i looking some help and nice attention here..
i bought some php script many years ago and now no suport anymore... i just want to add md5 to password field..
here my form:
<?php
$SQL = "SELECT * from USERS WHERE USERNAME = '$_SESSION[username]'"; $result = #mysql_query( $SQL ); $row = #mysql_fetch_array( $result );
include 'menu.php';
?>
<FORM METHOD="post" ACTION="?page=query_client">
<INPUT TYPE="hidden" NAME="controller" VALUE="USERS~update~account_details&up=1~<?php echo $row[ID]; ?>">
<TABLE CLASS="basictable">
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Username</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<b><?php echo $row[USERNAME]; ?></b>
</TD>
</TR>
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Password *</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<INPUT TYPE="PASSWORD" NAME="PASSWORD" SIZE="40" VALUE="<?php echo $row[PASSWORD]; ?>">
</TD>
</TR>
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Email Address *</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<INPUT TYPE="text" NAME="EMAIL" SIZE="40" VALUE="<?php echo $row[EMAIL]; ?>">
</TD>
</TR>
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Full Name *</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<INPUT TYPE="text" NAME="FULLNAME" SIZE="40" VALUE="<?php echo $row[FULLNAME]; ?>">
</TD>
<TR>
<TD CLASS="tdmenu" WIDTH="40%">Address *</TD>
<TD CLASS="tdmenu" WIDTH="60%">
<INPUT TYPE="text" NAME="ADDRESS1" SIZE="40" VALUE="<?php echo $row[ADDRESS1]; ?>">
</TD>
</TR>
<BR>
<TABLE CLASS="basictable">
<TR>
<TD CLASS="tdhead2" >
<DIV ALIGN="CENTER"><B>
<INPUT TYPE="submit" NAME="Submit" VALUE="Submit">
</B></DIV>
</TD>
</TR>
</TABLE>
</FORM>
and the
it self as query_client.php inside look like:
<?PHP
#session_start();
$controller = $_POST['controller'];
$pieces = explode("~", $controller);
$table = $pieces[0];
$qt = $pieces[1];
$return = $pieces[2];
$id = $pieces[3];
$hack = $pieces[4];
if ($qt == insert) $qt = 'INSERT INTO';
if ($qt == update) { $qt = 'UPDATE'; $end = "WHERE ID = '$id'"; }
$pre = array_keys( $_POST );
mysql_query ("CREATE TABLE IF NOT EXISTS `$table` (`ID` INT NOT NULL AUTO_INCREMENT , PRIMARY KEY ( `id` ) )");
$count = count($pre); $count = $count - 2;
$sql = "$qt $table SET";
for ($i=0; $i < $count; $i++)
{
$x=$i+1;
$y = $_POST[$pre[$x]];
$d = $y;
mysql_query ("ALTER TABLE `$table` ADD `$pre[$x]` TEXT NOT NULL");
$sql .= " `$pre[$x]` = '$d',";
}
$sql .= " ID = '$id' $end";
$query = mysql_query($sql) or die("$sql_error" . mysql_error());
if (empty($hack)) { } else {
$pieces = explode("/", $hack);
$h0 = $pieces[0];
$h1 = $pieces[1];
$h2 = $pieces[2];
$h3 = $pieces[3];
$h4 = $pieces[4];
$h5 = $pieces[5];
mysql_query ("ALTER TABLE `$table` $h0 $h1 $h2 $h3 $h4 $h5");
$query = mysql_query($sql) or die("$sql_error" . mysql_error());
}
if (isset($_GET[inc])) include "$_GET[inc].php";
?>
so please help me how to add md5 in PASSWORD field?
thanks in advance..
Best to use a salt also - hashing and verification should be done at server - see secure hash and salt for PHP
Some links on writing secure code:
OWASP Top 10 for 2010
PHP Security: Fortifying Your Website
Writing Secure PHP
Related
I have a problem with my PHP-Fusion infusion (plugin). I created a POST form, but when I try to call those POST variables they do not echo (I plan adding them to a database). My code:
$id_ucznia = $_GET["id"];
$result2 = dbquery("SELECT id,imiona,nazwiska,dom,punkty FROM ".DB_ZAPISY." WHERE (funkcja = 'Student') AND (id = '".$id_ucznia."')");
if (dbrows($result2)) {
while ($data2 = dbarray($result2)) {
echo '<form method="POST" action="">
<input type="hidden" name="uczen_id" value="'.$id_ucznia.'">
<table border="0" align="center">
<tr><td align="right">Imiona ucznia: </td> <td align="left"><input type="text" class="input" name="imiona" value="'.$data2["imiona"].'" disabled></td></tr>
<tr><td align="right">Nazwiska ucznia: </td> <td align="left"><input type="text" class="input" name="nazwiska" value="'.$data2["nazwiska"].'" disabled></td></tr>
<tr><td align="right">Dom ucznia: </td> <td align="left"><input type="text" class="input" name="dom" value="'.$data2["dom"].'" disabled></td></tr>
<tr><td align="right">Aktualne punkty: </td> <td align="left"><input type="text" class="input" name="punkty_start" value="'.$data2["punkty"].'" disabled></td></tr>
<tr><td align="right">Punkty do dodania: </td> <td align="left"><input type="text" class="input" name="ile"></td></tr>
<tr><td align="right">Uzasadnienie: </td> <td align="left"><input type="text" class="input" name="zaco" maxlength="500"></td></tr>
<tr><td colspan="2" align="center"><input type="submit" class="button" name="dodaj_punkty" value="Dodaj punkty"></td></tr>
</table>
</form>
';
}
}
if (isset($_POST['dodaj_punkty'])) {
$imiona = $_POST["imiona"];
$nazwiska = $_POST['nazwiska'];
$dom = $_POST['dom'];
$punkty_start = $_POST['punkty_start'];
$ile = $_POST['ile'];
$zaco = $_POST['zaco'];
$punkty_uczen_end = $punkty_start + $ile;
$kto_akcja = $userdata['user_name'];
$kto_id = $userdata['user_id'];
$komu = ''.$imiona.' '.$nazwiska.'';
$dzis = date("Y-m-d H:i:s");
$result3 = dbquery("SELECT id,nazwa,punkty FROM ".DB_DOMY." WHERE `nazwa` = '".$dom."'");
if (dbrows($result3)) {
while ($data3 = dbarray($result3)) {
$id_domu = $data3["id"];
$nazwa = $data3["nazwa"];
$punkty_dom_start = $data3["punkty"];
}
}
$punkty_dom_end = $punkty_dom_start + $ile;
echo 'Dla ucznia ('.$imiona.$nazwiska.') dodano: '.$punkty_uczen_end.' a dla domu ('.$id_domu.$nazwa.'): '.$punkty_domu_end.' ';
$resulta = dbquery("UPDATE ".DB_DOMY." SET punkty = '{$punkty_dom_end}' WHERE id = '{$id_domu}';");
$resultb = dbquery("INSERT INTO ".DB_RANKING_DOMOW." (ile, akcja, kto, komu, opis) VALUES ('{$ile}','+','{$kto_akcja}','{$komu}','{$zaco}');");
$resultc = dbquery("UPDATE ".DB_ZAPISY." SET punkty = '{$punkty_uczen_end}' WHERE id = '{$uczen_id}';");
$resultd = dbquery("INSERT INTO ".DB_RU." (kiedy, kto_dane, kto_id, komu, ile, zaco, co) VALUES ('{$dzis}','{$kto_akcja}','{$kto_id}','{$komu}','{$ile}', '{$zaco}', '+');");
redirect(FUSION_SELF.$aidlink."&wykonane");
}
HTML form input elements are set to disabled thus their values will not be submitted. Maybe a readonly or hidden -attribute was intended.
Provided code has some variables (redundantly) copied before use. Concerning content management system uses this practice to save a sanitized copy of form-posted data (to prevent SQL injection).
I want to display all rows by a php query and update all by a submit button in sql. I this way below a can display all row and update particular row by its own submit button. But I want to update all by a single submit button.
So for do it, I thank, I want to loop for update. But I cannot understand how to do it in this case.
Here is my code:
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<tr>
<td width="10%"><input type="text" name="date" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail" maxlength="100" value="'.$Detail.'"></td>
<input type="hidden" name="id" value="'.$id.'">
</tr>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>';}
?>
padSproccess.php
include("../db.php");
global $db;
if(isset($_POST['submit'])){
$date = mysqli_real_escape_string($dbh,$_POST['date']);
$title = mysqli_real_escape_string($dbh,$_POST['title']);
$name = mysqli_real_escape_string($dbh,$_POST['name']);
$Detail = mysqli_real_escape_string($dbh,$_POST['Detail']);
$id = mysqli_real_escape_string($dbh,$_POST['id']);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
// if successfully updated.
}
For this you need to update your code into
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}?>
<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<?php
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '<tr>
<td width="10%"><input type="text" name="date[]" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title[]" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name[]" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail[]" maxlength="100" value="'.$Detail.'"></td>
<input type="hidden" name="id[]" value="'.$id.'">
</tr>';
}?>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
Now within your padSproccess.php you'll receive an array of results within your variables which'll be updated using foreach loop
What you need to do first is have an overall form, not a form for each (unless you want to throw in javascript to fire off ajax calls). So what you'll need to do is make sure each row can be associated with a specific id:
<?php
include_once '../db.php';
$result = mysqli_query($dbh, "SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
?>
<form action="padSproccess.php" method="POST">
<table width="100%" border="1">
<thead>
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
</thead>
<tbody>
<?php
while($row = mysqli_fetch_assoc($result)) {
$id = $row['id'];
$name = $row['name'];
$date = $row['date'];
$title = $row['title'];
$Detail = $row['Detail'];
echo '
<tr>
<td width="10%"><input type="text" name="date[' . $id . ']" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="title[' . $id . ']" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="name[' . $id . ']" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="Detail[' . $id . ']" maxlength="100" value="'.$Detail.'"></td>
</tr>
';
}
?>
</tbody>
</table>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
Then in padSproccess.php you'll receive an array of names, dates, titles and Details, each one keyed by the ID of the row. So that'll change to something like this:
<?php
include "../db.php";
if(isset($_POST['submit'])){
$ids = array_keys($_POST['name']);
foreach ($ids as $id) {
$date = mysqli_real_escape_string($dbh,$_POST['date'][$id]);
$title = mysqli_real_escape_string($dbh,$_POST['title'][$id]);
$name = mysqli_real_escape_string($dbh,$_POST['name'][$id]);
$Detail = mysqli_real_escape_string($dbh,$_POST['Detail'][$id]);
$id = mysqli_real_escape_string($id);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
}
// if successfully updated.
}
Try this. Of course for the database I've not started and it is possible errors.
<?php
include_once('../db.php');
global $db;
$result = mysqli_query($dbh,"SELECT * FROM ppad");
if(!$result) {
die("Database query failed: " . mysqli_error());
}
?>
<form action="padSproccess.php" method="POST">
<?php
while($row = mysqli_fetch_assoc($result)) {
$id=$row['id'];
$name=$row['name'];
$date=$row['date'];
$title=$row['title'];
$Detail=$row['Detail'];
echo '
<table width="100%" border="1">
<tr>
<td width="10%">Date</td>
<td width="14%">Time</td>
<td width="20%">Name(url)</td>
<td width="30%">Detail</td>
</tr>
<tr>
<td width="10%"><input type="text" name="ar['.$id.'][date]" maxlength="2" value="'.$date.'"></td>
<td width="14%"><input type="text" name="ar['.$id.'][title]" maxlength="50" value="'.$title.'"></td>
<td width="20%"><input type="text" name="ar['.$id.'][name]" maxlength="50" value="'.$name.'"></td>
<td width="30%"><input type="text" name="ar['.$id.'][Detail]" maxlength="100" value="'.$Detail.'"></td>
</tr>
</table>
';}
?>
<input type="submit" name="submit" id="submit" value="Submit">
</form>
<?php
include("../db.php");
global $db;
if(isset($_POST['submit'])){
foreach($_POST['ar'] as $id=>$dat){
$date = mysqli_real_escape_string($dbh,$dat['date']);
$title = mysqli_real_escape_string($dbh,$dat['title']);
$name = mysqli_real_escape_string($dbh,$dat['name']);
$Detail = mysqli_real_escape_string($dbh,$dat['Detail']);
$id = mysqli_real_escape_string($dbh,$id]);
// update data in mysql database
$update = mysqli_query($dbh,"UPDATE ppad SET date='$date', month='$month', name='$name', Detail='$Detail' WHERE id = '$id'");
}
// if successfully updated.
}
?>
I found this example code that edits, updates and delete a row in a table with ajax, php and sql.
When I run this code in localhost, just the delete function works, all other function do not.
When I add a row, the row is empty in the database.
When I update a row, it always updates all rows with the data from the first row.
Can anyone help me with this problem? An example can be found here
This is my code
<?php
include 'configuration.php';
include 'functions/functions.php';
$action = $_REQUEST['action'];
switch($action) {
case "load":
$query = mssql_query('SELECT * FROM job_creation ORDER BY id ASC');
$count = mssql_num_rows($query);
if($count > 0) {
while($fetch = mssql_fetch_array($query)) {
$record[] = $fetch;
}
}
?>
<a href="gridder_addnew"
id="gridder_addnew" class="gridder_addnew">
<img src= "images/insert.png" alt="Add New" title="Add New" /></a>
<table class="as_gridder_table">
<tr class="grid_header">
<td><div class="grid_heading">no</div></td>
<td><div class="grid_heading">First Name</div></td>
<td><div class="grid_heading">Last Name</div></td>
<td><div class="grid_heading">Actions</div></td>
</tr>
<tr id="addnew">
<td> </td>
<td colspan="6">
<form id="gridder_addform" method="post">
<input type="hidden" name="action" value="addnew" />
<table width="100%">
<tr>
<td><input type="text" name="fname"
id="fname" class="gridder_add" /></td>
<td><input type="text"
name="lname" id="lname" class="gridder_add" /></td>
<td>
<input type="submit"
id="gridder_addrecord" value=""
class="gridder_addrecord_button" title="Add" />
<a href="cancel" id="gridder_cancel"
class="gridder_cancel"><img src="images/delete.png"
alt="Cancel" title="Cancel" /></a></td>
</tr>
</table>
</form>
</tr>
<?php
if($count <= 0) {
?>
<tr id="norecords">
<td colspan="7" align="center">No records found <img src="images/insert.png" alt="Add New" title="Add New" /></td>
</tr>
<?php } else {
$i = 0;
foreach($record as $records) {
$i = $i + 1;
?>
<tr class="<?php if($i%2 == 0) { echo 'even'; } else { echo 'odd'; } ?>">
<td><div class="grid_content sno"><span><?php echo $i; ?></span></div></td>
<td><div class="grid_content editable"><span><?php echo $records['name_ar']; ?></span><input type="text" class="gridder_input" name="<?php echo encrypt("name_ar|".$records['id']); ?>" value="<?php echo $records['name_ar']; ?>" /></div></td>
<td><div class="grid_content editable"><span><?php echo $records['name_en']; ?></span><input type="text" class="gridder_input" name="<?php echo encrypt("name_en|".$records['id']); ?>" value="<?php echo $records['name_en']; ?>" /></div></td>
<td>
<img src="images/delete.png" alt="Delete" title="Delete" /></td>
</tr>
<?php
}
}
?>
</table>
<?php
break;
case "addnew":
$fname = isset($_POST['name_ar']) ? mssql_real_escape_string($_POST['name_ar']) : '';
$lname = isset($_POST['name_en']) ? mssql_real_escape_string ($_POST['name_en']) : '';
mssql_query("INSERT INTO Job_creation (name_ar, name_en) VALUES ('$fname', '$lname')");
break;
case "update":
$value = $_POST['value'];
$crypto = decrypt($_POST['crypto']);
$explode = explode('|', $crypto);
$columnName = $explode[0];
$rowId = $explode[1];
$query = mssql_query("UPDATE Job_creation SET name_ar =
'$value',name_en = '$value' WHERE id = '$rowId' ");
break;
case "delete":
$value = decrypt($_POST['value']);
$query = mssql_query("DELETE FROM Job_creation WHERE id = '$value' ");
break;
}
?>
Note:This example worked in mySQL but I converted it to MSSQL
Many thanks in advance for those who help me :)
To slove Problem insert(Add new)
Replace this code
<tr>
<td><input type="text" name="fname"
id="fname" class="gridder_add" /></td>
<td><input type="text"
name="lname" id="lname" class="gridder_add" /></td></tr>
case "addnew":
$fname = isset($_POST['name_ar'])
? mssql_real_escape_string($_POST['name_ar']) : '';
$lname = isset($_POST['name_en']) ?
mssql_real_escape_string ($_POST['name_en']) : '';
mssql_query("INSERT INTO Job_creation (name_ar, name_en)
VALUES ('$fname', '$lname')");
break;
to this code
<tr>
<td><input type="text" name="name_ar" id="name_ar"
class="gridder_add" /> </td>
<td><input type="text" name="name_en" id="name_en"
class="gridder_add" /></td></tr>
case "addnew":
$fname = $_POST['name_ar'];
$lname = $_POST['name_en'];
mssql_query("INSERT INTO Job_creation (name_ar, name_en) VALUES
('$fname', '$lname')");
break;
To slove problem update
Replace this code
case "update":
$value = $_POST['value'];
$crypto = decrypt($_POST['crypto']);
$explode = explode('|', $crypto);
$columnName = $explode[0];
$rowId = $explode[1];
$query = mssql_query("UPDATE Job_creation SET name_ar =
'$value',name_en = '$value' WHERE id = '$rowId' ");
break;
To this code
case
"update":
$value = $_POST['value'];
$crypto = decrypt($_POST['crypto']);
$explode = explode('|', $crypto);
$columnName = $explode[0];
$rowId = $explode[1];
$query = mssql_query("UPDATE Job_creation SET
$columnName = '$value' WHERE id = '$rowId' ");
break;
I've got a page showing the contents of my DB in form inputboxes like this:
<?php
while($row = mysql_fetch_array($result))
{
$namn = $row['namn'];
$mandag = $row['mandag'];
$tisdag = $row['tisdag'];
$onsdag = $row['onsdag'];
$torsdag = $row['torsdag'];
$fredag = $row['fredag'];
?>
<td width="100"></td>
<td><?=$namn?><input name="namn[]" type="hidden" value="<?=$namn?>"></td>
</tr>
<tr>
<td width="100">Mandag</td>
<td><input name="mandag[]" type="text" value="<?=$mandag?>"></td>
</tr>
<tr>
<td width="100">Tisdag</td>
<td><input name="tisdag[]" type="text" value="<?=$tisdag?>"></td>
</tr>
<tr>
<td width="100">Onsdag</td>
<td><input name="onsdag[]" type="text" value="<?=$onsdag?>"></td>
</tr>
<tr>
<td width="100">Torsdag</td>
<td><input name="torsdag[]" type="text" value="<?=$torsdag?>"></td>
</tr>
<tr>
<td width="100">Fredag</td>
<td><input name="fredag[]" type="text" value="<?=$fredag?>"></td>
</tr>
<?php } ?>
<tr>
<td width="100"> </td>
<td> </td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="Update">
</td>
</tr>
</table>
</form>
After this I've added code to able to update the different DB entries by changing the content of the inputboxes and pressing the submit button:
<?php
if(isset($_POST['update']))
{
$namnValue = $_POST['namn'];
$mandagValue = $_POST['mandag'];
$tisdagValue = $_POST['tisdag'];
$onsdagValue = $_POST['onsdag'];
$torsdagValue = $_POST['torsdag'];
$fredagValue = $_POST['fredag'];
print_r($mandagValue);
$sql = "UPDATE anstalld SET mandag = '$mandagValue', tisdag = '$tisdagValue', onsdag = '$onsdagValue', torsdag = '$torsdagValue', fredag = '$fredagValue' WHERE namn = '$namnValue'";
echo $sql;
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully\n";
}
mysql_close($conn);
?>
The DB is being updated, however, the problem is that all my
$namnValue = $_POST['namn'];
$mandagValue = $_POST['mandag'];
$tisdagValue = $_POST['tisdag'];
$onsdagValue = $_POST['onsdag'];
$torsdagValue = $_POST['torsdag'];
$fredagValue = $_POST['fredag'];
are returning the result "Array", an not the actual Values from the inputboxes.
Therefore my SQL UPDATE ends up being
"UPDATE anstalld SET mandag = 'Array', tisdag = 'Array', onsdag =
'Array', torsdag = 'Array', fredag = 'Array' WHERE namn = 'Array'"
I'll appreciate any help I can get on this, thanks.
You need to delete [] on our input names:
<td><input name="onsdag" type="text" value="<?=$onsdag?>"></td>
instead of
<td><input name="onsdag[]" type="text" value="<?=$onsdag?>"></td>
^^
Otherwise they are considered as arrays.
Because of the name of your input fields
<input name="onsdag[]" type="text" value="<?=$onsdag?>">
you are sending arrays and not single values.
Change the names as the previous answer suggests
<input name="onsdag" type="text" value="<?=$onsdag?>">
or access them as arrays
$namnValue = $_POST['namn'][0];
$mandagValue = $_POST['mandag'][0];
...
I dont get what im doing wrong here..
i have about 125 product in the table but i get only the last product from the table so it shows only one item... this is a simple calculator to provide the sales person and the customer how much box they would need and how much it would cost a quick estimate.
Thank you for the help in advance..
<?php
include('admincik/config.php');
include ('birlikte/ac.thumbs.php');
//Retrieves data from MySQL
$data = mysql_query("SELECT * FROM Calculator ORDER BY isim") or die(mysql_error());
//Puts it into an array
while($info = mysql_fetch_array( $data ))
{
$resim = $info['resim'];
$isim = $info[isim];
$boyut = $info[boyut];
$pcs = $info[adet];
$sqft = $info[sqft];
$price = $info[price];
}
/////////Formdan gelen yada Giden//////////////
$length =htmlspecialchars(stripslashes($_POST['Length']));
$width =htmlspecialchars(stripslashes($_POST['Width']));
$TileNameList = "<option value=\"$sqft\">$isim $boyut</option>";
/////Matematiksel islemler/////////
$equals = $length * $width;
$box = round($equals / $sqft);
$sqftbox = $box * $sqft;
$TotalPrice = $sqftbox * $price
?>
<div class="ana">
<table width="900" height="199" border="1">
<tr>
<td width="150">Name</td>
<td width="150">Length</td>
<td width="150">Width</td>
<td width="150">Total Sqft Area</td>
<td width="200">Box Needed /Total Sqft</td>
<td width="100">Price</td>
</tr>
<tr>
<td><form id="form5" name="form5" method="post" action="">
<select name="TileName" id="TileName">
<?php echo ($TileNameList); ?>
</select>
</td>
<td><input name="Length" type="text" id="Length"/></td>
<td><input type="text" name="Width" id="Width"/></td>
<td><input type="text" name="Sqft" id="Sqft" value="<?php echo ($equals); ?>"/></td>
<td><?php echo "You will need <span style=\"color:red\">$box</span> Boxes<br> Which is <span style=\"color:red\">$sqftbox</span> "; ?></td>
<td><?php echo "$$TotalPrice"; ?></td>
</tr>
<tr >
<td colspan="6" align="center">
<input type="submit" name="Submit" id="Submit" value="Submit" />
</form></td>
</tr>
</table>
</div>
Your loop doesn't append to $TileNameList because it exists outside of it. It actually replaces it's value. Try:
<?php
include('admincik/config.php');
include ('birlikte/ac.thumbs.php');
//Retrieves data from MySQL
$data = mysql_query("SELECT * FROM Calculator ORDER BY isim") or die(mysql_error());
//Puts it into an array
while($info = mysql_fetch_array( $data ))
{
$resim = $info['resim'];
$isim = $info[isim];
$boyut = $info[boyut];
$pcs = $info[adet];
$sqft = $info[sqft];
$price = $info[price];
$TileNameList .= "<option value=\"$sqft\">$isim $boyut</option>"; // NOTE THE .=
}
/////////Formdan gelen yada Giden//////////////
$length =htmlspecialchars(stripslashes($_POST['Length']));
$width =htmlspecialchars(stripslashes($_POST['Width']));
/////Matematiksel islemler/////////
$equals = $length * $width;
$box = round($equals / $sqft);
$sqftbox = $box * $sqft;
$TotalPrice = $sqftbox * $price
?>
<div class="ana">
<table width="900" height="199" border="1">
<tr>
<td width="150">Name</td>
<td width="150">Length</td>
<td width="150">Width</td>
<td width="150">Total Sqft Area</td>
<td width="200">Box Needed /Total Sqft</td>
<td width="100">Price</td>
</tr>
<tr>
<td><form id="form5" name="form5" method="post" action="">
<select name="TileName" id="TileName">
<?php echo ($TileNameList); ?>
</select>
</td>
<td><input name="Length" type="text" id="Length"/></td>
<td><input type="text" name="Width" id="Width"/></td>
<td><input type="text" name="Sqft" id="Sqft" value="<?php echo ($equals); ?>"/></td>
<td><?php echo "You will need <span style=\"color:red\">$box</span> Boxes<br> Which is <span style=\"color:red\">$sqftbox</span> "; ?></td>
<td><?php echo "$$TotalPrice"; ?></td>
</tr>
<tr >
<td colspan="6" align="center">
<input type="submit" name="Submit" id="Submit" value="Submit" />
</form></td>
</tr>
</table>
</div>