My website is featuring online classified advertisements, programmed by PHP and MySQL. The following code let the administrator delete multiple records using the checkbox tool.
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
<table>
<td><? echo $rows['CountryName']; ?></td>
<td><input name="delete_items[]" type="checkbox" value="<?php echo $rows['id']; ?>" /></td>
</table>
<input type="submit" name="deleteSelected" value="Submit" >
</form>
<?php
if(isset($_POST['deleteSelected'])) {
$delete_items = join(', ', $_POST["delete_items"]);
$query = "DELETE FROM $table_name WHERE id IN ($deleted_items)";
$result = mysql_query($query);
header("Location: admin.php"); }
?>
When I press the submit button without checking boxes (all boxes are unchecked), I receive the following error message (p.s. the script is working well without any error message, if any Checkbox being checked):
Warning: join() [function.join]: Invalid arguments passed in C:\xampp\htdocs\admin_listing.php on line 87
I’ve tried the implode function instead of using join, but still I'm getting an error message.
Maybe I do not passing an array through the function correctly, but I cannot find a solution for the above.
Any advise would be appreciated.
It looks like you are displaying all the records from your database into a single input in the form.
The code will probably work well with the implode() as you tried, but you will need to use a loop in the displaying of the form to generate it properly with the options.
Something like this:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
<table>
<?php
while($row=$databaseResult) //however you are getting the data out of the database.
{
echo "<tr><td>".$rows['CountryName']."</td><td><input name='delete_items[]' type='checkbox' value=".$rows['id']."/></td></tr>";
}
?>
</table>
<input type="submit" name="deleteSelected" value="Submit" >
</form>
Thank you all for trying to help, I found a simple solution by adding one code line, as follows:
<?php
if(isset($_POST['deleteSelected'])) {
if(isset($_POST["delete_items"][0])) {
$delete_items = join(', ', $_POST["delete_items"]);
$query = "DELETE FROM $table_name WHERE id IN ($delete_items)";
$result = mysql_query($query);
header("Location: admin.php");
}
}
?>
Hope it can help someone else...
Related
This is really bugging me now as I've got this to work in phpmyadmin but can't get it to work from my php script.
The code below is a basic php file (I'm learning) where the user submits a part number and an order number in a form which is then passed to a query (via variables), and the query result is returned to a table in the same page.
I can get it to work fine when only passing the part variable $input, but when I pass the AND criteria, no results are returned. I have checked and checked again the table and the combination tested should work. I've tried hardcoding a part number and order number combination and the same happens (okay with just the part but not when you add the AND section). Testing this part AND order combination on phpmyadmin gives the desired effects. Have I missed something?
<?php include 'database.php' ; ?>
<?php
$input =$_GET['part'];
$ord = $_GET['order'];
// This query works fine with just the $input criteria but when I add AND 'Order' etc... it produces zero results.
$query = "SELECT * FROM `part_status` WHERE `Part` = '$input' AND `Order` = '$ord'";
$result = $conn->query($query);
$status = $result->fetch_assoc();
?>
<!DOCTYPE html>
<html>
<head>
<title>Part Archive</title>
</head>
<body>
<!-- Form for submitting the two criteria of the query -->
<form method="get" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
Part Number: <input type="text" name="part" value="<?php echo $part;?>" placeholder="Enter part number">
Order: <input type="text" name="order" value="<?php echo $order;?>" placeholder="Enter order number">
<input type="submit">
</form>
<header><h1>Orders For: <?php echo $input;?></h1></header>
<!-- Table for displaying the result of the slq query at the top -->
<table>
<tr><th>Part</th><th>Qty</th><th>Due Date</th><th>Order No.</th></tr>
<?php while($row = $result->fetch_assoc()) : ?>
<tr><td><?php echo $row['Part']; ?></td><td><?php echo $row['Qty']; ?></td><td><?php echo $row['Due Date']; ?></td><td><?php echo $row['Order']; ?></td></tr>
<?php endwhile ;?>
</table>
</body>
</html>
Always grateful for any pointers or suggestions.
Thanks #dbarthel for this solution...
I removed $status = $result->fetch_assoc(); and also the while loop replacing <?php while($row = $result->fetch_assoc()) : ?> and <?php endwhile ;?> with just <?php $row = $result->fetch_assoc()) ; ?> and this returned a record as requested in the form.
Thanks to all for your help and support. I can now move forward and try to develop this further.
I have a slight problem with my php script. I have a table that generates rows populated by a MySql statement.
At the last column I have a button for edit, and delete. My problem is when I hit delete, the query works successfully but it redirects me to a blank page!
The header location is correct but when I hit delete it stays on the current page, but it is just a plain white page.
<?php foreach($rows as $row): ?>
<tr>
<td>
<form action="" method="post"> <?php echo $row['id']; ?> </form>
</td>
<td>
<form action="" method="post"> <?php echo $row['roleid']; ?> </form>
</td>
<td>
<form action="" method="post">
<?php echo htmlentities($row['username'], ENT_QUOTES, 'UTF-8'); ?>
</form>
</td>
<td>
<form action="" method="post">
<?php echo htmlentities($row['email'], ENT_QUOTES, 'UTF-8'); ?>
</form>
</td>
<td>
<form action="" method="post">
<input name="Edit" type="submit" value="Edit" />
<input name="id" type="hidden" value="<?php echo $row['id']; ?>" />
</form>
</td>
</tr>
<?php endforeach; ?>
And I can successfully set a session using:
if (isset($_POST['Edit'])) {
$_SESSION['id'] = $_POST['id'];
header("Location: edit_account.php");
}
But it seems I have ran into another problem:( I also want to add a delete button on each row to delete that user account. Right now this is how it looks:
<td> <form action="" method="post">
<input name="Delete" type="submit" value="Delete" />
<input name="id" type="hidden" value="<?php echo $row['id']; ?>" />
</form> </td>
And the php code used is:
if (isset($_POST['Delete'])) {
// Everything below this point in the file is secured by the login system
// We can retrieve a list of members from the database using a SELECT query.
// In this case we do not have a WHERE clause because we want to select all
// of the rows from the database table.
$query = "
DELETE
FROM user
WHERE
id = :id
";
// The parameter values
$query_params = array( ':id' => $_POST['id'] );
try {
// These two statements run the query against your database table.
$stmt = $db->prepare($query);
$result = $stmt->execute($query_params);
}
catch(PDOException $ex) {
// Note: On a production website, you should not output $ex->getMessage().
// It may provide an attacker with helpful information about your code.
die("Failed to run query: " . $ex->getMessage());
}
// Finally, we can retrieve all of the found rows into an array using fetchAll
$rows = $stmt->fetch();
// This redirects the user back to the members-only page after they register
header("Location: ../adminindex.php");
// Calling die or exit after performing a redirect using the header function
// is critical. The rest of your PHP script will continue to execute and
// will be sent to the user if you do not die or exit.
die("Redirecting to adminindex.php.php");
}
My problem is the redirection! When I click on the Delete button it actually runs the query but afterwards it just redirects to memberlist.php but the page is blank!?
Why would this be happening? Is there something I am missing?I have tried changing the header location with no success.
Thanks for the help!
die("Redirecting to adminindex.php.php"); ??
Why don't you use a switch?
like this:
switch($action){
case 'delete':
//your code here
break;
case 'edit':
//your code here
break;
}
and to do the delete button:
echo $row['username'] ."<img src=some fancy img>";
So, I have a page with a bunch of workorders on it. Each workorder is a row in a single table, and gets put on the page with a while() statement.
I'm trying to update each row with a simple form that I put inside the while(), and an UPDATE/WHERE statement to actually add the information to the table.
Instead of adding it to the specific row, it adds it to Every row. The only thing I can think of is that my WHERE condition is wrong, but I can't seem to figure it out. Maybe it just needs fresh eyes, or maybe I'm heading in Completely the wrong direction.
Also, any specific instructions on security, a better way to do it, etc. would be very helpful. I'm learning PHP on the fly and could use a helping hand. :)
<?php
$query = "SELECT * FROM client_information";
$result = mysql_query($query) or die(mysql_error());
while($row = mysql_fetch_array($result)){
$which_ad = $row['ID'];?>
<b>Name:</b> <? echo $row['billing_name']; ?> <br>
<b>Job Type:</b> <? echo $row['job_type']; ?> <br>
<b>Size:</b> <? echo $row['size']; ?> <br>
<b>Text:</b> <? echo $row['text']; ?> <br>
<b>Notes:</b> <? echo $notes; ?> <br>
<br><br>
<form action="small_update.php" method="POST">
<strong>Email Message:</strong><br>
<textarea rows="8" cols="60" name="email_message"></textarea>
<input type="submit" name="submit" value="Submit"></form>
<?
$email_message = htmlspecialchars ("{$_POST['email_message']}", ENT_QUOTES);
if (mysql_errno() != 0) {
die(mysql_error());
}
mysql_query(
"UPDATE client_information
SET email_message='$email_message'
WHERE ID='$which_ad'"
);
if (mysql_errno() != 0) {
die(mysql_error());
}
}
?>
You don't specify the id in your form:
<form action="small_update.php" method="POST">
<strong>Email Message:</strong><br>
<textarea rows="8" cols="60" name="email_message"></textarea>
<input type="hidden" name="id" value="<?php echo $which_ad; ?>">
<input type="submit" name="submit" value="Submit">
</form>
you need to also make sure you know what id was submitted:
"UPDATE client_information
SET email_message='$email_message'
WHERE ID='$_POST['id']'"
Of course, you're wide open to attacks like this as everyone else is saying. You need to look into mysqli or pdo to sanitize your input...
Ans also upon inspection you're evaluating your post data in the loop. Don't do that. Just do your evaluation before everything else is processed on the page...
<?php
if($_POST)
{
//run processing here
}
// do your fetch code here and display the forms...
First, thank you for reading this.
I am just starting php and I am tying to make a site using FileMaker to display and enter information.
I have the php connecting to my database, then a search page using a form, then it displays a list of records. I would like to make a "button" that will select one record then display related records.
This is where my trouble is. I do not know how to make a form that will save either the record_Id or key field to then display the next page.
I am using a foreach loop to display the list in a table:
$records = $result->getRecords();
echo '<table border="1">';
echo '<tr>';
echo '<th>Company</th>';
echo '<th>Id Num</th>';
echo '<th>Choose</th>';
echo '</tr>';
foreach ($records as $record) {
echo '<tr>';
echo '<td>'.$record->getField('Company').'</td>';
echo '<td>'.$record->getField('K_Medical').'</td>';
echo '<td>
<form action="welcome.php" method="post">
#This is where I think I need the button, but instead it just breaks :(
<input type="hidden" name="med_id[]" value='$record->getField('K_Medical')/>';
<input type="submit" />
</form>';
echo '</form></td>';
echo '</tr>';
}
echo '</table>';
As you can see I have tried to use a hidden form field to get the key field of the record, but the page dose not work. I get an error 500 when I try to view it in a browser.
Any help would be greatly appreciated! If I have not provided enough information please let me know.
Replace :
echo '<td>
<form action="welcome.php" method="post">
#This is where I think I need the button, but instead it just breaks :(
<input type="hidden" name="med_id[]" value='$record->getField('K_Medical')/>';
<input type="submit" />
</form>';
By :
echo '<td>
<form action="welcome.php" method="post">
#This is where I think I need the button, but instead it just breaks :(
<input type="hidden" name="med_id[]" value='.$record->getField('K_Medical').'/>
<input type="submit" />
</form>';
You have a quotes and concatenation errors.
I've been having a rather irritating issue regarding capturing SQL information and then placing it into a PHP form (in theory, it should be kinda easy).
Here's the code for the SQL database information:
<?
$select = "SELECT * FROM beer WHERE country_id = 3";
$data = mysql_query($select) or die("Unable to connect to database.");
while($info = mysql_fetch_array($data)) {
echo '<center>';
echo '<h2>'.$info['name'].'</h2>';
echo '<table style="padding:0px;"><tr>';
echo '<tr><td><b>ABV%:</b></td><td width="570">'.$info['abv'].'</td></tr>';
echo '<tr><td><b>Bottle Size:</b></td><td width="570">'.$info['bottleSize'].'</td></tr>';
echo '<tr><td><b>Case Size:</b></td><td width="570">'.$info['caseSize'].'</td></tr>';
echo '<tr><td><b>Price:</b></td><td width="570">$'.$info['price'].'</td>';
echo '</tr></table>';
echo '</center>';
echo '<br/>';
echo '<img src="" border="0"><br><br>';
echo '<form name="cart" method="post" action="cart.php"> <table border="0"> <tr>';
echo '<td><input type="hidden" name="bname" value="'.$info['name'].'"><input type="hidden" name="price" value="'.$info['price'].'"></td>';
echo '<td><b>Quantity:</b></td>';
echo '<td><input type="text" name="qty" size="3"></td>';
echo '<td><input type="submit" value="Add to Cart" a href="cart.php?name=foo&price=bar" /a></td>';
echo '</tr></table></form>';
}
?>
I want when the submit value is pressed to somehow transmit the price, quantity and name to a basic HTML form (so that all the user has to do is add name, address, etcetc). I am completely stumped on how to do this.
If anyone could help, it would be much appreciated.
As you mentioned Amazon checkout, here is one thing you probably don't understand.
Amazoin doesn't use the form to move items data between server and browser to and fro.
It is stored in a session on a server time. All you need is some identifier put into hidden field.
To use a session in PHP you need only 2 things:
call session_start() function before any output to the browser on the each paghe where session needed.
Use `$_SESSION variable.
That's all.
Say, page1.php
<?
session_start();
$_SESSION['var'] = value;
and page2.php
<?
session_start();
echo $_SESSION['var'];
You wrote that code? because it's simply the same code as here.
You'll need to write an HTML form in your cart.php file
and use the $_POST variable to show the values of the price , quanitity and name.
For example:
<form method='post'>
<input type='text' name='price' value='<?=$_POST['price']?>'>
<input type='text' name='quanitity' value='<?=$_POST['qty']?>'>