I asked this question before, but not very well! Basically I have an editing page for a CMS, somewhere along the line (from the element onwards) the fields display in the box next to where they should be displaying. any ideas why?
<?php
if(isset($_GET['id']))
{
$query = "SELECT * ".
"FROM studies ".
"WHERE id = '".$_GET['id']."'";
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $pagetitle, $title, $date, $copy, $outputs, $strategies, $client, $niche, $media, $thumbmedia, $newfieldtitle, $newfieldcontent) = mysql_fetch_array($result, MYSQL_NUM);
}
if(isset($_POST['update1']))
{
$id = $_POST['id'];
$pagetitle = $_POST['pagetitle'];
$title = $_POST['title'];
$date = $_POST['date'];
$copy = $_POST['copy'];
$outputs = $_POST['outputs'];
$strategies = $_POST['strategies'];
$client = $_POST['client'];
$niche = $_POST['niche'];
$media = $_POST['media'];
$thumbmedia = $_POST['thumbmedia'];
$newfieldtitle = $_POST['newfieldtitle'];
$newfieldcontent = $_POST['newfieldcontent'];
if(!get_magic_quotes_gpc())
{
$pagetitle = addslashes($pagetitle);
$title = addslashes($title);
$date = addslashes($date);
$copy = addslashes($copy);
$outputs = addslashes($outputs);
$strategies = addslashes($strategies);
$client = addslashes($client);
$niche = addslashes($niche);
$media = addslashes($media);
$thumbmedia = addslashes($thumbmedia);
$newfieldtitle = addslashes($newfieldtitle);
$newfieldcontent = addslashes($newfieldcontent);
}
// update the article in the database
$query = "UPDATE studies
SET pagetitle = '$pagetitle', title = '$title', date = '$date', copy = '$copy', outputs = '$outputs', strategies = '$strategies', client = '$client', niche = '$niche', media = '$media', thumbmedia = '$thumbmedia', newfieldtitle = '$newfieldtitle', newfieldcontent = '$newfieldcontent' ".
"WHERE id = '$id'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
#unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
#unlink($cacheDir . 'index.html');
echo "<b>Article '$title' updated</b>";
// now we will display $title & content
// so strip out any slashes
$pagetitle = stripslashes($pagetitle);
$title = stripslashes($title);
$date = stripslashes($date);
$copy = stripslashes($copy);
$outputs = stripslashes($outputs);
$strategies = stripslashes($strategies);
$client = stripslashes($client);
$niche = stripslashes($niche);
$media = stripslashes($media);
$thumbmedia = stripslashes($thumbmedia);
$newfieldtitle = stripslashes($newfieldtitle);
$newfieldcontent = stripslashes($newfieldcontent);
}
?>
<div class="container">
<form method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>">
<p class="subheadsmall">Browser Title</p>
<textarea cols="40" rows="1" class="box" name="pagetitle" id="editbox"><?php echo $pagetitle; ?></textarea>
<p class="subheadsmall">Story Title</p>
<textarea cols="40" rows="1" class="box" name="title" id="editbox"><?php echo $title; ?></textarea>
<p class="subheadsmall">Date</p>
<textarea cols="40" rows="1" class="box" name="date" id="editbox"><?php echo $date; ?></textarea>
<p class="subheadsmall">Story</p>
<textarea cols="80" rows="10" class="box" name="copy" id="editbox"><?php echo $copy; ?></textarea>
<p class="subheadsmall">Outputs</p>
<textarea cols="80" rows="10" class="box" name="outputs" id="editbox"><?php echo $outputs; ?></textarea>
<p class="subheadsmall">Strategies</p>
<p class="subheadsmall">Client</p>
<select name="client">
<option value="empty">Select a Client...</option>
<?php
$result2 = mysql_query("SELECT name FROM clients");
if (!$result2) {
die("Database query failed: " . mysql_error());
}
while($row = mysql_fetch_array($result2)) {
$clientlist = $row['name'];
$clientname = htmlspecialchars($row['name']);
if ($_POST['client'] == $clientlist)
{
echo '<option value="' . $clientlist . '" selected="selected" >' . $clientname . '</option>' . '\n';
}
else{
echo '<option value="' . $clientlist . '" >' . $clientname . '</option>' . '\n';
}
}
?>
</select>
<p class="subheadsmall">Core Classification</p>
<?php
switch ($niche) {
case "brand":
echo '<input type="radio" name="niche" value="brand" checked="checked" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
case "marketing":
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" checked="checked" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
case "communication":
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" checked="checked" />Communication';
break;
default;
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
}
?>
<p class="subheadsmall">Add New Strategy</p>
<textarea cols="40" rows="1" class="box" name="strategies" id="editbox"><?php echo $strategies; ?></textarea>
<p class="subheadsmall">Media</p>
<textarea cols="80" rows="10" class="box" name="media" id="editbox"><?php echo $media; ?></textarea>
<p class="subheadsmall">Thumbnail image</p>
<textarea cols="80" rows="3" class="box" name="thumbmedia" id="editbox"><?php echo $thumbmedia; ?></textarea>
<p class="subheadsmall">Additional Field</p>
<p class="subheadsmall">Additional Field Title</p>
<textarea cols="40" rows="1" class="box" name="newfieldtitle" id="editbox"><?php echo $newfieldtitle; ?></textarea>
<p class="subheadsmall">Additional Field Content</p>
<textarea cols="40" rows="3" class="box" name="newfieldcontent" id="editbox"><?php echo $newfieldcontent; ?></textarea>
<input name="update1" type="submit" class="box" id="editbutton" value="Update Article">
</form>
A side note about security :
Please, for the sake of the internet and all your users, don't use mysql_query. Please use PDO http://php.net/pdo. It automatically escapes your variables so you don't have SQL exploits.
And if you must use mysql_query (for legacy code) make sure to run each variable through http://php.net/mysql_real_escape_string before using it in a query string.
I suppose you're simply assigning the wrong content to the wrong variables, which supposedly happens here:
list($id, $pagetitle, $title, ...) = mysql_fetch_array($result, MYSQL_NUM);
You're relying on the database fields being in the exact order your code is in. Not very reliable and a horror to maintain.
Why go through the trouble of copying them out of an array into separate variables in the first place? Just keep them as they are until you need them:
<?php $row = mysql_fetch_assoc($result); ?>
...
<textarea name="date"><?php echo $row['date']; ?></textarea>
Remove the addslashes and magic quotes crap replace it with mysql_real_escape_string()
You are leaving yourself open to sql injections with the SELECT * FROM studies WHERE id = '".$_GET['id']."'";
What if I make a request like: domain.tld/page.ext?id=SELECT * FROM users
I've rewritten a bunch of the problems I saw give this a try.
<?php
if(isset($_GET['id']))
{
$query = "SELECT * FROM studies WHERE id = " . mysql_real_escape_string($_GET['id']);
$result = mysql_query($query) or die('Error : ' . mysql_error());
list($id, $pagetitle, $title, $date, $copy, $outputs, $strategies, $client, $niche, $media, $thumbmedia, $newfieldtitle, $newfieldcontent) = mysql_fetch_array($result, MYSQL_NUM);
}
if(isset($_POST['update1']))
{
$id = $_POST['id'];
$pagetitle = $_POST['pagetitle'];
$title = $_POST['title'];
$date = $_POST['date'];
$copy = $_POST['copy'];
$outputs = $_POST['outputs'];
$strategies = $_POST['strategies'];
$client = $_POST['client'];
$niche = $_POST['niche'];
$media = $_POST['media'];
$thumbmedia = $_POST['thumbmedia'];
$newfieldtitle = $_POST['newfieldtitle'];
$newfieldcontent = $_POST['newfieldcontent'];
// update the article in the database
$query = "UPDATE studies
SET pagetitle = '" . mysql_real_escape_string($pagetitle) . "', title = '" . mysql_real_escape_string($title) . "', date = '" . mysql_real_escape_string($date) . "', copy = '" . mysql_real_escape_string($copy) . "', outputs = '" . mysql_real_escape_string($outputs) . "', strategies = '" . mysql_real_escape_string($strategies) . "', client = '" . mysql_real_escape_string($client) . "', niche = '" . mysql_real_escape_string($niche) . "', media = '" . mysql_real_escape_string($media) . "', thumbmedia = '" . mysql_real_escape_string($thumbmedia) . "', newfieldtitle = '" . mysql_real_escape_string($newfieldtitle) . "', newfieldcontent = '" . mysql_real_escape_string($newfieldcontent) . "' ".
"WHERE id = '" . mysql_real_escape_string($id) . "'";
mysql_query($query) or die('Error : ' . mysql_error());
// then remove the cached file
$cacheDir = dirname(__FILE__) . '/cache/';
$cacheFile = $cacheDir . '_' . $_GET['id'] . '.html';
#unlink($cacheFile);
// and remove the index.html too because the file list
// is changed
#unlink($cacheDir . 'index.html');
echo "<b>Article '$title' updated</b>";
}
?>
<div class="container">
<form method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>">
<p class="subheadsmall">Browser Title</p>
<textarea cols="40" rows="1" class="box" name="pagetitle" id="editbox"><?php echo $pagetitle; ?></textarea>
<p class="subheadsmall">Story Title</p>
<textarea cols="40" rows="1" class="box" name="title" id="editbox"><?php echo $title; ?></textarea>
<p class="subheadsmall">Date</p>
<textarea cols="40" rows="1" class="box" name="date" id="editbox"><?php echo $date; ?></textarea>
<p class="subheadsmall">Story</p>
<textarea cols="80" rows="10" class="box" name="copy" id="editbox"><?php echo $copy; ?></textarea>
<p class="subheadsmall">Outputs</p>
<textarea cols="80" rows="10" class="box" name="outputs" id="editbox"><?php echo $outputs; ?></textarea>
<p class="subheadsmall">Strategies</p>
<p class="subheadsmall">Client</p>
<select name="client">
<option value="empty">Select a Client...</option>
<?php
$result2 = mysql_query("SELECT name FROM clients") or die("Database query failed: " . mysql_error());
while($row = mysql_fetch_assoc($result2)) {
$clientlist = $row['name'];
$clientname = htmlspecialchars($row['name']);
if ($_POST['client'] == $clientlist)
{
echo '<option value="' . $clientlist . '" selected="selected" >' . $clientname . '</option>' . '\n';
}
else{
echo '<option value="' . $clientlist . '" >' . $clientname . '</option>' . '\n';
}
}
?>
</select>
<p class="subheadsmall">Core Classification</p>
<?php
switch ($niche) {
case "brand":
echo '<input type="radio" name="niche" value="brand" checked="checked" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
case "marketing":
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" checked="checked" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
case "communication":
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" checked="checked" />Communication';
break;
default;
echo '<input type="radio" name="niche" value="brand" />Brand';
echo '<input type="radio" name="niche" value="marketing" />Marketing';
echo '<input type="radio" name="niche" value="communication" />Communication';
break;
}
?>
<p class="subheadsmall">Add New Strategy</p>
<textarea cols="40" rows="1" class="box" name="strategies" id="editbox"><?php echo $strategies; ?></textarea>
<p class="subheadsmall">Media</p>
<textarea cols="80" rows="10" class="box" name="media" id="editbox"><?php echo $media; ?></textarea>
<p class="subheadsmall">Thumbnail image</p>
<textarea cols="80" rows="3" class="box" name="thumbmedia" id="editbox"><?php echo $thumbmedia; ?></textarea>
<p class="subheadsmall">Additional Field</p>
<p class="subheadsmall">Additional Field Title</p>
<textarea cols="40" rows="1" class="box" name="newfieldtitle" id="editbox"><?php echo $newfieldtitle; ?></textarea>
<p class="subheadsmall">Additional Field Content</p>
<textarea cols="40" rows="3" class="box" name="newfieldcontent" id="editbox"><?php echo $newfieldcontent; ?></textarea>
<input name="update1" type="submit" class="box" id="editbutton" value="Update Article">
</form>
EDIT: I've made a few more changes to your code, also I think your problem stems from this line:
while($row = mysql_fetch_array($result2)) {
I think your looking for the mysql_fetch_assoc() array.
Related
I have created this php code for a search in a mysql database. However, I have problems with the checkboxes part. Without the checkbox part it works fine, but with it says "no data found". The part for the checkboxes is called tarif-typ.
`
<?php
include "db_connect.inc.php";
$sql = "SELECT * FROM praemien";
$sql .= " where kanton like '" . $_POST["kanton"] . "' and franchise = ". $_POST["franchise"] ." and ";
switch($_POST["unfall"])
{ case 1:
$sql .="unfalleinschluss like 'OHN-UNF'";
break;
case 2:
$sql .="unfalleinschluss like 'MIT-UNF'";
}
$sql .=" and tarif-typ like '" . $_POST["tb"] . "' ";
$sql .= " order by praemie";
$res = mysqli_query($con, $sql);
$num = mysqli_num_rows($res);
if ($num==0) echo "Keine Datensätze gefunden";
while ($dsatz = mysqli_fetch_assoc($res))
echo $dsatz["versicherungsnamen"] . ", "
.$dsatz["kanton"] . ", "
.$dsatz["tarif-typ"] . ", "
.$dsatz["unfalleinschluss"] . ","
. $dsatz["praemie"] . "<br />";
mysqli_close($con);
?>
</body>
`
and here is my html form
`
<html>
<body>
<form action ="db_eingabe.php" method="post">
<p><input name="kanton" /> Kanton</p>
<p><input name="franchise" /> Franchise</p>
<p><input type="radio" name="unfall" value="1" checked="checked" />Unfall nein<br>
<input type="radio" name="unfall" value="2" />Unfall ja</p>
<br><p>
<b>Tarif</b>
</p>
<p><input type="checkbox" name="tb1" value="TAR-BASE" checked="checked" />Grund</p>
<p><input type="checkbox" name="tb2" value="TAR-HMO" />HMO</p>
<p><input type="checkbox" name="tb3" value="TAR-HAM" />HAM</p>
<p><input type="checkbox" name="tb4" value="TAR-DIV" />andere</p>
<p><input type="submit" />
<input type ="reset" /></p>
</form>
</body>
</html>
`
starting another post to keep things clean...
your PHP code:
<?php
include "db_connect.inc.php";
$sql = "
SELECT
*
FROM
`praemien`
WHERE
`kanton` LIKE '" . $_POST["kanton"] . "'
AND `franchise` = '". $_POST["franchise"] ."'
AND `unfalleinschluss` LIKE '" . $_POST["unfall"] . "'";
$tbs = array();
foreach( array( 'tb1', 'tb2', 'tb3', 'tb4' ) as $tb_key )
{
if ( empty( $_POST[$tb_key] ) ) continue;
$tbs[] = "`tarif-typ` LIKE '" . $_POST[$tb_key] . "'";
}
if ( !empty( $tbs ) )
{
$sql .= ' AND ( ' . implode( ' OR ', $tbs ) . ' )';
}
$sql .= " ORDER BY praemie";
echo $sql;
$res = mysqli_query($con, $sql) or die( mysql_error() );
$num = mysqli_num_rows($res);
if ($num==0) echo "Keine Datensätze gefunden";
while ($dsatz = mysqli_fetch_assoc($res)) {
echo $dsatz["versicherungsnamen"] . ", "
.$dsatz["kanton"] . ", "
.$dsatz["tarif-typ"] . ", "
.$dsatz["unfalleinschluss"] . ","
. $dsatz["praemie"] . "<br />";
}
mysqli_close($con);
?>
and your HTML code:
<html>
<body>
<form action ="db_eingabe.php" method="post">
<p><input name="kanton" /> Kanton</p>
<p><input name="franchise" /> Franchise</p>
<p><input type="radio" name="unfall" value="OHN-UNF" checked="checked" />Unfall nein<br>
<input type="radio" name="unfall" value="MIT-UNF" />Unfall ja</p>
<p>
<b>Tarif</b>
</p>
<p><input type="checkbox" name="tb1" value="TAR-BASE" checked="checked" />Grund</p>
<p><input type="checkbox" name="tb2" value="TAR-HMO" />HMO</p>
<p><input type="checkbox" name="tb3" value="TAR-HAM" />HAM</p>
<p><input type="checkbox" name="tb4" value="TAR-DIV" />andere</p>
<p><input type="submit" />
<input type ="reset" /></p>
</form>
</body>
</html>
NOTES: fixed franchise = '". $_POST["franchise"] ."' -- it did not have single quotes
changed the unfall radio group to have specific values to avoid the switch you had
lastly, if the tarif-typ and unfalleinschluss columns only contain specific strings you have shown, you do not need LIKE you can use '=', however, if you want to find the strings IN the values, i suggest LIKE '%search_string%' with the % wildcards.
I think your checkboxes should be radios with all the same name (tb) because there is no field named "tb" submitted in your form and that is the reason why your query fails.
<p><input type="radio" name="tb" value="TAR-BASE" checked="checked" />Grund</p>
<p><input type="radio" name="tb" value="TAR-HMO" />HMO</p>
<p><input type="radio" name="tb" value="TAR-HAM" />HAM</p>
<p><input type="radio" name="tb" value="TAR-DIV" />andere</p>
I don't understand why I can't use my last form in this code. I generated a form using a SELECT list to select the member that I want to update and it works, but I don't know why I can't use datas from this form. Actually, I can't even echo something (see the echo "TEST"; at the end, nothing happens when I submit the form).
<?php $mysqli = new Mysqli("localhost", "root", "", "repertoire"); ?>
<form method="post" action="">
<label>Modifier</label>
<select name='id_modif'>
<?php
$resultat = $mysqli->query("SELECT * FROM annuaire");
while($select = $resultat->fetch_assoc()){
echo "<option value=". $select['id_annuaire'] . ">" . $select['prenom'] . " " . $select['nom'] . "</option>";
}
?>
</select>
<input type ="submit" name="modifier">
</form>
<br>
<?php
if (isset($_POST['modifier'])){
//print_r($_POST);
$resultat = $mysqli->query("SELECT * FROM annuaire WHERE id_annuaire = '$_POST[id_modif]'");
while ($modif = $resultat->fetch_assoc()) {
echo '<form method="post" action="">
<label for="nom">Nom *</label><br>
<input type="text" name="nom" value="' . $modif['nom'] . '"> <br>';
echo '<label for="prenom">prenom *</label><br>
<input type="text" name="prenom" value="' . $modif['prenom'] . '"> <br>';
echo '<label for="telephone">telephone *</label><br>
<input type="text" name="telephone" value="' . $modif['telephone'] . '"> <br>';
echo '<label for="profession">profession *</label><br>
<input type="text" name="profession" value="' . $modif['profession'] . '"> <br>';
echo '<label for="ville">ville *</label><br>
<input type="text" name="ville" value="' . $modif['ville'] . '"> <br>';
echo '<label for="codepostal">codepostal *</label><br>
<input type="text" name="codepostal" value="' . $modif['codepostal'] . '"> <br>';
echo '<label for="adresse">adresse *</label><br>
<textarea name="adresse">' . $modif['adresse'] . '</textarea> <br>';
echo '<label for="date_de_naissance">Date de naissance</label><br>
<input type="date" name="date_de_naissance" value="' . $modif['date_de_naissance'] . '"><br>';
echo '<label for="sexe">sexe</label><br>
<input type="radio" name="sexe" class="sexe" value="m" checked>Homme
<input type="radio" name="sexe" classe="sexe" value="f">Femme<br>';
echo '<label for="description">description *</label><br>
<textarea name="description">' . $modif['description'] . '</textarea> <br>';
echo '<input type="submit" name="valider_modif" value="Modifier"> <br>';
}
if (isset($_POST['valider_modif'])){
echo "TEST";
}
}
?>
Your second if check is inside the other one, so it will only run when both $_POST['modifier'] and $_POST['valider_modif'] are set. But you second form does not send modifier anywhere.
You could add a hidden field to your second form:
<input type="hidden" name="modifier" value="1" />
Or if you don't want to show the second form again, move the second if outside the other.
Also, you should not use $_POST values in SQL queries directly to be safe from SQL injection. A function like mysqli_real_escape_string should be used to escape the value first.
You have 2 forms and you are not closing the 2nd with </form>
Took me a long time to go through your code. Okay. First thing. Try not to echo so much html markup. It just makes you code the clunkiest in the world. From what I gathered, the Modifier button comes up when you click on the first button. What you need to do if you want to see the TEST message is to take it out of the if statement because the Buttons are like an XOR gate. Setting the other unsets the other
So me and my friend came to a conclusion that it's the $_email variable that screws everything up. As long as it's hard coded in, it works. But as soon as it's left as a $_email everywhere, it doesn't. The message goes through as "updated" but it doesn't update.
require_once('appVars6.php');
require_once('connectVars6.php');
$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$_id = $_GET['id'];
$_queryOne = "SELECT * FROM midterm WHERE id = '$_id'";
$_resultOne = mysqli_query($_dbc, $_queryOne) or die ('Error Querying Database');
while ($_row = mysqli_fetch_array($_resultOne)) {
echo '<form class="update" method="post" action="MT_vjones_udpateRecord.php?id=' . $_id . '">';
echo '<input type="hidden" name="id" id="id" value="' . $_row['id'] . '" />';
echo '<input type="text" name="firstName" id="firstName" value="' . $_row['firstName'] . '" /><br />';
echo '<input type="text" name="lastName" id="lastName" value="' . $_row['lastName'] . '" /><br />';
echo '<input type="text" name="email" id="email" value="' . $_row['email'] . '" /><br />';
echo '</form>';
}
if ( isset($_GET['firstName']) && isset($_GET['lastName']) && isset($_GET['email'])) {
$_id = $_GET['id'];
$_firstName = $_GET['firstName'];
$_lastName = $_GET['lastName'];
$_email = $_GET['email'];
}
else if ( isset($_POST['firstName']) && isset($_POST['lastName']) && isset($_POST['email'])) {
$_id = $_POST['id'];
$_firstName = mysqli_real_escape_string($_dbc, trim($_POST['firstName']));
$_lastName = mysqli_real_escape_string($_dbc, trim($_POST['lastName']));
$_email = mysqli_real_escape_string($_dbc, trim($_POST['email']));
}
else {
echo '<br />';
echo '<p class="error">Sorry, no record was selected.</p>';
}
if(isset($_POST['submit'])) {
if ($_POST['confirm'] == 'Yes') {
//$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$_query = "UPDATE midterm " .
"SET email = '$_email'" .
"WHERE id = $_id" ;
$_result = mysqli_query($_dbc, $_query) or die (mysqli_error($_dbc));
mysqli_close($_dbc);
echo '<p>The record of ' . $_firstName . ' ' . $_lastName . ' for ' . $_email . ' was successfully updated.';
}
else {
echo '<p class="error">The record was not updated.</p>';
}
}
else if (isset($_id) && isset($_firstName) && isset($_lastName) && isset($_email)) {
echo '<p>Are you sure you want to update the following record?</p>';
/*echo '<form class="update" method="post" action="MT_vjones_updateRecord.php">';
echo '<input type="text" name="firstName" id="firstName" value="' . $_firstName . '" /><br />';
echo '<input type="text" name="lastName" id="lastName" value="' . $_lastName . '" /><br />';
echo '<input type="text" name="email" id="email" value="' . $_email . '" /><br />';
echo '</form>';*/
echo '<form class="update" method="post" action="MT_vjones_updateRecord.php?id=' . $_id . '">';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="Yes" /> Yes </div><br />';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="No" checked="checked" /> No </div><br /><br />';
echo '<input class="applyBtn" type="submit" value="UPDATE" name="submit" />';
echo '<input type="hidden" name="id" value="' . $_id . '" />';
echo '<input type="hidden" name="firstName" value="' . $_firstName . '" />';
echo '<input type="hidden" name="lastName" value="' . $_lastName . '" />';
echo '<input type="hidden" name="email" value="*testBACK2FUN#test.com*" />';
}
echo '<p><< Back to the Admin Page</p>';
As you can see, we put in the email address in there for testing purposes...
check the id matches what you are intending to update.
To be sure print the $_id and $_email prior to the update and after.
#user710502: You don't need to segregate quotes with double-quotes in PHP. It reads it anyway, the only time you might bother is if you are reading from an array
eg:
"UPATE midterm SET email='".$POST['email']."'"
$_query = "UPDATE midterm " .
"SET email = '$_email' WHERE id = '$_id'" ;
should be
$_query = "UPDATE midterm " .
"SET email = $_email".
"WHERE id = $_id " ;
Reason is you are using $_ before variable which is not a valid variable declaration.
Because $_ is reserved for SUPER GLOBAL in php (i.e $_SESSION,$_SERVER,$_POST,$_GET,$_COOKIE etc).
if its not a issue for you then you need to concat your variable as below.
$_query = "UPDATE midterm SET email = '".$_email."' WHERE id = '".$_id."'" ;
SOLVED! Form issues.
SHOULD BE:
<?php
require_once('appVars6.php');
require_once('connectVars6.php');
$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$_id = $_GET['id'];
$_queryOne = "SELECT * FROM midterm WHERE id = '$_id'";
$_resultOne = mysqli_query($_dbc, $_queryOne) or die ('Error Querying Database');
while ($_row = mysqli_fetch_array($_resultOne)) {
echo '<form class="update" method="post" action="MT_vjones_udpateRecord.php?id=' . $_id . '">';
echo '<input type="hidden" name="id" id="id" value="' . $_row['id'] . '" />';
echo '<input type="hidden" name="firstName" id="firstName" value="' . $_row['firstName'] . '" />';
echo '<input type="hidden" name="lastName" id="lastName" value="' . $_row['lastName'] . '" />';
echo '<input type="hidden" name="email" id="email" value="' . $_row['email'] . '" />';
echo '</form>';
}
if ( isset($_GET['firstName']) && isset($_GET['lastName']) && isset($_GET['email'])) {
$_id = $_GET['id'];
$_firstName = $_GET['firstName'];
$_lastName = $_GET['lastName'];
$_email = $_GET['email'];
}
else if ( isset($_POST['firstName']) && isset($_POST['lastName']) && isset($_POST['email'])) {
$_id = $_POST['id'];
$_firstName = mysqli_real_escape_string($_dbc, trim($_POST['firstName']));
$_lastName = mysqli_real_escape_string($_dbc, trim($_POST['lastName']));
$_email = mysqli_real_escape_string($_dbc, trim($_POST['email']));
}
else {
echo '<br />';
echo '<p class="error">Sorry, no record was selected.</p>';
}
if(isset($_POST['submit'])) {
if ($_POST['confirm'] == 'Yes') {
$_query = "UPDATE midterm " .
"SET email = '$_email'" .
"WHERE id = $_id" ;
$_result = mysqli_query($_dbc, $_query) or die (mysqli_error($_dbc));
mysqli_close($_dbc);
echo '<p>The record of ' . $_firstName . ' ' . $_lastName . ' for ' . $_email . ' was successfully updated.';
}
else {
echo '<p class="error">The record was not updated.</p>';
}
}
else if (isset($_id) && isset($_firstName) && isset($_lastName) && isset($_email)) {
echo '<p>Are you sure you want to update the following record?</p>';
echo '<form class="update" method="post" action="MT_vjones_updateRecord.php?id=' . $_id . '">';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="Yes" /> Yes </div><br />';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="No" checked="checked" /> No </div><br /><br />';
echo '<input type="hidden" name="id" value="' . $_id . '" />';
echo '<input type="text" name="firstName" value="' . $_firstName . '" /><br />';
echo '<input type="text" name="lastName" value="' . $_lastName . '" /><br />';
echo '<input type="text" name="email" value="' . $_email . '" />';
echo '<input class="applyBtn" type="submit" value="UPDATE" name="submit" />';
}
echo '<p><< Back to the Admin Page</p>';
?>
I'm in the process of coding my very first blog. With the help of various tutorials, and other forums I have managed to gather a semi-working code.
Right now I have a code that takes and displays the comment, but the problem is I wish to display Gravatars beside each comment. I was just wondering how exactly I would go about implementing the code that they provided on their website.
Here is my current comment form:
<?php
}
$commenttimestamp = strtotime("now");
$sql = "SELECT * FROM php_blog_comments WHERE entry='$id' ORDER BY timestamp";
$result = mysql_query ($sql) or print ("Can't select comments from table php_blog_comments.<br />" . $sql . "<br />" . mysql_error());
while($row = mysql_fetch_array($result)) {
$timestamp = date("l F d Y", $row['timestamp']);
printf("<hr />");
print("<p>" . stripslashes($row['comment']) . "</p>");
printf("<p>Comment by %s # %s</p>", stripslashes($row['url']), stripslashes($row['name']), $timestamp);
printf("<hr />");
}
?>
<form method="post" action="process.php">
<p><input type="hidden" name="entry" id="entry" value="<?php echo $id; ?>" />
<input type="hidden" name="timestamp" id="timestamp" value="<?php echo $commenttimestamp; ?>">
<strong><label for="name">Name:</label></strong> <input type="text" name="name" id="name" size="25" /><br />
<strong><label for="email">E-mail:</label></strong> <input type="text" name="email" id="email" size="25" /><br />
<strong><label for="url">URL:</label></strong> <input type="text" name="url" id="url" size="25" value="http://" /><br />
<strong><label for="comment">Comment:</label></strong><br />
<textarea cols="25" rows="5" name="comment" id="comment"></textarea></p>
<p><input type="submit" name="submit_comment" id="submit_comment" value="Add Comment" /></p>
</form>
If you wish for me to post the php that processes each comment here as well just ask below.
My code now:
<?php
function get_gravatar( $email, $s = 80, $d = 'mm', $r = 'g', $img = false, $atts = array() ) {
$url = 'http://www.gravatar.com/avatar/';
$url .= md5( strtolower( trim( $email ) ) );
$url .= "?s=$s&d=$d&r=$r";
if ( $img ) {
$url = '<img src="' . $url . '"';
foreach ( $atts as $key => $val )
$url .= ' ' . $key . '="' . $val . '"';
$url .= ' />';
}
return $url;
}
}
$commenttimestamp = strtotime("now");
$sql = "SELECT * FROM php_blog_comments WHERE entry='$id' ORDER BY timestamp";
$result = mysql_query ($sql) or print ("Can't select comments from table php_blog_comments.<br />" . $sql . "<br />" . mysql_error());
while($row = mysql_fetch_array($result)) {
$timestamp = date("l F d Y", $row['timestamp']);
printf("<hr />");
print("<p>" . stripslashes($row['comment']) . "</p>");
printf("<p>Comment by %s # %s</p>", stripslashes($row['url']), stripslashes($row['name']), $timestamp);
echo $imagetag = "<img src='" . get_gravatar($email) . "' />";
printf("<hr />");
}
?>
You want an image tag whose src comes from the gravatar function.
Something like:
$imagetag = "<img src='" . get_gravatar($email_address) . ' />";
(You'll need to echo this variable where you want it to display.)
The only required parameter of the get_gravatar function is the email address, so just pass this to get_gravatar and you get the url of the gravatar image.
You also may use the Libravatar service that provides a gravatar-compatible but open source and federated alternative.
It has a nice PHP library - Services_Libravatar - that's easy to use:
<?php
require_once 'Services/Libravatar.php';
$sla = new Services_Libravatar();
$imgUrl = $sla->getUrl('foo#example.org');
How can I get this code to show which option is already selected?
This is basically an edit page and it is pulling info from the database and populating the relative fields
I have a drop-down menu, multiple select box, and radio buttons on a page along with some elements. The info is getting displayed in the elements fine, but I can't work out how to get the s and radio buttons to display selected if they match the info from the database.
code:
<select name="client">
<option value="empty">Change Client...</option>
<?php
$result2 = mysql_query("SELECT name FROM clients") or die("Database query failed: " . mysql_error());
while($row = mysql_fetch_assoc($result2)) {
$clientlist = $row['name'];
$clientname = htmlspecialchars($row['name']);
if ($_POST['client'] == $clientlist)
{
echo '<option value="' . $clientlist . '" selected="selected" >' . $clientname . '</option>' . '\n';
}
else{
echo '<option value="' . $clientlist . '" >' . $clientname . '</option>' . '\n';
}
}
?>
</select>
</p>
<p class="subheadsmall">Core Classification</p>
<?php
switch ($niche) {
case "brand":
echo '<input type="radio" name="niche" value="Brand" checked="checked" />Brand';
echo '<input type="radio" name="niche" value="Marketing" />Marketing';
echo '<input type="radio" name="niche" value="Communication" />Communication';
break;
case "marketing":
echo '<input type="radio" name="niche" value="Brand" />Brand';
echo '<input type="radio" name="niche" value="Marketing" checked="checked" />Marketing';
echo '<input type="radio" name="niche" value="Communication" />Communication';
break;
case "communication":
echo '<input type="radio" name="niche" value="Brand" />Brand';
echo '<input type="radio" name="niche" value="Marketing" />Marketing';
echo '<input type="radio" name="niche" value="Communication" checked="checked" />Communication';
break;
default;
echo '<input type="radio" name="niche" value="Brand" />Brand';
echo '<input type="radio" name="niche" value="Marketing" />Marketing';
echo '<input type="radio" name="niche" value="Communication" />Communication';
break;
}
?>
<p class="subheadsmall">Strategies</p>
<p class="sidebargrey">
<?php
$result = mysql_query("SELECT strategies FROM studies WHERE id = '$id';
if (!$result) {
die("Database query failed: " . mysql_error());
}
while($row = mysql_fetch_array($result)) {
$strategyname = $row['strategies'];
echo $strategyname.'<br />';
}
?>
<p class="subheadsmall">Add a strategy... (hold down command key to select more than one)</p>
<select name="strategies[]" multiple="multiple">
<?php
$result = mysql_query("SELECT * FROM strategies");
if (!$result) {
die("Database query failed: " . mysql_error());
}
while($row = mysql_fetch_array($result)) {
$strategylist = $row['name'];
$strategyname = htmlspecialchars($row['name']);
$pagelink = str_replace(" ","_",$strategylist);
echo '<option value="<a href="strategies.php?strategy=' . $pagelink . '">'.$strategyname.'</a>" >' . $strategyname . '</option>' . '\n';
}
?>
</p>
OPTION HTML Spec
Change selected="selected" to just selected. Looks like that attribute doesn't need an assignment.
You might also want to check the HTML that's being output just to make sure your assignment is evaluating to true.
You could use javascript to do this. My example uses jquery
First give each of your checkboxes an id so
echo '<input type="radio" name="niche" id="brand" value="Brand" />Brand';
echo '<input type="radio" name="niche" id="marketing" value="Marketing" />Marketing';
echo '<input type="radio" name="niche" id="communication" value="Communication" />Communication';
Then your JS would be
$( "brand" ).attr( "checked", true ); // this would check the brand box
So you can just write out these as needed.
You should -- if possible -- change that group of radio prints to a for loop. Then you can do something like this:
foreach ($possibleRadios as $key => $val)
{
echo '<input type="radio" name="' . $val->name . '" value="' . $val->id . '" ' . ($isSelected($val->id) ? 'selected="selected' : '') . ' />$val->prettyName';
}