I have a list of user for a site, mainly using a unique ID for each members.
I need to have a button after each name to delete or modify but i can't find how to do it properly, here's the code !
$result = mysql_query("SELECT * FROM users ORDER BY ID_Usager");
while($row = mysql_fetch_array($result))
{
echo "<form method='post'>";
echo "<tr>";
echo "<td>" . $row['Pseudo'] . "</td>";
echo "<td>" . $tempID . "</td>";
echo "<td>" . $row['Email'] . "</td>";
echo "<td>" . $row['Status'] . "<input type='submit' name='delete[" . $tempID . "]' value='Delete'> <input type='submit' name='modify[" . $tempID . "]' value='Modify'> </td>";
echo "</tr>";
echo "</form>";
}
(I have skipped some table code..)
So this show as :
Vincent 25625 [DELETE] [MODIFY]
So what I was think, when i click submit, it reload the page, i look if the Post Delete[] is empty, or modify is empty, ...
if(!empty($_POST['delete']))
{
$test[] = $_GET['delete[]']; ---- LINE 163 ERROR...
//Delete from blablabla userID = $test;
}
else
{
... check for modify then blablabla.
}
But its not working, i get an error.
Notice: Undefined index: delete[] in C:\wamp\www\VMAD\admin_usagers.php on line 163
The [] is the problem. It should be
$test = $_POST['delete'];
Related
I am not sure if this is possible. What i want to do is create a new table every time a user submits a form. So far i have created my form and also insert these values into a database. I am able to echo a table of what was submitted. However, every time this form is submitted i want it to create a separate table with the new info. So it would show the previous form submission in one table and the newly submitted form data in another. How do i do this? Thank you
This is my PHP code for inserting and selecting the table:
$connect=mysql_connect('localhost','root','');
$db=mysql_select_db('dialogue');
if($connect)
{
$sql="INSERT INTO dialogue(english1,english2,english3,english4,english5,english6,english7,english8,english9,english10,english11,english12,english13,english14,english15,english16,english17,english18,english19,english20,sanskrit1,sanskrit2,sanskrit3,sanskrit4,sanskrit5,sanskrit6,sanskrit7,sanskrit8,sanskrit9,sanskrit10,sanskrit11,sanskrit12,sanskrit13,sanskrit14,sanskrit15,sanskrit16,sanskrit17,sanskrit18,sanskrit19,sanskrit20) VALUES($english1,$english2,$english3,$english4,$english5,$english6,$english7,$english8,$english9,$english10,$english11,$english12,$english13,$english14,$english15,$english16,$english18,$english19,$english20,$sanskrit1,$sanskrit2,$sanskrit3,$sanskrit4,$sanskrit5,$sanskrit6,$sanskrit7,$sanskrit8,$sanskrit9,$sanskrit10,$sanskrit11,$sanskrit12,$sanskrit13,$sanskrit14,$sanskrit15,$sanskrit16,$sanskrit18,$sanskrit19,$sanskrit20)";
$query=mysql_query($sql);
if($query)
{
$sql="SELECT * FROM dialogue";
$query=mysql_query($sql);
if($query)
{
echo "<table border=1>";
echo "<tr><th>English</th><th>Sanskrit</th><th>Root</th></tr>";
while($row=mysql_fetch_array($query))
{
{
echo "<tr>";
echo "<td>" . $row['english1'] . "</td>";
echo "<td>" . $row['sanskrit1'] . "</td>";
echo "<td>" . $row['english11'] . "</td>";
echo "<td>" . $row['sanskrit11'] . "</td>";
echo "<td>" . $row['english2'] . "</td>";
echo "<td>" . $row['sanskrit2'] . "</td>";
echo "<td>" . $row['english12'] . "</td>";
echo "<td>" . $row['sanskrit12'] . "</td>";
echo "</tr>";
}
echo "</table>";
}
}
}
}
}
?>
I am a beginner to web development and am just wondering how I can store the values of a table row and use them on another page.
At the moment I am retrieving values from a database and putting them into a table. Each row has a submit button which should take them to a pay.php page where it should list the details of the particular row that they selected to pay.
while($row = mysql_fetch_array($result))
{
echo "<td>" . $row['P_name'] . "</td>";
echo "<td>" . $row['P_amount'] . "</td>";
echo "<td>" . $row['P_dateStart'] . "</td>";
if(is_null($row['P_datePaid'])){
echo "<td>Not Paid</td>";
}
else{
echo "<td>" . $row['P_datePaid'] . "</td>";
}
if($row['P_status'] == 0){
echo "<td bgcolor='#FF0000'>" . $row['P_status'] . "</td>";
}
else{
echo "<td bgcolor='#00FF00'>" . $row['P_status'] . "</td>";
}
echo "<td><form name = 'viewMore' action = 'viewMore.php'><input type = 'submit' value = 'View More'></form></td>";
echo "<td><form name = 'pay' action = 'pay.php'><input type = 'submit' value = 'Pay'></form></td>";
echo "</tr>";
}
echo "</table>";
?>
You can add the record ID (assuming in my example that is P_id) in the form like this. I also added method='post' to avoid someone to try pay.php?id=... :
echo "<td><form name = 'pay' action = 'pay.php' method='post'>
<input type='hidden' name='id' value='" . $row['P_id'] . "'>
<input type = 'submit' value = 'Pay'></form></td>";
And then in pay.php using $_POST["id"] to query the table and retrieve the data.
You can google PHP Session
Here is an example.
session_start();
// store session data
$_SESSION['views']=1;
on another page you can use
echo "Pageviews=". $_SESSION['views'];
and I think your requirement is not releted to session.
Do you know how to use the form?
You should post the data of the certain line to the page you want.
And you can get the in _POST['XXXX'];
I am stuck on a script and need another pair of eyes to see if I am missing something. The script is for a bookshop. When a student number is in-putted and searched for the student is displayed with the books that he is suppose to get for each subject. The student, course and book data comes from a MySQL database.
This is all done with this script:
<?php
if (isset($_POST['submit'])){
$btnClick = $_POST['submit'];
switch($btnClick){
case "Logout" :
session_destroy();
header("location:index.php");
break;
case "Search" :
$Validate = $_POST['txtStud'] ;
$StudNr = ValidateTxt($Validate);
$showStud = findStud($StudNr);
$cid = $showStud[4];
$showBooks = findBooks($cid);
echo "<form action='issue_book.php' method='post'>";;
echo "<table class='table3'>";
echo "<tr>";
echo "<td>" . $showStud[0] . " " . $showStud[1] . " " . $showStud[2] ."</td>";
echo "</tr>";
echo "<tr><td></td><td>" . $showStud[3] . "</td></tr>";
$array_count = count($showBooks);
$num = 0;
while ($num != $array_count) {
$bookNum = $showBooks[$num]['bid'];
echo $bookNum . "<br>";
echo "<tr><td>" . $showBooks[$num]['bid'] . "</td>" . "<td>" . $showBooks[$num]['bname'] . "</td>" ;
echo "<td><input type='checkbox' name='booknum[]' value='<?php echo $bookNum; ?>'></td></tr>";
$num++;
}
echo "</table>";
echo "<br>";
echo "<table class = 'table3'>";
echo "<tr><td></td><td><input type='submit' name='submit' value='Issue'></td>
<td><input type='submit' name='submit' value='Clear'></td></tr>";
echo "</form>";
break;
case "Issue":
$mybooks = $_POST['booknum'];
$h = count($mybooks);
echo $h . "<br>";
print_r ($mybooks);
break;
}
}
?>
At the bottom of the dynamic created data there is 2 buttons. When I click on the Issue button I am presented with this data.
This comes from the code as it is in the script at this moment. I want to send the data from here to the database.
Array ( [0] => [1] => [2] => )
An empty array?? Not sure what happened to the names that I assigned each check box??
I tried to adapt my script according to this forum post Check box link
I am not sure where I am missing something.
This is because you have a syntax error here
echo "<td><input type='checkbox' name='booknum[]' value='<?php echo $bookNum; ?>'></td></tr>";
^php tags are opened ^
You are already printing your table inside php tags, you cannot open other tags
value='<?php echo $bookNum; ?>
This is why your array's values are empty but keys exists. You just need to concatenate
echo "<td><input type='checkbox' name='booknum[]' value='".$bookNum."'></td></tr>";
I'm a new member of StackOverflow, and although I've been using the website for a long time, it's my first time posting a question, in a hope that someone will be able to help me. I'll start by saying that my knowledge of PHP and MySQL is basic, but what I'm trying to do isn't too complex in my opinion, so hopefully I won't be asking for much. I've done a lot of prior research, but I just couldn't find the right answer.
In short, this is what I'm trying to do:
I've got an html form, which upon submission writes data to a database, and then publishes a table on a separate html page. With each successful submission a new table gets generated and published, while the old one gets pushed underneath. This all works fine, and I've also implemented pagination so that only 5 tables are visible per page.
What I'd like to be able to do is allow people to ONLY view/display results (tables) based on a specific criteria, in this case "rating", by selecting a rating from a drop-down on the page where tables are published. Rating is one of the fields in my form which gets submitted to a database and then published in one of the rows in a table.
Below is the code which publishes tables. Thanks in advance for your help!
<?php
include('dbconnect.php');
mysql_select_db("vtracker", $con);
$result = mysql_query("SELECT * FROM userdata");
$age = "Age:";
$rating = "Rating:";
$country = "From:";
$name = "Name:";
while($row = mysql_fetch_array($result))
{
echo "<table id='mft_table' cellspacing='0'>";
echo "<tbody>";
echo "<tr>";
echo "<td class='row1'>" .$name . " " . $row['personsname'] . "</td>";
echo "<td rowspan='4'>";
echo "<div class='mft_column'>" . $row['mft'] . "</div>";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row2'>" . $country . " " . $row['nationality'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row3'>" . $age . " " . $row['personsage'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row4'>" . $rating . " " . $row['rating'] . "</td>";
echo "</tr>";
echo "</tbody>";
echo "<br>";
echo "</table>";
}
?>
for both true and false use can add thid in your code:
if($_POST['rating_dropdown']!='')
{
$temp_rating = $_POST['rating_dropdown'];
$query=mysql_query("SELECT * FROM userdata WHERE rating = '$temp_rating'");
}
else
{
$query=mysql_query("SELECT * FROM userdata");
}
Dunno if this works, it's just a hinch. haha.
It will see if the rating is true(not null), if it's true it will echo the results.
while($row = mysql_fetch_array($result))
{
if ($rating)
echo "<table id='mft_table' cellspacing='0'>";
echo "<tbody>";
echo "<tr>";
echo "<td class='row1'>" .$name . " " . $row['personsname'] . "</td>";
echo "<td rowspan='4'>";
echo "<div class='mft_column'>" . $row['mft'] . "</div>";
echo "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row2'>" . $country . " " . $row['nationality'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row3'>" . $age . " " . $row['personsage'] . "</td>";
echo "</tr>";
echo "<tr>";
echo "<td class='row4'>" . $rating . " " . $row['rating'] . "</td>";
echo "</tr>";
echo "</tbody>";
echo "<br>";
echo "</table>";
}
}
Once the dropdown gets selected and posted to your display page, use this code:
$temp_rating = $_POST['rating_dropdown'];
mysql_query("SELECT * FROM userdata WHERE rating = '$temp_rating'");
Keep in mind, however, that you should be using PDO or mysqli extension, not the mysql extension. According to PHP's website:
This extension is deprecated as of PHP 5.5.0, and will be removed in
the future. Instead, the MySQLi or PDO_MySQL extension should be used.
See also MySQL: choosing an API guide and related FAQ for more
information.
Another (basic) question here. I need to know how to use html forms to filter the results of a mysql query using PHP. I have been looking at w3schools and I can see how using $_POST on one page can output to another page. But I cannot see exactly how to put the $_POST into my query. For example I have one page as below:
<form action="orderlist.php" method="post">
OrderNo: <input type="int" name="order_no" />
<input type="Submit" />
</form>
This is a page where the user can enter an order_no and click submit, which links to the 'orderslist.php' page. On that page I have the following code:
$result = mysql_query("SELECT * FROM orders");
echo "<table border='5'>
<tr>
<th>order_no</th>
<th>ord_date</th>
<th>est_completion_date</th>
<th>status</th>
<th>invoice_date</th>
<th>inv_amount</th>
<th>name</th>
<th>fName</th>
<th>lName</th>
</tr>";
// -- Use 'while' to check each row in $result in turn:
while($row = mysql_fetch_array($result))
{
echo "<tr>";
echo "<td>" . $row['order_no'] . "</td>";
echo "<td>" . $row['ord_date'] . "</td>";
echo "<td>" . $row['est_completion_date'] . "</td>";
echo "<td>" . $row['status'] . "</td>";
echo "<td>" . $row['invoice_date'] . "</td>";
echo "<td>" . $row['inv_amount'] . "</td>";
echo "<td>" . $row['name'] . "</td>";
echo "<td>" . $row['fName'] . "</td>";
echo "<td>" . $row['lName'] . "</td>";
echo "</tr>";
}
echo "</table>";
This outputs everything from 'orders' into a table, but I want it to only output the row with the order_no that the user entered on the previous page. How do I do this? Is it something like:
$result = mysql_query("SELECT * FROM orders WHERE order_no = $_POST[order_no]");
Thank a lot
For starters, you should switch to PDO or mysqli -- the mysql_* functions are in the process of deprecation.
On to your question: yes, that's how you do it, with a WHERE clause. However, it is very (very very very) insecure to concatenate a variable directly out of $_POST without sanitation.
That said, at a minimum you should do this:
mysql_query('SELECT * FROM orders WHERE order_no = '.mysql_real_escape_string($_POST[order_no]));
Another thing... don't use SELECT *. You should always list the columns you expect to get from the database -- that way, if there is a problem (like the columns have changed), the query can let you know. With SELECT * you get back a magical grab-bag of data -- you have no idea what it is, and more importantly, if it has the values your code relies on.
So, putting it together:
$pdo = new PDO("mysql:host=localhost;dbname=database", '-username-', '-password-');
$sth = $pdo->prepare('
SELECT
`order_no`,
`ord_date`,
`est_completion_date`,
`status`,
`invoice_date`,
`inv_amount`,
`name`,
`fName`,
`lName`
FROM
orders
WHERE
order_no = :order_no
');
$sth->execute(array(':order_no'=>$_POST[order_no]));
while ($order= $sth->fetch()) {
echo "<tr>";
echo "<td>" . $order->order_no . "</td>";
echo "<td>" . $order->ord_date . "</td>";
echo "<td>" . $order->est_completion_date . "</td>";
echo "<td>" . $order->status . "</td>";
echo "<td>" . $order->invoice_date . "</td>";
echo "<td>" . $order->inv_amount . "</td>";
echo "<td>" . $order->name . "</td>";
echo "<td>" . $order->fName . "</td>";
echo "<td>" . $order->lName . "</td>";
echo "</tr>";
}
Edit: One last note, the input you're using is not valid; type="int" is not a recognized input type. Here's a list of types for HTML 4, and a list for HTML 5:
As you can see, HTML 5 does have a new input type "number". It is not fully adopted, but if you wanted to use it:
<input type="number" name="order_no" />
Be aware, however, that not all browsers will restrict the input to numeric: http://caniuse.com/#feat=input-number
Documentation
mySql SELECT - http://dev.mysql.com/doc/refman/5.0/en/select.html
mysql_query (DEPRECATED) - http://php.net/manual/en/function.mysql-query.php
PDO - http://www.php.net/manual/en/book.pdo.php
PDO::prepare - http://www.php.net/manual/en/pdo.prepare.php
PDOStatement::fetch - http://www.php.net/manual/en/pdostatement.fetch.php
PDOStatement::execute - http://www.php.net/manual/en/pdostatement.execute.php
Without injection vulnerability (require 'mysql_connect' before) :
if(isset($_POST['order_no']))
{
$orderNo = mysql_real_escape_string($_POST['order_no']);
$result = mysql_query("SELECT * FROM orders WHERE order_no = $orderNo");
echo "<table border='5'>";
echo " <tr>";
echo " <th>order_no</th>";
echo " <th>ord_date</th>";
echo " <th>est_completion_date</th>";
echo " <th>status</th>";
echo " <th>invoice_date</th>";
echo " <th>inv_amount</th>";
echo " <th>name</th>";
echo " <th>fName</th>";
echo " <th>lName</th>";
echo " </tr>";
if(mysql_num_rows($result) == 0)
{
echo '<tr><td colspan="9">Order not found</td></tr>';
}
else
{
while($row = mysql_fetch_assoc($result))
{
echo "<tr>";
echo " <td>" . $row['order_no'] . "</td>";
echo " <td>" . $row['ord_date'] . "</td>";
echo " <td>" . $row['est_completion_date'] . "</td>";
echo " <td>" . $row['status'] . "</td>";
echo " <td>" . $row['invoice_date'] . "</td>";
echo " <td>" . $row['inv_amount'] . "</td>";
echo " <td>" . $row['name'] . "</td>";
echo " <td>" . $row['fName'] . "</td>";
echo " <td>" . $row['lName'] . "</td>";
echo "</tr>";
}
}
echo "</table>";
}
Try this:
$orderNumber = mysql_real_escape_string($_POST['order_no']);
$result = mysql_query("SELECT * FROM orders WHERE order_no = $orderNumber");
This takes the value of $_POST['order_no'] and somewhat sanitizes it. You then apply the value of $orderNumber to MySQL.
However, you're much better off using PDO or MySQLi. Both protect you (if used correctly) from SQL injection. Currenly, your code is VERY prone to SQL injection.
Your form should be something like this:
<form action="orderlist.php" method="post">
OrderNo: <input type="text" name="order_no" />
<input type="Submit" value="Submit"/>
</form>
To get any value that is typed by user in the form you should use type="text".
There is nothing like type="int" in standard HTML.
Don't get confused, the Input TYPE in HTML is not the same as one you use in Programming languages to declare Data type. Here TYPE is just to let the browser know that its a text field / Radio Button etc.
To understand Valid Input Types better read this w3.org recommendation on HTML forms.
On orderlist.php you can query to retrieve the required data:
if(isset($_POST['order_no'])) {
$orderNo = mysql_real_escape_string($_POST['order_no']);
$result = mysql_query("SELECT * FROM orders WHERE order_no = $orderNo");
while($row = mysql_fetch_array($result)) {
//code to print table.
}
}
Note:
This type of code is Vulnerable to easy attacks, and it is never recommended to put user input directly into SQL query, it should always be filtered first.