We Keep Coding

How to delete multiple rows from mysql database with checkbox using PHP?

I try to delete my data in "admin" database, but the delete button does not function.
This is my top part
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="admin"; // Database name
$tbl_name="admin"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
?>
This is my checkbox code
<tbody>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td><?php echo $rows['course_code']; ?></td>
<td><?php echo $rows['course_name']; ?></td>
<td><?php echo $rows['lecture_id']; ?></td>
<td><input name="checkbox[]" type="checkbox"
id="checkbox[]" value="<?php echo $rows['course_code'];?>"></td>
<td><form>
</form>
</td>
</tr>
<?php
}
?>
</tbody>
and, this is my button code
<input type='button' id="delete" value='Delete' name='delete'>
This is my php function code
<?php
if(isset($_POST['delete'])){
for($i=0;$i<$count;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM $tbl_name WHERE course_code='$del_id'";
$result = mysql_query($sql);
}
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=delete.php\">";
}
}
mysql_close();
?>

include all the input elements within your <form> tags: <form> all inputs are here </form>
update:
<input name = "checkbox[]" type="checkbox" id="checkbox[]" value="<?php echo $rows['course_code'];?>">
to (id doesn't matter here):
<input name="checkbox[]" type="checkbox" value="<?php echo $rows['course_code'];?>"/>
and your button code:
<input type='button' id="delete" value='Delete' name='delete'>
to
<input type="submit" value="Delete"/>
set opening <form> tag to <form action="delete.php" method="post">
Note:
I assume below codes are in delete.php file. if not replace "delete.php" with that name in above opening form tag.
your delete.php file:
<?php
$cheks = implode("','", $_POST['checkbox']);
$sql = "delete from $tbl_name where course_code in ('$cheks')";
$result = mysql_query($sql) or die(mysql_error());
mysql_close();
?>
Note:
Since mysql_ will deprecate on future, better is use mysqli extension. But before use that, you have to enable it on your server. mysqli is a part of php and newer version of php has it but not enabled. To enable this, view php info page and find the path of php.ini file in "Loaded Configuration File" row on that page.
You can see php info page by loading below php file in the browser:
<?php
phpinfo();
?>
open that php.ini file in a text editor and un-comment or add a line extension=php_mysqli.dll at the extensions list there.
also search for "extension_dir" and open the directory it says and make sure php_mysqli.dll file is there.
(you may have .so extension if you not use windows OS)
Then restart your server and you are done!
By Fred -ii-
Using mysqli_ with prepared statements is indeed a better and
safer method. However, some will even suggest PDO, but even PDO
doesn't have some of the functionalities that mysqli_ offers;
strangely that. Even PDO needs sanitization. Many think that using PDO will solve injection issues, which is false.
-Thanks Fred.

try this code. it is working well.
connection.php
<?php $hostname_conection = "localhost"; /* this is the server name(assigned to variable) which is localhost since it runs on local machine */
$database_conection = "company"; /* this is the database name( assigned to variable)*/
$username_conection = "root"; /* user name (assigned to variable)*/
$password_conection = ""; /*password (assigned to variable) */
$conection = mysql_connect($hostname_conection, $username_conection, $password_conection) or trigger_error(mysql_error(),E_USER_ERROR); /* Mysql_connect function is used to conncet with database it takes three parameters server/hostname, username,and password*/
mysql_select_db($database_conection,$conection) or die(mysql_error("could not connect to database!")); /* Mysql_select is used to select the database it takes two parameters databasename and connection variable in this case $conection */
?>
multiple_delete.php
<?php require_once('conection.php'); ?>
<?php
in
/* now to display the data from the database which we inserted in above form we */ /* we make the query to select data from the table EMP */
$display = "select * from test_mysql";
$result = mysql_query($display, $conection) or die(mysql_error()); /* the query is executed and result of the query is stored in variable $result */
if ($result == FALSE) {
die(mysql_error()); /* displays error */
} ?> <h1 align="center"> Displaying Recods in Table </h1>
<form method="get" action="" id="deleteform" >
<table width="245" border="1" align="center">
<tr>
<td width="51">
<input type="submit" name="delete" id="button" value="delete" onclick="document.getElementById('deleteform').action = 'delete.php';document.getElementById('deleteform').submit();"/> <!--- here on clicking the button the form is submitted and action is set to delete.php Here we have used javaScript document refers to this whole page and now we can access any tag that has its id with help of getElementById() method and after the we specify the operation we want to perform in this case action and submit. --->
</td>
<td width="50">id</td>
<td width="55">name</td>
<td width="47">lastname</td>
</tr>
<?php
while ($rows = mysql_fetch_array($result))
{ /* here we make use of the while loop which fetch the data from the $result int array form and stores in $row now we can display each field from the table with $row[‘field_name’] as below */
?>
<tr>
<td>
<input type="checkbox" name="empids[]" value="<?php echo $rows['id']; ?>" /> <!--here with each checkbox we send the id of the record in the empids[] array --->
</td>
<td>
<?php echo $rows['id'] ?>
</td>
<td>
<?php echo $rows['lastname'] ?>
</td>
<td><?php echo $rows['name'] ?></td>
<?php } ?>
</tr>
</table>
</form> ?>
</body>
</html>
delete.php
<?php
require_once('conection.php');
?>
<?php
if (isset($_GET['delete'])) /* checks weather $_GET['delete'] is set*/
{
if (isset($_GET['empids'])) /* checks weather $_GET['empids'] is set */
{
$checkbox = $_GET['empids']; /* value is stored in $checbox variable */
if (is_array($checkbox))
{
foreach ($checkbox as $key => $your_slected_id) /* for each loop is used to get id and that id is used to delete the record below */
{
$q="DELETE FROM test_mysql WHERE id=$your_slected_id "; /* Sql query to delete the records whose id is equal to $your_slected_id */
mysql_query($q,$conection) ; /* runs the query */
}
header("location:multiple_delete.php"); /* Goes back to index.php */
}
} else
{
echo" you have not selected reords .. to delete";
}
} ?>

$sql = "SELECT * FROM blacklist";
$result = $link->query($sql);
$count=mysqli_num_rows($result);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc())
{
echo "<table>";
echo "<th>";
echo "<td>" . "ID: " . $row["id"]."</td>";
echo "<td>" . " Dial Target: " . $row["dial_target"]."</td>";
echo "<td>" . " Destination: " . $row["pozn"]."</td>";
echo "<td>" . " Date: " . $row["block_date"] . "</td>";
echo "<td>" . "<div class='background' style='position: relative; top:8px;'>" . "<form>" . "<input action='index.php' method='post' type='checkbox' name='chechbox[]' value='".$row["id"]."'/>" ."</form>" . "</div>" . "</td>";
echo "</th>";
echo "</table>";
echo "</br>";
}
}
else
{
echo "0 results";
}
if(isset($_POST['Delete']))
{
for($i=0;$i<$count;$i++)
{
$del_id = $checkbox[$i];
$del = "DELETE FROM blacklist WHERE Delete='$del_id'";
$result = $link->query($del);
}
if($result)
{
echo "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
}
}
<!-- DELETE BUTTON -->
<form>
<input type='Submit' id="Delete" value='Delete' name='Delete'/>
</form>

<?php
$args1 = array(
'role' => 'Vendor',
'orderby' => 'user_nicename',
'exclude' => $user_id.',1',
'order' => 'ASC'
);
$subscribers = get_users($args1); foreach ($subscribers as $user) {
$fvendorck = $wpdb->get_row("select * from wp_vandor where parent_id = '".$user_id."' and child_id = '".$user->id."'");
$isfavvendor = $fvendorck->child_id;
if(!empty($isfavvendor)) {
?>
<li><input type="checkbox" id="listID" value='<?php echo $user->id; ?>' name="chk1[]" checked=""/><?php echo $user->headline; ?></li>
<?php }else{ ?>
<li><input type="checkbox" id="listID" value='<?php echo $user->id; ?>' name="chk1[]" /><?php echo $user->headline; ?></li>
<?php } }?>
</ul>

How to edit, delete and add in php mysql without jquery or java script?

I am trying to delete , edit and add new recodes on the same page but it seems am failing to make it work .And I do not want to do it using ajax jquery or java script but only php .I need some help please below are my code :
<?php
include_once('con.php');
$strSQL = "SELECT film_id, name
from
filmsbox";
$rs = mysql_query($strSQL);
echo "<table border='1' ><tr bgcolor='#eeeeee'><td>Name</td> <td colspan='2'>Action</td></tr>";
while($row = mysql_fetch_assoc($rs))
{
$film_id = $row['film_id'];
$name = $row['name'];
$hometeam= mysql_real_escape_string($name);
echo "<tr bgcolor='#eeeee'><td>$name</td> <td><a href='index.php?film_id=$film_id' name ='edit'>Edit</a></td><td><a href='index.php?film_id=$film_id' name ='delete'>Delete</a></td></tr>";
}
?>
<?php
$strSQL = "SELECT film_id, name
from
filmsbox";
$rs = mysql_query($strSQL);
$row = mysql_fetch_assoc($rs);
$film_id= $row['film_id'];
$name = $row['name'];
$name = mysql_real_escape_string($name);
$film_id= $_GET['film_id'];
?>
<?php
if(isset($_POST['edit'])){
?>
<table>
<form action="index.php" method="post">
<tr>
<td>
Name
</td>
<td>
<input type = "text" name = "name" value="<?php echo $name;?>">
</td>
</tr>
<input name="film_id" type="hidden" id="film_id" value="<?php echo $film_id; ?>">
<tr>
<td>
<input type = "submit" name = "submit" value="update">
</td>
</tr>
<?php
$name = (isset($_POST['name']))? trim($_POST['name']): '';
$film_id = $_POST['film_id'];
$sql = "UPDATE filmsbox SET name='$name'
WHERE film_id ='$film_id'";
$result = mysql_query($sql);
if($result)
{
echo "Success";
}
else
{
echo "Error";
}
}
?>
<?php
/*Delete section*/
if(isset($_POST['delete']))
{
$film_id = $_GET['film_id'];
$delete = "DELETE FROM filmsbox WHERE film_id = '$film_id'";
$result = mysql_query($delete);
if($result)
{
echo "Record deleted successfuly ";
}
else
{
echo "No data deleted";
}
}
?>

Couple of pointers:
You only need to escape values before they go into the database, not when they come out and are used in HTML i.e $hometeam = mysql_real_escape_string($name);
You are pulling the same query from the database twice in quick succession which is not needed. You can remove one of the 2 $strSQL = "SELECT film_id, name
from
filmsbox";
$rs = mysql_query($strSQL); sections from the top of your code
You need to run any update/delete queries on the data before you then do your select query to pull out the records for the page, otherwise your changes will not be shown
You should be escaping the values for your update and delete queries to prevent SQL injection
Edit:
To reload the page in an edit mode, you need to change the link URL in the table to something like
<a href='index.php?film_id=$film_id&edit=1' name ='edit'>Edit</a>
Then your edit block needs to be
if ($_GET['edit']) {
I want to be clear this is not in any way a secure method of editing values, as anyone can put ?edit=1 on the url and get to the form

phpmysql update set while uploading image

I am really struggling trying to get something very simple achieved.
Essentially, I have an images table called galleryimages and a location on the server where images are stored. What I am trying to do is overwrite the source field for a given category in the table while the upload is going through.
My code will add the new image to the server, but not update the MySQL table for some reason (I can however add new lines to it although I want to keep the existing data in the table and simply change the "photo" field which locates the image).
My PHP is:
<?php include 'dbc.php'; page_protect();
if(!checkAdmin()) {header("Location: login.php");
exit();
}
$host = $_SERVER['HTTP_HOST'];
$host_upper = strtoupper($host);
$login_path = #ereg_replace('admin','',dirname($_SERVER['PHP_SELF']));
$path = rtrim($login_path, '/\\');
foreach($_GET as $key => $value) {
$get[$key] = filter($value);
}
foreach($_POST as $key => $value) {
$post[$key] = filter($value);
}
?>
<?php
if($_FILES['photo'])
{
$target = "galleries/test/";
$target = $target . basename( $_FILES['photo']['name']);
$title = mysql_real_escape_string($_POST['title']);
$pic = "galleries/test/" .(mysql_real_escape_string($_FILES['photo']['name']));
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
mysql_query("update `galleryimages` set (`title`, `photo`) VALUES ('$title', '$pic')") ;
echo "Success";
}
else
{
echo "Failure";
}
}
?>
And the HTML is:
```html
</head>
<body>
<form enctype="multipart/form-data" action="addgallery1.php" method="POST">
<table width="100%" border="2" cellpadding="5"class="myaccount">
<tr>
<td>Category: </td>
<td><select name="title" id="select8">
<option value="Landscape Pots">Landscape Pots</option>
</select></td>
</tr>
<tr>
<td>Image: </td>
<td><input type="file" name="photo" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" class="CMSbutton" value="Add" /></td>
</tr>
</table>
</form>
</body>
</html>
Now I am fairly sure the problem exists in the line:
if(move_uploaded_file($_FILES['photo']['tmp_name'], $target))
{
mysql_query("update `galleryimages` set (`title`, `photo`) VALUES ('$title', '$pic')") ;
echo "Success";
}
but need some help to determine if this is indeed the case - and if so how I can get it to update the MySQL table - at the moment the PHP echoes Success but does not make any update to the "photo" column in MySQL.
Hope this makes sense and one of you coding geniuses can help me resolve this - its taken me hours of trial and error but still cant get it working!!!
thanks in advance to any and all help
JD

some thing wrong here
mysql_query("update `galleryimages` set (`title`, `photo`) VALUES ('$title', '$pic')") ;
it should be like
mysql_query("update `galleryimages` set `title`='$title', `photo`= '$pic'") ;
more info here: http://dev.mysql.com/doc/refman/5.0/en/update.html

Your MySQL query is wrong:
update `galleryimages` set `title`='$title', `photo`='$pic'
But be warned: This will update ALL rows in this table! You should add a WHERE clause to update one specific row.

HTML/PHP Survey not passing to MySQL database properly

I'm trying to make a small survey that populates the selections for the dropdown menu from a list of names from a database. The survey does this properly. I want to submit the quote the user submits with this name into a quote database. The quote text they enter into the field goes in properly, however, the name selected from the menu does not get passed in. Instead I get a blank name field.
I understand some of my code is out of context, but the name is the only thing that does not get passed in properly.
On form submit, I include the php file that submits this data to the database:
<form action="<?php $name = $_POST['name']; include "formsubmit.php";?>" method="post">
<label> <br />What did they say?: <br />
<textarea name="quotetext" rows="10" cols="26"></textarea></label>
<input type="submit" value="Submit!" />
</form>
The variable $name comes from this (which populates my dropdown menu):
echo "<select name='name'>";
while ($temp = mysql_fetch_assoc($query)) {
echo "<option>".htmlspecialchars($temp['name'])."</option>";
}
echo "</select>";
And here is my formsubmit.php:
<?php:
mysql_select_db('quotes');
if (isset($_POST['quotetext'])) {
$quotetext = $_POST['quotetext'];
$ident = 'yankees';
$sql = "INSERT INTO quote SET
quotetext='$quotetext',
nametext='$name',
ident='$ident',
quotedate=CURDATE()";
header("Location: quotes.php");
if (#mysql_query($sql)) {
} else {
echo '<p> Error adding quote: ' .
mysql_error() . '</p>';
}
}
?>

Your form action stuff looks weird, but regardless, I think the problem you're having has to do with not setting $name = $_POST['name'] like you're doing with $quotetext = $_POST['quotetext']. Do that before the sql statement and it should be good to go.
edit to try to help you further, I'll include what the overall structure of your code should be, and you should tweak it to fit your actual code (whatever you're leaving out, such as setting $query for your name options):
file 1:
<form action="formsubmit.php" method="post">
<label> <br />What did they say?: <br />
<textarea name="quotetext" rows="10" cols="26"></textarea></label>
<select name='name'>
<?php
while ($temp = mysql_fetch_assoc($query)) {
echo "<option>".htmlspecialchars($temp['name'])."</option>";
}
?>
</select>
<input type="submit" value="Submit!" />
</form>
formsubmit.php:
<?php
mysql_select_db('quotes');
if (isset($_POST['quotetext'])) {
$quotetext = $_POST['quotetext'];
$name = $_POST['name'];
$ident = 'yankees';
$sql = "INSERT INTO quote SET
quotetext='$quotetext',
nametext='$name',
ident='$ident',
quotedate=CURDATE()";
if (#mysql_query($sql)) {
header("Location: quotes.php");
} else {
echo '<p> Error adding quote: ' .
mysql_error() . '</p>';
}
}
?>

echo "<select name='name'>";
while ($temp = mysql_fetch_assoc($query)) {
$nyme = htmlspecialchars($temp['name']);
echo "<option value='$nyme'>$nyme</option>";
}
echo "</select>";-
This way you will receive the value of the name in $_POST array
and you have to get that value out of $_POST array as well you need to change the
code add the following line to get the name in your script.
$name = $_POST['name'];
you need to change the form action tag
<form action='formsubmit.php' .....>
and in that file after successful insertion you can redirect the user to whereever.php.
so it was fun explaining you every thing bit by bit change this now in your code as well.
if (#mysql_query($sql)) {
header("Location: quotes.php");
} else {
echo '<p> Error adding quote: ' .
mysql_error() . '</p>';
}

'Edit' function for forum posts and such

I was looking online for a script that demonstrates how I would go about making it possible for users on my site able to edit fields and such, but I could not find anything about it. So I was wondering if someone could explain to me how it works or just demonstrate with a script? To make it clear, I want users to be able to edit stuff that they've submitted by simply clicking 'edit' and pressing a button to update whatever it was they changed.
Edit: I forgot to mention that what's been changed should update a table in a MySQL database.

You need 2 PHP files to do this. You could use a single file but the concept is easier to explain this way.
A form that will load the database content into the fields where users can then edit the values and then submit them for change by pressing a button once done.
A file that receives the changed information and updates the database.
Here is a code example for the first file:
<?php
// connect to SQL
$dbcnx = #mysql_connect("localhost", "db_name", "password");
if (!$dbcnx) {
echo( "<P>Unable to connect to the database server at this time.</P>" );
exit();
}
// connect to database
$dbcon = #mysql_select_db("db_table", $dbcnx);
if (!$dbcon) {
echo( "<P>Unable to locate DB table at this time.</P>" );
exit();
}
#data preparation for the query
$id = intval($_GET["id"]);
# selects title and description fields from database
$sql = "SELECT * FROM table_name WHERE id=$id";
$result = mysql_query($sql) or die(mysql_error());
# retrieved by using $row['col_name']
$row = mysql_fetch_array($result);
?>
<h3>Edit</h3>
<form action="save_edit.php" enctype="multipart/form-data" method="post" name="myForm" />
<table>
<tr>
<td><b>Title</b></td>
<td><input type="text" size="70" maxlength="100" name="title" value="<?php echo $row['title'] ?>"></td>
</tr>
<tr>
<td><b>Description</b></td>
<td><textarea cols="80" rows="18" name="description"><?php echo $row['description']; ?></textarea></td>
</tr>
</table>
<input type="hidden" name="id" value="<?php echo $id; ?>" />
<input name="enter" type="submit" value="Edit">
</form>
<?php
mysql_close($dbcnx);
?>
And here is an example of code for the second file where it receives the changes made by the user and updates the database.
<?php
// connect to SQL
$dbcnx = #mysql_connect("localhost", "db_name", "password");
if (!$dbcnx) {
echo( "<P>Unable to connect to the database server at this time.</P>" );
exit();
}
// connect to database
$dbcon = #mysql_select_db("db_table", $dbcnx);
if (!$dbcon) {
echo( "<P>Unable to locate DB table at this time.</P>" );
exit();
}
#data preparation for the query
$id = intval($_POST["id"]);
foreach ($_POST as $key => $value) $_POST[$key] = mysql_real_escape_string($value);
$sql = "UPDATE table_name SET
title='$_POST[title]',
description='$_POST[description]',
WHERE id=$id";
if (!mysql_query($sql,$dbcnx)) {
die('Error: ' . mysql_error());
}
mysql_close($dbcnx);
header ("location: http://www.domain.com/url_to_go_to_after_update");
?>

If you just need an idea how to create a basic edit form in PhP, that's easy enough. When they click the edit button take them to a new form. Pull the content from the database, using whatever database accessing api you are, and then initialize the field with it. For example, where $content has the content of the field:
echo '<textarea name="content">'.htmlspecialchars($content).'</textarea>';
When they submit the form, take whats now in the field and use it to update the table. It's the same as the original insert script, except that you use update statements instead of insert.

I'm not sure I understood what you said. If you want a way to edit things in place, you can use this jQuery plugin: Jeditable (with Ajax).

To extend Daniel's code a bit
<?php
$filename = "file.txt";
if ($_SERVER['REQUEST_METHOD'] == 'POST']) {
file_put_contents($filename, $_POST['content']);
header("Location: ".$_SERVER['PHP_SELF']);
exit;
}
$content = htmlspecialchars(file_get_contents($filename));
?>
<form method="POST">
<textarea name="content"><?php echo $content?></textarea><br>
<input type="submit">
</form>