I have a problem in editing data in my database. I only want to edit one entry but after I clicked edit, it shows that all the data in my database were edited.
eventlist.php
<?php
$con=mysqli_connect("localhost","root","root","chess");
$result = mysqli_query($con,"select * from events");
//echo "<a href='dashboard.php'>Home</a><br>";
echo "<table border=1 id='hor-minimalist-a' width='100%'>";
echo "<tr align='center'><td><b>Date</b></td><td><b>Event</b></td><td><b>Special Note</b></td><td colspan='2'>Options</td></tr>";
$a=0;
while($row = mysqli_fetch_array($result))
{
if($a%2==0){
echo "<tr bgcolor='#b2d5ff' width='100'>"."<td>" . $row['date'] . "</td> <td>" . $row['event'] . "</td> <td>" . $row['note'] . "</td>"
. "</td><td><a href='editevent.php?id=" . $row['id'] . "'>Edit</a></td><td><a href='deleteevent.php?id=" . $row['id'] . "'>Delete</a></td></tr>";
}
else{
echo "<tr>"."<td>" . $row['date'] . "</td> <td>" . $row['event'] . "</td> <td>" . $row['note'] . "</td>"
. "</td><td><a href='editevent.php?id=" . $row['id'] . "'>Edit</a></td><td><a href='deleteevent.php?id=" . $row['id'] . "'>Delete</a></td></tr>";
}
$a++;
}
echo '</table>';
echo "<center><a href='addevent.php'><button type='submit' class='button'>Add New</button></a></center>";
?>
editevent.php
<?php
while($row = mysqli_fetch_array($result))
{
echo "ID: <input type='text' name='id' value='$row[id]'><br/>";
echo "Date: <input type='text' name='date' value='$row[date]'><br/>";
echo "Event: <textarea type='text' name='event'>".$row['event']."</textarea><br/>";
echo "Note: <input type='text' name='note' value='$row[note]'><br/>";
}
?>
updateevent.php
<?php
$id = $_POST['id'];
$date = $_POST['date'];
$event = $_POST['event'];
$note = $_POST['note'];
$con = mysqli_connect("localhost","root","root","chess");
mysqli_query($con,"update events set date='$date', event='$event', note='$note' where id = id");
header('location: eventlist.php');
?>
"update events set date='$date', event='$event', note='$note' where id = id"
where id = id is true for all rows, so all rows get updated. You probably ment to write where id = $id.
Also note that your query is open to SQL injection. Use prepared statements instead.
Related
This question already has answers here:
How can I prevent SQL injection in PHP?
(27 answers)
How to prevent XSS with HTML/PHP?
(9 answers)
Closed 17 days ago.
I have the following code:
<?php
/*
Template Name: trial_app_review
*/
get_header();
?>
<div class="form-container">
<form style="margin-top: 150px;" method="post">
<?php
// Connect to the MySQL database using the MySQLi object
$mysqli = new mysqli('host', 'user', 'password', 'db');
// Check for errors
if ($mysqli->connect_error) {
echo "Error: " . $mysqli->connect_error;
} else {
// Check if the button was clicked
if (isset($_POST['insert_btn'])) {
// Get the values of the row that the button belongs to
$WK = $_POST['WK']; $WK = mysqli_real_escape_string($mysqli, $WK);
$Trial_Year = $_POST['Trial_Year']; $Trial_Year = mysqli_real_escape_string($mysqli, $Trial_Year);
$Trial_Dates = $_POST['Trial_Dates'];$Trial_Dates = mysqli_real_escape_string($mysqli, $Trial_Dates);
$Trial_Club = $_POST['Trial_Club']; $Trial_Club = mysqli_real_escape_string($mysqli, $Trial_Club);
$Trial_Classes = $_POST['Trial_Classes']; $Trial_Classes = mysqli_real_escape_string($mysqli, $Trial_Classes);
$Ring_Width = $_POST['Ring_Width']; $Ring_Width = mysqli_real_escape_string($mysqli, $Ring_Width);
$Ring_Height = $_POST['Ring_Height']; $Ring_Height = mysqli_real_escape_string($mysqli, $Ring_Height);
$double_yes_no = $_POST['double_yes_no']; $double_yes_no = mysqli_real_escape_string($mysqli, $double_yes_no);
$FeePd = $_POST['FeePd']; $FeePd = mysqli_real_escape_string($mysqli, $FeePd);
$num_days = $_POST['num_days']; $num_days = mysqli_real_escape_string($mysqli, $num_days);
$start_date = $_POST['start_date']; $start_date = mysqli_real_escape_string($mysqli, $start_date);
$Trial_City = $_POST['Trial_City']; $Trial_City = mysqli_real_escape_string($mysqli, $Trial_City);
$Trial_St = $_POST['Trial_St']; $Trial_St = mysqli_real_escape_string($mysqli, $Trial_St);
$trial_sec = $_POST['trial_sec']; $trial_sec = mysqli_real_escape_string($mysqli, $trial_sec);
$Trial_Email = $_POST['Trial_Email']; $Trial_Email = mysqli_real_escape_string($mysqli, $Trial_Email);
$Trial_Website = $_POST['Trial_Website']; $Trial_Website = mysqli_real_escape_string($mysqli, $Trial_Website);
$end_date = $_POST['end_date']; $end_date = mysqli_real_escape_string($mysqli, $end_date);
$street_addr = $_POST['street_addr']; $street_addr = mysqli_real_escape_string($mysqli, $street_addr);
$distckwk = $_POST['distckwk']; $distckwk = mysqli_real_escape_string($mysqli, $distckwk);
$club_id = $_POST['club_id']; $club_id = mysqli_real_escape_string($mysqli, $club_id);
$pend_id = $_POST['ID']; $pend_id = mysqli_real_escape_string($mysqli, $pend_id);
$query = "INSERT INTO Calendar (pend_id, WK, Trial_Year, Trial_Dates, Trial_Club, Trial_City, Trial_St, Trial_Classes, Ring_Width, Ring_Height, double_yes_no, Trial_FName, Trial_Email,
Trial_Website, FeePd, start_date, end_date, street_addr, distckwk, club_id,Pend_Confirm)
VALUES ('$pend_id', '$WK', '$Trial_Year', '$Trial_Dates', '$Trial_Club', '$Trial_City', '$Trial_St', '$Trial_Classes', '$Ring_Width', '$Ring_Height', '$double_yes_no', '$trial_sec',
'$Trial_Email', '$Trial_Website', '$FeePd', '$start_date', '$end_date', '$street_addr','$distckwk', '$club_id',CONCAT('Confirmed-', CURRENT_DATE()))";
$result = $mysqli->query($query);
if ($result) {
$update = "UPDATE PendingCalendar SET Pend_Confirm = CONCAT('Confirmed-', CURRENT_DATE()) WHERE ID = '$pend_id'";
$update_result = $mysqli->query($update);if ($update_result) {
echo '<script>window.location.href = "https://nadac.com/success.php";</script>';
} else {
echo "Error: " . $mysqli->error;
}
} else {
echo "Error: " . $mysqli->error;
}
}
else {
// Execute a SELECT query and check for errors
$result = $mysqli->query("SELECT * FROM PendingCalendar WHERE Pend_Confirm IS NULL OR Pend_Confirm ='' ORDER BY WK DESC");
if (!$result) {
echo "Error: " . $mysqli->error;
} else {
// Add the stylesheet
echo "<style>
table {
border-collapse: collapse;
}
table, td, th {
border: 1px solid black;
padding: 5px;
}
</style>";
// Create the updated HTML table
echo "<table>\n";
echo " <tr>\n";
echo " <th>Action</th>\n";
echo " <th>WK</th>\n";
echo " <th>Trial_Year</th>\n";
echo " <th>Trial_Club</th>\n";
echo " <th>Trial_Classes</th>\n";
echo " <th>Ring_Width</th>\n";
echo " <th>Ring_Height</th>\n";
echo " <th>double_yes_no</th>\n";
echo " <th>Fee Pd</th>\n";
echo " <th>start_date</th>\n";
echo " <th>end_date</th>\n";
echo " </tr>\n";
// Iterate over the results and print each row
while ($row =
$result->fetch_assoc()) {
// Print the table row
echo " <tr>\n";
echo " <td>\n";
echo " <form method='post' >\n";
echo " <input type='hidden' name='ID' value='" . $row['ID'] . "'>\n";
echo " <input type='hidden' name='WK' value='" . $row['WK'] . "'>\n";
echo " <input type='hidden' name='Trial_Year' value='" . $row['Trial_Year'] . "'>\n";
echo " <input type='hidden' name='Trial_Club' value='" . $row['Trial_Club'] . "'>\n";
echo " <input type='hidden' name='Trial_Classes' value='" . $row['Trial_Classes'] . "'>\n";
echo " <input type='hidden' name='Ring_Width' value='" . $row['Ring_Width'] . "'>\n";
echo " <input type='hidden' name='Ring_Height' value='" . $row['Ring_Height'] . "'>\n";
echo " <input type='hidden' name='double_yes_no' value='" . $row['double_yes_no'] . "'>\n";
echo " <input type='hidden' name='FeePd' value='" . $row['FeePd'] . "'>\n";
echo " <input type='hidden' name='start_date' value='" . $row['start_date'] . "'>\n";
echo " <input type='hidden' name='end_date' value='" . $row['end_date'] . "'>\n";
echo " <input type='hidden' name='Trial_Dates' value='" . $row['Trial_Dates'] . "'>\n";
echo " <input type='hidden' name='Trial_City' value='" . $row['Trial_City'] . "'>\n";
echo " <input type='hidden' name='Trial_St' value='" . $row['Trial_St'] . "'>\n";
echo " <input type='hidden' name='Trial_Email' value='" . $row['Trial_Email'] . "'>\n";
echo " <input type='hidden' name='Trial_Website' value='" . $row['Trial_Website'] . "'>\n";
echo " <input type='hidden' name='street_addr' value='" . $row['street_addr'] . "'>\n";
echo " <input type='hidden' name='distckwk' value='" . $row['distckwk'] . "'>\n";
echo " <input type='hidden' name='club_id' value='" . $row['club_id'] . "'>\n";
echo " <input type='hidden' name='trial_sec' value='" . $row['trial_sec'] . "'>\n";
echo " <button type='submit' name='insert_btn'>Insert</button>\n";
echo " </form>\n";
echo " </td>\n";
echo " <td>" . $row['WK'] . "</td>\n";
echo " <td>" . $row['Trial_Year'] . "</td>\n";
echo " <td>" . $row['Trial_Club'] . "</td>\n";
echo " <td>" . $row['Trial_Classes'] . "</td>\n";
echo " <td>" . $row['Ring_Width'] . "</td>\n";
echo " <td>" . $row['Ring_Height'] . "</td>\n";
echo " <td>" . $row['double_yes_no'] . "</td>\n";
echo " <td>" . $row['FeePd'] . "</td>\n";
echo " <td>" . $row['start_date'] . "</td>\n";
echo " <td>" . $row['end_date'] . "</td>\n";
echo " </tr>\n";
} echo "</table>\n";
}
}
}
?>
</form>
</div>
And it works. But when a column has an apostrophe, it removes everything after the apostrophe.
I am definitely a beginner, but I thought the escape string would prevent that from happening?
I made a test record and using something like this: NADAC,Testing'testing"testing it gets shortened to: NADAC,Testing
What am I missing?
I have a form created with php to edit records in a MySQL db. I would like to add a drop down menu to this form for the "type" field but am not sure how to create it without losing the data already in the db field.
<?php
require_once '../php/dbconfig.php';
// Create connection
$conn = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
if (isset($_POST['update'])) {
$UpdateQuery = "UPDATE members SET name='$_POST[name]', type='$_POST[type]', physicaladdress='$_POST[physicaladdress]', billingaddress='$_POST[billingaddress]', contact='$_POST[contact]', phone='$_POST[phone]', fax='$_POST[fax]', email='$_POST[email]', web='$_POST[web]', description='$_POST[description]' WHERE id='$_POST[id]'";
mysqli_query($conn, $UpdateQuery);
}
$result = mysqli_query($conn, "SELECT * FROM members ORDER BY name");
echo "<br />";
echo "<table border=0>
<tr>
<th>Name</th>
<th>Type</th>
<th>Physical Address</th>
<th>Billing Address</th>
<th>Contact Name</th>
<th>Phone</th>
<th>Fax</th>
<th>Email</th>
<th>Web</th>
<th>Description</th>
</tr>" ;
while($record = mysqli_fetch_array($result)) {
echo "<form action = admin-update.php method = post>";
echo "<tr>";
echo "<td>" . "<input type=text size=42 name=name value='" . $record['name'] . "' </td>";
echo "<td>" . "<input type=text size=30 name=type value='" . $record['type'] . "' </td>";
echo "<td>" . "<input type=text size=60 name=physicaladdress value='" . $record['physicaladdress'] . "' </td>";
echo "<td>" . "<input type=text size=60 name=billingaddress value='" . $record['billingaddress'] . "' </td>";
echo "<td>" . "<input type=text size=20 name=contact value='" . $record['contact'] . "' </td>";
echo "<td>" . "<input type=text size=10 name=phone value='" . $record['phone'] . "' </td>";
echo "<td>" . "<input type=text size=10 name=fax value='" . $record['fax'] . "' </td>";
echo "<td>" . "<input type=text size=25 name=email value='" . $record['email'] . "' </td>";
echo "<td>" . "<input type=text size=25 name=web value='" . $record['web'] . "' </td>";
echo "<td>" . "<input type=text 50 name=description value='" . $record['description'] . "' </td>";
echo "<td>" . "<input type=hidden name=id value='" . $record['id'] . "' </td>";
echo "<td>" . "<input type=submit name= update value=Update" . " </td>";
echo "</form>";
}
echo "</table>";
$conn->close();
?>
Any assistance would be greatly appreciated. Thank you.
You should be able to change the type from an input to a select with options and include the value from the database as one of the options.
I suggest this:
$selectType = '<select name="type">';
$selectType .= '<option value="'. $record['type'] .'">"'. $record['type'] .'"</option>';
$selectType .= '<option value="Opt1">Option1</option>';
$selectType .= '<option value="Opt2">Option2</option>';
$selectType .= '<option value="Opt3">Option3</option>';
$selectType .= '</select>;
Then, inside your while loop:
echo "<td>" . $selectType . "</td>";
I hope this works for you. Please let me know if it does not or if it does not answer your question.
so I have this code that other Stack members have helped me fine tune and correct some errors, the code all works as it should but there is one small detail, after successfully editing one record and clicking the update button ALL of the existing records that are in the database load into the page. Here is my code below:
<?php
$con = mysql_connect("localhost", "root", "M1q2w3e4r");
if (!$con) {
die("Can not connect: " . mysql_error());
}
mysql_select_db("inventory",$con);
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE invoice SET `inv_number`='$_POST[inv_number]', `from_date`='$_POST[from_date]', `to_date`='$_POST[to_date]',`date_type`='$_POST[date_type]', `notes`='$_POST[notes]' WHERE id='$_POST[id]'";
mysql_query($UpdateQuery, $con);
};
$where = '';
if(!empty($_GET) && !empty($_GET['edit'])) {
$where = ' where id='.$_GET['edit'];
}
$sql = "SELECT * FROM invoice".$where;
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>Inv #</th>
<th>From</th>
<th>To</th>
<th>Type</th>
<th>Notes</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action='edit.php' method='post'>";
echo "<tr>";
echo "<td>" . "<input type='text' name='inv_number' value='" . $record['inv_number'] . "'> </td>";
echo "<td>" . "<input type='text' id='from' name='from_date' value='" . $record['from_date'] . "'> </td>";
echo "<td>" . "<input type='text' id='to' name='to_date' value='" . $record['to_date'] . "'> </td>";
echo "<td>" . "<input type='text' name='date_type' value='" . $record['date_type'] . "'> </td>";
echo "<td>" . "<input type='text' name='notes' value='" . $record['notes'] . "'> </td>";
echo "<td>" . "<input type='hidden' name='id' value='" . $record['id'] . "'> </td>";
echo "<td>" . "<input type='hidden' name='hidden' value='" . $record['id'] . "'> </td>";
echo "<td>" . "<input type='submit' name='update' value='update'>" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysql_close($con);
?>
I know it has to do with the form action="edit.php", as it refreshes the page the id number in the url is pulled out. So I tried this:
echo "<form action='edit.php?edit=<?php echo $_REQUEST["id"]; ?>' method='post'>";
but this only led to my edit.php to display as a blank page. If anyone can help me figure out how to prevent all the database records from being displayed in the page after clicking the update button it would really help.
I might do this, for example, if I just wanted to show the record that was just updated:
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE invoice SET `inv_number`='$_POST[inv_number]', `from_date`='$_POST[from_date]', `to_date`='$_POST[to_date]',`date_type`='$_POST[date_type]', `notes`='$_POST[notes]' WHERE id='$_POST[id]'";
mysql_query($UpdateQuery, $con);
$where = ' where id='.$_POST[id];
}
else {
$where = '';
if(!empty($_GET) && !empty($_GET['edit'])) {
$where = ' where id='.$_GET['edit'];
}
}
You could also use REQUEST instead of GET and make a hidden input field with the name "edit" in your form.
Guys I cant see why it is that my code will only Update the last row on the table. It will populate the entire HTML page with a table with the info from phpAdmin. I can then change this info, on the html page. It all works fine if there is only one record, anymore than one and it only takes effect on the last row. I am new to all this, so excuse the code, here it is......
<html>
<?php
$con = mysql_connect("localhost","root");
if(!$con){
die("Cant get there Bren: " . mysql_error());
}
mysql_select_db("Web_Data",$con);
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Vehicles SET Vehicle_Id='$_POST[Vehicle_Id]',
Registration='$_POST[Registration]',Make='$_POST[Make]',Model='$_POST[Model]',
Classification='$_POST[Classification]',Rental_Price='$_POST[Rental_Price]',
Current_Status='$_POST[Current_Status]',Mileage='$_POST[Mileage]'
WHERE Vehicle_Id='$_POST[hidden]'";
echo "<center> Vechicle Id '$_POST[hidden]' succesfully VEHICLE UPDATED </center>";
mysql_query($UpdateQuery, $con);
};
$sql = "Select * From Vehicles";
$myData = mysql_query($sql,$con);
echo" <center> <table border = 3>
<tr>
<th>Vehicle_Id</th>
<th>Registration</th>
<th>Make</th>
<th>Model</th>
<th>Classification</th>
<th>Rental_Price</th>
<th>Current_Status</th>
<th>Mileage</th>
</tr></center>";
while($record = mysql_fetch_array($myData)){
echo "<form action = UpdateWD.php method=post>";
echo "<tr>";
echo "<td>" . "<input type = text name = Vehicle_Id value=" . $record['Vehicle_Id'] . " </td>";
echo "<td>" . "<input type = text name = Registration value=" . $record['Registration'] . " </td>";
echo "<td>" . "<input type = text name = Make value=" . $record['Make'] . " </td>";
echo "<td>" . "<input type = text name = Model value=" . $record['Model'] . " </td>";
echo "<td>" . "<input type = text name = Classification value=" . $record['Classification'] . " </td>";
echo "<td>" . "<input type = text name = Rental_Price value=". $record['Rental_Price'] . " </td>";
echo "<td>" . "<input type = text name = Current_Status value=" . $record['Current_Status'] . " </td>";
echo "<td>" . "<input type = text name = Mileage value=" . $record['Mileage'] . " </td>";
echo "<td>" . "<input type = hidden name = hidden value=" . $record['Vehicle_Id'] . " </td>";
echo "<td>" . "<input type = submit name = update value= update" . " </td>";
echo "</from>";
}
echo"</table>";
mysql_close($con);
?>
<br><br><br>
<footer>
Copyright © 2013 ABU LTD
About -
Privacy Policy -
Contact Us
Logout
</footer> <!--footer-->
</html>
See here:
Use while loop to display all fetched records.
<?php
// Make a MySQL Connection
$sql = "Select * From Vehicles";
$myData = mysql_query($sql,$con) or die(mysql_error());
while($row = mysql_fetch_array($myData)){
echo $row['Vehicle_Id'];
}
?>
And mysql_query can't use multiple queries.
The easiest thing is to just run them separately. I believe you can do multi query but I haven't tried it.
Just get the idea how you can run multiple queries using foreach loop.
$updateArray = array(21=>300,23=>200,24=>100);
foreach($updateArray as $id=>$value)
{
$query = "UPDATE cart SET cart_qty='$value' WHERE cart_id = '$id'";
mysql_query($query,$link);// $link is specified above
}
here is my mistake
hours and hours and all it was
echo "<td>" . "<input type = 'submit' name = 'update' value= 'update'" . " />";
echo "</td>";
echo "</tr>";
echo "</form>";
had "form" spelt "from" & didnt close the </tr>
Dont mind the security issues, this is just local testing, but when ever i click the update button none of the changes go through on the page or on the query and i get no erros.
<?php
$link = mysqli_connect("localhost", "root", "", "test") or die("could not connect");
if (isset($_POST['update'])) {
$updateQuery = (" UPDATE `test1` SET f_name = '$_POST[f_name]', l_name='$_POST[l_name]', email='$_POST[email]' WHERE id='$_POST[id]'");
mysqli_query($link, $updateQuery);
};
$query = ("SELECT * FROM `test1`");
$result = mysqli_query($link, $query);
echo "<table border=1
<tr>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
</tr>";
while($row = mysqli_fetch_array($result)) {
echo "<form method=post action=update.php>";
echo "<tr>";
echo "<td>" . "<input type=text name=f_name value=" . $row['f_name'] . " </td>";
echo "<td>" . "<input type=text name=l_name value=" . $row['l_name'] . " </td>";
echo "<td>" . "<input type=text name=email value=" . $row['email'] . " </td>";
echo "<td>" . "<input type=hidden name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=submit value=update" . " </td>";
echo "</tr>";
}
?>
change your form to
while($row = mysqli_fetch_array($result)) {
echo "<form method=post action=update.php>";
echo "<input type=hidden name=update>";
echo "<tr>";
echo "<td>" . "<input type=text name=f_name value=" . $row['f_name'] . " </td>";
echo "<td>" . "<input type=text name=l_name value=" . $row['l_name'] . " </td>";
echo "<td>" . "<input type=text name=email value=" . $row['email'] . " </td>";
echo "<td>" . "<input type=hidden name=id value=" . $row['id'] . " </td>";
echo "<td>" . "<input type=submit name=submit value=update" . " </td>";
echo "</tr>";
}
POST keys should be in quotes. Try this instead:
$updateQuery = "UPDATE test1 SET f_name = ".$_POST['f_name'].", l_name=."$_POST['l_name'].", email=".$_POST['email']." WHERE id=".$_POST['id'];
Try this:
$updateQuery = ("UPDATE `test1` SET f_name = '{$_POST['f_name']}', l_name='{$_POST['l_name']}', email='{$_POST['email']}' WHERE id='{$_POST['id']}'");
Also you can try echoing something inside your if (isset($_POST['update'])) { to make sure it is testing true.
Here is your problem:
if (isset($_POST['submit']) && $_POST['submit'] == 'update') {
The name of the submit button is submit not update, the value is update.