PHP Session Getting CorrectValue - php

Question: What to do to fix my problem on handling the session because it is returning an incorrect value.
Situation: I'm having problem on this session variable from the table. I added data from database to a table using while loop. Here is my code:
<form action="edit2.php" method="get">
<?php
$link = mysql_connect("localhost", "root", "root");
mysql_select_db("ispot", $link);
$result4 = mysql_query("SELECT * FROM user_ispot", $link);
$num_rows = mysql_num_rows($result4);
$result = mysqli_query($con,"SELECT * FROM complaints");
echo "<table border='1'>
<tr>
<th>Id Number</th>
<th>Category</th>
<th>Problem</th>
<th>Date Reported</th>
<th>Complaint ID </th>
<th>Action</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td name=id_num>" . $row['id_number'] . "</td>";
$_SESSION['favcolor'] = "$row[id_number]";
echo "<td name=remarks>" . $row['remarks'] . "</td>";
echo "<td name=status>" . $row['status'] . "</td>";
echo "<td name=date>" . $row['date_reported'] . "</td>";
echo "<td>" . "<INPUT TYPE = text Name = cid VALUE = " . $row['complaint_id'] . ">" . "</td>";
echo "<td>" . "<INPUT TYPE = Submit Name = Submit1 VALUE =Edit>" . "</td>";
echo "</tr>";
}
echo "</table>" ;?>
And it looks like this:
As you can see, there is the edit button, where I can edit a specific row in the table.
When I press the edit button, this will show:
Notice that the User ID is wrong, what can I do to fix it? because the user id that is being post here was the last user_id that was inserted in the table.
And here is my code for the second image:
<b>Date:</b> <input type='text' name='today' placeholder='<?php echo $today ?>' disabled='disabled'> <br><br>
<b>User ID:</b> <input type='text' disabled='disables' name='userid' placeholder='<?php
//$comid = $_GET["cid"];
//echo $userid;
echo $_SESSION['userid'];
//$result = mysqli_query($con,"SELECT * FROM complaints WHERE id = XXX");
//$row = mysqli_fetch_assoc($result);
//print_r($row);
//$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
//$result2 = mysql_query("SELECT * FROM complaints", $link);
//while($row = mysql_fetch_assoc($result2))
//{
//echo $row['id_number'];
//}
?>'></br><br>
Any help would be appreciated. Thank you.


i replaced the button with a link, used it to pass the value when edit is clicked, catch the value with a get and it works for me.
in edit.php
echo "<td> <a href = 'edit2.php?id=$num_id'>Edit</a></td>";
in edit2.php
$id = $_GET['id'];
<b>User ID:</b> <input type='text' disabled='disables' name='userid' value = '<?php echo $id;?>'></input type>


$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);
$result2 = mysql_query("SELECT * FROM complaints", $link);
You must use just one of them this rows. I think problem is the second row. This query not choose the "id" that is "comid".
Your first query row is enough:
$result2 = mysql_query("SELECT * FROM complaints WHERE complaint_id = '$comid'", $link);

Related

How do I populate check boxes from Database using PHP/MySQLi

I am working with three database tables.
users
class
user_class
I'm making a page so that student can be assigned to classes using a checkbox. How do I get it so that if the value of a student being in a class is currently in the database, the checkbox for that class will already have the student value checked.
<?php
$showAllStudents = "SELECT * FROM users";
mysqli_query($mysqli, $showAllStudents) or die ('Error finding Students');
$result = mysqli_query($mysqli, $showAllStudents);
echo"<table border='1' cellspacing='10' align='center'>";
echo "<tr><th></th><th>User ID</th><th>User Name</th><th>First Name</th>
<th>Second Name</th></tr>";
while ($row = $result->fetch_object()){
echo "<tr>";
echo "<td><input type='checkbox' id='" .$row->userID . "'
name='check_box[]' value='" .$row->userID . "' /></td>";
echo "<td>" .$row->userID . "</td>";
echo "<td>" .$row->username . "</td>";
echo "<td>" .$row->forename . "</td>";
echo "<td>" .$row->surname . "</td>";
echo "</tr>";
}
if (isset($_POST['submitClassStudent'])) {
//get ID from header
$classID = $_GET['id'];
//print_r ($_POST);
//for each ticked checkbox convert to a UserID variable
foreach ($_POST['check_box'] as $userID) {
$editClassStudentQuery = "INSERT INTO `user_class`(userID, classID)
VALUES('$userID', '$classID')";
$insert_row = $mysqli->query($editClassStudentQuery) or die($mysqli->error . __LINE__);
if ($insert_row) {
header('Location: classeditor.php');
} else {
echo "Error: " . $editClassStudentQuery . "<br>" . $mysqli->error;
}
}
}
?>

To mark a checkbox as already checked you just need to add checked as one of its attributes.
<input type="checkbox" id="already-checked" checked> Already checked
W3 Schools

if the user exists then echo 'checked' in tag
Example: echo "<input type ='checkbox'";if(YourConditionHere)echo "checked>";else echo ">";

php form processing POST

I'm trying to use form processing to make a specific database query. I set the form to $name and am trying to process $sql = "SELECT * FROM quotes WHERE qSymbol = $name ORDER BY qQuoteDateTime DESC"
What is the best way to do this?
<form action="post.php" method="post">
<span></span><input type = "text" value=" " name="boxy" />
<br/><input type="submit" name="submit" value="Enter" />
</form>
<?php
$name = $_POST['boxy'];
if(isset($_POST['boxy'])){
error_reporting(E_ALL ^ E_DEPRECATED);
$con = mysql_connect('...');
if (!$con){
die("Cannot connect : " . mysql_error());
}
mysql_select_db('quotesdb',$con);
$sql = "SELECT * FROM quotes WHERE qSymbol = '$name' ORDER BY qQuoteDateTime DESC";
$myData = mysql_query($sql,$con);
echo "<table border = 1>
<tr>
<th>Data</th>
<th>Last</th>
<th>Change</th>
<th>% Chg</th>
<th>Volume</th>
</tr>";
while ($record = mysql_fetch_array($myData)){
echo "<tr>";
echo "<td>" . $record['qQuoteDateTime'] . "</td>";
echo "<td>" . $record['qLastSalePrice'] . "</td>";
echo "<td>" . $record['qNetChangePrice'] . "</td>";
echo "<td>" . $record['qNetChangePct'] . "</td>";
echo "<td>" . $record['qShareVolumeQty'] . "</td>";
echo "</tr>";
echo "</table>";
mysql_close($con);
}

You will still need single quotes around the variable unless it's a number
$sql = "SELECT * FROM quotes WHERE qSymbol = '$name' ORDER BY qQuoteDateTime DESC";

PHP form update all mysql rows instead of 1

if (isset($_POST['update'])){
$UpdateQuery = "UPDATE eventcalendar SET Title='$_POST[title]', Detail='$_POST[detail]' WHERE ID='$_GET[ID]'";
mysql_query($UpdateQuery, $con);
}
$sql = "SELECT * FROM eventcalendar";
$myData = mysql_query($sql,$con);
echo "<table border=1'>
<tr>
<th>Id</th>
<th>Title</th>
<th>Detail</th>
<th>Event Date</th>
<th>Date Added</th>
</tr>";
while($row = mysql_fetch_array($myData)){
echo "<form action=details.php method=post>";
echo "<tr>";
echo "<td>" . $row['ID'] . "</td>";
echo "<td>" . "<input type=text name=title value=" . $row['Title'] . " </td>";
echo "<td>" . "<input type=text name=detail value=" . $row['Detail'] . " </td>";
echo "<td>" . $row['eventDate'] . "</td>";
echo "<td>" . $row['dateAdded'] . "</td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysql_close($con);
This is my code, yet when i try to execute it, it execute all my rows in my table instead of the only 1 I edited. I've searched for like 2 hours but still can't find it. Does any of you know maybe how I can fix this?

Looks like you need to include the ID in the form action.
echo '<form action="details.php?ID='.$row['ID'].'" method="post">';
This will allow the use of the $_GET['ID'] value in your update query.
Alternatively, add the ID as a hidden field in your form like
echo '<input type="hidden" name="ID" value="'.$row['ID'].'">';
And change the SQL query to use $_POST['ID'] instead of $_GET['ID'].
$UpdateQuery = "UPDATE eventcalendar SET Title='$_POST[title]', Detail='$_POST[detail]' WHERE ID='$_POST[ID]'";
Something you also need to look into is escaping the input that you're using with your SQL statement.

Aside from the SQL Injection issues, your problem is that:
You're using $_GET[ID] in your query, instead of $_POST[ID]
You aren't posting the ID back to the form at all. Try adding this:
echo "<input type='hidden' name='ID' value='{$row[ID]}'>";

Your $_POST[title], $_POST[detail] and $_GET[ID]are interpreted as plain strings, not as the evaluated value, to get the evaluated value, you have to make use of concatenation.
Update this part :
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE eventcalendar SET Title='$_POST[title]', Detail='$_POST[detail]' WHERE ID='$_GET[ID]'";
mysql_query($UpdateQuery, $con);
}
to this:
if (isset($_POST['update']))
{
$UpdateQuery = "UPDATE eventcalendar SET Title='". $_POST['title']. "', Detail='". $_POST['detail']. "' WHERE ID='". $_POST['ID']. "'";
mysql_query($UpdateQuery, $con);
}

PHP executes but doesnt execute SQL update correctly

I have a table which displays
-Staff ID (Primary Key)
-Staff Name
-Staff Position
All the data loads in to my grid, the grid has an update button witch should let me to update it but it returns original result after clicking update.
<html>
<head>
</head>
<body>
<?php
$conn = mysql_connect("localhost", "root", "");
if (!$conn){
die("Can not connect: " . mysql_error());
}
mysql_select_db("pizza_shop",$conn);
if (isset($_POST['submit']) && $_POST['submit'] == 'update'){
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
mysql_query($UpdateQuery);
}
$sql = "SELECT * FROM staff";
$myData = mysql_query($sql, $conn);
echo "<table border=1>
<tr>
<th>Staff Name<th>
<th>Staff Position<th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=#edit_staff.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name =staffname value=" . $record['StaffName'] ." </td>";
echo "<td>" . "<input type=text name =staffposition value=" . $record['Position'] ." </td>";
echo "<td>" . "<input type=hidden name=hiddenid value=" . $record['StaffID'] . "</td>";
echo "<td>" . "<input type=submit name = update values=Update" . "</td>";
echo "</form>";
}
echo "</table>";
$conn = null;
?>
</body>
</html>

You need to change your update query from
$UpdateQuery = "UPDATE staff SET StaffName='$_POST[staffname]', Position='$_POST[staffposition]' WHERE StaffID='$_POST[hiddenid]'";
to
$UpdateQuery = "UPDATE staff SET StaffName='".$_POST['staffname']."', Position='".$_POST['staffposition']."' WHERE StaffID='".$_POST['hiddenid']."'";
What you were doing is $_POST[staffname] which must be like as $_POST['staffname'] and always try to check using error_reporting(E_ALL) function and need to check that your values are set or not

Php Populate Table and Update

Guys I cant see why it is that my code will only Update the last row on the table. It will populate the entire HTML page with a table with the info from phpAdmin. I can then change this info, on the html page. It all works fine if there is only one record, anymore than one and it only takes effect on the last row. I am new to all this, so excuse the code, here it is......
<html>
<?php
$con = mysql_connect("localhost","root");
if(!$con){
die("Cant get there Bren: " . mysql_error());
}
mysql_select_db("Web_Data",$con);
if (isset($_POST['update'])){
$UpdateQuery = "UPDATE Vehicles SET Vehicle_Id='$_POST[Vehicle_Id]',
Registration='$_POST[Registration]',Make='$_POST[Make]',Model='$_POST[Model]',
Classification='$_POST[Classification]',Rental_Price='$_POST[Rental_Price]',
Current_Status='$_POST[Current_Status]',Mileage='$_POST[Mileage]'
WHERE Vehicle_Id='$_POST[hidden]'";
echo "<center> Vechicle Id '$_POST[hidden]' succesfully VEHICLE UPDATED </center>";
mysql_query($UpdateQuery, $con);
};
$sql = "Select * From Vehicles";
$myData = mysql_query($sql,$con);
echo" <center> <table border = 3>
<tr>
<th>Vehicle_Id</th>
<th>Registration</th>
<th>Make</th>
<th>Model</th>
<th>Classification</th>
<th>Rental_Price</th>
<th>Current_Status</th>
<th>Mileage</th>
</tr></center>";
while($record = mysql_fetch_array($myData)){
echo "<form action = UpdateWD.php method=post>";
echo "<tr>";
echo "<td>" . "<input type = text name = Vehicle_Id value=" . $record['Vehicle_Id'] . " </td>";
echo "<td>" . "<input type = text name = Registration value=" . $record['Registration'] . " </td>";
echo "<td>" . "<input type = text name = Make value=" . $record['Make'] . " </td>";
echo "<td>" . "<input type = text name = Model value=" . $record['Model'] . " </td>";
echo "<td>" . "<input type = text name = Classification value=" . $record['Classification'] . " </td>";
echo "<td>" . "<input type = text name = Rental_Price value=". $record['Rental_Price'] . " </td>";
echo "<td>" . "<input type = text name = Current_Status value=" . $record['Current_Status'] . " </td>";
echo "<td>" . "<input type = text name = Mileage value=" . $record['Mileage'] . " </td>";
echo "<td>" . "<input type = hidden name = hidden value=" . $record['Vehicle_Id'] . " </td>";
echo "<td>" . "<input type = submit name = update value= update" . " </td>";
echo "</from>";
}
echo"</table>";
mysql_close($con);
?>
<br><br><br>
<footer>
Copyright © 2013 ABU LTD
About -
Privacy Policy -
Contact Us
Logout
</footer> <!--footer-->
</html>

See here:
Use while loop to display all fetched records.
<?php
// Make a MySQL Connection
$sql = "Select * From Vehicles";
$myData = mysql_query($sql,$con) or die(mysql_error());
while($row = mysql_fetch_array($myData)){
echo $row['Vehicle_Id'];
}
?>
And mysql_query can't use multiple queries.
The easiest thing is to just run them separately. I believe you can do multi query but I haven't tried it.
Just get the idea how you can run multiple queries using foreach loop.
$updateArray = array(21=>300,23=>200,24=>100);
foreach($updateArray as $id=>$value)
{
$query = "UPDATE cart SET cart_qty='$value' WHERE cart_id = '$id'";
mysql_query($query,$link);// $link is specified above
}

here is my mistake
hours and hours and all it was
echo "<td>" . "<input type = 'submit' name = 'update' value= 'update'" . " />";
echo "</td>";
echo "</tr>";
echo "</form>";
had "form" spelt "from" & didnt close the </tr>

Categories