I have a link/page 'myfiles.php' which shows the details of the file that a certain user uploaded. But after clicking again/entering the 'myfiles.php' into the address bar, the records are gone in the page. What's supposed to be the solution? Please help. Thanks. Here's my code:
while ($row=mysql_fetch_array($query)) {
$row1 = $row['name'];
$row2 = $row['size'];
$row3 = $row['type'];
$delfile = "<a href='deletefile.php?file=$row1'>Delete file</a>";
$dlfile = "<a href='download.php?file=$row1'>Download</a> ";
echo "<p>";
echo $row1;
echo "<br>";
echo $row2;
echo "<br>";
echo $row3;
echo "<br>";
echo $dlfile;
echo $delfile;
}
Are you using some sort of browsing accelerator and donĀ“t you have a deletion confirmation?
It seems your browser is requesting all links on your page and deleting your records.
If you want to delete, insert, update, etc. records in a database, it is a very good idea to use POST instead of GET (like a clickable link), so you would have to add a form around every entry that posts the data to the server. You can of course skip this, but then you definitely need a POST based deletion confirmation.
I am assuming that $usersess is not changing? If this is dependent on a session or cookie - you should check that it is not expiring or being destroyed.
$query = mysql_query("SELECT * FROM uploadedfiles WHERE username='$usersess' ");
while ($row = mysql_fetch_array($query)) {
$delfile = "Delete file";
$dlfile = "Download ";
echo "<p>{$row['name']}<br>
{$row['size']}<br>
{$row['type']}<br>
{$dlfile}{$delfile}</p>";
}
Related
I am stuck. I want to make a session of the ID that belongs to a certain link. However, the code results into multiple ID's. And multiple links with different ID's coming from one code.
This is what I have:
$sql = "SELECT * FROM `lijsten` ";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
echo "<a href='lijst.php'> Naam: " . $row["naamlijst"]. " - taal: " . $row["taal"]. "</a> <br>";
}
} else {
echo "0 results";
}
$conn->close();
?
The statement gives links for all the results of the rows naamlijst and taal. But I only want to make a session of ID of the link that I click.
This is my first question on Stackoverflow. I hope someone can help me! :)
Picture of webpage
Here is the webpage, I want to store the ID of the link that I click into sessions
I am trying to delete a product listing from my shirt_types table (which is tee-shirt products). I have an administrator page that list all the items in the table along with there information. I have added a delete link at the end of the columns for each item. When I click the delete button it redirects me to the shirt_delete page like wanted, but then nothing. It includes the header, then the rest of the page is blank. I think at the very least, the header and the footer should be displayed but this is not the case. Below is the code I used is list_shirts:
$select_shirts = "SELECT shirt_type, shirt_quantity, shirt_color, price, shirt_description, photo, shirt_types_id from shirt_types order by $sort";
$exec_select_shirts = #mysqli_query($link, $select_shirts);
if(!$exec_select_shirts){
echo "The shirt types information could not be retrieved from the shirt_types table because of: ".mysqli_error($link);
mysqli_close($link);
include('footer_admin.php');
die();
} else {
echo "<div id='list_users'><table id='list_user' border='0'>";
echo "<tr>";
echo "<th><a href='".$_SERVER['PHP_SELF']."?sort=size&bool=".!$bool."'>Size</a></th>";
echo "<th><a href='".$_SERVER['PHP_SELF']."?sort=qnty&bool=".!$bool."'>Quantity</a></th>";
echo "<th><a href='".$_SERVER['PHP_SELF']."?sort=color&bool=".!$bool."'>Color</a></th>";
echo "<th><a href='".$_SERVER['PHP_SELF']."?sort=price&bool=".!$bool."'>Price</a></th>";
echo "<th><a href='".$_SERVER['PHP_SELF']."?sort=desc&bool=".!$bool."'>Description</a></th>";
echo "<th><a href='".$_SERVER['PHP_SELF']."?sort=photo&bool=".!$bool."'>Photo</a></th>";
echo "<th>Delete</th>";
echo "</tr>";
while ($one_row = mysqli_fetch_assoc($exec_select_shirts)) {
echo "<tr>";
echo "<td class='first'>".$one_row['shirt_type']."</td>";
echo "<td class='second'>".$one_row['shirt_quantity']."</td>";
echo "<td class='first'>".$one_row['shirt_color']."</td>";
echo "<td class='second'>".$one_row['price']."</td>";
echo "<td class='first'>".$one_row['shirt_description']."</td>";
echo "<td class='second'><img src='./images/".$one_row['photo']."' /></td>";
echo "<td class='first'><a href='shirt_delete.php?shirt_types_id=".$one_row['shirt_types_id']."'>Delete</a></td>";
echo "</tr>";
}
and here is the shirt_delete.php file that I am attempting to use to delete the shirts and their information from the database.
<?php
require('mysql_connect.php');
session_start();
if (isset($_SESSION['shirt_users_id']) && isset($_SESSION['full_name'])) {
$title="Delete Shirts Page";
include_once("header_admin.php");
if(!empty($_GET['shirt_types_id'])){
$shirt_types_id = $_GET['shirt_types_id'];
mysqli_query($link, "SET AUTOCOMMIT = 0");
$del_shirt_users_id = "DELETE shirt_types.*
FROM shirt_types
WHERE shirt_types_id = $shirt_types_id";
$$del_shirt_types_id = #mysqli_query($link, $del_shirt_types_id);
if(!$$del_shirt_types_id){
rollback(mysqli_error($link));
}else{
mysqli_query($link, "COMMIT");
header('refresh: 0; url=list_shirts.php');
}
}else{
echo "Problem occurred";
header('refresh: 3; url=list_shirts.php');
}
} else {
echo "You are not an authentic administrator. Being directed to the login page...";
header("Refresh: 2; url='login.php'");
}
mysqli_close($link);
require("footer.php");
die();
?>
NOTE: I understand that SQL injection is a real thing and in a real world application that this code would not suffice. But this is a part one course of a three part series. We are not to worry about sql injection at the present moment in time. Thank you everyone for your suggestions and worries about this though!
Try using, Remove shirt_types.*
$del_shirt_users_id = "DELETE FROM shirt_types
WHERE shirt_types_id = $shirt_types_id";
instead of
$del_shirt_users_id = "DELETE shirt_types.*
FROM shirt_types
WHERE shirt_types_id = $shirt_types_id";
and also, change :
$del_shirt_types_id = #mysqli_query($link, $del_shirt_types_id);
if(!$del_shirt_types_id){
instead of
$$del_shirt_types_id = #mysqli_query($link, $del_shirt_types_id);
if(!$$del_shirt_types_id){
By building SQL statements with outside variables, you are leaving yourself wide open to SQL injection attacks.
In your specific case, if someone shirt_types_id with a value of "0 or (1=1)", then the SQL that you will create will look roughly like this:
DELETE FROM shirt_types WHERE shirt_types_id = 0 or (1=1)
and since 1=1 is always true, then you will delete every shirt_types record.
Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started, and this question has many examples in detail.
I have made a website in which the users can select a value from a dropdown menu and get some information from a database. I used ajax to send the request to the database (so the page doesn't get refreshed when I send the request). Here is the part of the jquery function:
$.ajax({
type:'POST',
url:'activities_code.php',
data: {datastr:datastr, datastr1:datastr1},
success:function(response){
$("#msg").html(response);
}});}); // there are other functions before..
The results appear on the main container of the webpage. They are composed of a title and some text. I echo the title in such a way so it is a link. I also give to each element an id and a class so I can call it later. Here is the corresponding code:
echo "<table id=\"container\">";
$num_results = 0;
while ($row=mysqli_fetch_array($result, MYSQLI_ASSOC)) {
// Here the columns of title and information are printed
echo "<tr><td>";
echo "".$row['title']."";
echo "<br>";
echo $row['PK'];
echo "</td></tr>";
echo "<tr><td>";
echo $row['Information'];
echo "</td></tr>";
}
What I am trying to do now is: When I click on the title (which is a link), a new page to open in which a php script runs a query and show more information:
Here is what I have:
<?php
include('connect.php');
$query = "SELECT title,Information from activities where title='?????'";
$result = mysqli_query($dbcon, $query) or die('no available data');
echo "<table>";
$num_results = 0;
while ($row=mysqli_fetch_array($result, MYSQLI_ASSOC)) {
// Here the columns of title and information are printed
echo "<tr><td>";
echo "".$row['title']." ";
echo "</td></tr>";
echo "<tr><td>";
echo $row['Information'];
echo "</td></tr>";
// Here I sum up the number of the results
$num_results=$num_results+1;
}
?>
I am trying to find a way to put in my query, in the where clause, the name of the title that I selected:
$query = "SELECT title,Information from activities where title='?????'";
Any help would be much appreciated. Let me know if everything is clear or I didn't explain some point clearly.
Thanks.
D.
You can get the title using $_GET global variable and URL parameter. Try changing this line:
echo "".$row['title']."";
to
echo "".$row['title']."";
then you can get the title with these code:
$title = $_GET['title'];
make sure you sanitize the value first. I hope this will help you.
link:
PHP $_GET
Need to update a hitcount field in a MySQL table when a user clicks on a banner ad. Have the random ad display script working but can't figure out how to update the table when they click..assuming will have to pass the ID to Ajax but no idea how to approach it? Code is below:
include 'connection.php';
$query = "select * from ads where adtype = 'small' and status = 'yes' ORDER BY RAND() LIMIT 3";
$result = mysql_query($query) or die(mysql_error());
$num_results = mysql_num_rows($result);
if ($num_results !="0")
{
for($i=0;$i<$num_results;$i++)
{
$row = mysql_fetch_array($result);
$client = htmlspecialchars(stripslashes($row['client']));
$link = htmlspecialchars(stripslashes($row['link']));
$filename = htmlspecialchars(stripslashes($row['filename']));
$id = $row['id'];
echo "<tr>";
echo "<td>";
echo '<a href="';
echo $link;
echo '"><img src="thimg/';
echo $filename;
echo '" alt="';
echo $client;
echo '"></a>';
echo "</td>";
echo "</tr>";
}
}
Make the link point to a page which takes the ID of the ad as a parameter, something like click.php?id=the_id. Then that page can update the database, look up the link, and then you can use a header redirect to forward them on to the link. Make sure you don't output anything on that forwarding page though, or the redirect won't work.
This should get you what you need, without the need for javascript or ajax.
There's a form called discussion.php, in which a user will fill out his/her question/discussion and post it to savedisc.php. Some of the savedisc.php looks like this:
$message = $_POST['message'];
$title = $_POST['title'];
$represents = $_POST['represents'];
//connect to database
//save the content of discussion/question into the database for future use
$sql="INSERT INTO Discussion (Message, Title, Type)
VALUES
('$message','$title','$represents')";
//Display user's question/discussion again
echo $message . "<br />";
echo $title . "<br />";
echo $represents . "<br />";
It is not shown above, but I am saving the id field manually, i.e. via phpmyadmin as a auto increment and primary key of course. Therefore, all of the values in the table Discussion will have their own unique id. Once the question/discussion is saved, I want to be able to display $title of each question on wb.php as a link, which as of now looks like this(some code from wb.php):
$result = mysql_query("SELECT * FROM Discussion ORDER BY id DESC");
//When user clicks the question/discussion Title, he/she will be directed to wbcomm.php
while($row = mysql_fetch_array($result))
{
echo "<a href='wbcomm.php' >{$row['Title']}</a><br />";
}
Until here, everything is working smooth. However, from here on, what I'm trying to do is, when the user clicks the question/discussion title via above code, I want him/her to be directed to wbcomm.php?id=1, where id=1 represents the unique id of the question/discussion. Some of the code from wbcomm.php is below:
if (isset($_GET['id']))
{
//connect to db
$wbid = mysql_real_escape_string($_GET['id']);
$sql = "SELECT * FROM Discussion WHERE id = '$wbid' LIMIT 1";
$res = mysql_query($sql);
if (mysql_num_rows() > 0) {
$discussion = mysql_fetch_object($res);
//display member's question here:
echo $discussion['id'] . "<br />";
echo $discussion['Title'] . "<br />";
echo $discussion['Type'] . "<br />";
echo $discussion['Message'] . "<br />";
}
else {
// discussion does not exist with ID
}
}
However, for some reason, the result is blank. I.e. the question/discussion doesn't even show up. What am I doing wrong? Is my procedure even correct?
Thank you.
In your wb.php, you create a link to wbcomm.php but you are not passing the ID of the discussion, so your $wbid will be empty. You need to pass the ID along with the link, like this:
while($row = mysql_fetch_array($result))
{
echo "<a href='wbcomm.php?id={$row['id']}' >{$row['Title']}</a><br />";
}
Your ID column is an autoincrement int type so you do not need to put it in quotes or escape it. You should definitely test it to see if it's numeric, though.
Use this SQL mysql_num_rows($res) > 0