Please help, Im trying to search for mysql records using an html form to display the corresponding record for the entered primary key.
Here's my html form:
<td><input type="submit" name="Submit" value="Search"></td>
And here's the new.php form action:,
mysql_select_db("Hospital", $con);
$result = mysql_query("SELECT HOSPNUM FROM t2 WHERE FIRSTNAME='{$_POST["fname"]}'");
while($row = mysql_fetch_array($result))
{
<input name="hnum" type="text" id="hospnum" value="<?php echo $row['HOSPNUM']; ?>" />
}
mysql_close($con);
?>
How do I get to display the hospnum in the html inputbox when I input the fname and then click the search button.
Note: This script, as-is, is vulnerable to sql-injections. The code that follows is not dealing with this, as it's out of the scope of the original question. Do not use this code as-is in a production environment.
You have a small problem jumping from PHP to HTML:
<?php
mysql_select_db("Hospital", $con) or die(mysql_error());
$fname = $_POST["fname"];
$result = mysql_query("SELECT HOSPNUM FROM t2 WHERE FIRSTNAME='{$fname}'");
?>
<h3>Results:</h3>
<?php while ( $row = mysql_fetch_array($result) ) { ?>
<input type="text" name="hnum" value="<?php echo $row["HOSPNUM"]; ?>" />
<?php } ?>
Related
I have a check box inside a while loop like this:
<form method="POST">
<?php $sql= mysql_query("SELECT * FROM names WHERE `id` ='$id' ");
while ($get = mysql_fetch_array($sql)){ ?>
<input type="checkbox" name="id_names" value="<? echo $get ['id'];?>"><?php echo $get ['name']; ?>
<?php } ?>
<input id="submitbtn" type="submit" value="Submit" /><br><br>
</form>
The problem is at this part I am unable to get specific checkbox properties and even if the user selects two check boxes I am unable to echo the id out
<?php
if(isset($_POST['id_names']))
{
$id_names= $_POST['id_names'];
$email = mysql_query("SELECT `email` FROM users WHERE `id` = '$id_names' ");
while ($getemail = mysql_fetch_array($email))
{
echo $getemail['email'];
}
}
?>
I have tried searching for answers but I am unable to understand them. Is there a simple way to do this?
The form name name="id_names" needs to be an array to allow the parameter to carry more than one value: name="id_names[]".
$_POST['id_names'] will now be an array of all the posted values.
Here your input field is multiple so you have to use name attribute as a array:
FYI: You are using mysql that is deprecated you should use mysqli/pdo.
<form method="POST" action="test.php">
<?php $sql= mysql_query("SELECT * FROM names WHERE `id` =$id ");
while ($get = mysql_fetch_array($sql)){ ?>
<input type="checkbox" name="id_names[]" value="<?php echo $get['id'];?>"><?php echo $get['name']; ?>
<input type="checkbox" name="id_names[]" value="<?php echo $get['id'];?>"><?php echo $get['name']; ?>
<?php } ?>
<input id="submitbtn" type="submit" value="Submit" /><br><br>
</form>
Form action: test.php (If your query is okay.)
<?php
if(isset($_POST['id_names'])){
foreach ($_POST['id_names'] as $id) {
$email = mysql_query("SELECT `email` FROM users WHERE `id` = $id");
$getemail = mysql_fetch_array($email); //Here always data will single so no need while loop
print_r($getemail);
}
}
?>
I have a weird problem in which if I delete the line Type doctor name <input type="text" name="new_Doctor_name" value="<?php echo $row1[3]; ?>" ><br />, I cannot update my records and get the notice Undefined variable: row1. However, if I keep this line, which I copy from another table, I can update just fine.
Please explain this. Any help will be highly appreciated.
<?php
include_once('Connect.php');
if( isset($_GET['edit1']) )
{
$id = $_GET['edit1'];
$res1= mysql_query("SELECT * FROM department WHERE Dept_name='$id'");
$row1= mysql_fetch_array($res1);
}
if( isset($_POST['new_Doctor_name']) )
{
$id = $_POST['id'];
$new_Dept_name = $_POST['new_Dept_name'];
$new_Ward = $_POST['new_Ward'];
$sql1 = "UPDATE department SET Dept_name='$new_Dept_name', Ward='$new_Ward' WHERE Dept_id='$id'";
$res2 = mysql_query($sql1) or die("Could not Update".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=Department_viewtable.php'>";
}
var_dump($row1);
?>
<FORM ACTION="Department_dmod.php" METHOD="post">
<input type="hidden" name="id" value="<?php echo $id; ?>" />
***Type doctor name <input type="text" name="new_Doctor_name" value="<?php echo $row1[3]; ?>" ><br />***
Type Department Name <input type="text" name="new_Dept_name" value="<?php echo $row1[1]; ?>" ><br />
Type Department Ward <input type="text" name="new_Ward" value="<?php echo $row1[2]; ?>" >
<INPUT TYPE="SUBMIT" NAME="UPDATE" VALUE="UPDATE">
<p><a href=Department_viewtable.php>Back to the Department table</a></p>
<p><a href=Main_Menu.php>Back to Main menu</a></p>
</FORM>
The if() statement :
if( isset($_POST['new_Doctor_name']) )
Will only ever be executed if an input element exists in the POST data with a name of new_Doctor_name. If you remove it from the DOM, it will not be passed with the request, and thus the queries won't execute.
It may be better to check for the presence of the UPDATE variable inside the POST request:
if(isset($_POST['UPDATE']))
{
$id = $_POST['id'];
$new_Dept_name = $_POST['new_Dept_name'];
$new_Ward = $_POST['new_Ward'];
$sql1 = "UPDATE department SET Dept_name='$new_Dept_name', Ward='$new_Ward' WHERE Dept_id='$id'";
$res2 = mysql_query($sql1) or die("Could not Update".mysql_error());
echo "<meta http-equiv='refresh' content='0;url=Department_viewtable.php'>";
}
It's also worth noting that the mysql_* family of functions is now deprecated. Instead, you should look at MySQLi or PDO. Finally, your code is open to SQL injection, so I'd recommend looking at Prepared Statements, too.
The variable row1 is set in this part of the code. If the variable is returning an error that it has not been defined this means that the code below has not been executed. This code is only ran if the $_GET['edit1'] variable is set.
if( isset($_GET['edit1']) )
{
$id = $_GET['edit1'];
$res1= mysql_query("SELECT * FROM department WHERE Dept_name='$id'");
$row1= mysql_fetch_array($res1);
}
I have this code in a loop in my code, The loop makes one submit button for every member found. I need each button to have the members name stored in it, in a way it can be sent though post when that button is clicked. Im not sure if this is possible with post but i was trying a way i do it with URLS. Does anyone know how to do this?
<input type="submit" value="Attack" name="Attack?name=<?php echo $Member_name; ?>" />
<?php
if(isset($_POST['Attack'])){
$sql = "SELECT * FROM users WHERE name='".mysql_real_escape_string($_GET['name'])."'";
$query = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_object($query);
}
Here is the whole code i was trying to store it in a hidden form but it only grabs the last member found and wont get others.
<?php
$sql = "SELECT name, rank FROM users ORDER BY rank DESC"; // Searches the database for every one who has being last active in the last 5 minute
$query = mysql_query($sql) or die(mysql_error());
$count = mysql_num_rows($query);
$i = 1;
while($row = mysql_fetch_object($query)) {
$Member_name = htmlspecialchars($row->name);
$Member_level = htmlspecialchars($row->rank);
?>
<td><?php echo $i; ?></td>
<td><?php echo $Member_name; ?></td><td><?php echo $Member_level; ?></td><td>
<input type="hidden" name="thename" value="<?php echo $Member_name; ?>">
<input type="submit" value="Attack" name="Attack" />
</td>
<?
if($i != $count) { // this counts the amount of people that are online and display the results.
echo "</tr><tr>";
}
$i++;
}
?>
<?php
if(isset($_POST['Attack'])){
$sql = "SELECT * FROM users WHERE name='".mysql_real_escape_string($_POST['thename'])."'";
$query = mysql_query($sql) or die(mysql_error());
$row = mysql_fetch_object($query);
$profile_id = htmlspecialchars($row->id);
$profile_userip = htmlspecialchars($row->userip);
$profile_name = htmlspecialchars($row->name);
$profile_money = htmlspecialchars($row->money);
$profile_gang = htmlspecialchars($row->gang);
$profile_exp = htmlspecialchars($row->exp);
$profile_profile = htmlspecialchars($row->profile);
$profile_rank = htmlspecialchars($row->rank);
$profile_health = htmlspecialchars($row->health);
$profile_defence = htmlspecialchars($row->defence);
$profile_stanima = htmlspecialchars($row->stanima);
?>
OK, assuming everything else is working ok, and you are retrieving data.
Change this:
<input type="hidden" name="thename" value="<?php echo $Member_name; ?>">
<input type="submit" value="Attack" name="Attack" />
To this:
<form method="POST" action="">
<input type="hidden" name="name" value="<?php echo $Member_name; ?>">
<input type="submit" value="Attack" name="Attack" />
</form>
And also in your PHP, change this line:
$sql = "SELECT * FROM users WHERE name='".mysql_real_escape_string($_GET['name'])."'";
To:
$sql = "SELECT * FROM users WHERE name='".mysql_real_escape_string($_POST ['name'])."'";
This isn't the best way to do this, you will be generating loads of HTML elements depending how many users you have, but it should solve you problem (providing everything else is working and receiving data).
HTML 5 & Javascript would be perfect for this and is something you should look into.
I want to show the selected ID data in the form and EDIT it and UPDATE in the database. I selected the data from the database and put it in the input tag but it doesn't work. Please help!
<html>
<body>
<?
$db = mysql_connect("localhost", "root","");
mysql_select_db("db_ncs",$db);
$id = $_GET['s_id'];
if($id)
{
$result=mysql_query("SELECT * FROM tbl_student WHERE s_id=$id");
$row = mysql_fetch_assoc($result);
}
?>
<form method="post" action="update.php">
Name:<input type="Text" name="name" value="<?php echo $row['s_name'];?>" /><br>
Contact:<input type="Text" name="contact" value="<?php echo $row['s_contact'];?>" /><br>
Address:<input type="Text" name="address" value="<?php echo $row['s_address'];?>" /><br>
E-mail:<input type="Text" name="email" value="<?php echo $row['s_email'];?>" /><br>
<input type="submit" name="update" value="Update">
</form>
<?
if(isset($_POST['update']))
{
$name = $_POST['s_name'];
$contact = $_POST['s_contact'];
$address = $_POST['s_address'];
$email = $_POST['s_email'];
$sql = "UPDATE tbl_student
SET (s_name='$name', s_contact='$contact', s_address='$address', s_email='$email')
WHERE s_id=$id";
$res = mysql_query($sql);
if($res)
{
echo "Upadate Successfull!";
}
else
{
echo "Sorry!";
}
}
?>
</body>
</html>
You forgot to pass the id.
Add this between the <form> tags.
<input type="hidden" name="s_id" value="<?php echo $id;?>" />
You also need to make your methods consistent. The form submits the data via method="get" but you ask for it via $_POST. You also need to make the input names consistent with the names you ask for, by either adding or removing the "s_" in the appropriate places.
Not really an answer to your question, but i have to point you to some omissions in your code:
if $_POST['update'] is set, that doesn't mean the other variables are also set. They can be empty if user didn't enter anything in a field. You should check if every $_POST or $_GET variables are set by using isset or empty.
your code is so insecure! You should escape every variable before using it in a query. Use mysql_real_escape_string() for that. I also suggest you to use strip_tags() along with escaping.
In the form you have method="get" but you use $_POST in your PHP code. Try to define your form as below:
<form method="post" action="update.php">
Your SQL query should be (added quotes):
$sql = "UPDATE tbl_student
SET (s_name='$name', s_contact='$contact', s_address='$address', s_email='$email')
WHERE s_id=$id";
Try adding this after mysql_query:
$result = mysql_query($sql) or die(mysql_error());
Do not use mysql_* functions, they are no longer maintained: use PDO of MySQLi.
Doesn't he have to use the $row = mysql_fetch_assoc($result) to get the results?
// Perform Query
$result = mysql_query($query);
// Check result
// This shows the actual query sent to MySQL, and the error. Useful for debugging.
if (!$result) {
$message = 'Invalid query: ' . mysql_error() . "\n";
$message .= 'Whole query: ' . $query;
die($message);
}
// Use result
// Attempting to print $result won't allow access to information in the resource
// One of the mysql result functions must be used
// See also mysql_result(), mysql_fetch_array(), mysql_fetch_row(), etc.
while ($row = mysql_fetch_assoc($result)) {
echo $row['firstname'];
echo $row['lastname'];
echo $row['address'];
echo $row['age'];
}
http://php.net/manual/en/function.mysql-query.php
above is just an example.
update:
$result=mysql_query("SELECT * FROM tbl_student WHERE s_id=$id");
$row = mysql_fetch_assoc($result); // I think you have to add this line here, don't you?
?>
<form method="post" action="update.php">
<input type="hidden" name="s_id" value="<?php echo $id;?>" />
Name:<input type="Text" name="name" value="<?php echo $row['s_name'];?>" /><br>
Contact:<input type="Text" name="contact" value="<?php echo $row['s_contact'];?>" /><br>
Address:<input type="Text" name="address" value="<?php echo $row['s_address'];?>" /><br>
E-mail:<input type="Text" name="email" value="<?php echo $row['s_email'];?>" /><br>
<input type="submit" name="update" value="Update">
</form>
update 2:
when you are going to update, the method up there $id = $_GET['s_id']; is still looking for a param called 's_id' will come via HTTP GET, but it doesn't!
a quick workaround may be this,
<form method="post" action="update.php?<?php echo $id;?>">
and don't forget to add,
$id= $_POST['s_id']; after $email = $_POST['s_email'];!
update 3:
Hmm, You still need this <input type="hidden" name="s_id" value="<?php echo $id;?>" /> and don't forget to add,
$id= $_POST['s_id']; after $email = $_POST['s_email'];!
Your form has fields like name="contact", but when you try to get the values you use $_POST['s_contact']. These need to match.
The reason you need the hidden s_id field in the form is so that you will update the same row that was edited. Your UPDATE statement contains WHERE s_id=$id, so you need to get the original id this way. It's hidden because you don't want the user to be able to change the ID when editing.
UPDATE: I narrowed it down, when I got rid of this tag in the header.php file it all works, can someone please explain this.
<script src="#" type="text/javascript"></script>
Hi I'm having quite an annoying issue with my php code. I am trying to update a php database, from a form, when I do this however the fields in the data base become empty after submitting. Please Help! You can view it in action here http://andcreate.com/shoelace/admin/edit1.php click on the lists on the right to edit them and see what happens.
<?php
include("header.php");
echo "<h2>Edit Posts</h2>";
echo "<div id='editNav'>";
echo "<p>Choose Post to Edit</p>";
//////////GET ALL RECORDS AND BUILD A NAV SYSTEM FROM THEM////////
$results = mysql_query("SELECT * FROM shoeData ");
while($row = mysql_fetch_array($results)){
$id = $row['id'];
$name = $row['name'];
$about = $row['about'];
echo "$date " . substr($name, 0, 40) . " <br/> ";
}
$thisID = $_GET['id'];
if(!isset($thisID)){
$thisID = 22;
}
//////////FINISH ALL RECORDS AND BUILD A NAV SYSTEM FROM THEM////////
echo "</div>";
///////IF USER SUBMITS CHANGES UPDATE THE DATABASE//////////
//has user pressed the button
$update = $_GET['update'];
if($update == "yes") {
$name = $_POST['name'];
$about = $_POST['about'];
$company = $_POST['company'];
$buy = $_POST['buy'];
//update data for this record
$sql = "UPDATE shoeData SET
name = \"$name\",
about = \"$about\",
company = \"$company\",
buy = \"$buy\"
WHERE id= $thisID";
$thisUpdate = mysql_query($sql) or die(mysql_error());
}
///////END IF USER SUBMITS CHANGES UPDATE THE DATABASE//////////
/////////// HERE WE GET THE INFO FOR ONE RECORD ONLY////////
$results = mysql_query("SELECT * FROM shoeData WHERE id=$thisID");
while($row = mysql_fetch_array($results)){
$name = $row['name'];
$about = $row['about'];
$company = $row['company'];
$buy = $row['buy'];
}
//////////////FINISH GETTING INFO FOR ONE RECORD ONLY/////////////
?>
<form name="formS" method="post" action="<?php echo $_SERVER['PHP_SELF']."?id=$thisID&update=yes";?>">
Name
<p>
<input type="text" name="name" id="name" value="<?php echo $name;?>" />
</p>
About
<p>
<input type="text" name="about" id="about" value="<?php echo $about;?>" />
</p>
Company
<p>
<input type="text" name="company" id="company" value="<?php echo $company;?>" />
</p>
Name
<p>
<input type="text" name="buy" id="buy" value="<?php echo $buy;?>" />
</p>
<p>
<input type="submit" name="submit" id="submit" />
</p>
</form>
<p><a class="delete" href="delete.php?id=<?php echo $thisID;?>">Delete this post</a></p>
<?php
include("footer.php");
?>
You have $update = $_GET['update'];, but then right after that, you're using $_POST. A given request is either GET or POST, not both - thus whenever $_GET['update'] is set to "yes", there aren't going to be any POST vars set, and thus the update will be done with all of the values it's setting blank.
Chances are you actually meant to use either $_GET or $_POST in both places - since your updates are going through, but are blank, it sounds like you want to use $_GET (though for form submission/updates, you should probably really be using POST instead).
This may seem silly, but are you confusing $_GET and $_POST variables? You use one to check whether to enter the loop, and another to populate the string.
Also, as a minor aside, your SELECT statement towards the end of the snippet can be optimized by adding LIMIT 1 to the end of it, as presumably you're only going to be recalling one entry per id, no?