I'm posting from the HTML code shown in this jsfiddle to the PHP page for which the code is below. The issue is that the array $_POST['selectedpost'] isn't being received. That's the array containing which checkboxes were ticked. In the js fiddle I added in an example row to the table containing the checkboxes as normally these are generated using PHP and SQL.
<?php
include "connect2.php";
if (isset($_POST['selectedpost'])) {
$postschecked = $_POST['selectedpost'];
$length = count($postschecked);
}
else{
returnpage();
}
if (isset($_POST['deleteposts'])) {
foreach($postschecked as $post_id){
$sql = "DELETE FROM posts WHERE post_id='$post_id'";
mysql_query($sql);
}
returnpage();
}
if (isset($_POST['passposts'])) {
foreach($postschecked as $post_id){
$sql = "UPDATE posts SET moderation=1 WHERE post_id='$post_id'";
mysql_query($sql);
}
returnpage();
}
if (isset($_POST['editpost'])) {
if ($lenght==1){
foreach($postschecked as $post_id){
header("location:editpost.php?post_id=$post_id");
}
}
else{
returnpage();
}
}
if (isset($_POST['returnpost'])) {
if (isset($_POST['reasonreturned'])) {
foreach($postschecked as $post_id){
$sql = "SELECT description FROM posts WHERE post_id='$post_id'";
$query = mysql_query($sql);
$array = array();
while ($row = mysql_fetch_array($query, MYSQL_NUM)) {
$array[] = $row; }
$description = "".$array[0][0];
$description = $description . "<br/><br/><span style='color:red;font-size:18px;'>" . $_POST['reasonreturned'] . "</span>";
$sql = "UPDATE posts SET description='$description' WHERE post_id='$post_id'";
$query = mysql_query($sql);
}
}
foreach($postschecked as $post_id){
$sql = "UPDATE posts SET moderation=3 WHERE post_id='$post_id'";
$query = mysql_query($sql);
}
returnpage();
}
if ($length){
returnpage();
}
function returnpage(){
//header("location:moderate.php");
}
?>
http://jsfiddle.net/3A6az/2/
Also extra note, I am aware as to how un-efficient my code is in places and I'm also aware to the fact I should drop mysql and move to something like mysqli. Thank's for any help given
If you have more than 1 checkbox you need to use
name='selectedpost[]'
It will then be available to you with $_POST['selectedpost']; as an array.
Hope this helps!
You're using an unbracketed input <input type='checkbox' name='selectedpost' value='404'></input> plus you don't need </input> <(FYI)
If anything you shouldn't be using value='404' unless that's what you want to pass as a "value".
You probably meant to use multiple checkboxes and using name='selectedpost[]'
I.e.:
<input type='checkbox' name='selectedpost[]'>
Using square brackets [] are treated as an array.
Footnotes:
I would like to point out though, that switching to mysqli_* functions would be most beneficial. mysql_* functions are deprecated.
Using mysqli_* functions with prepared statements or PDO would be even better in order to protect yourself from SQL injection.
Here is a guide on how to prevent SQL injection: How can I prevent SQL injection in PHP?
N.B.: I also found a typo which may give you trouble if ($lenght==1){
You have the word $length in your code as well. Change it to if ($length==1){
Related
I wanna ask you, how can I fix this code? I have a problem with "ADD" and "INSERT" functions in database. I can only delete from database, but "add and insert" functions do nothing.
this is my about.php file.
$mode = 'add';
$about = '';
if(isset($_GET['edit']) && is_numeric($_GET['edit'])){
$sql = "SELECT * FROM `about_me` WHERE `about_me`.`id` =".$_GET['edit'];
$result_about = mysqli_query($conn, $sql);
if(mysqli_num_rows($result_about) == 1) {
$mode = 'edit';
$about = mysqli_fetch_assoc($result_about);
}
}
$apie = '';
if(isset($_POST["submit"])){
if(isset($_POST["apie"])){
$apie = trim($_POST["apie"]);
}
}
elseif($mode=='edit') {
$apie = $about['about'];
}
if($mode=='add') {
if(($apie!='')){
$sql = 'INSERT INTO about_me(about)
VALUES ("'.$apie.'")';
mysqli_query($conn, $sql);
header('Location:about.php');
die();
}
}
elseif($mode=='edit') {
if(($apie!='')){
$sql = "UPDATE `about_me` SET `about` = '".$apie."' WHERE `about_me`.`id` = ".$_GET['edit'];
mysqli_query($conn, $sql) ;
}
}
<..>
<input type = "text" name = "apie" value = "<?php echo $apie; ?>">
<br><br>
<input type = "submit" name = "submit" value = "Gerai">
<br><br>
I checked mysql error, with https://www.w3schools.com/php/func_mysqli_error.asp, and then it insert in my DB. I think there is code foult, but I don't know where.
You have a slight error with your first query, you can't use parentheses next to the database selector, I'd recommend creating a separate file with a database connection that you can refer to as $conn, your first query should look like this:
$sql = "INSERT INTO about_me
VALUES (?)";
Also, you should look into prepared statements for your queries, instead of inserting them directly you use a question mark? to which you bind the parameter/parameters. This helps prevent SQL injections!
Hope this helps!:)
I am building a bus reservation system using php & mysql.
In here I am trying to input the search field "route" which is fields of the mysql table.
It seems to have problem in searching and printing the results to the page. Please help me out.
<?php
$connect=mysqli_connect("localhost","root","","tsms");
$output ='';
if(isset($_POST['from'])){
$searchq = $_POST['from'];
$query = mysqli_query("SELECT * FROM bus WHERE route='$serchq' ");
$count = mysqli_num_rows($query);
if($count==0){
echo "<script>
alert('No bus services are found');
</script>";
} else {
while($row = mysqli_fetch_array($query)){
$imageData = $row['image'];
$arrival = $row['arrival_time'];
$departure = $row['departure_time'];
$type = $row['bus_type'];
$class = $row['class'];
$name = $row['bus_name'];
$facilities = $row['facilities'];
$reservation = $row['reservation_fee'];
$output = '<div>'.$arrival.''.$departure.''.$type.''.$class.''.$name.''.$facilities.''.$reservation.'</div>';
}
}
}
echo $output;
?>
Not sure where is the problem, but the sql comparison with "=" searches for a perfect match. Try to use the "like" as
SELECT * FROM bus WHERE route like '%$serchq%'
also, do escape the serchq, because you can get hacked this way.
In your search form, do you have a (dropdown) input or a simple text input?
In your sql query, you are searching for an exact match.
Should this be your issue, consider changing "route='$serchq'" to "route LIKE $serchq" for a more broad match. Also the quotes are not necessary around $serch so eliminating them might help.
i have a question regarding passing a php variable in the $_POST knowing that i named my buttons using the same variable because i want the buttons to have unique names.
while($row = mysql_fetch_array($query)){
$friend_id = $row['friend_id'];
$result = mysql_query("SELECT username FROM users WHERE user_id = '$friend_id'");
if (mysql_num_rows($result) > 0) {
$friendname = mysql_result($result,0,"username");
$friendname = sanitize($friendname);
echo '<input type = "submit" id='. $friend_id .' name ='.$friend_id.' class = "member" value ='. $friendname.' /><br>';
}
here where i am trying to pass it but it is not working
print_r($_POST);
if(isset($_POST['name'])){
$signers = mysql_query("SELECT friend_id FROM friends WHERE user_id = $session_user_id ");
$count = mysql_num_rows($signers);
if($count == 0){
echo "<p>you need to add team members</p>";
}
else{
while($row = mysql_fetch_array($signers)){
$signer_id .= $row['friend_id'];
}
echo '<p>'.$signer_id . '</p>';
}
$request = mysql_query("INSERT INTO requests VALUES ('','$user_id','$fid','$fname','$signer_id')");
}
else {
echo '<p> not working </p>';
}
both of those sections are in the same php page
You're not passing a variable around, you're passing a value so this line -
if(isset($_POST["'$friend_id'"])=== true){
needs to be changed to this -
if(isset($_POST['name'])){
The name attribute (along with the value) of each input is what is passed in a POST. You're just checking to see if the name parameter has a value, if it does then you can act on it with other code.
In addition please stop using mysql_* functions. They are no longer maintained and are officially deprecated. Learn about prepared statements instead, and consider using PDO.
The condition in the second piece of code should be without quotes:
if (isset($_POST[$friend_id])) {...
The part === true isn't necessary in this case, I've removed it.
You should look into predefining any variables you intend to use.
function input_post ($value, $default) {
return isset($_POST[$value]) ? $_POST['value'] : false;
}
Then use the post as so, this would prevent any not set errors
$friend_id = input_post('friend_id');
if ($friend_id) {
// If friend_id is set, do this
}
else {
// If friend_id is false or unset
}
I have two MySQL tables - "mfb_servicelog" and "mfb_agent_status_summary".
I want to select data from "total_ce" column in "mfb_agent_status_summary" where sl_id = $sl_id and then export it as an excel sheet using PHPExcel.
I can get the $sl_id value from mfb_servicelog table where h_id = $value[$i].
And the values of $value is coming from another php file using _POST as an array.
Please point me to the right direection.
Here is my code: (Its returning long list of error)
$value = $_POST['hospitalname'];
$from = $_POST['from'];
$to = $_POST['to'];
if($_POST["Submit"]=="Submit") {
for ($i=0; $i<sizeof($value); $i++) {
$queryslid="SELECT sl_id FROM mfb_servicelog WHERE h_id LIKE ('".$value[$i]."')";
if ($resultslid = (mysql_query($queryslid) or die(mysql_error())) {
while($rowslid = mysql_fetch_row($resultid)) {
$slidset[$i] = $rowslid;
}
$querycasesentered = "SELECT total_ce FROM agent_summary WHERE sl_id LIKE ('".$slidset[$i]."')";
if ($resultcaseentered = (mysql_query($querycasesentered) or die(mysql_error())) {
while($rowce = mysql_fetch_row($resultcasesentered)) {
$casee[$i] = $rowce;
if($i == 0) {
$col = 'H';
}
else {
$col = $k;
}
foreach ($rowce as $cell) {
$obejctPHPExcel->getActiveSheet()->setCellValue($col.$rowNumber,$cell);
$col++;
}
$rowNumber++;
}
}
}
Just a heads up, you are accepting POST data without cleaning it before running your SQL statement, this is very very dangerous and opens your database to injection attacts. But to the problem at hand. Use a join SQL statement something like:
$sql = "SELECT total_ce FROM agent_summary AS agent LEFT JOIN mfb_servicelog AS service ON agent.sl_id = service.sl_id WHERE service.h_id LIKE ('".$value[$i]."')"
You are using mysql_query in a wrong way.
mysql_query has 2 parameters which is the connection and the query
You can look at this definition:
http://www.w3schools.com/php/func_mysqli_query.asp
In short, I suggest that you should use PDO when you are not sure what you are doing with mysql. In order to understand what is PDO, you should read this tutorial http://wiki.hashphp.org/PDO_Tutorial_for_MySQL_Developers carefully which help you to prevent your code from the SQL Injection.
Here I'm trying to insert the datas again into database new table (with quantity & customer details). $grocery_id and $grocery_item values are fetch from database. $customername, $customermobile, $groqty values are user will enter the details in that appropriate textfield.
When I execute this code ($groceryid, $groceryitem) -> These two column always stored the last row values. Because I've put the query outside of foreach loop. Here is my problem. If I put the query inside the foreach it works fine. But, quantity values doesn't work properly. So, How can I execute the query properly (outside of foreach loop)?
<?php
if(isset($_POST['submit']))
{
$grocery_id = $rowid;
$grocery_item = $rowsitem;
$customername = $_POST['customername'];
$customermobile = $_POST['customermobile'];
$groqty = $_POST['groceryquantity'];
for($i = 0; $i < sizeof($groqty); $i++)
{
$groqtys = $groqty[$i];
foreach($grocery_id as $key => $index_id )
{
}
$sql = "INSERT INTO ".customer_order." SET grocery_id = '$index_id' , grocery_item = '$grocery_item[$key]', customername = '$customername', customermobile = '$customermobile', quantity = '$groqtys' ";
mysql_query($sql,$CN);
$response = asort_form_ok("Your order successfully submitted. We will deliver you soon.");
}
}
?>
You could simply use one foreach loop considering the index values of $grocery_id and $groqty are the same.
Try:
<?php
if (isset($_POST['submit']))
{
$grocery_id = $rowid;
$grocery_item = $rowsitem;
// sanitizing your values
$customername = mysql_real_escape_string($_POST['customername']);
$customermobile = mysql_real_escape_string($_POST['customermobile']);
$groqty = array_map('mysql_real_escape_string', $_POST['groceryquantity']);
foreach($grocery_id as $key => $index_id)
{
$sql = "INSERT INTO " . customer_order . " SET grocery_id = '$index_id' , grocery_item = '$grocery_item[$key]', customername = '$customername', customermobile = '$customermobile', quantity = '$groqty[$key]' ";
mysql_query($sql, $CN);
$response = asort_form_ok("Your order successfully submitted. We will deliver you soon.");
}
}
?>
Also note:
Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO, or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.