I have set a script to show all members of my database in a table that have so called 'Pending Points' . In that table there's a button that an admin can click to send those pending points to 'Points' to the user in that row of the table and resetting the 'Pending Points' to 0. I have made the script to send these points but it doesn't seem to change anything even though it does give the success message. Any help is appreciated !
Here's an image that will clarify:
Code to send the points (sendpoints.php):
<?
include ("connect.php");
$result = mysqli_query($conn,"SELECT * FROM members WHERE pendingpoints > 0 ");
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$send = $_POST['send'];
if ($send) {
mysqli_query($conn,"UPDATE members SET points='$newpoints' WHERE
username='$username'");
mysqli_query($conn,"UPDATE members SET pendingpoints='0' WHERE
username='$username'");
$username = $row['username'];
$pendingpoints = $row['pendingpoints'];
$points = $row['points'];
$newpoints = $points + $pendingpoints;
echo "Succesfully changed points for that user";
}
?>
Code to show the table:
<?
include ("connect.php");
$submit = $_POST['submit'];
if ($submit) {
$result = mysqli_query($conn,"SELECT * FROM members WHERE pendingpoints > 0 ");
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
while ($row = mysqli_fetch_assoc($result))
{
$username = $row['username'];
$pendingpoints = $row['pendingpoints'];
$points = $row['points'];
$newpoints = $points + $pendingpoints;
$ip = $row['ip'];
echo "<table border='1'>
<tr>
<td><b>Username:</b></td>
<td><b>Pendingpoints:</b></td>
<td><b>IP:</b></td>
<td><b>Confirm Points:</b></td>
</tr>
<tr>
<form id='1' action='sendpoints.php' method='post'>
<td> $username </td>
<td> $pendingpoints </td>
<td> $ip </td>
<td><input type='submit' class='classname' name='send' value='Send'></form></td>
</tr>
<br> </table>";
}
}
?>
As per my understanding you want to send points on button click only to specific person but in your code your doing something else..
note: i added hidden variable in your form to send points to only that specific user
<?
include ("connect.php");
if (isset($_POST['send'])) {
$username=$_POST'username'];
$result = mysqli_query($conn,"SELECT * FROM members WHERE username='$username' ");
$row = mysqli_fetch_array($result,MYSQLI_ASSOC);
$pendingpoints = $row['pendingpoints'];
$points = $row['points'];
$newpoints = $points + $pendingpoints;
$q=mysqli_query($conn,"UPDATE members SET points='$newpoints',pendingpoints=0 WHERE
username='$username'");
if($q){
echo "Succesfully changed points for that user";
}
}
?>
Code to show the table:
<?
include ("connect.php");
$submit = $_POST['submit'];
if ($submit) {
$result = mysqli_query($conn,"SELECT * FROM members WHERE pendingpoints > 0 ");
$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
while ($row = mysqli_fetch_assoc($result))
{
$username = $row['username'];
$pendingpoints = $row['pendingpoints'];
$points = $row['points'];
$newpoints = $points + $pendingpoints;
$ip = $row['ip'];
echo "<table border='1'>
<tr>
<td><b>Username:</b></td>
<td><b>Pendingpoints:</b></td>
<td><b>IP:</b></td>
<td><b>Confirm Points:</b></td>
</tr>
<tr>
<td> $username </td>
<td> $pendingpoints </td>
<td> $ip </td>
<td><form id='1' action='sendpoints.php' method='post'><input type='submit' class='classname' name='send' value='Send'><input type='hidden' name='username' value='$username'></form></td>
</tr>
<br> </table>";
}
}
?>
In the first script $row is not defined.
Edit: since the code was updated, the logic seems to be incorrect. You need to pull username from $_POST, and use this in the update.
However, two big problems: you are not handling escaping of special chars like '. This can break the form, and open up mysql injection security holes.
Related
I'm trying to create a form which allows you to update a database table using php.
I'm kinda new to PHP so excuse me if I make a stupid mistake in the code.
This is my edit.php code:
<html>
<head>
</head>
<body>
<?php
$con=mysqli_connect("localhost","root","root","test");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM cats");
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<?php
while($row = mysqli_fetch_array($result))
{
$name = $row['name'];
$email = $row['email'];
$rank = $row['rank'];
$birth = $row['birth'];
$joined = $row['joined'];
$steamid = $row['steamid'];
?>
<td width="100"></td>
<td><?=$name?></td>
</tr>
<tr>
<td width="100">Email</td>
<td><input name="emailid" type="text" value="<?=$email?>"></td>
</tr>
<tr>
<td width="100">Rank</td>
<td><input name="rankid" type="text" value="<?=$rank?>"></td>
</tr>
<tr>
<td width="100">Birth</td>
<td><input name="birthid" type="text" value="<?=$birth?>"></td>
</tr>
<tr>
<td width="100">Joined</td>
<td><input name="joinedid" type="text" value="<?=$joined?>"></td>
</tr>
<tr>
<td width="100">Steamid</td>
<td><input name="steamidid" type="text" value="<?=$steamid?>"></td>
</tr>
<?php } ?>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
<?php
if(isset($_POST['update']))
{
$name = $row['nameid'];
$email = $row['emailid'];
$rank = $row['rankid'];
$birth = $row['birthid'];
$joined = $row['joinedid'];
$steamid = $row['steamidid'];
$update = mysqli_query($con,"UPDATE cats SET email = '$email', rank = '$rank', birth = '$birth', joined = '$joined', steamid = '$steamid' WHERE name = '$name';");
$retval = mysqli_query($con,"UPDATE cats SET email = '$email', rank = '$rank', birth = '$birth', joined = '$joined', steamid = '$steamid' WHERE name = '$name';");
if (!$update) {
echo "Could not update data: " . mysqli_error($con);
}
echo "Updated data successfully\n";
}
mysqli_close($con);
?>
</body>
</html>
It shows the table and information but the updating isn't working.
Updated data successfully
I've checked the database but it's not updating anything.
Dear i think you change the record based on Name because you can use $name in where clause and you can also change the Name than never true where clause so that your query execute successfully but not effected on any of the row.
you want to get for editable record and that's unique id base update row it will defiantly work.
Try to use PHP PDO database access functions, your code as it stands is vulnerable to SQL-Injection! PDO will also make debugging and working with the database much easier.
I think your check for "update" in $_POST is not working because update is not a field inside your form but the submit button itself, try to check for one of the fields instead.
Informations:
With mysqli_error() you need to write about which connection you want to get errors, like this:
mysqli_error($con);
With mysqli_query() you need to give two parameters, connection and query like this:
$update = mysqli_query($con,"UPDATE cats SET email = '$email', rank = '$rank', birth = '$birth', joined = '$joined', steamid = '$steamid' WHERE name = '$name';");
How to debug:
If you want to check that UPDATE query return any error you can do something like this:
if (!$update) {
echo "Could not update data: " . mysqli_error($con);
}
You can try to debug your query with something like this:
$sql = "UPDATE cats SET email = '$email', rank = '$rank', birth = '$birth', joined = '$joined', steamid = '$steamid' WHERE name = '$name';";
echo $sql; // this output write in your phpMyadmin to check if there are any errors.
$update = mysqli_query($con, $sql);
Other problem we got:
1. I think also you should have else in your code, f.ex.:
if (!$update) {
echo "Could not update data: " . mysqli_error($con);
} else {
echo "Updated data successfully\n";
}
2. You are not getting data from $_POST it should be like:
$name = $_POST['nameid']; // not $row['nameid']
$email = $_POST['emailid'];
$rank = $_POST['rankid'];
$birth = $_POST['birthid'];
$joined = $_POST['joinedid'];
$steamid = $_POST['steamidid'];
More about used functions:
PHP: mysqli::$error
PHP: mysqli::query
In your case it is Procedural style
thanks for taking a look at this. I have been stuck at this problem for awhile basically i am doing a recruitment agency website for my school project. I am doing the function where i can view all the candidate who applied for any job and i can choose from the dropdown box whether to "approval", "denied", or remain as "pending" which it should update the table in the database to the option i chose and it will reflect at the candidate's page. However with the codes i am using right now, it is able to display all the information i need from the different table on the page but when i try to submit the details, it only works for the last guy that applied and not the rest.
This is the form :
<form method="post" action="doEditStatus.php">
<div align ="center">
<table border='1' width ="500">
<tr>
<td> <b> ID </b></td>
<td> <b> Candidate name </b></td>
<td> <b> Job ID </b></td>
<td> <b> Job title </b></td>
<td> <b> Company </b></td>
<td> <b> Shortlist status </b></td>
</tr>
while ($row = mysqli_fetch_array($result)) {
$jobid = $row['Job_id'];
$canid = $row['Candidate_id'];
?>
<tr>
<td><?php echo $canid; ?></td>
<input type="hidden" name="can_id" value=<?php echo $canid ?>>
<input type="hidden" name="job_id" value=<?php echo $jobid ?>>
<?php
$query2 = "SELECT * FROM candidate WHERE Candidate_id =$canid";
$result2 = mysqli_query($link, $query2) or die(mysqli_error($link));
while ($row2 = mysqli_fetch_array($result2)) {
$canname = $row2['First_name']." ".$row2['Last_name'];
?>
<td><?php echo $canname; ?></td>
<?php
}
$query3 = "SELECT * FROM jobs WHERE Job_id =$jobid";
$result3 = mysqli_query($link, $query3) or die(mysqli_error($link));
while ($row3 = mysqli_fetch_array($result3)) {
$jobname = $row3['Job_title'];
$comid = $row3['Company_id'];
?>
<td><?php echo $jobid; ?></td>
<td><?php echo $jobname; ?></td>
<?php
}
$query4 = "SELECT * FROM company WHERE Company_id =$comid";
$result4 = mysqli_query($link, $query4) or die(mysqli_error($link));
while ($row4 = mysqli_fetch_array($result4)) {
$comname = $row4['Company_name'];
?>
<td><?php echo $comname; ?></td>
<?php
}
?>
<td>
<select id="id_status" name="shortlist_status">
<option value="0">Pending...</option>
<option value="1">Shortlist</option>
<option value="2">Denied</option>
</select>
</td>
</tr>
<?php
}
?>
</table>
</div>
<input type="submit" value="Submit"/>
</form>
This is the dosubmit page:
<?php
include "dbFunctions.php";
session_start();
$candidate_id = $_POST['can_id'];
$job_id = $_POST['job_id'];
$status = $_POST['shortlist_status'];
$insertQuery = "UPDATE application SET Shortlist_status = '$status' WHERE Candidate_id = $candidate_id AND Job_id = $job_id";
$inserted = mysqli_query($link, $insertQuery) or die(mysqli_error($link));
if($inserted)
{
$message = 'Profile edited successfully <br>Home';;
echo $candidate_id;
echo $status;
}
else
{
$message = "Profile edited failed";
}
echo $message;
?>
Give all your inputs names that end with []. PHP will then create an array for each of them in $_POST. E.g.
<input type="hidden" name="can_id[]" value=<?php echo $canid ?>>
<input type="hidden" name="job_id[]" value=<?php echo $jobid ?>>
Then your PHP can do:
$insertQuery = "UPDATE application SET Shortlist_status = ? WHERE Candidate_id = ? AND Job_id = ?";
$insertStmt = mysqli_prepare($link, $insertQuery);
mysqli_stmt_bind_param($insertStmt, "iii", $status, $candidate_id, $job_id);
foreach ($_POST['can_id'] as $i => $candidate_id) {
$job_id = $_POST['job_id'][$i];
$status = $_POST['shortlist_status'][$i];
$inserted = mysqli_execute($insertStmt) or die(mysqli_error($insertStmt));
if ($inserted) {
...
} else {
...
}
}
I've managed to reflect the user who logged in into a form. However now when a new user logs in, the previous user personal particulars eg name is still reflecting on the form. This is what i have so far. What am i missing out?
$result2 = mysqli_query($con, "SELECT admin_no FROM student_details;");
$row2 = mysqli_fetch_assoc($result2);
?>
<p>
<table border="1">
<tr>
<td width="410" align="center">Student Personal Data</td>
</tr>
<tr>
</td>
</tr>
<tr>
<td>Admission Number</td>
<td><input name= "name" type="text" disabled="disabled" value="<?php echo $row2['admin_no'] ?>"
size="40" readonly>
</td>
</tr>
This is how i my logout page looks like :
<?php
session_start();
session_unset();
session_destroy();
header('Location:login.php');
?>
My login page :
<?
$adminName = $_POST['txtName'];
$adminPassword = $_POST['txtPassword'];
$conn = dbConnect();
if (!$conn)
die("Couldn't connect to MySQL");
$query = "select * from ohrm_user where user_name='$adminName' and user_password= '$adminPassword'";
$result = mysql_query($query, $conn);
$row = mysql_fetch_array($result);
if(mysql_num_rows($result) > 0 && $row['user_role_id'] == 1)
{
echo $_SESSION['user_name'] = $adminName;
echo $_SESSION['user_password'] = $adminPassword;
}
dbDisconnect($conn);
Insert session_start()
in first line of login and other control panel pages
look at this link
http://www.w3schools.com/php/php_sessions.asp
I want to get get id at the url. It displays the name of id variable instead of displaying the id. I also want eventid, event, venue and username to be inserted into the database, but event and username shows blank but the id increases. Whats the problem ?
<?php
require 'database.php';
$qry = "SELECT b.event_id, b.event, b.venue, u.username, s.name, s.gender, s.email, s.phone FROM bulletin b JOIN unite u JOIN student s WHERE b.event_id = u.event_id AND u.username = s.username ORDER BY event_id";
$result = mysql_query($qry) OR die (mysql_error());
while ($row = mysql_fetch_row($result)){
$eventid = $row[0];
$event = $row[1];
$venue = $row[2];
$username = $row[3];
$name = $row[4];
$gender = $row[5];
$email = $row[6];
$phone = $row[7];
?>
<tr>
<td><center><?php echo $row[0]; ?></center></td>
<td><center><?php echo $row[1]; ?></center></td>
<td><center><?php echo $row[2]; ?></center></td>
<td><center><?php echo $row[3]; ?></center></td>
<td><center><?php echo $row[4]; ?></center></td>
<td><center><?php echo $row[5]; ?></center></td>
<td><center><?php echo $row[6]; ?></center></td>
<td><center><?php echo $row[7]; ?></center></td>
<td><center>
<br><form method="post" action="attend.php?eventid=<?php echo $row['event_id']; ?>" name="event_form1" target="_top">
<input type="submit" name="submit" value=" Attend "></form></br>
<br><form method="post" action="not_attend.php" name="event_form1" target="_top">
<input type="submit" name="submit" value=" Not Attend "></form></center></br>
</td>
</tr>
<?php
} ?>
attend.php
<?php
session_start();
require 'database.php';
$events= $_GET['eventid'];
$qry = "INSERT INTO attend (event_id, name_event, username) VALUES ('$events', '$event', '$username')";
$result = mysql_query($qry) or die (mysql_error());
if ($result){
//echo $result;
header("location:activity_a.php?success=&eventid=$events");
exit();
}else {
die ("Query failed");
}
?>
you're not passing any of the variables through the form, right now, you're just setting the submit button. if you plan on using an attend/not attend system then you'll need to re-do the sql to pull the information again for the variables. OR, you'll need to set hidden inputs for each form
change your attend.php to this:
<?php
session_start();
require 'database.php';
$events= $_GET['eventid'];
$qry = "SELECT b.event, u.username FROM bulletin b JOIN unite u JOIN student s WHERE b.event_id = u.event_id AND u.username = s.username ORDER BY event_id";
$result = mysql_query($qry) OR die (mysql_error());
$row = mysql_fetch_array($result)
$event = $row[0];
$username = $row[1];
$nqry = "INSERT INTO attend (event_id, name_event, username) VALUES ('$events', '$event', '$username')";
$nresult = mysql_query($nqry) or die (mysql_error());
if ($nresult){
//echo $nresult;
header("location:activity_a.php?success=&eventid=$events");
exit();
} else {
die ("Query failed");
}
?>
change this accordingly to match with your db.
EDIT:
I accidentally set the same variable and it got overwritten.
Im loading content for my website from database. It loads data and fills a table.
My problem is that i have put a button next to each row. When i click on the button it has to show me the Name, Price ,Stock etc of every row.
When i click on the button i get an error.
Here you can find the code i have written in de document User_Koeken.php
<?php
if (isset($_POST[$ID]))
{
$URL = $_POST['S_URL'];
$Naam = $_POST['S_Naam'];
$Inhoud = $_POST['S_Inhoud'];
$Stock = $_POST['S_Stock'];
$Prijs = $_POST['S_Prijs'];
echo $URL."".$Naam."".$Inhoud."".$Stock."".$Prijs;
}
else
{$supermarket = mysql_connect("localhost", "root", "Password") or die(mysql_error());
mysql_select_db("supermarket", $supermarket);
$sql = " select * from koeken";
$result = mysql_query($sql, $supermarket);
while ($row = mysql_fetch_array($result)) {
$ID = $row['ID'];
$URL = $row['URL'];
$Naam = $row['Naam'];
$Inhoud = $row['Inhoud'];
$Stock = $row['Stock'];
$Prijs = $row['Prijs'];
$_SESSION['ID']=$ID;
echo "<form action='User_Koeken.php' method='post'>
<tr class='rien' >
<td name='S_URL'><a href=$URL><img src=$URL alt='product'></a></td>
<td name='S_Naam'>$Naam</td>
<td Name='S_Inhoud'>$Inhoud</td>
<td name='S_Stock'>$Stock</td>
<td name='S_Prijs'>€ $Prijs</td>
<td><input type='submit' value=$ID name='$ID'></td>
</tr>
</form> ";
}; }?>
Here you can find a picture of my code in color
http://postimg.org/image/n6wrb0d13/
http://postimg.org/image/n6wrb0d13/
$ID must be initialized before the line
if (isset($_POST[$ID]))
Otherwise, this will always return false, or an error.
Instead, use an array in your HTML names to catch the row being posted:
<tr class='rien' >
<td name='myform[S_URL]'><a href='$URL'><img src='$URL' alt='product'></a></td>
<td name='myform[S_Naam]'>$Naam</td>
<td Name='myform[S_Inhoud]'>$Inhoud</td>
<td name='myform[S_Stock]'>$Stock</td>
<td name='myform[S_Prijs]'>€ $Prijs</td>
<td><input type='submit' value='$ID' name='myform[id]'></td>
</tr>
and the PHP:
if (isset($_POST['myform']) ) {
$post = $_POST['myform'];
$ID = $post['id'];
$URL = $post['S_URL'];
....
}