i am sorry for the dummy question. Here is my simple PHP form with two SQL tables and with the ADD submit button I would like to move people from Test1 to Test2. Many thing are fine:( only the submit button does't work therefore no feedback from Test2 table.
Revised: Submit now works great
Q2 - still don't get the checkboxs to work:( - please
Could somebody show me how to track back such an error like this please?
<?php include("db_connect.php");?>
<html>
<head></head>
<body>
<form method="post" action="moving.php">
<table border="1">
<tr>
<td>
<?php
$left='SELECT * FROM test1 ORDER BY name ASC';
$result1=mysql_query($left);
$count=mysql_num_rows($result1);
while($resulta = mysql_fetch_array($result1)) {
?>
<input name="checkbox[]" type="checkbox" id="checkbox[]" value="<? echo $resulta['id']; ?>"/> <? echo $resulta['name']; ?>
<br />
<?php } ?>
</td>
<td><input type="submit" id="add" name="add" value="Add" /></td>
<td>
<?php
$rigth='SELECT * FROM test2,test1 WHERE test2.collect=test1.id ORDER BY test1.name ASC';
$result2=mysql_query($right);
while($resultb = mysql_fetch_array($result2)) {
echo $resultb['id'] ;
echo "<br />";
}
?>
</td>
</tr>
</table>
<?php
// Check if add button active, start this
if (isset($_POST['add'])) {
for ($i=0;$i<$count;$i++) {
$add_id = $checkbox[$i];
if ($add_id=='1') {
$sql = "INSERT INTO test2 (status, collect) VALUES(1, 1)";
$result = mysql_query($sql);
}
}
// if successful redirect to delete_multiple.php
if ($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=moving.php\">";
}
}
mysql_close();
?>
</form>
</body>
</html>
thanks:) from a beginner
where does $count come from?
Try using count($_POST['checkbox']) instead on your INSERT statement. Then you can iterate over the checkboxes using:
for ($c = 0; $c < count($_POST['checkbox']); $c++){
$checkbox = $_POST['checkbox'][$c];
...INSERT action...
}
In the sample code, you store the statement in a variable named $rigth, but you (try to) execute a statement stored in a variable named $right.
There are a couple things you can do to catch errors.
Try static code analysis; some tools can tell you if a variable is used only once (an indication it may be a typo).
Handle errors. Some functions return a special value if there's an error (False is a common one); for these functions, there is usually a related function that will return error information. Some functions will throw an exception; catch them where they can be appropriately taken care of. System error messages shouldn't be displayed to non-admin users so you don't disclose too much information.
Use an interactive debugger. For example, install the Xdebug extension on your development server (you do use a dev server, right?) and use an Xdebug compatible debugger.
the solution - not nice but it works - thanks for all the comments and help!!!
<?php include("db_connect.php");?>
<html>
<head>
</head>
<body>
<form method="post" action="test.php">
New:
<?php
$left='SELECT * FROM test1 ORDER BY name ASC';
$result1=mysql_query($left);
$count=mysql_num_rows($result1);
while($resulta = mysql_fetch_array($result1))
{
?>
<input name="checkbox_add[]" type="checkbox" id="checkbox_add[]" value="<? echo $resulta['id']; ?>"/> <? echo $resulta['name']; ?>
<br />
<?php
}
?>
</td> <td><input type="submit" id="add" name="add" value="Add" /><br /><input type="submit" id="delete" name="delete" value="Del" /></td><td>
<?php
$right='SELECT test2.id, test1.name FROM test2, test1 WHERE test1.id=test2.collect AND test2.status=1';
$result2=mysql_query($right);
while($resultb = mysql_fetch_array($result2))
{
?>
<input name="checkbox_del[]" type="checkbox" id="checkbox_del[]" value="<?php echo $resultb['id']; ?>"/>, <?php echo $resultb['id']; ?>, <? echo $resultb['name']; ?>
<br />
<?php
}
?>
</td></tr></table>
<?php
// Check if add button active, start this
if (isset($_POST['add'])) {
for ($c = 0; $c < count($_POST['checkbox_add']); $c++){
$checkbox_add = $_POST['checkbox_add'][$c];
$sql = "INSERT INTO test2 (status, collect) VALUES(1, ".$checkbox_add.")";
echo $sql;
$result = mysql_query($sql);
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=test.php\">";
}
}
}
elseif (isset($_POST['delete'])) {
for ($c = 0; $c < count($_POST['checkbox_del']); $c++){
$checkbox_del = $_POST['checkbox_del'][$c];
echo date("Y-m-d");
$sql = "UPDATE test2 SET status='2', log='".date('Y-m-d')."' Where id=".$checkbox_del;
echo $sql;
$result = mysql_query($sql);
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=test.php\">";
}
}
}
elseif (isset($_POST['new'])) {
$sql = "INSERT INTO test1 (status, name) VALUES(1, '".$_POST['newitem']."')";
echo $sql;
$result = mysql_query($sql);
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=test.php\">";
}
}
mysql_close();
?>
</form>
</body>
</html>
Related
I am doing project for my university. I create a page where user can send friend request. Here I fetch data from another table and put button for each row data.
My problem is that when one button click other row button also was change to friend request. I need a solution for it.
How to make one add friend request button is equal to one row id and how to avoid other button affected whenever click particular row.
My code is included below. I hope you guys will help me. Thanks in advance.
<?php
session_start();
$_SESSION['myid'];
$mysqli=new MySQLi('127.0.0.1','root','','learning_malaysia');
$sql = "SELECT * FROM tutor_register INNER JOIN tutorskill ON tutor_register.register_ID = tutorskill.register_ID ORDER BY
tutor_register.register_ID='".$_SESSION['myid']."'desc";
$result= mysqli_query($mysqli,$sql);
if(mysqli_num_rows($result)>0)
{
while($row = mysqli_fetch_array($result))
{
$register_ID=$row["register_ID"];
$username = $row['username'];
$profile = $row['profile'];
$email = $row['email'];
$address=$row['address'];
$gender=$row['gender'];
$main_subject=$row["main_subject"];
$subject_add=$row["subject_add"];
$rate_main=$row["rate_main"];
$rate_add=$row["rate_add"];
$qualification=$row["qualification"];
?>
<table><form method="post">
<tr class="border_bottom">
<td height="230"><img src='<?php echo $profile;?>'width="200" height="200"/> </td><td><td></td></td>
<?php
if($register_ID == $_SESSION['myid']){
?>
<td><label>Your Profile</label></td>
<?php
} else {
?>
<form method="post">
<td><button class='friendBtn unfriend' name="" data-type="unfriend">Unfriend</button>
<input type="hidden" name="id" value="<?php echo $row['register_ID'];?>" />
<input type="submit" name="addfriend" data-type='addfriend' id="addfriend" value="<?php
if($_SESSION['status'] == 'yes'){
echo 'Request Sent';
}
else {
echo 'Addfriend';}
?>" data-uid=<?php echo $row['register_ID'];?>/></td> </form>
<?php
}
}
?>
</tr>
</div>
</table>
</form>
<?php
if(isset($_POST['id']) ) {
$user_id = $_SESSION['myid'];
$friend_id = $_POST['id'];
$sql="INSERT INTO friends(user_id,status,friend_id)" ."VALUES('$user_id','yes','$friend_id') ";
if($mysqli->query($sql)=== true) {
$_SESSION['status']="yes";
$_SESSION['id']=$row['id'];
} else {}
}
}
?>
</body>
</html>
You need to replace the following block in your code:
<input type="submit" name="addfriend" data-type='addfriend' id="addfriend" value="<?php
if($_SESSION['status'] == 'yes'){
echo 'Request Sent';
}
else {
echo 'Addfriend';}
?>" data-uid=<?php echo $row['register_ID'];?>/>
With the one mentioned below. This will solve your problem.
<input type="submit" name="addfriend" data-type='addfriend' id="addfriend" value="<?php
if($_SESSION['status'] == 'yes' && $row['register_ID']==$_SESSION['id']){
echo 'Request Sent';
}
else {
echo 'Addfriend';}
?>" data-uid=<?php echo $row['register_ID'];?>/>
I'm relativity new to php and just testing out some code. The odd thing is that the code both does/doesn't work. The code should check a MySQLi database to determine the state of the check box and then apply that state to the checkbox. What the code currently does is designate the checkbox state based solely off the value of the if condition, regardless of the MySQLi database values.
Here is the code for the html page, it's the if statement near the bottom that's causing issues;
<?php
include_once 'includes/dbh.inc.php';
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
$sql_1 = "SELECT * FROM test2;";
$results = mysqli_query($conn, $sql_1) or die('Error getting data.');
echo(string) "<table>";
echo "<tr><th>state</th><th>id</th></tr>";
while($row = mysqli_fetch_array($results, MYSQLI_ASSOC)) {
echo "<tr><td>";
echo $row['state'];
echo "</td><td>";
echo $row['id'];
echo "</td></tr>";
}
echo "</table>";
?>
<form action="includes/checkbox.inc.php" method="post">
<input type="hidden" name="checkbox1" value="0">
<input type="checkbox" name="checkbox1" value="1"
<?php
$sql_2 = mysqli_query($conn, "SELECT state FROM test2 WHERE id = '0'") or die('Error getting data.');
if ($sql_2 == "0") {
echo "checked";
} else {
echo " ";
}
mysqli_close($conn);
?>
> Item 1<br>
<input type="hidden" name="checkbox2" value="0">
<input type="checkbox" name="checkbox2" value="1" checked> Item 2<br>
<input type="submit" name="Submit" value="Submit">
</form>
<br>
Reset<br>
</body>
</html>
The odd thing about this code is that the if ($sql_2 == "0") results in the checkbox remaining unchecked, but changing the 0 to a 1, if ($sql_2 == "1") results in the checkbox remaining checked. Both results are regardless of what the database shows.
I know all the other bits of code work, because when I check the checkbox and submit, it updates the database and displays it correctly (the reverse is also true).
If anyone knows why if ($sql_2 == "0") is not working, please let me know. I've even checked other stack overflow postings, and as far as I can tell, everything should be coded properly.
Edit:
I should have stated that in the above question, changing the = to == or reversing the order doesn't fix the problem. The if statement still only returns the else statement.
I've done additional research and think that the issue is related to the use of mysqli_query to retrieve the data, as it should likely be mysqli_fetch_row.
if ($sql_2 = "0") will make the value of $sql2 to '0' and this condition will be always true
change it to
if ($sql_2 == "0")
to prevent the accidental assignment you can do like below
if ("0"==$sql_2)
ISSUE FIXED
The solution was to add a mysqli_data_seek() to the php, below is the working code.
<?php
include_once 'includes/dbh.inc.php';
?>
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
$sql_1 = "SELECT * FROM test2;";
$result_1 = mysqli_query($conn, $sql_1) or die('Error getting data.');
echo(string) "<table>";
echo "<tr><th>state</th><th>id</th></tr>";
while($row = mysqli_fetch_array($result_1, MYSQLI_ASSOC)) {
echo "<tr><td>";
echo $row['state'];
echo "</td><td>";
echo $row['id'];
echo "</td></tr>";
}
echo "</table>";
$query_1 = "SELECT state, id FROM test2 ORDER BY id";
$sql_3 = mysqli_query($conn, $query_1) or die('Error getting data.');
if ($result_2 = $sql_3) {
mysqli_data_seek($result_2, 0);
$row_1 = mysqli_fetch_row($result_2);
}
if ($result_3 = $sql_3) {
mysqli_data_seek($result_3, 1);
$row_2 = mysqli_fetch_row($result_3);
}
?>
<form action="includes/checkbox.inc.php" method="post">
<input type="hidden" name="checkbox1" value="0">
<input type="checkbox" name="checkbox1" value="1"
<?php
if ($row_1[0]=="1") {
echo "checked";
} else {
echo " ";
}
?>
> Item 1<br>
<input type="hidden" name="checkbox2" value="0">
<input type="checkbox" name="checkbox2" value="1"
<?php
if ($row_2[0]=="1") {
echo "checked";
} else {
echo " ";
}
?>
> Item 2<br>
<input type="submit" name="Submit" value="Submit">
</form>
<br>
Reset
<br>
<?php
mysqli_close($conn);
?>
</body>
</html>
I try to delete my data in "admin" database, but the delete button does not function.
This is my top part
<?php
$host="localhost"; // Host name
$username="root"; // Mysql username
$password=""; // Mysql password
$db_name="admin"; // Database name
$tbl_name="admin"; // Table name
// Connect to server and select databse.
mysql_connect("$host", "$username", "$password")or die("cannot connect");
mysql_select_db("$db_name")or die("cannot select DB");
$sql="SELECT * FROM $tbl_name";
$result=mysql_query($sql);
$count=mysql_num_rows($result);
?>
This is my checkbox code
<tbody>
<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td><?php echo $rows['course_code']; ?></td>
<td><?php echo $rows['course_name']; ?></td>
<td><?php echo $rows['lecture_id']; ?></td>
<td><input name="checkbox[]" type="checkbox"
id="checkbox[]" value="<?php echo $rows['course_code'];?>"></td>
<td><form>
</form>
</td>
</tr>
<?php
}
?>
</tbody>
and, this is my button code
<input type='button' id="delete" value='Delete' name='delete'>
This is my php function code
<?php
if(isset($_POST['delete'])){
for($i=0;$i<$count;$i++){
$del_id = $checkbox[$i];
$sql = "DELETE FROM $tbl_name WHERE course_code='$del_id'";
$result = mysql_query($sql);
}
if($result){
echo "<meta http-equiv=\"refresh\" content=\"0;URL=delete.php\">";
}
}
mysql_close();
?>
include all the input elements within your <form> tags: <form> all inputs are here </form>
update:
<input name = "checkbox[]" type="checkbox" id="checkbox[]" value="<?php echo $rows['course_code'];?>">
to (id doesn't matter here):
<input name="checkbox[]" type="checkbox" value="<?php echo $rows['course_code'];?>"/>
and your button code:
<input type='button' id="delete" value='Delete' name='delete'>
to
<input type="submit" value="Delete"/>
set opening <form> tag to <form action="delete.php" method="post">
Note:
I assume below codes are in delete.php file. if not replace "delete.php" with that name in above opening form tag.
your delete.php file:
<?php
$cheks = implode("','", $_POST['checkbox']);
$sql = "delete from $tbl_name where course_code in ('$cheks')";
$result = mysql_query($sql) or die(mysql_error());
mysql_close();
?>
Note:
Since mysql_ will deprecate on future, better is use mysqli extension. But before use that, you have to enable it on your server. mysqli is a part of php and newer version of php has it but not enabled. To enable this, view php info page and find the path of php.ini file in "Loaded Configuration File" row on that page.
You can see php info page by loading below php file in the browser:
<?php
phpinfo();
?>
open that php.ini file in a text editor and un-comment or add a line extension=php_mysqli.dll at the extensions list there.
also search for "extension_dir" and open the directory it says and make sure php_mysqli.dll file is there.
(you may have .so extension if you not use windows OS)
Then restart your server and you are done!
By Fred -ii-
Using mysqli_ with prepared statements is indeed a better and
safer method. However, some will even suggest PDO, but even PDO
doesn't have some of the functionalities that mysqli_ offers;
strangely that. Even PDO needs sanitization. Many think that using PDO will solve injection issues, which is false.
-Thanks Fred.
try this code. it is working well.
connection.php
<?php $hostname_conection = "localhost"; /* this is the server name(assigned to variable) which is localhost since it runs on local machine */
$database_conection = "company"; /* this is the database name( assigned to variable)*/
$username_conection = "root"; /* user name (assigned to variable)*/
$password_conection = ""; /*password (assigned to variable) */
$conection = mysql_connect($hostname_conection, $username_conection, $password_conection) or trigger_error(mysql_error(),E_USER_ERROR); /* Mysql_connect function is used to conncet with database it takes three parameters server/hostname, username,and password*/
mysql_select_db($database_conection,$conection) or die(mysql_error("could not connect to database!")); /* Mysql_select is used to select the database it takes two parameters databasename and connection variable in this case $conection */
?>
multiple_delete.php
<?php require_once('conection.php'); ?>
<?php
in
/* now to display the data from the database which we inserted in above form we */ /* we make the query to select data from the table EMP */
$display = "select * from test_mysql";
$result = mysql_query($display, $conection) or die(mysql_error()); /* the query is executed and result of the query is stored in variable $result */
if ($result == FALSE) {
die(mysql_error()); /* displays error */
} ?> <h1 align="center"> Displaying Recods in Table </h1>
<form method="get" action="" id="deleteform" >
<table width="245" border="1" align="center">
<tr>
<td width="51">
<input type="submit" name="delete" id="button" value="delete" onclick="document.getElementById('deleteform').action = 'delete.php';document.getElementById('deleteform').submit();"/> <!--- here on clicking the button the form is submitted and action is set to delete.php Here we have used javaScript document refers to this whole page and now we can access any tag that has its id with help of getElementById() method and after the we specify the operation we want to perform in this case action and submit. --->
</td>
<td width="50">id</td>
<td width="55">name</td>
<td width="47">lastname</td>
</tr>
<?php
while ($rows = mysql_fetch_array($result))
{ /* here we make use of the while loop which fetch the data from the $result int array form and stores in $row now we can display each field from the table with $row[‘field_name’] as below */
?>
<tr>
<td>
<input type="checkbox" name="empids[]" value="<?php echo $rows['id']; ?>" /> <!--here with each checkbox we send the id of the record in the empids[] array --->
</td>
<td>
<?php echo $rows['id'] ?>
</td>
<td>
<?php echo $rows['lastname'] ?>
</td>
<td><?php echo $rows['name'] ?></td>
<?php } ?>
</tr>
</table>
</form> ?>
</body>
</html>
delete.php
<?php
require_once('conection.php');
?>
<?php
if (isset($_GET['delete'])) /* checks weather $_GET['delete'] is set*/
{
if (isset($_GET['empids'])) /* checks weather $_GET['empids'] is set */
{
$checkbox = $_GET['empids']; /* value is stored in $checbox variable */
if (is_array($checkbox))
{
foreach ($checkbox as $key => $your_slected_id) /* for each loop is used to get id and that id is used to delete the record below */
{
$q="DELETE FROM test_mysql WHERE id=$your_slected_id "; /* Sql query to delete the records whose id is equal to $your_slected_id */
mysql_query($q,$conection) ; /* runs the query */
}
header("location:multiple_delete.php"); /* Goes back to index.php */
}
} else
{
echo" you have not selected reords .. to delete";
}
} ?>
$sql = "SELECT * FROM blacklist";
$result = $link->query($sql);
$count=mysqli_num_rows($result);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc())
{
echo "<table>";
echo "<th>";
echo "<td>" . "ID: " . $row["id"]."</td>";
echo "<td>" . " Dial Target: " . $row["dial_target"]."</td>";
echo "<td>" . " Destination: " . $row["pozn"]."</td>";
echo "<td>" . " Date: " . $row["block_date"] . "</td>";
echo "<td>" . "<div class='background' style='position: relative; top:8px;'>" . "<form>" . "<input action='index.php' method='post' type='checkbox' name='chechbox[]' value='".$row["id"]."'/>" ."</form>" . "</div>" . "</td>";
echo "</th>";
echo "</table>";
echo "</br>";
}
}
else
{
echo "0 results";
}
if(isset($_POST['Delete']))
{
for($i=0;$i<$count;$i++)
{
$del_id = $checkbox[$i];
$del = "DELETE FROM blacklist WHERE Delete='$del_id'";
$result = $link->query($del);
}
if($result)
{
echo "<meta http-equiv=\"refresh\" content=\"0;URL=index.php\">";
}
}
<!-- DELETE BUTTON -->
<form>
<input type='Submit' id="Delete" value='Delete' name='Delete'/>
</form>
<?php
$args1 = array(
'role' => 'Vendor',
'orderby' => 'user_nicename',
'exclude' => $user_id.',1',
'order' => 'ASC'
);
$subscribers = get_users($args1); foreach ($subscribers as $user) {
$fvendorck = $wpdb->get_row("select * from wp_vandor where parent_id = '".$user_id."' and child_id = '".$user->id."'");
$isfavvendor = $fvendorck->child_id;
if(!empty($isfavvendor)) {
?>
<li><input type="checkbox" id="listID" value='<?php echo $user->id; ?>' name="chk1[]" checked=""/><?php echo $user->headline; ?></li>
<?php }else{ ?>
<li><input type="checkbox" id="listID" value='<?php echo $user->id; ?>' name="chk1[]" /><?php echo $user->headline; ?></li>
<?php } }?>
</ul>
I have a db table called 'ice_flavours' with the columns: 'id', 'flavours', 'date', 'selected'.
and another table called 'ice_today' like: 'id', 'flavours', 'date', 'selected'.
Now, on the left of the page I want to call from 'ice_flavours' and print the entries in a form together with a checkbox.
On the right of the page it shall say SHOWCASE where I want the todays selected flavours to be shown and they shall just stay in there until the end of today´s date and then automatically be discarded. Also when they were selected to show in SHOWCASE, i want them to not show on the left side.
So, when I select the checkbox next to a flavour, the values 'id', 'flavours', 'date', 'selected' ought to be entered into 'ice_today' but for some reason just always the last row of the ice_flavours table is entered and i get the message "Duplicate entry '0' for key 'PRIMARY'"
Maybe this can all be done by just using a single db table but I havent figured it yet. Can someone help please
edit.php:
<?php ob_start();
include_once("dbinfo.inc.php");
include_once("config.php");
if(isset($_POST['submit'])){
$selected = $_POST['selected'];
$id = $_POST['id'];
$flavour = $_POST['flavour'];
$date = $_POST['date'];
if($_POST["submit"] == "submit") {
for($i=0;$i<sizeof($selected);$i++) {
if(!empty($flavour)) {
echo"";
echo "<pre>";
print_r($_POST);
echo "</pre>";
$query="INSERT INTO ice_today VALUES('$id','$flavour','$date','$selected[$i]')";
mysql_query($query) or die(mysql_error());
}
}
echo "Entry added";
}
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<head>
<title>Edit</title>
</head>
<body>
<form name="form1" id="form1" method="POST" action="edit.php">
<table border="1" width="200px">
<td>
<table border="1" width="200px">
<?php
$result = mysql_query("SELECT * FROM ice_flavours WHERE ('selected' != '1') ORDER BY flavour ASC");
$results = mysql_num_rows($result);
if ($results > 0)
{
$num=mysql_numrows($result);
$i=0;
while ($i < $num)
{
$id=mysql_result($result,$i,"id");
$flavour=mysql_result($result,$i,"flavour");
?>
<tr>
<td align="center" valign="middle">
<?php echo $flavour; ?>
<input type="text" name="id" id="id" value="<?php echo $id; ?>">
<input type="text" name="flavour" id="flavour" value="<?php echo $flavour; ?>">
<input type="text" name="datum" id="datum" value="<?php echo date('Y-m-d'); ?>">
<input type="checkbox" name="selected[]" id="selected" value="<?php echo '1'; ?>">
</td></tr>
<?php
$i++;
}
?>
<input type="submit" value="submit">
<?php } ?>
</td>
<td>
<table border="1" width="200px">
<tr><td align="center" valign="middle">
SHOWCASE
</td></tr>
<?php
include_once("dbinfo.inc.php");
include_once("config.php");
$result2 = mysql_query("SELECT * FROM ice_today ORDER BY flavour ASC");
$results2 = mysql_num_rows($result2);
if ($results2 > 0)
{
$num2=mysql_numrows($result2);
$j=0;
while ($j < $num2)
{
$id=mysql_result($result2,$j,"id");
$flavour=mysql_result($result2,$j,"flavour");
?>
<tr><td align="center" valign="middle">
<?php echo $flavour; ?>
</td></tr>
<?php
$j++;
}
}
echo '</td></tr></table>';
?>
</body>
</html>
<?php ob_end_flush(); ?>
Please take a look at the MySQL Reference Manual. You need to specify each column in your INSERT statement:
$query="INSERT INTO ice_today(id, flavours, date, selected) VALUES('$id','$flavour','$date','$selected[$i]')";
I also suggest you to not use the original MySQL-extension anymore, as it is deprecated as of PHP 5.5.x. When using another MySQL extension (MySQLi or PDO for instance: mysqli or PDO - what are the pros and cons?) you can also use prepared statements to become safe against SQL injections (which you aren't right now).
POST-values can be manipulated and as you just feed them into your query via string concatenation, you're not safe against them.
If the field for ID is an autoincrement field, you need to leave it off the insert because the db server will determine the value itself. You should list the fields being inserted, and leave that one off:
$query="INSERT INTO ice_today (flavours, date, selected) VALUES('$flavour','$date','$selected[$i]')";
Listing the fields you are inserting to also prevents insert statements from breaking when you add new fields later. So its good practice to start now.
There are lots of issues in your code.
You text boxes having same name with different values if there are two flavors.
Therefore flavor or id will be always from last row.
You can do something like this.
1.Replace your text boxes with this,
<input type="text" name="id_<?php echo $id; ?>" value="<?php echo $id; ?>">
<input type="text" name="flavour_<?php echo $id; ?>" value="<?php echo $flavour; ?>">
<input type="text" name="datum_<?php echo $id; ?>" value="<?php echo date('Y-m-d'); ?>">
<input type="checkbox" name="selected[]" value="<?php echo $id; ?>">
2.Replace your top if block (i.e. after submit)
if (isset($_POST['submit']) && $_POST["submit"] == "submit") {
$selected = $_POST['selected'];
for($i=0; $i < sizeof($selected); $i++) {
$id = $selected[$i];
$flavour = $_POST['flavour_' . $id];
$date = $_POST['date_' . $id];
$query="INSERT INTO ice_today VALUES('$id','$flavour','$date','$id')";
mysql_query($query) or die(mysql_error());
}
}
Hi I have the following as my login script. (The script is not yet sanitized.) But I have an issue here. Once a successful log in attempt is made I need to echo the loggedUser but the information doen't get printed once echoed. Can someone pls help me understand where I have gone wrong?
Code as follows;
<?php
SESSION_start();
?>
<!doctype html>
<html>
<head></head>
<body>
<div>
<?php
include ("connect_db/index.php");
if(isset($_SESSION['loggedUser']))
{
echo '<div>User :'.$_SESSION['loggedUser'].'</div>';
}
else
{
echo "
<div id='u2'>
<form name='form1' method='post' action='''>
<table border='1'>
<tr>
<td>User Name: </td>
<td><label for='textfield'></label>
<input type='text' name='UnameZoom' id='UnameZoom' class='txss'></td>
<td> Password: </td>
<td><label for='txss'></label>
<input type='password' name='PwordZoom' id='PwordZoom' class='txss'></td>
<td> <input type='submit' name='loggedUser' id='loggedUser' class='mylog' value='Login'></td>
</tr>
</table>
</form>
<p> </p>
<p> </p>
</div>";
if(isset($_POST['loggedUser']))
{
$un = $_POST['UnameZoom'];
$pw = $_POST['PwordZoom'];
if($un=='' || $pw == '')
{echo "Empty fields"; return;}
$SQLSz = "SELECT pword FROM users WHERE username='$un'";
$rVz = mysqli_query($db,$SQLSz) or die ("SQL Error!!!");
$roVz = mysqli_fetch_array($rVz);
if($pw == $roVz['pword'])
{
$result = mysqli_query($db,"SELECT Lname AS Lna FROM users WHERE username='$un'");
$row11 = mysqli_fetch_assoc($result);
$sum = $row11['Lna'];
$_SESSION['loggedUser'] = $sum;
echo $_SESSION['loggedUser'];
}
else
{
echo "No user found";
}
}
}
?>
<div></body></html>
I think problem is in your variable. It can be array but u cant echo array. try dump your variable with var_dump.
As already mentioned - SESSION_start() shall be session_start()
Try another statement for displaying your SESSION array - for example:
echo '<pre>';
print_r($_SESSION);
echo '</pre'>;
This will show you all session keys in a nice and readable way