Ok please if anyone could help with this simple php and mysql question.
I'm new to databases, and trying to create my first user-friendly database. but i ran in to small problem.
I have a page that displays data, Than I also have a page where same data is displayed along with edit link, that goes to the edit form. However in the edit form the info is not coming up.
Here is my "edit.php" it shows info from database along with edit link:
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("beyondmotors", $con);
$result = mysql_query("SELECT * FROM vehicles");
echo "<table border='1'>
<tr>
<th>ID</th>
<th>Year</th>
<th>Make</th>
<th>Model</th>
<th>Mileage</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['year'] . "</td>";
echo "<td>" . $row['make'] . "</td>";
echo "<td>" . $row['model'] . "</td>";
echo "<td>" . $row['mileage'] . "</td>";
echo ("<td>Edit</td></tr>");
echo "</tr>";
}
echo "</table>";
mysql_close($con);
And here is the Edit form :
<html>
<head>
<title>Form Edit Data</title>
</head>
<body>
<table border=1>
<tr>
<td align=center>Form Edit Employees Data</td>
</tr>
<tr>
<td>
<table>
<?
$con = mysql_connect("localhost","root","");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("beyondmotors", $con);
$order = "SELECT * FROM vehicles where id=$id";
$result = mysql_query($order);
$row = mysql_fetch_array($result);
?>
<form method="post" action="edit_data.php">
<input type="hidden" name="id" value="<? echo "$row[id]"?>">
<tr>
<td>Year</td>
<td>
<input type="text" name="year"
size="20" value="<? echo "$row[year]"?>">
</td>
</tr>
<tr>
<td>Make</td>
<td>
<input type="text" name="make"
size="20" value="<? echo "$row[make]"?>">
</td>
</tr>
<tr>
<td>Model</td>
<td>
<input type="text" name="model"
size="20" value="<? echo "$row[model]"?>">
</td>
</tr>
<tr>
<td>Mileage</td>
<td>
<input type="text" name="mileage"
value="<? echo "$row[mileage]"?>">
</td>
</tr>
<tr>
<td align="right">
<input type="submit"
name="submit value" value="Edit">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
Than I also have Edit data, but it doesnt even get to that. Here is what i get at the edit form!! http://s562.photobucket.com/albums/ss69/intensemx/?action=view¤t=pic.jpg
I followed this tutorial :
Help i'm lost here, Thanks in advance :)
Can any one recommend good place where I can get a similar tutorial.
The tutorial you are using is assuming that short tags are turned on. Alter the code to use <?php instead.
It also suffers from an SQL injection vulnerability.
It also appears to assume that register_globals is turned on.
Do not use that tutorial. It is dangerously bad.
You need to enclose your array keys in quotes. For example, this:
<input type="hidden" name="id" value="<? echo "$row[id]"?>">
Should be this:
<input type="hidden" name="id" value="<? echo $row['id']?>">
Now, besides that, please consider the problems mention by Quentin in his answer.
Your edit form uses PHP Short Tags (<? ?>) which are probably not enabled on your server, so everything looks wrong.
Your options to fix it are to 1) Enable short tags, or 2) change <? to <?php in your edit file.
Related
I can't get my variable "quiz_name" passed along several pages in order to make a quiz. After the "quiz_name" variable is sent from question_menu.php as a $_POST[] to quiz_created.php for processing the quiz_created.php is suppose to send the variable back to question_menu.php. What am I doing wrong. To be honest I think I'm approaching it wrong.
Reworded:
quiz_name = "How to score a Basket" which is submitted to question_menu.php as a $_POST['quiz_name']. Then is submitted a to quiz_created.php as a $_POST['quiz_name'] and then submitted back to question_menu.php.
I get an Variable quiz_name undefined error after it is sent back to quesion_menu.
coach_quizzes.php
<head>
<title>Your Quizzes</title>
</head>
<body>
<h1> Current Quizzes </h1>
<form name="submit_button" action="create-quiz.php">
<input type="submit" value="Create Quiz">
</form>
</body>
</html>
submit to -> create_quiz.php
<?php session_start()
?>
<head>
<title>Your Quizzes</title>
</head>
<body>
<h1> Enter Quiz Name </h1>
<form action="questions_menu(test).php" method="post">
<input type="text" name="quiz_name" maxlength="30" size="30">
<input type="submit" value="Create Quiz">
</form>
</body>
</html>
Enter: "How to score a Basket" then submit to question_menu.php
<!DOCTYPE html>
<html>
<head>
<title>Add Question</title>
<link rel="stylesheet" type="text/css" href="css/info_style.css" />
</head>
<body>
<div id="main">
<header>
<div id="welcome">
<h2>Prairie View A&M University</h2>
</div><!--close welcome-->
</header>
<div id="site_content">
<form enctype="multipart/form-data" method="post" action="quiz_created.php">
<table border="0" name"form_table">
<tr>
<td>Quiz Name</td>
<td><?php echo $_POST['quiz_name']?></td>
</tr>
<tr>
<td>Question</td>
<td><textarea name="description" rows="4" cols="50"></textarea></td>
</tr>
<tr>
<td>Option 1</td>
<td><input type="text" name="option1" maxlength="30" size="30"></td>
</tr>
<tr>
<td>Option 2</td>
<td> <input type="text" name="option2" maxlength="30" size="30"></td>
</tr>
<tr>
<td>Option 3</td>
<td><input type="text" name="option3" maxlength="30" size="30"></td>
</tr>
<tr>
<td>Answer</td>
<td>
<select name="dropdown">
<option value='option1'>Option 1</option>
<option value='option2'>Option 2</option>
<option value='option3'>Option 3</option>
</select>
</td>
</tr>
<tr>
<td>Image</td>
<td><input type="file" name="file" /><br />
<input type="hidden" name="MAX_FILE_SIZE" value="10000" /><br>
</td>
</tr>
<tr>
<td colspan="2"><p>
<input type="submit" value="Add Question">
</p></td>
</tr>
</table>
</form>
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$database = "basketball_database";
$table = "coach_john";
$con = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MYsql");
//echo "Connected to mysql<br>";
mysql_select_db("$database")
or die("Could not select Basketball_database");
//echo "Connected to database";
//update when update button pressed
if(isset($_POST['update'])){
$UpdateQuery = "UPDATE $table SET question_description='$_POST[description]', option_a='$_POST[option1]', option_b='$_POST[option2]', option_c='$_POST[option3]', answer='$_POST[dropdown]', question_id='$_POST[questionID]' WHERE question_id='$_POST[hidden]'";
mysql_query($UpdateQuery, $con);
};//end of if statement
//delete when delete button pressed
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM $table WHERE question_id='$_POST[hidden]'";
mysql_query($DeleteQuery, $con);
};//end of if statement
$mysql = "SELECT * FROM $table";
$mydata = mysql_query($mysql,$con);
//create table
echo "<table border=1
<tr>
<th>Question ID</th>
<th>Quiz Name</th>
<th>Question Description</th>
<th>Option 1</th>
<th>Option 2</th>
<th>Option 3</th>
<th>Answer</th>
<th>Picture</th>
</tr>";
//insert data into rows
while($records = mysql_fetch_array($mydata)){
echo "<form action=questions_menu(test).php method=post>";
echo "<tr>";
echo "<td>"."<input type=text name=questionID size=5 value=".$records['question_id']." </td>";
echo "<td>"."<input type=text name=option1 size=18 value=".$records['quiz_name']." </td>";
echo "<td>"."<textarea name=description rows=1 cols=25>".$records['question_description']."</textarea>"."</td>";
echo "<td>"."<input type=text name=option1 size=18 value=".$records['option_a']." </td>";
echo "<td>"."<input type=text name=option2 size=15 value=".$records['option_b']." </td>";
echo "<td>"."<input type=text name=option3 size= 15 value=".$records['option_c']." </td>";
echo "<td>"."<input type=text name=answer size=15 value=".$records['answer']." </td>";
echo "<td>". $records['image'] ." </td>";
echo "<td>"."<input type=hidden name=hidden value=".$records['question_id']." </td>";
//update button
echo "<td>"."<input type=submit name=update value=Update onclick='return confirm(\"Are you sure you want to update question?\")'>"." </td>";
//delete button
echo "<td>"."<input type=submit name=delete value=Delete onclick='return confirm(\"Are you sure you want to delete question?\")'>"." </td>";
echo "</tr>";
echo "</form>";//end form
} echo "</table>";
mysql_close();
?> <!-- End of php code-->
</div><!--close site_content-->
<footer>
Home | Photos | Videos | Schedule | Contact<br/><br/>
</footer>
</div><!--close main-->
</body>
</html>
after the information is added submit value= "Add Question" information is sent to quiz_created.php:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$database = "basketball_database";
$table = "coach_john";
$con = mysql_connect($hostname, $username, $password)
or die("Unable to connect to MYsql");
// echo "Connected to mysql<br>";
$db = mysql_select_db("$database")
or die("Could not select Basketball_database");
//echo "Connected to database";
$mysql = "INSERT INTO $table(question_description, quiz_name, option_a, option_b, option_c, answer) VALUES('$_POST[description]','$_POST[quiz_name]','$_POST[option1]','$_POST[option2]','$_POST[option3]','$_POST[dropdown]')";
if(!mysql_query($mysql))
echo mysql_errno($con) . ": " . mysql_error($con) . "\n";
//die("Disconnected");
$quiz=$_POST['quiz_name'];
//Upload images
if($_POST)
{
if ($_FILES["file"]["error"] > 0)
{
// if there is error in file uploading
echo "Return Code: " . $_FILES["file"]["error"] . "<br />";
}
else
{
// check if file already exit in "images" folder.
if (file_exists("images/" . $_FILES["file"]["name"]))
{
echo $_FILES["file"]["name"] . " already exists. ";
}
else
{ //move_uploaded_file function will upload your image.
if(move_uploaded_file($_FILES["file"]["tmp_name"],"uploaded/" . $_FILES["file"]["name"]))
{
// If file has uploaded successfully, store its name in data base
$image_loc=addslashes (getcwd()."/uploaded"."/".$_FILES["file"]["name"]);
$query_image = "insert into $table (image, img_location) values ('".$_FILES['file']['name']."', '$image_loc')";
if(mysql_query($query_image))
{
echo "Stored in: " . "uploaded/" . $_FILES["file"]["name"];
}
else
{
echo 'File name not stored in database';
}
}
}
}
}
//end of image upload
mysql_close();
?>
<html>
<title>User Added</title>
<body>
<h2>
Question has been added!
</h2>
</body>
<form action="questions_menu(test).php" method="post">
<input type="submit" value="Add Another Question">
<input type="hidden" name="quiz_name" value='<?php echo $quiz;?>'>
</form>
</html>
then finally sent back to question_menu.php but I get an Variable quiz_name undefined error.
I hope I can get help. Thank You.
I see many problems, but one is that you're not escaping your php inserts properly.
echo "<td>"."<input type=text name=questionID size=5 value=".$records['question_id']." </td>";
should be:
echo '<td><input type="text" name="questionID" size="5" value="'.$records['question_id'].'" /></td>';
The way you have it now, you are using the quotes for the echo and there are none for the value="". This is seen all throughout your code. Not sure where you are getting your $records array either, but that's for you to figure out.
These lines are problematic too.
$UpdateQuery = "UPDATE $table SET question_description='$_POST[description]', option_a='$_POST[option1]', option_b='$_POST[option2]', option_c='$_POST[option3]', answer='$_POST[dropdown]', question_id='$_POST[questionID]' WHERE question_id='$_POST[hidden]'";
One major problem is you're trying to set raw POST data into a database. That is a HUGE security flaw. Other problems, like the rest of your php, have to do with quotes and double quotes, semicolons, etc... Read up on syntax. Your whole script is basically wrong.
Thanks in advance for any light shed.
I have a mysql database consisting of customers with some fields pertaining to each customer. currently running on one of my lamp servers. There is security risks with my code at the moment, but I plan to get the functionality i'm looking for and then reconfigure the code for a tighter security. At the moment I have an html index file that calls on php script to search mysql database by firstname or lastname. Upon this query it displays a list of users and allows me to modify the user. When I click modify it pulls the correct customer id number, but it is not displaying any current information, nor allowing me to update the info.
To summarize, I would like to search a customer, and it pull up selected fields and show the content and allow me to actively change the data and resend it to the database.
My search.html code:
<html>
<body>
<form action="scripts/search.php" method="post">
Firstname: <input type="text" name="firstname">
<input type="submit">
</form>
<form action="scripts/lastnamesearch.php" method="post">
Lastname: <input type="text" name="lastname">
<input type="submit">
</form>
<form action="scripts/phonenumbersearch.php" method="post">
Phone Number: <input type="text" name="phone">
<input type="submit">
</form>
</body>
</html>
MY search.PHP Script:
//this script allows me to search the database by filling out one of the forms and clicking submit. Each of the forms calls upon it's own individual script, I realize that this is probably cumbersome, due to my lack of coding knowledge.
<?php
$con=mysqli_connect("localhost","root","*****","*******");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM customers WHERE `firstname` LIKE '$_POST[firstname]'");
echo "<table border='1'>
<tr>
<th>id</th>
<th>firstname</th>
<th>lastname</th>
<th>phone</th>
<th>address</th>
<th>notes</th>
<th>additional notes</th>
<th>passwords</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['firstname'] . "</td>";
echo "<td>" . $row['lastname'] . "</td>";
echo "<td>" . $row['phone'] . "</td>";
echo "<td>" . $row['address'] . "</td>";
echo "<td>" . $row['notes'] . "</td>";
echo "<td>" . $row['addnotes'] . "</td>";
echo "<td>" . $row['passwords'] . "</td>";
echo "Modify User";
echo "</tr>";
}
echo "</table>";
mysqli_close($con);
?>
My modify.php script:
//this is where I believe one of my problems lie. when I click modify user on the search.php script it calls on this script and it loads the correct user/customer id in the address bar, but it doesn't show any existing data, nor does it update the data that I fill in the cells.
<?php
$con=mysqli_connect("localhost","root","crapola1","Computition");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$mysqli_query = "SELECT * FROM customers WHERE ID = $_get[id]";
$mysqli_result = mysqli_query($mysqli_query);
$customer = mysqli_fetch_array($mysqli_result);
?>
<h1> You are modifying a user</h1>
<form action="<?php echo $SERVER['PHP_SELF']; ?>" method="post">
Firstname<input type="text" name="inputFirstname" value="<?php echo $row['firstname']; ?>" /><br />
Notes<input type="text" name="inputNotes" value="<?php echo $row['notes']; ?>" />
<br />
<input type="hidden" name="id" value="<?php echo $_GET['id']; ?>" />
<input type="submit" name="submit" value="Modify" />
</form>
Thanks again,
I've been searching on this topic for about a week now and have pieced together this much, but can't seem to get over this "hump"
$_GET is a super global array . It should be in UPPERCASE.
Change the query on your modify.php here
SELECT * FROM customers WHERE ID = $_get[id] to upper case.
Must be..
SELECT * FROM customers WHERE ID = ".$_GET['id']
Also, It is strictly not advised to pass the $_GET or $_POST parameters directly to your query as it leads to SQL injection. You need to switch over to PreparedStatements
I am having a problem with a update query, I believe I have done this right but have not done it before and its not working so I have gone wrong somewhere but do not know where.
any help will be fantastic.
admin.php
$result = mysql_query("SELECT * FROM bands ");
echo "</br>";
echo "<table border = '1'>
<tr>
<th>Show No</th>
<th>Band Name</th>
<th>Venue</th>
<th>Category</th>
<th>Stock</th>
<th>Edit Show</th>
</tr>";
while($row = mysql_fetch_array($result))
{
echo "<td>" .$row['Band_id']. "</td>";
echo "<td>" .$row['Name']. "</td>";
echo "<td>" .$row['Venue']. "</td>";
echo "<td>" .$row['Category']. "</td>";
echo "<td>" .$row['Stock']. "</td>";
echo ("<td>Edit</td></tr>");
}
echo "</table>";
?>
editband.php
<?php
require 'core/init.php';
$result = mysql_query("SELECT * FROM bands where Band_id ='$Band_id'");
$row = mysql_fetch_array($result);
?>
<form method="post" action="ammenddetails.php">
<input type="hidden" name="id" value="<? echo "$row[Band_id]"?>">
<tr>
<td>Band Name</td>
<td>
<input type="text" name="Name"
size="20" value="<? echo "$row[Name]"?>">
</td>
</tr>
<tr>
<td>Venue</td>
<td>
<input type="text" name="Venue" size="20"
value="<? echo "$row[Venue]"?>">
</td>
</tr>
<tr>
<input type="submit"
name="submit value" value="Edit">
</td>
</tr>
</form>
?>
ammenddetails.php
<?php
require 'core/init.php';
$result = mysql_query("UPDATE bands
SET Name='$Name',
Venue='$Venue'
WHERE
Band_id='$Band_id'");
mysql_query($result);
header("location:admin.php");
?>
Your ammenddetails.php is missing the POST values
Should be as below-
require 'core/init.php';
$Name = mysql_real_escape_string($_POST["Name"]);
$Venue = mysql_real_escape_string($_POST["Venue"]);
$Band_id = (int)$_POST["id"];
$result = mysql_query("UPDATE bands
SET Name='$Name',
Venue='$Venue'
WHERE
Band_id='$Band_id'");
mysql_query($result);
header("location:admin.php");
require 'core/init.php';
$Name = mysql_real_escape_string($_POST["Name"]);
$Venue = mysql_real_escape_string($_POST["Venue"]);
$Band_id = (int)$_POST["id"];
$query= "UPDATE bands
SET Name='$Name',
Venue='$Venue'
WHERE
Band_id='$Band_id'";
mysql_query($query);
header("location:admin.php");
Try that? You should only need to run the mysql_query function once. Build the query string into a variable and run that variable on the mysql_query function
I'm trying to create insert, update and delete relate to shopping, all of them are working fine except update page.
Please see sample code of list of product from index.php page ...
<?php
$sql = "SELECT product_id, product_name, product_category, product_retail_price, product_price, product_detail FROM product";
$result_db = $db->query($sql) or die('Error perform query!');
?>
<table border="1">
<tr>
<th>product name</th>
<th>product category</th>
<th>product retail price</th>
<th>price</th>
<th>detail</th>
<th>Update</th>
<th>Delete</th>
<th>Insert</th>
</tr>
<?php
while ($r = $result_db->fetch_object()) {
$update = "update_form.php?product_id={$r->product_id}&
product_name={$r->product_name}&
product_category=$r->product_category&
product_retail_price={$r->product_retail_price}&
product_price={$r->product_price}&
product_detail={$r->product_detail}";
$delete = "delete.php?product_id={$r->product_id}";
$insert = "insert.php";
echo '<tr>';
echo '<td>' . $r->product_id . '</td>';
echo '<td>' . $r->product_name . '</td>';
echo '<td>' . $r->product_category . '</td>';
echo '<td>' . $r->product_retail_price . '</td>';
echo '<td>' . $r->product_price . '</td>';
echo '<td>' . $r->product_detail . '</td>';
echo "<td><a href='{$update}'>Update</a></td>";
echo "<td><a href='{$delete}'>Delete</a></td>";
echo "<td><a href='{$insert}'>Insert</a></td>";
echo '</tr>';
}
$db->close();
?>
</table>
</body>
As you can see above code where it said
while ($r = $result_db->fetch_object()) {
$update = ......
This sending the data of relate to product using "product_id" sending sending to the updateform.php page ... that updateform.php page is the code showing
<body>
<form action="update.php" method="post">
<input type="hidden" value="<?= $_GET['product_id'] ?>" name="product_id"/>
product name: <input type="text" name="product_name" value="<?= $_GET['product_name'] ?>">
product category: <input type="text" name="product_category" value="<?= $_GET['product_category'] ?>">
product retail price: <input type="text" name="product_retail_price" value="<?= $_GET['product_retail_price'] ?>">
product price: <input type="text" name="product_price" value="<?= $_GET['product_price'] ?>">
product detail: <input type="text" name="product_detail" value="<?= $_GET['product_detail'] ?>">
<input type="submit" name="submit">
</form>
</body>
</html>
When I run the code, the updateform.php showing the text field with <?= $_GET['xxxxxx'] ?>"
Why am I getting this result?
Is it this code?
$update = "update_form.php?product_id={$r->product_id}&
product_name={$r->product_name}&
product_category=$r->product_category&
product_retail_price={$r->product_retail_price}&
product_price={$r->product_price}&
product_detail={$r->product_detail}";
Is it the right code to get right information from database using "product_id" number? Is there better code to write than this?
Try using :
<?php echo $_GET['xxxxxx']; ?>
and if it works, it means that in your php configuration the use of short opening tags is restricted. meaning no
I have this html code:
<tr>
<td><label><input type="text" name="id" class="DEPENDS ON info BEING student" id="example">ID</label></td>
</tr>
<tr>
<td>
<label> <input type="checkbox" name="yr" class="DEPENDS ON info BEING student"> Year</label>
</td>
</tr>
But I don't have any idea on how do I check this checkboxes if they are checked using php, and then output the corresponding data based on the values that are checked.
Please help, I'm thinking of something like this. But of course it won't work, because I don't know how to equate checkboxes in php if they are checked:
<?php
$con = mysql_connect("localhost","root","nitoryolai123$%^");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
mysql_select_db("school", $con);
$id = mysql_real_escape_string($_POST['idnum']);
if($_POST['id'] == checked & $_POST['yr'] ==checked ){
$result2 = mysql_query("SELECT * FROM student WHERE IDNO='$id'");
echo "<table border='1'>
<tr>
<th>IDNO</th>
<th>YEAR</th>
</tr>";
while($row = mysql_fetch_array($result2))
{
echo "<tr>";
echo "<td>" . $row['IDNO'] . "</td>";
echo "<td>" . $row['YEAR'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
mysql_close($con);
?>
You must give your checkboxes a value. This value gets send to the server, in case the checkbox is checked.
if ( $_POST['checkboxname'] == 'checkboxvalue' ) {
}
Since I see no form:
To send the data to the server, you need a form around your input elements:
<form method="POST" action="myphpscript.php">
YOUR CONTENT HERE
</form>
try the following:
if (isset($_POST['yr'])) { ... }
$_POST['yr'] == checked
should be:
$_POST['yr'] == 'on'
The default for firefox is 'on', maybe different in other browsers. (Thanks to David)
If you include a hidden field, with the same name and the failure value that you want to show up in the post data, then when the checkbox does not return a value (it is unchecked), the hidden control on the form will.
echo '<form method="post"><input type="hidden" name="checkdata" value="0">\
<input type="checkbox" name="checkdata" value="1">\
<input name="submitbutton" type="submit"></form>\
</body></html>';
if ($_POST['submitbutton']) {
echo "Value:|".$_POST['checkdata']."|";
}