editu'");
$redit = $edituid->fetch(PDO::FETCH_OBJ);
echo "
<form action='?cpages=users' method='post'>
<table width='100%' align='center' cellpadding='10' cellspacing='0'>
<tr>
<td class='tbl' colspan='2'>تعديل بيانات مدير</td>
</tr>
<tr>
<td class='tblrl' align='left'>اسم المدير : </td>
<td class='tblrl' align='right'><input type='text' name='eusername' value='".$redit->username."'></td>
</tr>
<tr>
<td class='tblrl' align='left'>كلمة سر المدير : </td>
<td class='tblrl' align='right'><input type='text' name='epassword' value='".$redit->password."'></td>
</tr>
<tr>
<td class='tblb' colspan='2' align='center'><input class='buttons' type='submit' value='تعديل'/></td>
</tr>
</table>
<input type='hidden' name='edit' value='user' />
</form>";
}
You are not passing the userId in the form
change
<form action='?cpages=users' method='post'>
to
<form action='?cpages=users&euid=" . $_GET['euid'] . "' method='post'>
your problem is here in the form in this line
<form action='?cpages=users' method='post'>
your taking it to users page but there is no euid in there so just add
&euid=" . $_GET['euid'] . " to get it to work fine
This is the page that uses this code.I have a php page which extracts data from a dbms which contains email address. This works. It then displays the email address and other stored dbms data. The user then has the option of putting an "X" in a field designed in the php page called emailselected. This also works. I now want to update the dbms with the new field based on the stored email address but the update statement doesn't work. Please help. The code is listed here:
include("db.php");
if (isset($_POST['ssubmit']))
{
$id_save = $test['id'];
$emailselected_save = $_POST['emailselected'];
$email_save = $test['email'];
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = 'id'");
if (!$result) {
die('What?: ' . mysql_error());
}
$num = mysql_affected_rows();
printf("Updated %d rows\n", $num);
echo "<input type='button' value='Email(s) sent' onclick='goBack()' />";
mysql_close($conn);
} else {echo "hello";}
?>
<form method='post'>
<div id='headd'>
<br />
<input type='button' value='Close this window without Sending' onclick='goBack()' />
<input type='submit' name='ssubmit' id='ssubmit' value='Send Email Now!!!' />
<p>Place an "X" in the emails you wish to send!!!</p>
</div>
<br /><br/>
<?php
include("db.php");
$result = mysql_query("SELECT * FROM emails WHERE unsubscribe != 'x' ORDER BY lastname ASC");
while($test = mysql_fetch_array($result))
{
?>
<table border='1' width='78%'>
<tr align=\"left\">
<td width='4%'><font color='black'><input type='text' size='1' id='emailselected' name='emailselected' /></font></td>
<td width='15%'><font color='black'><?php echo $test['lastname']?></font></td>
<td width='15%'><font color='black'><?php echo $test['firstname']?></font></td>
<td width='40%'><font color='black'><?php echo $test['email']?></font></td>
<td width='4%'><font color='black'><?php echo $test['id']?></font></td>
</tr>
</table>
<?php
}
?>
</form>
Error is:
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = 'id'");
Should be:
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = '$id_save'");
Your code is vulnerable for SQL injection. So you should filter your data. But I would just switch to PDO and use prepared statements.
http://php.net/manual/en/pdo.prepare.php
I wrote the code in PHP like this and I need to delete the rows from the database which "delete checkbox" in its delete column checked. And I want to send "verify" value (1 or 0) to the database. But I don't know SQL command to delete checked rows and I don't know how to get value of "verify" column (because it isn't possible to get the value using $_POST[$id]).
<?php
echo "<form action=\"index.php?go=save\" method=\"POST\">
<table width=\"335\" border=\"1\">
<tr>
<th width=\"19\" scope=\"col\">ID</th>
<th width=\"31\" scope=\"col\">Title</th>
<th width=\"33\" scope=\"col\">URL</th>
<th width=\"52\" scope=\"col\">Visitors</th>
<th width=\"28\" scope=\"col\">Hits</th>
<th width=\"52\" scope=\"col\">Verify</th>
<th width=\"27\" scope=\"col\">Edit</th>
<th width=\"41\" scope=\"col\">Delete</th>
</tr>";
$query = mysql_query("SELECT * FROM posts ORDER BY visitors DESC");
while($write = mysql_fetch_array($query)) {
$id = $write['id'];
$title = $write['title'];
$url = $write['url'];
$visitors = $write['visitors'];
$hits = $write['hits'];
echo"
<tr>
<td>$id</td>
<td>$title</td>
<td>$url</td>
<td>$visitors</td>
<td>$hits</td>
<td>
<input type=\"radio\" name=\"$id\" value=\"1\" />Yes
<input type=\"radio\" name=\"$id\" value=\"0\" />No
</td>
<td>Edit</td>
<td>
<input type=\"checkbox\" name=\"$id\" />
</td>
</tr>";
}
echo "</table>
<input type=\"submit\" value=\"Save\" />
</form> ";
?>
Please, help me to solve this problem. If you know alternative variants, please write it.
Delete column:
<input type=\"checkbox\" name=\"delete[]\" value=\"$id\" />
Checking and deleting:
foreach($_POST['delete'] as $id_to_delete) {
mysql_query("DELETE FROM posts WHERE ID=".$id_to_delete)
}