I wrote this statements but it is not work :(
... can you tell me why?
HTML:
<form action="join.php" method="post">
<label name="RoomName">Room1</label>
</form>
PHP:
$roomName = $_POST['RoomName'];
$roomID = "SELECT RoomID FROM rooms WHERE RoomName = $roomName";
EDIT:
thanks but in my work the user does not have the ability to edit the room name
so i need to display the room name in a label (on any thing else) instead of text box
You need an <input> element as well.
<input type="text" name="RoomName">
This way the value is available by $_POST['RoomName']. You likely also need a submit button:
<input type="submit" value="Submit">
The label just associates the label with an input element, usually with the for attribute pointing to the input element's id:
<label for="RoomName">Room1</label>
<input type="text" id="RoomName" name="RoomName">
The benefit of this is mainly in accessibility (screen readers, clicking label, etc).
To learn more about HTML forms, go through this quick guide: http://www.w3schools.com/html/html_forms.asp
As to the SQL query, read the comments others posted to your question. You need to quote strings and escape the values from SQL injections as well.
Update: as per your edit, just set the readonly attribute to avoid the field being edited:
<input type="text" id="RoomName" name="RoomName" value="somevalue" readonly>
or make use of a hidden input element:
<input type="hidden" name="RoomName" value="somevalue">
Your code should look like this instead:
<form action="join.php" method="post">
<label name="RoomName">Room Name:</label>
<input type="text" name="RoomName" value="Room 1" />
<input type="submit" value="Submit Room" />
</form>
Also, you can't just set the value to the SQL query. You need to use the mysql_fetch_assoc() function. So it would be more like:
$sqlQuery = "SELECT RoomID FROM rooms WHERE RoomName = '".mysql_real_escape_string($roomName)."'";
$result = mysql_query($sqlQuery);
while ($row == mysql_fetch_assoc($result)) {
$roomID = $row['rooms'];
//do stuff with the current roomID
}
RoomName = $roomName"
to
RoomName = '$roomName'"
In SQL, strings must be quoted. Also, be safe by doing mysql_real_escape_string() on $roomName.
Related
I have a simple code (very simple one) that I was using to try something out for a work and I was trying a function to work with the variables of a form radio in post method, to update my SQL table with the output of the form. But when I'm going to try it, it doesn't update and gives me a notice.
It has something to do with the query (because the error says is in that line of the code) but I still don't know what it is.
I tried to change the syntax of the SQL sentence in different ways. I changed the user I was going to use to change the "image_value" column. I even checked the syntax of the query in phpmyadmin, and it worked.
Here is the php code:
<?php
mysql_connect("localhost","root","");
function user_image($value){
print_r($value);
//This is the problem
$query = "UPDATE users SET image_value = '$value' WHERE (ID) = '6'";
mysql_query($query);
}
?>
And here i have the code of the form and how I'm using the function (if there is any mistake that I haven't seen)
<form method="post" action="">
<input type="radio" name="1" value="1">imagen1
<br>
<input type="radio" name="2" value="2">imagen2
<br>
<input type="radio" name="3" value="3">imagen3
<br>
<input type="radio" name="4" value="4">imagen4
<br>
<button type="submit"><span>Submit</span></button>
</form>
<?php
user_image($_POST);
?>
Your problem is you are passing the complete object $_POST.
You don't specify if your radio name is correct (The name of your radio as a number from 1 to 4).
In the case, you are trying to set the value of image_value from a radio button should be.
<form method="post" action="">
<input type="radio" name="image_value" value="1">imagen1
<br>
<input type="radio" name="image_value" value="2">imagen2
<br>
<input type="radio" name="image_value" value="3">imagen3
<br>
<input type="radio" name="image_value" value="4">imagen4
<br>
<button type="submit"><span>Submit</span></button>
</form>
<?php
if (isset($_POST['image_value'])) {
user_image($_POST['image_value']);
}
?>
and your function
function user_image($value) {
mysql_connect("localhost","root","");
print_r($value);
//This is the problem
$query = "UPDATE users SET image_value = '$value' WHERE (ID) = '6'"; //ID should be dynamic base on the user I guess
mysql_query($query);
}
?>
$_POST pass an object value to the server, you need to specify the property you want to use, var_dump $value to understand all what it contains.
I'm trying to get the php code to search the database and return all the matching "park_name"s but it says that the search variable is undefined and also only returns one park from the database.
This is the code I have for the search:
<form method="post" action="Search_page.php" name="search" id="Search">
<label for="search">Search:</label><input type="text" name="Search" id="search" />
<input type="submit" name="submit" value="Search"/>
</form>
<?php
if(isset($_POST['search'])){
$search = $_POST['search'];
$search = preg_replace("#[^0-9a-z]i#","", $search); }
$sql="SELECT Park_name, street FROM park_list WHERE park_name LIKE '%$search%'";
//query db
$result = $db->query($sql);
?>
</div>
<?php while ($row = $result->fetch_assoc()) { ?>
<div class="results">
<h2><?php echo $row['Park_name']?></h2> </br>
<p><?php echo $row['street']?></p>
</div>
<?php } ?>
Because, Search != search.
Error reporting told you about it too.
Btw, != is the logical operator for "does not equal" ;-)
Those are case-sensitive.
By the way; do yourself a favor and use a prepared statement if you want to save/keep your database.
https://en.wikipedia.org/wiki/Prepared_statement
and check for errors on the query, should it fail using mysqli_error($db).
You're also using a name attribute here in conjunction with the POST array of the same name:
<form method="post" action="Search_page.php" name="search" id="Search">
^^^^^^^^^^^^^
Remove that ^
and rename name="Search" for the input to name="search".
where you thought would pan out, which it won't. Your search is relying on the input's name attribute (and the input itself). Forms generally do not use name attributes.
You need to remove it.
Side note: It's usually best to use a !empty() < (not empty) for a user input, instead of isset(). The latter is mostly used for radios/checkboxes/submit inputs.
Form field names are case sensitive.
Change your second line to
<label for="search">Search:</label><input type="text" name="search" id="search" />
I don't have rep to comment yet, but Park_name should be lowercase.
You have inconsistent case in the sql statement:
$sql="SELECT Park_name, street FROM park_list WHERE park_name LIKE '%$search%'";
I am having trouble thinking out a good way to update my query depending on user $_POST values. Basically I have user management search button, where site administrator can search for his sites users. In my example:
<div id="website_user_management_search_left">
<div id="website_user_management_search_left_leftside">
<p>Name:</p>
<p>Surname:</p>
<p>Telephone:</p>
<p>Group:</p>
<p>Discount group:</p>
</div>
<div id="website_user_management_search_left_rightside">
<input type="text" name="#" value="#" id="userSearch_name">
<input type="text" name="#" value="#" id="userSearch_surname">
<input type="text" name="#" value="#">
<input type="text" name="#" value="#">
<input type="text" name="#" value="#">
<input type="submit" id="button_adminUserSearch" value="Search">
</div>
Then after pressing "Search" button AJAX sends request to retrieve results, but how can I handle this dynamic query?
For example - if user just presses "Search" query would look like:
mysqli_query($dbconnect,"SELECT * FROM accounts");
For example - if user specifys $_POST["name"] value, query would look like:
mysqli_query($dbconnect,"SELECT * FROM accounts WHERE name='".$_POST["name"]."'");
Problem is - how can I efficiently handle this kind of query? It would be dumb to check which values is "isSet" and then make tons of query cases.
I hope you understood my problem and can help out with it, because it`s kinda hard to explain it.
Maybe you're looking for something like it :
if(empty($_POST['name'])) {
$name = null;
} else $name = $_POST['name'];
Then in your statement, your condition would be :
WHERE (name=:name OR :name is null)
If name isset, it will search for this name, else it will return true and query will not be affected
You could do something like that:
mysqli_query($dbconnect,"SELECT * FROM accounts WHERE name LIKE'%".$_POST["name"]."%'");
But there are two little problems:
You don't have escaped your user input data with mysqli_escape_string() and:
You shouldn't do that. A better way would be to add a where clause only, if name POST data is set:
$where = '';
if ($_POST['name']) {
$where = ' WHERE name = '".$name."'"';
}
mysqli_query($dbconnect,"SELECT * FROM accounts" . $where);
So I have a drop down populated with the names based on an SQL query. I want to be able to see which option the user selected before they pressed submit and use this as a variable on a separate php file. I assume I will need to use session variables? I'm a bit lost so any help would be appreciated. I have the following code so far:
<form name="ClientNameForm" id="ClientNameForm" action="ClientDetails.php">
<input type="text" name="ClientName" id="ClientName" placeholder="Type Service User's name here:" style="width: 200px"/><br/><br/>
<select name="Name_dropdown" id="name_dropdown" style="width: 200px" >
<?php
$ClientName_Query= "SELECT CONCAT(FName, ' ', SName) AS FullName FROM ClientDetails";
$ClientName_Result= mysql_query($ClientName_Query) or die (mysql_error());
while ($row= mysql_fetch_array($ClientName_Result)){
echo "<option> $row[FullName] </option>";
}
?>
</select><br/><br/>
<input type="submit" name="submit_btn" id="submit_btn" value="Submit"/>
</form>
In your ClientDetails.php file the value will be available using,
$name = $_POST['Name_dropdown'];
If you need to change a setting in the form document before submitting you can use jQuery. Something like
$('#name_dropdown').change(function(){
var option = $(this.options[this.selectedIndex]).val();
});
I have created a form, with 5 textbox fields and I want to add those five entries in the database. I want to use the textbox "array", that way I can use a for-each when saving to the database. As anyone, any code on how to do this or can direct me in the right path?
input type="text" value="whateva" name= ?php text[0] ?>
input type="text" value="whateva" name= ?php text[1] ?>
input type="text" value="whateva" name= ?php text[2] ?>
if (isset($_POST['Submit']) {
//add to db
(for-each $text as $val) {
//add to db
}
}
Is this possible?
HTML
<input type="text" value="whateva" name="text[]" />
<input type="text" value="whateva" name="text[]" />
<input type="text" value="whateva" name="text[]" />
PHP
if (!empty($_POST['text'])) {
foreach ($_POST['text'] AS $value) {
// add to the database
$sql = 'INSERT INTO tableName SET fieldName = "' . mysql_real_escape_string($value) . '"';
}
}
Yes, HTML supports arrays. just name your textareas like this:
<textarea name="field[]"></textarea> /* Notice square brackets */
For this example, in PHP, your $_GET or $_POST will have array key with name 'field' and values from these textareas.
If 'Submit' is the name of the submit button. yeah that will work.
but few suggestions:
correct it as:
< input type="text" value="whateva" name= "" />
Use validation for the text submitted by user
IMPORTANT: "GET A BOOK ON PHP" and learn it. Seriously, if you learn this way, you wont become a good programmer. You are learning it the hardway. Book is must for you.