So here is goes. I have a website that has a login. Upon a successful login, a session variable called user is created which contains an array of the userid, username, email and so on. Then from there I have links to other pages. What is giving me trouble is that I have a page called membership.php. This page does a select query for the userid, username, email and generates a table with all of the users. There is also a submit button beside each user that is entitled "Edit". When this button is clicked it redirects to a page edit_account.php. My goal here is when i click on the edit button, a session variable is created containing the userid of that specific user. Then when it redirects to the edit_account.php page I can use that session as part of my select statement to gather data from the table and then edit that users details. Below is a snipit of my code so you can see what I am talking about.
<?php
// First we execute our common code to connection to the database and start the session
require("common.php");
// At the top of the page we check to see whether the user is logged in or not
if(empty($_SESSION['user']))
{
// If they are not, we redirect them to the login page.
header("Location: ../../index.php");
// Remember that this die statement is absolutely critical. Without it,
// people can view your members-only content without logging in.
die("Redirecting to index.php");
}
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$query = "
SELECT
id,
roleid,
username,
email
FROM user
";
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$stmt->execute();
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetchAll();
if (isset($_POST['Edit'])) {
$_SESSION['id'] = $_POST['id'];
header("Location: edit_account.php");
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Registration</title>
<link href="../../css/default.css" rel="stylesheet" type="text/css" />
</head>
<div id="container">
<div id="header">
<h1>
</h1>
</div>
<div id="navigation">
<ul>
<li>Home</li>
<li>About</li>
<li>Services</li>
<li>Contact us</li>
<li>Logout</li>
</ul>
</div>
<div id="content">
<h2>
Users
</h2>
<form action="" method="post">
<table border="0" align="left" cellpadding="25px">
<tr>
<th>ID</th>
<th>Role ID</th>
<th>Username</th>
<th>E-Mail Address</th>
</tr>
<?php foreach($rows as $row): ?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['roleid']; ?></td> <!-- htmlentities is not needed here because $row['id'] is always an integer -->
<td><?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?></td>
<td><input name="Edit" type="submit" value="Edit" /></td>
<td><input name="id" type="hidden" value="<?php echo $row['id']; ?>" /></td>
</tr>
<?php
endforeach;
?>
</tr>
</table>
</form>
</div>
<div id="footer">
Copyright © 2013
</div>
</div>
<body>
</body>
</html>
I believe the problem resides in the block of code:
if (isset($_POST['Edit'])) {
$_SESSION['id'] = $row['id'];
header("Location: edit_account.php");
}
But I have tried many things and nothing seems to work. Also on edit_account.php page I have this code at the top:
echo '<pre>';
var_dump($_SESSION);
echo '</pre>';
which spits out everything in the session variable. When I select the submit button and it redirects, this is the output of the above code.
array(2) {
["user"]=>
array(4) {
["id"]=>
string(1) "1"
["username"]=>
string(5) "admin"
["roleid"]=>
string(1) "1"
["email"]=>
string(15) "admin#admin.com"
}
["id"]=>
NULL
}
Thank you in advance for the help. Anything is greatly appreciated.
The main problem is that you're basically building a form that looks (stripping out all the fluff html):
<form>
<input name="Edit" type="submit" value="Edit" />
<input name="id" type="hidden" value="foo" />
<input name="Edit" type="submit" value="Edit" />
<input name="id" type="hidden" value="bar" />
<input name="Edit" type="submit" value="Edit" />
<input name="id" type="hidden" value="baz" />
etc...
</form>
There's just ONE form, with multiple submit buttons, and multiple copies of the same hidden field with the same name. As such, PHP will use the LAST hidden id value to populate $_POST with. There is NO way for PHP to tell which of the many submit buttons was clicked, or that it should try to use the id value next to that one particular submit button - that's not how HTTP forms work.
You need something more like this:
<table>
<tr><td><form><input type="hidden" name="id" value="foo"><input type="submit"></form></td></tr>
<tr><td><form><input type="hidden" name="id" value="bar"><input type="submit"></form></td></tr>
<tr><td><form><input type="hidden" name="id" value="baz"><input type="submit"></form></td></tr>
etc..
</table>
Note now EACH row has its OWN form, with one submit button and one hidden field within. This way, only that ONE hidden field is submitted, and you'll get the proper id value showing up in your PHP code.
put form code in each table row not on the whole table a single form.
another problem is u login from admin account and u are making changes of the admin session variable so declare another session variable for it.
or u can also put the update code at the starting of the page that either the form is submited so update the user data than no need of making changes in the session variable.
This is great. Thank you Marc B. Exactly what I was looking for. This is the html code:
<?php foreach($rows as $row): ?>
<tr>
<td> <form action="" method="post"> <?php echo $row['id']; ?> </form> </td>
<td> <form action="" method="post"> <?php echo $row['roleid']; ?> </form> </td>
<td> <form action="" method="post"> <?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?> </form> </td>
<td> <form action="" method="post"> <?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?> </form> </td>
<td> <form action="" method="post"> <input name="Edit" type="submit" value="Edit" /> <input name="id" type="hidden" value="<?php echo $row['id']; ?>" /> </form> </td>
</tr>
<?php endforeach; ?>
And I can successfully set a session using:
if (isset($_POST['Edit'])) {
$_SESSION['id'] = $_POST['id'];
header("Location: edit_account.php");
}
But it seems I have ran into another problem:( I also want to add a delete button on each row to delete that user account. Right now this is how it looks:
<td> <form action="" method="post"> <input name="Delete" type="submit" value="Delete" /> <input name="id" type="hidden" value="<?php echo $row['id']; ?>" /> </form> </td>
And the php code used is:
if (isset($_POST['Delete'])) {
// Everything below this point in the file is secured by the login system
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$query = "
DELETE
FROM user
WHERE
id = :id
";
// The parameter values
$query_params = array(
':id' => $_POST['id']
);
try
{
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex)
{
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetch();
// This redirects the user back to the members-only page after they register
header("Location: ../adminindex.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to adminindex.php.php");
}
My problem is the redirection. When I click on the Delete button it actually runs the query but afterwards it just redirects to memberlist.php but the page is blank!? Why would this be happening? Is there something I am missing?I have tried changing the header location with no success. Thanks for the help!
Related
I am trying to teach myself PHP. I want to know how to interact with a database and insert data from a website and to display the data back into a table on the webpage.
I am trying to let the user edit the results or have them shown in an input box. This way, the user can edit the data and send it back to the database. But, I am stuck. I have tried different ways and none of them seem to work. I'm opened to suggestions.
The bookingid is what the user picks.
I know all table names are not that good but I am learning.
$query = "SELECT * FROM Trip_Booked Where bookingId = $bookingid";
//executes the query
$result = mysqli_query($db,$query);
// create table and display top row
echo "<td>".$row['email']."</td>";
echo "<div align='center'>";
echo "<table cellpadding=2 border=1>";
echo "<tr>";
echo "<td><strong>booking ID</strong></td>";
echo "<td><strong>boatdate</strong></td>";
echo "<td><strong>fromdate</strong></td>";
echo "<td><strong>saleto</strong></td>";
echo "<td><strong>salefrom</strong></td>";
echo "<td><strong>NoOfAdults</strong></td>";
echo "<td><strong>NoOfWheelchair</strong></td>";
echo "<td><strong>NoUnder2</strong></td>";
echo "<td><strong>NoChild3–10</strong></td>";
echo "<td><strong>NoChild11–16</strong></td>";
echo "<td><strong>TotalPassgers</strong></td>";
echo "</tr>";
// print each record one after another
while($row = mysqli_fetch_assoc($result))
{
echo "<tr>";
echo "<td>".$row['bookingId']."</td>";
echo "<td>".$row['boatDate']."</td>";
echo "<td>".$row['fromDate']."</td>";
echo "<td>".$row['saleto']."</td>";
echo "<td>".$row['salefrom']."</td>";
echo "<td>".$row['NoOfAdults']."</td>";
echo "<td>".$row['NoOfWheelchair']."</td>";
echo "<td>".$row['NoUnder2']."</td>";
echo "<td>".$row['NoChild3–10']."</td>";
echo "<td>".$row['NoChild11–16']."</td>";
echo "<td>".$row['TotalPassgers']."</td>";
echo "</tr>";
}
echo "</table>";
echo "</div>";
?>
I would like the result be shown in an input box for the user to edit as it will go in a table and check it is pulling the right information from the database.
A very simplified example; double check mysqli usage because I don't use mysqli...
Things to take note of:
Use prepared statements. period.
A common practice is to do all your script stuff, then output HTML. Don't mix logic with presentation.
Pay attention to whether a variable is GET or POST. The reason I used both GET and POST is because I use GET to display a specific record; but POST is used for anything that changes a record.
I use camelCase for variables but lowercase for #id. Just be aware of it, that can be confusing if you're not aware.
I first check if this is a request to update the record. If it is, do the update, then redirect back to the same page in order to prevent resubmissions. (This is only possible if no output has been sent. See point 2)
Using the <?= ?> format is personal preference; I like it because it keeps the HTML code cleaner and makes the PHP as unobtrusive as possible.
Using <form method='{GET | POST}'> with no action simply sends back to the same URL.
// Create connection
$db = new mysqli($servername, $username, $password, $dbname);
// Check connection
if ($db->connect_error) {
die("Connection failed: " . $db->connect_error);
}
// first, take action on POST results if this is an update
if($_POST['action']=='update') {
// use prepared query to avoid SQL injection
$query = "UPDATE Trip_Booked SET boatDate=?, fromDate=?, saleto=?, salefrom=?, NoOfAdults=?, NoOfWheelchair=?, NoUnder2=?, NoChild3_10=?, NoChild11_16=?, TotalPassgers=? WHERE bookingId=?";
$result = $db->prepare($query);
$result->bind_param("ssssiiiiiii", $_POST['boatDate'],$_POST_['fromDate'],$_POST_['saleto'],$_POST_['salefrom'],$_POST_['NoOfAdults'],$_POST_['NoOfWheelchair'],$_POST_['NoUnder2'],$_POST_['NoChild3_10'],$_POST_['NoChild11_16'],$_POST_['TotalPassgers'],$_POST['bookingId']);
$result->execute();
// since we don't want post data resent on back button press, redirect back to this page (change url to match)
header("Location: http://www.example.com/?bookingId=" . $POST['bookingId']);
exit;
}
// if not an update, but we do have the booking ID, find the row using BookingId
// use prepared query to avoid SQL injection
if($_GET['bookingId']) {
$query = "SELECT * FROM Trip_Booked Where bookingId = ?";
$result = $db->prepare($query);
$result->bind_param("s", $_GET['bookingId']);
$result->execute();
}
Now, we have everything we need to output the HTML. Remember, PHP is a templating language, so don't be afraid to use it as such.
<!-- language: lang-html -->
// continuing from above
?><html>
<head>
<title>Edit a Booking</title>
</head>
<body>
<h1>Choose a Page</h1>
<form method="get">
<label for="bookingid">Page</label><input type="text" id="bookingid" name="bookingId" />
<input type="submit" value="Go to page" />
</form>
<?php if($_GET['bookingId']): ?>
<!-- better way to enter values: -->
<!-- <div><label for="fieldname">Label</label><input type="text" id="fieldname" name="fieldname" value="{value}" /></div> -->
<h1>Edit Fields</h1>
<form method="post">
<input type="hidden" name="action" value="update" />
<input type="hidden" name="bookingId" value="<?= htmlentities($_GET['bookingId']) ?>" />
<table>
<thead>
<tr>
<th>bookingId</th>
<th>boatDate</th>
<th>fromDate</th>
<th>saleto</th>
<th>salefrom</th>
<th>NoOfAdults</th>
<th>NoOfWheelchair</th>
<th>NoUnder2</th>
<th>NoChild3_10</th>
<th>NoChild11_16</th>
<th>TotalPassgers</th>
</tr>
</thead>
<tbody>
<!-- since this is an edit of only one record, you could use 'if' instead of 'while' -->
<?php while($row = $result->fetch_object())): ?>
<tr>
<th><input type="text" name="bookingId" value="<?= $row->bookingId ?>" /></th>
<th><input type="text" name="boatDate" value="<?= $row->boatDate ?>" /></th>
<th><input type="text" name="fromDate" value="<?= $row->fromDate ?>" /></th>
<th><input type="text" name="saleto" value="<?= $row->saleto ?>" /></th>
<th><input type="text" name="salefrom" value="<?= $row->salefrom ?>" /></th>
<th><input type="text" name="NoOfAdults" value="<?= $row->NoOfAdults ?>" /></th>
<th><input type="text" name="NoOfWheelchair" value="<?= $row->NoOfWheelchair ?>" /></th>
<th><input type="text" name="NoUnder2" value="<?= $row->NoUnder2 ?>" /></th>
<th><input type="text" name="NoChild3_10" value="<?= $row->NoChild3_10 ?>" /></th>
<th><input type="text" name="NoChild11_16" value="<?= $row->NoChild11_16 ?>" /></th>
<th><input type="text" name="TotalPassgers" value="<?= $row->TotalPassgers ?>" /></th>
</tr>
<?php endwhile; ?>
</tbody>
</table>
<input type="submit" value="Edit" />
</form>
<?php endif; ?>
</body>
</html>
You need to output the data into the input fields you want. Small example:
<input type="hidden" name="bookingId" value="<?php echo $row["bookingId"];?>" />
<input type="text" name="NoOfAdults" value="<?php echo $row["NoOfAdults"];?>" />
Using a form action of POST you can then run the UPDATE query using the $_POST['NoOfAdults'] and using the $_POST['bookingId'] as the WHERE
this is probaly an easy one, but I just cant seem to figure it out. I've tried googling for this aswell, but without any luck to my particular problem...
What I want, is that the radio selection gets remembered two times (kinda), it remembers after the first time I click submit. But when I click submit again on my next page, it wont remember the value.
Well, I want all the information stored in my database pretty much..
Thanks!
EDIT 1: Oh yeah, the thing that does not go into my database is "valgt_skap" or in other words "radios", everthing else works fine.
Bokssvar.php
<html>
<head>
<link rel="stylesheet" type="text/css" href="style2.css?<?php echo time(); ?>" />
<title>Registrering</title>
</head>
<body>
<?php
if(isset($_SESSION['boxfeil'])) echo $_SESSION['boxfeil'];
unset($_SESSION['boxfeil']);
?>
<form action="bestilt.php" method="post" name="inputform_Field">
<table id="valgt_skap_tabell" class="bokssvartabell">
<tr>
<td>Valgt skap</td>
</tr>
<tr>
<td>
<input class="bokssvarskjema" type="text" name="valgt_skap" disabled value= <?php
if(isset(($_POST['radios']))){
echo ($_POST['radios']);
} else {
header('location: index.php');
} ?>>
</td>
</tr>
</table>
<table id="opplysninger_tabell" class="bokssvartabell">
<tr>
<td>Fornavn:</td>
<td>Etternavn:</td>
<td>Telefon:</td>
<td>E-post:</td>
<td>Elev Nummer:</td>
</tr>
<tr>
<td><input type="text" name="Fornavn_nm" id="fornavn_check"></td>
<td><input type="text" name="Etternavn_nm" id="etternavn_check"></td>
<td><input type="text" name="Telefon_nm" id="telefon_check" maxlength=8></td>
<td><input type="text" name="E-post_nm" id="epost_check"></td>
<td><input type="text" name="Elevnummer_nm" id="elevnr_check"></td>
</tr>
</table>
<div style="text-align:center;">
<button id="bestill_skap" type="submit" name="bestill_Skap">Bestill skap</button>
</div>
</form>
</body>
bestilt.php
<?php
require 'connectdb.php';
$inputFornavn_check = $_POST['Fornavn_nm'];
$inputEtternavn_check = $_POST['Etternavn_nm'];
$inputTelefon_check = $_POST['Telefon_nm'];
$inputEpost_check = $_POST['E-post_nm'];
$inputElevnr_check = $_POST['Elevnummer_nm'];
$inputSkap_check = $_POST['valgt_skap'];
$insertInfo_query = "INSERT INTO elever (Fornavn, Etternavn, Telefon, Epost, ElevNr, Skap)
VALUES ('$inputFornavn_check' , '$inputEtternavn_check' , '$inputTelefon_check' , '$inputEpost_check' , '$inputElevnr_check' , '$inputSkap_check')";
$connect_DB->query($insertInfo_query);
?>
Try using sessions to store the value. First use session_start(), then store in $_session['fieldname']=value. Then you can use it in the preceding pages.
On the second page, receive the value and put it on a hidden form element.
<form>
...
<input type="hidden" name="valgt_skap" value="$radioValue">
...
</form>
This element is not shown on the page, although it's present and submited with the form.
I am trying to update a Mysql row based on value passed to url of a page.
But i am getting an error Notice: Undefined index: id_store in C:\xampp\htdocs\store\php\update.php on line 29 when i submit the button in html form.
Here is my code:
<?php
require 'db.php';
if(isset($_GET['id_store'])){
$id_store=$_GET['id_store'];
$sql ="SELECT store_name,heading FROM store ORDER BY id_store='$id_store'";
$result = $conn->query($sql);
$row = $result->fetch_assoc();
$store_name = $row['store_name'];
$heading = $row['heading'];
}
if(isset($_POST['btn-update']))
{
// variables for input data
$store_name_ = $_POST['store_name'];
$heading_ = $_POST['heading'];
// variables for input data
$id=$_GET['id_store'];
// sql query for update data into database
$sql_query = "UPDATE store SET store_name='$store_name_',heading='$heading_' WHERE id_store='$id'";
$conn->query($sql_query);
// sql query for update data into database
}
?>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>CRUD Operations With PHP and MySql - By Cleartuts</title>
</head>
<body>
<center>
<div >
<form method="post" action="update.php">
<table align="center">
<tr>
<td><input type="text" name="store_name" placeholder="Store Name" value="<?php echo $store_name; ?>" required /></td>
</tr>
<tr>
<td><input type="text" name="heading" placeholder="Store Heading" value="<?php echo $heading; ?>" required /></td>
</tr>
<tr>
<td>
<button type="submit" name="btn-update"><strong>UPDATE</strong></button>
</td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>
I am getting an error at line $id=$_GET['id_store'];
I think when I submit then button the form is directed to update.php without id_store due to which SQL query gets null value. Is there any thing that i need to change?
Note:
Make sure that there is an id_store value in your URL.
Your first query is wrong. You are using ORDER BY like a WHERE.
You try to update and submit the page, but you didn't pass the id_store. Your form will go to update.php. Remove the URL attribute in your ACTION.
Revised select query code:
$sql ="SELECT store_name,heading FROM store WHERE id_store='$id_store' ORDER BY id_store";
Your form should be:
<form method="post" action="">
So that when your from localhost/store/php/update.php?id_store=36, and you press the submit button, it will still go to localhost/store/php/update.php?id_store=36, instead of just localhost/store/php/update.php.
After you submit, the undefine error will be gone because you retain the id_store in your URL.
And inside your isset(), so that user can't refresh the page and re-submit the form, just put this before the closing bracket:
header("LOCATION:update.php?id_store=".$_GET["id_store"]);
Please check these errors:-
Your all coding stuff along with form code is in one file then why you give action. Remove action attribute from your form.
form method is POST but you are using $_GET change it to $_POST every where you use that.
Also change query like this:-
$sql ="SELECT store_name,heading FROM store WHERE id_store='$id_store' ORDER BY id_store";
Note:- check and do all this thing and tell what happen
So I've searched through some posts, and I've seen that I can't use a HTML form within another HTML form.
Like:
<form method="post" action="x.php">
<input type="..."/>
<form method="post" action="x.php">
<input type="..."/>
</form>
</form>
Ok, but my problem is that I want to make a different page, which contains HTML code like this:
<?php
if(isset($_GET['vote']) && $_GET['vote']=='yes'){
echo 'vote successfully inserted';
}
# gets the email value from MAIN form
$email = isset($_POST['email'] : $_POST['email'] : NULL;
#grab the infos from bd for the user with that email,
$stmt = $db->prepare('SELECT name,email,vote FROM tbl WHERE email=:e');
$stmt->execute(array(':e'=>$email));
while($row = $stmt->fetch(PDO::FETCH_OBJ)){
if($row->vote == 'no'){ # IF THE USER DIDN'T VOTED, THEN
if(isset($_POST['vote'])){ # IF THE <a> IS PRESSED, UPDATE DB
$sql = "UPDATE tbl SET vote='yes' WHERE email=:e";
$s = $db->prepare($sql);
$s->execute(array(':e'=>$email));
}
}
?>
<table>
<tr>
<td>Name</td>
<td>Email</td>
<td>Address</td>
<td>Vote</td>
</tr>
<tr>
<td><?php echo $row->name;?></td>
<td><?php echo $row->email;?></td>
<td><?php echo $row->address;?></td>
<td>
<form method="POST" action="" id="SECOND">
VOTE!
</form>
</td>
</tr>
</table>
<?php } // end while() ?>
Then, under this <table>, I have another form:
<form action="" method="POST" id="MAIN>
<input type="text" name="email" placeholder="email"><br/>
<input type="submit" value="Login" name="submit"/>
</form>
The project is about a electoral campaign, where a user can 'login' with this email address, and submit his vote.
So,
when the user requests the page, the MAIN form will pop-up, he will fill in his email, and will press submit.
he is redirected to the same page (I'm hiding the MAIN form), and the table will pop-up.
now, the user can select his favorite candidate, and press on the <a> link - his vote will be stored in db, updating the vote field from, initially 'no' to 'yes'.
Now, the prob is that when the <a> link is pressed, the update in the db doesn't take place.
The reason the link doesn't update the database is because the form is not being submitted. Change the to an
<input type="submit" value="VOTE!">
I have a slight problem with my php script. I have a table that generates rows populated by a MySql statement.
At the last column I have a button for edit, and delete. My problem is when I hit delete, the query works successfully but it redirects me to a blank page!
The header location is correct but when I hit delete it stays on the current page, but it is just a plain white page.
<?php foreach($rows as $row): ?>
<tr>
<td>
<form action="" method="post"> <?php echo $row['id']; ?> </form>
</td>
<td>
<form action="" method="post"> <?php echo $row['roleid']; ?> </form>
</td>
<td>
<form action="" method="post">
<?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?>
</form>
</td>
<td>
<form action="" method="post">
<?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?>
</form>
</td>
<td>
<form action="" method="post">
<input name="Edit" type="submit" value="Edit" />
<input name="id" type="hidden" value="<?php echo $row['id']; ?>" />
</form>
</td>
</tr>
<?php endforeach; ?>
And I can successfully set a session using:
if (isset($_POST['Edit'])) {
$_SESSION['id'] = $_POST['id'];
header("Location: edit_account.php");
}
But it seems I have ran into another problem:( I also want to add a delete button on each row to delete that user account. Right now this is how it looks:
<td> <form action="" method="post">
<input name="Delete" type="submit" value="Delete" />
<input name="id" type="hidden" value="<?php echo $row['id']; ?>" />
</form> </td>
And the php code used is:
if (isset($_POST['Delete'])) {
// Everything below this point in the file is secured by the login system
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$query = "
DELETE
FROM user
WHERE
id = :id
";
// The parameter values
$query_params = array( ':id' => $_POST['id'] );
try {
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex) {
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetch();
// This redirects the user back to the members-only page after they register
header("Location: ../adminindex.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to adminindex.php.php");
}
My problem is the redirection! When I click on the Delete button it actually runs the query but afterwards it just redirects to memberlist.php but the page is blank!?
Why would this be happening? Is there something I am missing?I have tried changing the header location with no success.
Thanks for the help!
die("Redirecting to adminindex.php.php"); ??
Why don't you use a switch?
like this:
switch($action){
case 'delete':
//your code here
break;
case 'edit':
//your code here
break;
}
and to do the delete button:
echo $row['username'] ."<img src=some fancy img>";