I'm writing an php script to approve users that registered on my page, but i'm facing a little problem when i want to approve them. Here's as far as i could get.
Table:
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("activation") or die(mysql_error());
//User Approval Script
$result2 = mysql_query("SELECT * FROM userinfo WHERE status='0'")
or die(mysql_error());
echo "<table border='1'>";
echo "<tr> <th>Name</th> <th>Action</th> <th>Hours</th> <th>Approve</th> </tr>";
while($row = mysql_fetch_array( $result2 )) {
// Print out the contents of each row into a table
echo "<tr><td>";
echo $row['first_name'];
echo "</td><td>";
echo $row['last_name'];
echo "</td>";
echo "<td>";
echo $row['email'];
echo "</td><td>";
echo "<form action=\"approve.php\" method=\"post\"><input name=\"approve[]\" type=\"checkbox\">";
echo "</td></tr>";
}
echo "</table>";
echo "<input type=\"submit\" value=\"Approve\"></form>";
?>
approve.php
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("activation") or die(mysql_error());
$ticked = $_POST['approve'];
foreach($ticked as $id) {
mysql_query("UPDATE status SET approved = '1' WHERE `ID` = '$id'");
}
unset($id);
?>
I would also like to know how i can send email to each user that is approved...
Thanks in advance everyone!
Edit:
The page on approve.php is all blank, and status isn't getting updated.
Can you try this, Moved <form> tag from near checkbox into top and added checkbox value with $row["id"]
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("activation") or die(mysql_error());
//User Approval Script
$result2 = mysql_query("SELECT * FROM userinfo WHERE status='0'")
or die(mysql_error());
echo "<form action=\"approve.php\" method=\"post\"><table border='1'>";
echo "<tr> <th>Name</th> <th>Action</th> <th>Hours</th> <th>Approve</th> </tr>";
while($row = mysql_fetch_array( $result2 )) {
// Print out the contents of each row into a table
echo "<tr><td>";
echo $row['first_name'];
echo "</td><td>";
echo $row['last_name'];
echo "</td>";
echo "<td>";
echo $row['email'];
echo "</td><td>";
echo "<input name=\"approve[]\" type=\"checkbox\" value='".$row["id"]."' >";
echo "</td></tr>";
}
echo "</table>";
echo "<input type=\"submit\" value=\"Approve\"></form>";
?>
In approve.php,
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("activation") or die(mysql_error());
$ticked = $_POST['approve'];
foreach($ticked as $id) {
mysql_query("UPDATE status SET approved = '1' WHERE `ID` = '$id'");
$message ='Approved message';
mail('to email address', 'Your Subject', $message);
}
?>
Note: Use mysqli_* functions or PDO instaed of using mysql_* functions (deprecated)
You tried to open form in loop while and missed attribute value in checkbox.
Change
echo "<form action=\"approve.php\" method=\"post\"><input name=\"approve[]\" type=\"checkbox\">";
To
echo '<input name="approve" type="checkbox" value='.$row["id"].'>';
Then put echo "<form action ='approve.php' method='post'>"; above while($row = mysql_fetch_array( $result2 )) {
You should have one large form, with many checkboxes (I imagine that's what your second page is based upon), but checkboxes are <input>s, not <form>s. Your final HTML should look something like:
<form>
<table>
...
<td><input type="checkbox" name="approve[]" value="USERIDTHATYOUWANTTOAPPROVE"></td>
...
<td><input type="checkbox" name="approve[]" value="OTHERUSERIDTHATYOUWANTTOAPPROVE"></td>
...
</table>
</form>
Also!
Your code is very susceptible to SQL Injection. See How can I prevent SQL injection in PHP? and Why shouldn't I use mysql_* functions in PHP?.
You should use prepared statements to offload work in your code (you only send the query once, and change the parameters each time).
Related
My website must consist of a page with table where admin must upload some file. Later that file is saved by php as a blob in mysql, however, $_FILES cannot find and index of my file input. Please help finding a mistake.
<tr>
<th>ID</th>
<th>Genre</th>
<th>Extension</th>
<th>Description</th>
<th>Demo-art</th>
<th>Price</th>
<th>Upload</th>
<th>Delete</th>
</tr>";
$array=array();
for($m=0; $row=mysqli_fetch_array($full); $m++)
{
$array[$m]=$row['ArtID'];
echo "<form method='POST' action='checker.php'>";
echo "<tr>";
echo "<td><input class='asd' value='$array[$m]' readonly name='name'></td>";
echo "<td>".$row['Genre']."</td>";
echo "<td>".$row['Extension']."</td>";
echo "<td>".$row['Description']."</td>";
echo "<td><input type='file' name='arts'></td>";
echo "<td><input class='priceinput' name='price' placeholder='Price'></td>";
echo "<td><input type='submit' name='Upload' value='Upload'></td>";
echo "<td><input type='submit' name='Delete' value='Delete'></td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
;}
PHP code
session_start();
$conn= new mysqli("127.0.0.1", "root", "","projectwork") or die ("Can't connect to db");
if($_POST["Upload"]) {
$price=$_POST["price"];
$id=$_POST["name"];
if ($price!=NULL) {
if (is_uploaded_file($_FILES['arts']['tmp_name'])) {
$imgData = addslashes(file_get_contents($_FILES['arts']['tmp_name']));
$imageProperties = getimageSize($_FILES['arts']['tmp_name']);
$sql = "Update arts SET imageData='".$imgData."', imageType='".$imageProperties['mime']."' WHERE ArtID=".$id."";
$current_id = mysqli_query($conn, $sql) or die("<b>Error:</b> Problem on Image Insert<br/>" . mysqli_error($conn));
}
$insert="UPDATE arts SET Price='".$price."', Is_Done='1' WHERE ArtID=".$id."";
$finalquery=$conn->query($insert);
echo $price." ".$id;
}
Apart from security flaws in your code you are missing enctype='multipart/form-data' inside the form element.
Try:
echo "<form method='POST' action='checker.php' enctype='multipart/form-data'>";
It will tell the browser you're sending a file.
table.php
<?php
include('../connections/conn.php');
include('../php/login.php');
$sql = "SELECT * FROM person";
$records = mysqli_query($conn, $sql)
?>
<html>
<head>
<title>Table</title>
</head>
<body>
<table>
<tr>
<th>Name</th>
<th>Age</th>
<th>Salary</th>
</tr>
<?php
while($row = mysqli_fetch_array($records)){
$name = $row['Name'];
$age = $row['Age'];
$salary = $row['Salary'];
$id = $row['id'];
echo "<tr><form action=update.php method=post>";
echo "<td><input type=text name=pname value='$name'></td>";
echo "<td><input type=text name=age value='$age'></td>";
echo "<td><input type=text name=salary value='$salary'></td>";
echo "<input type=hidden name=id value='$id'></td>";
echo "<td><input type=submit>";
echo "</form></tr>";
}
?>
</table>
</body>
</html>
(this part of the code displays the table and its values)
Update.php
<?php
include('../connections/conn.php');
include('../php/login.php');
$sql = "UPDATE person SET
Name='$_POST[pname]',Age='$_POST[age]',Salary='$_POST[salary]' WHERE
id='$_POST[id]'";
if(mysqli_query($conn, $sql)){
header("refresh:1 url=table.php");
}
else{
echo"Not Update";
}
$records = mysqli_query($conn, $sql)
?>
(this part is for updating the table)
I have got the code to update the contents of a table using buttons however I would like to just have one button that will update the whole table. At the moment I use a button per row to update that particular row.
Just use this
$sql = "UPDATE person SET
Name='$_POST[pname]',Age='$_POST[age]',Salary='$_POST[salary]' WHERE
id in('$_POST[id]')";
There is registration form in which country field is there.if user's country is not in drop down list. user can select other at that time display one textbox and user enter their country in textbox.after submit country by user .how to approve the requested country and publish in country drop down list in php.
config.php
<?php
$con=mysql_connect("localhost","root","");
if(!$con)
{
die("Could not connect".mysql_error());
}
mysql_select_db("RateMyProfessor",$con);
?>
Demo.php
<?php
include ("config.php");
$query = "select * from user_details where is_approved='0'";
$result=mysql_query($query);
$i = 1; //counter for the checkboxes so that each has a unique name
echo "<form action='process.php' method='post'>"; //form started here
echo "<table border='1'>
<tr>
<th>UserId</th>
<th>Email</th>
<th>Country </th>
<th>Update</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['UserId'] . "</td>";
echo "<td>" . $row['Email'] . "</td>";
echo "<td>" . $row['Country'] . "</td>";
echo "<td><input type='checkbox' name='check[$i]' value='".$row['UserId']."'/>";
echo "</tr>";
$i++;
}
echo "</table>";
echo "<input type='submit' name='approve' value='approve'/>";
echo "</form>";
mysql_close($con);
?>
process.php
<?php
include_once("config.php");
if(isset($_POST['approve']))
{
if(isset($_POST['check']))
{
foreach ($_POST['check'] as $value){
echo $value;
$sql = "update user_details set is_approved ='1' where UserId = '$value'";
mysql_query($sql) or die (mysql_error());
}
}
}
?>
when admin is approve country from admin side country is copy on country table.
You can insert a new record in country table at the time of approval
for e.g.
<?php
include_once("config.php");
if(isset($_POST['approve']))
{
if(isset($_POST['check']))
{
foreach ($_POST['check'] as $value){
echo $value;
$sql = "update user_details set is_approved ='1' where UserId = '$value'";
mysql_query($sql) or die (mysql_error());
$sql = "select other_country from user_details where UserId = '$value'";
$result = mysql_query($sql) or die (mysql_error());
if($Other_country_name = mysql_fetch_assoc($result))
{
$Other_country_name = $Other_country_name['other_country'];
}
$sql = "insert into country_table set name = '$Other_country_name'";
mysql_query($sql) or die (mysql_error());
}
}
}
?>
I have not implemented conditions. please do it by yourself
Question: What to do to fix my problem on handling the session because it is returning an incorrect value.
Situation: I'm having problem on this session variable from the table. I added data from database to a table using while loop. Here is my code:
<form action="edit2.php" method="get">
<?php
$link = mysql_connect("localhost", "root", "root");
mysql_select_db("ispot", $link);
$result4 = mysql_query("SELECT * FROM user_ispot", $link);
$num_rows = mysql_num_rows($result4);
$result = mysqli_query($con,"SELECT * FROM complaints");
echo "<table border='1'>
<tr>
<th>Id Number</th>
<th>Category</th>
<th>Problem</th>
<th>Date Reported</th>
<th>Complaint ID </th>
<th>Action</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td name=id_num>" . $row['id_number'] . "</td>";
$_SESSION['favcolor'] = "$row[id_number]";
echo "<td name=remarks>" . $row['remarks'] . "</td>";
echo "<td name=status>" . $row['status'] . "</td>";
echo "<td name=date>" . $row['date_reported'] . "</td>";
echo "<td>" . "<INPUT TYPE = text Name = cid VALUE = " . $row['complaint_id'] . ">" . "</td>";
echo "<td>" . "<INPUT TYPE = Submit Name = Submit1 VALUE =Edit>" . "</td>";
echo "</tr>";
}
echo "</table>" ;?>
And it looks like this:
As you can see, there is the edit button, where I can edit a specific row in the table.
When I press the edit button, this will show:
Notice that the User ID is wrong, what can I do to fix it? because the user id that is being post here was the last user_id that was inserted in the table.
And here is my code for the second image:
<b>Date:</b> <input type='text' name='today' placeholder='<?php echo $today ?>' disabled='disabled'> <br><br>
<b>User ID:</b> <input type='text' disabled='disables' name='userid' placeholder='<?php
//$comid = $_GET["cid"];
//echo $userid;
echo $_SESSION['userid'];
//$result = mysqli_query($con,"SELECT * FROM complaints WHERE id = XXX");
//$row = mysqli_fetch_assoc($result);
//print_r($row);
//$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
//$result2 = mysql_query("SELECT * FROM complaints", $link);
//while($row = mysql_fetch_assoc($result2))
//{
//echo $row['id_number'];
//}
?>'></br><br>
Any help would be appreciated. Thank you.
i replaced the button with a link, used it to pass the value when edit is clicked, catch the value with a get and it works for me.
in edit.php
echo "<td> <a href = 'edit2.php?id=$num_id'>Edit</a></td>";
in edit2.php
$id = $_GET['id'];
<b>User ID:</b> <input type='text' disabled='disables' name='userid' value = '<?php echo $id;?>'></input type>
$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
$result2 = mysql_query("SELECT * FROM complaints", $link);
You must use just one of them this rows. I think problem is the second row. This query not choose the "id" that is "comid".
Your first query row is enough:
$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
Hi and thanks for looking at this with me. I am COMPLETELY new to using PHP to run MySQL select statements. That being said, I have managed to run a SELECT statement to populate a drop down list...and another SELECT statement to populate an HTML table. (this is for a roleplaying game)
But this is where3 I get stuck...
I would like for the dropdown selected value to be the "WHERE racename = " value in the second select statement that populates the table so that only one row is returned instead of all the data.
Here's the page: http://www.gamehermit.com/racechoice.php
Here's my code so far:
<?php
// Make a MySQL Connection
mysql_connect("localhost", "db_username", "password") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
$query="SELECT * FROM Races";
$result = mysql_query($query);
echo "<select name=racename>";
while($nt=mysql_fetch_array($result))
{
if ($nt[racename]==$_POST["racename"])
$selected="selected";
else
$selected="";
echo "<option ".$selected."value=$nt[racename]>$nt[racename]</option>";
}
echo "</select>";
echo "<br />";
// Get all the data from the "Race" table and create table
$result2 = mysql_query("SELECT * FROM Races")
or die(mysql_error());
echo "<table border='1'>";
echo "<tr> <th>Race Name</th> <th>Might Modifier</th> <th>Valor Modifier</th> <th>Deftness
Modifier</th> <th>Insight Modifier</th> <th>Dweomer Modifier</th> </tr>";
// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result2 )) {
// Print out the contents of each row into a table
echo "<tr><td>";
echo $row['racename'];
echo "</td><td>";
echo $row['modmight'];
echo "</td><td>";
echo $row['modvalor'];
echo "</td><td>";
echo $row['moddeftness'];
echo "</td><td>";
echo $row['modinsight'];
echo "</td><td>";
echo $row['moddweomer'];
echo "</td></tr>";
}
echo "</table>";
?>
I hope this is simple...thanks so much :)
~ Jack
The best way to do so is to use AJAX so you don't need to pass variables and load a new page.
But here's how you can do it with the old-fashioned way:
assume you will be having only one page and you will pass the selected value to the same page (a page reload is required)
so let's say your page is game.php
you need to include in this page a "jump menu" with a submit button to be pressed after the user selects something from the list
in the header of your page you need to check if the button was pressed using the
if(isset($_POST['button_name'])) {
// button pressed.. perform next step and select your new data to fill the table
} else {
// nothing pressed and nothing to be performed load the page normally
}
inside the "true" of the "if" you need here to get the passed variable from the list for example
$var = $_POST['list_name'];
so now you have the second variable to select the required data to fill the table.
a complete code should look something similar to the following, game.php:
<?php
if(!isset($_POST['go_button'])){ //option not selected display list to choose from
// Make a MySQL Connection
mysql_connect("localhost", "db_username", "password") or die(mysql_error());
mysql_select_db("db_name") or die(mysql_error());
$query="SELECT * FROM Races";
$result = mysql_query($query);
$num = mysql_numrows($result);
?>
<script type="text/javascript">
function MM_jumpMenuGo(objId,targ,restore){ //v9.0
var selObj = null; with (document) {
if (getElementById) selObj = getElementById(objId);
if (selObj) eval(targ+".location='"+selObj.options[selObj.selectedIndex].value+"'");
if (restore) selObj.selectedIndex=0; }
}
</script>
<form name="form" id="form" action="game.php" method="post">
<select name="jumpMenu" id="jumpMenu">
<?php $i=0; while($i<$num) { ?>
<option value="<?php echo mysql_result($result,$i,'racename_field_value'); ?>"><?php echo mysql_result($result,$i,'racename'); ?></option>
<?php } ?>
</select>
<input type="button" name="go_button" id= "go_button" value="Go" onClick="MM_jumpMenuGo('jumpMenu','parent',0)">
</form>
<?php
echo "<br />";
} else { //option selected to get the variable and use it to select data from DB
$var= $_POST['jumpMenu'];
// Get all the data from the "Race" table and create table
$result2 = mysql_query("SELECT * FROM Races WHERE racename='$var'")
or die(mysql_error());
echo "<table border='1'>";
echo "<tr> <th>Race Name</th> <th>Might Modifier</th> <th>Valor Modifier</th> <th>Deftness
Modifier</th> <th>Insight Modifier</th> <th>Dweomer Modifier</th> </tr>";
// keeps getting the next row until there are no more to get
while($row = mysql_fetch_array( $result2 )) {
// Print out the contents of each row into a table
echo "<tr><td>";
echo $row['racename'];
echo "</td><td>";
echo $row['modmight'];
echo "</td><td>";
echo $row['modvalor'];
echo "</td><td>";
echo $row['moddeftness'];
echo "</td><td>";
echo $row['modinsight'];
echo "</td><td>";
echo $row['moddweomer'];
echo "</td></tr>";
}
echo "</table>";
}
?>
I modified your code and added something to get you start with, excuse me if there was any error when trying to load the page i wrote it without trying it
good luck!