I'm trying to display data from my database table selected from a 'date'.
The query executes, but when I echo I don't get any result. Could you please help me with this?
<?php include 'includes/connection.php'; ?>
<html>
<head>
<title> </title>
</head>
<body>
<?php
if(isset($_POST['submitted'])){
$sql = "SELECT * FROM dagtaken WHERE datum = $_POST[datum]";
$result = mysql_query($sql) or die (mysql_error());
while ($row = mysql_fetch_array($result)){
echo $row['aantal'];
}
}else{
?>
<form action='' method='POST'>
<p><input type="date" name="datum"></p>
<p><input type='submit' value='Dagtaak toevoegen' />
<input type='hidden' value='1' name='submitted' /></p>
</form>
<?php } ?>
</body>
</html>
The query shouldn't execute, since dates are very obviously strings and require quotes. That said...
Try this:
mysql_query("SLEECT * FROM `dagtaken` WHERE `datum`='".mysql_real_escape_string($_POST['datum'])."'");
Now on to the actual problem, you are checking if(isset($_POST['submitted'])), but nowhere do I see <input name="submitted" in your source (EDIT Never mind, it has a stupid amount of whitespace pushing it off the edge). Try if(isset($_POST['datum'])), since that's the variable you actually use.
You haven't named your submit button, so your PHP code never kicks in. Don't check for form fields when all you really need is to check if a POST has occured.
Quick fix for you code:
<input type="submit" name="submitted" value="Dagtaak toevoegen" />
^^^^^^^^^^^^^^^^^
Better fix:
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
your code here ...
}
First, Escape your data. SQL injection is now very easy
Second, do you have data in your database?
Try print_r($row) instead of echo $row...
$_POST is with quotes...=> $_POST["datum"]
Last addition, is your date the same as your input?
Related
hi guys im just trying to get the value of selected radio button but it doesnt work help me guys pls. how can i get the selected radio button value tnx in advance :)
<html>
<head>
<title>asdad</title>
</head>
<body>
<form method = "POST">
<?php
$con=mysql_connect('localhost','root','') or die(mysql_error());
mysql_select_db('aclc_esys') or die("cannot select DB");
session_start();
$query=mysql_query("SELECT * FROM add_student_subject WHERE student_id = '".$_SESSION['sess_stud_id']."'");
while($row=mysql_fetch_array($query)){
?>
<input type="radio" name="subj" value="<?php$roww['subject_name']?>">
<?php
echo $row['subject_name']."<br />";
}
?>
<input type="submit" value="Submit Evaluation" name="submiteval" />
<?php
if(isset($_POST["submiteval"])){
echo $_POST['subj'];
}
?>
</form>
</body>
</html>
You have misspelled row and you forgot to echo.
Instead of:
<?php$roww['subject_name']?>
Try:
<?php echo $row['subject_name']; ?>
Also give at form element an id attribute.
It is very important to use mysqli_* functions not mysql_* ones (they are deprecated) or even better PDO. At least sanitize and validate your inputs so your data will be as valid as you can.
So, I have a page with a bunch of workorders on it. Each workorder is a row in a single table, and gets put on the page with a while() statement.
I'm trying to update each row with a simple form that I put inside the while(), and an UPDATE/WHERE statement to actually add the information to the table.
Instead of adding it to the specific row, it adds it to Every row. The only thing I can think of is that my WHERE condition is wrong, but I can't seem to figure it out. Maybe it just needs fresh eyes, or maybe I'm heading in Completely the wrong direction.
Also, any specific instructions on security, a better way to do it, etc. would be very helpful. I'm learning PHP on the fly and could use a helping hand. :)
<?php
$query = "SELECT * FROM client_information";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
$which_ad = $row['ID'];?>
<b>Name:</b> <? echo $row['billing_name']; ?> <br>
<b>Job Type:</b> <? echo $row['job_type']; ?> <br>
<b>Size:</b> <? echo $row['size']; ?> <br>
<b>Text:</b> <? echo $row['text']; ?> <br>
<b>Notes:</b> <? echo $notes; ?> <br>
<br><br>
<form action="small_update.php" method="POST">
<strong>Email Message:</strong><br>
<textarea rows="8" cols="60" name="email_message"></textarea>
<input type="submit" name="submit" value="Submit"></form>
<?
$email_message = htmlspecialchars ("{$_POST['email_message']}", ENT_QUOTES);
if (mysql_errno() != 0) {
die(mysql_error());
}
mysql_query(
"UPDATE client_information
SET email_message='$email_message'
WHERE ID='$which_ad'"
);
if (mysql_errno() != 0) {
die(mysql_error());
}
}
?>
You don't specify the id in your form:
<form action="small_update.php" method="POST">
<strong>Email Message:</strong><br>
<textarea rows="8" cols="60" name="email_message"></textarea>
<input type="hidden" name="id" value="<?php echo $which_ad; ?>">
<input type="submit" name="submit" value="Submit">
</form>
you need to also make sure you know what id was submitted:
"UPDATE client_information
SET email_message='$email_message'
WHERE ID='$_POST['id']'"
Of course, you're wide open to attacks like this as everyone else is saying. You need to look into mysqli or pdo to sanitize your input...
Ans also upon inspection you're evaluating your post data in the loop. Don't do that. Just do your evaluation before everything else is processed on the page...
<?php
if($_POST)
{
//run processing here
}
// do your fetch code here and display the forms...
why does my 'if if (isset($_POST['submit'])) not interact with mysql'
Please tell me, where do I go wrong, I've been over this a thousand times and checked the internet... It's a lot of code, but I think I have overseen something. I made the remarks for myself, so I would'nt forget something stupid as an ";".
Thanks in advance
http://appsolute.vacau.com/cms
<html>
<head>
<title>Milan CMS</title>
</head>
<body>
<?php
mysql_connect("mysql15.000webhost.com", "a96443****tjiran", "ev****89") or die(mysql_error()); //opening database
mysql_select_db("a9644326_app") or die(mysql_error());
$result = mysql_query("select * from milan") or die(mysql_error()); //get msql database into $result
$content = mysql_fetch_array ($result); // make $content represent current entry
?>
<form action="<?php echo $PHP_SELF;?>" method="post" name="trainingen">
<h3>Trainingen:</h3><p><textarea name="nametrainingen" rows="10" cols="60"><?php echo $content['value']; ?></textarea></p>
<input type="submit" value="Verzenden"><input type="reset" value="Veld leeg maken">
</form>
<?php
if (isset($_POST['submit']))
{ //test if submit button is clicked
mysql_query("DELETE FROM milan WHERE tag='trainingen'") or die(mysql_error()); //delete old entry
$input = $_POST['nametrainingen']; //set $input as current entry
mysql_query("INSERT INTO milan (tag, value) VALUES ('trainingen', '$input')") or die(mysql_error()); //set tag, value as trainingen and $input(current entry)
$result = mysql_query("select * from milan") or die(mysql_error()); //reset $result to new database
$content = mysql_fetch_array ($result); //make $content represent new entry
$myFile = "trainingen.json";
$fh = fopen($myFile, 'w') or die("can't open file");
fwrite($fh, json_encode($content));
fclose($fh);
}
?>
<p>
</body>
</html>
$_POST is a super-global array that contains an associative array of all the form elements that were submitted with the form. You don't have an input with name="submit", so your isset() fails.
<form action="<?php echo $_SERVER['PHP_SELF'];?>" method="post" name="trainingen">
not $PHP_SELF
There is no tag whose "name" attribute is "submit" in your code.
Replace:
<input type="submit" value="Verzenden">
with:
<input name="submit" type="submit" value="Verzenden">
Try
<input type="submit" name="submit" value="Verzenden">
But warning -your code is insecure. Search for SQL injections in google.
In your submit button <input type="submit" value="Verzenden">. You have missed name="submit".
It should be
<input type="submit" value="Verzenden" name="submit">
The submit button doesn't pass anything through to the form. To confirm that, you can try var_dump($_POST). A substitute for that call would be
if (count($_POST))
However, you can still get notices and failed mysql queries so you should instead do
if (isset($_POST['nametrainingen']))
I have a PHP generated form which consists of a list of items, each with a button next to them saying "Remove This" it outputs similar to below:
Item A - [Remove This]
Item B - [Remove This]
...
I wish to be able to click Remove This and it will detect which item it is, and then remove that from the database. Here's my code so far:
selectPlaces.php
<?php
include 'data.php';
mysql_connect($host, $user, $pass) or die ("Wrong Information");
mysql_select_db($db) or die("Wrong Database");
$result = mysql_query("SELECT * FROM reseller_addresses") or die ("Broken Query");
while($row = mysql_fetch_array($result)){
$placeName = stripslashes($row['b_name']);
$placeCode = stripslashes($row['b_code']);
$placeTown = stripslashes($row['b_town']);
$outputPlaces .= "<strong>$letter:</strong> $placeName, $placeTown, $placeCode <input type=\"button\" onclick=\"removePlace()\" value=\"Remove This\" /><br />";
}
mysql_close();
?>
Coupled with my admin.php
<div id="content" style="display:none">
Remove a Place<br><br>
<?php include 'selectPlaces.php'; echo $outputPlaces; ?>
</div>
I know I need to add some javascript to detect which button is clicked but I can't seem to get it working. I tried modifying the onclick="removePlace()" by perhaps passing a variable in the function removePlace(placeID) or something like that, but I'm new to JavaScript and I have no idea how to receive this in the removePlace function.
This seems easier to do without JavaScript. For each entry instead of generating just a button, generate a form that posts to a PHP script that does the deleting.
<form action="deletePlace.php?id=<?php echo $idOfThePlace?>">
<input type="submit" value="Remove This" />
</form>
$idOfThePlace would be the ID with you use to identify the data row.
You don't need JavaScript for that. Try running this example:
<?php var_dump($_POST); ?>
<form action="post.php" method="post">
<p>
<input type="submit" value="a" name="action" />
<input type="submit" value="b" name="action" />
</p>
</form>
You'll see that $_POST['action'] will depend on which button was pressed. For your example, you just need to set the value to identify the item that needs to be deleted. It might be useful to use the <button> element for that: <button name="delete" type="submit" value="12345">delete item 12345</button>. It'll show up as $_POST['delete'] with 12345 as value when submitted.
Trying to perform a very simple task here.
I have an <ol> that contains 4 rows of data in some handy <li>s. I want to add a delete button to remove the row from the table. The script in delete.php appears to have finished, but the row is never removed when I go back and check dashboard.php and PHPMyAdmin for the listing.
Here's the code for the delete button (inside PHP):
Print "<form action=delete.php method=POST><input name=".$info['ID']." type=hidden><input type=submit name=submit value=Remove></form>";
Moving on to delete.php:
<?
//initilize PHP
if($_POST['submit']) //If submit is hit
{
//then connect as user
//change user and password to your mySQL name and password
mysql_connect("mysql.***.com","***","***") or die(mysql_error());
//select which database you want to edit
mysql_select_db("shpdb") or die(mysql_error());
//convert all the posts to variables:
$id = $_POST['ID'];
$result=mysql_query("DELETE FROM savannah WHERE ID='$id'") or die(mysql_error());
//confirm
echo "Patient removed. <a href=dashboard.php>Return to Dashboard</a>";
}
?>
Database is: shpdb
Table is: savannah
Ideas?
It's refusing to stick because you're calling it one thing and getting it with another. Change:
"<input name=".$info['ID']." type=hidden>"
to
"<input name=ID value=".$info['ID']." type=hidden>"
because in delete.php you're trying to access it with:
$id = $_POST['ID'];
You should really quote attribute values as well ie:
print <<<END
form action="delete.php" method="post">
<input type="hidden" name="ID" value="$info[ID]">
<input type="submit" name="submit" value="Remove">
</form>
END;
or even:
?>
form action="delete.php" method="post">
<input type="hidden" name="ID" value="<?php echo $info['ID'] ?>">
<input type="submit" name="submit" value="Remove">
</form>
<?
Please, for the love of the web, don't built an SQL query yourself. Use PDO.
Just another point I'd like to make. I'm 95% sure that you can't give an input a numeric name/id attribute. It has to be like "id_1" not "1".
Also with php you can do arrays.
So you could do this
<input name="delete[2]">
then in your php
if(isset($_POST['delete']))
foreach($_POST['delete'] as $key=>$val)
if($_POST['delete'][$key]) delete from table where id = $val