I got a table with dynamic data with 5 td-s. First one is for the ID, second one for date, third for the name of the author, fourth for some properties and in the last one i got two buttons. I want them to change the value of the $status in applications table. For that I made 2 php files in which I added the mysql update function for each of the buttons. But I don't know why when I press the buttons it does everything in the php except it doesn't change the value of $status. Please let me know where I am wrong and how can I make it work. Thanks in advance.
The html code of the buttons (the last td):
<form action="status1.php">
<input type="submit" name="approve" value=" + ">
</form>
<form action="status2.php">
<input type="submit" name="refuse" value=" - ">
</form>
The PHP code for the buttons - status1.php (status2.php is the same but it changes the $status value to 2 instead of 1)
<?php
require_once('config.php');
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
mysql_query('set names windows-1251', $link);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
$id=$_GET['id'];
$qry="UPDATE applications SET status=1 WHERE id='$id'";
$result = mysql_query($qry);
if($result) {
header("location: applications.php");
exit();
}
else {
die("Query failed");
}
?>
You are using $_GET['id'] as identifier, but as far as I can see in the code, you are not actually sending any GET information apart from the submit button itself. So your query is currently actually updating the row WHERE id=''. That's why you don't get errors, but you don't get your desired result either.
Change the action parameter of your form to status1.php?id=$id, or add something like <input type="hidden" name="id" value="$id"/> inside the form.
Well, are you getting any errors? Comment out the header("location: applications.php"); line so you will see if it throws any. Also try adding something like echo $qry so you can visually verify that the query is correct.
Also, you should read up on SQL injection and how to protect against it. Directly sticking user input into the query like that can open the door to nastiness. Also, you aren't checking user input for apostrophes which can break your query. I personally use PDO, which makes it a lot easier and a bit safer.
Another suggestion, rather than having to maintain two separate submission PHP files, just put your two submit buttons like this:
<input type="submit" name="status" value=" + ">
<input type="submit" name="status" value=" - ">
Then change the form action to the name of the consolidated php file and in that file, just evaluate the value of the status like:
$status = 0;
if ($_GET["status" == " + ") $status = 1;
If you install PDO, you'd do the meat of the DB update like this:
$pdo = new PDO("mysql:host=" . DB_HOST . ";dbname=" . DB_DATABASE, DB_USER, DB_PASSWORD);
$sql = $pdo->prepare("UPDATE applications SET status=? WHERE id=?");
$sql->execute(array($status, $_GET["id"]));
..which would be a little safer than what you're doing now.
Disclaimer: I'm just a hobbyist PHP programmer, so there may be better ways than I've mentioned :)
use this instead of ur form tag
for form 1
<from method="get" action="status1.php">
<input type="hidden" name="id" value="1"/>
<input type="submit" name="approve" value=" + "/>
</form>
for form2
<from method="get" action="status2.php">
<input type="hidden" name="id" value="2"/>
<input type="submit" name="refuse" value=" - "/>
</form>
Related
I have a table within my database containing subscriptions, each subscription has a name, id and a notes column.
I'm trying to allow the user to update the notes column through a text area on the webpage. All of the subscriptions are in a list on the page which allows the user to click on them to view that specific subscription.
How would I make sure the note that is updated is correct with the id of the subscription they have clicked on?
I currently have this code.
<form method="POST" action="noteAction.php">
<textarea id="notes" name="noteValue">$notes</texarea>
<input type="submit" name="submit"/>
</form>
This is what I think my noteAction.php should look like however I cannot get it working.
mysql_connect ("host", "user", "password") or die ('Error: ' . mysql_error());
mysql_select_db("database_name") or die ('Data error:' . mysql_error());
$text = mysql_real_escape_string($_POST['noteValue']);
$query="UPDATE `subscription` SET `notes`= '$text' WHERE `id` = '$id'";
mysql_query($query) or die ('Error updating database ' . mysql_error());
Any help would be great, thanks.
Use hidden element to store your id inside it.
<form method="POST" action="noteAction.php">
<textarea id="notes" name="noteValue">$notes</texarea>
<input type="hidden" name="id" value="id" value="your id goes here" />
<input type="submit" name="submit"/>
</form>
When you're putting the note in the form, you must have an id for that note kicking about somewhere, after you retrieved it from the database. If you only selected the note contents in that query, select the ID as well. Then pass the ID over in a hidden field, and you have the ID to use in the MySQL query (which is correct).
<input type="hidden" name="note-id" value="note_id_here">
I am looking to delete a particular row from a database using the code below. The code below is within a file called "delete.php" and it is taking input from an input box that is located on another php file called "yourReports.php".
When the form is submitted on "yourReports.php" it should delete the row from the database, however it doesn't appear to be working.
delete.php
<?php
$mysqli = mysqli_connect("localhost", "root", "DBPASS","DBNAME") or die ('Could not connect to database!');
$_POST['delete'];
$deletereport = mysqli_real_escape_string($mysqli, $_POST['delete']);
mysqli_query($mysqli,"DELETE FROM reports WHERE reportName = '".$deletereport."'");
header('Location: yourreports.php');
?>
yourReports.php
<form action="delete.php" method="post" name="form1">
<label><strong>Enter Report Name To Delete:</strong></label>
<input name="delete" id="delete" type="text">
<input value="Delete Report" name="delete" class='myButton' type="submit">
</form>
Any help would be appreciated.
Thanks
Set the method and name attribute of form to post
<form action="delete.php" method="post" name="form1">
Check if the query fails:
if(! mysqli_query($mysqli,"DELETE FROM reports WHERE reportName = '".$deletereport."'")){
echo mysqli_error();
}
[Updated]
You cannot have two inputs with the same name. Your input and delete button both have the name delete. So try considering different names for inputs.
change
mysqli_query($mysqli,"DELETE FROM reports WHERE reportName = '".$deletereport."'");
To
mysqli_query($mysqli,"DELETE FROM reports WHERE reportName = '{$deletereport}'");
I am making a php page that retrieves data from a database table and putting it in a table for the user to see via MySQLi commands.
I was wondering how I should approach the reverse situation. I want the user to be able to enter in information into textboxes and the click a button at the bottom of the page called 'save' which will prompt the user "are you sure" before saving to the database. If the user clicks 'yes', then the new entry is inserted into the database.
I have the following code to create the labels and textboxes:
<FORM>
ID: <input type="text" name="id"><br />
NM: <input type="text" name="nm"><br />
Company: <input type="text" name="company"><br />
Address: <input type="text" name="address"><br />
City: <input type="text" name="city"><br />
Zip: <input type="text" name="zip"><br />
State: <input type="text" name="state"><br />
Phone: <input type="text" name="phone"><br />
Website: <input type="text" name="web_site"><br />
</FORM>
However, when it comes to the 'save' button, I can implement the button just fine, but how would I go about saving the information entered into the database?
My initial thought process was to find the values that the user entered. I'm new to PHP and WEB dev in general, but I need to know how to get the value of the text in the textbox. Would I have to sift all the values through via the PHP Post method?
Once I have the information the user wants to enter, I was thinking maybe MySQLi has an insert function, which I found here, http://php.net/manual/en/mysqli.insert-id.php. Then it's just a quick insert and it's in the database after the user gives the 'yes' at the prompt.
Do I have the right idea in mind? Is there a more efficient way to do this?
Any help is greatly appreciated. I've looked around for problems and solutions similar to the ones related to my scenario but there were none. =(
Thanks!
EDIT:
Here is the code I have on the agentprocess.php that the action form sends the information to:
<?php
$agent_nm = $_POST['nm']; // gather all the variables
$company = $_POST['company'];
$address = $_POST['address'];
$city = $_POST['city'];
$zip = $_POST['zip'];
$state = $_POST['state'];
$phone = $_POST['phone'];
$web_site = $_POST['web_site'];
$batch_id = $_POST['batch_id']; // added batch id
//connect
$conn = new mysqli('local', 'admin', 'pass', 'DB');
if(mysqli_connect_errno()) {
exit('Connect failed: '. mysqli_connect_error());
}
//generate the query (doesn't add id because id is autoincremented)
$query = "INSERT INTO t_agent VALUES (NULL, " . $agent_nm . ", " . $company . ", " . $address . ", " . $city . ", " . $zip . ", " . $state . ", " . $phone . ", " . $web_site . ", " . $batch_id . ")";
//insert and close.
mysqli_query($conn, $query);
mysqli_close($conn);
Despite the code here, I've queried the table and the new entry is not there. Am I missing something here?
Thanks in advance!
Very simple example, added the label tag to the labels for your input and put it inside of a form.
<form method="post" action="process.php" id="myForm" name="myForm" >
<label for="ID">ID</label>: <input type="text" name="ID" /><br />
<label for="nm">NM:</label> <input type="text" name="nm"><br />
<label for="company">Company:</label> <input type="text" name="company"><br />
<label for="address">Address:</label> <input type="text" name="address"><br />
<label for="city">City</label>: <input type="text" name="city"><br />
<label for="zip">Zip</label>: <input type="text" name="zip"><br />
<label for="state">State</label>: <input type="text" name="state"><br />
<label for="phone">Phone</label>: <input type="text" name="phone"><br />
<label for="web_site">Website</label>: <input type="text" name="web_site"><br />
<input type="submit" name="submit" />// this is your submit button
</form>
On the process.php page
//get your inputs from the form
$ID = $_POST['ID'];
//do the same for each of the text inputs
Then you can use mysqli as you described to insert the values into your database, feel free to comment if you need any help with the mysqli part of the question, I didn't include it here since you had the link posted in the original question.
you need to use forms. yes, using the name attributes in your elements, you sift through $_POST(eg. $_POST['company']) for the values you want to store into the DB. here's an example. Use MYSQLi statements instead of mysql as in the eg.
this is simple yet a little complex task for web development beginers.
So I am going to give you an full example of what you need to do...
To do the SAVE button check the fastest way is to use javascript confirm dialog and if confirmed to submit form with javascript also.
The Mysql insert part is easy, you need to check if there is data that you submited via form in $_REQUSET (this works better than $_POST or $_GET because it catchs it both.) and then to connect to db and do an insert query...
Everything is explained in this example:
http://pastebin.com/thNmsXvn
But please use some template engine like Smarty because doing php, javascript and html in one file without template is awful and long term will give you only problems.
I think that I was very clear in the example I put on pastebin but if you have some questions feel free to ask...
Just to add, I have removed ID from HTML form because the best solution for managing ID's in MySQL is auto increment option, you configure that when you create table and set it to a specific field. Most usually it is ID, and it must be an integer.
You should use PDO functions for PHP/MySQL
id field should be autoincrement
<?php
$host= "xxx";
$username="xxx";
$password="xxx";
$database="xxx ";
// Gets data from URL parameters
$name = $_POST['nm'];
//Repeate for all other parameters
// Opens a connection to a MySQL server
try {
// DBH means "DB Handle"
// MySQL with PDO_MYSQL
$DBH = new PDO("mysql:host=$host;dbname=$database", $username, $password);
}
catch(PDOException $e) {
echo $e->getMessage();
}
// STH means "Statement Handle"
$STH = $DBH->prepare("INSERT INTO mytable ( id, nm,company,address,city,zip,state,phone,web_site ) values ( NULL,:nm,:company,:address,:city,:zip,:state,:phone,:web_site)");
$STH->bindParam(':name', $name);
//Repeate for all other parameters
$STH->execute();
//# close the connection
$DBH = null;
?>
Hi i am using openWYSIWYG as a text editor for a text area. I then am trying to post the contents of the text area to a field in my database.
This is the code i have so far -
<?php
$text = $_GET['Comments'];
mysql_connect ("localhost", "user", "password") or die ('Error: ' . mysql_error());
mysql_select_db("databasename") or die ('Data error:' . mysql_error());
$query="INSERT INTO KeepData (player_data)VALUES ('$text')";
mysql_query($query) or die ('Error updating database' . mysql_error());
?>
I can connect to the database, and when i click submit it adds a blank entry into the field? how would i get it so it keeps all the formatted data?
Many thanks
update
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<textarea id="Comments" name="Comments">
example text
</textarea>
<input type="submit" name="mysubmit" value="Save Post" />
</form>
DIM3NSION
Try something like the following:
<?php
if ($_POST['submit']) {
mysql_connect ("localhost", "user", "password") or die ('Error: ' . mysql_error());
mysql_select_db("databasename") or die ('Data error:' . mysql_error());
$text = mysql_real_escape_string($_POST['comments']);
$query="INSERT INTO KeepData (player_data) VALUES ('$text')";
mysql_query($query) or die ('Error updating database' . mysql_error());
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<textarea name="comments">Example Comment</textarea>
<input name="submit" type="submit" value="submit" />
</form>
You must save an format coded version elsewhere on a hidden textarea (much like here on StackOverflow, if you type **text** it will come out as text, in the database, they probably save it as **text** and render it with PHP.
Once the formatted version is saved, render it with PHP when you get the data from the database.
Is your form POSTing or GETing (you said POSTing in your post)? You have $_GET['Comments'], but if your form's action is POST, you need to use $_POST['Comments'];
if you add echo $text;exit; after you assign $text, do you see anything?
You should use mysql_escape_string function because of mysql injection and if text contains ' you'll get error.
Check if your have <form action='get'>. If it is just <form> get used by default
Check that your wisywig have name='Comments' attribute.
Escape the $text with mysql_real_escape_string. It can contain SQL-illegal symbols, like '. This function escapes them with \
(recommendation) do not use mysql_*, it is deprecated of PHP 5.3 and will be removed.
(recommendation) appending user input to sql query is always a risk of SQL-injection. Use prepared statements
just add the onclick event something like
<button onclick=" $('#txtEditor').val($('.Editor-editor').html());" type="Publish" id="Publish" name="Publish" class="btn btn-primary">Publish</button>
remember the #txtEditor has to match with the form id, this works well, and note the .html will save it to database with the color,Bold and many more effect if you added any (that is the wysiwyg fuction)
then for your php code that send to database, do something like this
$anything = ($_POST['txtEditor']);
$anything you which to use as variable,dont forget the txtEidtor is the form id. with this your wysiwyg is up and working.
Trying to perform a very simple task here.
I have an <ol> that contains 4 rows of data in some handy <li>s. I want to add a delete button to remove the row from the table. The script in delete.php appears to have finished, but the row is never removed when I go back and check dashboard.php and PHPMyAdmin for the listing.
Here's the code for the delete button (inside PHP):
Print "<form action=delete.php method=POST><input name=".$info['ID']." type=hidden><input type=submit name=submit value=Remove></form>";
Moving on to delete.php:
<?
//initilize PHP
if($_POST['submit']) //If submit is hit
{
//then connect as user
//change user and password to your mySQL name and password
mysql_connect("mysql.***.com","***","***") or die(mysql_error());
//select which database you want to edit
mysql_select_db("shpdb") or die(mysql_error());
//convert all the posts to variables:
$id = $_POST['ID'];
$result=mysql_query("DELETE FROM savannah WHERE ID='$id'") or die(mysql_error());
//confirm
echo "Patient removed. <a href=dashboard.php>Return to Dashboard</a>";
}
?>
Database is: shpdb
Table is: savannah
Ideas?
It's refusing to stick because you're calling it one thing and getting it with another. Change:
"<input name=".$info['ID']." type=hidden>"
to
"<input name=ID value=".$info['ID']." type=hidden>"
because in delete.php you're trying to access it with:
$id = $_POST['ID'];
You should really quote attribute values as well ie:
print <<<END
form action="delete.php" method="post">
<input type="hidden" name="ID" value="$info[ID]">
<input type="submit" name="submit" value="Remove">
</form>
END;
or even:
?>
form action="delete.php" method="post">
<input type="hidden" name="ID" value="<?php echo $info['ID'] ?>">
<input type="submit" name="submit" value="Remove">
</form>
<?
Please, for the love of the web, don't built an SQL query yourself. Use PDO.
Just another point I'd like to make. I'm 95% sure that you can't give an input a numeric name/id attribute. It has to be like "id_1" not "1".
Also with php you can do arrays.
So you could do this
<input name="delete[2]">
then in your php
if(isset($_POST['delete']))
foreach($_POST['delete'] as $key=>$val)
if($_POST['delete'][$key]) delete from table where id = $val