I am new to php.
I made a member registration on login page and adm too. So inside admin I wanted to get the list of the members and delete the members I dont want. So I took the a code from a sample code for phone book from http://localhost/xamp and editted it to my requirement I am able to retrieve the members but unable to delete the members. See the code below:
<?php
require_once('auth.php');
require_once('../config.php');
//Array to store validation errors
$errmsg_arr = array();
//Validation error flag
$errflag = false;
//Connect to mysql server
$link = mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$link) {
die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db = mysql_select_db(DB_DATABASE);
if(!$db) {
die("Unable to select database");
}
?>
<html>
<head>
<meta name="author" content="Kai Oswald Seidler">
<link href="../loginmodule.css" rel="stylesheet" type="text/css">
<title></title>
</head>
<body>
<p>
<h2><?php echo "User list"; ?></h2>
<table border="0" cellpadding="0" cellspacing="0">
<tr bgcolor="#f87820">
<td><img src="img/blank.gif" alt="" width="10" height="25"></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib1']; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib2']; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo $TEXT['phonebook-attrib3']; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="50" height="6"><br><b><?php echo $TEXT['phonebook-attrib4']; ?></b></td>
<td><img src="img/blank.gif" alt="" width="10" height="25"></td>
</tr>
<?php
$firstname=$_REQUEST['firstname'];
$lastname=$_REQUEST['lastname'];
$phone=$_REQUEST['phone'];
if($_REQUEST['action']=="del")
{
$result=mysql_query("DELETE FROM members WHERE member_id={$_REQUEST['member_id']}");
}
$result=mysql_query("SELECT member_id,firstname,lastname,login FROM members ORDER BY lastname");
$i = 0;
while($row = mysql_fetch_array($result)) {
if ($i > 0) {
echo "<tr valign='bottom'>";
echo "<td bgcolor='#ffffff' height='1' style='background-image:url(img/strichel.gif)' colspan='6'></td>";
echo "</tr>";
}
echo "<tr valign='middle'>";
echo "<td class='tabval'><img src='img/blank.gif' alt='' width='10' height='20'></td>";
echo "<td class='tabval'><b>".$row['lastname']."</b></td>";
echo "<td class='tabval'>".$row['firstname']." </td>";
echo "<td class='tabval'>".$row['member_id']." </td>";
echo "<td class='tabval'><a onclick=\"return confirm('".$TEXT['userlist-sure']."');\" href='userlist.php?action=del&member_1d=".$row['member_id']."'><span class='red'>[".$TEXT['userlist-button1']."]</span></a></td>";
echo "<td class='tabval'></td>";
echo "</tr>";
$i++;
}
echo "<tr valign='bottom'>";
echo "<td bgcolor='#fb7922' colspan='6'><img src='img/blank.gif' alt='' width='1' height='8'></td>";
echo "</tr>";
?>
</table>
</body>
</html>
I haven't editted it that properly and the looks in all.
Please help me in making it able to delete the members also.
I didn't understand what .$TEXT['userlist-button1'].,'".$TEXT['userlist-sure']. variables are?
I also want to include an approved and disapproved radio button in table for each members.
How can I do that?
Please if you can help me.
This should be a POST via a FORM not a href link (GET).
$TEXT is obviously an array holding the text you want printed.
You need to replace &member_1d in the href with a real & and a real i as &member_id.
$TEXT is an array contaning all the language strings for the selected language.
You find the strings defined unter /lang/yourlanguage.php
In general this is not a very good example to start coding with IMO.
But I think your app may start working, if you make sure, the language files and other include files are available and you change this &member_1d with &member_id
An example of a list of members with delete links:
$query = mysql_query("SELECT member_id,firstname,lastname,login FROM members ORDER BY lastname");
if(mysql_num_row($query)!= 0){ //only continue if there are members in the database
while($row = mysql_fetch_assoc($query)){ //loop through each row in the database
$member_id = $row['member_id'];
$firstname = $row['firstname'];
$lastname = $row['lastname'];
echo '<p>' . $firstname . ' - ' delete '</p>';
}
}
A simple script on delete_member.php to delete the member from the database.
if(isset($_GET['id'])){
$member_id = $_GET['id'];
$query = mysql_query("DELETE FROM members WHERE member_id='$member_id'");
echo '<p>This user was deleted from database</p>';
}
This code is only basic to give an example.
I would however prefer to use a simple form and $_POST for something like this instead of using $_GET which is very vulnerable in this kind of instance.
After getting the list of members use a form with input field to type the id you want to delete.
Related
My question is how to display specific content based on user session php.
I have a file called profile.php. When a user click on another user the first user gets redirected to the profile.php file. In this file I want the users to be able to see all the posts that user has made.
Image illustration:
Something like this:
<?php
if ($_SESSION['username'] == ($_GET[‘id’])) {
//DISPLAY rows with info from Database just like the attached code.
//DISPLAY edit button ONLY if the current user session is the same as the current id of the profile page.
}
?>
profile.php code below:
<?php
session_start();
require('connect.php');
if (#$_SESSION["username"]) {
?>
<!DOCTYPE html>
<html>
<head>
<title>Profile page</title>
</head>
<body>
<?php include('header.php'); ?>
<center>
<?php echo '<table border="1px;">'; ?>
<tr>
<td>
<span>ID</span>
</td>
<td width="400px" style="text-align: center;">
Name
</td>
<td width="80px" style="text-align: center;">
Creator
</td>
<td width="80px" style="text-align: center;">
Date
</td>
<td width="80px" style="text-align: center;">
Edit
</td>
</tr>
</center>
</body>
</html>
<?php
if (#$_GET['id']) {
$check_d = mysql_query("SELECT * FROM users WHERE id ='".$_GET['id']."'");
while ($row_d = mysql_fetch_assoc($check_d)) {
echo "<h1>Post made by: ".$row_d['username']."</h1>";
$check_u = mysql_query("SELECT * FROM topics WHERE topic_creator='".$row_d['username']."'");
while ($row_u = mysql_fetch_assoc($check_u)) {
$id = $row_u['topic_id'];
echo "<tr>";
echo "<td>".$row_u['topic_id']."</td>";
echo "<td><a href='topic.php?id=$id'>".$row_u['topic_name']."<br /></a></td>";
echo "<td>".$row_u['topic_creator']."<br /></td>";
echo "<td>".$row_u['date']."<br /></td>";
echo "<td><a href='edit.php?edit=$id'>Edit</a><br /></td>";
echo "</tr>";
}
}
}
echo "</table>";
if (#$_GET['action'] == "logout") {
session_destroy();
header("Location: login.php");
}
}else {
echo "You must be logged in.";
}
?>
If anyone knows how to solve this I would be most grateful!
Most of the answers I could find online involves user level distribution where the admin and user levels are predetermined. This is not what I would prefer. I simply would like the current user that is logged in to be able to edit their own posts, but not the other user posts.
I hope that this made sense, but if not, just ask!
Thanks beforehand!
// E.
If logged in user shouldn't edit other user's posts, then don't show the edit column, then you can do simple if check for the column Edit like below
while ($row_d = mysql_fetch_assoc($check_d)) {
echo "<h1>Post made by: ".$row_d['username']."</h1>";
$check_u = mysql_query("SELECT * FROM topics WHERE topic_creator='".$row_d['username']."'");
while ($row_u = mysql_fetch_assoc($check_u)) {
$id = $row_u['topic_id'];
echo "<tr>";
echo "<td>".$row_u['topic_id']."</td>";
echo "<td><a href='topic.php?id=$id'>".$row_u['topic_name']."<br /></a></td>";
echo "<td>".$row_u['topic_creator']."<br /></td>";
echo "<td>".$row_u['date']."<br /></td>";
// Add if condition here
if($_SESSION['current_logged_in_user_id'] === $row_u['topic_creator_id']) {
echo "<td><a href='edit.php?edit=$id'>Edit</a><br /></td>";
}
echo "</tr>";
}
}
but don't use mysql_* functions. use mysqli or PDOs for security reasons like protecting yourself from sql injection attacks.
So, I am trying to design a php website, and so far it works well in terms of adding an entry to the list table.
The problem is, it isnt able to update the table using edit.php. When the edit link is clicked it shows a message:
"There is no data to be edited."
But if I try to manually put localhost/edit.php**?id=1** it shows the id numbered list and works fine. Please help.
home.php
<html>
<head>
<title>My first PHP Website</title>
</head>
<?php
session_start(); //starts the session
if($_SESSION['user']){ // checks if the user is logged in
}
else{
header("location: index.php"); // redirects if user is not logged in
}
$user = $_SESSION['user']; //assigns user value
?>
<body>
<h2>Home Page</h2>
<hello>!
<!--Display's user name-->
Click here to go logout<br/><br/>
<form action="add.php" method="POST">
Add more to list: <input type="text" name="details" /> <br/>
Public post? <input type="checkbox" name="public[]" value="yes" /> <br/>
<input type="submit" value="Add to list"/>
</form>
<h2 align="center">My list</h2>
<table border="1px" width="100%">
<tr>
<th>Id</th>
<th>Details</th>
<th>Post Time</th>
<th>Edit Time</th>
<th>Edit</th>
<th>Delete</th>
<th>Public Post</th>
</tr>
<?php
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("first_db") or die("Cannot connect to database");
$query = mysql_query("select * from list");
while($row = mysql_fetch_array($query))
{
print "<tr>";
print '<td align="center">'. $row['id'] . "</td>";
print '<td align="center">'. $row['details'] . "</td>";
print '<td align="center">'. $row['date_posted'] . " - " . $row['time_posted'] . "</td>";
print '<td align="center">'. $row['date_edited'] . " - " . $row['time_edited'] . "</td>";
print '<td align="center">edit</td>';
print '<td align="center">delete</td>';
print '<td align="center">'. $row['public'] . "</td>";
print "</tr>";
}
?>
</table>
</body>
</html>
)
edit.php
<html>
<head>
<title>My first PHP website</title>
</head>
<?php
session_start(); //starts the session
if($_SESSION['user']){ //checks if user is logged in
}
else{
header("location:index.php"); // redirects if user is not logged in
}
$user = $_SESSION['user']; //assigns user value
$id_exists = false;
?>
<body>
<h2>Home Page</h2>
<p>Hello <?php Print "$user"?>!</p> <!--Displays user's name-->
Click here to logout<br/><br/>
Return to Home page
<h2 align="center">Currently Selected</h2>
<table border="1px" width="100%">
<tr>
<th>Id</th>
<th>Details</th>
<th>Post Time</th>
<th>Edit Time</th>
<th>Public Post</th>
</tr>
<?php
if(!empty($_GET['id']))
{
$id = $_GET['id'];
$_SESSION['id'] = $id;
$id_exists = true;
mysql_connect("localhost", "root","") or die(mysql_error()); //Connect to server
mysql_select_db("first_db") or die("Cannot connect to database"); //connect to database
$query = mysql_query("Select * from list Where id='$id'"); // SQL Query
$count = mysql_num_rows($query);
if($count > 0)
{
while($row = mysql_fetch_array($query))
{
Print "<tr>";
Print '<td align="center">'. $row['id'] . "</td>";
Print '<td align="center">'. $row['details'] . "</td>";
Print '<td align="center">'. $row['date_posted']. " - ". $row['time_posted']."</td>";
Print '<td align="center">'. $row['date_edited']. " - ". $row['time_edited']. "</td>";
Print '<td align="center">'. $row['public']. "</td>";
Print "</tr>";
}
}
else
{
$id_exists = false;
}
}
?>
</table>
<br/>
<?php
if($id_exists)
{
Print '
<form action="edit.php" method="POST">
Enter new detail: <input type="text" name="details"/><br/>
public post? <input type="checkbox" name="public[]" value="yes"/><br/>
<input type="submit" value="Update List"/>
</form>
';
}
else
{
Print '<h2 align="center">There is no data to be edited.</h2>';
}
?>
</body>
</html>
<?php
if($_SERVER['REQUEST_METHOD'] == "POST")
{
mysql_connect("localhost", "root","") or die(mysql_error()); //Connect to server
mysql_select_db("first_db") or die("Cannot connect to database"); //Connect to database
$details = mysql_real_escape_string($_POST['details']);
$public = "no";
$id = $_SESSION['id'];
$time = strftime("%X");//time
$date = strftime("%B %d, %Y");//date
foreach($_POST['public'] as $list)
{
if($list != null)
{
$public = "yes";
}
}
mysql_query("UPDATE list SET details='$details', public='$public', date_edited='$date', time_edited='$time' WHERE id='$id'") ;
header("location: home.php");
}
?>
and here's the one with ?id=1 in the url
http;//s15,postimg,org/yoabiq0p7/screenshot_21,png (change the commas with fullstops).
You are printing only the edit.php, you need to print the entire edit link.
print '<td align="center">edit</td>';
Replace this line with:
print '<td align="center">edit</td>';
This will solve the problem.
P.S: Be careful, your code is open for SQL Injection! Make sure to use mysql_real_escape_string() in this place:
$id = mysql_real_escape_string($_GET['id']);
If the id is only number, you can do the following too to avoid SQL Injection:
$id = intval($_GET["id"]);
The SQL Injection thing is very serious and you need to filter what comes from outside. I recommend using prepared statement PDO too.
you arent passing the data in the home.php
you are doing normal link to edit.php and you arent passing the data ?id=1
try edit this:
print '<td align="center">edit</td>';
to this:
print '<td align="center">edit</td>';
I'm not sure about the title, I tried my best.
I have a table displayed with information from a database using this file
display.php
<?php
mysql_connect("localhost", "root", "root") or die(mysql_error());
mysql_select_db("tournaments") or die(mysql_error());
$result = mysql_query("SELECT * FROM tournies")
or die(mysql_error());
echo '<table id="bets" class="tablesorter" cellspacing="0" summary="Datapass">
<thead>
<tr>
<th>Tournament <br> Name</th>
<th>Pot</th>
<th>Maximum <br> Players</th>
<th>Minimum <br> Players</th>
<th>Host</th>
<th></th>
<th></th>
</tr>
</thead>
<tbody>';
while($row = mysql_fetch_array( $result )) {
$i=0; if( $i % 2 == 0 ) {
$class = "";
} else {
$class = "";
}
echo "<tr" . $class . "><td>";
echo $row['tour_name'];
$tour_id = $row['tour_name'];
echo "</td><td>";
echo $row['pot']," Tokens";
echo "</td><td class=\"BR\">";
echo $row['max_players']," Players";
echo "</td><td class=\"BR\">";
echo $row['min_players']," Players";
echo "</td><td class=\"BR\">";
echo $row['host'];
echo "</td><td>";
echo "<input id=\"delete_button\" type=\"button\" value=\"Delete Row\" onClick=\"SomeDeleteRowFunction(this)\">";
echo "</td><td>";
echo "<form action=\"join.php?name=$name\" method=\"POST\" >";
echo "<input id=\"join_button\" type=\"submit\" value=\"Join\">";
echo "</td></tr>";
}
echo "</tbody></table>";
?>
Basically I want the user to press a button from a row of the table and they go to a new page called join.php. I need the persons username and the name of the tournament from the row the clicked.
For example here's my page:
When they click the join button at the end of row one it should send them to
'join.php?name=thierusernamehere&tourname=dfgdds'
Any help much appreciated. Thanks.
echo '<td>Join</td>'
There are many way to approach.
The easiest way is just echo 'JOIN';
or you can use a form with hidden input and submit button.
BUT
Your code is really a mess, try to make your code more maintainable and readable. And do NOT use any mysql_* functions, they are deprecated.
Read more about PDO:
http://php.net/manual/en/book.pdo.php
http://net.tutsplus.com/tutorials/php/why-you-should-be-using-phps-pdo-for-database-access/
here is my code. actually i am displaying some data from mysql on the page and creating dynamic link.i want started a session with session_start() in the very begining of code before starting any code. i want to store the value of the link that is to be display on other pagepage..
page1.php
<a style="color:#F00; font-family:Arial, Helvetica, sans-serif; margin-left:33px; font-weight:bold">
No. of registered students:
</a>
<table border='1' align="center" style="font-size:14px" width="95%" cellspacing="3" class="db_table">
<tr class="db_table_tr" >
<th class="db_table_th" name="submit">USN</th>
</tr>
<?php
include('includes/login_connection.php');
$query = "select p.usn, p.name from personal_details p, course_codes c where p.usn = c.usn order by p.usn";
$run = mysql_query($query) or die($query."<br/><br/>".mysql_error());
$num = mysql_numrows($run);
echo $num;
while($row = mysql_fetch_assoc($run)){
echo "<tr>";
echo "<td>" . $row['usn'] . "" . "</td>";
echo "<td>" . $row['name'] . " </td>";
if(isset($_GET['submit'])){
$_SESSION['session_usn'] = $_GET['usn'];
}
}
echo "</tr>";
mysql_close($bd);
?>
</table>
page2.php
<?php
session_start();
if(isset($_SESSION['session_usn']))
{
$_POST['usn'] = $_SESSION['session_usn'];
echo $_POST['usn'];
}
?>
You need to provide a fall-back, in case the URL provided does not contain the proper variables in the $_GET section.
You have:
if(isset($_GET['submit'])){
$_SESSION['session_usn'] = $_GET['usn'];
}
You should do something else if $_GET['submit'] isn't set:
if(isset($_GET['submit'])){
$_SESSION['session_usn'] = $_GET['usn'];
} else {
$_SESSION['session_usn'] = "unset";
// or set a warning flag like "unset"
}
You should be feeding your php file a url like:
http://yoururl.com/page1.php?usn='333'
Where 333 is the value you want to store.
Sorry for asking an implement my feature question type question last time. I am new to Stackoverflow.com and also to php that's why.
What I was trying to ask is:
I have made a admin account. Members have registration page so a member will register. When user registers in the database table I will have a field for which 0 value will be initialised which means he is not approved. In admin account I have code to get the list of members. The code is given below:
<h2><?php echo "User list"; ?></h2>
<table border="0" cellpadding="0" cellspacing="0">
<tr bgcolor="#f87820">
<td><img src="img/blank.gif" alt="" width="10" height="25"></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo "first name"; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo "lastname name"; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="150" height="6"><br><b><?php echo "member id"; ?></b></td>
<td class="tabhead"><img src="img/blank.gif" alt="" width="50" height="6"><br><b><?php echo "delete"; ?></b></td>
<td><img src="img/blank.gif" alt="" width="10" height="25"></td>
</tr>
<?php
}
$result=mysql_query("SELECT member_id,firstname,lastname,login FROM members ORDER BY firstname");
$i = 0;
while($row = mysql_fetch_array($result)) {
if ($i > 0) {
echo "<tr valign='bottom'>";
echo "<td bgcolor='#ffffff' height='1' style='background-image:url(img/strichel.gif)' colspan='6'></td>";
echo "</tr>";
}
echo "<tr valign='middle'>";
echo "<td class='tabval'><img src='img/blank.gif' alt='' width='10' height='20'></td>";
echo "<td class='tabval'><b>".$row['lastname']."</b></td>";
echo "<td class='tabval'>".$row['firstname']." </td>";
echo "<td class='tabval'>".$row['member_id']." </td>";
echo "<td class='tabval'><a onclick=\"return </span></a></td>";
echo "<td class='tabval'></td>";
echo "</tr>";
$i++;
}
?>
</table>
in this i wanna add tho more things in the table 1 to delete a member and 2 to have approved or denied option for that i made two functiom
below code is to delete
if($_REQUEST['action']=="del")
{
$memberId = mysql_real_Escape_string($_REQUEST['member_id']);
mysql_query("DELETE FROM members WHERE member_id=$memberId");
}
below one for approving members
But my problem is I don't know how to include a button or radio button in the table which can pass value delete or approve to these functions.
Please tell me how the syntax is to add this button so that for approving I can change the value 0 that I gave in the database to 1 so that member get approved.
Try this:
echo '<td><a href="http://yourwebsite/yourscriptname.php?action=del&member_id='
. htmlspecialchars($row['member_id']) . '">Delete</a>';
if ($row['approved'] == 0) {
echo ' <a href="http://yourwebsite/yourscriptname.php?action=approve&member_id='
. htmlspecialchars($row['member_id']) . '">Approve</a>';
}
echo '</td>';
And make sure ALL of your database values are being sent to the browser in htmlspecialchars().
On the flipside,
$member_id = 0;
if (isset($_GET['member_id'])) $member_id = intval($_GET['member_id']);
$action = '';
if (isset($_GET['action'])) $action = $_GET['action'];
$sql = '';
switch($action) {
case 'approve':
$sql = "UPDATE members SET approval = 1 WHERE member_id = $member_id";
break;
case 'delete':
$sql = "DELETE FROM member WHERE member_id = $member_id";
break;
}
if (!empty($sql) && !empty($member_id)) {
// execute the sql.
}
What I would do is to set up a form inside of the table.
?> <form name="deleteUser" id="deleteUser" method="post" action="">
<input type="hidden" name="member_id" id="member_id" value="<?php echo $row['member_id'] ?>
<input type="submit" name="action" id="action" value="del" />
</form><?php
I would insert that in between your <td> tag.
<td class='tabval'>INSERT HERE</td>";