I am a new PHP coder and I started a project of cms panel with, for start, three options: new article, delete article and edit article. There isn't even one error in my project but, when im trying to edit a post, everything is going well, except the save. The post isn't saved!!! and there aren't any errors! I am trying to fix that problem from yesterday. That's annoying.
Here is part of my code:
editTreat.php:
<!DOCTYPE html>
<?php
include("includes/functions.php");
$ctreat = getTreat($_GET["id"]);
?>
<html lang="en">
<head>
<script type="text/javascript" src="ckeditor/ckeditor.js"></script>
<meta charset="utf-8" />
<title>Control panel</title>
</head>
<body>
<form action="doEditt.php" method="post">
<table>
<tr>
<td>
<label for="tName">:Title</label>
</td>
<td>
<input type="text" name="tName" value="<?php echo $ctreat["Title"]; ?>"></input>
</td>
</tr>
<tr>
<td>
<label for="tContent">:Content</label>
</td>
<td>
<textarea name="tContent"> <?php echo $ctreat["Content"]; ?> </textarea>
<script type="text/javascript">
CKEDITOR.replace('tContent');
</script>
</td>
</tr>
<tr>
<td colspan="2"><input type="submit" name="submit" value="Edit"></input></td>
<td> <input type="hidden" name="id" value="<?php echo $_GET["ID"]; ?>" /></td>
</tr>
</table>
</form>
</body>
</html>
doEditt.php:
<?php
include("includes/functions.php");
if(isset($_POST["submit"])) {
if(isset($_POST["tName"])) {
editTreat($_POST["tName"],$_POST["tContent"],$_POST["id"]);
header("Location: treatments.php");
} else {
echo "Please fill the title";
include("editTreat.php");
}
} else {
header("Location: editTreat.php");
}
?>
part of my includes/functions.php:
function editTreat($tName, $tContent, $id) {
$id = (int) $id;
$query = mysql_query("UPDATE `treatments` SET title = '$tName', content = '$tContent' WHERE ID = '$id'") or die(mysql_error());
header("Location: treatments.php");
}
function getTreat($id) {
$id = (int) $id;
$query = mysql_query("SELECT * FROM `treatments` WHERE ID = '$id'") or die(mysql_error());
return mysql_fetch_assoc($query);
}
So, if you can help me, please help me. Thanks!!
On line 4 you reference id lower case
$ctreat = getTreat($_GET["id"]);
Notice Lowercase id
Then in the form you reference ID Uppercase
<?php echo $_GET["ID"]; ?>
PHP is case sensitive... is id upper or lower case
The posting ID is not getting sent to the submit form, this looks to be your issue.
Some obvious issues:
I'm sure id column is not string so why quotes?
UPDATE `treatments` SET title = '$tName', content = '$tContent' WHERE ID = $id
You should escape any user input.
$tName = mysql_real_escape_string($tName);
PHP is case sensitive, and you use diferent case for $_GET["id"]. Im sure you want to use $_GET["id"]!
$ctreat = getTreat($_GET["id"]);
VERSUS
echo $_GET["ID"];
Related
I have Teams that I am assigning Employees to. The manager logs into his/her account which assigns the Team Number. They then click a link (which passes the Team ID as a variable) to go to the Assignment Page where they do an Employee Lookup; find the Employee and click on a link to assign this employee to their team.
When they first enter this Assignment Page, the Team Number exists. After they do the Search, however, the Team Number is blanked out. This is all on the same page. I don't know why the Search function wipes out the Session Variable value. Thank you.
<?php
session_start();
?>
<!DOCTYPE html>
<html>
<head>
<link rel="stylesheet" type="text/css" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">
</head>
<body>
<div class="container">
<?php
$_SESSION["teamid"] = $_REQUEST["tid"];
?>
<?php
$con = new mysqli($localhost, $username, $password, $dbname);
if( $con->connect_error){
die('Error: ' . $con->connect_error);
}
if( isset($_GET['search']) ){
$team = $_SESSION["teamid"];
$memberid = mysqli_real_escape_string($con, htmlspecialchars($_GET['search']));
$sql = "SELECT * FROM employees WHERE empid ='$memberid'";
}
$result = $con->query($sql);
?>
<label>Enter Employee You Wish To Add To Your Team (<?php echo $_SESSION["teamid"]; ?>)</label>
<form action="" method="GET">
<input type="text" placeholder="Enter Employee ID here" name="search">
<input type="submit" value="Search" name="btn" class="btn btn-sm btn-primary">
</form>
<br />
<table class="table table-striped table-responsive">
<tr>
<th>Employee ID</th>
<th>Name</th>
<th>Action</th>
</tr>
<?php
while($row = $result->fetch_assoc()){
?>
<tr>
<td><?php echo $row['empid']; ?></td>
<td><?php echo $row['firstname']; ?> <?php echo $row['lastname']; ?></td>
<td>Assign Employee</td>
</tr>
<?php
}
?>
</table>
</div>
</body>
</html>
It's because at the top of your code you have this part:
<?php
$_SESSION["teamid"] = $_REQUEST["tid"];
?>
So everytime the page reloads it sets the teamid to whatever is in the request. The second time you visit the page it's most likely empty which causes the session to be empty too.
An easy way to fix that is to check if $_REQUEST["tid"] is set:
<?php
if (isset($_REQUEST["tid"])) {
$_SESSION["teamid"] = $_REQUEST["tid"];
}
?>
Ok, I am trying to get content from a SQL database to populate fields when a button is pushed. The problem is that no matter which button is pushed, it always sends the values of the last row to php. I am a php/mySQL noob. I apologize if this has been asked/answered before, I have been searching the site for hours and not come across anything that has helped me figure it out.
Index page image and Code:
<?php
require_once('database.php');
$query = 'SELECT * FROM omniarticles
ORDER BY recid';
$statement1 = $db->prepare($query);
$statement1->execute();
$article = $statement1->fetchAll();
$statement1->closeCursor();
?>
<!DOCTYPE HTML>
<html>
<head>
<title>AMS</title>
<link rel="stylesheet" type="text/css" href="basic.css">
</head>
<body>
<h3>Article List</h3>
<table>
<tr>
<th>Publication Date</th>
<th>Title</th>
<th>Action</th>
</tr>
<?php foreach ($article as $articles) : ?>
<tr>
<td><?php echo $articles['publicationDate']; ?></td>
<td><?php echo $articles['title']; ?></td>
<td><form action="view.php" method="post">
<input type="hidden" name="recid"
value="<?php echo $articles['recid'];?>">
<input type="submit" value="View">
<input type="submit" value="Edit">
</td>
</tr>
<?php endforeach; ?>
</table>
</body>
</html>
view.php code:
<?php
$recid = filter_input(INPUT_POST, 'recid');
require_once('database.php');
$q = 'SELECT * FROM omniarticles
WHERE recid = :recid';
$s = $db->prepare($q);
$s->bindValue(':recid', $recid);
$s->execute();
$title = $s->fetch();
$s->closeCursor();
?>
<!DOCTYPE HTML>
<html>
<head>
<title>AMS</title>
<link rel="stylesheet" type="text/css" href="Module5Lab.css">
</head>
<body>
<label>Article Title</label>
<input type="text" name="article_title" value="<?php echo $title['recid']; ?>"/>
<br/>
<br/>
<label>Article Summary</label>
<textarea rows="4" cols="50"></textarea>
<br/>
<label>Article Content</label>
<textarea rows="20" cols="50"><?php echo $title['content']; ?></textarea>
<br/>
<label>Publication Date</label>
<input type="text" name="publication_date"/>
<br/>
</body>
</html>
The result I am getting is always for the last record, no matter which button I push.
The problem is almost certainly with the line:
$recid = filter_input(INPUT_POST, 'recid');
I'd recommend doing var_dump($_POST) and seeing what's in the post data.
I create search.php and create database war and table product.
My code doesn't work:
<!DOCTYPE html>
<html>
<head>
<title>Search</title>
</head>
<body>
<form method="get" action="">
<table>
<tr>
<td>متن برای جستجو</td>
<td><input type="text" name="text"></td>
</tr>
<tr>
<td><input type="submit" value="Search"></td>
<td>
<?php
if(isset($_GET['text']) && !empty($_GET['text'])){
$body=$_GET['text'];
$con=mysql_connect("localhost","root","");
if(!$con){die("mysql Error");}
if (!mysql_select_db("war",$con)){die("mysql select error");}
$res=mysql_query("SELECT * FROM product WHERE LIKE pname='%$body%'");
$count=mysql_num_rows($res);
if ($count <= 0){
die("Your product Not found");
}else{
while ($row=mysql_fetch_array($res)){
echo $row['pname'];
}
}
}
?>
</td>
</tr>
</table>
</form>
</body>
</html>
Please help and debug.
Your MySQL SELECT statement is wrong. It should be:
$res=mysql_query("SELECT * FROM product WHERE pname LIKE '%$body%'"); // note the absence of =
If this is, of course, what you mean by "it doesn't work".
PS : do not use mysql_* functions. They are deprecated.
I'm trying to setup a form that can update my product.
the code reads data ok, but $update is getting errors that prevents the update from doing anything.
The errors are :
Undefined variable: update
mysqli::query(): Empty query (after submit the form)
Please Help! Thanks.
//include database configuration file
include("config.php");
$mysqli->set_charset("utf8");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Edit Page</title>
</head>
<body>
<?php
if(isset($_POST['Submit'])){//if the submit button is clicked
$updateproductname = $_POST['updateproductname'];
$updatesku = $_POST['productsku'];
$updateproductoriginal = $_POST['updateoriginalname'];
$updatedescshort = $_POST['updatedescshort'];
$update = $mysqli->query("UPDATE testproducts".
"SET product_sku=$updatesku, product_name=$updateproductname, 'product_originalname'='$updateproductoriginal', 'product_description_short='$updatedescshort' ".
"WHERE product_id = '$id' ");
$mysqli->query($update) or die("Cannot update");//update or error
}
?>
<?php
//Create a query
$sql = "SELECT * FROM testproducts WHERE product_id = $id";
//submit the query and capture the result
$result = $mysqli->query($sql) or die(mysql_error());
?>
<h2>Update Record <?php echo $id;?></h2>
<form action="" method="post">
<?php
while ($row = $result->fetch_assoc()) {?>
<table border="0" cellspacing="10">
<tr>
<td>Product Name:</td> <td><input type="text" name="updateproductname" value="<?php echo $row['product_name']; ?>"></td>
</tr>
<tr>
<td>Product Original Name:</td> <td><input type="text" name="updateoriginalname" value="<?php echo $row['product_originalname']; ?>"></td>
</tr>
<tr>
<td>Product SKU:</td> <td><input type="text" name="productsku" value="<?php echo $row['product_sku']; ?>"></td>
</tr>
<tr>
<td>ShortDescription:</td> <td><input type="text" name="updatedescshort" size="100" value="<?php echo $row['product_description_short']; ?>"></td>
</tr>
<tr>
<td><INPUT TYPE="Submit" VALUE="Update the Record" NAME="Submit"></td>
</tr>
</table>
<?php
}
?>
</form>
<?php
if($update){//if the update worked
echo "<b>Update successful!</b>";
}
?>
</body>
</html>
a) You are vulnerable to SQL injection attacks
b) Read the docs for mysqli_query(). The function takes a query STRING, and returns a RESULT HANDLE. You're then taking that result handle and trying to re-query it. If you'd bothered having proper error handling on ALL of your mysqli calls, you'd have seen this.
was able to update the record after moving the update and select code to top of html
<?php
if(isset($_POST['Submit'])){//if the submit button is clicked
// Check connection
$productname = $_POST['updateproductname'];
$productoriginal = $_POST['updateoriginalname'];
$sku = $_POST['productsku'];
$descshort = $_POST['updatedescshort'];
$mysqli->query("UPDATE testproducts ".
"SET product_name='$productname',product_originalname='$productoriginal', product_sku='$sku', product_description_short='$descshort'".
" WHERE product_id='$id'");
}
?>
<?php
//Create a query
$sql = "SELECT * FROM testproducts WHERE product_id = $id";
//submit the query and capture the result
$result = $mysqli->query($sql) or die(mysql_error());
//$query=getenv(QUERY_STRING);
//parse_str($query);
//$ud_title = $_POST['Title'];
//$ud_pub = $_POST['Publisher'];
//$ud_pubdate = $_POST['PublishDate'];
//$ud_img = $_POST['Image'];
$mysqli->close();
?>
I'm struggling now for a few days to get the value of a checkbox in my code.
Basically I have an admin-page where the customer can select and deselect images that will put online.
You can select and deselect images that will be shown on the homepage, and separate on the gallery-page. Both checked is also possible.
I have another checkbox that can be selected to remove the image from the list(image_deleted).
There is still a database entry and the images are still on file-system but later on I'll create a cleanup-job.
Here is my code:
<?php
ini_set('display_errors', 1);
error_reporting(E_ALL);
ob_start();
require('../../lib/dbconnection.php');
require("../../lib/checklogin.php");
require("includes/upload.inc.php");
$query = 'SELECT * FROM gallery where image_deleted != 1 order by id desc';
$result=$conn->query($query);
$count=$result->num_rows;
?>
<!DOCTYPE html>
<html>
<head>
<title>Classic Nails - CMS</title>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
<meta name="description" content="ClassicNails">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="../css/screen.css">
<link rel="stylesheet" href="../css/libs/magnific-popup.css">
<script src="../js/libs/min/jquery-min.js" type="text/javascript"></script>
<script src="../js/min/custom-min.js" type="text/javascript"></script>
<script src="js/jquery.magnific-popup.js"></script>
<script>
$(document).ready(function() {
$('.image-link').magnificPopup({
type:'image',
gallery:{
enabled:true
}
});
});
</script>
</head>
<body>
<?php include('includes/header.inc.php'); ?>
<?php include('includes/nav.inc.php'); ?>
<div class="wrapper">
<article class="content">
<h1>Foto gallery</h1>
<?php
if (isset($uploadResult)) {
echo "<p><strong>$uploadResult</strong></p>";
}
?>
<form action="" method="post" enctype="multipart/form-data" name="uploadImage" id="uploadImage">
<p>
<label for="image">Upload image:</label>
<input type="hidden" name="MAX_FILE_SIZE" value="<?php echo MAX_FILE_SIZE; ?>" />
<input type="file" name="images" id="imagesd" />
</p>
<p>
<input type="submit" name="upload" id="upload" value="Upload" />
</p>
</form>
<div id="maincontent">
<h2>Foto informatie</h2>
<form name="FotoInformatie" id="fotoInformatie" method="post" action="">
<table>
<tr>
<td align="center"><strong>Foto<strong></td>
<td align="center"><strong>Titel</strong></td>
<td align="center"><strong>Beschrijving</strong></td>
<td align="center"><strong>Homepage</strong></td>
</tr>
<?php
while ($rows=$result->fetch_assoc()) {
?>
<tr>
<td class="hide" align="center"><?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?></td>
<td><img src="../img/thumbs/<?php echo $rows['filename']; ?>"></td>
<td align="center"><input name="title[]" type="text" id="title" value="<?php echo $rows['title']; ?>"></td>
<td align="center"><input name="caption[]" type="text" id="caption" value="<?php echo $rows['caption']; ?>"></td>
<td><input type="checkbox" name="checkboxHome[]" id="checkBoxHome" value="<?php echo ($rows['home'] == 1) ? 'checked="checked"' : ''; ?>"/></td>
</tr>
<?php
}
?>
<tr>
<td colspan="4" align="center">
<input type="submit" name="submit" value="Submit">
</tr>
</table>
</form>
</div>
</article> <!-- end of content -->
</div> <!-- end of container -->
<?php include('includes/footer.inc.php'); ?>
</body>
</html>
<?php
if(isset($_POST['submit'])) {
$title = $_POST['title'];
$caption = $_POST['caption'];
if ($_POST['checkboxHome'] == "") {
$checkboxHome[] = '0';
} else {
$checkboxHome[] = '1';
}
for($i=0;$i<$count;$i++){
$result1=mysqli_query($conn, "UPDATE gallery SET title='$title[$i]', caption='$caption[$i]', home='$checkboxHome[$i]' WHERE id='$id[$i]'");
header("location:/admin/foto-admin.php");
}
}
?>
The checkbox only works on the first row in my DB. When I select another record, only the first record in my db will be updated.
Another issue is that my checkbox won't be checked so I don't know based on my screen when a image is online or not. in the database I see a 1 of a 0.
I know that sql-injection is possible and I have to prepare the statements, but that is the next step when I get this checkbox-issue working.
Hope someone can help me with my code. It's giving me a headache.
Check these
Attribute name="id[]" for id field is not given. And it should get inside
if(isset($_POST['submit'])) {
$id = $_POST['id'];
}
Incorrect spelling in getting Post value
change
$checkboxHome = $_POST['checkboxHome'];
$checkboxFotoboek= $_POST['checkboxFotoboek'];
$checkboxDelete = $_POST['image_deleted'];
to
$checkboxHome = $_POST['checkBoxHome'];
$checkboxFotoboek= $_POST['checkBoxFotoboek'];
$checkboxDelete = $_POST['checkboxDelete'];
You are trying to get wrong value.
Your check-box name is checkBoxHome and you are trying to get $_POST['checkboxHome'] instead of $_POST['checkBoxHome'] .
Try $_POST['checkBoxHome'] and print it as print_r('checkBoxHome')
Same mistake in checkBoxFotoboek check-box.
try this
if(isset($_POST['submit'])) {
$title = $_POST['title'];
$caption = $_POST['caption'];
$checkboxHome = $_POST['checkBoxHome'];
$checkboxFotoboek= $_POST['checkBoxFotoboek'];
$checkboxDelete = $_POST['checkboxDelete'];
for($i=0;$i<$count;$i++){
$result1=mysqli_query($conn, "UPDATE gallery SET title='$title[$i]', caption='$caption[$i]', home='$checkboxHome[$i]', fotoboek='$checkboxFotoboek[$i]', image_deleted='$checkboxDelete[$i]' WHERE id='$id[$i]'");
header("location:/admin/foto-admin.php");
}
}
?>