|
PHP - Mysqli Prepared Update Syntax Error
<?php
//COOKIE CHECKER
if (isset($_COOKIE["person"])){
if (filter_var($_COOKIE["person"], FILTER_VALIDATE_INT)){
$user_id = $_COOKIE["person"];
//DATABASE CONNECTION VARIABLES
$myserver ="localhost";
$myname = "username";
$mypassword = "password";
$mydb ="dbname";
/*SQL CONNECTION*/
// Create connection
$conn = new mysqli($myserver, $myname, $mypassword, $mydb);
// Check connection
if ($conn->connect_error) {
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>
<H1>Decline of the Han - Three Kingdoms</H1>';
die("Connection failed: " . $conn->connect_error);
echo '</BODY>
</HTML>';
}
else {
//COUNT USER
$cquery = "SELECT COUNT(*) AS usercheck FROM Players WHERE ID = ?";
$cid = $conn->prepare($cquery);
$cid->bind_param('i', $user_id);
$cid->execute();
$cid->bind_result($usercheck);
$cid->fetch();
if ($usercheck ==1){
if (isset($_POST["profile"])){
if(!filter_var($_POST["profile"], FILTER_SANITIZE_STRING)){
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>';
echo '<P class="error">Unable to filter bio <a href="biography.php">return</a></P>';
echo '</BODY>
</HTML>';
}
else {
$profile = $_POST["profile"];
$sql = "UPDATE Player_Data SET Bio =? WHERE ID=?";
$q = $conn->prepare($sql);
$q->bind_param("si", $profile, $user_id);
$q->execute();
echo '<P>Biography altered <a href="biography.php">return</a></P>';
//close connection
$conn->close();
}
}
}
else {
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>';
echo '<P class="error">'.$usercheck.' '.$user_id.'</P>';
echo '<P class="error">No such user found!</P>';
//close connection
$conn->close();
//foot
echo '</BODY>
</HTML>';
}
//end connection check
}
}
else {
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>';
echo '<P class="error">ERROR invalid cookie!</P>';
echo '</BODY>
</HTML>';
}
}
else {
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>';
echo '<P class="error">No cookie detected!<br><a href="login.php">login</a></P>';
echo '</BODY>
</HTML>';
}
?>
I have an error in the update, but I am not seeing where I made it. Its annoying because the update won't execute and anything beyond the update isn't visible in the html source code in the browser, so it is likely to be a syntax error, but where?
Similar Tutorials
<?php
//COOKIE CHECKER
if (isset($_COOKIE["person"])){
if (filter_var($_COOKIE["person"], FILTER_VALIDATE_INT)){
$user_id = $_COOKIE["person"];
//DATABASE CONNECTION VARIABLES
$myserver ="localhost";
$myname = "username";
$mypassword = "password";
$mydb ="dbname";
/*SQL CONNECTION*/
// Create connection
$conn = new mysqli($myserver, $myname, $mypassword, $mydb);
// Check connection
if ($conn->connect_error) {
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>
<H1>Decline of the Han - Three Kingdoms</H1>';
die("Connection failed: " . $conn->connect_error);
echo '</BODY>
</HTML>';
}
else {
//COUNT USER
$cquery = "SELECT COUNT(*) AS usercheck FROM Players WHERE ID = ?";
$cid = $conn->prepare($cquery);
$cid->bind_param('i', $user_id);
$cid->execute();
$cid->bind_result($usercheck);
$cid->fetch();
if ($usercheck ==1){
if (isset($_POST["profile"])){
if(!filter_var($_POST["profile"], FILTER_SANITIZE_STRING)){
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>';
echo '<P class="error">Unable to filter bio <a href="biography.php">return</a></P>';
echo '</BODY>
</HTML>';
}
else {
$profile = $_POST["profile"];
$sql = "UPDATE Player_Data SET Bio =? WHERE ID=?";
$q = $conn->prepare($sql);
$q->bind_param("si", $profile, $user_id);
$q->execute();
echo '<P>Biography altered <a href="biography.php">return</a></P>';
//close connection
$conn->close();
}
}
}
else {
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>';
echo '<P class="error">'.$usercheck.' '.$user_id.'</P>';
echo '<P class="error">No such user found!</P>';
//close connection
$conn->close();
//foot
echo '</BODY>
</HTML>';
}
//end connection check
}
}
else {
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>';
echo '<P class="error">ERROR invalid cookie!</P>';
echo '</BODY>
</HTML>';
}
}
else {
echo '<!DOCTYPE HTML>
<HTML>
<HEAD>
<TITLE>test</TITLE>
</HEAD>
<BODY>';
echo '<P class="error">No cookie detected!<br><a href="login.php">login</a></P>';
echo '</BODY>
</HTML>';
}
?>
I have an error in the update, but I am not seeing where I made it. Its annoying because the update won't execute and anything beyond the update isn't visible in the html source code in the browser, so it is likely to be a syntax error, but where?
I have been pulling my hair out for the lasy 3 hours i am trying to update a MySql table but i cant get it too work, i just keep getting MySql error #1064 - You have an error in your SQL syntax; if i just update 1 field it works fine but if i try to update more than 1 field it dosent work, Help Please! <?php $root = $_SERVER['DOCUMENT_ROOT']; require("$root/include/mysqldb.php"); require("$root/include/incpost.php"); $con = mysql_connect("$dbhost","$dbuser","$dbpass"); if (!$con) { die('Could not connect: ' . mysql_error()); } mysql_select_db("$dbame", $con); mysql_query("UPDATE Reg_Profile_p SET build='$build' col='$col' size='$size' WHERE uin = '$uinco'"); ?> I have just got hold of a MySQLi class (a wrapper to the built in one of course), and for EVERY query sent they have used prepared statements. Is this right? I expected it to just send using the mysqli_query function (with the prepared statements option if selected). Should you send ALL queries using a prepared statement? What (if any) are the downfalls of using prepared statements? I wrote a code with prepared statements MySQLi: Code: [Select] <?php include_once 'dbinfo.php'; if(isset($_POST['kuldes'])) { $name = trim($_POST['nev']); $username = $_POST['felh_nev']; $password = $_POST['jelszo']; $email = $_POST['email']; $phone = $_POST['telefon']; $gender = $_POST['sex']; $hobby = $_POST['hobby']; $regfelt = $_POST['regfelt']; $name = strip_tags($name); $name = stripslashes($name); $username = strip_tags($username); $email = strip_tags($email); $phone = strip_tags($phone); $date = date("d-m-Y"); if($name == NULL || $username == NULL || $password == NULL || $email == NULL || $phone == NULL || $gender == NULL) { echo "Please complete the form below or one of the boxes is empty."; } elseif(strlen($username) <= 3 || strlen($username) >= 30){ $final_report.="Your username must be between 3 and 30 characters.."; } elseif($stmt = $connect->prepare('SELECT * FROM users WHERE username=?')) { $stmt->bind_param('s', $username); $stmt->execute(); $stmt->bind_result($username); while ($stmt->fetch()) { printf("Name: %s\n", $name); $final_report.="The username is already in use!"; } $stmt->close(); }elseif(strlen($password) <= 6 || strlen($password) >= 12){ $final_report.="Your password must be between 6 and 12 digits and characters.."; } elseif(!eregi("^[_a-z0-9-]+(\.[_a-z0-9-]+)*@[a-z0-9-]+(\.[a-z0-9-]+)*(\.[a-z]{2,3})$", $email)){ $final_report.="Your email address was not valid.."; } elseif(!eregi("^[0-9]{1,3}-[0-9]{1,3}-[0-9]{1,10}$",$phone)){ $final_report.="Phone number is invalid. Only numbers with hyphen. Allowed format: countrycode-areacode-phonenumber"; } elseif(!isset($hobby)){ $final_report.="Youd didn't select any hobbies"; } elseif(!isset($regfelt)){ $final_report.="You didn't accept the terms"; } else { if ($stmt = $connection->prepare('INSERT INTO users(name,sex,email,phone_number,username,password,hobby) VALUES(?, ?, ?, ?, ?, ?, ?)')) { $stmt->bind_param('sssssss', $name, $sex, $email, $phone_number, $username, $password, $hobby); $stmt->execute(); $stmt->close(); } }}?> <h1>Registration Form</h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" name="registration_form" method="POST"> <p>Name: <input type="text" name="nev" value="<?php echo (isset($name) ? $name : ''); ''?>" size=25></p> <p>Username: <input type="text" name="felh_nev" value="<?php echo (isset($username) ? $username : ''); ?>" size=10></p> <p>Password: <input type="password" name="jelszo" size=10></p> <!--<p>Password again:<input type="password" name="password_confirmation"></p>--> <p>E-mail: <input type="text" name="email" value="<?php echo (isset($email) ? $email : ''); ?>"/></p> <p>Phone number: <input type="text" name="telefon" value="<?php echo (isset($phone) ? $phone : ''); ?>"/></p> <p>Sex: <label><input type="radio" name="sex" value="no" >Female</label> <label><input type="radio" name="sex" value="ferfi" >Male</label></p> <p>Favorite hobbies (Using CTRL you can select more than one):</p> <select name="hobby[]" size="4" multiple> <option value="sport">Sport</option> <option value="mozi">Movies</option> <option value="kirandulas">Hiking</option> <option value="olvasas">Reading</option> </select> <p><input name="regfelt" type="checkbox" value="elfogad">I accept the terms!</p> <p><input name="kuldes" type="submit" value="Submit form"> <input name="reset" type="reset" value="delete"></p> <table width="501" border="1"> <tr> <td><?php echo $final_report; ?></td> </tr> </table> <p> </p> </form>And I get the following error message: Warning: mysqli_stmt::bind_result() [mysqli-stmt.bind-result]: Number of bind variables doesn't match number of fields in prepared statement in I don't understand what's the problem is, many people can't give solution for this? Anyone who can help me? It's brain racking. I'm trying to work with prepared statements, but unfortunately I do not get any result back. I also tried while($stmt->fetch()) { ... }, with the same effect.
Does anyone have a suggestion?
Thanks in advance.
<?php
MAKING CONNECTION
if ($stmt = $mysqli->prepare("SELECT year FROM SOMETABLE WHERE id = ? LIMIT 1")) {
$id = $_GET['id'];
$stmt->bind_param("i", $id);
$stmt->execute();
$stmt->bind_result($year);
$stmt->fetch();
echo $year;
$stmt->close();
}
$mysqli->close();
?>
Hi, I want to restructure my database tables so that I can have one table (t_incidents) to hold foreign keys instead of holding foreign keys in the table "t_persons" because one person can commit more than one offense. However, I need to know how the join should be implemented with MySQLi prepared statement. I need some one to review the following statement for me and advise:
if ($stmt = $mysqli->prepare("Select t_persons.PersonID
,t_persons.FamilyName
,t_persons.FirstName
,t_persons.OtherNames
,t_persons.Gender
,t_persons.CountryID
,t_persons.ImagePath
,t_incidents.IncidentID
,t_incidents.Incident
,t_incidents.IncidentDate
,t_incidents.PersonID
,t_incidents.CountryID
,t_incidents.OffenceKeywordID
,t_incidents.StatusID
,t_incidents.AgencyID
,t_status.StatusID
,t_status.Status
,t_offencekeyword.KeywordID
,t_offencekeyword.Keyword
,t_countries.CountryID
,t_countries.Country
,t_agencies.AgencyID
,t_agencies.Agency
From t_persons
Inner Join t_incidents On t_persons.PersonID = t_incidents.PersonID
Inner Join t_incidents On t_countries.CountryID = t_incidents.CountryID
Inner Join t_incidents On t_status.StatusID = t_incidents.StatusID
Inner Join t_incidents On t_offenceskeyword.KeywordID = t_incidents.KeywordID
Inner Join t_incidents On t_agencies.AgencyID = t_incidents.AgencyID
Where t_persons.PersonID = '$PersonID'")) {
Regards.josephbupe Hi ! I am trying to translate my mysqli count query that works perfectly into prepared statements. Unfortunately, after playing around and using my knowledge of PS, I have come up with this script which fails to execute and returns a http 500 error. I may have missed something very silly, I require some guidance on fixing the error.
<?php
$conn = mysqli_connect("xxxx", "xxxx", "xxxx", "xxx");
$sel_query = "SELECT
S1, B1
COUNT(IF(S1 = ?, 1, NULL)) 'Accepted',
COUNT(IF(S1 = ?, 1, NULL)) 'Rejected',
COUNT(IF(S1 = ?, 1, NULL)) 'Under_Review' FROM Enrol";
$stmt = $conn->prepare($sel_query);
$Accepted="Accepted";
$Rejected="Rejected";
$Under_Review="Under Review";
$stmt->bind_param("sss",$Accepted, $Rejected, $Under_Review);
$stmt->execute();
$result = $stmt->get_result(); // get the mysqli result
if($result->num_rows === 0) exit('No records found!');
while($row = $result->fetch_assoc()) { ?>
<tr>
<td><?php echo $row["Accepted"]; ?></td>
<td><?php echo $row["Rejected"]; ?></td>
<td><?php echo $row["Under_Review"]; ?></td>
</tr>
</table>
Edited June 24, 2020 by PythonHelp I have a prepared statement class for MYSQL, since in PHP 5 this is now changing to mysqli; I'm looking for some help in changing the code from my existing class to the new mysqli.
I have done some research online about changing from mysql to mysqli but the changes I made seems to only cause issues with connecting to the database.
After many hours of changing the existing file using the research online, I've decided to start again and ask others if they would be ever so kind to help this noob out and point out which parts of the script needs to be changed.
Thank you for reading.
<?php
class Database {
private $host;
private $user;
private $pass;
private $name;
private $link;
private $error;
private $errno;
private $query;
function __construct($host, $user, $pass, $name = "", $conn = 1) {
$this -> host = $host;
$this -> user = $user;
$this -> pass = $pass;
if (!empty($name)) $this -> name = $name;
if ($conn == 1) $this -> connect();
}
function __destruct() {
@mysql_close($this->link);
}
public function connect() {
if ($this -> link = mysql_connect($this -> host, $this -> user, $this -> pass, TRUE)) {
if (!empty($this -> name)) {
if (!mysql_select_db($this -> name, $this->link)) $this -> exception("Could not connect to the database!");
}
} else {
$this -> exception("Could not create database connection!");
}
}
public function close() {
@mysql_close($this->link);
}
public function query($sql) {
if ($this->query = @mysql_query($sql, $this->link)) {
return $this->query;
} else {
$this->exception("Could not query database!");
return false;
}
}
public function num_rows($qid) {
if (empty($qid)) {
$this->exception("Could not get number of rows because no query id was supplied!");
return false;
} else {
return mysql_num_rows($qid);
}
}
public function fetch_array($qid) {
if (empty($qid)) {
$this->exception("Could not fetch array because no query id was supplied!");
return false;
} else {
$data = mysql_fetch_array($qid);
}
return $data;
}
public function fetch_array_assoc($qid) {
if (empty($qid)) {
$this->exception("Could not fetch array assoc because no query id was supplied!");
return false;
} else {
$data = mysql_fetch_array($qid, MYSQL_ASSOC);
}
return $data;
}
public function fetch_object($qid) {
if (empty($qid)) {
$this->exception("Could not fetch object assoc because no query id was supplied!");
return false;
} else {
$data = mysql_fetch_object($qid);
}
return $data;
}
public function fetch_all_array($sql, $assoc = true) {
$data = array();
if ($qid = $this->query($sql)) {
if ($assoc) {
while ($row = $this->fetch_array_assoc($qid)) {
$data[] = $row;
}
} else {
while ($row = $this->fetch_array($qid)) {
$data[] = $row;
}
}
} else {
return false;
}
return $data;
}
public function last_id() {
if ($id = mysql_insert_id()) {
return $id;
} else {
return false;
}
}
private function exception($message) {
if ($this->link) {
$this->error = mysql_error($this->link);
$this->errno = mysql_errno($this->link);
} else {
$this->error = mysql_error();
$this->errno = mysql_errno();
}
if (PHP_SAPI !== 'cli') {
?>
<div class="alert-bad">
<div>
Database Error
</div>
<div>
Message: <?php echo $message; ?>
</div>
<?php if (strlen($this->error) > 0): ?>
<div>
<?php echo $this->error; ?>
</div>
<?php endif; ?>
<div>
Script: <?php echo @$_SERVER['REQUEST_URI']; ?>
</div>
<?php if (strlen(@$_SERVER['HTTP_REFERER']) > 0): ?>
<div>
<?php echo @$_SERVER['HTTP_REFERER']; ?>
</div>
<?php endif; ?>
</div>
<?php
} else {
echo "MYSQL ERROR: " . ((isset($this->error) && !empty($this->error)) ? $this->error:'') . "\n";
};
}
}
?>
I've searched all over for the past few days trying to figure out what I'm doing wrong. Basically what I'm trying to do is create a prepared statement inside my User class. I can connect to the database, but my query does not execute as expected. Here's the code for my User class Code: [Select] <?php include '../includes/Constants.php'; ?> <?php /** * Description of User * * @author Eric Evas */ class User { var $id, $fname, $lname, $email, $username, $password, $conf_pass; protected static $db_conn; //declare variables public function __construct() { $host = DB_HOST; $user = DB_USER; $pass = DB_PASS; $db = DB_NAME; //Connect to database $this->db_conn = new mysqli($host, $user, $pass, $db); //Check database connection if ($this->db_conn->connect_error) { echo 'Connection Fail: ' . mysqli_connect_error(); } else { echo 'Connected'; } } function regUser($fname, $lname, $email, $username, $password, $conf_pass) { if ($stmt = $this->db_conn->prepare("INSERT INTO USERS (user_fname,user_lname, user_email,username,user_pass) VALUES (?,?,?,?,?)")) { $stmt->bind_param('sssss', $this->fname, $this->lname, $this->email, $this->username, $this->password); $stmt->execute(); $stmt->store_result(); $stmt->close(); } } } ?> And here's the file that I created to instantiate an instance of the user class. Code: [Select] <?php include_once 'User.php'; ?> <?php //Creating new User Object $newUser = new User(); $newUser->fname = $_POST['fname']; $newUser->lname = $_POST['lname']; $newUser->email = $_POST['email']; $newUser->username = $_POST['username']; $newUser->password = $_POST['password']; $newUser->conf_pass = $_POST['conf_pass']; $newUser->regUser($newUser->fname, $newUser->lname, $newUser->email, $newUser->username, $newUser->password, $newUser->conf_pass); ?> And lastly heres the form that I want to get info from the user to insert into the database Code: [Select] <html> <head> <title></title> <link href="stylesheets/styles.css" rel="stylesheet" type="text/css"/> </head> <body> <form action = "Resources/testClass.php" method="post" enctype="multipart/form-data"> <label>First Name: </label> <input type="text" name="fname" id="fname" size="25" maxlength="25"/> <label>Last Name: </label> <input type="text" name="lname" id="lname" size="25" maxlength="25"/> <label>Email: </label> <input type="text" name="email" id="email" size="25" maxlength="40"/> <label>Username: </label> <input type="text" name="username" id="username" size="25" maxlength="32"/> <label>Password: </label> <input type="password" name="password" id="password" size="25" maxlength="32"/> <label>Re-enter Password: </label> <input type="password" name="conf_pass" id="conf_pass" size="25" maxlength="32"/> <br /><br /> <input type="submit" name="submit" id="submit" value="Register"/> <input type="reset" name="reset" id="reset" value="Reset"/> </form> </body> </html> Hi,
I have the following query
SELECT user_details.User_club_ID, user_details.fname, user_details.lname, user_details.email, user_details.club_No club.CLUBCODE, club.club_id FROM user_details, club WHERE club_id = $cid AND user_details.club_No = club.CLUBCODE AND user_status = 'active'";which I converted to a prepared statement as SELECT user_details.User_club_ID, user_details.fname, user_details.lname, user_details.email, user_details.club_No club.CLUBCODE, club.club_id FROM user_details, club WHERE club_id = ? AND user_details.club_No = club.CLUBCODE AND user_status = ?";Please note that user_status is a field in the table user_details. The original query (non -PDO) works correctly. I want to know if this is correct and that the comparison in the WHERE clause i.e. user_details.club_No = club.CLUBCODE is security safe. If not then how should this be modified. Also if there is a better way to write this statement, kindly show that as well. Thanks Thanks all ! Edited by ajoo, 11 December 2014 - 02:35 AM. HI All, I am writing a prepared statement to update some user information. Included in this table are the username and password fields. In this particular form, i dont want the user to have access to this information and have built a form that only shows what i want them to be able to change. The bit that i am not sure about is the prepared statement that i am writing. I am getting a boolean error suggesting that my prepare failed and i think this may be because i have not named every field in the table. To give an idea of the table fields i have pulled this from php my_admin (this is not the sql i am running) UPDATE `ssm_user` SET `user_id`=[value-1],`user_email`=[value-2],`user_password`=[value-3], `user_firstname`=[value-4],`user_lastname`=[value-5],`user_accountlevel`=[value-6], `user_mobile`=[value-7],`user_role`=[value-8],`user_lastlogondate`=[value-9] WHERE 1 my prepared statement is
$stmt = $conn->prepare("
UPDATE ssm_user
SET
user_email=?,
user_firstname=?,
user_lastname=?,
user_accountlevel=?,
user_mobile=?,
WHERE user_id = ?
");
$stmt->bind_param('sssssi', $email, $fname, $lname, $accountlevel, $mobile, $uid);
$stmt->execute();
return $stmt->affected_rows;
Do i have to declare every field in the table or is there something that i am missing here. I can't get my Updated On timestamp to work in the following query... Code: [Select] // ****************************** // Create Temporary Password. * // ****************************** $tempPass = substr(md5(uniqid(rand(), true)), 3, 10); // Build query. $r = "UPDATE member SET pass=?, updated_on=? WHERE email=? LIMIT 1"; // Prepare statement. $stmt2 = mysqli_prepare($dbc, $r); // Bind variables to query. mysqli_stmt_bind_param($stmt2, 'sss', $tempPass, NOW(), $email); // Execute query. mysqli_stmt_execute($stmt2); I used similar code for an INSERT and it worked fine?! Now sure what is going on here... Debbie HI, I have a user form on a modal. The user can be updated from this modal but on the second tab is where the users password can be updated. The update button commits all changes including the password update. If the New Password field is blank i do not want it to be updated. I am using a prepared statement and am not sure how to ommit a field if it is blank. In actual fact there is a new password and a confirm password field which must be the same before the password field is updated.
if ($_SERVER['REQUEST_METHOD']=='POST'){
$uid = $_POST['UM-uid'];
$fname = $_POST['UM-firstName'];
$lname = $_POST['UM-lastName'];
$email = $_POST['UM-emailAddress'];
$accountlevel = $_POST['UM-accountLevelId'];
$mobile = $_POST['UM-mobileNumber'];
$roleid = $_POST['UM-roleId'];
$newpass = password_hash($_POST['UM-pass'], PASSWORD_DEFAULT);
if(!empty($_POST['UM-firstName'])){
// prepare stmt
$stmt = $conn->prepare("
UPDATE ssm_user
SET
user_password=?,
user_email=?,
user_firstname=?,
user_lastname=?,
user_account_level_id=?,
user_mobile=?,
user_role_id=?
WHERE user_id = ?
");
$stmt->bind_param('sssssssi', $newpass, $email, $fname, $lname, $accountlevel, $mobile, $roleid, $uid);
$stmt->execute();
$_SESSION['user']=$fname." ".$lname;
$_SESSION['updateUser']="has been successfully updated";
$_SESSION['actionstatus']="success";
I am sure i will be able to work out the password confirmation part, its just the omitting password from being part of the update if blank. Dear Sir/Madame I am making a website where user can insert data and wait for the admin to approve/reject the form. Now i am stuck with the update status where an admin can submit with a click pending to approval or reject with comments. I am new to PHP programming. Can somebody help me with the issue. Part 1 is inserting the data and part two is fetching the data but i am unable to solve the status approve/reject and comment at the same time on the view.php? page. Kindly help. Thank you.
<?php
$host="localhost";
$username="root";
$pass="";
$db="ems1";
$conn=mysqli_connect($host,$username,$pass,$db);
if(!$conn){
die("Database connection error");
}
// insert query for register page
if(isset($_REQUEST['proposal']))
{
$details=$_POST['details'];
$location=$_POST['location'];
$date=$_POST['date'];
$time=$_POST['time'];
$status="Pending";
$comment=$_POST['comment'];
$query="INSERT INTO `proposal` (`details`,`location`,`date`,`time`,`status`,`comment`) VALUES ('$details','$location','$date','$time','$status','$comment')";
$res=mysqli_query($conn,$query);
if($res){
$_SESSION['success']="Not Inserted successfully!";
header('Location:');
}else{
echo "Leave not Applied, please try again!";
}
}
?>
<div class="col-xs-6 col-xs-push-3 well">
<form class="form-horizontal" method="post" action="" >
<input type="hidden" name="proposal" value="">
<fieldset>
<legend>New Proposals </legend>
<!----left box----------->
<!----right box----------->
<div class="col-xs-9">
<div class="form-group">
<label for="inputEmail" class="col-lg-3"><b>Details:</b></label>
<div class="col-lg-9">
<input type="text" name="details" class="form-control">
</div>
</div>
<div class="form-group">
<label for="inputEmail" class="col-lg-3"><b>Location:</b></label>
<div class="col-lg-9">
<input type="text" name="location" class="form-control" >
</div>
</div>
<div class="form-group">
<label for="inputEmail" class="col-lg-3"><b>Date:</b></label>
<div class="col-lg-9">
<input type="date" name="date" class="form-control">
</div>
</div>
<div class="form-group">
<label for="inputEmail" class="col-lg-3"><b>Time:</b></label>
<div class="col-lg-9">
<input type="time" name="time" class="form-control" >
</div>
</div>
<div class="col-lg-9">
<input type="hidden" name="status" class="form-control" >
</div>
</div>
<div class="form-group">
<label for="inputEmail" class="col-lg-3"><b></b></label>
<div class="col-lg-9">
<input type="hidden" name="comment" class="form-control">
</div>
</div>
</div>
<div class="form-group">
<div class="col-lg-12">
<button type="reset" class="btn btn-default">Cancel</button>
<button type="submit" class="btn btn-primary">Submit</button>
</div>
</div>
</fieldset>
</form>
</div>
</div>
<body>
<h2 style="text-align:center; color:orangered;">
DASHBOARD
</h2>
<table>
<h3>
<tr style="background-color:#E4EBC5; color:orangered;">
<th>ID</th>
<th>Details</th>
<th>Location</th>
<th>Status</th>
<th>Comment</th>
</tr>
</h3>
</table>
<?Php
////////////////////////////////////////////
require "dbconfig.php"; // MySQL connection string
$count="SELECT id,details,location,time,status,comment FROM proposal";
if($stmt = $connection->query($count)){
while ($nt = $stmt->fetch_assoc()) {
echo "
<body>
<table>
<tr>
<td><a href=view.php?id=$nt[id]>$nt[id]</a></td>
<td>$nt[details]</td>
<td>$nt[location]</td>
<td>$nt[status]</td>
<td>$nt[comment]</td>
</tr>
</table>
</body>
";
}
}else{
echo $connection->error;
}
?>
Hi, I am having trouble coding for mysqli update. Please, somebody tell me the correct way. I'm trying to update the "lastused" (current date) field in "emailtbl". Somebody please tell the best way to code this. Below is the message and following, the current code: Fatal error: Call to undefined function curdate() in C:\xampp\htdocs\home\lastused.php on line 14
$db = new mysqli('localhost', 'root', 'pass', 'mydb');
if($db->connect_errno > 0)
{die('Unable to connect to database [' . $db->connect_error . ']');}
$sql = <<<SQL
SELECT *
FROM `emailtbl`
WHERE `id` = '$id'
SQL;
if(!$result = $db->query($sql))
{die('There was an error running the query [' . $db->error . ']');}
$lastused = $_POST['lastused'];
$lastused = curdate();
echo "last date accessed is ".$data['lastused'];
$result->free();
$db->escape_string('This is an unescape "string"');
$db->close();
?>
$update
= mysqli_query($dbconnect, "UPDATE emailtbl SETlastused = curdate() WHERE id ='$id'"); if($update == false) { die("UPDATE FAILED: ".mysqli_error($dbconnect)); } echo "$lastused is the last date this account was accessed"; Hi folks, This has been wrecking my brain. I did do a google a few times to see if I can find a solution but nothing unfortunately. I want to be able to update the details on a page without having to reupload a new image each time. But if I don't open a new image for upload, I cannot update any of the other details. Below is the code and form etc for this particular thing... Please note this is just a project and will not be going live. I know there are vulnerabilities and I will work on those at a later stage. Thanks for any help with this current issue.
<?php
include_once('includes/header.php');
if(isset($_POST['new']) && $_POST['new']==1){
if (isset($_POST['submit'])) {
if(!empty($_FILES['image']['name'])) {
// Get image name
$image = $_FILES['image']['name'];
$image = mysqli_real_escape_string($con, $_FILES['image']['name']);
$slide_text = mysqli_real_escape_string($con, $_POST['slide_text']);
$youtube = mysqli_real_escape_string($con, $_POST['youtube']);
$vid_text = mysqli_real_escape_string($con, $_POST['vid_text']);
// image file directory
$target = "uploads/".basename($image);
if($_POST['image'] = ""){
$sql = "UPDATE slide SET slide_text='".$slide_text."', image='".$image."', youtube='".$youtube."', vid_text='".$vid_text."'";
}
else{
$sql = "UPDATE slide SET slide_text='".$slide_text."', youtube='".$youtube."', vid_text='".$vid_text."'";
}
$result = mysqli_query($con, $sql);
if (move_uploaded_file($_FILES['image']['tmp_name'], $target)) {
$msg = "Image uploaded successfully";
}else{
$msg = "Failed to upload image";
}
if(!$result){
die('Error: ' . mysqli_error($con));
} else{
$message = ' - <i class="fa fa-check success"> Record Updated!</i>';
}
}
}
}
$sql = "SELECT * FROM slide";
$result = $con->query($sql);
if ($result->num_rows > 0) {
while($row = $result->fetch_assoc()) {
?>
<!-- Header-->
<div class="breadcrumbs">
<div class="col-sm-4">
<div class="page-header float-left">
<div class="page-title">
<h1>Slide Show</h1>
</div>
</div>
</div> <div class="col-sm-8">
</div>
</div>
<div class="content mt-3">
<div class="animated fadeIn">
<div class="row">
<div class="col-lg-12">
<div class="card">
<div class="card-header"><strong>Image </strong><small>Slide</small></div>
<div class="card-body card-block">
<form role="form" method="post" action"" enctype="multipart/form-data">
<input type="hidden" name="new" value="1" />
<div class="modal-body">
<div class="row form-group">
<div class="col-6">
<div class="form-group"><label for="image" class=" form-control-label">Image</label>
<input type="file" id="image" name="image" value="<?php echo $row['image']; ?>" class="form-control">
</div>
</div>
<div class="col-6">
<div class="form-group"><label for="name" class=" form-control-label">Uploaded Image</label>
<img src="uploads/<?php echo $row['image']; ?>" width="150" height="150" class="img-fluid hover-shadow" />
</div>
</div>
</div>
<div class="row form-group">
<div class="col-6">
<div class="form-group"><label for="youtube" class=" form-control-label">Video</label>
<input type="text" id="youtube" name="youtube" value="<?php echo $row['youtube']; ?>" placeholder="Enter Video URL" class="form-control">
</div>
</div>
<div class="col-6">
<div class="form-group"><label for="vid_text" class=" form-control-label">Video Text</label>
<input type="text" id="vid_text" name="vid_text" value="<?php echo $row['vid_text']; ?>" placeholder="Video Text" class="form-control">
</div>
</div>
</div>
<div class="form-group"><label for="slide_text" class=" form-control-label">Text Overlay</label>
<textarea is="slide_text" name="slide_text" class="form-control"><?php echo $row['slide_text']; ?></textarea>
</div>
<div class="modal-footer">
<button type="submit" name="submit" id="submit" class="btn btn-primary">Confirm</button>
</div>
</form>
</div>
</div>
</div><!-- .animated -->
</div><!-- .content -->
<?php
}
}
?>
</div><!-- /#right-panel -->
<!-- Right Panel -->
<script src="assets/js/vendor/jquery-2.1.4.min.js"></script>
<script src="assets/js/popper.min.js"></script>
<script src="assets/js/plugins.js"></script>
<script src="assets/js/main.js"></script>
<script src="assets/js/lib/data-table/datatables.min.js"></script>
<script src="assets/js/lib/data-table/dataTables.bootstrap.min.js"></script>
<script src="assets/js/lib/data-table/dataTables.buttons.min.js"></script>
<script src="assets/js/lib/data-table/buttons.bootstrap.min.js"></script>
<script src="assets/js/lib/data-table/jszip.min.js"></script>
<script src="assets/js/lib/data-table/pdfmake.min.js"></script>
<script src="assets/js/lib/data-table/vfs_fonts.js"></script>
<script src="assets/js/lib/data-table/buttons.html5.min.js"></script>
<script src="assets/js/lib/data-table/buttons.print.min.js"></script>
<script src="assets/js/lib/data-table/buttons.colVis.min.js"></script>
<script src="assets/js/lib/data-table/datatables-init.js"></script>
<script src="https://cdn.tiny.cloud/1/sw6bkvhzd3ev4xl3u9yx3tzrux4nthssiwgsog74altv1o65/tinymce/5/tinymce.min.js" referrerpolicy="origin"></script>
<script>
tinymce.init({
selector: 'textarea',
plugins: 'advlist autolink lists link image charmap print preview hr anchor pagebreak',
toolbar_mode: 'floating',
});
</script>
<script type="text/javascript">
$(document).ready(function() {
$('#customer-table').DataTable();
} );
</script>
</body>
</html>
As you can see I am trying to use an If clause if the image field in the form is empty then I just want to update the other details. Else, if I fill the image field with a file, then update the lot.
if($_POST['image'] = ""){
$sql = "UPDATE slide SET slide_text='".$slide_text."', image='".$image."', youtube='".$youtube."', vid_text='".$vid_text."'";
}
else{
$sql = "UPDATE slide SET slide_text='".$slide_text."', youtube='".$youtube."', vid_text='".$vid_text."'";
}
This doesn't work. Any ideas, besides give up?
I have several registration systems that were designed some time ago running mysql. How long do I have until I have to competely move to mysqli? I am working on recoding them, but it is taking some time. Does anyone know when it will become an issue?
Hi, i have a user update function in my code so I can easily change user fields int he database public function updateUser ($username, $value, $what) { $q = "UPDATE `users` SET ? = ? WHERE username = ?"; if ($stmt = $this->db_connection->prepare($q)) { $stmt->bind_param("sis", $what, $value, $username); $stmt->execute(); } } The database is connected successfully, but say i run a updateUser('blaine0002', 'blah', 'password'); nothing would get updated and no errors are thrown. Am i doing something wrong? Thank you! I closed everything down last night and it was all fine, website was working as normal etc, but I've turned on the Xxamp server today and I am getting this error. Seems very random as nothing has changed since it was last on? Does anyone know how to sort this out and why I'm now getting this error? Thanks! |
|||||||