I am trying to update my database with a post that a user has edited in a forum. The whole edit form is functioning except for: when they click edit, the form submits and goes to the main forum page, but the database and the post don't change.
My save edit code is this:
#data preparation for the query
$id=intval($_POST['id']);
$a_id=intval($_POST['a_id']);
$question_id=intval($_POST['question_id']);
foreach ($_POST as $key => $value)
$_POST[$key] =
mysql_real_escape_string($value);
$sql = "UPDATE $tbl_name SET
a_answer='$_POST[a_answer]' WHERE
a_id='$a_id' AND
question_id='$question_id'";
if (!mysql_query($sql)) {
die('Error: ' . mysql_error()); }
mysql_close; header ("location:
main_forum.php");
?>
My code for the edit page is this:
#data preparation for the query
$id=intval($_GET['id']);
$a_id=intval($_GET['a_id']);
$question_id=intval($_GET['question_id']);
# selects title and description fields from database
$sql = "SELECT a_answer FROM $tbl_name WHERE a_id='$a_id' AND question_id='$question_id'";
$result=mysql_query($sql);
$rows=mysql_fetch_array($result);
?>
And the HTML
<h3>Edit</h3>
<form action="save_edit.php" method="get" name="myForm" />
<center>
<table>
<tr>
<td valign="top">
<b>Answer</b>
</td>
<td>
<textarea cols="80%" rows="10" name="a_answer">
<?php echo htmlspecialchars($rows['a_answer']); ?>
</textarea>
</td>
</tr>
<tr>
<td colspan="3">
<input name="a_id" type="hidden" value="<? echo $rows['a_id']; ?>">
<input name="question_id" type="hidden" value="<? echo $rows['question_id']; ?>">
<input type="submit" name="Submit" value="edit post">
<?php mysql_close(); ?>
</input>
</input>
</input>
</td>
</tr>
</table>
</center>
You are mixing up get and post. In your form you use method="get" while you use $_POST in the processing page. Change your form to method="post":
<form action="save_edit.php"
method="post" name="myForm">
PS. You shouldn't close an opening tag with />.
Related
I have outputted the results of a MySQL table to an HTML table. In the last column, I want to add a delete option which calls another form and deletes the user from the MySQL table. I can't seem to get it to work though.
This is my code for the results page:
<?php
$contacts = mysql_query("
SELECT * FROM contacts ORDER BY ID ASC") or die( mysql_error() );
// If results
if( mysql_num_rows( $contacts ) > 0 )
?>
<table id="contact-list">
<thead>
<tr>
<th>Name</th>
<th>Email</th>
<th>Telephone</th>
<th>Address</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php while( $contact = mysql_fetch_array( $contacts ) ) : ?>
<tr>
<td class="contact-name"><?php echo $contact['name']; ?></td>
<td class="contact-email"><?php echo $contact['email']; ?></td>
<td class="contact-telephone"><?php echo $contact['telephone']; ?></td>
<td class="contact-address"><?php echo $contact['address']; ?></td>
<td class="contact-delete"><form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form></td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
and, this is my delete.php script
<?php
//Define the query
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";
//sends the query to delete the entry
mysql_query ($query);
if (mysql_affected_rows() == 1) {
//if it updated
?>
<strong>Contact Has Been Deleted</strong><br /><br />
<?php
} else {
//if it failed
?>
<strong>Deletion Failed</strong><br /><br />
<?php
}
?>
I cannot figure out why this is not working.
You have to pass a variable in the delete link. You have to pass <?php echo $contact['name']; ?> (the name value) in a hidden field or pass this value in URL:
Replace
<td class="contact-delete">
<form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form>
</td>
With
<td class="contact-delete">
<form action='delete.php?name="<?php echo $contact['name']; ?>"' method="post">
<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
<input type="submit" name="submit" value="Delete">
</form>
</td>
USe javascript
<input name="Submit2" type="button" class="button" onclick="javascript:location.href='delete.php?id=<?php echo $your_id;?>';" value="« Back" />
and in delet.php
$id=$_GET['id'];
and put $id in your sql statement.
You are missing to pass name in this line:
<input type="hidden" name="name" value="">
You need to have something (<?php echo $contact['name']; ?>) in the value attribute.
BTW, do not use deprecated mysql_* functions, use PDO or mysqli_* instead.
<input type="hidden" name="name" value="">
You are missing a value which wil be picked up by this line in your delete file.
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";
Right now it isn't receiving anything, which is why it will not work.
So add a value to it and it will work. Example:
<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
First, you should not write the code in that way; the code has no protection against SQL injection.
1. Try to use primary IDs instead of using a name (what happens if 2 people has the same name?).
So, you can create a hidden field to know which 'person' you are dealing with.
<input type="hidden" name="contact_id" value="<?php $contact['contact_id']; ?>">
2. Sanitize variables to avoid attacks:
<?php $contact_id = isset($_POST['contact_id'])?intval($_POST['contact_id']):0;
// proceed with the query
if($contact_id>0) { $query = "DELETE FROM contacts WHERE contact_id = '$contact_id'";
}
// redirect to the main table with header("location: main.php");
?>
I have outputted the results of a MySQL table to an HTML table. In the last column, I want to add a delete option which calls another form and deletes the user from the MySQL table. I can't seem to get it to work though.
This is my code for the results page:
<?php
$contacts = mysql_query("
SELECT * FROM contacts ORDER BY ID ASC") or die( mysql_error() );
// If results
if( mysql_num_rows( $contacts ) > 0 )
?>
<table id="contact-list">
<thead>
<tr>
<th>Name</th>
<th>Email</th>
<th>Telephone</th>
<th>Address</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php while( $contact = mysql_fetch_array( $contacts ) ) : ?>
<tr>
<td class="contact-name"><?php echo $contact['name']; ?></td>
<td class="contact-email"><?php echo $contact['email']; ?></td>
<td class="contact-telephone"><?php echo $contact['telephone']; ?></td>
<td class="contact-address"><?php echo $contact['address']; ?></td>
<td class="contact-delete"><form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form></td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
and, this is my delete.php script
<?php
//Define the query
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";
//sends the query to delete the entry
mysql_query ($query);
if (mysql_affected_rows() == 1) {
//if it updated
?>
<strong>Contact Has Been Deleted</strong><br /><br />
<?php
} else {
//if it failed
?>
<strong>Deletion Failed</strong><br /><br />
<?php
}
?>
I cannot figure out why this is not working.
You have to pass a variable in the delete link. You have to pass <?php echo $contact['name']; ?> (the name value) in a hidden field or pass this value in URL:
Replace
<td class="contact-delete">
<form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form>
</td>
With
<td class="contact-delete">
<form action='delete.php?name="<?php echo $contact['name']; ?>"' method="post">
<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
<input type="submit" name="submit" value="Delete">
</form>
</td>
USe javascript
<input name="Submit2" type="button" class="button" onclick="javascript:location.href='delete.php?id=<?php echo $your_id;?>';" value="« Back" />
and in delet.php
$id=$_GET['id'];
and put $id in your sql statement.
You are missing to pass name in this line:
<input type="hidden" name="name" value="">
You need to have something (<?php echo $contact['name']; ?>) in the value attribute.
BTW, do not use deprecated mysql_* functions, use PDO or mysqli_* instead.
<input type="hidden" name="name" value="">
You are missing a value which wil be picked up by this line in your delete file.
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";
Right now it isn't receiving anything, which is why it will not work.
So add a value to it and it will work. Example:
<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
First, you should not write the code in that way; the code has no protection against SQL injection.
1. Try to use primary IDs instead of using a name (what happens if 2 people has the same name?).
So, you can create a hidden field to know which 'person' you are dealing with.
<input type="hidden" name="contact_id" value="<?php $contact['contact_id']; ?>">
2. Sanitize variables to avoid attacks:
<?php $contact_id = isset($_POST['contact_id'])?intval($_POST['contact_id']):0;
// proceed with the query
if($contact_id>0) { $query = "DELETE FROM contacts WHERE contact_id = '$contact_id'";
}
// redirect to the main table with header("location: main.php");
?>
<?php
$query= mysqli_query($link, "SELECT * FROM Messages");
while ($row=mysqli_fetch_assoc($query)){
$MID= $row['mesgID'];
?>
<br><br><br><center><caption><?php echo "The <strong>".$row['type']."</strong> ID: ".$row['mesgID']; ?></caption></center>
<center><table border='4'; style="border-color:darkblue;">
<tr>
<td style="width:70%; text-align:left;"><?php echo "<strong>From: </strong>".$row['email']."<br><strong>About: </strong>".$row['areaCode']; ?></td>
</tr>
<tr>
<td style="width:70%; text-align:center;"><?php echo "<strong>Message content</strong><br><br>".$row['message']."<br>"; ?></td>
</tr>
</table></center>
<form action="ContactCleanersManagementStaffSide.php" method="post">
<center>
<input class="button button3" type="submit" name="<?php echo $MID; ?>"value="DELETE" id="submit"/></center>
</form>
<br><br>
<?php
}
if(isset($_POST[$MID])){
$query = mysqli_query($link, "DELETE FROM Messages WHERE mesgID='$MID'");
}
?>
I create "delete" button with unique name for each button, but when i clicks any button -except the last button- it's not deleting, but when i click the lats button, it's deleted seccessfully.
Instead of using id as name attriute of button, i will ask you to create a hidden filed with name="mesgID" and value="<?php echo $row['mesgID']; ?>" like below:
<?php
$query= mysqli_query($link, "SELECT * FROM Messages");
while ($row=mysqli_fetch_assoc($query)){
?>
<br>
<br>
<br>
<center>
<caption><?php echo "The <strong>".$row['type']."</strong> ID: ".$row['mesgID']; ?></caption>
</center>
<center>
<table border='4'; style="border-color:darkblue;">
<tr>
<td style="width:70%; text-align:left;">
<?php echo "<strong>From: </strong>".$row['email']."<br><strong>About: </strong>".$row['areaCode']; ?>
</td>
</tr>
<tr>
<td style="width:70%; text-align:center;">
<?php echo "<strong>Message content</strong><br><br>".$row['message']."<br>"; ?>
</td>
</tr>
</table>
</center>
<form method="post">
<input type="hidden" name="mesgID" value="<?php echo $row['mesgID']; ?>">
<center>
<input class="button button3" type="submit" name="Delete" value="DELETE" id="submit"/>
</center>
</form>
<br>
<br>
<?php }
if(isset($_POST['mesgID'])){
$query=mysqli_query($link, "DELETE FROM Messages WHERE mesgID=".$_POST['mesgID']);
}
?>
Note:- Current code is wide-open for SQL INJECTION so use prepared statements
Additional Note: A 'quick' fix [only] for SQL Injection is to force type casting to integer for numeric id values.
$query=mysqli_query($link, "DELETE FROM Messages WHERE mesgID=".(int)$_POST['mesgID']);
The above is NOT a replacement for leveling up to parameterised Queries.
References:-
mysqli::prepare
PDO::prepare
It's a bad idea to directly insert the received id from POST in the statement (creates SQL injection vulnerability, you can read about SQLi's here https://www.acunetix.com/websitesecurity/sql-injection/)
I would check whether id was passed and perform the delete query before selecting and echo'ing all messages, as you would always include the message even though it was deleted (because it is being deleted afterwards).
You should add a hidden input field with name 'messageId' and pass the id as a value, then add the submit button afterwards to submit the form with the hidden value -
<form method="post">
<input type="hidden" name="messageId" value="<?= $row['mesgID']; ?>">
<center>
<input class="button button3" type="submit" value="DELETE" id="submit"/>
</center>
</form>
And in the beginning of code receive the POSTed 'messageId' variable by
if (isset($_POST['messageId'])){
$stmt = $conn->prepare("DELETE FROM Messages WHERE mesgID = ?");
$stmt->bind_param("i", $_POST['messageId']);
$stmt->execute();
}
I have outputted the results of a MySQL table to an HTML table. In the last column, I want to add a delete option which calls another form and deletes the user from the MySQL table. I can't seem to get it to work though.
This is my code for the results page:
<?php
$contacts = mysql_query("
SELECT * FROM contacts ORDER BY ID ASC") or die( mysql_error() );
// If results
if( mysql_num_rows( $contacts ) > 0 )
?>
<table id="contact-list">
<thead>
<tr>
<th>Name</th>
<th>Email</th>
<th>Telephone</th>
<th>Address</th>
<th>Delete</th>
</tr>
</thead>
<tbody>
<?php while( $contact = mysql_fetch_array( $contacts ) ) : ?>
<tr>
<td class="contact-name"><?php echo $contact['name']; ?></td>
<td class="contact-email"><?php echo $contact['email']; ?></td>
<td class="contact-telephone"><?php echo $contact['telephone']; ?></td>
<td class="contact-address"><?php echo $contact['address']; ?></td>
<td class="contact-delete"><form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form></td>
</tr>
<?php endwhile; ?>
</tbody>
</table>
and, this is my delete.php script
<?php
//Define the query
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";
//sends the query to delete the entry
mysql_query ($query);
if (mysql_affected_rows() == 1) {
//if it updated
?>
<strong>Contact Has Been Deleted</strong><br /><br />
<?php
} else {
//if it failed
?>
<strong>Deletion Failed</strong><br /><br />
<?php
}
?>
I cannot figure out why this is not working.
You have to pass a variable in the delete link. You have to pass <?php echo $contact['name']; ?> (the name value) in a hidden field or pass this value in URL:
Replace
<td class="contact-delete">
<form action='delete.php' method="post">
<input type="hidden" name="name" value="">
<input type="submit" name="submit" value="Delete">
</form>
</td>
With
<td class="contact-delete">
<form action='delete.php?name="<?php echo $contact['name']; ?>"' method="post">
<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
<input type="submit" name="submit" value="Delete">
</form>
</td>
USe javascript
<input name="Submit2" type="button" class="button" onclick="javascript:location.href='delete.php?id=<?php echo $your_id;?>';" value="« Back" />
and in delet.php
$id=$_GET['id'];
and put $id in your sql statement.
You are missing to pass name in this line:
<input type="hidden" name="name" value="">
You need to have something (<?php echo $contact['name']; ?>) in the value attribute.
BTW, do not use deprecated mysql_* functions, use PDO or mysqli_* instead.
<input type="hidden" name="name" value="">
You are missing a value which wil be picked up by this line in your delete file.
$query = "DELETE FROM contacts WHERE name={$_POST['name']} LIMIT 1";
Right now it isn't receiving anything, which is why it will not work.
So add a value to it and it will work. Example:
<input type="hidden" name="name" value="<?php echo $contact['name']; ?>">
First, you should not write the code in that way; the code has no protection against SQL injection.
1. Try to use primary IDs instead of using a name (what happens if 2 people has the same name?).
So, you can create a hidden field to know which 'person' you are dealing with.
<input type="hidden" name="contact_id" value="<?php $contact['contact_id']; ?>">
2. Sanitize variables to avoid attacks:
<?php $contact_id = isset($_POST['contact_id'])?intval($_POST['contact_id']):0;
// proceed with the query
if($contact_id>0) { $query = "DELETE FROM contacts WHERE contact_id = '$contact_id'";
}
// redirect to the main table with header("location: main.php");
?>
I want to call php function in form action and i want to pass id as a argument. What I am doing is, in html form database column values will be displayed in text boxes, If I edit those values and click 'update' button values in database should be updated and 'Record updated successfully'message should be displayed in same page. I tried below code but not working. Let me know the solution. Thanks in advance.
<html>
<head>
<link rel="stylesheet" type="text/css" href="cms_style.css">
</head>
<?php
$ResumeID = $_GET['id'];
$con = mysql_connect("localhost", "root", "");
mysql_select_db("engg",$con);
$sql="SELECT * from data WHERE ResumeID=$ResumeID";
$result = mysql_query($sql);
$Row=mysql_fetch_row($result);
function updateRecord()
{
//If(!isset($_GET['id']))
//{
$NameoftheCandidate=$_POST[NameoftheCandidate];
$TelephoneNo=$_POST[TelephoneNo];
$Email=$_POST[Email];
$sql="UPDATE data SET NameoftheCandidate='$_POST[NameoftheCandidate]', TelephoneNo='$_POST[TelephoneNo]', Email='$_POST[Email]' WHERE ResumeID=$ResumeID ";
if(mysql_query($sql))
echo "<p>Record updated Successfully</p>";
else
echo "<p>Record update failed</p>";
while ($Row=mysql_fetch_array($result)) {
echo ("<td>$Row[ResumeID]</td>");
echo ("<td>$Row[NameoftheCandidate]</td>");
echo ("<td>$Row[TelephoneNo]</td>");
echo ("<td>$Row[Email]</td>");
} // end of while
} // end of update function
?>
<body>
<h2 align="center">Update the Record</h2>
<form align="center" action="updateRecord()" method="post">
<table align="center">
<input type="hidden" name="resumeid" value="<? echo "$Row[1]"?>">
<? echo "<tr> <td> Resume ID </td> <td>$Row[1]</td> </tr>" ?>
<div align="center">
<tr>
<td> Name of the Candidate</td>
<td><input type="text" name="NameoftheCandidate"
size="25" value="<? echo "$Row[0]"? >"></td>
</tr>
<tr>
<td>TelephoneNo</td>
<td><input type="text" name="TelephoneNo" size="25" value="<? echo "$Row[1]"?>"></td>
</tr>
<tr>
<td>Email</td>
<td><input type="text" name="Email" size="25" value="<? echo "$Row[3]"?>">
</td>
</tr>
<tr>
<td></td>
<td align="center"><input type="submit" name="submitvalue" value="UPDATE" ></td>
</tr>
</div>
</table>
</form>
</body>
</html>
try this way
HTML
<form align="center" action="yourpage.php?func_name=updateRecord" method="post">
PHP
$form_action_func = $_POST['func_name'];
if (function_exists($form_action_func)) {
updateRecord();
}
write form action="" and then write your php code as below
note : use form method as get
<?php
if(isset($_GET['id']))
{
call your function here
}
?>
in function access all values using $_GET['fieldname']
simple way make your "Submit " and "Update" action performed on same page then
if(isset($_POST['update']))
{
//perform update task
update($var1,var2,$etc); // pass variables to function
header('Location: http://www.example.com/');// link to your form
}
else if(isset($_POST['submit']))
{
//perform update task
submit($var1,$var2,$etc);// pass variables to function
header('Location: http://www.example.com/'); // link to next page after submit successfully
}
else
{
// display form
}