I've built a page for user permissions and rankings just not to deal with phpmyadmin every time i want to change someones rank or whatever. Now, I have a problem with this query, every time I run all of the users get the same rank.
$sql = "SELECT * FROM users ORDER BY rank DESC LIMIT $start_from, 20";
$rs_result = mysql_query($sql) or die(mysql_error);
while ($row = mysql_fetch_assoc($rs_result)) {
echo "
<tr>
<td>".$row['username']."</td>
<td>".$row['rank']."</td>
<td>
<form action='' method='post'>
<select name='rank'>
<option value='member'>Member</option>
<option value='moderator'>Moderator</option>
<option value='supermoderator'>Supermoderator</option>
<option value='administrator'>Administrator</option>
</select>
<input type='submit' name='change' value='Change' />
</form>
</td>
</tr>
";
if (isset($_POST['change'])) {
$sql_rank = "UPDATE users SET rank = '".$_POST['rank']."' WHERE username = '".$row['username']."'";
$res_rank = mysql_query($sql_rank) or die(mysql_error());
}
you have
if (isset($_POST['change'])) {
$sql_rank = "UPDATE users SET rank = '".$_POST['rank']."' WHERE username = '".$row['username']."'";
$res_rank = mysql_query($sql_rank) or die(mysql_error());
}
inside the while loop. make sure you close the loop and you grab the data with $_POST not $row...
if (isset($_POST['change'])) {
$sql_rank = "UPDATE users SET rank = '".$_POST['rank']."' WHERE username = '".mysql_real_escape_string($_POST['username'])."'";
$res_rank = mysql_query($sql_rank) or die(mysql_error());
}
Also please consider trying mysqli or PDO
Yeah, you don't transmit the information which user exactly; you only check for isset($_POST["change"]) which isn't serving any information about which user; it's only indicating that any post request with an <input name="change"... /> has been submitted.
I suggest to add the value in some hidden input field like echo '<input type="hidden" name="username" value="'.$row['username'].'" />';
And then add in your if the condition: $_POST["username"] == $row['username']
Also you should consider to upgrade to mysqli or PDO.
Related
Depending on the input from checkboxes I'm trying to echo out users in a database based on category in a table linking the users-table with categories. But I only get one result for each category, even though I know there are several users in each category.
I have spent several dies seaching for the correct way to do this, and based upon the many tutoriels and articles out there I thought this method would work. But it does not.
This is the code that doesn't do what I want it to do:
function printusers($idcheck, $cat){
$sqlString = "SELECT userid FROM user_category WHERE categoryid ='$idcheck'";
$result = mysqli_query($dbLink, $sqlString) or die("Could not search for user id.." . mysqli_error($dbLink));
$row = mysqli_fetch_assoc($result);
// Make the first user on the list visable
mysqli_data_seek($result, 0);
while ($row = mysqli_fetch_assoc($result)) {
$id = $row['userid'];
$sqlString = "SELECT name FROM users WHERE id='$id'";
$result = mysqli_query($dbLink, $sqlString) or die("Could not search for user.." . mysqli_error($dbLink));
$row = mysqli_fetch_assoc($result);
$name = $row['name'];
// echo users
echo "<h2 class=\"browsecategory\">Category: $cat</h2>
<p class=\"user\">Name: $name</p>\n";
}
}
if(isset($_POST['admins'])){
printusers(1, "Administrator");
}
I have also tried replacing the while loop with a foreach loop, like this:
foreach ($result as $row) {
same code as in while loop
}
This method echoed out several empty results. The HTML was there, but there was no information from the database. And the number of reults that were echoed was even higher than the number of results that the database should produce.
This is the HTML. A basic checkbox form:
<form action="results.php" method="POST">
<input type="checkbox" name="admins" id="admins">
<input type="checkbox" name="users" id="users">
<input type="checkbox" name="maillist" id="maillist">
<input type="submit" value="Browse">
</form>
I have created a page where it lets users to edit their information which is stored in the database. However i can't get the WHERE clause to work it just keeps coming up with entry not found. Any help would be great thanks.!
<?php
mysql_connect('localhost', 'root', 'password') or die(mysql_error());
mysql_select_db("peopletank") or die(mysql_error());
$query = mysql_query("SELECT * FROM users WHERE id='$id'")
or die(mysql_error());
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$id = $row['id'];
$firstname= $row['firstname'];
$secondname= $row['secondname'];
}
?>
<form action="update.php" method="post">
<input type="hidden" name="ID" value="<?php echo $id;?>">
Value1: <input type="text" name="value1" value="<?php echo $firstname;?>">
<br>
Value2: <input type="text" name="value2" value="<?php echo $secondname?>">
<input type="Submit" value="Change">
</form>
<?php
}else{
echo 'No entry found. Go back';
}
?>
Try this :
$query = mysql_query("SELECT * FROM users WHERE id='".$id."'");
Make sure your $id is populated correctly. Try checking the value first if the query still didn't showed up like this :
echo 'The id is : '.$id;
$query = mysql_query("SELECT * FROM users WHERE id='".$id."'");
If the $id is populated correctly but still return no result then run the query manually in your mysql database, probably there is no result for specified $id
And while populating data, no need to fetch $id while you just have same $id ini this query.
while($row = mysql_fetch_array($query)) {
$id = $row['id']; /* << Remove this */
$firstname= $row['firstname'];
$secondname= $row['secondname'];
}
I aint 100% sure if its one of these things:
1) Try ending the statements with ;
2) Numbers dont have to be between ''
3) Try putting names of columns between ``
4) use LIMIT 1 where you can (makes things faster but not important)
5) Always try to use a selecter (faster)
<?
if ( $query = mysql_query("SELECT `firstname`,`secondname` FROM `users` WHERE (`id` = $id) LIMIT 1;"))
{
if ($r = mysql_fetch_assoc($query))
{
$firstname = $r['firstname'];
$secondname = $r['secondname'];
}
}
?>
MY HTML
<div class="normal-text">
<? $check = mysql_query("SELECT * FROM client")or die(mysql_error());
while ($check2 = mysql_fetch_array( $check ))
{
$checkgather = mysql_query("SELECT * FROM gather where client_id = '".$check2['client_id']."' ")or die(mysql_error());
$checkgather2 = mysql_fetch_array( $checkgather );
echo $check2['client_name'].' :
<select name="gather" class=\"form-field\">
<option value="hashtag" '.(($checkgather2['gather_choice']=='hashtag')?'selected="selected"':"").' >hashtag</option>
<option value="latitude" '.(($checkgather2['gather_choice']=='latitude')?'selected="selected"':"").' >latitude/longitude</option>
<option value="followers" '.(($checkgather2['gather_choice']=='followers')?'selected="selected"':"").'>followers</option>
</select>
Start Thread to gather<br>';
}
?>
<br>
<input class="submit-button" type="submit" name="submit" value="Update" />
</div>
I have several rows of results.. each with a dropdown menu of what's in the DB... If I change 1 or multiple values, and I press the UPDATE button... How can I treat the code..
I'm assuming I'll need a foreach(.... )
my current PHP is this:
if (isset($_POST['submit']))
{
$update = mysql_query("UPDATE gather set gather_choice = ' ' where client_id = ' ' ")or die(mysql_error());
}
But I'll probably need a foreach somewhere... Any tips on how to make this work?
thanks
You can do this, assuming you have a unique key on client_id
INSERT INTO gather (gather_choice, client_id)
VALUES (first_choice, first_client_id), (second_choice, second_client_id)
ON DUPLICATE KEY UPDATE client_id = VALUES(client_id)
This will basically try to insert first, but seeing that it already exists, will just update it.
I can't seem to find a solution to this and i've looked for similar threads too but no luck
Basically here's my code, when you click Update it's meant to display your current name in the form fields then you can overwrite them and submit the changes, however sadly it will not update, it only displays the originally set first name and last name and does not update the database so therefore not displaying the new set names.
<?php
include('../connect_db.php');
$res = mysqli_query($dbconnection, "SELECT * FROM users");
$row = mysqli_fetch_array($res);
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
$newFirst = $_POST['newFirst'];
$newLast = $_POST['newLast'];
$id = $_POST['id'];
$sql = "UPDATE users SET first_name='$newFirst', last_name='$newLast' WHERE id='$id'";
$res = mysqli_query($dbconnection, $sql);
}
?>
<div id="editSection">
<h3>Edit Details</h3>
<form action="edit_profile.php" method="POST">
<input type="hidden" value="<?php echo $row[0];?>" name="id"/>
<h2>First Name</h2>
<input type="text" name="newFirst" value="<?php echo $row[1];?>">
<h2>Last Name</h2>
<input type="text" name="newLast" value="<?php echo $row[2];?>">
<input type="submit" value="Update">
</form>
</div>
Any help would be greatly appreciated :)
Kind Regards
~ Matt
You have to connect to DB before updating.so use
$con=mysqli_connect("localhost","my_user","my_password","my_db");
There are several other errors like you have to make $POST['newFirst'] as $_POST['newFirst'] like this
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
And change the query to
$sql = "UPDATE users SET first_name='$newFirst',last_name='$newLast' WHERE id= '$id'";
beacuse you have error at end of query id='first_name='$id' which is wrong
I see some error in the query
$sql = "UPDATE users SET first_name='$newFirst',
last_name='$newLast' WHERE id='first_name='$id'";
should be
$sql = "UPDATE users SET first_name='$newFirst',
last_name='$newLast' WHERE id= '$id'";
also
if(isset($POST['newFirst']) && isset($POST['newLast'])){
should be
if(isset($_POST['newFirst']) && isset($_POST['newLast'])){
You are using $POST wrong in your if-condition.
It must be called $_POST[..].
Also you should take a look at your WHERE in your update query.
I think you mean: WHERE id= '$id'
You should get your id from $_POST['id']; which is your row ID i suppose and also the update query must be where id=$id.
$id = $_POST['id'];
$sql = "UPDATE users SET first_name='$newFirst', last_name='$newLast' WHERE id=$id";
Also have you checked in DB after the update? the row[0], row[1], row[2] used will have old set of values used during select before the update happened. can you have the mysqli_fetch_array($res) after the update call?
I'm building a simple bug tracker tool.
When you've created a project, you can select a project status (open, in progress, finished).
You can change this status on the project page with this select form, :
<form action="classes/changestatus.class.php" method="post">
<label> Change Project Status </label>
<select name="status" id="status">
<option value="open">Open</option>
<option value="inprogress">In Progress</option>
<option value="finished">Finished</option>
</select>
<input class="small button" value="Change Status" type="submit">
</form>
The form posts the action to this class:
$status = $_POST['status'];
$sql = "UPDATE INTO projects ( status ) VALUES ('$status')";
$result = mysql_query( $sql );
$result = mysql_real_escape_string( $sql );
$latestID = mysql_insert_id();
if ( $result ) {
header('Location: ../projectpage.php?id='.$latestID);
} else {
echo "There is something wrong. Try again later.";
}
mysql_close();
So, when you submit the form it will run the query above and go back to the project page, with the changed project status, but this doesn't work.
I always get redirected to the wrong project page and the data doesn't update in the mysql table.
The problem is that I can't get the id, when I have this link for example 'projectpage?id=20', it always redirects me to 'projectpage?id=0'.
Can anyone help me ? I know the code isn't fully sql injection proof and I don't use mysqli, I just like to have an anwser on my question.
Thanks!
You're not keeping the $id so the this data isn't being transferred. on your form use:
<input type='hidden' name='hdnID' value="<?php echo $id;?>">
<input class="small button" value="Change Status" type="submit">
Then on your form use:
$status = $_POST['status'];
$id = $_POST['hdnID'];
Try This,
$sql="UPDATE projects SET status = '$status', id = LAST_INSERT_ID(id)";
$latestID = mysql_insert_id();
It will works for you.
Use
$sql="UPDATE projects SET status = '$status'";
And mysql_insert_id will only work when an INSERT query is executed.You need an id to update it or either to redirect it...If you are giving id then you can do like
$sql="UPDATE projects SET status = '$status' WHERE id = $id";
And redirection will be like
header('Location: ../projectpage.php?id='.$id);