We can't get the delete "submit" button to set, otherwise it would work, we can't understand what part of the code is wrong.
Imagine a table row with a few columns, which contain data from a database in the td's
// While it goes through each row (which is selected from another SQL query above, but I won't bother pasting that)
while ($row = mysql_fetch_array($result)) {
// Variable is equal to the Request ID (e.g. 10)
$numb = $row['ReqID'];
// Echo's the table td rows with each column name in the database
echo "<tr>";
echo "<td class='req' align='center'>".$row['ReqID']."</td>";
echo "<td class='req' align='center'>".$row['ModTitle']."</td>";
echo "<td class='req' align='center'>".$row['BuildingID']."</td>";
echo "<td class='req' align='center'>".$row['RoomID']."</td>";
echo "<td class='req' align='center'>".$row['Priority']."</td>";
echo "<td class='req' align='center'>".$row['W1']."</td>";
echo "<td class='req' align='center'>".$row['P1']."</td>";
// Delete button also in a td row, uses the variable "$numb" to set the button name
echo "<td class='req' align='center'><input type='submit' name='{$numb}' value='Delete'></td>";
echo "</tr>";
// If the delete button is pressed, delete the row (this query works, we tested it, but the button just doesn't set so it doesn't activate the SQL command)
if (isset($_POST[$numb])) {
$result2 = mysql_query("DELETE FROM Request WHERE ReqID = {$numb} LIMIT 1", $connection);
}
}
Use a hidden input to store the value:
somewhere above...
<form method="post" action="delete.php">
a little bit below...
echo "<td class='req' align='center'><input type='submit' name='submit' value='Delete'>";
echo '<input name="hello" type="hidden" value="$numb" /></td>';
...
$number = mysql_real_escape_string($_POST["hello"]);
$result2 = mysql_query("DELETE FROM Request WHERE ReqID = ".$number." LIMIT 1", $connection);
at the bottom:
</form>
Note:
Your approach isn't safe enough. I can easily edit the DOM and give another value to the hidden field (or another name for the button) causing to delete other elements from the database. Keep in mind this.
Related
Objective: My main.php displays the courses in my class. Based on which one I click, It should show me all the projects for that specific course ( either a dropdown or for now I'm displaying them in displayProjects.php) So i need to get the id of the clicked php button, write a query to search that name with it's corresponding class_id in the student table, in order to get the project names. DO I need some sort of Ajax call to get the php onclick button value or maybe a session var to display in my displayprojects.php page?
Main.php
result = mysqli_query($link,"SELECT `course_code`FROM `class`");
echo "<table>";
while($row = mysqli_fetch_array($result)){
echo "<a href='displayProjects.php'> <input type='submit' id='project' class='btn btn-primary' style='display:block; width:10%; margin-bottom:10px;' value=". $row['course_code'] . ">";
}
echo "<tr><td><a href='CreateNewClass.php'><button type='button'> Create a New Class </button></a></td></tr>";
echo "</table>";
displayProjects.php
Need help modifying this query to get projects based on class_id
$projectQuery=mysqli_query($link, "SELECT DISTINCT project_name from Student S ");
echo "<table>";
while($row = mysqli_fetch_assoc($projectQuery)) {
echo "<a href='displayGroups.php'> <input type='button' id='project' class='btn btn-primary' style='display:block; width:10%; margin-bottom:10px;' value=". $row['project_name'] . ">";
}
echo "</table>";
class table .
.
student table
while($row = mysqli_fetch_assoc($result))
{
echo "<tr>";
echo "<form action='./form_page.php' method='post'>";
echo "<td style='width:9%'>" . $row['studentID']."</td>";
echo "<td style='width:9%'><input type='submit' name='Prove' value='Approve' /></td>";
echo "<td style='width:9%'><input type='submit' name='$count' value='Delete' /></td>";
echo "</form>";
echo "</tr>";
}
I want get the specific student id, but when I reached to here, I dont know how can I get it. If I put $row['studentID'] for button name, I cant use POST['varname'] beacause the name would be different when I select is different.
Submit buttons are identified by their name.
For e.g. If there are 3 forms with 3 submit buttons named Accept1, Accept2 and Accept3.
When user submits a form by clicking on Accept1, the POST variable will be $_POST['Accept1']. Similarly $_POST['Accept2'], $_POST['Accept3'] respectively.
You can also print POST variable to get a clear idea i.e. print_r($_POST).
If i put $row['studentID'] for button name, i cant use POST['varname']
You can loop over all the values in $_POST and see if any of them match the pattern of a student ID.
Alternatively, you can use a button element (which will let you have display text and a value which don't match each other):
<button name="approve"
value="<?php echo htmlspecialchars($row['studentID'])>
Approve
</button>
and then just test for $_POST['approve'].
Try like this..
while($row = mysqli_fetch_assoc($result))
{
echo "<tr><form action='./form_page.php' method='post'>";
echo "<td style='width:9%'>" . $row['studentID']."</td>";
echo "<input type='hidden' name='studentID' value='".$row['studentID']."'>";
echo "<td style='width:9%'><input type='submit' name='Prove' value='Approve'>;
echo "<td style='width:9%'><input type='submit' name='$count' value='Delete'>
</td></form></tr>";
}
By using input type hidden you will be able to get the student id when submit the from. Hope this will help
I am trying a trivial PHP assignement. I am running my own SQL server locally and I have created a DB on it called student. This database contains many tables. One of them is called announcement. The fields of this table are id, date, subject, text.
I am asked to display those announcements to a user that has the authority to delete and/or modify those entries of the DB. Each entry needs to be seperated from the next one and each entry has to have it's own Delete and Edit button. New entries can also be added to the database so the # of entries currently on the DB is not known.
So far I have done something like this:
<?php
$db = mysql_connect("localhost", "root", "");
mysql_select_db("student",$db);
mysql_set_charset('utf8',$db);
$result = mysql_query("SELECT * FROM announcement",$db);
$announcementID = 1;
WHILE($myrow = mysql_fetch_array($result))
{
echo "<br><h2>Announcement No".$announcementID."</h2>";
echo "<input type=\"submit\" name=\"Delete\" value=\"Delete\"><input type=\"submit\" name=\"Edit\" value=\"Edit\"><br>";
echo "<br>Date: ".$myrow["date"];
echo "<br>Subject: ".$myrow["subject"];
echo "<br>Text: ".$myrow["text"];
$announcementID=$announcementID+1;
echo '<br><hr />';
}
?>
This is a part of a larger php file that displays a webpage with the entries properly formatted.
Although I do create the separate buttons needed for each distinct announcement I do not think this can work out since I can't create an ActionListener (forgive me but I do not know how this is called in PHP) for those buttons and I am not even sure it is possible considering that all of those buttons will have the same name. Any workaround?
For PHP to be able to indetify that the user has clicked the button, you would need to surround the each row of inputs.
I've improved your code a little, as we need to pass over the ID of the announcement to the delete-record.php script for it to be able to identify which record to delete from the table.
$db = mysql_connect("localhost", "root", "");
mysql_select_db("student",$db);
mysql_set_charset('utf8',$db);
$result = mysql_query("SELECT * FROM announcement",$db);
while($myrow = mysql_fetch_array($result))
{
echo '<form action="delete-record.php" method="POST">';
echo '<input type="hidden" name="id" value="' . $myrow["id"] . '">';
echo "<br><h2>Announcement No".$announcementID."</h2>";
echo "<input type=\"submit\" name=\"delete\" value=\"delete\"><input type=\"submit\" name=\"edit\" value=\"edit\"><br>";
echo "<br>Date: ".$myrow["date"];
echo "<br>Subject: ".$myrow["subject"];
echo "<br>Text: ".$myrow["text"];
echo '<br><hr />';
echo "</form>";
}
And then in the delete-record.php you can go with this:
if(isset($_POST['id'], $_POST['delete'])) {
$announcementid = $_POST['id'];
mysql_query("DELETE FROM announcement WHERE id = $announcementid");
}
For future reference, instead of using $announcementID = $announcementID+1; you can simply use the post-incremental operator $announcementID++;
I also suggest you to read up on MySQLi or PDO's prepared statements to secure yourself against SQL Injections and other SQL vulnerabilities.
Make javascript redirection to delete script.
WHILE($myrow = mysql_fetch_array($result))
{
echo "<br><h2>Announcement No".$announcementID."</h2>";
echo "<input type=\"submit\" name=\"Delete\" value=\"Delete\" onClick=\"window.location='delete_announcement.php?announcemenID=".$announcementID."';\">"
echo "<input type=\"submit\" name=\"Edit\" value=\"Edit\" onClick=\"window.location='edit_announcement.php?announcemenID=".$announcementID."';\"><br>";
echo "<br>Date: ".$myrow["date"];
echo "<br>Subject: ".$myrow["subject"];
echo "<br>Text: ".$myrow["text"];
$announcementID=$announcementID+1;
echo '<br><hr />';
}
And delete_announcement.php connect to the DB and do
mysql_query("DELETE FROM announcement WHERE announcemenID=" . $_REQUEST["announcemenID"],$db);
Don't forget to make sure that $_REQUEST["announcemenID"] only hold integers.
For edit you will need to create separate page edit_announcement.php with all the fields editable.
Create a form around each row with a Delete button
WHILE($myrow = mysql_fetch_array($result))
{
echo "<form method='post' action='delete-record.php'>";
echo "<br><h2>Announcement No".$announcementID."</h2>";
echo "<input type=\"submit\" name=\"Delete\" value=\"Delete\"><input type=\"submit\" name=\"Edit\" value=\"Edit\"><br>";
echo "<br>Date: ".$myrow["date"];
echo "<br>Subject: ".$myrow["subject"];
echo "<br>Text: ".$myrow["text"];
echo "<input type='hidden' name='formID' value='$announcementID' />";
echo "<input type='submit' value='Delete row'/>";
echo "</form>";
echo '<br><hr>';
$announcementID=$announcementID+1;
}
Then in delete-record.php:
<?php
if(isset($_POST['formID'])){
// Delete record query here
}
...
Hey Guys, I have a question for you.
Imagine that I wanted to be able to keep track of how many miles I've ran every week, so that I could
compare it to the goals I've set for each week. So i've created this table by the use of mysql_fetch_row.
$result=mysql_query("SELECT * FROM randomtable ORDER BY week ASC");
echo "<Table id='result' cellspacing='0'>
<tr class='toprow'>
<th>Week</th>
<th>Goal</th>
<th>Actual Number of Miles</th>
</tr>";
while($row = mysql_fetch_row($result))
{
echo "<tr class='standardrow'>";
echo "<td>$row[0]</td>";
echo "<td>$row[1]</td>";
echo "<td><form><input method='post' type='number'></form></td>";
echo "</tr>";
}
echo "</table>";
This piece of code resultet in a table with 10 weeks with 10 goals - and a column for the actual number of miles. This column should include 10 input forms where the actual number of miles can be submitted. But how do I relate the input from the submit form to the row in which the submit form is positioned?
The primary key is the week - so this would be the one to relate to.
Hope you understand what my problem is:)
To do this you would use a hidden input field.
When you echo each row, and the form in that row, you would simply add an extra line:
`<input type="hidden" name="row_id" value="' . $row['id_column'] . '" />';
In full, your code would be:
$result=mysql_query("SELECT * FROM randomtable ORDER BY week ASC");
echo "<Table id='result' cellspacing='0'>
<tr class='toprow'>
<th>Week</th>
<th>Goal</th>
<th>Actual Number of Miles</th>
</tr>";
while($row = mysql_fetch_row($result))
{
echo "<tr class='standardrow'>";
echo "<td>$row[0]</td>";
echo "<td>$row[1]</td>";
echo "<td>
<form>
<input method='post' type='number'>
<input type='hidden' name='row_id' value='" . $row['id_column'] . "' />
</form>
</td>";
echo "</tr>";
}
echo "</table>";
I think there should be some modifications that has to be done in loop.
echo "<td><form method='post'><input type='number' value='".$rows['col_name']."'><input type='submit' ></form></td>";
This code adds a submit button to each row. But, this shouldn't be what I think.
It should be rather this way,
echo "<form method='post'> ";
while($row = mysql_fetch_row($result))
{
echo "<tr class='standardrow'>";
echo "<td>$row[0]</td>";
echo "<td>$row[1]</td>";
echo "<td><input type='number' value='".$rows['col_name']."'></td>";
echo "</tr>";
}
echo "<input type='submit' ></form>";
Or make the input field look like this.
'<input type="text" name="row['.$row['id_column'].'][miles]" />';
It will return you an array when you post it.
foreach($_POST['row'] as $key => $value){
// $key is your primary key
// $value['miles'] is your input value
}
basically i have a database, which contains a random amount of questions
i have then printed this out as a php table using a query. there is as many textboxes to input marks as there are questions in the database.
I want to create an array of my inputted data and then update the database with the marks in.
Here is my code
echo "<table border = '0' cellpadding ='10px'>";
echo "<tr>
<td> Question <td>Mark</td><td>Criteria</td>
<td>Feedback</td>
</tr>";
while ($row = mysql_fetch_array($result))
{
$question[]=$rows['question'];
echo "<tr>";
echo "<td>". $row['question']. "</td>";
echo "<td>" ."<input type = 'text' name = 'mark[]' size = '1' value = '0' id = 'mark'/>/". $row['maxMark'] . "</td>";
$maxMark[] = $row['maxMark'];
echo "<td>".$row['criteria']."</td>";
echo "<td>" . "<textarea name = 'feedback[]' id= 'feedback'>Enter Feedback here</textarea>". "</td>";
echo "</tr>";
}
echo "</table>";
echo "</tr>\n";
echo "</table>";
I am not sure how to create the array, with the marks you input. please help.
In short i want to populate an array with the marks i input
This is rather easy to be done. All you have to do is setting the attribute name of your input controls and add an index.
Example:
<input type="text" name="name[0]" /><input type="text" name="mark[0]" />
<input type="text" name="name[1]" /><input type="text" name="mark[1]" />
The post (or get) data your script receives will then contain an array instead of a single variable.