I'm new to php and mysql so this I'm sure is very simple!
I would like to increment a specific entry depending on which button was clicked. The problem I am having is that I'm not sure how to tell mysql which entry to increment via php.
I'm using a while loop to display my table and then on the end of each row adding a button that has a name = $row[id] value = $row[likes]. If name was simply a word then it wouldn't be a problem but I need it to be different depending on the row it's in. (I'm using the row id the auto increments, I don't display it but it exists).
My .html:
$host="xxx";
$username="xxx";
$password="xxx";
$db_name="xxx";
$tbl_name="blog";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$result = mysql_query("SELECT * FROM $tbl_name ORDER BY id DESC");
echo "<table id='blog'>
<tr>
<th>Update</th>
<th>Likes</th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td id='entry'>" . $row['entry'] . "</td>";
echo "<td id='like'>" . "<form action ='likes.php' method ='post'>" . "<input type='submit' name='$row[id]' value='$row[likes]' />" . "</form>" . "</td>";
echo "</tr>"; }
echo "</table>";
mysql_close($con);
?>
My .php:
<?php
$con = mysql_connect("xxx","xxx","xxx");
if (!$con) {
die('Could not connect: ' . mysql_error()); }
mysql_select_db("xxx", $con);
if(mysql_query("UPDATE blog SET likes = likes +1 WHERE id = '$_POST[$id]'")) {
header('location:blog.php'); }
else {
echo "Error: " . mysql_error(); }
mysql_close($con);
?>
All I want to do is link 'input name = $row[id]' in the html document with the WHERE id = $_POST[id] so that it will increment the like count on button click.
Thanks in Advance!!
Use a hidden input within the form to tell the PHP side which entry to increment.
echo "<td id='like'><form action ='likes.php' method ='post'><input type='hidden' name='id' value='" . (int)$row['id'] . "' /><input type='submit' name='submit' value='" . (int)$row['likes'] . "' /></form></td>";
The query line should be:
if(mysql_query("UPDATE blog SET likes = likes +1 WHERE id = '" . (int)$_POST['id'] . "'")) {
Notice I casted the IDs as (int), this prevents SQL Injection in the query, and prevents XSS when outputting.
The submit button is unreliable for the transportation of data, this is because in some situations not all browsers actually send the submit button as a POST/GET variable.
The other thing I noticed was the use of this syntax $row[likes] which should be:
$row['likes']
If you don't include quotes then PHP first treats likes as a constant and if not defined, falls back as a string.
Related
I have a page that I have been working on. It runs several queries to get existing data from several tables in my DB. There is a table that shows the result of three queries. The first query gets the extension and the secret of phones, the 2nd query gets MAC addresses of phones, and finally the third query gets the names of templates for the phones. The results of the last two queries (with the help of others) are setup as dropdowns in the 3rd and 4th columns of the table created to show the extensions. This way I can select the MAC of the phone I want to assign to the extension and then the template to make the phone work the way I want. The whole page is set as a form and I am using $post to the insert page. My goal here is to take the information (array) that is created by the user making their selections and insert ALL the 4 columns of information into a new table, from there I want to create files using that information to setup the phones. Here is the code I have for now.
<?php
error_reporting(E_ALL);
ini_set('display_errors','On');
$link = mysql_connect("localhost", "root", "cacti") or die ('Error connecting to mysql' . mysql_error());
mysql_select_db("cqadmin");
$sql2 = "SELECT extension, secret from extensions;";
$result2 = mysql_query($sql2) or die(mysql_error());
echo "<table border='3'>
<tr>
<th>Extension #</th>
<th>Secret</th>
<th>MAC Address</th>
<th>Template</th>
</tr>";
while($row = mysql_fetch_array($result2))
{
$sql = "SELECT id , mac FROM phones order by mac;";
$result = mysql_query($sql) or die(mysql_error());
$sql1 = "SELECT id , templatename FROM templates order by templatename;";
$result1 = mysql_query($sql1) or die(mysql_error());
echo "<tr>";
echo "<td>" . $row['extension'] . "</td>";
echo "<td>" . $row['secret'] . "</td>";
echo "<td> <select name='phone'>";
while($rowA = mysql_fetch_array($result)) {
echo '<option value="' . $rowA['id'] . '">' . $rowA['mac'] . '</option>';
}
echo "</select></td>";
echo "<td><select name='template'>";
while($rowB = mysql_fetch_array($result1)) {
echo '<option value="' . $rowB['id'] . '">' . $rowB['templatename'] . '</option>';
}
echo "</select></td>";
echo "</tr>";
}
echo "</table>";
?>
<input type="submit" value="Submit your selections">
</body>
</html>
And my insert page
<?php
echo "You got here";
//***********Get the Assignment information *************
$values = array_values($_POST);
print_r($values);
?>
The resulting print shows this
Array ( [0] => 324 [1] => 24 )
Looking at my db table 324 is the index id of the last phone scanned and in the template table 24 is the last template created, No info on the extension or the secret.
I think I am close but I do not know where to go from here.
PS. I know I need to use mysqli or pdo, not sure how to change over yet.
I've written this code for a user to edit one row and update it in MySQL, but it always posts the last row no matter which row you have selected (there are 3 rows).
What's the problem?
<?php include("includes/db_connection.php"); ?>
<?php
global $connection;
$sid="s5";
/**select all salesman from store 5**/
$sql ="SELECT * FROM employees WHERE e_type='Salesperson' AND store_assigned='".$sid."';";
/**get the result and put into table, which can be edited by user**/
$result = mysql_query($sql);
echo "<form method='post' action='update_salesman.php'>";
echo "<table border='1'><tr><th>Employee ID</th><th>Name</th><th>Address</th><th>Email</th><th>Job Title</th><th>Store</th><th>Salary</th></tr>";
while ($row = mysql_fetch_assoc($result)) {
echo "<tr><td><input type='text' name='eid' value='".$row['eid']."' readonly /></td>";
echo "<td><input type='text' name='e_name' value='".$row['e_name']."' /></td>";
echo "<td><input type='text' name='e_addr' value='".$row['e_addr']."' /></td>";
echo "<td><input type='text' name='e_email' value='".$row['e_email']."' /></td>";
echo "<td><input type='text' name='e_type' value='".$row['e_type']."' /></td>";
echo "<td><input type='text' name='store_assigned' value='".$row['store_assigned']."'/></td>";
echo "<td><input type='text' name='e_salary' value='".$row['e_salary']."' /></td>";
echo "<td><input type ='submit' value='update' /></td></tr>";
}
echo "</table>";
echo "</form>";
print($sql);
?>
Get the posted data, and update it in MySQL database:
<?php include("includes/db_connection.php"); ?>
<?php
$eid = $_POST['eid'];
$ename = $_POST['e_name'];
$eaddr = $_POST['e_addr'];
$eemail = $_POST['e_email'];
$etype = $_POST['e_type'];
$estore = $_POST['store_assigned'];
$esalary = $_POST['e_salary'];
$sql = "UPDATE employees SET e_name='" . $ename . "', e_addr='" . $eaddr . "', e_email='" . $eemail . "', e_type='" . $etype . "', store_assigned='" . $estore . "', e_salary='" . $esalary . "' WHERE eid='" . $eid . "' ;";
$result = mysql_query($sql);
print("</br>" . $sql);
?>
The result is always this:
UPDATE employees SET e_name='Norah ', e_addr='111 Melwood,PA', e_email='anorahm#gmiil.com', e_type='Salesperson', store_assigned='s5', e_salary='4000.00' WHERE eid='e334' ;
Your problem is twofold. First, when generating the HTML code, you use a while loop to echo the fields. Note that the names of these fields are the same every time the loop runs. (You can see this in the generated HTML (source code). Note that on submitting, one one of the multiple same-named fields will be posted.
Second, in the PHP form handler code, you read the post data and then do one update query, while you may want to update more than one field.
The easiest way to solve this is to make sure that the field names in the HTML form are different for each of the rows, and to use a loop structure when updating the sql table such that there's an update for each row.
even though it may appear fine on the html side, it's clear what's happening on the server side when it gets the form
When the server gets the form it will only see the last record because each record will overwrite the values that come before it resulting in only getting the data from the last record
What you can do is give each set of values its own form (Wouldn't suggest). But with this method, you can leave your code almost as is, just move the form tags into the while loop. OR write the input names as e_name[], etc.
This way it will be passed as an array to the server and you can loop through to get all your values
On the server end, to get the array you would do something like
$e_names = $_POST['e_name']; //Value will be an array
I have a database that I want to get data out onto a website. It contains states listed by name and id. Counties listed by id, namne , and state that contains thems ID and then clubs that exist , with a reference to the county id's that they exist in and columns for their actual data.
What I've got :
A drop down menu that populates itself with state id and name.
What I'd like to accomplish:
On selection of state , let's say ny , take it's id and use this in gathering another mysql array for the county drop down. I'd like it to dynamically occur on selection of state , maybe even giving a count of results next to the drop down.
$resstate = mysql_query("SELECT * FROM state ORDER by longstate;") or die("Note: " . mysql_error());
State:
<select name="State" size=1>
<?
while( $rs = mysql_fetch_array( $resstate ) ) {
echo "<option value=" .$rs['id'] . ">" . $rs['longstate'] . "</option>";
}
echo "</select>";
?>
I know I could use a JavaScript onChange="this.form.submit()" on the first drop down, but it's my understanding that I'd then be making a new page at that point and don't know if I could keep the functionality of the state drop down, say if you accidentally chose new Hampshire when you wanted New York.
here's an example of the current array filling the drop down :
http://snowmobileamerica.com/countytest.php
----EDIT---
Using Dagons Advice , I looked into Ajax.
I made a php file that's supposed to query the database based on a reference to getcounty.php?q=
The file is created as follows :
<?php
$q=$_GET["q"];
$cn=mysql_connect("localhost","user","password") or die("Note: " . mysql_error());
mysql_select_db("snowusa_clubs", $cn);
$sql="SELECT * FROM county WHERE state_id = '".$q."' ORDER by name";
$result = mysql_query($sql);
echo "<select name="County" size=1>";
while($rc = mysql_fetch_array($result))
{
echo "<option value=" .$rc['id'] . ">" . $rc['name'] . "</option>";
}
echo "</select>";
mysql_close($cn);
?>
If i try to run it manually http://www.snowmobileamerica.com/getcounty.php?q=33 I get a 500 internal server error...
Any ideas where I went wrong?
try adding an id to the element, then make an ajax call to a handler with jquery:
$("#State").change(function() {
$.post("path/to/request handler/" , { "State" : $(this).val() },
function(data){
if (data == "OK"){
//add some elements here
} else {
//handle an error here
}
});
});
not able to comment yet.
but for the second question try:
<?php
$q=$_GET["q"];
$cn=mysql_connect("localhost","user","password") or die("Note: " . mysql_error());
echo "Conn ok<br>";
mysql_select_db("snowusa_clubs", $cn);
echo " Database opened<br>";
$sql="SELECT * FROM county WHERE state_id = '$q' ORDER by name";
$result = mysql_query($sql);
echo " Database queried <br>";
echo "<select name='County' size=1>";
while($rc = mysql_fetch_array($result))
{
echo "<option value='" .$rc['id'] . "'>" . $rc['name'] . "</option>";//added single quotes in the value
}
echo "</select> ";
mysql_close($cn);
?>
I am populating data into the dropdown from the Assembly table(the values in the table was added by the user itself using php). Now I want to Assembly_Name in the Part Table. Want to select the value from this drop-down menu and need to insert into the Assembly_Name column of the Part table. I am not able to select the dropdown value and insert it into the Part table.
Part.php
<html>
<body>
<form action="insert_part.php" method="post">
<!--Assembly_Id: <input type="text" name="Assembly_Id">-->
<?PHP
// Connect to your database ** EDIT THIS **
mysql_connect("localhost","root","abc"); // (host, username, password)
// Specify database ** EDIT THIS **
mysql_select_db("test") or die("Unable to select database"); //select db
$result = mysql_query("select assembly_id,assembly_name from assembly ORDER BY Assembly_Id");
echo '<select name="assembly_name"><OPTION>';
echo "Select an option</OPTION>";
while ($row = mysql_fetch_array($result)){
$assembly_name= $row["assembly_name"];
echo "<OPTION value=\"$assembly_name\">$assembly_name</OPTION>";
}
echo '</SELECT>';
?>
Part_name: <input type="text" name="Part_name">
<input type="submit">
</form>
<hr><hr>
<?php
$con = mysql_connect("localhost","abc");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test", $con);
$result = mysql_query("SELECT * FROM Part ORDER BY Part_Id");
echo "<table border='1'>
<tr>
<th>Assembly Name</th>
<th>Part Id</th>
<th>Part Name</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['Assembly_Name'] ."</td>";
echo "<td>" . $row['Part_Id'] . "</td>";
echo "<td>" . $row['Part_Name'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
</body>
</html>
insert_part.php
<?php
$con = mysql_connect("localhost","abc");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("test", $con);
$assembly_name = isset($_POST['assembly_name'])
$sql="INSERT INTO Part (assembly_name,Part_Id, Part_Name) VALUES ('$_POST[assembly_name]','$_POST[Part_Id]','$_POST[Part_name]')";
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
header("Location:part.php");
exit;
mysql_close($con);
?>
While Submitting the Value, I am getting the below Error:
Parse error: syntax error, unexpected T_VARIABLE in
C:\wamp\www\insert_part.php on line 10
Step 1: Try to understand what your error is trying to tell you. There is a variable issue on line 10.
Step 2: Check the code for why there could possibly be an issue with a variable in use.
Following this, checking the lines above you will find that the statement on line 9 was not completed with a ; and ran into an "unexpected" variable when reaching line 10
You also do not appear to be submitting a $_POST['Part_Id']
Also, you want quotes in you $_POST such as $_POST['assembly_name'] in your SQL statment.
Line 9 you're missing a semicolon:
$assembly_name = isset($_POST['assembly_name']);
But as #Lion says, do change to using prepared statements. As it is this code is very insecure :(
I'm able to display what I have in my table with the code below, but as you can see in the code I'm linking the rows to a new page, and on that page I'm trying to display the rest of the rows, which I have in the same table.
I mean, I have cols ID, photo, Firstname, Lastname, Age, StreetAdd, PhoneNum, EmailAdd in the table. I'm displaying only rows photo, Firstname, Lastname on the first page.
So what I'm trying to do is when the user clicks on the First name , which I displayed from the database, he will be redirected to the new page and see the rest of the info. How do I do it?
This is the PHP page which displays the three cols. I can display the rest of the cols on a new page but it's displaying all the info in the row. I want to display the individual info for each user, not the whole list. A possible example would be eBay. When you search for items, you won't see the full description until you click on the picture or the title.
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$result = mysql_query("SELECT * FROM test ");
echo "<table align='center' bgcolor='#F9F0F0' border='0' cellspacing='0'>
<tr>
<th><font color='red'>Firstname</font></th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td><a href='send.php'><img src='".$row['photo']."' \" width=\"150px\" height=\"150px\" /></a><br><br><br>";
echo "<a href='send.php'><td align='center' style='vertical-align:text-top' width='200px'>" . $row['Firstname'] . "</td>";
echo "<td align='center' style='vertical-align:text-top' width='200px'>" . $row['Lastname'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
On you have put a text level element a inside a block level element td the cell where first name is shown. Also you didn't close a tag there. correct form is this.
echo "<td align='center' style='vertical-align:text-top' width='200px'>";
echo "<a href='send.php'>" . $row['Firstname'] . "</a></td>";
To get the same user bio on the send.php you need to pass the primary key for this row. For examle if the primary key is id you pass it send.php in query string.
echo "<a href='send.php?id=".$row['id']."'>" . $row['Firstname'] . "</a></td>";
Now in the send.php use $_GET['id'] to get the primary key and use it to retrieve the user bio from db.
But make sure you escape parameters you pass to sql database. Dont use those variables directly! See Nullpointer's answer
Update 1:
When you get the primary key of a row just invoke a SELECT * with LIMIT 1
$pkey = mysql_real_escape_string($_GET['id']);
$sql = "SELECT * FROM test where id='$pkey' LIMIT 1";
/* Run this sql */
to display individual info for each user you can use where close in query like
SELECT * FROM test WHERE user = bla
Warning
your code is vulnerable to sql injection you need to escape all get and post and the better approach will be using Prepared statement
Good Read
How to prevent SQL injection in PHP?
Are PDO prepared statements sufficient to prevent SQL injection?
Note
The entire ext/mysql PHP extension, which provides all functions named with the prefix mysql_, is officially deprecated as of PHP v5.5.0 and will be removed in the future. So use either PDO or MySQLi
Good read
The mysql extension is deprecated and will be removed in the future: use mysqli or PDO instead
Pdo Tutorial For Beginners
This should be your first page
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$result = mysql_query("SELECT * FROM test ");
echo "<table align='center' bgcolor='#F9F0F0' border='0' cellspacing='0'>
<tr>
<th><font color='red'>Firstname</font></th>
</tr>";
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td><a href='send.php'><img src='".$row['photo']."' \" width=\"150px\" height=\"150px\" /></a><br><br><br>";
echo "<a href='send.php?".$row['id']."'><td align='center' style='vertical-align:text-top' width='200px'>" . $row['Firstname'] . "</td>";
echo "<td align='center' style='vertical-align:text-top' width='200px'>" . $row['Lastname'] . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
Now send.php should be
<?php
$con = mysql_connect("localhost","root","");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("simple_login", $con);
$sql = "SELECT * FROM test where id = " . $_Get['id'] ;
$result = mysql_query($sql);
//then display the result here
?>
hope this helps