What I am trying to do with this script is allow users to update a url for their websites, and since each user isn't going to have the same amount of websites is is hard for me to just add $_POST['website'] for each of these.
Here is the script
<?php
include("config.php");
include("header.php");
include("functions.php");
if(!isset($_SESSION['username']) && !isset($_SESSION['password'])){
header("Location: pubs.php");
}
$getmember = mysql_query("SELECT * FROM `publishers` WHERE username = '".$_SESSION['username']."'");
$info = mysql_fetch_array($getmember);
$getsites = mysql_query("SELECT * FROM `websites` WHERE publisher = '".$info['username']."'");
$postback = $_POST['website'];
$webname = $_POST['webid'];
if($_POST['submit']){
foreach ( $_POST['website'] as $key => $value )
{
$update = mysql_query("UPDATE `websites` SET `postback` = '".mysql_real_escape_string($postback[$value])."' WHERE id = '$webname'");
}
}
print"
<div id='center'>
<span id='tools_lander'><a href='export.php'>Export Campaigns</a></span>
<div id='calendar_holder'>
<h3>Please define a postback for each of your websites below. The following variables should be used when creating your postback.<br />
cid = Campaign ID<br />
sid = Sub ID<br />
rate = Campaign Rate<br />
status = Status of Lead. 1 means payable 2 mean reversed<br />
A sample postback URL would be <br />
http://www.example.com/postback.php?cid=#cid&sid=#sid&rate=#rate&status=#status</h3>
<table class='balances' align='center'>
<form method='POST' action=''>";
while($website = mysql_fetch_array($getsites)){
print"
<tr>
<input type ='hidden' name='webid' value='".$website['id']."' />
<td style='font-weight:bold;'>".$website['name']."'s Postback:</td>
<td><input type='text' style='width:400px;' name='website[]' value='".$website['postback']."' /></td>
</tr>";
}
print"
<td style='float:right;position:relative;left:150px;'><input type='submit' name='submit' style='font-size:15px;height:30px;width:100px;' value='Submit' /></td>
</form>
</table>
</div>";
include("footer.php");
?>
What I am attempting to do insert the what is inputted in the text boxes to their corresponding websites, and I cannot think of any other way to do it, and this obviously does not works and returns a notice stating Array to string conversion
If there is a more logical way to do this please let me know.
UPDATE
I added a foreach statement, but this still doesn't seem to solve the problem. It doesn't update anything in the database.
I was able to fix the problem with some trial and error, Lawrence helped with the informing me to use a foreach statement. This is what I have ended up with.
<?php
include("config.php");
include("header.php");
include("functions.php");
if(!isset($_SESSION['username']) && !isset($_SESSION['password'])){
header("Location: pubs.php");
}
$getmember = mysql_query("SELECT * FROM `publishers` WHERE username = '".$_SESSION['username']."'");
$info = mysql_fetch_array($getmember);
$getsites = mysql_query("SELECT * FROM `websites` WHERE publisher = '".$info['username']."'");
$postback = $_POST['website'];
$webname = $_POST['webid'];
if($_POST['submit']){
$i = -1;
foreach ($postback as $key => $value)
{
$i ++;
print_r($webname[$i]);
$update = mysql_query("UPDATE `websites` SET `postback` = '".cleanQuery($postback[$key])."' WHERE `id` = '".$webname[$i]."'") or die("MySQL ERROR: ".mysql_error());
}
}
print"
<div id='center'>
<span id='tools_lander'><a href='export.php'>Export Campaigns</a></span>
<div id='calendar_holder'>
<h3>Please define a postback for each of your websites below. The following variables should be used when creating your postback.<br />
cid = Campaign ID<br />
sid = Sub ID<br />
rate = Campaign Rate<br />
status = Status of Lead. 1 means payable 2 mean reversed<br />
A sample postback URL would be <br />
http://www.example.com/postback.php?cid=#cid&sid=#sid&rate=#rate&status=#status</h3>
<table class='balances' align='center'>
<form method='POST' action=''>";
while($website = mysql_fetch_array($getsites)){
print"
<tr>
<input type ='hidden' name='webid[]' value='".$website['id']."' />
<td style='font-weight:bold;'>".$website['name']."'s Postback:</td>
<td><input type='text' style='width:400px;' name='website[]' value='".$website['postback']."' /></td>
</tr>";
}
print"
<td style='float:right;position:relative;left:150px;'><input type='submit' name='submit' style='font-size:15px;height:30px;width:100px;' value='Submit' /></td>
</form>
</table>
</div>";
include("footer.php");
?>
Related
code:
<?php
if(isset($_POST['save']))
{
$comment1 = $_POST['comment2'].",".date('Y-m-d');
$comment2 = $_POST['comment2'];
$id = $_POST['id'];
$query = "update enquires2 set comment1 = '$comment1', comment2 = '$comment2', s_date = '$s_datee' where id='$id'";
$result = mysqli_query($link,$query);
if($result==true)
{
echo "successfull";
}
else
{
echo "error!";
}
}
?>
<form method="post" name="myform">
<table>
<tr>
<th>comment1</th>
<th>comment2</th>
<th>Action</th>
</tr>
<?php
$sql = "select * from enquires2 ";
$result = mysqli_query($link,$sql);
while ($row = mysqli_fetch_array($result))
{
?>
<tr>
<td>
<input type='hidden' name='id' value='<?php echo $row['id']; ?>'>
</td>
<td>
<?php echo $row['comment1']; ?>
</td>
<td>
<input type='text' name='comment2' id='comment2' value=""/>
</td>
<td>
<input type ='submit' name='save' id='save' value='Save' />
</td>
</tr>
<?php
}
?>
</table>
</form>
In this code I want to update table enquires2 with unique id. In following image you see that table row having save button this is only one row similarly it have multiple row which having save button in each row. Now I want that when I click on save button of particular row only that row data will be update. How can I fix this problem ? Please help.
Thank You
You could use AJAX and jQuery to do this and send the data to a separate PHP file and assigning the $row['ID'] to a data-value attribute of the button,
$("#save-btn").click(function(){
id = $(this).attr(data-value);
***** rest of values here
$.ajax({
method: "GET",
data: {id: id, rest of: data here},
url: phpfile.php,
success: function(){
console.log("Success");
}
})
});
While in the PHP file you would take get the id like,
$_GET['id'], and same with the other values since we are using the GET method and then put them in the update query.
First of all, for security reason you need to change this query to a prepared statement see PHP MySQLI Prevent SQL Injection:
$id = $_POST['id'];
$query = "update enquires2 set comment1 = '$comment1', comment2 = $comment2', s_date = '$s_datee' where id='$id'";
$result = mysqli_query($link,$query);
This line is bad anyway, you are missing a opening quote for $comment2.
$query = "update enquires2 set comment1 = '$comment1', comment2 = $comment2', s_date = '$s_datee' where id='$id'";
Are you sure $link is an actual mysqli link?
As for the html part, you need to mkae one form for each record. See the link posted HTML: Is it possible to have a FORM tag in each TABLE ROW in a XHTML valid way?
alternatively you could do something bad like only adding the $id to evry field for every row (similar to:)
<input type ='submit' name='save[<?=$id;?>]' id='save' value='Save' />
and in the php code check witch key is set.
if(isset($_POST['save']) && is_array($_POST['save'])){
$id=key($_POST['save']);
}
You will need to replicate the bad thing for your comments as well but as a proof of concept you can run this snippet on phpfiddle.org
<?php
print_r($_POST);
if(isset($_POST['save']) && is_array($_POST['save'])){
echo key($_POST['save']);
}
?>
<html>
<form method='post'>
<input type='submit' name='save[1]' value='1' />
<input type='submit' name='save[2]' value='2' />
</form>
</html>
Wish i could provide you a really full answer but there's alot of work to be done on your code for it to be 'proper coding'. Again this becaome a matter of opinion beside the fact that your code is vunerable to sql injection and is NOT accepable.
Don't use your code at all for security vulnerability. Read more about sql injection Here. After all, For each row () create a form with a hidden input storing id of row .
I revised my code to make it work,create a nested table inside your td, so that tag will be accepted,
also see this link for a working reference,
HTML: Is it possible to have a FORM tag in each TABLE ROW in a XHTML valid way?
<?php
if(isset($_POST['save']))
{
$comment1 = $_POST['comment2'].",".date('Y-m-d');
$comment2 = $_POST['comment2'];
$id = $_POST['id'];
$query = "update enquires2 set comment1 = '$comment1', comment2 = '$comment2', s_date = '$s_datee' where id='$id'";
$result = mysqli_query($link,$query);
if($result==true)
{
echo "successfull";
}
else
{
echo "error!";
}
}
?>
<table>
<tr>
<th>comment1</th>
<th>comment2</th>
<th>Action</th>
</tr>
<?php
$sql = "select * from enquires2 ";
$result = mysqli_query($link,$sql);
while ($row = mysqli_fetch_array($result))
{
?>
<tr><td><table>
<form method="post" name="myform">
<tr>
<td>
<input type='hidden' name='id' value='<?php echo $row['id']; ?>'>
</td>
<td>
<?php echo $row['comment1']; ?>
</td>
<td>
<input type='text' name='comment2' id='comment2' value=""/>
</td>
<td>
<input type ='submit' name='save' id='save' value='Save' />
</td>
</tr>
</form>
</table>
</td>
</tr>
<?php
}
?>
</table>
**i want to insert student result that he calculate some equation and send it to his cell in users database
my problem is i cant send the result of some student to his own cell in the users table
when i try to do it ,,its always (result) go to the first user that i logged in with ,, i think the issues with my SESSION
can any 1 help please ???
my index.php code was**
<html>
<head>
<title>Home Work Page</title>
</head>
<body>
<form action="login.php?login=yes" method="POST">
<table border=1>
<tr>
<td> username : <input type="text" name="username"/></td>
<br />
<td> password :<input type="password" name="password"/> </td>
</tr>
</table>
<input type="submit" name="resultbtn" value='login'/>
</form>
</body>
</html>
and my login.php code is
<?php
error_reporting(0);
$username = $_POST['username'];
$password= $_POST['password'];
$login = $_GET['login'];
setcookie("username","$username",time()+15);
if($login=='yes') {
$con = mysql_connect("localhost","root","");
mysql_select_db("members");
$get = mysql_query("SELECT count(id) FROM users WHERE username='$username' and password='$password' ");
$resultt = mysql_result($get,0);
if($resultt !=1){
echo "error with login";
}
else {
$_SESSION['username'] = $username;
$sql = "SELECT * FROM users WHERE username='$username' ";
$myval = mysql_query($sql,$con);
echo "welcome back " . $_COOKIE['username'];
echo"
<br/>
<br/>
<br/>
<br/>
<html dir='rtl'>
<meta charset ='Windows-1256'>
</html>
<table>
<tr>
<th> </th>
</tr>";
if ($val = mysql_fetch_array($myval)) {
echo "<tr>";
echo " <td>" . "the question : calculate the triangle area if H = " . "</td>";
echo " <td> <input type='text' value= $val[val1] disabled='disabled' size=5/> ". "</td>";
echo " <td>and L = <input type='text' value= $val[val2] disabled='disabled' size=5/> ". "</td>";
echo "</tr>";
}
echo "</table>";
}
}
echo"<form action='result.php' method='POST'>
<br/>
<br/>
<br/>
<br/>
<table>
<tr>
<td> Hello student the result will be : <input type='text' name='add' ></td>
<td><input type='submit' name='submit' value='send results'></td>
</tr>
</table>
</form>
";
?>
and the result.php (the page with my problems) code is
<?php
error_reporting(0);
$val3 = $_POST["add"];
//connect
mysql_connect("localhost", "root", "");
mysql_select_db("members");
//insert
$insert_query = mysql_query("UPDATE users SET results='$val3' WHERE username ='$_SESSION[username]' ");
$query = mysqli_query($insert_query) or die(mysqli_error());
//check whether the data insertion was successful
if(!$insert_query)
echo "<p>Sorry! Something went wrong.</p>";
else
echo "<p>Thanks! Your Results has been Sent.</p>";
?>
my logout.php code is
<?php
session_start();
unset($_SESSION['username']);
session_destroy();
header ("location: index.php");
?>
please HELP
The code is so bad written and uses mysql deprecated functions, anyway it doesn't work because of this:
$insert_query = mysql_query("UPDATE users SET results='$val3' WHERE username ='$_SESSION[username]' ");
You can't place an array value into a string that way. Try instead:
$username = $_SESSION['username'];
$insert_query = mysql_query("UPDATE users SET results='$val3' WHERE username ='$username' ");
Or:
$insert_query = mysql_query("UPDATE users SET results='$val3' WHERE username ='".$_SESSION['username']."'");
Also, this row has no sense since $insert_query is the result of a mysql_query:
$query = mysqli_query($insert_query) or die(mysqli_error());
I asked a question before about my code with submitting users. After a few days of just guessing, I finally got it working. But, now. I can't select the user inside the table for a login. This is my code.
<?php
if($_POST['submit_id'] == 1)
{
//echo $_POST['fname'];
$playerf = $_POST['fname'];
$playerl = $_POST['lname'];
$name = $_POST['firstname'];
$link = mysqli_connect("localhost","tester","abc123","biscuit") or die(" Did not connect. " . mysqli_error($link));
$query = "SELECT firstname FROM Users" or die("Did not work." . mysqli_error($link));
if($name != $fname)
{
echo "Does not match.";
}
else
{
header ("Location: game.php");
}
}
?>
<table align = "center">
<tr>
<td>
Welcome to <b> Besco's Biscuits </b>. Please fill out the following <br />
areas and we will begin your adventure soon. :)
</td>
</tr>
</table>
<br /> <br /> <br /> <br /> <br />
<table align = "center">
<tr>
<td>
<form action="<?php echo htmlentities($_SERVER['PHP_SELF']); ?>" method="post" > <br />
Firstname: <input type="text" name="fname" id= "fname" required = "1"> <br />
Lastname: <input type = "text" name = "lname" id= "lname" required = "1"> <br />
<input type = "submit" value = "Register" id="submit_id" >
<input name="submit_id" type="hidden" id="submit_id" value="1">
<input type = "reset" name="Reset" value="Reset Page" class = "account">
</form>
</td>
</tr>
</table>
When I try to submit a user for it to identify/match, it doesn't and sends me straight into the game. Can someone help? A Beta is due in 3 days.!!!
You are not executing your query nor are you fetching the results:
$query = mysqli_query($link, "SELECT firstname FROM Users") or die("Did not work." . mysqli_error($link));
$user = mysqli_fetch_assoc($link, $query);
if($name != $user['firstname'])
Additionally:
Where did $fname come from? Did you just make that up?
You don't seem to use your POST variables which are probably necessary for you to run your query and get an exact match for your user. The above code will return every user but only check the first one. I doubt that is what you want.
You have two POST variables that seem to hold a first name. Does that look correct to you?
I'm trying to build a forum. I have forum.php with a table that includes a row for the title, a row for the edit link and a row for the delete link. When I click the edit link, I am taken to edit.php where I have another form to insert the new topic title. When I click on "save new topic" button the row should be updated, however that's my problem, the title remains the same. I've been searching around this website (and the net in general) to find a solution to this but none seem to be working for me.
In forum.php I have this code:
<?php
while ($row = mysqli_fetch_assoc($result))
{
$subject = $row['subject'];
$id = $row['id'];
?>
<tr>
<th> <?php echo $row ['subject']?> </th>
<th>Edit</th>
<th>Delete</th>
</tr>
<?php
}
?>
In edit.php I have this code:
<div id="form">
<form id='edit' action='edit.php' method='post' >
<fieldset>
<legend>Edit Topic</legend>
<br />
<label for='name' >New Subject</label><br/>
<input type="text" id="subject" name="newsubject" /><br />
<br/>
<input type='hidden' name='id' value='<?php echo $id ?>'/>
<input type="submit" name="save" value="Save New Topic" />
</fieldset>
</form>
</div>
<?php
if (isset($_POST['save']))
{
$subject_save = $_POST['newsubject'];
require_once("db_connection.php");
$conn = connectToMySQL();
$id =$_POST['id'];
$query = "UPDATE tbl_topic SET subject = '$subject_save' WHERE id = 'id'";
$result = mysqli_query($conn, $query)
or die("Error in query: ".mysqli_error($conn));
header("Location: forum.php");
die();
}
?>
Write the query as
$query = "UPDATE tbl_topic SET subject = '$subject_save' WHERE id = $id";
if this not a mistake in typing
change $query = "UPDATE tbl_topic SET subject = '$subject_save' WHERE id = 'id'";
to $query = "UPDATE tbl_topic SET subject = '$subject_save' WHERE id = $id";
<div id="form">
<form id='edit' action='edit.php' method='post' >
<fieldset>
<legend>Edit Topic</legend>
<br />
<label for='name' >New Subject</label><br/>
<input type="text" id="subject" name="newsubject" value=<?php isse($_POST['newsubject']) ? "{$_POST['newsubject']}" : ""?> /><br />
<br/>
<input type='hidden' name='id' value='<?php echo $id ?>'/>
<input type="submit" name="save" value="Save New Topic" />
</fieldset>
</form>
</div>
<?php
if (isset($_POST['save']))
{
$subject_save = $_POST['newsubject'];
require_once("db_connection.php");
$conn = connectToMySQL();
$id =$_POST['id'];
$query = "UPDATE tbl_topic SET subject = '$subject_save' WHERE id = $id";
$result = mysqli_query($conn, $query)
or die("Error in query: ".mysqli_error($conn));
header("Location: forum.php");
die();
}
This is the page that uses this code.I have a php page which extracts data from a dbms which contains email address. This works. It then displays the email address and other stored dbms data. The user then has the option of putting an "X" in a field designed in the php page called emailselected. This also works. I now want to update the dbms with the new field based on the stored email address but the update statement doesn't work. Please help. The code is listed here:
include("db.php");
if (isset($_POST['ssubmit']))
{
$id_save = $test['id'];
$emailselected_save = $_POST['emailselected'];
$email_save = $test['email'];
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = 'id'");
if (!$result) {
die('What?: ' . mysql_error());
}
$num = mysql_affected_rows();
printf("Updated %d rows\n", $num);
echo "<input type='button' value='Email(s) sent' onclick='goBack()' />";
mysql_close($conn);
} else {echo "hello";}
?>
<form method='post'>
<div id='headd'>
<br />
<input type='button' value='Close this window without Sending' onclick='goBack()' />
<input type='submit' name='ssubmit' id='ssubmit' value='Send Email Now!!!' />
<p>Place an "X" in the emails you wish to send!!!</p>
</div>
<br /><br/>
<?php
include("db.php");
$result = mysql_query("SELECT * FROM emails WHERE unsubscribe != 'x' ORDER BY lastname ASC");
while($test = mysql_fetch_array($result))
{
?>
<table border='1' width='78%'>
<tr align=\"left\">
<td width='4%'><font color='black'><input type='text' size='1' id='emailselected' name='emailselected' /></font></td>
<td width='15%'><font color='black'><?php echo $test['lastname']?></font></td>
<td width='15%'><font color='black'><?php echo $test['firstname']?></font></td>
<td width='40%'><font color='black'><?php echo $test['email']?></font></td>
<td width='4%'><font color='black'><?php echo $test['id']?></font></td>
</tr>
</table>
<?php
}
?>
</form>
Error is:
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = 'id'");
Should be:
$rc = mysql_query("UPDATE emails SET selected='$emailselected_save' WHERE id = '$id_save'");
Your code is vulnerable for SQL injection. So you should filter your data. But I would just switch to PDO and use prepared statements.
http://php.net/manual/en/pdo.prepare.php