I'm building a simple bug tracker tool.
When you've created a project, you can select a project status (open, in progress, finished).
You can change this status on the project page with this select form, :
<form action="classes/changestatus.class.php" method="post">
<label> Change Project Status </label>
<select name="status" id="status">
<option value="open">Open</option>
<option value="inprogress">In Progress</option>
<option value="finished">Finished</option>
</select>
<input class="small button" value="Change Status" type="submit">
</form>
The form posts the action to this class:
$status = $_POST['status'];
$sql = "UPDATE INTO projects ( status ) VALUES ('$status')";
$result = mysql_query( $sql );
$result = mysql_real_escape_string( $sql );
$latestID = mysql_insert_id();
if ( $result ) {
header('Location: ../projectpage.php?id='.$latestID);
} else {
echo "There is something wrong. Try again later.";
}
mysql_close();
So, when you submit the form it will run the query above and go back to the project page, with the changed project status, but this doesn't work.
I always get redirected to the wrong project page and the data doesn't update in the mysql table.
The problem is that I can't get the id, when I have this link for example 'projectpage?id=20', it always redirects me to 'projectpage?id=0'.
Can anyone help me ? I know the code isn't fully sql injection proof and I don't use mysqli, I just like to have an anwser on my question.
Thanks!
You're not keeping the $id so the this data isn't being transferred. on your form use:
<input type='hidden' name='hdnID' value="<?php echo $id;?>">
<input class="small button" value="Change Status" type="submit">
Then on your form use:
$status = $_POST['status'];
$id = $_POST['hdnID'];
Try This,
$sql="UPDATE projects SET status = '$status', id = LAST_INSERT_ID(id)";
$latestID = mysql_insert_id();
It will works for you.
Use
$sql="UPDATE projects SET status = '$status'";
And mysql_insert_id will only work when an INSERT query is executed.You need an id to update it or either to redirect it...If you are giving id then you can do like
$sql="UPDATE projects SET status = '$status' WHERE id = $id";
And redirection will be like
header('Location: ../projectpage.php?id='.$id);
Related
Working my way though Creating, Reading, Updating & Deleting (CRUD) information from a database I have done C,R & D but for some reason I can not update.
What am trying to do:
Edit a categorizes title
My Results:
when clicking edit in the table of the cat title I want to change I can get the cat title to echo into a form, where it can be changed then when i try and change the cat title, click update the form goes away as I wanted but the cat title stays the same.
as well am not getting any query errors
What should I look for when debugging code that has no errors?
Can someone see my problem?
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
include "includes/update.php";
}
?>
<form action="categories.php" method="post">
<div class="form-group">
<label for="cat_title">Edit Category</label>
<?php
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
$query = "SELECT * FROM categories WHERE cat_id = $cat_id ";
$select_categories_id = mysqli_query($connection,$query);
while ($row = mysqli_fetch_assoc($select_categories_id)) {
$cat_id = $row['cat_id'];
$cat_title = $row['cat_title'];
?>
<input value="<?php if(isset($cat_title)){echo $cat_title;} ?>" class="form-control" type="text" name="cat_title">
<?php
}
}
if(isset($_POST['edit_category'])){
$edit_cat_title = $_POST['cat_title'];
$query = "UPDATE FROM categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
$edit_query = mysqli_query($connection,$query);
if (!$edit_query) {
die(mysqli_error($edit_query));
}
}
?>
</div>
<input class="btn btn-primary" type="submit" name="edit_category" value="Edit Category">
</form>
In the following line you have a small error:
$query = "UPDATE FROM categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
You need to remove the "FROM" in there, will look like this:
$query = "UPDATE categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
and it should work as expected.
you're calling the update query with
$query = "UPDATE FROM categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
where $cat_id probably is not set,
once to get this value you're using an if condition
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
where the $_GET[ 'edit' ] can be empty, and the next error is to overwrite the $cat_id variable in a loop: $cat_id = $row['cat_id'];
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
include "includes/update.php";
}
?>
<form action="categories.php" method="post">
<div class="form-group">
<label for="cat_title">Edit Category</label>
<?php
if (isset($_GET['edit'])) {
$cat_id = $_GET['edit'];
}
if(isset($_POST['edit_category'])){
$edit_cat_title = $_POST['cat_title'];
$query = "UPDATE FROM categories SET cat_title = '{$edit_cat_title}' WHERE cat_id = {$cat_id} ";
$edit_query = mysqli_query($connection,$query);
if (!$edit_query) {
die(mysqli_error($edit_query));
}
}
Delete that FROM, it should be UPDATE categories SET ...
You realise that $edit_cat_title is from a POST value, but $cat_id is from a GET value, but your form (as far as I can see) has an action value of action = "categories.php" which will contain NO GET VARIABLES.
Add the property enctype to your <form> such as:
<form ... enctype='multipart/form-data' ... >
To be honest this last point is good practise but I'd be surprised if that was why your POST data was not being populated.
Possible solutions:
1) Use $_REQUEST['cat_id'] and insert the cat_id as a POSTed field in your form, so it can use variables given by either $_POST or $_GET [or $_COOKIE].
2) change your action to goto : action ="categories.php?edit=XXX" to submit the form to an address with a valid GET value as required.
3) Use sessions to hold data from previous pages (such as cat_id). This is my prefered option.
Extra
From question comments it becomes clear that the part if isset($_POST['edit_category']) is never true, so this means that your form is incorrect -- either you have not got a form field named name='edit_cateogry' or your form field is never filled in, or never sent with the form (perhaps the input is placed after the </form> form closing tag?
Anyhow, your issue is that your $_POST value you are looking for is never set.
MY HTML
<div class="normal-text">
<? $check = mysql_query("SELECT * FROM client")or die(mysql_error());
while ($check2 = mysql_fetch_array( $check ))
{
$checkgather = mysql_query("SELECT * FROM gather where client_id = '".$check2['client_id']."' ")or die(mysql_error());
$checkgather2 = mysql_fetch_array( $checkgather );
echo $check2['client_name'].' :
<select name="gather" class=\"form-field\">
<option value="hashtag" '.(($checkgather2['gather_choice']=='hashtag')?'selected="selected"':"").' >hashtag</option>
<option value="latitude" '.(($checkgather2['gather_choice']=='latitude')?'selected="selected"':"").' >latitude/longitude</option>
<option value="followers" '.(($checkgather2['gather_choice']=='followers')?'selected="selected"':"").'>followers</option>
</select>
Start Thread to gather<br>';
}
?>
<br>
<input class="submit-button" type="submit" name="submit" value="Update" />
</div>
I have several rows of results.. each with a dropdown menu of what's in the DB... If I change 1 or multiple values, and I press the UPDATE button... How can I treat the code..
I'm assuming I'll need a foreach(.... )
my current PHP is this:
if (isset($_POST['submit']))
{
$update = mysql_query("UPDATE gather set gather_choice = ' ' where client_id = ' ' ")or die(mysql_error());
}
But I'll probably need a foreach somewhere... Any tips on how to make this work?
thanks
You can do this, assuming you have a unique key on client_id
INSERT INTO gather (gather_choice, client_id)
VALUES (first_choice, first_client_id), (second_choice, second_client_id)
ON DUPLICATE KEY UPDATE client_id = VALUES(client_id)
This will basically try to insert first, but seeing that it already exists, will just update it.
I can't seem to find a solution to this and i've looked for similar threads too but no luck
Basically here's my code, when you click Update it's meant to display your current name in the form fields then you can overwrite them and submit the changes, however sadly it will not update, it only displays the originally set first name and last name and does not update the database so therefore not displaying the new set names.
<?php
include('../connect_db.php');
$res = mysqli_query($dbconnection, "SELECT * FROM users");
$row = mysqli_fetch_array($res);
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
$newFirst = $_POST['newFirst'];
$newLast = $_POST['newLast'];
$id = $_POST['id'];
$sql = "UPDATE users SET first_name='$newFirst', last_name='$newLast' WHERE id='$id'";
$res = mysqli_query($dbconnection, $sql);
}
?>
<div id="editSection">
<h3>Edit Details</h3>
<form action="edit_profile.php" method="POST">
<input type="hidden" value="<?php echo $row[0];?>" name="id"/>
<h2>First Name</h2>
<input type="text" name="newFirst" value="<?php echo $row[1];?>">
<h2>Last Name</h2>
<input type="text" name="newLast" value="<?php echo $row[2];?>">
<input type="submit" value="Update">
</form>
</div>
Any help would be greatly appreciated :)
Kind Regards
~ Matt
You have to connect to DB before updating.so use
$con=mysqli_connect("localhost","my_user","my_password","my_db");
There are several other errors like you have to make $POST['newFirst'] as $_POST['newFirst'] like this
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
And change the query to
$sql = "UPDATE users SET first_name='$newFirst',last_name='$newLast' WHERE id= '$id'";
beacuse you have error at end of query id='first_name='$id' which is wrong
I see some error in the query
$sql = "UPDATE users SET first_name='$newFirst',
last_name='$newLast' WHERE id='first_name='$id'";
should be
$sql = "UPDATE users SET first_name='$newFirst',
last_name='$newLast' WHERE id= '$id'";
also
if(isset($POST['newFirst']) && isset($POST['newLast'])){
should be
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
You are using $POST wrong in your if-condition.
It must be called $_POST[..].
Also you should take a look at your WHERE in your update query.
I think you mean: WHERE id= '$id'
You should get your id from $_POST['id']; which is your row ID i suppose and also the update query must be where id=$id.
$id = $_POST['id'];
$sql = "UPDATE users SET first_name='$newFirst', last_name='$newLast' WHERE id=$id";
Also have you checked in DB after the update? the row[0], row[1], row[2] used will have old set of values used during select before the update happened. can you have the mysqli_fetch_array($res) after the update call?
I have a form where the user inputs their ID and this then populates their name from a database? There is a whole form I just copied the relevant parts and the sql below.
User ID: <input value="User ID" name="user_id">
$sql = "SELECT user_firstname, user_surname FROM users_tbl WHERE xxxx = users_tbl.user_id"
$result = pg_query($sql);
I have made it this far, but im not sure what to do.
You should filter GET or POST form variables. So the right way would be:
$sql = "SELECT user_firstname, user_surname FROM users_tbl WHERE users_tbl.user_id= ".$_POST['user_id'];
$result = pg_query($sql);
Also don't forget to filter POST and GET variables from sql injections
You probably want something like ...
page1.php
<form method="POST" action="page2.php">
User ID: <input name="user_id" value="User ID">
<input type="submit" value="go">
</form>
page2.php
$id = mysql_escape_string( $_POST['user_id'] );
$sql = "SELECT `user_firstname`, `user_surname` FROM `users_tbl `WHERE `id` = '$id' LIMIT 1";
...
I've built a page for user permissions and rankings just not to deal with phpmyadmin every time i want to change someones rank or whatever. Now, I have a problem with this query, every time I run all of the users get the same rank.
$sql = "SELECT * FROM users ORDER BY rank DESC LIMIT $start_from, 20";
$rs_result = mysql_query($sql) or die(mysql_error);
while ($row = mysql_fetch_assoc($rs_result)) {
echo "
<tr>
<td>".$row['username']."</td>
<td>".$row['rank']."</td>
<td>
<form action='' method='post'>
<select name='rank'>
<option value='member'>Member</option>
<option value='moderator'>Moderator</option>
<option value='supermoderator'>Supermoderator</option>
<option value='administrator'>Administrator</option>
</select>
<input type='submit' name='change' value='Change' />
</form>
</td>
</tr>
";
if (isset($_POST['change'])) {
$sql_rank = "UPDATE users SET rank = '".$_POST['rank']."' WHERE username = '".$row['username']."'";
$res_rank = mysql_query($sql_rank) or die(mysql_error());
}
you have
if (isset($_POST['change'])) {
$sql_rank = "UPDATE users SET rank = '".$_POST['rank']."' WHERE username = '".$row['username']."'";
$res_rank = mysql_query($sql_rank) or die(mysql_error());
}
inside the while loop. make sure you close the loop and you grab the data with $_POST not $row...
if (isset($_POST['change'])) {
$sql_rank = "UPDATE users SET rank = '".$_POST['rank']."' WHERE username = '".mysql_real_escape_string($_POST['username'])."'";
$res_rank = mysql_query($sql_rank) or die(mysql_error());
}
Also please consider trying mysqli or PDO
Yeah, you don't transmit the information which user exactly; you only check for isset($_POST["change"]) which isn't serving any information about which user; it's only indicating that any post request with an <input name="change"... /> has been submitted.
I suggest to add the value in some hidden input field like echo '<input type="hidden" name="username" value="'.$row['username'].'" />';
And then add in your if the condition: $_POST["username"] == $row['username']
Also you should consider to upgrade to mysqli or PDO.