I want to ensure "StaffID" is stored when the "View Contacts" page is loaded from a link, rather than straight from the Login Form
LOGIN FORM:
<?php session_start(); // Start PHP session
$StaffID = isset($_SESSION["StaffID"]) ? $_SESSION["StaffID"] : "";?>
<form name="staffaccess" method="post" action="staff-login.php">
<table border="1" cellpadding="3" cellspacing="1">
<tr>
<td colspan="3"><strong>Staff Login </strong></td>
</tr>
<input type="hidden" name="StaffID" id="StaffID" value="<?php echo $StaffID; ?>" />
<tr>
<td>Username:</td>
<td><input name="StaffUsername" size= "30" type="text" id="StaffUsername" value="<?php echo $StaffUsername; ?>"/></td>
</tr>
<tr>
<td>Password:</td>
<td><input name="StaffPassword" size= "30" type="text" id="StaffPassword" value="<?php echo $StaffPassword; ?>"/></td>
</tr>
<tr>
<td></td>
<td><input type="submit" name="Submit" value="Login"/></td>
</tr>
</table>
</form>
LOGIN CHECK:
<?php session_start(); // Start PHP session?>
<body>
<?php
$_SESSION["StaffUsername"] = isset($_POST["StaffUsername"]) ? $_POST["StaffUsername"] : "";
$_SESSION["StaffPassword"] = isset($_POST["StaffPassword"]) ? $_POST["StaffPassword"] : "";
$_SESSION["StaffID"] = isset($_GET["StaffID"]) ? $_GET["StaffID"] : "";
<?php
//connect to database//
$dbc = mysql_connect("", "", "");
if (!$dbc)
die ('Could not connect: ' .mysql_error());
//select database//
$db_selected = mysql_select_db("tafe", $dbc );
if (!$db_selected)
die ('Could not connect: ' . mysql_error());
// username and password sent from form
$StaffUsername=$_POST['StaffUsername'];
$StaffPassword=$_POST['StaffPassword'];
// To protect MySQL injection (more detail about MySQL injection)
$StaffUsername = stripslashes($StaffUsername);
$StaffPassword = stripslashes($StaffPassword);
$StaffUsername = mysql_real_escape_string($StaffUsername);
$StaffPassword = mysql_real_escape_string($StaffPassword);
$qry=("SELECT * FROM staffaccess WHERE Username= '" . $StaffUsername . "' AND Password= '" .$StaffPassword ."'");
$rst = mysql_query($qry, $dbc);
$row = mysql_fetch_array($rst);
if ($row["Username"]==$StaffUsername && $row["Password"]==$StaffPassword)
{
$_SESSION["StaffID"] = $row["StaffID"];
echo "Your login was successful";
echo "</br></br>";
echo "<a href=list-contacts.php>Continue</a>";
}
else {
echo "Sorry your details are not valid";
echo "</br></br>";
echo "<a href=staff-login.htm>Return</a>";
}
?>
VIEW CONTACTS (i only want this to allow to view contacts that particular user has added)
<?php
//connect to database
$dbc = mysql_connect("", "", "");
if (!$dbc)
die ('Could not connect: ' .mysql_error());
//select database
$db_selected = mysql_select_db("tafe", $dbc );
if (!$db_selected)
die ('Could not connect: ' . mysql_error());
$StaffID = (int)$_GET['StaffId'];
// build sql insert statement
**$qry = "SELECT * FROM contacts WHERE StaffID= $StaffID ORDER by name ASC";**
//run insert satement against database
$rst = mysql_query($qry, $dbc);
// print whether successful or not
if ($rst)
{
if (mysql_num_rows($rst)>0) // check that there are records
{
echo "<table border=\"1\" cellspacing=\"0\">";
/***print out field names***/
echo "<tr>"; // start row
for ($i=0; $i<mysql_num_fields($rst); $i++) // for each field print out field name
{
echo "<th>" . mysql_field_name($rst, $i) . "</th>";
}
echo "<th> </th>";
echo "<th> </th>";
echo "</tr>";
/***print out field values***/
while ($row = mysql_fetch_array($rst)) // fetch each of the rows
{
echo "<tr>";
echo "<td>".$row['ContactID']."</td>";
echo "<td>".$row['Name']."</td>";
echo "<td>".$row['Address']."</td>";
echo "<td>".$row['Phone']."</td>";
echo "<td>".$row['Mobile']."</td>";
echo "<td>".$row['Email']."</td>";
echo "<td><a href='edit-contact.php?id=".$row['ContactID']."'>Edit</a></td>";
echo "<td><a href='delete-contact.php?id=".$row['ContactID']."'>Delete</a></td><tr>";
echo "</tr>";
}
echo "</table>";
}
else
{
echo "<b><font color='black'>No records returned.</font></b>";
}
}
else
{
echo "<b><font color='red'>Error: ".mysql_error($dbc) . "</font></b>";
}
?>
you didnt pass the staff id on contact page so you pass the staff id like this
change following change in logincheck page
if ($row["Username"]==$StaffUsername && $row["Password"]==$StaffPassword)
{
echo "Your login was successful";
echo "</br></br>";
echo "Continue";
}
you can also use session for logged user
Depending on you mysql version, you may need to quote your where properties, I'm not sure if this is causing your problem, but it may be related. Also, are you sure that your value for the StaffID field is being correctly inserted into the database?
I checked the code and you are using
echo "<a href=list-contacts.php>Continue</a>";
to send user to see the contacts and in this page you are doing
$StaffID = (int)$_GET['StaffId'];
So you need to pass that value in the query string as
echo "Continue";
Related
How do I refresh the table when I click EDIT NOW Button? or this is easier, how do I make refresh button to refresh the table? I have no knowledge on JSP to auto refresh. However, I manage to make an onchange event so when I choose menu, it will refresh upon changing. When I edit a data and submit, it does not refresh. How do I re-execute the echo of table? Thanks!
<?php
$selected='';
function get_options($select)
{
$conn = new mysqli('localhost', 'root', 'jared17', 'hbadb')
or die ('Cannot connect to db');
$result = $conn->query("select * from students");
$options='';
while ($row = $result->fetch_assoc())
{
$LRN = $row['LRN'];
$Last = $row['Last_Name'];
$First = $row['First_Name'];
if($LRN == $_GET['Students'])
{
$options.='<option value="'.$LRN.'" selected>'.$Last.', '.$First.'</option>';
}
else
{
$options.='<option value="'.$LRN.'">'.$Last.', '.$First.'</option>';
}
}
return $options;
}
if (isset($_GET['Students'])) {
$conn = new mysqli('localhost', 'root', 'jared17', 'hbadb')
or die ('Cannot connect to db');
$result = $conn->query("select * from students");
$lrn = $_GET['Students'];
$stmt = $conn->prepare("SELECT Last_Name, First_Name, Level, Q1, Q2, Q3, Q4, FINAL FROM english WHERE LRN = ?");
$stmt->bind_param('i', $lrn);
$stmt->execute();
$stmt->bind_result($last, $first, $level, $q1, $q2, $q3, $q4, $final);
$stmt->fetch();
echo "<table><tr><th>LRN</th><th>Name</th><th>Level</th><th>Q1</th><th>Q2</th><th>Q3</th><th>Q4</th><th>Final</th></tr>";
echo "<tr><td>$lrn</td><td>$last, $first</td><td>$level</td><td>$q1</td><td>$q2</td><td>$q3</td><td>$q4</td><td>$final</td></tr></table>";
}
echo "<html>";
echo "<body>";
echo "<form method=GET>";
echo "<select name=Students onchange=this.form.submit();>";
echo get_options();
echo "</select>";
echo "</form>";
echo "<form method=POST>";
///////////EDIT DATA
echo "Edit Data: ";
echo "<select name = 'Edit'>";
echo '<option value=Q1>Q1</option>';
echo '<option value=Q2>Q2</option>';
echo '<option value=Q3>Q3</option>';
echo '<option value=Q4>Q4</option>';
echo '<option value=FINAL>FINAL</option>';
echo '<input type="number" max="100" name="editdata" required>';
echo "</select>";
echo "<input type='submit' name='submit2' value='Edit Now'>";
if (isset($_POST['Edit'])) {
$conn2 = new mysqli('localhost', 'root', 'jared17', 'hbadb')
or die ('Cannot connect to db');
$upd = $_POST['Edit'];
$txt = $_POST['editdata'];
$now = "UPDATE english SET $upd='$txt' WHERE LRN='$lrn'";
$res = $conn2->query($now);
if (!$conn2->error) {
echo "Errormessage: $conn->error";
}
echo $now;
}
echo "</form>";
echo "</body>";
echo "</html>";
?>
I would use 2 pages view.php and edit.php. View would display the data with link to edit. When you click edit it would open edit.php to load the form to edit data and save it to db. Then issue the command
header("Location: view.php");
to reload the view.php and display the new data
I have uploaded the scripts I use as a basis for databases so you can see if this is what you want - feel free to amend any data it is just a test database. If you want more code just ask
www.cambodia.me.uk/php/view.php
Edited to include scripts as requested - sorry it is old code and mysql not mysqli
Connect script
<?php
/*
CONNECT-DB.PHP
Allows PHP to connect to your database
*/
// Database Variables (edit with your own server information)
$server = 'server';
$user = 'user';
$pass = 'pass';
$db = 'database';
// Connect to Database
$connection = mysql_connect($server, $user, $pass)
or die ("Could not connect to server ... \n" . mysql_error ());
mysql_select_db($db)
or die ("Could not connect to database ... \n" . mysql_error ());
?>
View script
<?php
include('remote-connect.php');
$result = mysql_query("SELECT * FROM stats")
or die(mysql_error());
echo "<p><b>View All</b> | <a href='view-paginated.php?page=1'>View Paginated</a></p>";
echo "<table border='1' cellpadding='10'>";
echo "<tr> <th>date</th> <th>Home Team</th> <th></th><th></th><th>Away Team</th> <th></th> </tr>";
while($row = mysql_fetch_array( $result )) {
echo "<tr>";
echo '<td>' . $row['date'] . '</td>';
echo '<td>' . $row['hometeam'] . '</td>';
echo '<td>' . $row['fthg'] . '</td>';
echo '<td>' . $row['ftag'] . '</td>';
echo '<td>' . $row['awayteam'] . '</td>';
echo '<td>Edit</td>';
//echo '<td>Delete</td>';
echo "</tr>";
}
echo "</table>";
?>
<p>Add a new record</p>
</body>
</html>
Edit script
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?php
function renderForm($id, $hometeam, $awayteam, $error)
{
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>First Name: *</strong> <input type="text" name="hometeam" value="<?php echo $hometeam; ?>"/><br/>
<strong>Last Name: *</strong> <input type="text" name="awayteam" value="<?php echo $awayteam; ?>"/><br/>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
include('remote-connect.php');
if (isset($_POST['submit']))
{
if (is_numeric($_POST['id']))
{
$id = $_POST['id'];
$hometeam = mysql_real_escape_string(htmlspecialchars($_POST['hometeam']));
$awayteam = mysql_real_escape_string(htmlspecialchars($_POST['awayteam']));
if ($hometeam == '' || $awayteam == '')
{
$error = 'ERROR: Please complete all mandatory fields!';
renderForm($id, $hometeam, $awayteam, $error);
}
else
{
mysql_query("UPDATE stats SET hometeam='$hometeam', awayteam='$awayteam' WHERE id='$id'")
or die(mysql_error());
// Go back to view page and redisplay the edited data
header("Location: view.php");
}
}
else
{
echo 'Error!';
}
}
else
{
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM stats WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
if($row)
{
$hometeam = $row['hometeam'];
$awayteam = $row['awayteam'];
renderForm($id, $hometeam, $awayteam, '');
}
else
{
echo "No results!";
}
}
else
{
echo 'Error!';
}
}
?>
</body>
</html>
It's so easy. If you fetch your table's values after edit or delete operation, sql will bring fresh data.
Hello Everyone Good Afternoon
Can I ask a question? but before that here is my code.
<html>
<center>
<font size="2" face = "century gothic">
<?php
$con=mysqli_connect("localhost","root","","election2016");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM candidate_info");
echo "<table border='1'>
<tr>
<th>Candidate Name</th>
<th>Position</th>
<th>Vote</th>
<th>Number of Votes</th>
</tr>";
while ($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['CandidateName'] . "</td>";
echo "<td>" . $row['Position'] . "</td>";
echo "<td><input type='radio' name='candidateid'/>";
echo "<td>" . $row['NumberofVotes'] . "</td>";
}
echo "</table>";
mysqli_close($con);
?>
<br>
<br>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<input name = "update" type = "submit" id = "update" value = "Update">
</form>
</center>
</font>
</html>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$candidateid = $row['candidateid'];
$sql = "UPDATE candidate_info SET numberofvotes = '1' WHERE candidateid = $candidateid" ;
mysql_select_db('election2016');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
?>
The Output of my Code Here is it will show list of Candidates,Position,Radio Button Number of Votes with a button save.
My error here is that when i select a radio button and click the button update i want to put 1 in numberofvotes field but its not updating. Whats wrong with my code?
Any help would be appreciated.
TY so much
<html>
<center>
<font size="2" face = "century gothic">
<?php
$con=mysqli_connect("localhost","root","","election2016");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM candidate_info");
echo "<table border='1'>
<tr>
<th>Candidate Name</th>
<th>Position</th>
<th>Vote</th>
<th>Number of Votes</th>
</tr>";
while ($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['CandidateName'] . "</td>";
echo "<td>" . $row['Position'] . "</td>";
echo "<td><input type='radio' name='candidateid' value='".$row['candidateid']."' >";
echo "<td>" . $row['NumberofVotes'] . "</td>";
$candidateid=$row['candidateid'];
}
echo "</table>";
mysqli_close($con);
?>
<br>
<br>
<form method = "post" action = "<?php $_PHP_SELF ?>">
<input type="hidden" name="candidateid" value="<?php echo $candidateid;?>">
<input name = "update" type = "submit" id = "update" value = "update">
</form>
</center>
</font>
</html>
<?php
if(isset($_POST['update'])) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$candidateid = $_POST['candidateid'];
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn ) {
die('Could not connect: ' . mysql_error());
}
$candidateid = $_POST['candidateid'];
$sql = "UPDATE candidate_info SET numberofvotes = 1 WHERE candidateid = '$candidateid'" ;
mysql_select_db('election2016');
$retval = mysql_query( $sql, $conn );
if(! $retval ) {
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
mysql_close($conn);
}
?>
After passing a php variable(Tno) from one page to another page using button with hidden value, with that variable(Tno) tried to retrieve the data from the database, but I am not able to retrieve with that variable i.e. Tno. I had attached form1.php and retrieve.php.
form1.php
<?php
session_start();
?>
<?php
if( isset ($_SESSION["Email"])) {
$con=mysql_connect("localhost","admin","password");
// Check connection
if (!$con)
{
//echo "i am not ale to connect.<br>";
die('Could not connect: ' . mysql_error());
}
else{
//echo " i am able to connect.<br>";
}
mysql_select_db("maintable", $con);
$Email = mysql_real_escape_string($_SESSION['Email']);
$sql1="select * from customer where Email=('$Email')";
$result1=mysql_query($sql1);
while($row = mysql_fetch_array($result1)){
$var1 = $row['Identity'];
}
//echo" Email of the customer = $Email.<br>";
//echo "identity of the customer = $var1.<br>";
$sql2= "SELECT * FROM `suptest` WHERE Tno LIKE '$var1%'";
$result2=mysql_query($sql2); ?>
<table border=0 width=50%>
<tr>
<th>Ticket Ref. No.</th> <th>Subject</th><th>Status</th></tr>
<?php
while($row = mysql_fetch_array($result2)){
$ticketno= $row['Tno'];
?>
<form action="retrieve.php" method="post">
<tr><td><?php echo $row['Tno']; ?><input type="text" value="<?php echo $row['Tno']; ? >" name="Tno" /></td>
<td><?php echo $row['sub']; ?></td>
<td><?php echo $row['status']; ?></td>
<td><input type="Submit" value="Update" /></td></tr>
</form>
<?php
} ?>
</table>
<?php
mysql_close($con);
}
?>
<?php
session_start();
?>
<html><head></head>
<body>
<?php
$con=mysql_connect("localhost","admin","password");
//echo "Check connection";
if (!$con)
{
//echo "I am not ale to connect.<br>";
die('Could not connect: ' . mysql_error());
}
else{
//echo "I am able to connect.<br>";
}
mysql_select_db("maintable", $con);
$Tno = mysql_real_escape_string($_POST['Tno']);
//echo "my tno is $Tno.<br>";
$Email = mysql_real_escape_string($_SESSION['Email']);
echo $Email;
$sql = "select * from `active1active1` where Tno = ('$Tno')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
$result=mysql_query($sql);
echo $result;
echo mysql_num_rows($result);
echo "entering while loop";
while($row=mysql_fetch_array($result))
{
echo "entered while loop";
echo $row['Tno'] . "<br />";
echo $row['Email'] . "<br />";
echo $row['pdesc'] . "<br />";
echo $row['Activity'] . "<br />";
}
?>
</body></html>
im going to take a stab here:
this line
<tr><td><?php echo $row['Tno']; ?><input type="text" value="<?php echo $row['Tno']; ? >" name="Tno" /></td>
should be this?
<tr><td><?php echo $row['Tno']; ?><input type="hidden" name='Tno' value="<?php echo $row['Tno']; ? >" name="Tno" /></td>
note i added type=hidden and a name for the input
try:
$sql = "select * from `active1active1` where Tno = '" . $Tno . "'";
value="<?php echo $row['Tno']; ? >
There should not be any space after ?
change to ?>
<form action="retreive.php" method="post">
<tr>
<td>
<input type="hidden" value="<?php echo $row['Tno']; ?>" name="Tno" />
</td>
<td>
<input type="Submit" value="Update" />
</td>
</tr>
</form>
retrie`
try this simply:
$Tno = mysql_real_escape_string($_POST['Tno']);
echo $sql = "select * from `active1active1` where Tno = '$Tno'";
$result=mysql_query($sql);
while ($row = mysql_fetch_array($result))
{
print_r($row);
}
I am trying to get a form to input data into my "mysql database" however i am getting an error message and also it is inputting a blank data everytime the page loads.
Here is my code:
<form action="insert.php" method="post">
Name: <input type="text" name="name">
<input type="submit" value="Submit">
</form>
<?php
// This is the connection to my database
$con = mysql_connect('127.0.0.1', 'shane', 'diamond89');
if (!$con){
die('Could not Connect: ' . mysql_error());
}
// This creates my table layout
echo "<table border='1'>
<tr>
<th>ID</th>
<th>Name</th>
<th>Delete</th>
</tr>";
// This selects which database i want to connect to
$selected = mysql_select_db("shane",$con);
if (!$con){
die("Could not select examples");
}
// This inserts new information to the Database
$query = "INSERT INTO test1 VALUES('id', '$name')";
$result = mysql_query($query);
if ($result){
echo("Input data is Successful");
}else{
echo("Input data failed");
}
// This chooses which results i want to select from
$result = mysql_query("SELECT `id`, `name` FROM `test1` WHERE 1");
// This outputs the information into my table
while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . "[D]" . "</td>";
echo "</tr>";
}
echo "</table>";
// This closes my connection
mysql_close($con);
?>
Here is the error message:
( ! ) SCREAM: Error suppression ignored for
( ! ) Notice: Undefined variable: name in C:\wamp\www\sql_table.php on line 36
Call Stack
Time Memory Function Location
1 0.0006 250360 {main}( ) ..\sql_table.php:0
You are trying to access to the POST data, so you should do something like that :
EDIT: be careful about the data you put into your database. You should use a modern database API, or, at least, escape your data (cf bellow code)
<form action="insert.php" method="post">
Name: <input type="text" name="name">
<input type="submit" value="Submit">
</form>
<?php
// Following code will be called if you submit your form
if (!empty($_POST['name'])) :
// This is the connection to my database
$con = mysql_connect('127.0.0.1', 'shane', 'diamond89');
if (!$con){
die('Could not Connect: ' . mysql_error());
}
// This creates my table layout
echo "<table border='1'>
<tr>
<th>ID</th>
<th>Name</th>
<th>Delete</th>
</tr>";
// This selects which database i want to connect to
$selected = mysql_select_db("shane",$con);
if (!$con){
die("Could not select examples");
}
// This inserts new information to the Database
$query = "INSERT INTO test1 VALUES('id', \'".mysql_real_escape_string($_POST['name'])."\')";
$result = mysql_query($query);
if ($result){
echo("Input data is Successful");
}else{
echo("Input data failed");
}
// This chooses which results i want to select from
$result = mysql_query("SELECT `id`, `name` FROM `test1` WHERE 1");
// This outputs the information into my table
while ($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . "[D]" . "</td>";
echo "</tr>";
}
echo "</table>";
// This closes my connection
mysql_close($con);
endif;
?>
I am just unable to understand why the rows are not getting deleted!
please note that i am getting the login values of corrected check boxes in the php page.
from my point of view, most probably error should be in php page where i am using
'DELETE FROM' query.
<?php
session_start();
?>
<html>
<head>
<form id="delete_customers" action="deletecustomers.php" method="post">
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("car_rental_system", $con);
$result = mysql_query("SELECT * FROM customer");
echo "<table border='1' align='center'>
<tr>
<th>first_name</th>
<th>Last_name</th>
<th>login</th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['first_name'] . "</td>";
echo "<td>" . $row['login'] . "</td>";
echo "<td>"."<input type='checkbox' name='deletingcustomers[]'
value=$row['login']}"."</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
<p class='submit'>
<button type='submit' name='dscustomer'>Delete selected</button>
</p>
</head>
</html>
//NOW deletecustomers.php
<?php
session_start();
$_SESSION['deletingcustomers'] = $_POST['deletingcustomers'];
$N = count($_SESSION['deletingcustomers']);
$con = mysql_connect("localhost","root","");
if (!$con) die('Could not connect: ' . mysql_error());
mysql_select_db("car_rental_system", $con);
if(empty($_SESSION['deletingcustomers'])) {
echo("No customers selected");
} else {
for ($i=0; $i<$N; $i++) {
$sql1="delete from `customer`
where login='{$_SESSION[deletingcustomers][$i]}'";
if(mysql_query($sql1,$con))
echo 'executed';
}
}
?>
NO! No! Why do people keep using mysql_query().....(head desk)
Please look up PDO. http://php.net/manual/en/book.pdo.php it helps prevent sql injections and gives you a better understanding of how to harness oop's power.
Your $_SESSION[deletingcustomers][$i] needs to be $_SESSION['deletingcustomers'][$i]
Example on its way
$tempVar = $_SESSION['deletingcustomers'][$i];
$dbConnection = new PDO("mysql:host=".$hostName.";dbname=".$dbName, $username, $password);
$sql = "delete from `customer` where login='$tempVar'";
$stmt = $newObj->prepare($sql);
$stmt->execute();
Replace
echo "<td>"."<input type='checkbox' name='deletingcustomers[]' value=$row['login']}"."</td>";
To
echo "<td><input type='checkbox' name='deletingcustomers[]' value='".$row['login']."'</td>";
and try