Somehow I get my sql error while trying to update a record in my sql db
Here's my current code
html form:
<html>
<head>
<title>title here</title>
</head>
<body>
<form action="end.php" method="POST">
<input type="text" id="comment" name="comment" placeholder="Kommentar"><p>
<input type="submit" value="Stop arbejde">
</form>
</body>
</html>
end.php
<?php
$host="localhost";
$username="root";
$password="password";
$db_name="db";
$tbl_name="log";
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$comment=$_POST['comment'];
$datetime=date("y/m/d H:i:s");
$editit=date("W/D");
$sql="UPDATE log SET end=$datetime, comment=$comment WHERE editid='$editit'";
$result=mysql_query($sql);
if($result){
echo "Successful<BR>";
}
else {
echo "Fejl";
}
mysql_close();
?>
What am I doing wrong since I get that error "Fejl" ?
string must be wrap with single quotes
$sql="UPDATE log SET end='$datetime', comment='$comment' WHERE editid='$editit'";
but your query is prone to SQL Injection. please take time to read the article below
How can I prevent SQL injection in PHP?
The variable names in $sql should be inside single inverted comas.
$sql="UPDATE log SET end='$datetime', comment='$comment' WHERE editid='$editit'";
And also, you should remove paragraph tag from html code in form tag.
Related
I need some help. I have been developing a form which updates a database. It was all working fine using the jQuery Mobile form and then suddenly it has all stopped working. I have stripped the form down the the bare minimum and still its not working. When I click on update the information is placed the the browser as shown below.
update_db.php?niamh=1
but the database is not updated. If I click on refresh it updates and displays success.
If I remove all the jQuery header links it all works ok, so this is a jQuery problem. Sadly this was all working ok a couple of hours ago. code below, can any one please help.
HTML form
<html>
<head>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.css">
<script src="http://code.jquery.com/jquery-1.11.3.min.js"></script>
<script src="http://code.jquery.com/mobile/1.4.5/jquery.mobile-1.4.5.min.js"></script>
</head>
<body>
<form action="update_db.php" method="GET">
<input type="checkbox" data-role="flipswitch" name="niamh" id="switch" value="1">
<input type="submit" data-inline="true" value="Update">
</form>
</body>
</html>
php update_db.php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password="14Odiham"; // Mysql password
$db_name="heating"; // Database name
$tbl_name = "roomControl";
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$niamh = (isset($_GET['niamh'])) ? 1 : 0;
// Insert data into mysql
$sql = "UPDATE $tbl_name SET niamh=$niamh WHERE id=1";
$result = mysql_query($sql);
// if successfully insert data into database, displays message "Successful".
if($result){
echo "Successful";
echo "<BR>";
}
else {
echo "ERROR";
}
?>
<?php
//close connection
mysql_close();
?>
Try:
<form action="update_db.php" method="GET" data-ajax="false">
OS: Ubuntu, Apache2, mysql-server
I hosted one index.html on localhost in Apache2 server with one dc.php file
<!DOCTYPE html>
<head>
</head>
<body>
<form method="post" name="form1" action="dc.php">
Username <input type="text" name="username" id="username"/>
Password <input type="text" name="password" id="password"/>
<input type="submit" value="Submit">
</form>
<form method="post" name="form2" action="cancel.html">
</body>
and here is code for dc.php file
<?php
session_start();
ob_start();
$host="localhost"; // Host name
$username="root"; // Mysql username
$mysqlPassword="mypass#"; // Mysql pass
$db_name="mydb1"; // Database name
$tbl_name="mytbl1"; // Table name
mysql_connect("$host", "$username","$mysqlPassword")or die("Cannot connect to MySQL database.");
mysql_select_db("$db_name")or die("MySQL database unavailable.");
$password=$_POST['username'];
$confirm=$_POST['password'];
if ($password != $confirm) {
header("location:error.html");
break;
}
mysql_query("INSERT INTO mytbl1(password, confirm) VALUES('$password', '$confirm');");
echo "Updating records... $password";
ob_end_flush();
?>
so when i clicking on submit button instead of executing php file, the browser stops with url
http://localhost/dc.php
with blank page, and the values are not inserted in mysql.
your action of form is dc.php so if you submit your form the page goes to dc.php , your problem because an error occurred in your code you can add this lines to first of your code to see what excatly make error [in dc.php]
error_reporting(E_ALL);
ini_set("display_errors", 1);
I've got problem when using sessions to recall data stored in mySQL database. This is my code:
The login page is simple, the input your username and password kind (i know the password is still plaintext, i plan to change it later).
<?php
$host="localhost";
$user="root";
$pass="";
$db_name="proyek";
$tbl_name="murid";
mysql_connect("$host", "$user", "$pass")or die("Cannot connect to SQL.");
mysql_select_db('$db_name');
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title></title>
</head>
<body>
<div id="header">
LOGO
<h1 align="center">TITLE</h1>
</div>
<br/>
<div id="login">
<form id="loginform" name="loginform" method="post" action="checklogin.php">
<table border="0" align="center">
<tr>
<td>NIS</td>
<td></td>
<td><input type="text" name="nislogin" id="nislogin"/></td>
</tr>
<tr>
<td>Password</td>
<td></td>
<td><input type="password" name="pwdlogin" id="pwdlogin"/></td>
</tr>
<tr>
<td colspan="3" align="center"><input type="submit" name="loginbutton" id="loginbutton" value="Login"/></td>
</tr>
</table>
</form>
</div>
</body>
</html>
and this is the code for login check page:
<?php
session_start();
$host="localhost";
$user="root";
$pass="";
$db_name="proyek";
$tbl_name="murid";
mysql_connect("$host", "$user", "$pass")or die("Cannot connect to SQL.");
mysql_select_db('$db_name');
$nis=($_POST['nislogin']);
$pwd=($_POST['pwdlogin']);
$sql="SELECT * FROM murid WHERE nis='$nis' and password='$pwd'";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
if($count==1)
{
$_SESSION['nislogin']=$nis;
$nama=$result['nama'];
$_SESSION['nama']=$nama;
header("location:index.php");
return true;
exit;
}
else
{
echo("Wrong NIS or password.");
return false;
}
?>
i have entered some dummy data in database for testing purposes; id, password, name. how can i recall something from database while user only login with username/id?
i'd like to display something like 'hello, name' in the next page. Help is appreciated.
edit: I've edited my code based on feedbacks and it produces blank; like 'Hello,' with no name.
First of all, since you are running a query on your login check page, use that value for your session rather than the post data. Also, whenever you are redirecting, always exit your script.
EDIT:
Since you are in the development stage, you need to display an error if your query fails so you know why. I also realized you need to return an associative array to access the row. Try this.
$sql="SELECT * FROM murid WHERE nis='$nis' and password='$pwd'";
$result=mysql_query($sql);
if (!$result) {
die('Invalid query: ' . mysql_error());
}
$count=mysql_num_rows($result);
if($count==1)
{
$data=mysql_fetch_assoc($result); // since you are only accessing one row,
// otherwise you would put this in a loop to build your array.
session_start();
$_SESSION['nislogin']=$data['nis'];
header("location:index.php");
return true;
exit;
}
I also see this session on your login page, but I don't see that you ever created it and I don't see the purpose.
if(isset($_SESSION['nama']))
{
unset($_SESSION['nama']);
}
Basically all you need from here, is to start the session on index.php and output it.
index.php
session_start();
if(isset($_SESSION['nislogin']))
{
$name = $_SESSION['nislogin'];
} else {
$name = "stranger";
}
<body>
Welcome, <?=$name?>
</body>
I want to make a database which I can fill from my webpage. I want it to be an Integer input. I created a database and everything.
I connected php and phpmyadmin, but when I insert a number it adds an empty row (null).
Where did I go wrong?
This is the whole code...
This is the Insert.html
<html>
<head>
<title>SITE</title>
</head>
<body>
<form action="insert.html" method="post">
Value1: <input type="text" name="field1-name" />
<input type="Submit" /></form>
</body>
</html>
This is Connect.php
<?php
$username="root";
$password="";
$database="test";
$field1-name=$_POST['Value1'];
mysql_connect(localhost,$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query = "INSERT INTO temp VALUES('$field1-name')";
mysql_query($query);
mysql_close();
?>
And this is Test.php
<?php
include 'insert.html';
include 'connect.php';
$a=$_POST["temp"];
$sql="INSERT INTO temp(val) values ($a);";
?>
One issue you have it with your choice of variable names. You cannot have a dash in your variable name. So $field1-name is an invalid name. You should either remove the dash or change it to an underscore.
You also named your input field1-name but you try to access $_POST['Value1']. Where does Value1 come from?
First fix your form so your input name does not have a dash:
<form action="insert.html" method="post">
Value1: <input type="text" name="field1name" />
<input type="Submit" /></form>
Then fix your variable assignment:
$field1name=$_POST['field1name'];
try changing your form action and form field name. on html file you can't get post values so change it to connect.php
<html>
<head>
<title>SITE</title>
</head>
<body>
<form action="Connect.php" method="post">
Value1: <input type="text" name="field1_name" />
<input type="Submit" /></form>
</body>
</html>
This is Connect.php
<?php
$username="root";
$password="";
$database="test";
$field1_name=$_POST['field1_name'];
mysql_connect(localhost,$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query = "INSERT INTO temp VALUES('$field1_name')";
mysql_query($query);
mysql_close();
?>
In Connect.php you use:
$field1-name=$_POST['Value1'];
There are two problems with that. The variable name might be invalid and $_POST['Value1'] is always empty because the form field is named "field1-name".
Try this:
$value = $_POST['field1-name'];
...
$query = "INSERT INTO temp VALUES('$value')";
Simply put connect.php in action and do whatever you want in connect.php
<html>
<head>
<title>SITE</title>
</head>
<body>
<form action="connect.php" method="post">
Value1: <input type="text" name="field1-name" />
<input type="Submit" /></form>
</body>
</html>
And Connect.php
$username="root";
$password="";
$database="test";
$fieldname=$_POST['field1-name'];
mysql_connect('localhost',$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query = "INSERT INTO temp VALUES ('".$fieldname."')";
mysql_query($query);
Hi I'm brand new to PHP and I'm just doing a simple form to learn. It just contains an email address, I want to Validate the information and send it to the database. My problem is connecting it to a database. I've done a few tutorials but just leave myself confused.
Right now this is my homepage
reg.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Registration Form</title>
</head>
<body>
<?php include("validation.php"); ?>
<form method="post" action="connect.php" name="form">
<ul id="errors">
<li><?php echo $err_email; ?></li>
</ul>
<div id="wrapper">
<div>Email</div>
<div class="input"><input type="text" name="email" value="<?php echo $val_email; ?>" /></div>
</div>
</form>
</body>
</html>
This is my validation.php file
<?php
if($_POST)
{
$email = $_POST['email'];
// Email
if (preg_match('/^[_a-z0-9-]+(\.[_a-z0-9-]+)*#[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$/', $email)) {
$val_email = $email;
}else{
$err_email = 'Please enter valid Email address.';
}
if((strlen($val_email)>0) ){
header("Location: reg");
}else{ }
}
?>
finally my connect file
<?php
$host="localhost";
$username="admin";
$password=""; // Mysql password
$db_name="davidtest"; // Database name
$tbl_name="users"; // Table name
// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("davidtest")or die("cannot select DB");
// Get values from form
$email=$_POST['email'];
// Insert data into mysql
$sql="INSERT INTO $users(email)VALUES('$email')";
$result=mysql_query($sql);
// close connection
mysql_close();
?>
INSERT INTO $users(email)VALUES('$email')
$users isn't a variable so will be empty when being placed into the table. I suspect you meant
$sql="INSERT INTO $tbl_name (email) VALUES ('$email')";
However you should never use unescaped user strings in queries since a malicious user could inject SQL into your query (read up on SQL Injection).
Also please be aware that the mysql_* series of functions is now deprecated, no longer maintained and will be removed in a future release of PHP. Consider mysqli or PDO.