I can't seem to find a solution to this and i've looked for similar threads too but no luck
Basically here's my code, when you click Update it's meant to display your current name in the form fields then you can overwrite them and submit the changes, however sadly it will not update, it only displays the originally set first name and last name and does not update the database so therefore not displaying the new set names.
<?php
include('../connect_db.php');
$res = mysqli_query($dbconnection, "SELECT * FROM users");
$row = mysqli_fetch_array($res);
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
$newFirst = $_POST['newFirst'];
$newLast = $_POST['newLast'];
$id = $_POST['id'];
$sql = "UPDATE users SET first_name='$newFirst', last_name='$newLast' WHERE id='$id'";
$res = mysqli_query($dbconnection, $sql);
}
?>
<div id="editSection">
<h3>Edit Details</h3>
<form action="edit_profile.php" method="POST">
<input type="hidden" value="<?php echo $row[0];?>" name="id"/>
<h2>First Name</h2>
<input type="text" name="newFirst" value="<?php echo $row[1];?>">
<h2>Last Name</h2>
<input type="text" name="newLast" value="<?php echo $row[2];?>">
<input type="submit" value="Update">
</form>
</div>
Any help would be greatly appreciated :)
Kind Regards
~ Matt
You have to connect to DB before updating.so use
$con=mysqli_connect("localhost","my_user","my_password","my_db");
There are several other errors like you have to make $POST['newFirst'] as $_POST['newFirst'] like this
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
And change the query to
$sql = "UPDATE users SET first_name='$newFirst',last_name='$newLast' WHERE id= '$id'";
beacuse you have error at end of query id='first_name='$id' which is wrong
I see some error in the query
$sql = "UPDATE users SET first_name='$newFirst',
last_name='$newLast' WHERE id='first_name='$id'";
should be
$sql = "UPDATE users SET first_name='$newFirst',
last_name='$newLast' WHERE id= '$id'";
also
if(isset($POST['newFirst']) && isset($POST['newLast'])){
should be
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
You are using $POST wrong in your if-condition.
It must be called $_POST[..].
Also you should take a look at your WHERE in your update query.
I think you mean: WHERE id= '$id'
You should get your id from $_POST['id']; which is your row ID i suppose and also the update query must be where id=$id.
$id = $_POST['id'];
$sql = "UPDATE users SET first_name='$newFirst', last_name='$newLast' WHERE id=$id";
Also have you checked in DB after the update? the row[0], row[1], row[2] used will have old set of values used during select before the update happened. can you have the mysqli_fetch_array($res) after the update call?
Related
The SQL query in the $sql works when I directly enter that in the phpmyadmin only replacing the '$movieid' as 1
The code in the deletemovie.php:
$delete = "Includes/deletemovierecord.php?id=$movieid";
echo "
<tr>
<td>$movieid</td>
<td>$moviename</td>
<td>$year</td>
<td>$genere</td>
<td>$stock</td>
<td>
<form action='Includes/updatemoviestock.php?key=$stock&id=$movieid'
method='post'>
<input type='text' name='newstock'>
<input type='submit' value='Add' id='stock' name='update'>
</form>
</td>
<td><a href=$delete id='delete'>Delete</a></td>
</tr>
";
The code in the deletemovierecord.php:
<?php
include "databaseconn.php";
$movieid = $_GET['id'];
$sql = "DELETE FROM movies WHERE movieid = '$movieid'";
$query = mysqli_query($conn, $sql);
if($query){
header('location: ../admin.php');
}
else{
echo "error";
}
?>
You have just created a variable here:
$delete = "Includes/deletemovierecord.php?id=$movieid";
You need to execute it. You need to include that but execute it too. Either make a cURL request or do an AJAX call to the above URL. Even include won't work in this case:
include($delete);
Because the $_GET will not be activated here.
ex :
$sql = "DELETE FROM movies WHERE movieid = ".$movieid; //if movieid is integer
ex2: $sql = "DELETE FROM movies WHERE movieid = '{$movieid}' ";
It might be that $movieid is not replaced by its value. Try to change $sql:
$sql = "DELETE * FROM movies WHERE movieid = ".$movieid.";";
You are now concatenating three strings, where the actual value of $movieid is filled into the place where it has to.
It seems that you are not passing the variable $movieid to the php script.
You need to replace
<a href=$delete id='delete'>
With
<a href="Includes/deletemovierecord.php?id=$movieid" id='delete'>
in deletemovie.php
Working my way though Creating, Reading, Updating & Deleting (CRUD) information from a database I have done C,R & D but for some reason I can not update.
What am trying to do:
Edit a categorizes title
My Results:
when clicking edit in the table of the cat title I want to change I can get the cat title to echo into a form, where it can be changed then when i try and change the cat title, click update the form goes away as I wanted but the cat title stays the same.
as well am not getting any query errors
What should I look for when debugging code that has no errors?
Can someone see my problem?
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
include "includes/update.php";
}
?>
<form action="categories.php" method="post">
<div class="form-group">
<label for="cat_title">Edit Category</label>
<?php
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
$query = "SELECT * FROM categories WHERE cat_id = $cat_id ";
$select_categories_id = mysqli_query($connection,$query);
while ($row = mysqli_fetch_assoc($select_categories_id)) {
$cat_id = $row['cat_id'];
$cat_title = $row['cat_title'];
?>
<input value="<?php if(isset($cat_title)){echo $cat_title;} ?>" class="form-control" type="text" name="cat_title">
<?php
}
}
if(isset($_POST['edit_category'])){
$edit_cat_title = $_POST['cat_title'];
$query = "UPDATE FROM categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
$edit_query = mysqli_query($connection,$query);
if (!$edit_query) {
die(mysqli_error($edit_query));
}
}
?>
</div>
<input class="btn btn-primary" type="submit" name="edit_category" value="Edit Category">
</form>
In the following line you have a small error:
$query = "UPDATE FROM categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
You need to remove the "FROM" in there, will look like this:
$query = "UPDATE categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
and it should work as expected.
you're calling the update query with
$query = "UPDATE FROM categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
where $cat_id probably is not set,
once to get this value you're using an if condition
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
where the $_GET[ 'edit' ] can be empty, and the next error is to overwrite the $cat_id variable in a loop: $cat_id = $row['cat_id'];
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
include "includes/update.php";
}
?>
<form action="categories.php" method="post">
<div class="form-group">
<label for="cat_title">Edit Category</label>
<?php
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
}
if(isset($_POST['edit_category'])){
$edit_cat_title = $_POST['cat_title'];
$query = "UPDATE FROM categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
$edit_query = mysqli_query($connection,$query);
if (!$edit_query) {
die(mysqli_error($edit_query));
}
}
Delete that FROM, it should be UPDATE categories SET ...
You realise that $edit_cat_title is from a POST value, but $cat_id is from a GET value, but your form (as far as I can see) has an action value of action = "categories.php" which will contain NO GET VARIABLES.
Add the property enctype to your <form> such as:
<form ... enctype='multipart/form-data' ... >
To be honest this last point is good practise but I'd be surprised if that was why your POST data was not being populated.
Possible solutions:
1) Use $_REQUEST['cat_id'] and insert the cat_id as a POSTed field in your form, so it can use variables given by either $_POST or $_GET [or $_COOKIE].
2) change your action to goto : action ="categories.php?edit=XXX" to submit the form to an address with a valid GET value as required.
3) Use sessions to hold data from previous pages (such as cat_id). This is my prefered option.
Extra
From question comments it becomes clear that the part if isset($_POST['edit_category']) is never true, so this means that your form is incorrect -- either you have not got a form field named name='edit_cateogry' or your form field is never filled in, or never sent with the form (perhaps the input is placed after the </form> form closing tag?
Anyhow, your issue is that your $_POST value you are looking for is never set.
This code is meant to check the submitted form values and update the table,
however it just replaces the field with a blank
Any ideas where it is gone wrong, please?
<form action = "update.php" method = "POST">
<p>
New Name: <input type "text" name="name">
<input type= "submit">
</p>
</form>
<?php
require ('/var/www/html/site1/connect_db.php');
if(!empty($_POST['name']) && !is_numeric($_POST['name']))
{
$name=$_POST['name'];
$name=mysqli_real_escape_string($dbc,$query);
$name=strip_tags($name);
#$query='update customers SET customerName = '".$name."' where customerNumber=114';
$query = "update customers ". "SET customerName = $name"."where customerNumber=114" ;
mysqli_query($dbc,$query);
}
else
{
echo $name;
}
$query = 'select * from customers where customerNumber=103';
$result = mysqli_query($dbc,$query);
while ($row=mysqli_fetch_array($result, MYSQLI_NUM))
{
echo"<p>Name : $row[1]</p>";
}
mysqli_close($dbc);
?>
You are updating customer number 114 but selecting 103 out, whose name may be blank.
Your update statement needs to have quotes around the $name bit as below:
$query = "UPDATE customers SET customerName = '$name' WHERE customerNumber=114";
Edit: please see the parameterised query advice in the question comments.
I'm building a simple bug tracker tool.
When you've created a project, you can select a project status (open, in progress, finished).
You can change this status on the project page with this select form, :
<form action="classes/changestatus.class.php" method="post">
<label> Change Project Status </label>
<select name="status" id="status">
<option value="open">Open</option>
<option value="inprogress">In Progress</option>
<option value="finished">Finished</option>
</select>
<input class="small button" value="Change Status" type="submit">
</form>
The form posts the action to this class:
$status = $_POST['status'];
$sql = "UPDATE INTO projects ( status ) VALUES ('$status')";
$result = mysql_query( $sql );
$result = mysql_real_escape_string( $sql );
$latestID = mysql_insert_id();
if ( $result ) {
header('Location: ../projectpage.php?id='.$latestID);
} else {
echo "There is something wrong. Try again later.";
}
mysql_close();
So, when you submit the form it will run the query above and go back to the project page, with the changed project status, but this doesn't work.
I always get redirected to the wrong project page and the data doesn't update in the mysql table.
The problem is that I can't get the id, when I have this link for example 'projectpage?id=20', it always redirects me to 'projectpage?id=0'.
Can anyone help me ? I know the code isn't fully sql injection proof and I don't use mysqli, I just like to have an anwser on my question.
Thanks!
You're not keeping the $id so the this data isn't being transferred. on your form use:
<input type='hidden' name='hdnID' value="<?php echo $id;?>">
<input class="small button" value="Change Status" type="submit">
Then on your form use:
$status = $_POST['status'];
$id = $_POST['hdnID'];
Try This,
$sql="UPDATE projects SET status = '$status', id = LAST_INSERT_ID(id)";
$latestID = mysql_insert_id();
It will works for you.
Use
$sql="UPDATE projects SET status = '$status'";
And mysql_insert_id will only work when an INSERT query is executed.You need an id to update it or either to redirect it...If you are giving id then you can do like
$sql="UPDATE projects SET status = '$status' WHERE id = $id";
And redirection will be like
header('Location: ../projectpage.php?id='.$id);
I have a form where the user inputs their ID and this then populates their name from a database? There is a whole form I just copied the relevant parts and the sql below.
User ID: <input value="User ID" name="user_id">
$sql = "SELECT user_firstname, user_surname FROM users_tbl WHERE xxxx = users_tbl.user_id"
$result = pg_query($sql);
I have made it this far, but im not sure what to do.
You should filter GET or POST form variables. So the right way would be:
$sql = "SELECT user_firstname, user_surname FROM users_tbl WHERE users_tbl.user_id= ".$_POST['user_id'];
$result = pg_query($sql);
Also don't forget to filter POST and GET variables from sql injections
You probably want something like ...
page1.php
<form method="POST" action="page2.php">
User ID: <input name="user_id" value="User ID">
<input type="submit" value="go">
</form>
page2.php
$id = mysql_escape_string( $_POST['user_id'] );
$sql = "SELECT `user_firstname`, `user_surname` FROM `users_tbl `WHERE `id` = '$id' LIMIT 1";
...