hey i am new here any one can help me with this chunk of code in php and mysql
i know that this is a little mistake but i could not know where is the error and thank you.
this is the code :
//index.php
<html>
<head>
<title>Search for a user</title>
</head>
<body>
<h2> Search for a user below:</h2><br /><br />
<form action="profileprocess.php" method="get">
<table>
<tr>
<td>Username:</td><td><input type="text" id="username" name="username" /></td></tr>
<tr>
<td><input type="submit" name="submit" id="submit" value="View Profile" /></td>
</tr>
</table>
</form>
</body>
</html>
// profileprocess.php
<html>
<head>
<title><?php echo $username; ?> <?php echo $lastname; ?>s profile</title>
</head>
<body>
<?php
if(isset($_GET['username'])){
$username = $_GET['username'];
mysql_connect("localhost", "root", "") or die ("could not connect t the server");
mysql_select_db("users") or die("this database was not found");
$userquery = mysql_query("SELECT * FROM users WHERE username='$username'") or die("the query could be fale please try again");
if(mysql_num_rows($userquery) != 1){
die("that username could not be found!");
}
while($row = mysql_fetch_array($userquery, MYSQL_ASSOC)){
$firstname = $row['firstname'];
$lastname = $row['lastname'];
$email = $row['email'];
$dbusername = $row['username'];
$activated = $row['activated'];
$access = $row['access'];
}
if($username != $dbusername){
die ("there has been a fatal error please try again. ");
}
if($activated == 0){
$active = "this account has not been activated";
}else{
$active = "ths account has been activated";
}
if($access == 0){
$admin = "this user is not administrator";
}else{
$admin = "this user is an administrator";
}
?>
<h2><?php echo $username; ?> <?php echo $lastname; ?>s profile</h2>
<table>
<tr>
<td>firstname:</td><td><?php echo $firstname; ?></td>
</tr>
<tr>
<td>lastname:</td><td><?php echo $lastname; ?></td>
</tr>
<tr>
<td>email:</td><td><?php echo $email; ?></td>
</tr>
<tr>
<td>username:</td><td><?php echo $dbusername; ?></td>
</tr>
<tr>
<td>activated:</td><td><?php echo $active; ?></td>
</tr>
<tr>
<td>access:</td><td><?php echo $admin; ?></td>
</tr>
</table>
<?php
}else die("You need to specify a username!");
?>
</body>
</html>
//// any help????
I just run this code on my XAMPP server and it seems to work fine.
<html>
<head>
<title>Search for a user</title>
</head>
<body>
<h2> Search for a user below:</h2><br /><br />
<form action="" method="get">
<table>
<tr>
<td>Username:</td><td><input type="text" id="username" name="username" /></td></tr>
<tr>
<td><input type="submit" name="submit" id="submit" value="View Profile" /></td>
</tr>
</table>
</form>
</body>
</html>
<?php
if($_GET['username'] != ''){
echo $_GET['username'];
} else
die('doesnt work'); ?>
One problem i definitely see is that you have used echo at the start of the page and the query is not running. That is going to throw up errors.
Also, please tell us what the errors are, so that we can try and help you better.
Related
here is my index page.inserted all the data to the database and also show on the same page but the main problem is that on update.php page I can not retrieve the data
//that main problem is here and I can't be retrieved the data on this page and always sow that: Warning: mysql_fetch_array() expects parameter 1 to be resource, object given in C:\wamp\www\phonebook\update.php on line 12
index.php
<?php require_once('dbconnect.php'); ?>
<html>
<head>
<title> </title>
</head>
<body>
<h1> phone book </h1>
<form method="post">
<table>
<tr>
<td>fname </td><td> <input type="text" name="firstname" required /> </td>
</tr>
<tr>
<td>lname </td><td> <input type="text" name="lastname" required /> </td>
</tr>
<tr>
<td>mobile </td><td> <input type="text" name="mobile" required /> </td>
</tr>
</table>
<input type="submit" name="submit" value="submit" >
</form>
<!-- $$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$ show $$$$$$$$$$$$$$$$$$$$$$$$$$ -->
<br> data </br>
<table border="1">
<tr>
<th>id</th> <th>firstname</th> <th>lastname</th> <th>mobile</th><th>update</th><th>delete</th>
</tr>
<?php
$conn = mysqli_connect('localhost','root','','phonebook');
$show = mysqli_query($conn,"SELECT * FROM contacts");
while($row = mysqli_fetch_array($show))
{
?>
<tr>
<td><?php echo $row['id']; ?></td>
<td><?php echo $row['firstname']; ?></td>
<td><?php echo $row['lastname']; ?></td>
<td><?php echo $row['mobile']; ?></td>
<td>update</td>
<td><a href="delete.php?id=<?php echo $row['id']; ?>" onclick="return confirm('sure want to delete')" >delete</a></td>
</tr>
<?php } ?>
</table>
</body>
</html>
<?php
//require_once("function.php");
//$obj = new data();
if(isset($_POST{"submit"}))
{
//echo "<pre>";print_r($_POST);die;
$fname = $_POST['firstname'];
$lname = $_POST['lastname'];
$mobile = $_POST['mobile'];
//$obj->insert($fname,$lname,$mobile);
$connect = mysqli_connect('localhost','root','','phonebook');
$insert = mysqli_query($connect,"insert into contacts(firstname,lastname,mobile) values('".$fname."','".$lname."','".$mobile."')");
if ($insert)
{ ?>
<script> alert('record inserted'); </script>
<?php
}
else
{ ?>
<script> alert('record not inserted'); </script>
<?php
}
header('Location:index.php');
}
?>
update.php
//check the code here
<?php require_once('dbconnect.php');
if(isset($_GET['id']) && is_numeric($_GET['id']) )
{
$id=$_GET['id'];
}
?>
<?php
$conn = mysqli_connect('localhost','root','','phonebook');
$result=mysqli_query($conn,"SELECT * FROM contacts WHERE id='$id'");
$fetch=mysql_fetch_array($result);
//$conn = mysqli_connect('localhost','root','','phonebook');
//$show = mysqli_query($conn,"SELECT * FROM contacts");
//while($row = mysqli_fetch_array($show))
?>
<html>
<head>
<title>update page</title>
</head>
<body>
<form method="post" name="update" action="update.php">
<table>
<tr>
<td>fname </td><td> <input type="text" name="firstname" value= "<?php echo $fetch['firstname']; ?>" required /> </td>
</tr>
<tr>
<td>lname </td><td> <input type="text" name="lastname" value="<?php echo $fetch['lastname']; ?>" required /> </td>
</tr>
<tr>
<td>mobile </td><td> <input type="text" name="mobile" value= "<?php echo $fetch['mobile']; ?>" required /> </td>
</tr>
</table>
<input type="submit" name="submit" value="submit" >
</form>
</body>
</html>
Switch to using mysqli_fetch_array() (note the i) instead of mysql_fetch_array
try this:
$conn = mysqli_connect('localhost','root','','phonebook');
$result=mysqli_query($conn,"SELECT * FROM contacts WHERE id='$id'");
$fetch=mysqli_fetch_array($result);
You must not use mysql_*, it's deprecated. Use PDO or MySQLi instead
You shouldn't mix mysql_* and mysqli_*
Just create ONE mysqli instance instead of creating it for every file you have.
Maximize the use of variables too. This way you only have to change something once.
Please sanitize/escape user input before passing it into your SQL query. Otherwise your application is vulnerable to SQL injection attacks.
I have a form and successfully connect them to the database.
Now I'm trying to update the data. Unfortunately, nothing happened when I click the submit button. I'm sure I miss something. Please help me, thank you.
config.php :
<?php
$conn=odbc_connect("dsn", "", "");
if (!$conn)
{
exit("Connection Failed : " . $conn);
}
?>
This is my code :
<?php
include "config.php";
ini_set('error_reporting', E_ALL);
error_reporting(-1);
$sql = odbc_exec( $conn, "SELECT
UserId,
UserName,
UserEmail
FROM DBA.tblUser
WHERE UserId='".$_GET['UserId']."'");
if(isset($_POST['submit']))
{
$UserId=$_POST["UserId"];
$UserName=$_POST["UserName"];
$UserEmail=$_POST["UserEmail"];
//UPDATE
$stmt = odbc_exec( $conn,
"UPDATE DBA.tableUsers SET
UserName = '$UserName',
UserEmail ='$UserEmail'
WHERE UserId=$UserId");
if ($stmt) {
echo "Update Success";
echo $UserName;
echo $UserEmail;
} else {
"Error : " . odbc_errormsg();
}
}
?>
Form :
<form class="form" method="post">
<tr>
<td class = "userid">User ID</td>
<td><?php echo $UserId = odbc_result($sql,'UserId'); ?></td>
</tr>
<tr>
<td class = "name">User Name<span class="required"> * </span></td>
<td><input type="text" name="UserName" value="<?php echo $UserName = odbc_result($sql,'UserName'); ?>"></td>
</tr>
<tr>
<td class = "email">Email<span class="required"> * </span></td>
<td><input type="text" name="UserEmail" value="<?php echo $UserEmail = odbc_result($sql,'UserEmail'); ?>"></td>
</tr>
<button name="submit" type="submit" value ="submit" >Update</button>
</form>
Replace
$UserName=$_POST["UserName"];
With
$UserName=$_POST["UserId"];
Why? Simply because in your form, you have name as UserId and not UserName
<input type="text" name="UserId" value="<?php echo $UserName = odbc_result($sql,'UserName'); ?>"></td>
I managed to get the answer with the same concept and variable.
config.php :
<?php
$conn=odbc_connect("dsn", "", "");
if ($conn) {
echo "Connected";
}
if (!$conn) {
exit("Connection Failed : " . $conn);
}
?>
code :
<?php
include "config.php";
$sql = odbc_exec( $conn, "SELECT
UserId,
UserName,
UserEmail
FROM DBA.tblUser
WHERE UserId='".$_GET['UserId']."'");
if(isset($_POST['submit'])) {
$UserName=$_POST["UserName"];
$UserEmail=$_POST["UserEmail"];
$stmt = odbc_exec($conn,
"UPDATE DBA.tblUser SET
UserName = '$UserName',
UserEmail ='$UserEmail'
WHERE UserId='".$_GET['UserId']."'");
if ($stmt) {
echo "Update Successfull";
echo $UserName;
echo $UserEmail;
}
else {
"Error : " . odbc_errormsg();
}
}
?>
html :
<!DOCTYPE html>
<html>
<head>
<title>Administration</title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link rel="stylesheet" type="text/css" href="css/userpage.css" media="screen"/>
<body>
<content>
<div class="user-form">
<div class="user-form-heading">Update User</div><br>
<form class="form" method="post">
<h><table class ="user">
<!-- .................................. Updatable ....................................... -->
<tr>
<td class = "name">User Name<span class="required"> * </span></td>
<td><input type="text" name="UserName" value="<?php echo $UserName = odbc_result($sql,'UserName'); ?>"></td>
</tr>
<tr>
<td class = "userid">User Id</td>
<td><?php echo $UserId = odbc_result($sql,'UserId'); ?></td>
</tr>
<tr>
<td class = "email">Email<span class="required"> * </span></td>
<td><input type="text" name="UserEmail" value="<?php echo $UserEmail = odbc_result($sql,'UserEmail'); ?>"></td>
</tr>
<tr>
<td>
<f><button name="submit" type="submit" value ="submit" >UPDATE</button></f>
</table>
</form>
</div>
</content>
</body>
</head>
</html>
please help me solve this problem. I want to access content of a page only when Session is activated, else redirect user to activate session first. But when I redirect user to session page, it is stuck and cannot go back to content page. I am new here so please help me out from this problem.
<?php
session_start();
if(!isset($_SESSION['username'])){
echo "cookie is not activated" ;
header('Location: http://localhost/CC/Loginsession.php');
die;
}
else {
?>
<!doctype html>
<html>
<head>
<title>Update in PHP</title>
</head>
<body>
<?php
$servername="localhost";
$username="root";
$password="";
$conn=mysql_connect($servername,$username,$password);
if(!$conn ) {
die('Could not connect: ' . mysql_error());
}
$sq1 = 'select * from biodata';
mysql_select_db('firstdb');
$display=mysql_query($sq1,$conn);
if(!$display ) {
die('Could not get data: ' . mysql_error());
exit;
}
if (mysql_num_rows($display) == 0) {
echo "No rows found, nothing to print so am exiting";
exit;
}
?>
<table border="2" style= "background-color: #84ed86; color: #761a9b; margin: 0 auto;" >
<thead>
<tr>
<th>ID</th>
<th>Fname</th>
<th>Lname</th>
<th>Email</th>
<th>Phone</th>
<th>Message</th>
<th>Update</th>
</tr>
</thead>
<tbody>
<?php
while( $row = mysql_fetch_assoc( $display ) ){
echo
"<form method= 'post' />
<tr>
<td ><input name='UID' value='{$row['ID']}' readonly/></td>
<td ><input name='upfname' value='{$row['fname']}' /></td>
<td ><input name='uplname' value='{$row['lname']}' /></td>
<td ><input name='upemail' value='{$row['email']}' /></td>
<td ><input name='upphone' value='{$row['phone']}' /></td>
<td ><input name='upmessage' value='{$row['message']}' /></td>
<td><input type='Submit' name='update' value='Update' id='".$row["ID"]."' </td>
</tr>
</form>";
}
?>
</tbody>
</table>
<?php
if(isset($_REQUEST['update']))
{
$id = $_REQUEST['UID'];
$upfn = $_REQUEST['upfname'];
$upln = $_REQUEST['uplname'];
$upem = $_REQUEST['upemail'];
$upph = $_REQUEST['upphone'];
$upms = $_REQUEST['upmessage'];
$up="UPDATE biodata
SET
fname='$upfn',
lname='$upln',
email='$upem',
phone='$upph',
message='$upms'
WHERE ID = $id";
$updbb=mysql_query($up,$conn);
if($updbb){
header('Location: http://localhost/Prac/updateinsamepage.php');
}
}
}
?>
</body>
</html>>
and My session Login form code is here
<?php
session_start();
if(isset($_SESSION['username'])){
echo "Already registered as $_SESSION[username]" ;
}
else if($_SERVER['REQUEST_METHOD'] == 'POST'){
$uname=htmlentities($_POST['username']);
$pass=htmlentities($_POST['password']);
if(!empty($uname) && !empty($pass)) {
$_SESSION['username']=$uname;
echo "Thanks<br />" . "UserName: $uname " . "Password: $pass";
}
else{
echo "Please fill out the both fields";
}
}
else {
?>
<!doctype html>
<html>
<head>
<meta charset="utf-8">
<title>Loginsession</title>
</head>
<body>
<form method="post">
Username:<input type="text" id="username" name="username" /> <br /><br />
Password:<input type="password" id="password" name="password"/><br /><br />
<input type="hidden" name="hiddenvalue" value="<?php http://localhost/CC/Loginsession.php?username=overwritten ?>"/>
<input type="Submit" value="Login" name="Submit" id="submit" />
</form>
<?php }?>
<?php
session_unset();
session_destroy();
?>
</body>
</html>
You can try this script in place of header
echo '<script>window.location="localhost/CC/Loginsession.php"</script>';
I'm trying to update user profile with session. Suppose, the user profile page will update accordingly to the profile of the logged in user. Here's the sample code of user_profile.php:-
<?php
session_start();
ob_start();
include("../function/dbconnect.php");
include("header.php");
?>
<html>
<body>
<?php
if(isset($_SESSION['VALID_USER'])){
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."'");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='".mysql_real_escape_string($_SESSION["VALID_USER"])."' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);
?>
<form action="user_profile.php" method="POST">
<div>Your Profile</div>
<table border="0" align="center" cellpadding="2" cellspacing="0">
<tr>
<td><div>Username:</div></td>
<td><input type="text" name="username" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><div align="left" id="tb-name">Password:</div></td>
<td><input type="text" name="password" value="<?php echo $query2['password']; ?>" /></td>
</tr>
</table>
<input type="submit" name="submit" value="Update" />
</form>
<?php
// close while loop
}}
?>
<?php
// close connection;
mysql_close();
?>
</br>
</body>
</html>
The page returns blank. There are several other codes that I'm working on for the user_profile.php page too but, the results that I get are the same... I used below codes for admin to update user profile.
include('function/dbconnect.php');
if(isset($_GET['id']))
{
$id=$_GET['id'];
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$email = $_POST['email'];
$password = $_POST['password'];
$user_type = $_POST['user_type'];
$query3 = mysql_query("UPDATE tbl_staffs
SET username='$username', email='$email', password='$password', WHERE id='$id'");
if ($query3)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_list.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_list.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE id='$id'");
$query2=mysql_fetch_array($query1);
<form method="post">
<tr>
<td><b>Username:</b></td><td><input type="text" name="username" style="width:255px" value="<?php echo $query2['username']; ?>" /></td>
</tr>
<tr>
<td><b>Email:</b></td><td><input type="text" name="email" style="width:255px" value="<?php echo $query2['email']; ?>" /></td>
</tr>
<tr>
<td><b>Password:</b></td><td><input type="text" name="password" style="width:255px" value="<?php echo $query2['password']; ?>" /></td>
</tr>
<tr>
<td colspan="2" align="right">
<br />
<span title="Click to update the user details"><input type="submit" name="submit" value="Update" /></span>
</td>
</tr>
</table>
</form>
<?php
}
?>
Apparently, it works fine as it is. Though, when I tried to imply the codes for user so that they can update their own profile, the codes won't work. Where am I doing it wrong?
first check your session is exist or not and then replace ".mysql_real_escape_string($_SESSION["VALID_USER"])." in your query by a variable like
$VALID_USER=mysql_real_escape_string($_SESSION["VALID_USER"]);
if(isset($_POST['submit']))
{
$username = $_POST['username'];
$password = $_POST['password'];
$s=mysql_query("UPDATE tbl_staffs SET username='$username', password='$password' WHERE username='$VALID_USER");
if ($s)
{ echo "<script type='text/javascript'>alert('Successful - Record Updated!'); window.location.href = 'user_profile.php';</script>"; }
else
{ echo "<script type='text/javascript'>alert('Unsuccessful - ERROR!'); window.location.href = 'user_profile.php';</script>"; }
}
$query1=mysql_query("SELECT * FROM tbl_staffs WHERE username='$' AND user_levels = '".mysql_real_escape_string('1')."'");
$query2=mysql_fetch_array($query1);
In my login.php I store the username and the user id in sessions. After login the user selects their page and once they are lead to their page, they can select a lecturer name which needs to be only their name, not other's lecturer. I know that this lecturer name that is selected needs to be stored in a session. Afterwards, I have to match either with the user id or username so to control what the user can see. A problem is how to match these sessions from the login.php and the `lecturer.php. Should I create a separate file for the sessions?
login.php
<?php
require ('connect.php');
$username = $_POST['username'];
$password = $_POST['password'];
if (isset($_POST['submit'])) {
if ($username && $password) {
$check = mysql_query("SELECT * FROM users WHERE username='".$username."' AND password= '".$password."'");
$rows = mysql_num_rows($check);
if(mysql_num_rows($check) != 0){
session_start();
$run_login =mysql_fetch_array($check);
$uid = $run_login['id'];
$_SESSION['uid'] = $_POST['uid'];
$_SESSION['username']=$_POST['username'];
header("location:../../statistics/home.php");
}
else{
die("Could not find the Username or password.");
}
}
else {
echo "Please fill all the fields.";
}
}
?>
lecturer.php
<?php
include 'connect.php';
$year = mysql_real_escape_string($_POST['year']);
$lecturer = mysql_real_escape_string($_POST['lecturer']); // Don't forget to handle the SQL Injections ...
$years = array(
2005,
2006,
2007
);
$lecturers = array(
'dimopoulos',
'lagkas',
'kehagias',
'chrysochoou'
);
if(isset($_POST['submit'])){
if (in_array($lecturer, $lecturers) && in_array($year, $years)) {
$sql = "SELECT unit_name,a1,a2,a3,l1,l2,l3,l4,l5,l6,l7,lavg,r1,r2,u1,u2,u3 FROM $lecturer WHERE year=$year";
$result = mysql_query($sql);
}
else {
echo "No data found";
}
}
else{
echo "Please select";
}
?>
<html>
<head>
<link rel="stylesheet" type="text/css" href="../../statistics/style.css">
</head>
<body>
<div id="container">
<table id="table" width="900" border="1" cellspacing="1">
<tr>
<td>Unit Name</td>
<td>A1 </td>
<td>A2 </td>
<td>A3 </td>
<td>L1 </td>
<td>L2 </td>
<td>L3 </td>
<td>L4 </td>
<td>L5 </td>
<td>L6 </td>
<td>L7 </td>
<td>LAVG </td>
<td>R1 </td>
<td>R2 </td>
<td>U1 </td>
<td>U2 </td>
<td>U3 </td>
</tr>
<?php
while($unit=mysql_fetch_assoc($result)){
echo "<tr>";
echo "<td>".$unit['unit_name']."</td>";
echo "<td>".$unit['a1']."</td>";
echo "<td>".$unit['a2']."</td>";
echo "<td>".$unit['a3']."</td>";
echo "<td>".$unit['l1']."</td>";
echo "<td>".$unit['l2']."</td>";
echo "<td>".$unit['l3']."</td>";
echo "<td>".$unit['l4']."</td>";
echo "<td>".$unit['l5']."</td>";
echo "<td>".$unit['l6']."</td>";
echo "<td>".$unit['l7']."</td>";
echo "<td>".$unit['lavg']."</td>";
echo "<td>".$unit['r1']."</td>";
echo "<td>".$unit['r2']."</td>";
echo "<td>".$unit['u1']."</td>";
echo "<td>".$unit['u2']."</td>";
echo "<td>".$unit['u3']."</td>";
echo "</tr>";
}
?>
</table>
</div>
</body>
</html>
lecturerForm.php
<form name="myform" action="lecturer.php" method="POST" >
<b>Lecturers:<b/>
<select name="lecturer">
<option value="Choose">Please select..</option>
<?php
$sql=mysql_query("SELECT lec_name FROM lecturer");
while($row=mysql_fetch_array($sql)){
echo "<option value='".$row['lec_name']."'>".$row['lec_name']."</option>";
}
?>
</select><br/><br/>
<b>Year:<b/>
<select name="year">
<option value="Choose">Please select..</option>
<option value="2005">2005</option>
<option value="2006">2006</option>
<option value="2007">2007</option></select><br/><br/>
<br/>
<input type="submit" name="submit" value="Submit">
<input type="reset" name="reset" value="Clear">
</form>
Put session_start() to the begin of lecturer.php page.
Note:
You have bad var name in login.php where set $_SESSION['uid']:
$uid = $run_login['id'];
$_SESSION['uid'] = $uid; // not $_POST['uid'];