I've been doing some work on my website control panel for a game I'm working on. But I can't seem to get the "Ban!" button to be "Unban!" if the result $row['banned'] is FALSE. I get it to output TRUE : FALSE depending on what it says in the table.
Any help getting this fixed would be greatly appreciated. I have struggled with this for a few days now and I felt like giving up once or twice but this has to be completed to help the admins on my game have it easier to check banned accounts and control the options.
p.s "connect.php" only has a few variables that are used and the mysql connect string.
<?php
require('connect.php');
if(isset($_POST['ban'])){
$id = $_POST['ban_rec_id'];
$query = "UPDATE accounts SET banned=1 WHERE id=$id";
$result = mysql_query($query);
}else if(isset($_POST['unban'])){
$id = $_POST['unban_rec_id'];
$query = "UPDATE accounts SET banned=0 WHERE id=$id";
$result = mysql_query($query);
}
$query = "SELECT id, uuid, name, REPLACE(REPLACE(banned,'0','FALSE'),'1','TRUE') AS banned FROM accounts ORDER BY id ASC";
$result = mysql_query($query);
echo "<center>
<table>
<tr>
<th>Acccount Id</th>
<th>Username</th>
<th>In-Game Name</th>
<th>Banned</th>";
if($ban === true){
echo "<th>Ban</th>";
}
echo "</tr>";
while ($row = mysql_fetch_array($result)) {
$id = $row['id'];
$username = $row['uuid'];
$gamename = $row['name'];
$banned = $row['banned'];
echo "<tr>";
echo "<td>" . $id . "</td>";
echo "<td>" . $username . "</td>";
echo "<td>" . $gamename . "</td>";
echo "<td>" . $banned . "</td>";
if($ban === true){
if($row['banned'] == FALSE){
echo "<td>"?>
<form id="ban" method="post" action="">
<input type="hidden" name="ban_rec_id" value="<?php print $id; ?>"/>
<input class="button-small" type="submit" name="ban" value="Ban!"/>
</form>
<?php "</td>";
} else {
echo "<td>"?>
<form id="unban" method="post" action="">
<input type="hidden" name="unban_rec_id" value="<?php print $id; ?>"/>
<input class="button-small" type="submit" name="unban" value="Unban!"/>
</form>
<?php "</td>";
}
}
echo "</tr>";
}
echo "</table></center>";
mysql_close($link);
?>
Try use string for FALSE instead since looks like you might have assigned it with String rather than Boolean value in your error-prone REPLACE(REPLACE(banned,'0','FALSE'),'1','TRUE'):
if($row['banned'] == 'FALSE')
So what actually is the problem with that? The code seems to be fine, in case the value in 'banned' column is false or true.
But you should check the right value type in your columns. If it is string (varchar, text etc) that is saying 'FALSE' or 'TRUE' you should use
'FALSE' instead of FALSE
Related
I have created a PHP form which adds to a database that I have created in PHP, however, I am trying to add a function which will stop the user from adding the same fruit into the database how would I try to do this as I have been trying to do it for a while thanks.
As you can see below the PHP script works fine by adding the variable's to the database however when it comes to implementing a check to make sure the fruit name does not match one from the database already I am struggling.
<?php
//SQLite Database test query
$db=sqlite_open("fruitshop.db");
if(isset( $_POST['fruit']) && strcmp($_POST['fruit'],"") != 0 ){ //Adds to Database
$item = sqlite_escape_string($_POST["fruit"]);
$number=$_POST['number'];
sqlite_query($db,"INSERT INTO fruit (fruit) VALUES ('$item')");
sqlite_query($db,"INSERT INTO stock (Number) VALUES ($number)");
$query = "SELECT * from stock, fruit WHERE stock.Item = fruit.id AND fruit.fruit = '$item', 'fruit' = '{$item}'";
$result=sqlite_query($db, $query);
echo "<table border=1>";
echo "<tr><th>Fruit</th><th>Qty</th>";
echo "<h2>". "Newly added Fruit"."</h2>";
while($row=sqlite_fetch_array($result,SQLITE_ASSOC ))
{
echo "<tr>";
echo "<td>" . $row['fruit.fruit'] . "</td><td>" . $row['stock.Number'] . "</td>";
echo "</tr>";
}
echo "</table>";
echo "<h2>". "Show All Fruits"."</h2>";
echo "<table border=1>\n";
//NOte the use of SQLITE_ASSOC
echo "</br>\n";
$result=sqlite_query($db,"SELECT * from stock, fruit WHERE stock.Item = fruit.ID"); //Shows Databse
echo "<th>Fruit</th><th>Qty</th>\n";
while($row=sqlite_fetch_array($result,SQLITE_ASSOC))
{
echo "<tr>\n";
echo "<td>" . $row['fruit.fruit'] . "</td>\n";
echo "<td>" . $row['stock.Number'] . "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
}
sqlite_close($db);
?>
<html>
<h2> Add Fruits to Database </h2>
<form name="CheckFruit" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Fruit
<input type="text" name="fruit" />
<br>
Stock
<input type="number" name="number" />
<br>
<input type="submit" value="Submit" />
</form>
</html>
You can use my updated code. Didn't get to try the code though but it should work. Also note how I used empty instead of strcmp. That's a more elegant PHP code.
<?php
//SQLite Database test query
$db=sqlite_open("fruitshop.db");
if(isset( $_POST['fruit']) && !empty($_POST['fruit']) ){ //Adds to Database
$item = sqlite_escape_string($_POST["fruit"]);
$number = $_POST['number'];
$test = sqlite_query($db, "SELECT * FROM fruit WHERE (fruit = '$item')");
if(sqlite_num_rows($test) == 0){
sqlite_query($db,"INSERT INTO fruit (fruit) VALUES ('$item')");
sqlite_query($db,"INSERT INTO stock (Number) VALUES ($number)");
} else {
// Just in case you want this too.
// echo "This database already contains a fruit called {$_POST['fruit]'}";
}
$query = "SELECT * from stock, fruit WHERE stock.Item = fruit.id AND fruit.fruit = '$item', 'fruit' = '{$item}'";
$result=sqlite_query($db, $query);
echo "<table border=1>";
echo "<tr><th>Fruit</th><th>Qty</th>";
echo "<h2>". "Newly added Fruit"."</h2>";
while($row=sqlite_fetch_array($result,SQLITE_ASSOC ))
{
echo "<tr>";
echo "<td>" . $row['fruit.fruit'] . "</td><td>" . $row['stock.Number'] . "</td>";
echo "</tr>";
}
echo "</table>";
echo "<h2>". "Show All Fruits"."</h2>";
echo "<table border=1>\n";
//NOte the use of SQLITE_ASSOC
echo "</br>\n";
$result=sqlite_query($db,"SELECT * from stock, fruit WHERE stock.Item = fruit.ID"); //Shows Databse
echo "<th>Fruit</th><th>Qty</th>\n";
while($row=sqlite_fetch_array($result,SQLITE_ASSOC))
{
echo "<tr>\n";
echo "<td>" . $row['fruit.fruit'] . "</td>\n";
echo "<td>" . $row['stock.Number'] . "</td>\n";
echo "</tr>\n";
}
echo "</table>\n";
}
sqlite_close($db);
?>
<html>
<h2> Add Fruits to Database </h2>
<form name="CheckFruit" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="post">
Fruit
<input type="text" name="fruit" />
<br>
Stock
<input type="number" name="number" />
<br>
<input type="submit" value="Submit" />
</form>
</html>
You could declare the fruit column as UNIQUE in your column schema, so the database will reject a duplicate value without further controls on your side.
If instead you want to check if the value is already present in your PHP code, you can do a query for that value and check if rows are returned. If rows are returned, a value is already present and you can handle that situation before doing your inserts
$query = "SELECT * from fruit WHERE fruit.fruit = '$item', 'fruit' = '{$item}'";
$result=sqlite_query($db, $query);
if (sqlite_num_rows($result) === 0) {
sqlite_query($db,"INSERT INTO fruit (fruit) VALUES ('$item')");
sqlite_query($db,"INSERT INTO stock (Number) VALUES ($number)");
} else {
// Value is already present
}
Note: I've never used SQLITE, so i hope the syntax is correct
I'm totally stuck with my code.
<?php
$id = $_GET['kid'];
if (isset($_POST['mainit'])) {
if(!empty($_POST['new_kateg'])){
$jaunakategorija = $_POST['new_kateg'];
$kmst = $conn->prepare('UPDATE kategorijas SET kat_vards=:katvards WHERE kat_id=:katid');
$kmst->bindParam(':katvards', $jaunakategorija);
$kmst->bindParam(':katid', $id);
$kmst->execute();
if($kmst->execute()){
header('Location: new_kateg.php');
} else {
$message = '<p class="red">Kļūda </p>';
}
} else {
$message = '<p class="red">Lauks nedrīkst būt tukšs! </p>';
}
}
?>
<form action="kateg_edit.php" method="POST">
<p>Ievadiet jaunās kategorijas nosaukumu</p>
<?php echo $id; ?>
<input type="text" name="new_kateg" placeholder="Ievadiet nosaukumu">
<input type="submit" name="mainit" value="Mainīt!">
</form>
This is my code for updating record from database.
My URL is: localhost/....../kateg_edit.php?kid=2
when i echo $id it says it's 2. Code do its job but record is not changed.
If i hard code $id ='2';
code works and record that's ID is 2 is changed.
Im stuck why it dont change record when i get the same number from URL!
this is previous page where is button labot(edit)
<?php
$query = $conn->prepare("SELECT * FROM kategorijas");
$query->execute();
$result = $query;
echo
"<table class='table-fill'>
<tr>
<th>ID</th>
<th>Kategorijas nosaukums</th>
<th style='text-align:center;'>Darbība</th>"
;
foreach($result as $row)
{
echo "<tr>";
echo "<td>" . $row['kat_id'] . "</td>";
echo "<td>" . $row['kat_vards'] . "</td>";
echo '<td style="text-align:center;">Labot
Dzēst</td>';
}
echo "</tr>";
echo "</table>";
?>
Thanks for help...
instead of
$id = $_GET['kid'];
try this
$id = $_POST['kid'];
instead of
method="POST"
try this
method="GET"
ANYWAY THANKS FOR A HELP EVERYONE!
SOLVED BY MYSELF!
just inserted one more input field with value from GET and then use in query id which is taken from form.
">
Question: What to do to fix my problem on handling the session because it is returning an incorrect value.
Situation: I'm having problem on this session variable from the table. I added data from database to a table using while loop. Here is my code:
<form action="edit2.php" method="get">
<?php
$link = mysql_connect("localhost", "root", "root");
mysql_select_db("ispot", $link);
$result4 = mysql_query("SELECT * FROM user_ispot", $link);
$num_rows = mysql_num_rows($result4);
$result = mysqli_query($con,"SELECT * FROM complaints");
echo "<table border='1'>
<tr>
<th>Id Number</th>
<th>Category</th>
<th>Problem</th>
<th>Date Reported</th>
<th>Complaint ID </th>
<th>Action</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td name=id_num>" . $row['id_number'] . "</td>";
$_SESSION['favcolor'] = "$row[id_number]";
echo "<td name=remarks>" . $row['remarks'] . "</td>";
echo "<td name=status>" . $row['status'] . "</td>";
echo "<td name=date>" . $row['date_reported'] . "</td>";
echo "<td>" . "<INPUT TYPE = text Name = cid VALUE = " . $row['complaint_id'] . ">" . "</td>";
echo "<td>" . "<INPUT TYPE = Submit Name = Submit1 VALUE =Edit>" . "</td>";
echo "</tr>";
}
echo "</table>" ;?>
And it looks like this:
As you can see, there is the edit button, where I can edit a specific row in the table.
When I press the edit button, this will show:
Notice that the User ID is wrong, what can I do to fix it? because the user id that is being post here was the last user_id that was inserted in the table.
And here is my code for the second image:
<b>Date:</b> <input type='text' name='today' placeholder='<?php echo $today ?>' disabled='disabled'> <br><br>
<b>User ID:</b> <input type='text' disabled='disables' name='userid' placeholder='<?php
//$comid = $_GET["cid"];
//echo $userid;
echo $_SESSION['userid'];
//$result = mysqli_query($con,"SELECT * FROM complaints WHERE id = XXX");
//$row = mysqli_fetch_assoc($result);
//print_r($row);
//$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
//$result2 = mysql_query("SELECT * FROM complaints", $link);
//while($row = mysql_fetch_assoc($result2))
//{
//echo $row['id_number'];
//}
?>'></br><br>
Any help would be appreciated. Thank you.
i replaced the button with a link, used it to pass the value when edit is clicked, catch the value with a get and it works for me.
in edit.php
echo "<td> <a href = 'edit2.php?id=$num_id'>Edit</a></td>";
in edit2.php
$id = $_GET['id'];
<b>User ID:</b> <input type='text' disabled='disables' name='userid' value = '<?php echo $id;?>'></input type>
$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
$result2 = mysql_query("SELECT * FROM complaints", $link);
You must use just one of them this rows. I think problem is the second row. This query not choose the "id" that is "comid".
Your first query row is enough:
$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
I am creating an insert process in php but I have a problem in my code. when I refresh my page, it will also submit and insert the data.
here is my code :
<form action="/drupal/node/1" method="post">
Name: <input type="text" name="name" />
Price: <input type="text" name="price" />
Minutes: <input type="text" name="minutes" />
<input type="submit" />
</form>
<?php
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
// some code
mysql_select_db("zain", $con);
if (isset($_POST['name']) && isset($_POST['price']) && isset($_POST['minutes']))
{
$val_name = $_POST['name'];
$val_price = $_POST['price'];
$val_min = $_POST['minutes'];
$max_id_sql = mysql_query("SELECT MAX(id) FROM card_category");
$data = mysql_fetch_array($max_id_sql);
if ($data[0]==0)
{
$val_id = 1;
}
else
{
$val_id = $data[0] + 1;
}
mysql_query("INSERT INTO card_category (id, name, price, minutes) VALUES ($val_id,'$val_name',$val_price,$val_min )");
$_POST['name'] == NULL;
$_POST['price'] == NULL;
$_POST['minutes'] == NULL;
}
$result = mysql_query("SELECT * FROM card_category");
echo "<table border='1'>
<tr>
<th>id</th>
<th>name</th>
<th>price</th>
<th>mins</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['price'] . "</td>";
echo "<td>" . $row['minutes'] . "</td>";
echo "</tr>";
}
echo "</table>";
if (isset($_POST['lastname']))
{
print $_POST['lastname'];
}
mysql_close($con);
?>
my question is, how can I handle when I refresh the page and it will not submit the data?
thanks in advance
When you get the POST submission:
Process the data
Return a Redirect response
Get a GET request from the browser on the URL you redirect to
Respond to that with the HTML
If the browser is refreshed, it will resubmit the GET request which your PHP won't use to modify the database.
This is the POST-REDIRECT-GET pattern. There are some more details in this blog entry (which also has example PHP code in the comments).
How to fix refresh the page do not post the value using php:
if ($_SERVER['HTTP_CACHE_CONTROL']=="")
{
// process the data
}
If you look at $_SERVER['REQUEST_METHOD'] variable, it will say 'POST' when the user submitted data and 'GET' when he did not. So:
if($_SERVER['REQUEST_METHOD']=='POST')
{
// process the data
}
By the way, your code is eminently vulnerable to SQLI attacks ...
I would like to apologize if the duplicate of this question exist. i tried to find and could find anything here that could solve my problem..
I am using a form to get the input and update it in the mysql database, and then retrieve the records in the html form, and have defined the code for deleting the records individually through hyperlinks. however i want to do more, i want to use the checkboxes to delete the multiple records.
my code goes like this.
<?php
//include connection string
include('connection.php');
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post"/>
Username : <input type="text" name="user"/><br />
Password : <input type="password" name="pass"/><br />
<input type="submit" name="submit" value="Send"/>
</form>
<?php
// query to insert into database
if(isset($_POST['user']) && isset($_POST['pass'])) {
$user = empty($_POST['user']) ? die(mysql_error()) : mysql_escape_string($_POST['user']);
$pass = empty($_POST['pass']) ? die(mysql_error()) : sha1(mysql_escape_string($_POST['pass']));
$query = "INSERT INTO users(name, pass) VALUES ('$user', '$pass')";
$result = mysql_query($query) or die(mysql_error());
}
if(isset($_GET['id'])) {
//query to delete the records
$query = "DELETE FROM users WHERE id = " . intval($_GET['id']);
$result = mysql_query($query);
}
//query to retrieve records
$query = "SELECT * FROM users";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0 ) {
echo "<table cellpadding=10 border=1>";
while ($row = mysql_fetch_row($result)) {
echo "<tr>";
echo "<td>" . $row[0] . "</td>";
echo "<td>" . $row[1] . "</td>";
echo "<td>" . $row[2] . "</td>";
echo "<td>delete";
echo "</tr>";
}
echo "</table>";
}
?>
i would like you to know that i am a newbie to programming world and i am not so sure of how exactly html checkbox work and how do i use it to delete the multiple records. i want to know what extra code do i have to write for it, and i would appreciate a lot if someone explains me that extra code in brief..
thank you..
This is probably a good time for another form:
<?php
// query to insert into database ...
// ... etc...
if(isset($_POST["formDeleteSelected"])) {
//query to delete the records
$query = "DELETE FROM users WHERE id IN (" . implode(", ",$_POST["rowid"]) . ")";
$result = mysql_query($query);
header("Location: mycode.php"); // just so 'refresh' doesn't try to run delete again
exit();
}
?>
<form action="<?php $_SERVER['PHP_SELF'] ?>" method="post">
<?php
//query to retrieve records
$query = "SELECT * FROM users";
$result = mysql_query($query);
if(mysql_num_rows($result) > 0 ) {
echo "<table cellpadding=10 border=1>";
while ($row = mysql_fetch_row($result)) {
echo "<tr>";
echo "<td><input type="checkbox" name="rowid[]" value=\"" . $row[0] . "\" /></td>";
echo "<td>" . $row[0] . "</td>";
echo "<td>" . $row[1] . "</td>";
echo "<td>" . $row[2] . "</td>";
echo "</tr>";
}
echo "</table>";
}
?>
<input type="submit" name="formDeleteSelected" text="Delete Selected" />
</form>
Or something like that (I haven't actually tried that code so there may be a typo). Also note that you should make sure to sanitize any form/get inputs for SQL Injection (plenty of information on that in other Stack Overflow questions).
First of all you need a checkbox and the id you want to delete:
<input id="delete" type="checkbox" name="delete" /><label for="delete">Delete user</label>
<input type="hidden" name="user_id" value="12345" />
You can then test if the checkbox has been set and then manually set the GET parameter to reuse your existing code:
if(isset($_POST['delete'])){
$_GET['id'] = $_POST['user_id'];
}
That's not the most elegant solution but a really simple one that should work with your code.
try an SQL query with a list of IDs
... WHERE id=$sentIds[0] OR id=$sentIds[1] OR ...
or use a set operation
... WHERE id IN ($i1,$i2 ... );
You sure have to send ids in the form for this to work, but You know that ;)