I've managed to reflect the user who logged in into a form. However now when a new user logs in, the previous user personal particulars eg name is still reflecting on the form. This is what i have so far. What am i missing out?
$result2 = mysqli_query($con, "SELECT admin_no FROM student_details;");
$row2 = mysqli_fetch_assoc($result2);
?>
<p>
<table border="1">
<tr>
<td width="410" align="center">Student Personal Data</td>
</tr>
<tr>
</td>
</tr>
<tr>
<td>Admission Number</td>
<td><input name= "name" type="text" disabled="disabled" value="<?php echo $row2['admin_no'] ?>"
size="40" readonly>
</td>
</tr>
This is how i my logout page looks like :
<?php
session_start();
session_unset();
session_destroy();
header('Location:login.php');
?>
My login page :
<?
$adminName = $_POST['txtName'];
$adminPassword = $_POST['txtPassword'];
$conn = dbConnect();
if (!$conn)
die("Couldn't connect to MySQL");
$query = "select * from ohrm_user where user_name='$adminName' and user_password= '$adminPassword'";
$result = mysql_query($query, $conn);
$row = mysql_fetch_array($result);
if(mysql_num_rows($result) > 0 && $row['user_role_id'] == 1)
{
echo $_SESSION['user_name'] = $adminName;
echo $_SESSION['user_password'] = $adminPassword;
}
dbDisconnect($conn);
Insert session_start()
in first line of login and other control panel pages
look at this link
http://www.w3schools.com/php/php_sessions.asp
Related
I trying to insert my data from table_request into table_list by clicking the approve/reject button under the table.
Users will click the checkboxes to select all or select a specific row. After approve, the data in the table_request insert into table_list and deleted from table_request.
The current problem is about the foreach and inserts statement is wrong.
After I click approve, it can only insert table_request id into table_list.
This is my table_request.php
<form name="bulk_action_form" action="action.php" method="post" onSubmit="return approve_confirm();"/>
<table class="bordered">
<tr>
<th><input type="checkbox" name="select_all" id="select_all" value=""/></th>
<th>Name</th>
<th>Remark</th>
</tr>
<?php
$query = "select * from `table_request`;";
if(count(fetchAll($query))>0){
foreach(fetchAll($query) as $row){
?>
<tr>
<td><input type="checkbox" name="checked_id[]" class="checkbox" value="<?php echo $row['id']; ?>"/></td>
<td><?php echo $row['Name'] ?></td>
<td><?php echo $row['Remark'] ?></td>
</tr>
<?php } }else{ ?>
<tr><td colspan="5">No records found.</td></tr>
<?php } ?>
</table>
<input type="submit" name="approve_btn" value="Approve"/>
</form>
This is my action.php
<?php
session_start();
include_once('connection.php');
if(isset($_POST['approve_btn']))
{
$idArr = $_POST['checked_id'];
$Name = $_POST['Name'];
$Remark = $_POST['Remark'];
foreach($idArr as $key => $value)
{
$save = "INSERT INTO table_list(id,Name,Remark) VALUES ('".$value."','".$Name[$key]."','".$Remark[$key]."')";
$query = mysqli_query($conn,$save);
}
$query .= "DELETE FROM `table_request` WHERE `table_request`.`id` = '$id';";
header("Location:table_request.php");
}
?>
connection.php file
<?php
$server_name = "localhost";
$user_name = "username";
$password = "password";
$db_name = 'database';
// Create connection
$conn = mysqli_connect($server_name, $user_name, $password, $db_name);
// Check connection
if (mysqli_connect_errno()) {
die("Connection failed: ");
}
table_request.php file
<?php include_once('connection.php'); ?>
<form name="bulk_action_form" action="action.php" method="post" onSubmit="return approve_confirm();"/>
<table class="bordered">
<tr>
<th>Select</th>
<th>Name</th>
<th>Remark</th>
</tr>
<?php
$query = mysqli_query($conn, "SELECT * FROM table_request");
if (mysqli_num_rows($query) > 0) : foreach($query as $row) : ?>
<tr>
<td><input type="checkbox" name="checked_id[]" class="checkbox" value="
<?php echo $row['id']; ?>"/></td>
<td><?php echo $row['Name']; ?></td>
<td><?php echo $row['Remark']; ?></td>
</tr>
<?php endforeach; else : ?>
<tr><td colspan="5">No records found.</td></tr>
<?php endif; ?>
</table>
<input type="submit" name="approve_btn" value="Approve"/>
</form>
action.php file
<?php
include_once('connection.php');
if(isset($_POST['approve_btn'])) {
foreach ($_POST['checked_id'] as $id) {
$query = mysqli_query($conn, "SELECT * FROM table_request WHERE id = $id");
$result = $query->fetch_object();
$save = "INSERT INTO table_list(id, Name, Remark) VALUES ('".$result->id."','".$result->Name."','".$result->Remark."')";
// For save data
mysqli_query($conn, $save);
// For delete data
mysqli_query($conn, "DELETE FROM table_request WHERE id = $id");
}
header('Location:table_request.php');
}
I have this sample code but I am having trouble figuring out how to access the various array elements from a separate php script file called cart.php so that the fields from the code below are printed like a shopping cart before the user decides to confirm what they have selected with a continue checkout button.
<html lang="en">
<head>
<title>GreatBuy</title>
</head>
<body>
<?php
session_save_path('session');
session_start();
require_once 'login.php';
echo '<h1>GreatBuy</h1>';
//$_POST['username'] = 'abc1234';
//$_POST['password'] = '123456';
// get user's input
$username = $_POST['username'];
$password = $_POST['password'];
// check input
if (empty($username) || empty($password))
die('<p>Error: Username or password is empty/missing!</p>');
// connect to MySQL server to check user account
$conn = new mysqli($hn, $user, $passwd, $db);
if ($conn->connect_error)
die($conn->connect_error);
$hash = hash('ripemd128', $salt.$password);
$query = "SELECT * FROM greatbuy_users WHERE username = '$username' AND password = '$hash';";
$result = $conn->query($query);
if (!$result || $result->num_rows == 0)
die('<p>Error in username/password!</p>');
// get user's info and save it to session data
$user = $result->fetch_assoc();
$_SESSION['uid'] = $user['uid'];
echo '<p>User logged in!</p>';
$query = 'SELECT * FROM greatbuy_products ORDER BY cat, name;';
$results = $conn->query($query);
if ($results) {
$number_of_products = $results->num_rows;
echo '<form method="post" action="GreatBuy_cart.php">
<table border="1">';
echo ' <tr>
<th>Product Name</th>
<th>Category</th>
<th>Price</th>
<th>Manufacturer</th>
<th>Quantity Available</th>
<th>Quantity Selected</th>
<th>Select</th>
</tr>';
$n = $results->num_rows;
for ($i = 0; $i < $n; $i++) {
$product = $results->fetch_assoc();
echo ' <tr>
<input type="hidden" name="cart['.$product['pid'].'][pid]" value="'.$product['pid'].'">
<td>'.$product['name'].'</td>
<td>'.$product['cat'].'</td>
<td>'.$product['price'].'</td>
<td>'.$product['manufacturer'].'</td>
<td>'.$product['quantity'].'</td>
<td>
<input type="number" name="cart['.$product['pid'].'][userquantity]" '.(empty($product['quantity'])?'disabled':'').'>
</td>
<td>
<input type="checkbox" name="cart['.$product['pid'].'][checkout]" value="'.$product['pid'].'" '.(empty($product['quantity'])?'disabled':'').'>
</td>
</tr>';
}
echo ' </table>
<input type="submit" value="Review Order">
</form>';
}
?>
</body>
</html>
I have this Add Edit Delete form, the problem is:
when I put everything and I click on ADD it says "Data added successfully." but the data isn't in my table of phpAdmin and it not shows in the page...
Or is simply because my hoster doens't work with MySQLi but with MySQL?
Without talking about SQL Injections because Im not so expert and dont know how protect from that, this pages will be protected with login area so only restricted members will access to it.
index.php
<?php
//including the database connection file
include_once("config.php");
//fetching data in descending order (lastest entry first)
//$result = mysql_query("SELECT * FROM users ORDER BY id DESC"); // mysql_query is deprecated
$result = mysqli_query($mysqli, "SELECT * FROM `user` ORDER BY id DESC"); // using mysqli_query instead
?>
<html>
<head>
<title>Homepage</title>
</head>
<body>
Add New Data<br/><br/>
<table width='80%' border=0>
<tr bgcolor='#CCCCCC'>
<td>Steam Username</td>
<td>Steam Password</td>
<td>Steam Guard Code</td>
<td>Update</td>
</tr>
<?php
//while($res = mysql_fetch_array($result)) { // mysql_fetch_array is deprecated, we need to use mysqli_fetch_array
while($res = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>".$res['steamUE']."</td>";
echo "<td>".$res['steamPW']."</td>";
echo "<td>".$res['steamGC']."</td>";
echo "<td>Edit | Delete</td>";
}
?>
</table>
</body>
</html>
add.html
<html>
<head>
<title>Add Data</title>
</head>
<body>
Home
<br/><br/>
<form action="add.php" method="post" name="form1">
<table width="25%" border="0">
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamUE"></td>
</tr>
<tr>
<td>Steam Password</td>
<td><input type="text" name="steamPW"></td>
</tr>
<tr>
<td>Steam Guard Code</td>
<td><input type="text" name="steamGC"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="Submit" value="Add"></td>
</tr>
</table>
</form>
</body>
</html>
edit.php
<?php
// including the database connection file
include_once("config.php");
if(isset($_POST['update']))
{
$id = mysqli_real_escape_string($mysqli, $_POST['id']);
$steamUE = mysqli_real_escape_string($mysqli, $_POST['steamUE']);
$steamPW = mysqli_real_escape_string($mysqli, $_POST['steamPW']);
$steamGC = mysqli_real_escape_string($mysqli, $_POST['steamGC']);
// checking empty fields
if(empty($steamUE) || empty($steamPW) || empty($steamGC)) {
if(empty($steamUE)) {
echo "<font color='red'>Steam Username field is empty.</font><br/>";
}
if(empty($steamPW)) {
echo "<font color='red'>Steam Password field is empty.</font><br/>";
}
if(empty($steamGC)) {
echo "<font color='red'>Steam Guard Code field is empty.</font><br/>";
}
} else {
//updating the table
$result = mysqli_query($mysqli, "UPDATE `user` SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
//redirectig to the display page. In our case, it is index.php
header("Location: index.php");
}
}
?>
<?php
//getting id from url
$id = $_GET['id'];
//selecting data associated with this particular id
$result = mysqli_query($mysqli, "SELECT * FROM `user` WHERE id='$id'");
while($res = mysqli_fetch_array($result))
{
$steamUE = $res['steamUE'];
$steamPW = $res['steamPW'];
$steamGC = $res['steamGC'];
}
?>
<html>
<head>
<title>Edit Data</title>
</head>
<body>
Home
<br/><br/>
<form name="form1" method="post" action="edit.php">
<table border="0">
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamUE" value="<?php echo $steamUE;?>"></td>
</tr>
<tr>
<td>Steam Username</td>
<td><input type="text" name="steamPW" value="<?php echo $steamPW;?>"></td>
</tr>
<tr>
<td>Steam Guard Code</td>
<td><input type="text" name="steamGC" value="<?php echo $steamGC;?>"></td>
</tr>
<tr>
<td><input type="hidden" name="id" value=<?php echo $_GET['id'];?>></td>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table>
</form>
</body>
</html>
delete.php
<?php
//including the database connection file
include("config.php");
//getting id of the data from url
$id = $_GET['id'];
//deleting the row from table
$result = mysqli_query($mysqli, "DELETE * FROM `user` WHERE id='$id'");
//redirecting to the display page (index.php in our case)
header("Location: index.php");
?>
add.php
<html>
<head>
<title>Add Data</title>
</head>
<body>
<?php
//including the database connection file
include_once("config.php");
if(isset($_POST['Submit'])) {
$steamUE = mysqli_real_escape_string($mysqli, $_POST['steamUE']);
$steamPW = mysqli_real_escape_string($mysqli, $_POST['steamPW']);
$steamGC = mysqli_real_escape_string($mysqli, $_POST['steamGC']);
// checking empty fields
if(empty($steamUE) || empty($steamPW) || empty($steamGC)) {
if(empty($steamUE)) {
echo "<font color='red'>Steam Username field is empty.</font><br/>";
}
if(empty($steamPW)) {
echo "<font color='red'>Steam Password field is empty.</font><br/>";
}
if(empty($steamGC)) {
echo "<font color='red'>Steam Guard Code field is empty.</font><br/>";
}
//link to the previous page
echo "<br/><a href='javascript:self.history.back();'>Go Back</a>";
} else {
// if all the fields are filled (not empty)
//insert data to database
$result = mysqli_query($mysqli, "INSERT INTO `user` (steamUE,steamPW,steamGC) VALUES ('$steamUE','$steamPW','$steamGC')");
//display success message
echo "<font color='green'>Data added successfully.";
echo "<br/><a href='index.php'>View Result</a>";
}
}
?>
</body>
</html>
config.php
<?php
/*
// mysql_connect("database-host", "username", "password")
$conn = mysql_connect("localhost","root","root")
or die("cannot connected");
// mysql_select_db("database-name", "connection-link-identifier")
#mysql_select_db("test",$conn);
*/
/**
* mysql_connect is deprecated
* using mysqli_connect instead
*/
$databaseHost = 'sql.website.com';
$databaseName = '';
$databaseUsername = '';
$databasePassword = '';
$mysqli = mysqli_connect($databaseHost, $databaseUsername, $databasePassword, $databaseName);
?>
It not doesn't says or shows any errors or any other problems, it says only data added successfully and nothing else. I don't understand why it doesn't add any data in my tables, i checked everything again and again, maybe because i'm tired but i tried to rename tables names but nothing change, is the same...
Spotted three errors,
add.php: Column names should be without ''. Check the following
$result = mysqli_query($mysqli, "INSERT INTO user (steamUE,steamPW,steam_GC) VALUES ('$steamUE','$steamPW','$steamGC')");
edit.php: '' missing from $id. Check the following
$result = mysqli_query($mysqli, "UPDATE user SET steamUE='$steamUE',steamPW='$steamPW',steamGC='$steamGC' WHERE id='$id'");
delete.php: '' missing from $id. Check the following
$result = mysqli_query($mysqli, "DELETE * FROM user WHERE id='$id'");
If the connection with DB is successful, it must work (and this answer deserves a green tick from you :D).
Or is simply because my hoster doens't work with MySQLi but with
MySQL?
Wherever I faced issues, I got some error or a blank page.
Check your dB connection. Turn to mysqli, declair it with $sql with (errno), but call your param before $sql. Use if condition to check your connection. On your add please use prepared with $stmnt and execute it.
Look like everything is working fine with this code but in fact fails to update the database, Data are displayed correctly while fetching data but when i press update Button the data disappear but no update has been executed. It look fine to me but seems i am wrong.
This is a project for my professor so i don't care for the SQL injection and others.
<html>
<head>
<link rel="stylesheet" type="text/css" href="btnstyle.css">
<title>Managament System</title>
</head>
<body>
<h1>TU Chemnitz Student managament system</h1>
<br>
ADD Person
Edit Person
Manage Boards
Manage Departments
Search N&S
Triple Search
Membership
<br>
<br>
<?php
// set database server access variables:
$host = "localhost";
$user = "";
$pass = "";
$db = "";
// open connection
$connection = mysql_connect($host, $user, $pass) or die ("Unable to connect!");
// select database
mysql_select_db($db) or die ("Unable to select database!");
// create query
$querys = "SELECT * FROM tblperson";
// execute query
$result = mysql_query($querys) or die ("Error in query: $query. ".mysql_error());
echo "<table border=1 align=center>
<tr>
<th>Personal ID</th>
<th>First Name</th>
<th>Last Name</th>
<th>Deparment</th>
<th>Board</th>
<th>Marticulation Number</th>
<th>Reg Date</th>
<th>Action</th>
</tr>";
while($row = mysql_fetch_array($result)) {
?>
<?php
echo '<tr>';
echo '<td>'. $row['personid'].'</td>';
echo '<td>'. $row['personname'].'</td>';
echo '<td>'. $row['personsurname'].'</td>';
echo '<td>'. $row['persondepartment'].'</td>';
echo '<td>'. $row['personboard'].'</td>';
echo '<td>'. $row['martinumber'].'</td>';
echo '<td>'. $row['personregdate'].'</td>';
echo '<td>'.' EDIT '.'</td>';
}
?>
</body>
</html>
and this is the edit file which seems to problematic.
<?php
include_once('coneksioni.php');
if(isset($_GET['edit']))
{
$personid = $_GET['edit'];
$res = mysql_query("SELECT * FROM tblperson WHERE personid='$personid'");
$row = mysql_fetch_array($res);
}
if(isset($_POST['newpersonname']))
{
$newpersonname = $_POST['newpersonname'];
$personid = $_POST['personid'];
$sql = "UPDATE tblperson SET personname = '$newpersonname' WHERE personid = '$personid'";
$res = mysql_query($sql) or die ("Cant be updated");
echo "< meta http-equiv='refresh' content='0;url=home.php'>";
}
?>
<form action="edit20.php" method="POST">
<table border="0">
<tr>
<td>First Name</td>
<td><input type="text" name="newpersonname" value="<?php echo $row[1];?>" maxlength="30" size="13"></td>
</tr>
<tr>
<td>Last Name</td>
<td> <input type="text" name="personsurname" value="<?php echo $row[2];?>" maxlength="30" size="30"></td>
</tr>
<tr>
<td>Department</td>
<td>
<select name='persondepartment'>
<option>Production</option>
<option>Sales</option>
</select>
</td>
</tr>
<tr>
<td>Board</td>
<td>
<select name='personboard'>
<option>Evaluation</option>
<option>Executive</option>
<option>Research</option>
</select>
</td>
</tr>
<tr>
<td>Marticulation Number</td>
<td> <input type="text" name="martinumber" maxlength="60" size="30"></td>
</tr>
<tr>
<td>Date of Registration</td>
<td><input type="date" name="personregdate" maxlength="7" size="7"></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value=" Update"></td>
</tr>
</table>
</form>
You are looking for personid when the Update button is pressed on the form in edit20.php but that value has never been set so it will be empty and the update will fail.
After
<form action="edit20.php" method="POST">
add:
<input type="hidden" name="personid" value="<?php echo $personid; ?>">
On edit page seem your confusing the same variable with different values. If you state $personid variable to contain the edit value from get, then just re-use the variable don't assign new value. On this line you assign new value :
$personid = $_POST['personid'];
Don't assign new value since it has the initial value already to use just set the variable global for usage
$personid = $_GET['edit'];
Or else create a hidden element and pass edit value into it.
Please add name attribute for your update button
<td colspan="2"><input type="submit" name="update" value=" Update"></td>
and chk whether the update button set or reset as in the place of
if(isset($_POST['newpersonname'])) // change text 'newpersonname' as 'update'
You use a variable that doesn't excist:
<?php
include_once('coneksioni.php');
if(isset($_GET['edit']))
{
$personid = $_GET['edit'];
$res = mysql_query("SELECT * FROM tblperson WHERE personid='$personid'");
$row = mysql_fetch_array($res);
}
if(isset($_POST['newpersonname']))
{
$newpersonname = $_POST['newpersonname'];
$personid = $_POST['personid']; // this doesn't excist
$sql = "UPDATE tblperson SET personname = '$newpersonname' WHERE personid = '$personid'";
$res = mysql_query($sql) or die ("Cant be updated");
echo "< meta http-equiv='refresh' content='0;url=home.php'>";
}
?>
$personid = $_POST['personid']; doesn't excist in your code. Its simply a piece of code you put in there to probably proces, but forgot to define the variable in the code. Place the following in your form.
<input type="hidden" name="personid" value="<?php echo $_GET['edit']; ?>">
You only use this just once because you send the form back after proces to your home, hence it wont be used anymore. You can also use the avariable you defined as $personid; on that position.
If that fails, something maybe wrong in your query. Try to echo out the query (remove qucikly the meta command) by simply just do echo $sql after you do the sql query. 9 out of 10 times, it's a typo.
I have a problem regarding on how can I access a account that is only able to see that currently logged in account, Please help on what Mysql statement should i use thanks :).
So i made a page that checks if the user is admin or customer and its working.(Code below is for login if admin or customer).
Verify if its the admin or customer page.
<?php
include("dbcon.php");
$username=$_POST['username'];
$password=$_POST['password'];
$username = stripslashes($username);
$password = stripslashes($password);
$username = mysql_real_escape_string($username);
$password = mysql_real_escape_string($password);
$sql="SELECT * FROM admininfo WHERE username='$username' and password='$password' and type='admin'";
$sql1="SELECT * FROM customerinfo WHERE username='$username' and password='$password' and type1='customer'";
$result=mysql_query($sql);
$result1=mysql_query($sql1);
$count = mysql_num_rows($result);
$count1 = mysql_num_rows($result1);
if ($count==1) {
//ADMIN
$_SESSION["username"];
$_SESSION["password"];
$_SESSION["type"];
header("location:menu.php");
} elseif ($count1==1) {
//CUSTOMER
$_SESSION["username"];
$_SESSION["password"];
$_SESSION["type1"];
header("location:menu1.php");
} else {
echo "Invalid username or password";
}
?>
<?PHP
include('dbcon.php');
?>
I also made a page on showing the users info but it shows all the users that are existing, However I want to only show the logged in user only i dont know what mysql statement should I use please help (code below for editing user info P.S. i know its the while loop that has shown all the existing users).
Edit the user's information page.
<html>
<head>
</head>
<body>
<form method="post" action="edit2.php">
<table>
<tr><td>First name:</td><td><input type="text" name="fname"></td></tr>
<tr><td>Last name:</td><td><input type="text" name="lname"></td></tr>
<tr><td>Address:</td><td><input type="text" name="address"></td></tr>
<tr><td>Contact Number:</td><td><input type="text" name="contactno"></td></tr>
<tr><td>Username:</td><td><input type="text" name="username"></td></tr>
<tr><td>Password:</td><td><input type="password" name="password"></td></tr>
<tr><td><input type="submit" name="submit" value="save"</td></tr>
</table>
</form>
<table border='1'>
<?PHP
$customerquery=mysql_query("select * from customerinfo");
while($customerrows=mysql_fetch_array($customerquery)){
?>
<tr>
<td>Id</td><td>First Name</td><td>Last Name</td><td>Address</td><td>Contact No</td><td>Username</td><td>Password</td><td>Edit</td>
</tr>
<tr>
<td><?PHP echo $customerrows['id'];?></td>
<td><?PHP echo $customerrows['fname'];?></td>
<td><?PHP echo $customerrows['lname'];?></td>
<td><?PHP echo $customerrows['address'];?></td>
<td><?PHP echo $customerrows['contactno'];?></td>
<td><?PHP echo $customerrows['username'];?></td>
<td><?PHP echo $customerrows['password'];?></td>
<td>edit</td>
</tr>
<?PHP } ?>
</table>
Logout
</body>
I hope I understood well.
You should use $customerquery=mysql_query("select * from customerinfo where username =".$_SESSION['username']);
And my suggestion is not to use * for select statement, instead use only columns that you would need. It's better practice.
EDIT:
Also, I am not sure that your initiation of session is correct.
You should do it like so:
$row = mysql_fetch_assoc($result);
$_SESSION["username"] = $row['username'];
EDIT2: Also, you are missing session_start(); statement at the beginning of the script.
EDIT3: Also, as said in one comment. It is good practice to keep ID of table users in session. So instead of keeping only username in session add $_SESSION['uid'] = $row['id'] and when collecting data about user, just do: "select * from customerinfo where id =".$_SESSION['id']