please if you could help me with this, i have a problem with the php_self coding, this is my code:
This is the php code
<?php
if (isset($_POST['submit']))
{
$id=$_REQUEST['id'];
$notes_en=$_REQUEST['notes_en'];
$notes_ru=$_REQUEST['notes_ru'];
$sql="UPDATE hostess SET notes_en='$notes_en',notes_ru='$notes_ru' WHERE id='$id'";
$result=mysql_query($sql);
if($result){
echo "<div id='edittxt'>successfully updated";
echo "<BR>";
echo '<td >View Results</div>';
}
else {
die('error'.mysql_error());
}}
?>
This here is the form code from which i ake the information
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<label>Notes</label></br><div id="note"><h1><textarea value="<?php echo $star['notes_en'];?>"><?php echo $star['notes_en'];?></textarea></h1></div></br>
<input name="id" type="hidden" id="id" value="<?php echo $star['id'];?>">
<input type="submit" value="submit" name="submit"></form>"
If possible please check it because i've been trying to modify it and i get no results, it doesn't give me errors but neither does it update the database
You don't have a name attribute on your field. Also, doesn't takes a value attribute.
Try this:
<textarea name="notes_en"><?php echo $star['notes_en'];?></textarea>
Furthermore, I definitely recommend following Marc B's advice and protecting yourself against SQL injection attacks. Have a look at this thread:
How can I prevent SQL injection in PHP?
Related
there!
I want to do a database search and display the result back to the user in a pre-populated HTML form.
I located the exact part in the code that is not working but I can't understand why PHP is not picked by the server. I'm using UwAMP.
To illustrate the problem here is my short snippet of code that I need help with:
<form id="st_reg" action="" method="POST">
Student Number:
<input type="number" name="s_num" min="1000000" max="3000000" > </br>
<input type="Submit" value="Search">
</form>
<?php
if($_SERVER['REQUEST_METHOD'] == "POST"){
if(empty($_POST['s_num'])){
$errors[] = "You forgot to enter the Student No!";
}
else{
$st_no = trim($_POST['s_num']);
}
if(empty($errors)){
//Open database connection
require('../../connect_to_database/mysql_connect.php');
//Check if the student is already in the database
$query = "SELECT * FROM student WHERE student_no = $st_no";
//Run the query
$result = mysqli_query($db_connection,$query);
if(!$result){
echo "The student does not exist!";
echo"Please <a href='index.html'>go back</a> and choose another action!";
}
elseif($result){
echo "<h2>Student Details:</h2>";
while($row = mysqli_fetch_array($result)){
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
AND the PHP code inside VALUE ATTRIBUTE is not executing when it should in reality. Don't bother about GLOBAL php tags not being closed 'cause they are in the file (I'm not that dump).
Please note all this code is inside a .php file with HTML code. This is a just the processing part after the form is submitted. I saved my time by using single-quotes for echo and escaped the sigle-quotes along the way where DB access was required. I tried curly brackets around variables, echo with double-quotes escaping double-qoutes within it but none of these attempts were successful. This is strange because I can perfectly echo $row['student_no'] outside of this context and is running fine.
I also looked at similar questions on this website. They were close but none of them had nearly to this context. I am open to any suggestions and better than that solutions.
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="<?php if(isset(\$row[\'student_no\'])) echo \$row[\'student_no\']; ?> ">
should look like this:
echo '<form id="st_reg" action="" method="POST">
<label>Student Number:</label>
<input type="number" name = "st_number" min="1000000" max="3000000" value="' . (isset($row['student_no']) ? $row['student_no'] : '') . '">
CONTINUATION OF STRING...
The following will do what you want.
value="<?= (isset($row["student_no"]) ? $row["student_no"] : "") ?>"
You don't need to worry about all of the escaping when you're inside the PHP chunk already.
I have displayed the data in a form edit.php and again paas the truk_id in url on update page to update.php the data of the fields but it's not working. Can anyone check this
PHP Code
<?php
$truck_id=$_GET['truck_id'];
print_r($truck_id);
include("assets/database_con.php");
if (isset($_POST['submit']))
{
$truck_id=$_POST['truck_id'];
$truck_number= mysql_real_escape_string(htmlspecialchars($_POST['truck_number']));
$truck_model= mysql_real_escape_string(htmlspecialchars($_POST['truck_model']));
$truck_make= mysql_real_escape_string(htmlspecialchars($_POST['truck_make']));
$truck_type= mysql_real_escape_string(htmlspecialchars($_POST['truck_type']));
$truck_tierweight= mysql_real_escape_string(htmlspecialchars($_POST['truck_tierweight']));
$truck_gvm= mysql_real_escape_string(htmlspecialchars($_POST['truck_gvm']));
$truck_regodate= mysql_real_escape_string(htmlspecialchars($_POST['truck_regodate']));
$truck_inspectaiondate= mysql_real_escape_string(htmlspecialchars($_POST['truck_inspectaiondate']));
$sql1 ="UPDATE add_truck SET truck_number='$truck_number', truck_model='$truck_model', truck_make='$truck_make', truck_type='$truck_type', truck_tierweight='$truck_tierweight', truck_gvm='$truck_gvm', truck_regodate='$truck_regodate', truck_inspectaiondate='$truck_inspectaiondate' where truck_id='$truck_id'";
echo $sql1;
$results=$conn->query($sql);
if($results)
{
print 'Success! record updated';
}else{
print 'no! record updated';
}
}
?>
You are assigning values to fields in single quotes.
The main string is enclosed within single quotes.
Variables inside single quotes are not parsed (value is not calculated).
This is called variable interpolation.
Use double quotes for whole string and single quotes for values.
Corrected SQL:
$sql = "UPDATE add_truck
SET truck_number='$truck_number', truck_model='$truck_model',
truck_make='$truck_make', truck_type='$truck_type',
truck_tierweight='$truck_tierweight',
truck_gvm='$truck_gvm', truck_regodate='$truck_regodate',
truck_inspectaiondate='$truck_inspectaiondate' where truck_id='$truck_id'";
you are using GET for the truck id and POST for all other variables - is this intentional?
$truck_id=$_GET['truck_id'];
should it be
$truck_id=$_POST['truck_id'];
or should all the other variables be from the GET array?
$truck_id=$_GET['truck_id'];
Here is your problem part you can't get values from get method when you submit. So you need to add some hidden field into your form like this
<input type="hidden" name="truck_id" value="<?php echo $_GET['truck_id']; ?>">
Change your code like this
if (isset($_POST['submit']))
{
$truck_id=$_POST['truck_id'];
}
I changed your code please look at this
//Your code starts now
<?php
include("header.php");
include("assets/database_con.php");
$truck_id= $_GET['truck_id'];
//print ($truck_id);
?>
<?php
//submit part in top that is better
if (isset($_POST['submit']))
{
$truck_id=$_POST['truck_id'];
$truck_number= mysql_real_escape_string(htmlspecialchars($_POST['truck_number']));
$truck_model= mysql_real_escape_string(htmlspecialchars($_POST['truck_model']));
$truck_make= mysql_real_escape_string(htmlspecialchars($_POST['truck_make']));
$truck_type= mysql_real_escape_string(htmlspecialchars($_POST['truck_type']));
$truck_tierweight= mysql_real_escape_string(htmlspecialchars($_POST['truck_tierweight']));
$truck_gvm= mysql_real_escape_string(htmlspecialchars($_POST['truck_gvm']));
$truck_regodate= mysql_real_escape_string(htmlspecialchars($_POST['truck_regodate']));
$truck_inspectaiondate= mysql_real_escape_string(htmlspecialchars($_POST['truck_inspectaiondate']));
$sql1 ="UPDATE add_truck SET truck_number='$truck_number', truck_model='$truck_model', truck_make='$truck_make', truck_type='$truck_type', truck_tierweight='$truck_tierweight', truck_gvm='$truck_gvm', truck_regodate='$truck_regodate', truck_inspectaiondate='$truck_inspectaiondate' where truck_id='$truck_id'";
echo $sql1;
die();
$results=$conn->query($sql);
if($results)
{
print 'Success! record updated';
}else{
print 'no! record updated';
}
}
?>
And changed some thing in here(added action="")
<form role="form" method="post" action="">
And changed some thing in here also(added name="submit")
<div class="form-group">
<input type="hidden" name="truck_id" value="<?php echo $_GET['truck_id']; ?>">
<input type="submit" value="submit" name="submit" class="btn_full" id="submit-booking">
</div>
No need for another div for hidden because it is 'hidden'
Used a new code as solution :
<?php
if (isset($_POST['submit']))
{
$truck_id=$_POST['truck_id'];
...
}
and one hidden value with the submit name of attribute :
<input type="hidden" name="truck_id" value="<?php echo $_GET['truck_id']; ?>">
<input type="submit" value="submit" name="submit" class="btn_full" id="submit-booking">
As the title reveals I got an issue with how to update a checkbox that already has data in my SQL database.
My code looks like following:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
Name <input type"text" name="inputName" value="<?php echo $hemsida['Namn']; ?>" /> </br>
Commentar <input type"text" name="inputComment" value="<?php echo $hemsida['Comment']; ?>" />
<br/>
</br><input type="checkbox" name="inputAll" value="checked" <?php echo $hemsida['All']; ?>/>Alla
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Redigera">
<?php
if(isset($_POST['submit'])) {
$u = "UPDATE hemsida SET `Namn`='$_POST[inputName]', `Comment`='$_POST[inputComment]', `ALL`='$_POST[inputALL]' WHERE ID = $_POST[id]";
mysql_query($u) or die(mysql_error());
echo "User has been modified";
header("Location: ..//sokh.php");
}
?>
The echo $hemsida['Namn'],['Comment'], and ['All'] just brings up and shows the old data thats in the database, but I do not understand what to do to update the checkbox. I have looked everywhere but I am stuck. Thank you in advance!
If I understand your question correctly, you are looking for a way to have a checkbox be either checked or not checked depending on database info. If so, I would try something like this. At the top of your code where you get your database info, put
if($conditionForCheck){
$inputAll = ' checked="checked"';
}
Then in your form
<input type="checkbox" name="inputAll"<?php echo $inputAll; ?> />
your question is not clear but i think you have a column in your database named "all" ? and perhaps this column can take only 1 value (true or false) !!
then you can test this value in your form, if the value is true : checkbox will be checked, else : checkbox will not be checked :
<input type="checkbox" name="inputAll" checked="<?php if($hemsida['All'] == true) echo checked; ?>" />Alla
dont use value="", use checked instead, then test value of $hemsida['All'] if it's true echo checked else anything to do
for your php code and server side of your application you can just test if checkbox is checked and then you have choice for what do you want to assign to your column in database, for example if checkbox is checked create a variable (for example $value_of_checkbox) and assign a value ("true" for exampel) to this variable, then include this variable in your sql code for update database column :
if (isset($_POST['inputALL'])) {
$value_of_checkbox = true;
}
else {
$value_of_checkbox = false;
}
if(isset($_POST['submit'])) {
$u = "UPDATE hemsida SET `Namn`='$_POST[inputName]', `Comment`='$_POST[inputComment]', `ALL`='$value_of_checkbox' WHERE ID = $_POST[id]";
mysql_query($u) or die(mysql_error());
echo "User has been modified";
header("Location: ..//sokh.php")
note : i change also sql code in this part : ALL='$value_of_checkbox'
My website is featuring online classified advertisements, programmed by PHP and MySQL. The following code let the administrator delete multiple records using the checkbox tool.
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
<table>
<td><? echo $rows['CountryName']; ?></td>
<td><input name="delete_items[]" type="checkbox" value="<?php echo $rows['id']; ?>" /></td>
</table>
<input type="submit" name="deleteSelected" value="Submit" >
</form>
<?php
if(isset($_POST['deleteSelected'])) {
$delete_items = join(', ', $_POST["delete_items"]);
$query = "DELETE FROM $table_name WHERE id IN ($deleted_items)";
$result = mysql_query($query);
header("Location: admin.php"); }
?>
When I press the submit button without checking boxes (all boxes are unchecked), I receive the following error message (p.s. the script is working well without any error message, if any Checkbox being checked):
Warning: join() [function.join]: Invalid arguments passed in C:\xampp\htdocs\admin_listing.php on line 87
I’ve tried the implode function instead of using join, but still I'm getting an error message.
Maybe I do not passing an array through the function correctly, but I cannot find a solution for the above.
Any advise would be appreciated.
It looks like you are displaying all the records from your database into a single input in the form.
The code will probably work well with the implode() as you tried, but you will need to use a loop in the displaying of the form to generate it properly with the options.
Something like this:
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post" >
<table>
<?php
while($row=$databaseResult) //however you are getting the data out of the database.
{
echo "<tr><td>".$rows['CountryName']."</td><td><input name='delete_items[]' type='checkbox' value=".$rows['id']."/></td></tr>";
}
?>
</table>
<input type="submit" name="deleteSelected" value="Submit" >
</form>
Thank you all for trying to help, I found a simple solution by adding one code line, as follows:
<?php
if(isset($_POST['deleteSelected'])) {
if(isset($_POST["delete_items"][0])) {
$delete_items = join(', ', $_POST["delete_items"]);
$query = "DELETE FROM $table_name WHERE id IN ($delete_items)";
$result = mysql_query($query);
header("Location: admin.php");
}
}
?>
Hope it can help someone else...
I've been having a rather irritating issue regarding capturing SQL information and then placing it into a PHP form (in theory, it should be kinda easy).
Here's the code for the SQL database information:
<?
$select = "SELECT * FROM beer WHERE country_id = 3";
$data = mysql_query($select) or die("Unable to connect to database.");
while($info = mysql_fetch_array($data)) {
echo '<center>';
echo '<h2>'.$info['name'].'</h2>';
echo '<table style="padding:0px;"><tr>';
echo '<tr><td><b>ABV%:</b></td><td width="570">'.$info['abv'].'</td></tr>';
echo '<tr><td><b>Bottle Size:</b></td><td width="570">'.$info['bottleSize'].'</td></tr>';
echo '<tr><td><b>Case Size:</b></td><td width="570">'.$info['caseSize'].'</td></tr>';
echo '<tr><td><b>Price:</b></td><td width="570">$'.$info['price'].'</td>';
echo '</tr></table>';
echo '</center>';
echo '<br/>';
echo '<img src="" border="0"><br><br>';
echo '<form name="cart" method="post" action="cart.php"> <table border="0"> <tr>';
echo '<td><input type="hidden" name="bname" value="'.$info['name'].'"><input type="hidden" name="price" value="'.$info['price'].'"></td>';
echo '<td><b>Quantity:</b></td>';
echo '<td><input type="text" name="qty" size="3"></td>';
echo '<td><input type="submit" value="Add to Cart" a href="cart.php?name=foo&price=bar" /a></td>';
echo '</tr></table></form>';
}
?>
I want when the submit value is pressed to somehow transmit the price, quantity and name to a basic HTML form (so that all the user has to do is add name, address, etcetc). I am completely stumped on how to do this.
If anyone could help, it would be much appreciated.
As you mentioned Amazon checkout, here is one thing you probably don't understand.
Amazoin doesn't use the form to move items data between server and browser to and fro.
It is stored in a session on a server time. All you need is some identifier put into hidden field.
To use a session in PHP you need only 2 things:
call session_start() function before any output to the browser on the each paghe where session needed.
Use `$_SESSION variable.
That's all.
Say, page1.php
<?
session_start();
$_SESSION['var'] = value;
and page2.php
<?
session_start();
echo $_SESSION['var'];
You wrote that code? because it's simply the same code as here.
You'll need to write an HTML form in your cart.php file
and use the $_POST variable to show the values of the price , quanitity and name.
For example:
<form method='post'>
<input type='text' name='price' value='<?=$_POST['price']?>'>
<input type='text' name='quanitity' value='<?=$_POST['qty']?>'>