I am running into a frustrating problem with a PHP script that's supposed to allow me to edit individual rows within my MySQL database.
This is the file where all of the rows from the database are displayed; it works just like it's supposed to.
<table cellpadding="10">
<tr>
<td>ID</td>
<td>First Name</td>
<td>Last Name</td>
<td>E-mail</td>
<td>Phone</td>
</tr>
<?php
$username="username here";
$password="password here";
$database="database name here";
mysql_connect(localhost,$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM students";
$result=mysql_query($query);
mysql_close();
while ($row=mysql_fetch_array($result)){
echo ("<tr><td>$row[id]</td>");
echo ("<td>$row[first]</td>");
echo ("<td>$row[last]</td>");
echo ("<td>$row[email]</td>");
echo ("<td>$row[phone]</td>");
echo ("<td>Edit</td></tr>");
}
echo "</table>";
?>
As you can see, each row has an "Edit" link that is supposed to allow the user to edit that individual student's data. Here, then, is StudentEdit.php:
<?php
$username="username";
$password="password";
$database="database";
mysql_connect(localhost,$username,$password);
$student_id = $_GET[id];
$query = "SELECT * FROM students WHERE id = '$student_id'";
$result = mysql_query($query);
$row = mysql_fetch_array($result);
mysql_close();
?>
<form method="post" action="EditStudentData.php" />
<table>
<tr>
<td><input type="hidden" name="id" value="<? echo "$row[id]" ?>"></td>
</tr>
<tr>
<td>First Name:</td>
<td><input type="text" name="first" value="<? echo "$row[first]" ?>"></td>
</tr>
<tr>
<td>Last Name:</td>
<td><input type="text" name="last" value="<? echo "$row[last]" ?>"></td>
</tr>
<tr>
<td>Phone Number:</td>
<td><input type="text" name="phone" value="<? echo "$row[phone]" ?>"></td>
</tr>
<tr>
<td>E-mail:</td>
<td><input type="text" name="email" value="<?echo "$row[email]" ?>"></td>
</tr>
</table>
</form>
When I execute this, however, I get the following error message:
Warning: mysql_fetch_array(): supplied argument is not a valid MySQL result resource in /home4/lukaspl1/public_html/StudentEdit.php on line 12
Any ideas what's wrong, and how to fix it?
Thank you in advance!
Remove the mysql_close from here
mysql_connect(localhost,$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM students";
$result=mysql_query($query);
mysql_close();
The code should mysql_connect(localhost,$username,$password);
#mysql_select_db($database) or die( "Unable to select database");
$query="SELECT * FROM students";
$result=mysql_query($query);
And moreover,you are going to use only key based resultset.. simply have mysql_fetch_assoc.
And another suggestion would be instead of $row[id]..replace it with $row['id'].
StudentEdit.php: you forgot to call #mysql_select_db($database) or die( "Unable to select database"); before you executed the query
This part of the code is wrong:
$student_id = $_GET[id];
the correct code is
$student_id = $_GET['id'];
code from expertsnote.com
Try...
echo ("<td>Edit</td></tr>");
instead of
echo ("<td>Edit</td></tr>");
this code was missing
$select_db = mysql_select_db("$db_name");
if (!$select_db) {echo "Error Selecting Database";}
this is the cod for edit the details dynamically
<?php
include('db.php');
$id=$_REQUEST['id'];
$query="SELECT * FROM `camera details` WHERE id='".$id."'";
$result=mysqli_query($db,$query) or die(mysqli_error());
$row1=mysqli_fetch_assoc($result);
if(isset($_POST['submit'])&&(isset($_POST['new'])&&($_POST['new'])==1))
{
$id=$_REQUEST['id'];
foreach($_POST as $key=>$values)
{
if($key!="submit"){
$names[]=$key;
$val[]= "'".$values."'";
if($key!="new"){
$k[] = "`".$key."` = '".$values."'";
}
}
}
$output=implode(",",(array)($k));
//$v=implode(",",(array)($val));
// `name` = 'san'
$query="UPDATE `camera details` SET $output WHERE id='".$id."'";
$output=mysqli_query($db,$query) or die(mysqli_error($db));
if($output)
{
header('location:cameralist.php');
}
}
else{
?>
I recommend doing this in studentEdit.php
$student_id = mysql_real_escape_string($_GET[id]);
$query = "SELECT * FROM students WHERE id = '$student_id'";
$result = mysql_query($query) or die(mysql_error() . ' ' . $query);
$row = mysql_fetch_array($result);
mysql_close();
Two things I've changed here is firstly to escape the data being passed in the url and secondly I've added or die(mysql_error() . ' ' . $query); If something is going wrong in the sql statement you should now see the error and hopefully you'll be able to fix it from there.
What looks incorrect to me is the way you are displaying the value retrieved from the database:
<input type="hidden" name="id" value="<? echo "$row[id]" ?>">
It should be
<input type="hidden" name="id" value="<?php echo $row['id']; ?>">
This code gives the option to add, search, edit and delete options. Thought it might to see all the options in one code.
$searchedUsername = "";
$searchedEmail = "";
//registration (Add) function
if ( isset($_POST['stdregister'])){
$username = $_POST['stdusername'];
$password = $_POST['stdpassword'];
$email = $_POST['stdemail'];
$hashedPassword = md5($password);
$connection = mysqli_connect("localhost","root","","std");
$query = "INSERT INTO student VALUES ('$username','$hashedPassword','$email')";
if ( mysqli_query($connection,$query) == 1 ){
echo "Successfully saved";
}
else{
echo "<p style='color: #f00;'>There is an error</p>";
}
mysqli_close($connection);
}
//delete function
if ( isset($_POST['stddelete'])){
$username = $_POST['stddelusername'];
$connection = mysqli_connect("localhost","root","","std");
$query = "DELETE FROM student WHERE username LIKE '$username'";
mysqli_query($connection,$query);
echo mysqli_error($connection);
mysqli_close($connection);
}
//update function
if ( isset($_POST['stdupdate'])){
$username = $_POST['stdusername'];
$stdpass = md5($_POST['stdpassword']);
$stdemail = $_POST['stdemail'];
$connection = mysqli_connect("localhost","root","","std");
$query = "UPDATE student SET password='$stdpass', email='$stdemail' WHERE username LIKE '$username'";
mysqli_query($connection,$query);
echo mysqli_error($connection);
mysqli_close($connection);
}
if ( isset($_POST['stdsearch']) ){
$searchUsername = $_POST['stdeditusername'];
$connection = mysqli_connect("localhost","root","","std");
$query = "SELECT * FROM student WHERE username LIKE '$searchUsername' ";
$result = mysqli_query($connection, $query);
while( $row = mysqli_fetch_array($result) ){
$searchedUsername = $row['username'];
$searchedEmail = $row['email'];
}
}
?>
<html>
<head>
</head>
<body>
<h1>Student Registration</h1>
<form name="stdregistration" action="forms.php" method="post">
<label>Username :</label>
<input name="stdusername" required="required" type="text" /><br /><br />
<label>Password :</label>
<input name="stdpassword" type="password" /><br /><br />
<label>E-mail :</label>
<input name="stdemail" type="email" /><br /><br />
<input name="stdregister" type="submit" value="Save" />
</form>
<h2>Delete Students</h2>
<form name="stddeletion" action="forms.php" method="post">
<label>Select the Username :</label>
<select name="stddelusername" required>
<option value="">Select One</option>
<?php
$connection2 = mysqli_connect("localhost","root","","std");
$query2 = "SELECT username FROM student";
$result = mysqli_query($connection2,$query2);
while( $row = mysqli_fetch_array($result) ){
echo "<option value='".$row['username']."'>".$row['username']."</option>";
}
mysqli_close($connection2);
?>
</select>
<input name="stddelete" type="submit" value="Delete" />
</form>
<h2>Edit Students</h2>
<form name="stdedition" action="forms.php" method="post">
<label>Select the Username :</label>
<select name="stdeditusername" required>
<option value="">Select One</option>
<?php
$connection2 = mysqli_connect("localhost","root","","std");
$query2 = "SELECT username FROM student";
$result = mysqli_query($connection2,$query2);
while( $row = mysqli_fetch_array($result) ){
echo "<option value='".$row['username']."'>".$row['username']."</option>";
}
mysqli_close($connection2);
?>
</select>
<input name="stdsearch" type="submit" value="Search" />
</form>
<form name="stdedit" action="forms.php" method="post">
<label>Username :</label>
<input name="stdusername" required="required" type="text" readonly value="<?php echo $searchedUsername; ?>" /><br /><br />
<label>Password :</label>
<input name="stdpassword" type="password" /><br /><br />
<label>E-mail :</label>
<input name="stdemail" type="email" value="<?php echo $searchedEmail; ?>" /><br /><br />
<input name="stdupdate" type="submit" value="Update" />
</form>
</body>
</html>
Related
I have created a php sticky form so data will not disappear when the submit button is clicked. A url link is being used to pass values to a form so they can be edited. However, the values from the url are not being passed into the form fields. Why are the values from the url not being passed into the form fields? Thank you so much for your time.
This is the code:
index.php
<?php
require_once('authorize.php');
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
require_once('appvars.php');
require_once('connectvars.php');
$conn = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$data = mysqli_query($conn, $query);
echo '<table>';
echo '<tr><th>Name</th><th>Caption</th><th>Action</th></tr>';
while ($row = mysqli_fetch_array($data)) {
//link
echo '<td><a href="link.php?id=' . $row['id'] . '&image=' . $row['image1'] . '&name=' . $row['name'] .
'&caption=' . $row['caption'] .
'&video=' . $row['video'] . '">Edit </a>';
echo '</td></tr>';
}
echo '</table>';
echo "<br><br>";
mysqli_close($conn);
?>
</body>
</html>
sticky_form.php
<!DOCTYPE html>
<html>
<head>
<title>Edit Conent</title>
</head>
<body>
<h3>Edit Conent</h3>
<?php
require_once('appvars.php');
require_once('connectvars.php');
$vid="";
$vname="";
$vcaption="";
$vvideo="";
$id ="";
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
if(isset($_POST["button_edit"])){
$id = $_POST["id"];
$name = $_POST['name'];
$caption = $_POST['caption'];
$video = $_POST['video'];
$qry = mysqli_query($dbc,"Update table1 Set name='$name', caption='$caption', video='$video' Where id='$id'");
else if(isset($_GET["id"])){
$qry = mysqli_query($dbc,"Select * From table1 Where id='".$_GET["id"]."'");
while($row=mysqli_fetch_array($qry,MYSQLI_ASSOC)){
$vid=$row["id"];
$vname=$row["name"];
$vcaption=$row["caption"];
$vvideo=$row["video"];
}
}
?>
<body>
<form action='' method="post" enctype="multipart/form-data" >
<table>
<tr>
<td>ID</td>
<td><input type="text" name="id" value="<?php echo $vid;?>"></td></tr>
<tr>
<td>Name</td>
<td><input type="text" class="bigger_textbox" name="name" value="<?php if (isset($_POST['name'])) {echo htmlentities($_POST['name']);}?>"></td></tr>
<tr><td>Caption</td>
<td><input type="text" class="bigger_textbox" name="caption" value="<?php if (isset($_POST['caption'])) {echo htmlentities($_POST['caption']);}?>"></td></tr>
<tr><td>Video</td>
<td><input type="text" class="bigger_textbox" name="video" value="<?php if (isset($_POST['video'])) {echo htmlentities($_POST['video']);}?>"></td></tr>
<tr><td colspan="2">
<input type="submit" name="button_edit" value="Edit Content"></td></tr> </table>
</form>
<table border=1>
<tr><th>Name</th><th>Caption</th>
<th>Video</th> <th>Action</th></tr>
<?php
if (isset($_GET["id"])) {
$qry =mysqli_query($dbc, "Select * From table1 Where id='".$_GET["id"]."'");
while($row=mysqli_fetch_array($qry,MYSQLI_ASSOC)) {
echo '<tr><td>'.$row["name"].'</td>';
echo '<td>'.$row["caption"].'</td>';
echo '<td>'.$row["video"].'</td>';
echo '<td>Edit </td></tr>';
}
}
?>
</table>
</body>
</html>
Apparently you already have the values you need in stick_form.php:
else if(isset($_GET["id"])){
$qry = mysqli_query($dbc,"Select * From table1 Where id='".$_GET["id"]."'");
while($row=mysqli_fetch_array($qry,MYSQLI_ASSOC)){
$vid=$row["id"];
$vname=$row["name"];
$vcaption=$row["caption"];
$vvideo=$row["video"];
}
Try replacing this part of the code of stick_form.php:
<td><input type="text" class="bigger_textbox" name="name" value="<?php if (isset($_POST['name'])) {echo htmlentities($_POST['name']);}?>"></td></tr>
<tr><td>Caption</td>
<td><input type="text" class="bigger_textbox" name="caption" value="<?php if (isset($_POST['caption'])) {echo htmlentities($_POST['caption']);}?>"></td></tr>
<tr><td>Video</td>
<td><input type="text" class="bigger_textbox" name="video" value="<?php if (isset($_POST['video'])) {echo htmlentities($_POST['video']);}?>" </td></tr>
With:
<td><input type="text" class="bigger_textbox" name="name" value="<?php echo $vname; ?>"></td></tr>
<tr><td>Caption</td>
<td><input type="text" class="bigger_textbox" name="caption" value="<?php echo $vcaption; ?>"></td></tr>
<tr><td>Video</td>
<td><input type="text" class="bigger_textbox" name="video" value="<?php echo $vvideo; ?>"></td></tr>
Update
As you commented, after clicking the edit button, your form fields get empty. That's because you're not setting the correct variables in this part of your code:
if(isset($_POST["button_edit"])){
$id = $_POST["id"];
$name = $_POST['name'];
$caption = $_POST['caption'];
$video = $_POST['video'];
$qry = mysqli_query($dbc,"Update table1 Set name='$name', caption='$caption', video='$video' Where id='$id'");
Change it to:
if(isset($_POST["button_edit"])){
$vid = $_POST["id"];
$vname = $_POST['name'];
$vcaption = $_POST['caption'];
$vvideo = $_POST['video'];
$qry = mysqli_query($dbc,"Update table1 Set name='$vname', caption='$vcaption', video='$vvideo' Where id='$vid'");
Hope it helps.
I have a proble: I have a function in the html head, and then in the body I have a form type submit and run the function onsubmit. It seeems I cant reach the function or go to function to insert details to database. I cant complete this idea. Please help me this.
<?php
function sida() {
$host = "localhost";
$username = "root";
$password = "";
$databasename = "vinhcv_truonghoc";
$connect = mysql_connect($host, $username, $password);
$db = mysql_select_db($databasename);
if (isset($_POST['comment']) && isset($_POST['name'])) {
$comment = $_POST['comment'];
$name = $_POST['name'];
$q = "insert into comments values('', '$name', '$comment', CURRENT_TIMESTAMP)";
echo $q;
$insert = mysql_query($q);
if (!$insert) { echo mysql_error(); }
$id = mysql_insert_id($insert);
$select = mysql_query("select name, comment, post_time from comments where name = '$name' and comment='$comment' and id='$id'");
if ($row = mysql_fetch_array($select)) {
$name = $row['name'];
$comment = $row['comment'];
$time = $row['post_time'];
?>
<div class="comment_div">
<p class="name">Posted By:<?php echo $name;?></p>
<p class="comment"><?php echo $comment;?></p>
<p class="time"><?php echo $time;?></p>
</div>
<?php
}
exit;
}
}
?>
and the form in the body:
<form method="POST" onsubmit="sida()">
<textarea id="comment" placeholder="Write Your Comment Here....."></tetarea>
<br>
<input type="text" id="username" placeholder="Your Name">
<br>
<input type="submit" value="Post Comment">
</form>
<div id="all_comments">
<?php
$host = "localhost";
$username = "root";
$password = "";
$databasename = "vinhcv_truonghoc";
$connect = mysql_connect($host,$username,$password);
$db = mysql_select_db($databasename);
$comm = mysql_query("select name,comment,post_time from comments order by post_time desc");
while($row = mysql_fetch_array($comm))
{
$name = $row['name'];
$comment = $row['comment'];
$time = $row['post_time'];
?>
<div class="comment_div">
<p class="name">Posted By:<?php echo $name;?></p>
<p class="comment"><?php echo $comment;?></p>
<p class="time"><?php echo $time;?></p>
</div>
<?php
}
?>
</div>
In the body it can connect to database to get information, that mean not thing wrong when connect with database, so why it cant insert to database?
What you need to do is commented:-
<form method="POST" ><!-- remove onsubmit="sida()"-->
<textarea id="comment" placeholder="Write Your Comment Here....." name = "comment"></textarea><!-- add name attribute -->
<br>
<input type="text" id="username" placeholder="Your Name" name = "username"><!-- add name attribute -->
<br>
<input type="submit" value="Post Comment">
</form>
<div id="all_comments">
<?php
$data = array(); // define empty array
if(isset($_POST["comment"]) && isset($_POST["username"])){ // check with posted value not button value
$host="localhost";
$username="root";
$password="";
$databasename="vinhcv_truonghoc";
$i = 0; // DEFINE COUNTER
$connect=mysqli_connect($host,$username,$password,$databasename); // mysql_* is deprecated so use mysqli_* or PDO
if($connect){ // IF CONNECTION ESTABLISHED
$comment = mysqli_real_escape_string($connect,$_POST['comment']); // Prevent from SQL Injection
$username = mysqli_real_escape_string($connect,$_POST['username']); // Prevent from SQL Injection
$query = mysqli_query ($connect,"INSERT INTO comments (username,comment) VALUES ('".$username."','".$comment."')"); // check and change table name as well as column name
if($query){
echo "Inserted Successfully";
}else{
echo "Problem occur in insertion because of".mysqli_error($connect);
}
$comm = mysqli_query($connect,"select name,comment,post_time from comments order by post_time desc");
if($comm){ // IF QUERY EXECUTED
while($row=mysqli_fetch_array($comm)){
$data[$i]["name"] = $row['name']; // ASSIGN VALUES TO THE ARRAY
$data[$i]["comment"] = $row['comment'];
$data[$i]["time"] = $row['post_time'];
$i++;
}
}else{
echo "Query execution failed because of".mysqli_error($connect);
}
}else{
echo'connection problem because of'.mysqli_connect_error();
}
}else{
echo "All fields are need to fill properly";
}
?>
<?php foreach ($data as $dat){?> <!-- ITERATE THROUGH ARRAY -->
<div class="comment_div">
<p class="name">Posted By:<?php echo $data['name'];?></p>
<p class="comment"><?php echo $data['comment'];?></p>
<p class="time"><?php echo $data['time'];?></p>
</div>
<?php } ?>
</div>
Seems like you are not passing any parameters to the $_POST array. You need to pass the name attribute to your input fields. Since you are going to run a PHP server-side function you need to use the action attribute.
Like this:
<form method="POST" action="sida()">
<textarea name="comment" id="comment" placeholder="Write Your Comment Here....."></textarea>
<br>
<input name="name" type="text" id="username" placeholder="Your Name">
<br>
<input type="submit" value="Post Comment" name="submit">
</form>
$host="localhost";
$username="root";
$password="";
$databasename="vinhcv_truonghoc";
function connect() {
global $host,$username,$password,$databasename;
$con=mysql_connect($host,$username,$password) or die ("ConnectionFailed");
mysql_select_db($databasename,$con) or exit ("Failed to connect");
return $con; }
function iud($query) //Insert,Update,Delete {
$con=connect();
$result=mysql_query($query,$con);
$n=mysql_affected_rows($con);
mysql_close($con);
return $n; }
function select ($query) //Select {
$con=connect();
$result=mysql_query($query,$con);
mysql_close($con); return $result; }
if(isset($_REQUEST['submit'])) {
$name=$_REQUEST['name'];
$comment=$_REQUEST['comment'];
$query="INSERT INTO `comments`(`name`, `comment`, `post_time`)
VALUES('$name','$comment',CURRENT_TIMESTAMP)";
$n=iud($query);
echo $n; }
?>
<html> <head></head> <body> <form method="GET"> <table>
<tr> <td>Name</td> <td><Input type="text" name="name" id=""
class="" placeholder="Name.."></td> </tr>
<tr> <td>Comment</td> <td><textarea name="comment" rows="5" cols="40" placeholder="Comment
Here.."> </textarea></td> </tr>
<tr> <td></td> <td><Input type="submit" name="submit" id="" class="" value="submit">
</td> </tr>
</table> </form>
<!-- Showing Result --> <table> <?php $query="Select * from comments ORDER BY coid DESC"; //Coid Is A Primary Key
$result=select($query); $n=mysql_num_rows($result); if($n>0) {
while($data=mysql_fetch_array($result)) extract($data); } ?>
<tr> <td><?php echo #$name; ?></td> </tr> <tr> <td><?php
echo #$comment; ?></td> </tr> </table>
</body> </html>
I hope It will Work For you :)
I'm doing a database project for university and I'm having a problem in here.
I receive from a previous page an id as $_POST['ids'] and in the form I send that same value in a hidden field so it can do a sort of a cicle.
But when I click the submit button I got a lot of errors on $service_info and no information is loaded on the page. I tried do var_dump() everything and I just can't find what is the problem in here.
<?php
//error_reporting();
require 'core/init.php';
require 'db/connect.php';
require 'functions/security.php';
?>
<html>
<head>
<title>Make a reservation</title>
<meta charset="UTF-8">
<link rel="stylesheet" href="css/common.css">
</head>
<body>
<?php require 'parts/header.php'; ?>
<hr>
<?php
$query = "SELECT * FROM service WHERE id=" . $_POST['ids'];
if ($result = $db->query($query)) {
if ($result->num_rows) {
$service_info = $result->fetch_object();
$result->close();
}
}
$query = "SELECT name FROM tour WHERE id =" . $service_info->idtour;
if ($result = $db->query($query)) {
if ($result->num_rows) {
$tour_name = $result->fetch_object();
$result->close();
}
}
$query = "SELECT SUM(nrseats) AS res_seats FROM reservation_service WHERE idservice =" . $service_info->id;
$nr_reservations_info = $db->query($query);
$nr_reservations = $nr_reservations_info->fetch_row();
$nr_reservations_info->close();
$count = $service_info->nrseats - $nr_reservations[0];
if($count === 0){
echo "<script>alert('There are no more places available for this tour. You are being redirected for the main page!')</script>";
echo "<script>window.open('index.php','_self')</script>";
}
else{
$count = $service_info->nrseats;
}
?>
<form action="" method="POST">
<div class="registering">
<table>
<tbody>
<tr>
<td>
<label for="tname">Related tour</label>
</td>
<td>
<label for="splace"><br>Service name</label>
</td><p><br></p>
</tr>
<tr>
<td>
<input type="text" readonly="" name="tour" id="tour" required="" autofocus="" value="<?php echo $tour_name->name ?>">
</td>
<td>
<input type="text" readonly="" name="name" id="name" required="" value="<?php echo $service_info->name ?>">
</td>
</tr>
<tr>
<td>
<label for="sprice"><br>Price (€)</label>
</td>
<td>
<label for="sdescription"><br>Description</label>
</td>
</tr>
<tr>
<td>
<input type="number" name="price" id="price" readonly="" required="" value="<?php echo $service_info->price ?>">
</td>
<td>
<input type="text" name="description" id="description" required="" readonly="" value="<?php echo $service_info->description ?>">
</td>
</tr>
<tr>
<td>
<label for="sseats"><br>Seats left</label>
</td>
<td>
<label for="snreservations"><br>Number of reservations (people)</label>
</td>
</tr>
</tr>
<tr>
<td>
<input type="number" name="nrseats" id="nrseats" required="" value="<?php echo $count ?>" readonly="">
</td>
<td>
<input type="number" name="nrreservations" id="nrreservations" required="" value="1">
</td>
<td>
<input type="hidden" name="ids" required="" value="<?php $service_info->id ?>">
</td>
</tr>
</tr>
<tr>
<td colspan="2">
<label for="next"><br></label>
<input type="submit" value="Next">
</td>
</tr>
</tbody>
</table>
</div>
</form>
</body>
</html>
<?php
if (!empty($_POST)) {
if (isset($_POST['name'], $_POST['ids'], $_POST['tour'], $_POST['price'], $_POST['description'], $_POST['nrseats'], $_POST['nrreservations'])) {
$_POST = array_map("trim", $_POST);
$name = $_POST['name'];
$tour = $_POST['tour'];
$price = $_POST['price'];
$description = $_POST['description'];
$nrseats = $_POST['nrseats'];
$nrreservations = $_POST['nrreservations'];
$ids = $_POST['ids'];
if (!empty($name) && !empty($ids) && !empty($tour) && !empty($price) && !empty($description) && !empty($nrseats) && !empty($nrreservations)) {
$query = "SELECT id FROM customer WHERE email='" . $_SESSION['user_email'] . "'";
if ($result = $db->query($query)) {
$id_user = $result->fetch_object();
$result->close();
}
$query = "SELECT id FROM reservation WHERE idtour={$service_info->idtour} AND idcustomer={$id_user->id}";
if ($result = $db->query($query)) {
if ($result->num_rows) {
$id_reservation = $result->fetch_object();
$result->close();
}
}
$query = "SELECT * FROM reservation_service WHERE idservice=" . $service_info->id;
if ($result = $db->query($query)) {
if ($result->num_rows) {
$reservation_service_exists = $result->fetch_object();
if ($nrreservations < 1) {
echo "<script>alert('Your must make a reservation for, at least, one person!')</script>";
echo "<script>window.open('new_reservation_service.php','_self')</script>";
} else if ($count - $nrreservations < 0) {
echo "<script>alert('You can not make the reservation because there are only " . $count . " seats available in this tour!')</script>";
echo "<script>window.open('new_reservation_service.php','_self')</script>";
} else if ($result->num_rows) {
$query = "SELECT * FROM reservation WHERE idcustomer= '" . $id_user->id . "' AND idtour= '" . $service_info->idtour . "'";
if ($result = $db->query($query)) {
if ($result->num_rows) {
$reservation_exists = $result->fetch_object();
$result->close();
if ($reservation_exists->idcustomer === $id_user->id) {
if ($reservation_exists->id === $reservation_service_exists->idreservation) {
echo "<script>alert('You already made a reservation for this service. Please see your reservation panel!')</script>";
echo "<script>window.open('reservations.php','_self')</script>";
}
}
}
}
}
}else {
$query = "INSERT INTO reservation_service (idreservation, idservice, date, nrseats) VALUES (?, ?, NOW(), ?)";
$insert = $db->prepare($query);
$insert->bind_param('iii', $id_reservation->id, $service_info->id, $nrreservations);
$insert->execute();
echo "<script>alert('You successfully made a reservation! You are being redirected to your reservations page')</script>";
echo "<script>window.open('reservations.php','_self')</script>";
}
}
}
}
}
?>
change inside your form this input hidden you created:
<input type="hidden" name="ids" required="" value="<?php $service_info->id ?>">
to
<input type="hidden" name="ids" required="" value="<?php echo $service_info->id ?>">
If you don't echoing this value, $_POST['ids'] won't be get any value passed from form.
I have an update page where I check the title of the employee whether he is a doctor or a nurse. If the employee is a doctor/nurse an HTML form will be shown, if not a doctor/nurse, patient information will only be displayed and cannot be edited. But my code somehow skips the part where I wanted to display the form even if I am logged in as a doctor/nurse. Can you please help me with this....
<?php
$a=$_SESSION['employeeID'];
$title="SELECT title FROM employee WHERE employeeID = '$a'";
if($title == 'nurse' OR $title == 'doctor')
{
echo '<form method="post" id="customForm" action="add_assessment.php">
<table>
<input type="hidden" name="res_id" value="' . $_GET['res_id'] . '" />
<tr>
<td><label for="name"><font style="color:white">Symptoms</font><font style="color:gray"></font></label>
<input id="name" name="symptoms" type="text" /></td>
<td><label for="name"><font style="color:white">Respiratory Rate</font></label>
<input id="name" name="respiratoryRate" type="text" /></td>
<td><label for="name"><font style="color:white">Temperature</font> <font style="color:gray"></font></label>
<input id="name" name="temperature" type="text" /></td>
</tr>
<tr>
<td><label for="name"><font style="color:white">Blood Pressure</font></label>
<input id="name" input name="bloodPressure" type="text" class="input2"/></td>
<td><label for="name"><font style="color:white">Pulse Rate</font></label>
<input id="name" input name="pulseRate" type="text" /></td>
</tr>
<tr>
<td><label for="name"><font style="color:white">Chief Complaint</font></label>
<input id="name" input name="complaint" type="text" class="input2"/></td>
</tr>
<tr>
<td> </td>
<td> </td>
<td><input id="send" name="send" type="submit" value="Submit" /></td>
</tr>
</table>
</form>';
}
else
{
$host="localhost";
$username="root";
$password=""; // password
$db_name="rhu"; // Database name
$tbl_name="assessment"; // Table name
mysql_connect("$host", "$username", "$password");
mysql_select_db("$db_name");
$id = $_GET['res_id'];
$sql = mysql_query("SELECT * FROM assessment WHERE patientID='$id'");
while($row = mysql_fetch_array($sql))
{
echo "<p>ID: ".$id."</p>";
echo "<p>Assessment ID: ".$row['assessmentID']."</p>";
echo "<p>Symptoms: ".$row['symptoms']."</p>";
echo "<p>Respiratory Rate: ".$row['respiratoryRate']."</p>";
echo "<p>Temperature: ".$row['temperature']."</p>";
echo "<p>Blood Pressure: ".$row['bloodPressure']."</p>";
echo "<p>Pulse Rate: ".$row['pulseRate']."</p>";
echo "<p>Complaints: ".$row['complaint']."</p>";
echo "<p>Date: ".$row['date']."</p>";
echo "<br>";
}
}
?>
In its current state, you are simply assigning a string to the variable $title. You are literally saying that $title is the string "SELECT title FROM employee WHERE employeeID = '$a'"; therefore it is skipping the if($title == 'nurse' OR $title == 'doctor').
You are also not executing a MySQL query, try this first
$a=$_SESSION['employeeID'];
$sql = mysql_query("SELECT title FROM employee WHERE employeeID = '"$a"'");
while($row = mysql_fetch_array($sql)){
$title = $row['title'];
if($title == 'nurse' OR $title == 'doctor')
{
echo....
You should also note that mysql_* is deprecated and will be phased out of PHP as a solution in the future. To future-proof your code, consider using mysqli or PDO transactions.
You can try like this--
$sql = mysql_query("SELECT title FROM employee WHERE employeeID = '$a'");
while($row = mysql_fetch_array($sql)){
$title = $row['title'];
if($title == 'nurse' OR $title == 'doctor')
{
...continue you coding
This question already has an answer here:
Closed 11 years ago.
Possible Duplicate:
Why isn't my image showing up?
I have a weird problem here. I have this line of code where it works on one page but it doesnt on another. The PHP code is as follows:
PHP Page That Shows Image
<table border=1>
<tr>
<td align=center>EDIT</td>
</tr>
<tr>
<td>
<table>
<?
$id = $_GET['product_id'];
$result = mysql_query("SELECT * FROM products WHERE serial = '$id'");
$info = mysql_fetch_array($result);
?>
<form method="post" action="editsuccess.php">
<input type="hidden" name="id" value="<? echo "$info[name]"?>">
<table border='0' width=100%>
<tr>
<td>Name</td>
<td>
<input type="text" name="name"
size="20" value="<? echo "$info[name]"?>">
</td>
</tr>
<tr>
<td>Description</td>
<td>
<input type="text" name="name"
size="20" value="<? echo "$info[description]"?>">
</td>
</tr>
<tr>
<td>Price</td>
<td>
<input type="text" name="address" size="40"
value="<? echo "$info[price]"?>">
</td>
</tr>
<tr>
<td>Image</td>
<td>
<? echo'<img src="../getImage.php?id=' . $info['serial'] .'"/>'?>
</td>
</tr>
<tr>
<td align="right">
<input type="submit"
name="submit value" value="Update Product">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
PHP Page That Doesnt Show Image
<?php
$id = $_GET['product_id'];
$query = mysql_query("SELECT * FROM products WHERE serial = '$id'")
or die(mysql_error());
while($info = mysql_fetch_array($query)) {
echo "";
$name = $info['name'];
$description = $info['description'];
$price = $info['price'];
$picture = $info['picture'];
}
?>
<form action="editsuccess.php?product_id=<?php echo $id; ?>" method="post">
Product ID:<br/>
<input type="text" value="<?php echo $id;?>" name="product_id" disabled/>
<br/>
Name:<br/>
<span id="sprytextfield1">
<input type="text" value="<?php echo $name;?>" name="name"/>
<span class="textfieldRequiredMsg">Enter Product Name</span></span><br/>
Description:<br/>
<span id="sprytextfield2">
<input type="text" value="<?php echo $description;?>" name="description"/>
<span class="textfieldRequiredMsg">Enter A Description</span></span><br/>
Price:<br/>
<span id="sprytextfield3">
<input type="text" value="<?php echo $price;?>" name="price"/>
<span class="textfieldRequiredMsg">Enter Price</span><span class="textfieldInvalidFormatMsg">Enter Numbers Only</span></span><br/>
Picture:<br/>
<?php echo '<img src="../getImage.php?id=' . $row['serial'] .'"/>'
?>
</br>
<input type="submit" value="Update Product"/>
</form>
The line of code i am talking about is this one:
<?php echo '<img src="../getImage.php?id=' . $row['serial'] .'"/>'
?>
Any ideas why it dont work???
-----EDIT--------
getImage.php code is as follows:
<?php
$host="localhost"; // Host name
$user="****"; // Mysql username
$passwd="****"; // Mysql password
$dbName="**********"; // Database name
// Connect to server and select databse.
mysql_connect("$host", "$user", "$passwd")or die("cannot connect");
mysql_select_db("$dbName")or die("cannot select DB");
$link = mysql_connect($host, $user, $passwd);
mysql_select_db($dbName);
$query = 'SELECT picture FROM products WHERE serial="' . $_GET['id'] . '"';
$result = mysql_query($query,$link);
$row = mysql_fetch_assoc($result);
header("Content-type: image/jpeg");
echo $row['picture'];
?>
First of all, try to avoid short tags (<?). Not every webserver is configured to understand them and it kind of conflicts with XML tags (which open with <?xml). So replace your <? with <?php to make sure your code always works on any webserver, regardless of it's configuration setting for short_open_tags.
Second, You're calling $row['serial'], but $row doesn't appear to be an array (at least it's not defined within the code you pasted here). Are you sure it shouldn't be $info['serial']?
But most importantly, whenever you allow user-input (like a $_GET) to determine your SQL query, always escape your code with mysql_real_escape_string, like this:
$result = mysql_query("SELECT * FROM products WHERE serial = '" . mysql_real_escape_string($id) . "'");
Or when you're sure that it's always an integer (e.g. if the field has INT datatype in your database), cast the value as an integer, like so:
$result = mysql_query("SELECT * FROM products WHERE serial = " . (int) $id);
You shooed to remove while cicluse
next code
while($info = mysql_fetch_array($query)) {
echo "";
$name = $info['name'];
$description = $info['description'];
$price = $info['price'];
$picture = $info['picture'];
}
?>
change just with
$info = mysql_fetch_array($query)
Try and tell us does is ok, and does is like you want. :)