I have a form on a page that posts a record id to a page I want to display that record on. The form is:
<form method="post" action="update.php">
<input type="hidden" name="sel_record" value="$id">
<input type="submit" name="update" value="Update this Order">
</form>
I have tested to see if $id is getting the correct value and it does. When it post to update.php it does not return any values. Any ideas? here is the update page code:
$sel_record = $_POST['sel_record'];
$result = mysql_query("SELECT * FROM `order` WHERE `id` = '$sel_record'") or die (mysql_error());
if (!$result) {
print "Something has gone wrong!";
} else {
while ($record = mysql_fetch_array($result)) {
$id = $record['id'];
$firstName = $record['firstName'];
$lastName = $record['lastName'];
$division = $record['division'];
$phone = $record['phone'];
$email = $record['email'];
$itemType = $record['itemType'];
$job = $record['jobDescription'];
$uploads = $record['file'];
$dateNeeded = $record['dateNeeded'];
$quantity = $record['quantity'];
$orderNumber = $record['orderNumber'];
}
}
you have not put the php tags <?php ?> inside the html
<input type="hidden" name="sel_record" value="<?php echo $id; ?>">
You should also try to define those variables outside of the while loop.
$id = '';
$result = mysql_query("SELECT * FROM `order` WHERE `id` = '$sel_record'") or die (mysql_error());
if (!$result) {
print "Something has gone wrong!";
} else {
while ($record = mysql_fetch_array($result)) {
$id = $record['id'];
}
}
Not a full example, but you get the idea.
You have to escape the string... and you can drop the single quotes around order and id.
Try:
$result = mysql_query("SELECT * FROM order WHERE id = '" . $sel_record . "'")
if $sel_record is a String, otherwise remove the single quotes:
...WHERE id = " . $sel_record)
You can also use functions sprintf and mysql_real_escape_string to format:
$query = sprintf("SELECT * FROM order WHERE id = '%s'",
mysql_real_escape_string($sel_record));
Related
Hi I am trying to do a Registration that the users will put their name password and their answers to some questions and then an admin will manually answer to it if it's accepted.I did the system that loads their name password and answers in the database,and I also ran the things that will show the answers to the admin,but I can't figure a way to change a value just for one user not for all of them,I will leave you my codes and everything over here.
Here is my admin.viewapplications.php code
(Here,it shows everything fine,but I can't figure a way that the button to act just for one id not for all)
<?php
//include(__DIR__ . "/signup.php");
include("../resources/config.php");
//$name = $_POST['Name'];
//$mg = $_POST['MG'];
//$pg = $_POST['PG'];
//$rk = $_POST['RK'];
$sql = "SELECT id, name, tutorial, MG, PG, RK FROM rp_users WHERE tutorial = 2";
//$tutorial = "SELECT tutorial FROM rp_users";
$result = mysql_query($sql);
//$result2 = mysql_query($tutorial);
//$value = mysql_fetch_object($result2)
/*if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}*/
//if($value > 1)
//
while($row = mysql_fetch_array($result))
{
//$tutorial = row["tutorial"];
//f($tutorial == 2)
//}
$id = $row["id"];
$name = $row["name"];
$mg = $row["MG"];
$pg = $row["PG"];
$rk = $row["RK"];
echo "ID: " . $id."<br> <br>";
echo "Nume: " . $name."<br> <br>";
echo "MG: " . $mg."<br> <br>";
echo "PG: " . $pg."<br> <br>";
echo "RK: " . $rk."<br> <br>";
echo '<form action="./?p=applicationaccept" method="POST">';
echo '<input type="submit" name="accept" value="Accepta">';
echo '</form><br>';
echo '<form action="./?p=applicationdeny" method="POST">';
echo '<input type="submit" name="deny" value="Respinge">';
echo '</form><br> <br> <br>';
}
//}
//
?>
And here is my applicationaccept.php
<?php
include("../admin/admin.viewapplications.php");
include("../resources/config.php");
$iduser = $id;
$sql = "UPDATE rp_users SET tutorial=0";
$result = mysql_query($sql);
if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}
/*while($row = mysql_fetch_array($result))
{
}*/
?>
I think what you want to do is a simple UPDATE to your MySQL database..
but make sure you format the PHP code you're using otherwise it'll give you an ERROR!
Also you have to use 'mysqli' now in PHP!
<?php
$someID = '1';
$sql = "UPDATE `rp_users` SET `tutorial`= '0' WHERE `id` = $someID";
$result = mysqli_query($link, $sql);
if($result)
{
echo "Success";
}
else
{
echo ("Error");
}
?>
BTW I forgot to mntion the '$link' is the connection to your database!
As of my understanding of your question if your form action is applicationaccept.php and you are trying to update for one user in applicationaccept.php file, try this:
<?php
include("../admin/admin.viewapplications.php");
include("../resources/config.php");
$iduser = $_POST["id"]; // pass id as parameter in form
$sql = "UPDATE rp_users SET tutorial=0";// change this line to following line
$sql = "UPDATE rp_users SET tutorial=0 where id=$iduser";
$result = mysql_query($sql);
if($result)
{
echo "Succes";
}
else
{
die(mysql_error());
}
?>
Be aware your code is vulnerable
I am trying to create a form to allow a user to update data from the form to the existing amount in the database. Here is what I have so far it appears to double the value. I was thinking I needed to pull the value from the database and then add the data from the form.
<?php
$username = "username";
$password = "password";
$hostname = "localhost";
//connection to the database
$dbhandle = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MySQL");
echo "<font face=tahoma color=#ff000><b>Connected to MySQL</b></font><br><br>";
//select a database to work with
$selected = mysql_select_db("pdogclan_points",$dbhandle)
or die("Did this change");
// Formulate Query
$_POST["filter"];
$memid = mysql_real_escape_string($_POST["Member_ID"]);
$query = sprintf("SELECT Member_ID, Bank, Reward_1, Reward_2, Reward_3 FROM Points_Rewards WHERE Member_ID = '$memid'") or die("Could Not Formulate the Query");
//execute the SQL query and return records
$result = mysql_query($query);
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);
}
//fetch tha data from the database
while ($row = mysql_fetch_array($result))
echo "<table width=750 cellspacing=2 cellpadding=2 border=2>
<tr>
<td bgcolor=#000000 width=150><font face=tahoma color=white>ID: {$row['Member_ID']}</font></td>".
"<td width=150><font face=tahoma>Bank: {$row['Bank']}</td>".
"<td width=150><font face=tahoma>Reward 1: {$row['Reward_1']}</td>".
"<td width=150><font face=tahoma>Reward 2: {$row['Reward_2']}</td> ".
"<td width=150><font face=tahoma>Reward 3: {$row['Reward_3']}</td>
</tr>
</table><br></font>";//display the results
// Formulate Update Query
$_POST["submit"];
$memid = mysql_real_escape_string($_POST["Member_ID"]);
$query = sprintf("SELECT Member_ID, Bank, Reward_1, Reward_2, Reward_3 FROM Points_Rewards WHERE Member_ID = '$memid'") or die("Could Not Formulate the Query");
while ($row = mysql_fetch_array($result))
{
$bankdb = $row['Bank'];
$reward1db = $row['Reward_1'];
$reward2db = $row['Reward_2'];
$reward3db = $row['Reward_3'];
}
echo $bank;
echo $reward1;
echo $reward2;
echo $reward3;
$memid = mysql_real_escape_string($_POST["Member_ID"]);
$bank = $_POST['bank'];
$reward1 = $_POST['reward1'];
$reward2 = $_POST['reward2'];
$reward3 = $_POST['reward3'];
$query = "UPDATE Points_Rewards Set Bank = ('$bank' + '$bankdb'), Reward_1 = ('$reward1' + '$reward1'), Reward_2 = ('$reward2' + '$reward2'), Reward_3 = ('$reward3' + '$reward3') WHERE Member_ID = '$memid'";
$result = mysql_query($query) or die(mysql_error());
if(mysql_query($query)){
echo "updated";}
else{
echo "fail";}
//close the connection
mysql_close($dbhandle);
?>
Just create a form using basic HTML, store data you fetched from database in PHP variables, then display that data using PHP tags, like this:
<form action="..." method="post" >
<?php
$memid = mysql_real_escape_string($_POST["Member_ID"]);
$query = sprintf("SELECT Member_ID, Bank, Reward_1, Reward_2, Reward_3 FROM Points_Rewards WHERE Member_ID = '$memid'") or die("Could Not Formulate the Query");
while ($row = mysql_fetch_array($result))
{
?>
<input type="text" name="r1" value="<?php echo $row['Reward_1']; ?>" /> ;
<input type="text" name="r2" value="<?php echo $row['Reward_2']; ?>" /> ;
<input type="text" name="r3" value="<?php echo $row['Reward_3']; ?>" /> ;
...
<?php
}
?>
...
</form>
You can use operators on the tables values in your SQL - it would look something like this:
$query = "UPDATE Points_Rewards Set Bank = (Bank + '$bankdb'), Reward_1 = (Reward_1 + '$reward1'), Reward_2 = (Reward_2 + '$reward2'), Reward_3 = (Reward_3 + '$reward3') WHERE Member_ID = '$memid'";
This is the structure
// if a form is submitted
if(isset($_POST['submit'])) {
$memid = $_POST["Member_ID"];
//SELECT or INSERT or UPDATE your DATABASE. Yes use PDO and prepared statements.
$query = $dbh->prepare("SELECT Member_ID, Bank, Reward_1, Reward_2, Reward_3 FROM Points_Rewards WHERE Member_ID = '$memid'")
//don't forget to bind parameters
$sth->bindParam(':memid', $memid, PDO::PARAM_INT);
$sth->execute(...);
//the loop
while ($row = $sth->fetch(PDO::FETCH_ASSOC)) {
echo '';
}
//close the if statement
}
//write the form
<form method="post"/>
<input name="Member_ID" type="text" required/>
<input name="submit" type="submit" value="submit" />
</form>
I have a multiple select list (links) which posts values to $links. I then want to run a query on table 'link' returning records that match values in $links. I am using the following code, but not getting any results:
<select name="links[]" size="9" multiple="multiple" id="links">
<?php
$query = mysql_query("SELECT * from link ORDER BY link_title ASC");
for($i=0;$i<mysql_num_rows($query);$i++) {
$row=mysql_fetch_assoc($query);
?>
<option value="<?php echo $row['link_pk']; ?>"><?php echo $row['link_title']; ?></option>
<?php
}
?>
</select>
And the submit code:
$author_pk = $_GET['author_pk'];
$title = $_POST['title'];
$topic_introduction = $_POST['topic_introduction'];
$selected_topic = $_POST['selected_topic'];
$links = $_POST['links'];
$majors = $_POST['majors'];
$majors_string = implode(",", $majors);
$sub_discipline = $_POST['sub_discipline'];
if(isset($_POST['submit'])){
$query_links = "SELECT * FROM link WHERE link_pk IN ('.implode(',',$links).')";
$result_links = mysql_query($query_links, $connection) or die(mysql_error());
while ($row_links = mysql_fetch_assoc($query_links)){
$topic_links = array();
$topic_links[$row_links['url']] = $row_links;
} if($result_links){
$topic = $topic_introduction . '<p>' . $topic_links;
$query = "INSERT INTO topic (topic_pk,title,topic,majors,sub_discipline_fk,author_fk,created)
VALUES ('','$title','$topic','$majors_string','$sub_discipline','$author_pk',NOW())";
$result = mysql_query($query, $connection) or die(mysql_error());
if($result){
$message = "- The topic '" . $title . "' has been created";
}
}
}
This line is wrong:
while ($row_links = mysql_fetch_assoc($query_links)){
... because $query_links is actually a string (your SQL query). You should use $result_links, instead.
Also, the $query_links string isn't being defined correctly. You have to use the same delimiter at the end of a string literal that you use at the beginning. Instead of:
$query_links = "SELECT * FROM link WHERE link_pk IN ('.implode(',',$links).')";
Try:
$query_links = 'SELECT * FROM link WHERE link_pk IN (' . implode(',', $links) . ')';
I am having problem adding up the values in a column with php.
These values where sent from checkboxes and i want to count only the values that where checked from the unit column.
Here is my code:
<?php
$id = $_POST['course'];
foreach($id as $value)
{
//echo $value;
$query = " SELECT * FROM french WHERE id= $value ";
$result = mysql_query($query) or die('Error, query failed');
while ($row = mysql_fetch_array($result)) {
$id = $row['id'];
$course = htmlspecialchars($row['course_name']);
$code = htmlspecialchars($row['course_code']);
$unit = $row['unit'];
$status = $row['status'];
?>
Are you trying like this? Getting form array of form checkboxs and checking on database via ID's?
HTML FORM
Check 1 <input type="checkbox" name="val[]" />
Check 2 <input type="checkbox" name="val[]" />
PHP RESULT
$val = $_POST['val'];
$count = count($val);
foreach ($val as $val_res)
{
$query = 'SELECT * FROM french WHERE id='.$val_res;
}
everytime i try and add one to the second column of a certain name, it changes the value to 5, if i echo my event it says it is equal to resource id #4. Anyone have any fixes?
<form action="new.php" method="POST">
<input type="text" name="input_value">
<br />
<input name="new_User" type="submit" value="Add to Users">
<input type="submit" name="event_Up" value="Attended Event">
<?php
//Connect to Database
mysql_connect("localhost", "root", "");
//If Add New user butten is clicked execute
if (isset($_POST['new_User']))
{
$username = $_POST['input_value'];
$make = "INSERT INTO `my_db`.`profile` (`Name`, `Events`) VALUES ('$username', '1')";
mysql_query($make);
}
//If Event up is pushed then add one
if (isset($_POST['event_Up']))
{
$username = $_POST['input_value'];
$event = mysql_query("SELECT 'Events' FROM `my_db`.`profile` WHERE Name ='$username'");
$newEvent = $event +1;
$update = "UPDATE `my_db`.`profile` SET Events = '$newEvent' WHERE Name = '$username'";
mysql_query($update);
}
//Print Table
$data = mysql_query("SELECT * FROM `my_db`.`profile`");
Print "<table border cellpadding=4>";
while($info = mysql_fetch_array($data))
{
Print "<tr>";
Print "<th>Name:</th> <td> ".$info['Name'] . "</td>";
Print "<th>Events:</th> <td>".$info['Events'] . " </td>";
}
Print "</table>";
?>
I've cleaned up your code a little bit.
It's still a mess, but should at least work (un-tested though).
<form action="new.php" method="post">
<input type="text" name="input_value">
<br />
<input name="new_User" type="submit" value="Add to Users">
<input type="submit" name="event_Up" value="Attended Event">
</form>
<?php
//Connect to Database
mysql_connect("localhost", "root", "");
//If Add New user butten is clicked execute
if (isset($_POST['new_User']))
{
$username = empty($_POST['input_value']) ? NULL : $_POST['input_value'];
if ( ! empty($username))
{
mysql_query("
INSERT INTO `my_db`.`profile`
(`Name`, `Events`)
VALUES
('". mysql_real_escape_string($username) ."', 1)
");
}
}
//If Event up is pushed then add one
if (isset($_POST['event_Up']))
{
$username = empty($_POST['input_value']) ? NULL : $_POST['input_value'];
if ( ! empty($username))
{
$event = mysql_query("
SELECT
Events
FROM
`my_db`.`profile`
WHERE
Name = '". mysql_real_escape_string($username) ."'
");
$newEvent = (int) (mysql_result($event, 0, 'Events') + 1);
mysql_query("
UPDATE
`my_db`.`profile`
SET
Events = $newEvent
WHERE
Name = '". mysql_real_escape_string($username) ."'
");
}
}
//Print Table
$data = mysql_query("SELECT * FROM `my_db`.`profile`");
Print "<table border cellpadding=4>";
while($info = mysql_fetch_assoc($data))
{
Print "<tr>";
Print "<th>Name:</th> <td> ". htmlentities($info['Name'], ENT_COMPAT, 'UTF-8') . "</td>";
Print "<th>Events:</th> <td>". htmlentities($info['Events'], ENT_COMPAT, 'UTF-8') . " </td>";
}
Print "</table>";
?>
Edit:
Just so you are aware... your issue was $newEvent = $event +1;.
$event is a MySQL resource, not the query's result. You have to use one of the mysql_* functions to get the data (see my code above.)
It seems you are just learning PHP, and I would highly recommend you stop using the mysql_* functions right now and start using PDO.
use mysql_fetch_assoc not mysql_fetch_array
any time you get a resource id rather than data it means you have just a pointer to something and most likely need a function call to get the data out.
You need to fetch the array and then define $event based on the results. You're assigning $events on the mysql query itself.
$result = mysql_query("SELECT 'Events' FROM `my_db`.`profile` WHERE Name ='$username'");
while($row = mysql_fetch_array( $result )) {
$event = $row['Events'];
}