Why does this not show the changes after submit? The page has to be refreshed AFTER submission to see the changes.
$full_path = 'users/'.$_SESSION['user_id'].'/images/'.$name;
if($query = mysql_query("UPDATE user_info
SET user_image = '$full_path'
WHERE user_id = '".$_SESSION['user_id']."' AND
username = '".$_GET['username']."'
"))
{
if(move_uploaded_file($tmp_name, '/Applications/XAMPP/xamppfiles/htdocs/'.$full_path)) {
echo 'Got it!';
}
}
So, if I upload / click submit, the query is successful, but you can't see the changes until an additional page refresh.
Make sure that your update query is before your select for your data in the execution of the PHP page.
You need to fix your SQL, you are just leaving yourself open for SQL injection, with using $_GET['username'] directly in your SQL query.
Please look at utilizing parameterization, also keep in mind that order counts when you develop these things. TOP -> DOWN.
If you have a display SQL call BEFORE your UPDATE call, then you will have to refresh again to see changes from the UPDATE SQL call.
You should do a GET redirect after POST request anyway.
Related
MY HOME PAGE
$val="SELECT Visit FROM signup WHERE Name = '$myusername'";
$rlt = mysqli_query($conn,$val);
$rw= mysqli_fetch_array($rlt,MYSQLI_ASSOC);
$_SESSION['login_user'] = $myusername;
$inc=++$rw["Visit"];
$valnew="UPDATE table signup set Visit =$inc where Name=$myusername "
mysqli_query($conn,$valnew);
$_SESSION['query'] = $inc;
After login Page
$check = $_SESSION['query'];
echo "You are visiting this page".$check." times";
motive: - when the user logged in, will able to see his no. of visits.
problem: update query is not working, that's why always echo 1-time visit.
Your update query is wrong, First test your query on localhost phpmyadmin and then try to integrate it in your code.
change
UPDATE table signup set Visit =$inc where Name=$myusername
to
UPDATE signup set Visit =$inc where Name='$myusername';
You can use the self-increment of MySQL to make this feasible.
UPDATE query should be in the form like this:
UPDATE table_name SET column={value} WHERE {case}
Also, when the query condition is not numerical, and without data binding, you should quote it with quotation marks.
$valnew = "UPDATE signup set Visit=Visit+1 where Name='{$myusername}'";
Also, your original code has a problem of atomicity, with this code, will make the increment query atomic.
Learn more about ACID (Atomicity, Consistency, Isolation, Durability) here.
I have made this function to delete the record from the table. When the delete operation is done, the page displays all data(including the deleted one), But, I need to refresh or reload the page to see the results after I have deleted the row. How it can be done in following code? Thanx in advance!!
public function deletedata(){
if(isset($_GET['del_id'])){
$delete_id = $_GET['del_id'];
$query ="DELETE FROM tbl_data WHERE project_id ='".$delete_id."' ";
$this->databaseObject->getConnection()->query($query);
}
Usually you'd use the header function to reload a page.
Something like this should work: header('Location: '.$_SERVER['REQUEST_URI']);
http://php.net/manual/en/function.header.php
Alternatively, depending on the structure of your code you could simply call the delete code before the code that retrieves the records. That way you'd avoid the need to reload the page.
As mentioned in laurencek's alternative, there's probably no need to reload the page.
Just perform any necessary record deletion before rendering the HTML.
<?php
$delete_id=isset($_GET['del_id'])&&is_numeric($_GET['del_id'])?$_GET['del_id']:false;
if ($delete_id) {
$query ="DELETE FROM tbl_data WHERE project_id ='".$delete_id."' ";
$this->databaseObject->getConnection()->query($query);
}
$query ="SELECT * FROM tbl_data WHERE 1;";
$this->databaseObject->getConnection()->query($query);
?>
<html>
// some php/html to loop through the query and display records
</html>
This assumes your IDs are numeric.
If not, I strongly suggest checking/escaping the variable before introducing it to your database.
This piece of code has been tripping me out for the past four hours. It is deleting a row of photos by the primary ID.
I have var_dump($selectedPhoto) and it is the correct ID, a number. My code will run every time I press delete photo, get to the mysqli_stmt_store_result part and shoots out the $txtMessage, But the database does not update.
This is really weird because I have used the exact same code, with different variables on another page and it works perfectly fine.
Can you see any errors by looking at this? OR have a better way to writing the delete statement.
if (isset($_POST['btnDeletePhoto']))
{
$selectedPhoto = $_SESSION['selectedPhoto'];
$deleteString = "DELETE FROM Photos WHERE PhotoID = ?";
$preparedDeleteStmt = mysqli_prepare($link, $deleteString);
mysqli_stmt_bind_param($preparedDeleteStmt, 'i', $selectedPhoto);
if (!mysqli_stmt_execute($preparedDeleteStmt))
{
mysqli_close($link);
die("The system is not available, try again later");
}
if(mysqli_stmt_store_result($preparedDeleteStmt))
{
$txtMessage = "Delete successfull";
}
To add: $selectedPhoto is a value of a select, drop down list value.
If the photo comes from the value of a select, it is not going to be stored in a session variable, so you probably need to change:
$selectedPhoto = $_SESSION['selectedPhoto'];
to:
$selectedPhoto = $_POST['selectedPhoto'];
Apart from that you need to add error handling to all database operations.
Am fairly new to PHP and am making a basic CRUD style management system. I Have an update page and it displays data from a News table, and populates a form with it. The current picture ?(reference) is pulled through and displayed on the form. However if a user wants to change the picture they can press a 'delete' button and then I have written some PHP to display a upload button, set the values in the database for the image to null and hide the delete button, allowing the user to upload a new picture.
The Delete button only removes the reference (path) to the picture from the database, it doesn't delete the actual picture.
This is the HTML control to show the image and delete button. It also shows how the delete button works:
<td align="right">Image 1:</td>
<td align="left"><img src="uploads/newsimages/<?php echo $row["Image"]; ?>" width="230" border="0"> delete</td>
As you can see, when clicked it sets change=imagex and cid= the current news id.
There is then an if statement I have written, but it doesn't seem to only get activated when the delete button is clicked. Because I always get an error that 'cid' is undefined. It is as follows:
<?php
if (isset($_GET['change'] = "image1") {
$query = "UPDATE Table_Name SET Image = '' WHERE NewsID =".$_GET['cid']." ";
}
?>
I am pretty sure my lack of PHP knowledge is letting me down and I am trying to go about this the wrong way, because however I alter the if statement it always gives me an error. First it was cid is undefined so I changed to id but i already use that for something else, another query/function. I hope that all amde sense, can anyone tell me where Im going wrong?
You are missing a parenthesis + you have to specify individually:
if (isset($_GET['change'] = "image1") {
Change to:
if (isset($_GET['change']) && $_GET['change'] == "image1") {
Some more things to consider:
1) Don't use unsanitized values directly from $_GET in a mysql query
WHERE NewsID =".$_GET['cid']."
It is very easy to exploit this with some funky sql injection (see http://xkcd.com/327/ ).
If you are using numeric values for cid, you should cast your $_GET value to integer to prevent sql injection:
$cid = (int)$_GET['cid];
$query = '(...)WHERE NewsID = '.$cid.' limit 1';
Or even better:
$cid = (int)(array_key_exists('cid', $_GET) ? $_GET['cid'] : 0);
if ($cid) {
$query = (...)
}
If you need this kind of sanitizing in different places, you should think about writing a helper function for it to keep your code readable.
2) Don't use GET requests to change data on your server
Imagine a google bot browsing your site and following all those links that you use to delete images. Other scenarios involve users with prefetch plugins for their browsers (e.g. Fasterfox). Also, GET requests may be cached by proxies and browsers, so that the request won't hit the server if you click the link.
The HTTP specification comes with numerous request methods, the most important ones are:
GET to fetch content from the server
PUT to store new information on the server
POST to update existing information on the server
To update your news record (by removing the image) the appropriate method would be POST. To send a POST request, you can use the <form method="POST"> tag.
try this
<?php
if (isset($_GET['change']) && $_GET['change'] == "image1") {
$query = "UPDATE Table_Name SET Image = '' WHERE NewsID =".$_GET['cid']." ";
}
?>
I have a bit of an issue with my code.
I'm making an administrative panel for users to add things to the database. On occasion, they might try to save data without changing it (open a dialog, click save without changing anything). This, of course, will make mysql_affected_rows() return '0' when checking to see if the UPDATE query worked.
Is there another query to make that will always UPDATE regardless of whether the data is the same or not (or can I modify a simple UPDATE query to always update)?
EDIT
This is for users who don't have programming experience. Of course you wouldn't want to update if there's no reason to, but when a user tries to update and it doesn't happen I end up showing a failure message. Rather than there being something wrong, its just it doesn't need to be updated. I need a way to show the user that, instead of a generic 'failure' message. If it failed for another reason, I still need to know.
From the MySQL Documentation:
If you set a column to the value it currently has, MySQL notices this
and does not update it.
Instead of checking mysql_affected_rows, just check to see if the query was successful:
if(!mysql_query("UPDATE ..."))
{
//failure
}
else
{
$verification = mysql_query("SELECT ROW_COUNT() as rows_affected");
$row = mysql_fetch_row($verification);
$rows_affected = $row[0];
if ($rows_affected > 0)
{
//update was performed
}
else
{
//no update was needed
}
}