|
PHP - Using Session Id And Username To Update Database?
I'm helping out a friend who owns a boarding kennel. She would like an online site where she or a client can register, add their dogs to their profile and other info.
I know CSS and HTML but have very, very little experience in PHP, I figured it would be fun to give this a try and learn something new. So far I've managed to create a register and log in area, and now I'm trying to make it possible for someone to add a dog breed from a drop down list to their "page" after they've logged in. I cannot get the data to insert into that specific user's table. I'm trying to use the session id and session username as the variable, and this is where the problem comes in. If I type the userid and the username out then the data will update fine...but that's not practical. I need it to know which user is logged in and update them accordingly. Anyway, what I'm typing here makes sense in my head but I've been staring at this computer all day and it's possible I'm way out in left field, so here's the code to see for yourself. (chances are it's something totally obvious....or I have stuff in there that doesn't belong, I haven't a clue.) Thank you in advance to anyone willing to help me out! The form <?php session_start(); $_SESSION['userid']=$userid;?> <html><body> <h4></h4> <form action="process.php" method="post"> <select name="breed" id="breed"> <option value="collie">Collie</option> <option value="aussie">Aussie</option> </select> <select name="sex"> <option>Dog</option> <option>Bitch</option> </select> <input type="submit" /> </form> </body></html> The php for that form <?php session_start(); $_SESSION['userid']=$userid; $_SESSION['Username']=$username;?> <html><body> <?php $host="localhost"; // Host name $username="silver_phptest"; // Mysql username $password="bowser"; // Mysql password $db_name="silver_phptestingbase"; // Database name $tbl_name="users"; // Table name // Connect to server and select database. mysql_connect("$host", "$username", "$password")or die("cannot connect"); mysql_select_db("$db_name")or die("cannot select DB"); // Get values from form $breed=$_POST['breed']; // Insert data into mysql mysql_query("UPDATE users SET dogs = '$breed' WHERE userID = '$userid'"); // close connection mysql_close(); ?> </body></html> Similar Tutorials
Using Inline Php; <h1><font Color="000088">the Username <?php '.$username.' ?> Already Exists";</h1>
Came a long way with the code since Friday and have another issue.
I can echo the session username on my pages but not into the insert command to the database. I need this so when a user logs in only their data will be seen. Here is the code pages.
Here is the page code this does echo the username
Logged in as <?php echo "$username"; ?>
<?php
// Start session
session_start() ;
$username = $_SESSION['username'];
// Include required functions file
require_once('include/db/functions.inc.php') ;
// Check login status ... if not logged in, redirect to login screen
if (check_login_status() == false) {
redirect('login.php') ;
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Add A New Tank(WAD)</title>
<style type="text/css"></style>
</head>
<body>
<p align="center"><a href="../test/index.php">Home</a> | <a href="../test/register.php">Register</a> | <a href="../test/login.php">Login</a> | <a href="../test/tank.php">Add Tank</a> | <a href="../test/fish.php">Add Fish</a> | <a href="../test/plants.php">Add Plants</a> | <a href="../test/water-test.php">Add Water Test</a> | <a href="../test/include/login/logout.inc.php">Logout</a></p></p>
<p>Logged in as <?php
echo "$username";
?> </p>
<table width="810" border="2" align="center">
<tr>
<td>
<table width="800" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td align="center" bgcolor="#FFFFFF" scope="col"><h2><b>Your Tanks(WAD)</b></h2></td>
</tr>
<form action="/test/include/tank/tank.inc.php" method="post" name="tank" id="tank">
<table border="2" align="center" cellpadding="0">
<tr>
<td><div align="left"><b>Tank Name: </b> </div></td>
<td><div align="left">
<input type="text" name="tankname" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Date Filled With Water: </b> </div></td>
<td><div align="left">
<input type="text" name="date" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Length: </b> </div></td>
<td><div align="left">
<input type="text" name="length" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Depth: </b> </div></td>
<td><div align="left">
<input type="text" name="depth" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Height: </b> </div></td>
<td><div align="left">
<input type="text" name="height" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Volume: </b> </div></td>
<td><div align="left">
<input type="text" name="volume" size="25" />
</div></td>
</tr>
<tr>
<td><div align="left"><b>Type of Tank: </b> </div></td>
<td><div align="left">
<input type="text" name="type" size="25" />
</div></td>
</tr>
<tr>
<td></div></td></tr>
<tr>
<td><div align="left"><b>Notes: </b> </div></td>
<td><div align="left">
<p>
<textarea name="notes" cols="50" rows="10"></textarea>
</p>
</div></td>
</tr>
<tr>
<th colspan="2"><p>
<input type="submit" value="Add New Tank" />
</p></th>
</tr>
</table>
</form>
<tr>
<td align="center" valign="top" bgcolor="#FFFFFF"><div align="center"><font size="2"> © 2014 <a href="http://www.pctechtime.com">PC TECH TIME</a> </font> </div></td>
</tr>
</table>
<tr>
<td></td></td></tr>
<tr>
<td></tr></td></tr>
</table>
</body>
</html>
This is tank.inc.php which works except for the username being inserted into the database. I did try removing the mysqli_close($con); but that didn't help. I did have it working when I removed the mysqli_close($con); but then I logged out and then back in and it stopped?
<?php
include_once "../../../test/include/db/db.inc.php";
// escape data and set variables
$tankname = mysqli_real_escape_string($con, $_POST['tankname']);
$date = mysqli_real_escape_string($con, $_POST['date']);
$length = mysqli_real_escape_string($con, $_POST['length']);
$depth = mysqli_real_escape_string($con, $_POST['depth']);
$height = mysqli_real_escape_string($con, $_POST['height']);
$volume = mysqli_real_escape_string($con, $_POST['volume']);
$type = mysqli_real_escape_string($con, $_POST['type']);
$notes = mysqli_real_escape_string($con, $_POST['notes']);
$username = $_SESSION['username'];
// # setup SQL statement
$sql="INSERT INTO tank (tankname, username, date, length, depth, height, volume, type, notes)
VALUES ('$tankname', '$username', '$date', '$length', '$depth', '$height', '$volume', '$type', '$notes')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo 'New Tank Added ';
mysqli_close($con);
?>
Hello everyone,
I'm create an application where I have member, admin, and superadmin
What I'm try to do is superadmin update member to admin, so they can have more privilege. The name of the table is member where I have member, admin account, and i have row call 'rank'. Rank 1 is for member they have access basic stuff and rank 2 they have more privilege. Want the superadmin to type the name of the member and change to rank 2.
This is what happening, if I dont put nothing on the text boxes, it said "Please check if you have put the right information." , if i put member and the rank i want to change is says ""User has upgrade to admin", but than when i check my database the member is still a member when i wanted to change to admin.
Can anyone see where I'm going home, or what should I change.
<form> </form>
<form action='<?php htmlentities($_SERVER['PHP_SELF']); ?>' method='POST' enctype='multipart/form-data '>
Username: <input class="fontsize" name='user' type='text'/>
Rank: <input class="fontsize" name='rank' type='text' /> <br><br>
<input class="button" type='submit' name='get' value='Upgrade' />
</form>
</h2>
<?php
if(isset($_POST['get']))
{
$username1 = $_POST['user'];
$sql_user = mysqli_real_escape_string ($connection, $username1);
$rank = $_POST['rank'];
$rank = mysqli_real_escape_string ($connection, $rank);
$query1 = mysqli_query($connection, "SELECT rank FROM member WHERE username='$sql_user'");
if ($row = mysqli_fetch_array($query1))
{
if ($rank == '1')
{
$data1 = mysqli_query($connection, "UPDATE member SET rank= '1' WHERE username='sql_user'") or die (mysql_error($connection));
echo "User has downgrade to member";
}
elseif ($rank == '2')
{
$data2 = mysqli_query($connection, "UPDATE member SET rank= '2' WHERE username ='sql_user'") or die (mysql_error($connection));
echo "User has upgrade to admin";
}
else
{
echo "Please check if you have put the right information.";
}
}
}
?>
Hello. I am just beginning to teach myself the basics of php. I am learning from books and video tutorials etc. I have come across a problem that I just can't work out, I'm sure it is very simple. Two files, movie1.php and moviesite.php, movie1.php looks like this: Code: [Select] <?php session_start(); $_SESSION['username'] = "Joe12345"; $_SESSION['authuser'] = 1; ?> <html> <head> <title>Find My Movie!</title> </head> <body> <?php $myfavmovie = urlencode("The Life of Brian"); echo "<a href='moviesite.php?favmovie=$myfavmovie'>"; echo "click here to see information about my favourite movie!"; echo "</a>" ?> </body> </html> OK? You see the '$_SESSION['username'] = "Joe12345";', this is my specific problem. This should be echoed into the next page, moviesite.php which you can see below: Code: [Select] <?php session_start(); //check to see if the user has logged in with a valid password if ($_SESSION['authuser'] != 0) { echo "sorry, but you don't have permission to view this page"; exit(); } ?> <html> <head> <title>My Movie Site - <?php echo $_REQUEST['favmovie']; ?></title> </head> <body> <?php echo "Welcome to our site, "; echo $_SESSION['username']; echo "! <br>"; echo "My favourite movie is "; echo $_REQUEST['favmovie']; echo "<br>"; $movierate = 5; echo "My movie rating for this movie is "; echo $movierate; ?> </body> </html> OK? 'echo $_SESSION['username'];' does not echo the username. Everything else seems to be ok. This is an example I have been working on from the book 'Beginning PHP, MySQL and Apache Web Development'. I hope someone can help. The username 'Joe12345' is not carried to the next page. It is just blank. Many Thanks for all and any assistance people can give me. Hi i have this simple update form and scrip but somehow it doesnt seem to be update the field on the database can someone help out please. The html form is the second form bellow where the action send to status_update.php HTML FORM Code: [Select] <?php include("../header.html"); ?> <?php include("header_news.html"); extract($_REQUEST,EXTR_SKIP); ?><?php /* print("sfilm_refnum = $sfilm_refnum<BR>"); print("sfilm_addr01 = $sfilm_addr01<BR>"); print("sfilm_postcode = $sfilm_postcode<BR>"); print("Film Client = $fclient<BR>"); */ ?> <form id="search" action="list.php" method="post" name="search"> <table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#eeeeee"> <tr> <td align="right" width="140"></td> <td width="320"><span class="hofblack10"> </span> </td> <td align="center" width="100"><input type="hidden" name="lstart" value="<?php print("$lstart"); ?>" /><input type="hidden" name="lend" value="<?php print("$lend"); ?>" /><input type="hidden" name="lamount" value="<?php print("$lamount"); ?>" /></td> <td align="center" width="100"></td> <td align="right"></td> </tr> </table> </form> <table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#4050c4"> <tr> <td width="60" class="hofwhite10">action</td> <td width="140"><span class="hofwhite14">DATE</span></td> <td width="80"><span class="hofwhite14">ID</span></td> <td><span class="hofwhite14">News Titile</span></td> <td width="100"><span class="hofwhite14">Status</span></td> </tr> <tr height="0"> <td bgcolor="white" width="60"></td> <td bgcolor="white" width="140" height="0"></td> <td bgcolor="white" width="80" height="0"></td> <td bgcolor="white" height="0"></td> <td bgcolor="white" width="100" height="0"></td> </tr> </table><table width="780" border="0" cellspacing="0" cellpadding="4"><tr> <td width="60"></td> <td width="80"></td> <td><a class="blueullrg" href="add.php">Add News</a></td> <td align="right" width="120"></td> </tr> <tr height="0"> <td width="60" height="0"></td> <td width="80" height="0"></td> <td height="0"></td> <td align="right" width="120" height="0"></td> </tr> </table> <?php //get the DB connection variables include("../../../includes/config.php"); //connect to DB $connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT."); $db = @mysql_select_db($db_name, $connection) or die("Couldn't select DATABASE."); $query2="SELECT * FROM news WHERE !(news_status='deleted')"; $result2 = mysql_query($query2) or die("Couldn't execute QUERY - Select NEWS Qty"); $fqty = mysql_num_rows($result2); //SELECT or FIND the same USERNAME $query3="SELECT * FROM news WHERE !(news_status='deleted') ORDER BY news_id DESC"; $result3 = mysql_query($query3) or die("Couldn't execute QUERY - Select NEWS"); while ($row = mysql_fetch_array($result3)) { $news_id = $row['news_id']; $news_title = $row['news_title']; $news_story = $row['news_story']; $news_image = $row['news_image']; $news_image_caption = $row['news_image_caption']; $news_image_link = $row['news_image_link']; $news_date_day = $row['news_date_day']; $news_date_month = $row['news_date_month']; $news_date_year = $row['news_date_year']; $news_status = $row['news_status']; $news_website = $row['news_website']; $news_date_created = $row['news_date_created']; $news_date_modified = $row['news_date_modified']; ?> <table width="780" border="0" cellspacing="0" cellpadding="4" bgcolor="#eeeeee"> <tr> <td width="60"><span class="hofblack10"> <?php if($news_status=="deleted"){ print("<a class='hifblack10'>deleted</span>"); }ELSE{ print("<a class='blueul' href='edit.php?id=$news_id'>edit</a>"); } ?> </span></td> <td width="140"><span class="titlegrey12"> <?php if(!$news_date_day) { echo "00"; } else{ echo $news_date_day; } echo "/"; if(!$news_date_month) { echo "00"; }else{ echo $news_date_month; } echo "/"; if(!$news_date_year) { echo "0000"; }else{ echo $news_date_year; } ?> </span></td> <td width="80"><span class="titlegrey12"><?php print("$news_id"); ?></span> </td> <td><?php if($news_status=="deleted") { print("<class='hofblack10'>$news_title</span>"); }ELSE{ print("<a class='blueul' href='edit.php?id=$news_id'>$news_title</a>"); } ?></td> <td width="100"> <form id="list_update" action="status_update.php" method="post" name="list_update"> <select name="newnstatus" size="1"> <option <?php if($row['news_status'] == "") { print("selected"); } ?> selected="selected" value="">Status...</option> <option <?php if($row['news_status'] == "on") { print("selected"); } ?> value="on">On</option> <option <?php if($row['news_status'] == "off") { print("selected"); } ?> value="off">Off</option> <option <?php if($row['news_status'] == "deleted") { print("selected"); } ?> value="deleted">Delete</option> </select> <input type="hidden" name="nstatus" value="<?php echo $row[news_status]; ?>" /> <input type="hidden" name="id" value="<?php echo $row[news_id]; ?>" /> <input type="submit" name="update" value="update" /> </form> </td> </tr> <tr height="0"> <td bgcolor="white" width="60"></td> <td bgcolor="white" width="140" height="0"></td> <td bgcolor="white" width="80" height="0"></td> <td bgcolor="white" height="0"></td> <td bgcolor="white" width="100" height="0"></td> </tr> </table> <?php } mysql_close($connection);//}?> <table width="780" border="0" cellspacing="0" cellpadding="4"> <tr> <td width="60"></td> <td width="80"></td> <td><a class="blueullrg" href="add.php">Add News</a></td> <td align="right" width="120"></td> </tr> </table><?php // include("list_navigation.html"); ?> <?php include("../footer.html"); ?> </div></body></html> The action script php Code: [Select] <?php /* echo "fstatus: ".$fstatus."<BR>"; echo "id: ".$id."<BR>"; echo "fclient: ".$fclient."<BR>"; echo "newfstatus: ".$newfstatus."<BR>";*/ //set the date of agreement $timestamp = date('l jS \of F Y h:i:s A'); //get the DB connection variables include("../../../includes/config.php"); //connect to DB $connection = @mysql_connect($db_address,$db_username,$db_password) or die("Couldn't CONNECT."); $db = @mysql_select_db($db_name, $connection) or die("Couldn't select FILMS DATABASE."); // All appears well, so enter into database $query= "UPDATE news SET news_status = '$newnstatus' WHERE news_id='$id'"; $result = mysql_query($query) or die("could not execute query - Update FILMS Record to DB"); //setup an email to the Admin @ hof, w/o attachment $emailto="xx@xxx.co.uk"; $emailfrom="no-reply@xxxx.co.uk"; $emailsubject="xx Record Updated"; $emailmessage="Hello Registrar\n\n"; $emailmessage.="News ID: ".$id."\n"; $emailmessage.="Updated on: ".$timestamp."\n\n"; $emailmessage.="Status was: ".$nstatus."\n"; $emailmessage.="Status now: ".$newfnstatus."\n"; $emailmessage.="Thank you,\n\n"; $emailmessage.="Web Site ROBOT\n"; $emailmessage.="(Administrator)\n"; $emailmessage.="xxx.co.uk | xxx.biz\n"; $emailmessage.="----------------------------------------------\n"; $emailmessage.="e. http://www.xxx.co.uk/contact.php\n"; $emailmessage.="w. http://www.xxx.co.uk\n"; $emailheader="From: xxx.co.uk<$emailfrom>"; $emailheader .= 'Cc: xxx@xxx.co.uk'."\r\n"; $emailheader .= 'Bcc: xxx@xxxxx.co.uk'."\r\n"; $ok=mail($emailto,$emailsubject,$emailmessage,$emailheader); mysql_close($connection); if ($ok) { header("Location: list.php"); /* Redirect browser */ exit; } else { $errmsg="There was a problem, please try later or telephone us direct."; $errsta="1"; include("edit_error.html"); //echo "<p>Mail could not be sent. Sorry!</p>"; exit; } ?> Thanks in advance I have a membership site that a user creates a username and password at registration. The user logs in and all that works. The usersname is located in the database under users. Each page is protected and you must login to access it. Here is the code for that
checkLogin('2');
$getuser = getUserRecords($_SESSION['user_id']);
If the user login is correct they have access to the page. This all works fine as I said. On this page is a form that gets filled out. All the data except the username is added to the database for the contents of this form. I need to have the username added to the database to track who the data belongs to. Here is the code I have for this, can some tell me where I messed up.
The line under the the code <body> pulls the username and the echo command prints the username on the page. I repeated this code under the
if ($_SERVER['REQUEST_METHOD'] == "POST") code and it also prints the username.
<?php
// this is processed when the form is submitted
// back on to this page (POST METHOD)
if ($_SERVER['REQUEST_METHOD'] == "POST")
{ $usernow = $getuser[0]['username'];
$userid = $usernow;
echo "$userid";
# escape data and set variables
$userid = addslashes($_POST["userid"]);
$date = addslashes($_POST["date"]);
$temperature = addslashes($_POST["temperature"]);
$ph = addslashes($_POST["ph"]);
$ammonia = addslashes($_POST["ammonia"]);
$nitrite = addslashes($_POST["nitrite"]);
$nitrate = addslashes($_POST["nitrate"]);
$phosphate = addslashes($_POST["phosphate"]);
$gh = addslashes($_POST["gh"]);
$kh = addslashes($_POST["kh"]);
$iron = addslashes($_POST["iron"]);
$potassium = addslashes($_POST["potassium"]);
$notes = addslashes($_POST["notes"]);
// # setup SQL statement
$sql = " INSERT INTO water_parameters ";
$sql .= " (id, userid, date, temperature, ph, ammonia, nitrite, nitrate, phosphate, gh, kh, iron, potassium, notes) VALUES ";
$sql .= " ('', '$userid', '$date', '$temperature', '$ph', '$ammonia', '$nitrite', '$nitrate', '$phosphate', '$gh', '$kh', '$iron', '$potassium', '$notes') ";
// #execute SQL statement
$result = mysql_query($sql);
// # check for error
if (mysql_error()) { print "Database ERROR: " . mysql_error(); }
print "<h3><font color=red>New Water Parameters Were Added</font></h3>";
}
?>
Hi, my goal is to be able to create a web based interface for someone who has no programming skills or interest to be able to maintain a list of usernames and passwords for protecting a page of links on a website. so, I've created a page that can write to a database, and I can see that it is working, I can read entries, etc. now, I need to know how to make a script that will check against that database for valid UN/PW combinations. what is the best method for this? James Hi, I'm am trying to use a search engine that search's for a username in the database and displays the information back. I have searched for a script but none of them has helped me. I have tried to use this without any luck: mysql_connect("localhost", "", "") or die(mysql_error()); mysql_select_db("dbsystem") or die(mysql_error()); $todo=$_POST['todo']; if(isset($todo) and $todo=="search"){ $search_text=$_POST['search_text']; $type=$_POST['type']; $search_text=ltrim($search_text); $search_text=rtrim($search_text); if($type<>"any"){ $query="select * from users where name = '$search_text'"; }else{ $kt=split(" ",$search_text);//Breaking the string to array of words // Now let us generate the sql while(list($key,$val)=each($kt)){ if($val<>" " and strlen($val) > 0){$q .= " name like '%$val%' or ";} }// end of while $q=substr($q,0,(strlen($q)-3)); // this will remove the last or from the string. $query="select * from users where $q "; } // end of if else based on type value echo $query; echo "<br><br>"; $nt=mysql_query($query); echo mysql_error(); while($row=mysql_fetch_array($nt)){ echo "$row[name]<br>"; } // End if form submitted }else{ echo "<form method='post' action=''><input type='hidden' name='todo' value='search' /> <input type='text' name='search_text' /><input type='submit' value='Search' /><br> <input type='radio' name='type' value='any' checked />Match any where <input type='radio' name='type' value='exact' />Exact Match </form> "; } I will be grateful if you can help with this. Alright, I've been assigned a project at work. I did not develop the application and the individual who did used CodeIgnited framework and mysql as the db.
Here's the problem, I'm not given much OT to do this and in our meeting the best way to proceed was to replicate the database for different parts of the organization. Basically we are a subsidiary and have been using an application that other groups within the organization want to use. Usually I would reconfigure the db schema and add org ids and in the user table add the appropriate organization to go to. However, they are not giving me enough time to do that.
So what I'm thinking is to just create a copy of the database we use (just the structure) and create a new database.
What I want to know is how to use mysql to check to see if a user exists in one database and if they don't then to go on to the next database. I understand this is a very sloppy way to do it, but it's the way we are moving forward.
I found the code to connect to the db in CodeIgnitor... how can I connect to a database, check to see if the user exists, then close that db connection and try the next database?
/**
* Select the database
*
* @access private called by the base class
* @return resource
*/
function db_select()
{
return @mysql_select_db($this->database, $this->conn_id);
}
Thanks in advance.
Im trying to create a website where users login, and then when they add a new entry to the database there name is put as the author. This is how my tables are set up. One table is named job and has the columns id, jobtext, jobdate, and authorid. Another table is called author. This table contains the columns id, username, password, and name. Authorid from the job table matches with id from the author table. When a user logins in this code is used to register the name...session_start(); $_SESSION['myusername'] = $_POST['myusername']; $_SESSION['mypassword'] = $_POST['mypassword']; header("location: index.php"); } else { echo "Wrong Username or Password"; } This is the form users use to add a new entry... if (isset($_GET['add'])) { $pagetitle = 'New Job'; $action = 'addform'; $text = ''; $authorid = ''; $id = ''; $button = 'Add job'; include $_SERVER['DOCUMENT_ROOT'] . '/jobs/includes/db.inc.php'; // Build the list of authors $sql = "SELECT id, name FROM author"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of authors.'; include 'error.html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $authors[] = array('id' => $row['id'], 'name' => $row['name']); } // Build the list of categories $sql = "SELECT id, name FROM category"; $result = mysqli_query($link, $sql); if (!$result) { $error = 'Error fetching list of categories.'; include 'error.html.php'; exit(); } while ($row = mysqli_fetch_array($result)) { $categories[] = array( 'id' => $row['id'], 'name' => $row['name'], 'selected' => FALSE); } include 'form.html.php'; exit(); } if (isset($_GET['addform'])) { include $_SERVER['DOCUMENT_ROOT'] . '/includes/db.inc.php'; $text = mysqli_real_escape_string($link, $_POST['text']); $author = mysqli_real_escape_string($link, $_POST['author']); if ($author == '') { $error = 'You must choose an author for this job. Click ‘back’ and try again.'; include 'error.html.php'; exit(); } $sql = "INSERT INTO job SET jobtext='$text', jobdate=CURDATE(), authorid='$author'"; if (!mysqli_query($link, $sql)) { $error = 'Error adding submitted job.'; include 'error.html.php'; exit(); } $jobid = mysqli_insert_id($link); if (isset($_POST['categories'])) { foreach ($_POST['categories'] as $category) { $categoryid = mysqli_real_escape_string($link, $category); $sql = "INSERT INTO jobcategory SET jobid='$jobid', categoryid='$categoryid'"; if (!mysqli_query($link, $sql)) { $error = 'Error inserting job into selected category.'; include 'error.html.php'; exit(); } } } header('Location: .'); exit(); } Form.html.php = <?php include_once $_SERVER['DOCUMENT_ROOT'] . '/includes/helpers.inc.php'; ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> <title><?php htmlout($pagetitle); ?></title> <meta http-equiv="content-type" content="text/html; charset=utf-8"/> <style type="text/css"> textarea { display: block; width: 100%; } </style> </head> <body> <?php session_start(); ?> <h1><?php htmlout($pagetitle); ?></h1> <form action="?<?php htmlout($action); ?>" method="post"> <div> <label for="text">Type your job he </label> <textarea id="text" name="text" rows="3" cols="40"><?php htmlout($text); ?></textarea> </div> <div> <label for="author">Author:</label> <select name="author" id="author"> <option value="">Select one</option> <?php foreach ($authors as $author):?> <option value="<?php htmlout($author['id']); ?>"<?php if ($author['id'] == $authorid) echo ' selected="selected"'; ?>><?php htmlout($author['name']); ?></option> <?php endforeach; ?> </select> </div> <fieldset> <legend>Categories:</legend> <?php foreach ($categories as $category): ?> <div><label for="category<?php htmlout($category['id']); ?>"><input type="checkbox" name="categories[]" id="category<?php htmlout($category['id']); ?>" value="<?php htmlout($category['id']); ?>"<?php if ($category['selected']) { echo ' checked="checked"'; } ?>/><?php htmlout($category['name']); ?></label></div> <?php endforeach; ?> </fieldset> <div> <input type="hidden" name="id" value="<?php htmlout($id); ?>"/> <input type="submit" value="<?php htmlout($button); ?>"/> </div> </form> </body> </html> Right now, under authors, it displays all the authors in the database. I want it to just show/submit the authorid of the logged in user. Hi, i have had some help from these forums building a shopping cart system and i can add items to cart, empty cart but i need some help on how to update quantities. Here is the code i use to add items Code: [Select] $pid = $_POST['prodid']; $q = $_POST['qty']; if(array_key_exists($pid, $_SESSION['cart'])) { $_SESSION['cart'][$pid]=$_SESSION['cart'][$pid]+$q; } ELSE { $_SESSION['cart'][$pid]=$q; } Im displaying my items in a table with a text field for quantities which can be changed then click update. i see there is 2 things i need to do, first is to somehow create a loop for all the items in my table, i have no clue where to start on that, and then in that loop i have my update command. im assuming the code to update would be something like Code: [Select] $_SESSION['cart'][$pid]=$_SESSION['cart'][$pid][$qty] where $qty is the value of the text box in my table. Any help would be appreciated. im trying to make a breadcrumbs feature on my site. this feature is driven using the session variables. My problem here is that.. i just wondering what make the session variables display its own value (not expected value).. this variable name got no similar across the whole site. i just wanna hear what are the possible causes why this happen... thanks ISSUE. A User enters information into a form. If the 'username' is already taken, a 'message' in Red and with larger font-size will be returned, for example, "The username $username already exists." If the username is 'mattd' then the message should say, "The username mattd already exists." Within my php application, I have included 'inline html'. Here is part of the code: .... if (mysql_num_rows($query_run)==1) { // it will never = more than one because only //one user will or will not exist ?> <html> </body> <h1><font color="#FF0066">The username <?php echo $username; ?>already exists.</h1> </body> </html> <?php }else{ //start the registration process $query = "INSERT INTO `Names` VALUES .... 1. At one point I did get this: "The username mattd already exists." 2. But now I only get "The username already exists." I am not retrieving the $username variable. This screenshot is found he http://imgur.com/lIwLZ1G thanks. While we're on the subject, is there a way to ensure that the first letter of a name is captalized, and the rest lowercase? Or is this best handled later on, when the name is being used and called from the DB. PS: some of us comment are code as to WHAT we are doing because we're just not that good yet, and we need to explain it to ourselves. Hi A part of my site allows users to send messages to other users. When a member is logged on, they see a panel on the left with a link to the messages page. If there is a message they have not seen, it looks like messages(1). As this panel is on every page, the message(1) is displayed on every page. My question is a general one which i've always wondered about - I determine whether all messages have been read or not from the database. Should I go once to the database when user logs on, and save this value to a session, or should i go to the database each time the member goes to a new page.... The reason I ask is because I am saving a lot of data in the session already so where do I draw the line between saving stuff to a session and just repeatedly going to the database.. Hello, I have a form where individuals can update there personal information that is already stored in a database, i.e name, address, phone number etc. There are several fields they can update. Right now it sends an email to the owner that an individual has updated their records, and sends all the fields that are in the table. Is it possible to let the owner be notified by email which individual field was updated? Example their phone number has changed they make the update and the owner gets an e-mail with just that field update. I hope I explained myself properly. Thank you in advance. Hello, I am trying to update my database using a form. While submitting this function is called, but nothing is changed. If I replace the variables with values, the function works fine, but not with variables. Code: [Select] function updateCandidate($id, $F_Name, $L_Name, $Gender, $Bday, $PhoneNo, $Address, $City, $Country, $Nationality, $experience, $Stat) { $q = "UPDATE candidates SET F_Name = '$F_Name', L_Name='$L_Name', Gender='$Gender', Bday='$Bday', PhoneNo='$PhoneNo', Address = '$Address', City='$City', Country = '$Country', Nationality = '$Nationality', Experience_idExperience='$experience', Status= $Stat WHERE Users_UsersID = $id"; return mysql_query($q, $this->connection); I'm not shore what to do this update code isn't updating my database this is just the update code for my login Code: [Select] mysql_query("UPDATE users SET session_id='$session' WHERE email='$email' AND password='$pas'") or die(mysql_error()); //Add session ID to DB mysql_query("UPDATE users SET login_ip='$ip' WHERE email='$email' AND password='$pas'") or die(mysql_error()); //Add login IP to DBand this is all of it Code: [Select] <title>Log In</title><?php require('database.php'); //Include DB connection information if (isset($_POST['login'])) { //Execute the following if form is submitted $ip = mysql_real_escape_string($_SERVER["REMOTE_ADDR"]); //Geet user's IP Address $email = mysql_real_escape_string($_POST['email']); //Post email from form $password = mysql_real_escape_string(sha1(md5($_POST['pass']))); //Post password from form and encrypt if (empty($email) || empty($password)) { //Check for empty fields die("<b>Error:</b> All fields are required to be filled in."); } $check = mysql_query("SELECT * FROM users WHERE email = '$email'") or die(mysql_error()); $check2 = mysql_num_rows($check); if ($check2 == 0) { //Check if account exists die("<b>Error:</b> Email and password do not match the database."); } $row = mysql_fetch_array($check); $db_password = $row['password']+$row['key']; if ($password != $db_password) { //Check if password is correct die("<b>Error:</b> Email and password do not match the database."); } $allowed = $row['u']; if ($allowed != 1) { //Check if they have permission die("<b>Error:</b> You do not have permission to view this section."); } function randomstring($length = 10) { $validCharacters = "abcdefghijklmnopqrstuxyvwz1234567890"; $validCharNumber = strlen($validCharacters); $result = ""; for ($i = 0; $i < $length; $i++) { $index = mt_rand(0, $validCharNumber - 1); $result .= $validCharacters[$index]; } return $result; } $session = randomstring(); $key = $row['key']; $pas = $password . $key; mysql_query("UPDATE users SET session_id='$session' WHERE email='$email' AND password='$pas'") or die(mysql_error()); //Add session ID to DB mysql_query("UPDATE users SET login_ip='$ip' WHERE email='$email' AND password='$pas'") or die(mysql_error()); //Add login IP to DB $level = $row['accounttype']; $u = $row['u']; $fs = $row['fs']; $bc = $row['bc']; $fam = $row['fam']; $future = time() + 1209600; setcookie("uemail", $email, $future); //Set cookie containing username setcookie("sessionid", $session, $future); //Set cookie containging session ID setcookie("acounttype", $level, $future); setcookie("u", $u, $future); setcookie("fs", $fs, $future); setcookie("bc", $bc, $future); setcookie("fam", $fam, $future); ////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////// //header("Location: undefined.php"); //Redirect to members page } else { //If form is not submitted display the form echo<<<login <center> <h1>Log In To The Undefiend Section</h1> <h2>Or GO <a href="../main.php">Home</a></h2> <form method="post" action=""> Email: <input type="text" name="email"><br> Password: <input type="password" name="pass"><br> <input type="submit" name="login" value="Login"><br><br> </form></center> login; } ?> I am trying to make a rating system and this script is not working. Code: [Select] $ratingget = $_REQUEST['star2']; mysql_select_db($database_news, $news); $query_ratingsys = "UPDATE news SET votes = votes +1 AND rating = rating +'$ratingget' WHERE id = '$id'"; $ratingsys = mysql_query($query_ratingsys, $news) or die(mysql_error()); Hello I am updating a SQL database - basically adding to an account field as follows... $sql1 = "select * from member where username = \"$owner\" limit 1 "; $result1 = mysql_query($sql1, $conn) or die(mysql_error()); $row1 = mysql_fetch_assoc($result1); $total_commissions = $row1['total_commissions']; $total_commissions = $total_commissions + $_SESSION['cost_per_token']; //add to data $balance = $row1['balance']; $balance = $balance + $_SESSION['cost_per_token']; //add to data #-------------------------------------------------------------------------- #Update db $sql1 = " UPDATE member SET total_commissions = \"$total_commissions\", balance = \"$balance\" WHERE username=\"$owner\" "; $result1 = mysql_query($sql1, $conn) or die(mysql_error()); is there a way to add to the data from the UPDATE query? e.g; $sql1 = " UPDATE member SET total_commissions = \"$total_commissions\ + $_SESSION['cost_per_token'] ", balance = \"$balance\ + $_SESSION['cost_per_token']" WHERE username=\"$owner\" "; I'm trying to update my database so that if someone enters an e-mail address that doesn't exist, the program updates the database with the new address. I've tested everything and $result returns the correct data every time (0 or 1) but if the address doesn't exist, nothing gets updated. I know I'm missing something, just not sure what it is... Code: [Select] { $result = mysql_query(" SELECT * FROM PlayerInfo WHERE Player_Email = '$playeremail'"); IF($result) { IF (mysql_num_rows($result) = 0) { //Insert into database: new e-mail address... } } I've also tested the insert into statement and it works, so that's not the issure. Any help appreciated. Thanks. |
|||||||