I'm currently facing a strange issue whereby I did not get any errors from my debugging page. My table consists of several rows and only the first row of the table can't be deleted.
Sample form:
$DB = new PDO('sqlite:database/Sample.db');
$result = $DB->query("select * from staff");
foreach ($result as $row)
{
$StaffNo= $row['StaffNo'];
$Name= $row['Name'];
$TelNo= $row ['TelNo'];
echo "<tr>";
//Go to remove.php to remove
echo "<form action=\"Remove.php\" method=\"post\">";
echo "<input type=\"hidden\" name=\"StaffNo\" value=\"$StaffNo\">";
echo "<input type=\"submit\" onclick=\"return confirm('Yes/No')\"/>";
echo "</form>";
echo "</td>";
echo '<td data-column-name="Name" char="data">'.$Name.'</td>';
echo '<td data-column-name="TelNo" char="data">'.$TelNo.'</td>';
</tr>
}
Remove.php:
$StaffNo= $_POST["StaffNo"];
$DB = new PDO('sqlite:database/Sample.db');
$DB->query("DELETE FROM Staff WHERE StaffNo=".$StaffNo);
#header("location:view.php");
From my code above, I can delete all my sample records except for the first row. It doesn't get deleted... Kindly advise if i did wrong somewhere....
I've tried your code and apart from the broken table code, everything seems fine. Make sure your table is correct (<table><tr><td>Content</td></tr></table>). In your question, you're missing an opening <td> on line 9 of the first file, as well as missing <table> tags. Some browsers don't handle broken tables very well and that might mess up your form.
Your query will also break if $StaffNo is an empty string, so double check that.
You can also try removing the header() call and print out errors using $DB->errorInfo().
To inject your variable i the hidden field you should type
".$StaffNo."
instead of
"$StaffNo".
probably it doesn't delete the first row of your table becouse it's the only one with a StaffNo defined.
Related
I am currently working on a php and MySQL application. In my application I load a table from MySQL and I display it in my Website. The table consists of the columns (ID,Name,SurName). When I load the table I also create another column which consists of different checkboxes. My source code for the creation of the table is the following:
function user_clients_table() {
$con = mysql_connect("localhost","root",'');
if(!$con){
die("Cannot Connect" . mysql_error());
}
mysql_select_db("client_app",$con);
$get_user_clients = "SELECT `ID`,`Name`,`SurName` FROM `clients` ";
$clients = mysql_query($get_user_clients,$con);
echo "<table border=2>
<tr>
<th>Client</th>
<th>Name</th>
<th>SurName</th>
<th>Receive Message</th>
</tr>";
while($record = mysql_fetch_array($clients)){
echo "<form action=pushnotification.php method=post>";
echo "<tr>";
echo "<td>".$record['ID']." </td>";
echo "<td>".$record['Name']." </td>";
echo "<td>".$record['SurName']." </td>";
echo "<td>"."<input type=checkbox name= checkbox[".$record['ID']."] "."</td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysql_close();
}
The table looks Lke that in the Website:
What i want to do is to echo the client id from the first column of the table if the checkbox of the client isset after i click the send button on the website. For example if the top checkbox isset i want to echo "1" , if the checkbox in the third row is checked i want to echo "3".
I ve done this so far:
if (isset($_POST['checkbox']))
{
foreach ($_POST['checkbox'] as $key => $value)
{
$receivemsg = $key;
}
echo '<span style="color:#AFA;text-align:center;">'.$receivemsg.'</span>';
}
But it works only for the first checkbox the other ones are not working.
Can someone please help me to do this?
Thanks in Regards
(In HTML, you put the attributes in "", like type="checkbox". Use '' for your tags, so you can use "" for the attributes. You are also missing a " />" at the end of your input tag.)
With the isset you actually check only the first one. Remove it, with foreach, you don't need it anyway, as it loops through the checked checkboxes (if you send them from HTML as an array). If none of the checkboxes are selected, the loop will run 0 times anyway.
foreach ($_POST['checkbox'] as $key => $value)
{
$receivemsg = $key;
}
If you write it this way, it will only save the very last checked checkbox. Maybe you want
foreach ($_POST['checkbox'] as $key => $value)
{
$receivemsg[] = $key;
}
And of course, injection, mysqli, and others what has been mentioned in the comments.
(Personally I find it kind of strange that if checkboxes are sent as an array, isset doesn't work on them anymore. Or to be more precise, it works on them as elements of the array.)
As #Johannes said, you also declare a form for each checkbox.
I am opening a file (formatted in rows and columns) with PHP, looping through the rows on the file and echoing out rows into a table that meet a certain criteria. On each row that I echo out I am wrapping it in form tags. Ultimately, if I echo out 20 rows I will echo out 20 forms, each of them having a button. I am also echoing out a column with a comments box. I want the end user to be able to go to this page, enter comments on each row, and then hit the submit button to store the results of the row into a database. I have 2 problems that I do not know how to overcome.
1.) When echoing out the results to the table I do not create a static variable to reference when I go to create my SQL insert statement. How do I label each piece of data so I can call it later?
2.) There are going to be multiple forms, and the user will only be using one at a time. How do I ensure that when the user clicks submit, it only submits the data fields from the same row?
Hopefully this makes sense. If not Im happy to add as much clarification as needed. Im definitely a newbie when it comes to PHP, so I'm certain this is a poor design but Im on a tight timeline and I just need a working product for now. Next week I can go back and perhaps implement a better solution I'm sure one you kind people will suggest:)
<?php
if (($handle = fopen("name of file to open here", "r")) !== FALSE) {
while (($data = fgetcsv($handle, 1000, "\t")) !== FALSE) {
if ($data[4] == $login){
$num = count($data);
echo "<form action='analyzer.php' method='post'>";
echo "<tr>";
echo "<td>";
echo $data[1];
echo "</td>";
echo "<td>";
echo $data[2];
echo "</td>";
echo "<td>";
echo $data[3];
echo "</td>";
echo "<td>";
echo $data[4];
echo "</td>";
echo "<td>";
echo $data[5];
echo "</td>";
echo "<td>";
echo $data[6];
echo "</td>";
echo "<td>";
echo $data[7];
echo "</td>";
echo "<td>";
echo $data[8];
echo "</td>";
echo "<td>";
echo "<input type='text' name='comments' />";
echo "</td>";
echo "<td>";
echo "<input class='mybutton' type='submit' name='#' value='Submit' />";
echo "</td>";
echo "</tr>";
echo "</form>";
}
fclose($handle);
}
}
?>
1.) When echoing out the results to the table I do not create a static variable to reference when I go to create my SQL insert statement. How do I label each piece of data so I can call it later?
You need some way of uniquely identifying the piece of data. You can do this using hidden input variables.
2.) There are going to be multiple forms, and the user will only be using one at a time. How do I ensure that when the user clicks submit, it only submits the data fields from the same row?
You can name the forms or assign them a sequence in an array. For example:
<input type="submit" name="form[5]" />
You can also simplify your code by using a loop like this:
foreach( $data as $key=>$val ) {
echo "<td>$val</td>";
}
I know there is already an accepted answer here, but I feel like suggesting another way of doing this. Having a bunch of forms on one page each with their own submit button and requiring a page load every time is kind of cumbersome from a UI perspective.
My suggestion is that you start the long, painful, and rewarding process of learning Ajax. I have been learning jQuery AJAX and I use it to do similar things.
Example:
I have a table with 30 rows, each of which represent a process.
Each row has a checkbox.
I have a submit button down at the bottom, where a user can submit all the rows with checked boxes.
But, I also have buttons in each row (right next to the checkboxes actually). The buttons are simply labeled "now", and when you click them, that row is processed in the background without a page reload.
So I have allowed users to submit many rows with the normal form submit button if they want, OR to submit any individual row and not have to wait for the page to reload.
I can perhaps add some code here if anyone is ever interested.
I searched fot the solution but nothing works.
<?php
$result = mysql_query("SELECT username, EmailAddress FROM users", $connection);
echo "<form method='post'><table class='mecz' cellpadding='0' cellspacing='0' border='0'>
<tr>
<th>user names:</th>
<th>address e-mail</th>
<th></th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr align='center'>";
echo "<td>" . $row['username'] . "</td>";
echo "<td>" . $row['EmailAddress'] . "</td>";
echo "<td><input class='delete' type='submit' name='delete' value='usuĊ' /></td>";
echo "</tr>";
}
echo "</table></form>";
//here a part when i'm trying to pass delete action from the form
?>
<?php
if (($_POST['username'] != "") && (isset($_POST['delete'])))
{
$username = $_POST['username'];
$query = "DELETE FROM users WHERE username = '".$username."' AND '".$_POST['delete']."'";
$result = mysql_query($query,$connection);
echo mysql_error();
}
?>
I think the solution is not very complex but i can't find it, please help.
Thanks,
Kris
you aren't sending username in the code you posted, so $_POST['username'] isn't set and thus the delete isn't executed.
even if you would enter the if-block, your delete-query doesn't make much sense - what should AND '".$_POST['delete']."' do? that part seems pretty sensless.
you try to make one form containing several submit-buttons (one for every user). on server-side you can't determine wich submit-button is pressed as the whole form gets sent as one big bunch of data. you'll need one form per user or simply use links (a-elements) to sent the delete- and username-values (but note that in the latter case you'd do GET instead of POST-requests)
you don't specify a action for your form - this might or might not be a problem in your case, please see the various comments to your question about this for more information.
your delete-query is perfectly open for sql-injections. please consider using prepared statements or at least mysql_real_escape_sting to avoid this.
and this are only the real problematic points that prevent your code from working at all or leave awkward security-holes. in addition, there are some things that are just unneccessary or some kind of messy (like calling mysql_error every time instead of doing that only if a query fails - but maybe you just added that for debugging).
altogether it seems like you should start reading a good book or some detailed tutoriala again to refresh and extend your fundamental understanding of php/mysql/html.
Hey so I am trying to grab the user input text within a textarea but it is not working out too well. What is happening is that we are grabbing a text (movie review) from our server and we want the user to be able to update it and then send it back to the server. Anyone know what we are doing wrong??
We arent getting any error, it just that we are unable to grab the textarea field data. We are pretty new to php and html so I am assume it is some small typeo we are overlooking.
UPDATE: Full fills here.
http://dl.dropbox.com/u/21443163/Reviews.php
http://dl.dropbox.com/u/21443163/updateReview.php
while($RecordSetMovieRow = odbc_fetch_array($RecordSetMovie))
{
echo "<tr>";
$review = $RecordSetMovieRow['Review'];
echo "<td align = 'center'>" . $RecordSetMovieRow['FirstName']. $RecordSetMovieRow['LastName'] . "</td>";
echo "<td align = 'center'><textarea name = 'textarea' rows = '5' cols= '40'>" . $review . "</textarea></td>";
$textarea = $_GET['textarea'];
$u = $Re[0];
echo "<td><form action = 'updateReview.php?id=".$RecordSetMovieRow['ReviewID']."&review=$textarea' method = 'POST'><input type='submit' value='Update'></form></td>";
echo "</tr>";
}
echo "</table>";
odbc_close($Conn);
If you want to send large blocks of data to the database then enclose everything in a form with the method=POST name/attribute
<form action="updatingScript.php" name="myForm" method="POST" >
<textarea name="textArea" rows="5" cols="40"><?=$review ?></textarea>
</form>
Then in your updatingScript.php do this
if(isset($_POST['myForm'])) {
$textInfo = mysql_real_escape_string($_POST['textArea']);
//move this info in your database
mysql_connect("localhost", "root", "");
mysql_select_db("myDb")
$query="UPDATE myTable SET userTextInfo='$textInfo' WHERE userId='$userId' ";
$result=mysql_query($query);
}
Also set error_reporting(E_ALL); at the beginning of your PHP script as this will display what went wrong (in response to your "we aren't getting any errors")
You mention method='POST' in your form definition (which is right), but attempt to check $_GET['textarea'] (which is wrong either way). I'd suggest fixing the latter: sending large blocks of text in URL itself is usually not great.
Don't forget to get rid of the &review=$textarea as well; no need to send the content twice, in two different variables. )
Your code, with just a few minor tweaks to make it get the proper data from the form. The credit goes to raina77ow, though - his answer is absolutely correct. I just saw that you requested some code, so here it is.
Also, you need to have the form tags such that the textarea is WITHIN them, otherwise it is not part of the form, and it's data does not get posted (that edit is included below).
echo '<form action = 'updateReview.php?id=".$RecordSetMovieRow['ReviewID']."' method = 'POST'>'; // Moved this outside of the while - BUT it needs to be BEFORE the <table> tag also!
echo '<table>'; // If this is not where you want your opening table tag, that's fine - but move the opening FORM tag to BEFORE the opening Table tag
while($RecordSetMovieRow = odbc_fetch_array($RecordSetMovie))
{
echo "<tr>";
$review = $RecordSetMovieRow['Review'];
echo "<td align = 'center'>" . $RecordSetMovieRow['FirstName']. $RecordSetMovieRow['LastName'] . "</td>";
echo "<td align = 'center'><textarea name = 'textarea' rows = '5' cols= '40'>" . $review . "</textarea></td>";
$textarea = $_POST['textarea']; // Changed from $_GET["textarea"] because you are using method='post' in form
$u = $Re[0];
echo "<td><input type='submit' value='Update'></td>";
echo "</tr>";
}
echo "</table>";
echo '</form>'; // Moved this to the end of the form, so data from form will get passed
odbc_close($Conn);
I'm creating a page that searches for an item and then be able to edit/update it. I was able to do it when it returns just one result but when it gives me multiple results I could only edit the very last item. Below is my code:
.......
$dj =$_POST[djnum];
$sql= "SELECT * From dj WHERE datajack LIKE '$dj%'";
$result = mysql_query($sql);
//more code in here//
while ($info =mysql_fetch_array($result)) {
// display the result
echo "<form action=\"dj_update.php\" method=\"POST\"><input type=\"hidden\" name=\"djnumber\" value=\"".$info['datajack']."\">";
echo "<tr><td>DJ ".$info['datajack']."</td>";
echo "<td>".$info['building']." </td>";
echo "<td>Rm ".$info['room']." </td>";
echo "<td>".$info['switch']." </td>";
echo "<td>".$info['port']." </td>";
echo "<td>".$info['notes']." </td>";
echo "<td style=\"text-align:center;\"><input type=\"Submit\" value=\"Edit\" ></td></tr>";
}
// more code here //
Then this is the screen shot of the result:
The idea is the user should be able to click on "Edit" and be able to edit/update that particular item. But when I click any of the Edit button I could only edit the last item. What am I missing here? Is there an easier way to do this?
Thanks guys and Happy new year!
There's no form closing tag - it should be added after each "Edit" button.
Now, since forms are not closed, there are several hidden inputs with the same "djnumber" in each form, and I suppose, browser sends only one value - which is specified in your last row.
So, adding the following at the end of your loop:
echo "</form>";
should help.
What are the values for datajack?
If the values are datajack1, datajack2 etc then a LIKE will return the first one every time, you need to make your query more specific.
$sql = "SELECT * From dj WHERE datajack id ' " . mysql_escape_string($id) . "' LIMIT 1";
I have changed the query to match one row and also use an id field, using LIKE in this situation is bad, you want to edit a specific row, not a row that is potentially LIKE the row you thought you were editing.
Note the use of mysql_escape_string() too to stop MySQL Injection techniques.
Hope that helps.