|
PHP - Help Required To Code An Update Query Within The Results Of A Select Query
Hello all,
Based on the suggestion of you wonderful folks here, I went away for a few days (to learn about PDO and Prepared Statements) in order to replace the MySQLi commands in my code. That's gone pretty well thus far...with me having learnt and successfully replaced most of my "bad" code with elegant, SQL-Injection-proof code (or so I hope).
The one-and-only problem I'm having (for now at least) is that I'm having trouble understanding how to execute an UPDATE query within the resultset of a SELECT query (using PDO and prepared statements, of course).
Let me explain (my scenario), and since a picture speaks a thousand words I've also inlcuded a screenshot to show you guys my setup:
In my table I have two columns (which are essentially flags i.e. Y/N), one for "items alreay purchased" and the other for "items to be purchased later". The first flag, if/when set ON (Y) will highlight row(s) in red...and the second flag will highlight row(s) in blue (when set ON).
I initially had four buttons, two each for setting the flags/columns to "Y", and another two to reverse the columns/flags to "N". That was when I had my delete functionality as a separate operation on a separate tab/list item, and that was fine.
Now that I've realized I can include both operations (update and delete) on just the one tab, I've also figured it would be better to pare down those four buttons (into just two), and set them up as a toggle feature i.e. if the value is currently "Y" then the button will set it to "N", and vice versa.
So, looking at my attached picture, if a person selects (using the checkboxes) the first four rows and clicks the first button (labeled "Toggle selected items as Purchased/Not Purchased") then the following must happen:
1. The purchased_flag for rows # 2 and 4 must be switched OFF (set to N)...so they will no longer be highlighted in red.
2. The purchased_flag for row # 3 must be switched ON (set to Y)...so that row will now be highlighted in red.
3. Nothing must be done to rows # 1 and 5 since: a) row 5 was not selected/checked to begin with, and b) row # 1 has its purchase_later_flag set ON (to Y), so it must be skipped over.
Looking at my code below, I'm guessing (and here's where I need the help) that there's something wrong in the code within the section that says "/*** loop through the results/collection of checked items ***/". I've probably made it more complex than it should be, and that's due to the fact that I have no idea what I'm doing (or rather, how I should be doing it), and this has driven me insane for the last 2 days...which prompted me to "throw in the towel" and seek the help of you very helpful and intellegent folks. BTW, I am a newbie at this, so if I could be provided the exact code, that would be most wonderful, and much highly appreciated.
Thanks to you folks, I'm feeling real good (with a great sense of achievement) after having come here and got the great advice to learn PDO and prepared statements.
Just this one nasty little hurdle is stopping me from getting to "end-of-job" on my very first WebApp. BTW, sorry about the long post...this is the best/only way I could clearly explaing my situation.
Cheers guys!
case "update-delete":
if(isset($_POST['highlight-purchased']))
{
// ****** Setup customized query to obtain only items that are checked ******
$sql = "SELECT * FROM shoplist WHERE";
for($i=0; $i < count($_POST['checkboxes']); $i++)
{
$sql=$sql . " idnumber=" . $_POST['checkboxes'][$i] . " or";
}
$sql= rtrim($sql, "or");
$statement = $conn->prepare($sql);
$statement->execute();
// *** fetch results for all checked items (1st query) *** //
$result = $statement->fetchAll();
$statement->closeCursor();
// Setup query that will change the purchased flag to "N", if it's currently set to "Y"
$sqlSetToN = "UPDATE shoplist SET purchased = 'N' WHERE purchased = 'Y'";
// Setup query that will change the purchased flag to "Y", if it's currently set to "N", "", or NULL
$sqlSetToY = "UPDATE shoplist SET purchased = 'Y' WHERE purchased = 'N' OR purchased = '' OR purchased IS NULL";
$statementSetToN = $conn->prepare($sqlSetToN);
$statementSetToY = $conn->prepare($sqlSetToY);
/*** loop through the results/collection of checked items ***/
foreach($result as $row)
{
if ($row["purchased"] != "Y")
{
// *** fetch one row at a time pertaining to the 2nd query *** //
$resultSetToY = $statementSetToY->fetch();
foreach($resultSetToY as $row)
{
$statementSetToY->execute();
}
}
else
{
// *** fetch one row at a time pertaining to the 2nd query *** //
$resultSetToN = $statementSetToN->fetch();
foreach($resultSetToN as $row)
{
$statementSetToN->execute();
}
}
}
break;
}
CRUD Queston.png 20.68KB
0 downloads
Similar TutorialsHello All,
I'm having trouble trying to "wrap my head around" how I can make the query in my code below more efficient, elegant, and certainly immune to a SQL-injection attack
So, I have a form (which can be seen in the attached screenshot) which has the user first select a search-type via a dropdown listbox. The two choices pertain to two columns in the underlying table i.e. store_name and item_description. Once that selection is completed the user is expected to enter a search-term (which is typically in relation to the choice selected in the first prompt).
Now, what I would like to happen is that the query be created based on both, the value in the search-type prompt, as well as the value in search-term textbox, and of course, the query must be a parameterized prepared statement (to minimize the possiblity of a SQL-inection attach).
Essentially I would like to get rid of the following code (which I believe is potentially redundant, and contains a hard-coded column name between the WHERE and LIKE), to make things less complicated and more elegant/flexible
if ($searchtype == "store_name")
{
$sql = "SELECT * FROM `shoplist` WHERE store_name LIKE :searchterm ORDER BY store_name ASC";
}
else if ($searchtype == "item_description")
{
$sql = "SELECT * FROM `shoplist` WHERE item_description LIKE :searchterm ORDER BY store_name ASC";
}
Here's what I tried:
// Tried this first but it didn't work...gave some kind of error pertaining to the parameter 2
// Prepare the query ONCE
$query = "SELECT * FROM `shoplist` WHERE ? LIKE ? ORDER BY ? ASC";
$searchterm = '%' . $searchterm . '%';
$statement = $conn->prepare($query);
$statement->bindValue(1, $searchtype);
$statement->bindParam(2, $searchterm);
$statement->bindValue(3, $searchtype);
$statement->execute();
// ----------------------------------------------------------------------------------------------------------- //
// Tried this as well, but was getting unexpected results (mostly all rows being returned, regardless of input)
// Prepare the query ONCE
$query = "SELECT * FROM `shoplist` WHERE :searchtype LIKE :searchterm ORDER BY :searchtype ASC";
$searchterm = '%' . $searchterm . '%';
$statement = $conn->prepare($query);
$statement->bindValue(':searchtype', $searchtype);
$statement->bindValue(':searchterm', '%' . $searchterm . '%');
$statement->execute();
Here's the complete code (pertaining to the problem/request):
// create short variable names
if(isset($_POST['searchtype']))
{
$searchtype=$_POST['searchtype'];
}
if(isset($_POST['searchterm']))
{
$searchterm=trim($_POST['searchterm']);
}
if(isset($_POST['searchtype']) && isset($_POST['searchterm']))
{
if (!get_magic_quotes_gpc())
{
$searchtype = addslashes($searchtype);
$searchterm = addslashes($searchterm);
}
}
if(isset($_POST['searchtype']) && isset($_POST['searchterm']))
{
// ****** Setup customized query ******
if ($searchtype == "store_name")
{
// The following statement is potentially open to SQL-inection attack and has therefore been REM(arked)
// $sql = "SELECT * FROM `shoplist` WHERE " . $searchtype . " LIKE :searchterm ORDER BY store_name ASC";
// The following may not be open to SQL-injection attack, but has the column name hard-coded in-between the WHERE and LIKE clauses
// I would like the the column name to be set based on the value chosen by the user in the form dropdown listbox for "searchtype"
$sql = "SELECT * FROM `shoplist` WHERE store_name LIKE :searchterm ORDER BY store_name ASC";
}
else if ($searchtype == "item_description")
{
// The following statement is potentially open to SQL-inection attack and has therefore been REM(arked)
// $sql = "SELECT * FROM `shoplist` WHERE " . $searchtype . " LIKE :searchterm ORDER BY item_description ASC";
// The following may not be open to SQL-injection attack, but has the column name hard-coded in-between the WHERE and LIKE clauses
// I would like the the column name to be set based on the value chosen by the user in the form dropdown listbox for "searchtype"
$sql = "SELECT * FROM `shoplist` WHERE item_description LIKE :searchterm ORDER BY item_description ASC";
}
$statement = $conn->prepare($sql);
$statement->bindValue(':searchterm', '%' . $searchterm . '%');
$statement->execute();
...
...
...
}
Thanks guys!
Attached Files
Search-Screen-SS.png 21.31KB
0 downloadsHi there, I'm having a problem with updating a record with an UPDATE mysql query and then following that query with a SELECT query to get those values just updated. This is what I'm trying to do...I'd like a member to be able to complete a recommended task and upon doing so, go to a page in their back office where they can check off that task as "Completed". This completed task would be recorded in their member record in our database so that when they return to this list, it will remain as "Completed". I'm providing the member with a submit button that will call the same page and then update depending on which task is clicked as complete. Here is my code: Code: [Select] $memberid = $_SESSION['member']; // Check if form has been submitted if(isset($_POST['task_done']) && $_POST['task_submit'] == 'submitted') { $taskvalue = $_POST['task_value']; $query = "UPDATE membertable SET $taskvalue = 'done' WHERE id = $memberid"; $result = mysqli_query($dbc, $query); } $query ="SELECT task1, task2, task3 FROM membertable WHERE id = $memberid"; $result = mysqli_query($dbc, $query); $row = mysqli_fetch_array($result, MYSQLI_ASSOC); $_SESSION['task1'] = $row['task1']; $_SESSION['task2'] = $row['task2']; $_SESSION['task3'] = $row['task3']; ?> <h4>Task List</h4> <table> <form action="" method="post"> <tr> <td>Task 1</td> <td><?php if($_SESSION['task1'] == 'done') {echo '<div>Completed</div>';} else{ echo '<input type="submit" name="task_done" value="Mark As Completed" />';} ?></td> </tr> <input type="hidden" name="task_value" value="task1" /> <input type="hidden" name="task_submit" value="submitted" /> </form> <form action="" method="post"> <tr> <td>Task 1</td> <td><?php if($_SESSION['task1'] == 'done') {echo '<div>Completed</div>';} else{ echo '<input type="submit" name="task_done" value="Mark As Completed" />';} ?></td> </tr> <input type="hidden" name="task_value" value="task2" /> <input type="hidden" name="task_submit" value="submitted" /> </form> <form action="" method="post"> <tr> <td>Task 1</td> <td><?php if($_SESSION['task1'] == 'done') {echo '<div>Completed</div>';} else{ echo '<input type="submit" name="task_done" value="Mark As Completed" />';} ?></td> </tr> <input type="hidden" name="task_value" value="task3" /> <input type="hidden" name="task_submit" value="submitted" /> </form> </table> The problem that I am having is that the database is not updated with the value "done" but after submission, the screen displays "Completed" instead of "Mark As Completed". So the value is being picked up as "done", but that is why I have the SELECT after the UPDATES, so that there is always a current value for whether a task is done or not. Then I refresh and the screen returns the button to Mark As Complete. Also, when I try marking all three tasks as, sometimes all three are updated, sometimes only one or two and again, I leave the page or refresh and the "Marked As Completed" buttons come back. Bizarre. If anyone can tell me where my logic is going wrong, I would appreciate it. Hey there. Not sure how to word this. I've been flying blind as a newbie trying to figure out some pagination for a left joined query. I've got syntax errors trying to set up the SELECT COUNT function that adds up the results of the search on a previous page so it knows how many results matched both tables. Right now, I've got this mess, and it's giving me a syntax error, "You have an error in your SQL syntax; .... near 'LEFT JOIN plantae ON (descriptors.plant_id = plantae.pla' at line 12" Code: [Select] $data = "Select (SELECT COUNT(*) FROM descriptors ) AS count1, (SELECT COUNT(*) FROM plantae ) AS count2 LEFT JOIN plantae ON (descriptors.plant_id = plantae.plant_name) WHERE `leaf_shape` LIKE '%$select1%' AND `leaf_venation` LIKE '%$select3%' AND `leaf_margin` LIKE '%$select4%'"; $result = mysql_query ($data); if (!$result) { die("Oops, my query failed. The query is: <br>$data<br>The error is:<br>".mysql_error()); } What would be the correct way to close a mysql query? At current the second query below returns results from the 1st query AND the 2nd query The 3rd query returns results from the 1st, 2nd and 3rd query. etc etc. At the moment I get somthing returned along the lines of... QUERY 1 RESULTS Accommodation 1 Accommodation 2 Accommodation 3 QUERY 2 RESULTS Restaurant 1 Restaurant 2 Restaurant 3 Accommodation 1 Accommodation 2 Accommodation 3 QUERY 3 RESULTS Takeaways 1 Takeaways 2 Takeaways 3 Restaurant 1 Restaurant 2 Restaurant 3 Accommodation 1 Accommodation 2 Accommodation 3 Code: [Select] <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> <?php include($_SERVER['DOCUMENT_ROOT'].'/include/db.php'); ?> <title>Untitled Document</title> <style type="text/css"> <!-- --> </style> <link href="a.css" rel="stylesheet" type="text/css" /> </head><body> <div id="listhold"> <!------------------------------------------------------------------------------------------------------------------------------------------------------> <div class="list"><a href="Placestostay.html">Places To Stay</a><br /> <?php $title ="TITLE GOES HERE"; $query = mysql_query("SELECT DISTINCT subtype FROM business WHERE type ='Accommodation' AND confirmed ='Yes' ORDER BY name"); echo mysql_error(); while($ntx=mysql_fetch_row($query)) $nt[] = $ntx[0]; $i = -1; foreach($nt as $value) {$i++; $FileName = str_replace(' ','_',$nt[$i]) . ".php"; $FileUsed = str_replace('_',' ',$nt[$i]); echo "<a href='" . str_replace(' ','_',$nt[$i]) . ".php?title=$title&subtype=$FileUsed'>" . $nt[$i] . "</a>" . "<br/>"; $FileHandle = fopen($FileName, 'w') or die("cant open file"); $pageContents = file_get_contents("header.php"); fwrite($FileHandle,"$pageContents");} fclose($FileHandle); ?> </div> <!------------------------------------------------------------------------------------------------------------------------------------------------------> <div class="list"><a href="Eatingout.html">Eating Out</a><br /> <?php $title ="TITLE GOES HERE"; $query = mysql_query("SELECT DISTINCT subtype FROM business WHERE type ='Restaurant' AND confirmed ='Yes' ORDER BY name"); echo mysql_error(); while($ntx=mysql_fetch_row($query)) $nt[] = $ntx[0]; $i = -1; foreach($nt as $value) {$i++; $FileName = str_replace(' ','_',$nt[$i]) . ".php"; $FileUsed = str_replace('_',' ',$nt[$i]); echo "<a href='" . str_replace(' ','_',$nt[$i]) . ".php?title=$title&subtype=$FileUsed'>" . $nt[$i] . "</a>" . "<br/>"; $FileHandle = fopen($FileName, 'w') or die("cant open file"); $pageContents = file_get_contents("header.php"); fwrite($FileHandle,"$pageContents");} fclose($FileHandle); ?> </div> <!------------------------------------------------------------------------------------------------------------------------------------------------------> <div class="list"><a href="Eatingin.html">Eating In</a><br /> <?php $title ="TITLE GOES HERE"; $query = mysql_query("SELECT DISTINCT subtype FROM business WHERE type ='Takeaways' AND confirmed ='Yes' ORDER BY name"); echo mysql_error(); while($ntx=mysql_fetch_row($query)) $nt[] = $ntx[0]; $i = -1; foreach($nt as $value) {$i++; $FileName = str_replace(' ','_',$nt[$i]) . ".php"; $FileUsed = str_replace('_',' ',$nt[$i]); echo "<a href='" . str_replace(' ','_',$nt[$i]) . ".php?title=$title&subtype=$FileUsed'>" . $nt[$i] . "</a>" . "<br/>"; $FileHandle = fopen($FileName, 'w') or die("cant open file"); $pageContents = file_get_contents("header.php"); fwrite($FileHandle,"$pageContents");} fclose($FileHandle); ?> </div> <!------------------------------------------------------------------------------SKILLED TRADES BELOW---------------------------------------------------> <div class="list"><a href="Skilledtrades.html">Skilled Trades</a><br/> <?php $title ="TITLE GOES HERE"; $query = mysql_query("SELECT DISTINCT subtype FROM business WHERE type ='Skilled Trades' AND confirmed ='Yes' ORDER BY name"); echo mysql_error(); while($ntx=mysql_fetch_row($query)) $nt[] = $ntx[0]; $i = -1; foreach($nt as $value) {$i++; $FileName = str_replace(' ','_',$nt[$i]) . ".php"; $FileUsed = str_replace('_',' ',$nt[$i]); echo "<a href='" . str_replace(' ','_',$nt[$i]) . ".php?title=$title&subtype=$FileUsed'>" . $nt[$i] . "</a>" . "<br/>"; $FileHandle = fopen($FileName, 'w') or die("cant open file"); $pageContents = file_get_contents("header.php"); fwrite($FileHandle,"$pageContents");} fclose($FileHandle); ?> </div> quick question, I have this code that returns over 100 buttons: Code: [Select] <?php // Query member data from the database and ready it for display $sql = mysql_query("SELECT * FROM products"); while($row = mysql_fetch_array($sql)){ $product = $row["product"]; $id =$row["id"]; $price =$row["price"]; ?> <div id="products"> <form action="" method="POST" name="myform<?php echo $id; ?>" class="myform<?php echo $id; ?>"> <input type="hidden" name="hiddenField" class="hiddenField" value="<?php echo $product; ?>" /> <input type="hidden" name="hiddenField2" class="hiddenField2" value="<?php echo $id; ?>" /> <input type="hidden" name="hiddenField1" class="hiddenField1" value="<?php echo $price; ?>" /> <input type="submit" name="submit" class="submit" value="<?php echo $product; ?>" style="background-color:lightgreen; height:50px; width:100px;"> </form> </div> <?php } ?> What I would like is for the buttons to form columns of nine. ie 9 buttons in a column then a new column form.... how do I do this? Can someone please give me some ideas as to what might be wrong with this query...I keep getting no result and am echoing $count for debugging (and usernames and passwords) but get nothing for $count (expecting a 0 or a 1) or $dbusername or $dbpassword $sql="SELECT * FROM `users` WHERE `User name` = '$fusername' and `Password` = '$fpassword'"; $result=mysql_query($sql); $dbusername=mysql_result($result,0,"User name"); $dbpassword=mysql_result($result,0,"Password"); echo $dbusername; echo $dbpassword; // Mysql_num_row is counting table row $count=mysql_num_rows($result); // If result matched $fusername and $fpassword, table row must be 1 row echo $fusername; echo $fpassword; echo $count; if($count==1){ (This is where I keep going to the else) I created this code to upload a member's main picture on his member page on website. I'll only include the query part of the code since that's what is relevant to my problem. The idea is basically to upload a new picture onto the database if no picture already exists for that member and display the picture on the page. If a picture already exists, then the script replaces the old picture with the new one upon upload. But for whatever reason I don't understand, when I try to replace the old pic, it gets inserted in a new row on the database instead of replacing the old row, and the new pic gets displayed on the web page alongside the old. Code: [Select] $query = "SELECT username FROM images WHERE member_id = '".$_SESSION['id']."' AND image_cartegory = 'main'"; $result = @mysql_query($query); $num = @mysql_num_rows($result); if ($num> 0) { //Update the image $update = mysql_query("UPDATE images SET image = '" . $image['name'] . "' WHERE member_id = '".$_SESSION['id']."' AND image_cartegory = 'main'"); $_SESSION['error'] = "File updated successfully."; //really should be session success message. header("Location: member.php"); exit; } else { // NOTE: This is where a lot of people make mistakes. // We are *not* putting the image into the database; we are putting a reference to the file's location on the server $sql = "insert into images (member_id, image_cartegory, image_date, image) values ('{$_SESSION['id']}', 'main', NOW(), '" . $image['name'] . "')"; $result = mysql_query($sql) or die ("Could not insert data into DB: " . mysql_error()); $_SESSION['error'] = "File uploaded succussfully."; //really should be session success message. header("Location: member.php"); } So can anyone tell me what the problem is? Could the fact that my insert script actually uploads the image onto a folder on my server and only stores the path name in the database have anything to contribute to the mixup? Appreciate your responses in advance. Currently I show a list of users and their information. You can than click that specific user and it shows you their information to edit. My problem is it's not updating the query with the new input information.
Here is the page that displays the registration information:
<?php
$con=mysqli_connect('localhost', 'root', '');
/* check connection */
if (mysqli_connect_errno($con)) {
trigger_error('Database connection failed: ' . mysqli_connect_error(), E_USER_ERROR);
}
$query = "SELECT * FROM `bencobricks` . `users`";
$result = mysqli_query($con, $query) or trigger_error("Query Failed! SQL: $query - Error: ". mysqli_error($con), E_USER_ERROR);
?>
<table width="1000" border="0" cellspacing="1" cellpadding="0">
<tr>
<td>
<table width="1000" border="1" cellspacing="0" cellpadding="3">
<tr>
<td colspan="4"><strong>List data from mysql </strong> </td>
</tr>
<tr>
<td align="center"><strong>Username</strong></td>
<td align="center"><strong>Email</strong></td>
<td align="center"><strong>Membership</strong></td>
<td align="center"><strong>First Name</strong></td>
<td align="center"><strong>Last Name</strong></td>
<td align="center"><strong>Gender</strong></td>
<td align="center"><strong>Birthdate</strong></td>
<td align="center"><strong>Sets</strong></td>
<td align="center"><strong>Checkbox</strong></td>
<td align="center"><strong>Admin Flag</strong></td>
</tr>
<?php
while($rows=mysqli_fetch_array($result)){
?>
<tr>
<td><?php echo $rows['username']; ?></td>
<td><?php echo $rows['email']; ?></td>
<td><?php echo $rows['membership']; ?></td>
<td><?php echo $rows['firstName']; ?></td>
<td><?php echo $rows['lastName']; ?></td>
<td><?php echo $rows['gender']; ?></td>
<td><?php echo $rows['dateOfBirth']; ?></td>
<td><?php echo $rows['sets']; ?></td>
<td><?php echo $rows['checkbox']; ?></td>
<td><?php echo $rows['adminFlag']; ?></td>
<td align="center"><a href="update.php?userID=<?php echo $rows['userID']; ?>">update</a></td>
</tr>
<?php
}
?>
</table>
</td>
</tr>
</table>
<?php
mysqli_close($con);
?>
Page that displays specific user for updating:
<?php
$con=mysqli_connect('localhost', 'root', '');
/* check connection */
if (mysqli_connect_errno($con)) {
trigger_error('Database connection failed: ' . mysqli_connect_error(), E_USER_ERROR);
}
$id=$_GET['userID'];
$query = "SELECT * FROM `bencobricks` . `users` WHERE `userID` = '$id'";
$result = mysqli_query($con, $query) or trigger_error("Query Failed! SQL: $query - Error: ". mysqli_error($con), E_USER_ERROR);
$rows=mysqli_fetch_array($result);
?>
<table width="1000" border="0" cellspacing="1" cellpadding="0">
<tr>
<form name="form1" method="post" action="update_ac.php">
<td>
<table width="100%" border="0" cellspacing="1" cellpadding="0">
<tr>
<td> </td>
<td colspan="3"><strong>Update data in mysql</strong> </td>
</tr>
<tr>
<td align="center"> </td>
<td align="center"> </td>
<td align="center"> </td>
<td align="center"> </td>
</tr>
<tr>
<td align="center"><strong>Username</strong></td>
<td align="center"><strong>Email</strong></td>
<td align="center"><strong>Membership</strong></td>
<td align="center"><strong>First Name</strong></td>
<td align="center"><strong>Last Name</strong></td>
<td align="center"><strong>Gender</strong></td>
<td align="center"><strong>Birthdate</strong></td>
<td align="center"><strong>Sets</strong></td>
<td align="center"><strong>Checkbox</strong></td>
<td align="center"><strong>Admin Flag</strong></td>
</tr>
<tr>
<td align="center">
<input name="username" type="text" id="username" value="<?php echo $rows['username'] ;
echo (isset($_POST['username']) ? $_POST['username'] : ''); ?>">
</td>
<td align="center">
<input name="email" type="text" id="email" value="<?php echo $rows['email']; ?>" size="15">
</td>
<td>
<input name="membership" type="text" id="membership" value="<?php echo $rows['membership']; ?>" size="15">
</td>
<td>
<input name="firstName" type="text" id="firstName" value="<?php echo $rows['firstName']; ?>" size="15">
</td>
<td>
<input name="lastName" type="text" id="lastName" value="<?php echo $rows['lastName']; ?>" size="15">
</td>
<td>
<input name="gender" type="text" id="gender" value="<?php echo $rows['gender']; ?>" size="15">
</td>
<td>
<input name="dateOfBirth" type="text" id="dateOfBirth" value="<?php echo $rows['dateOfBirth']; ?>" size="15">
</td>
<td>
<input name="sets" type="text" id="sets" value="<?php echo $rows['sets']; ?>" size="15">
</td>
<td>
<input name="checkbox" type="text" id="checkbox" value="<?php echo $rows['checkbox']; ?>" size="15">
</td>
<td>
<input name="adminFlag" type="text" id="adminFlag" value="<?php echo $rows['adminFlag']; ?>" size="15">
</td>
</tr>
<tr>
<td> </td>
<td>
<input name="id" type="hidden" id="id" value="<?php echo $rows['userID']; ?>">
</td>
<td align="center">
<input type="submit" name="Submit" value="Submit">
</td>
<td> </td>
</tr>
</table>
</td>
</form>
</tr>
</table>
<?php
// close connection
mysqli_close($con);
?>
Finally the update query:
<?php
function test_input($data){
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
$con=mysqli_connect('localhost', 'root', '');
/* check connection */
if (mysqli_connect_errno($con)) {
trigger_error('Database connection failed: ' . mysqli_connect_error(), E_USER_ERROR);
}
// update data in mysql database
if (empty($_POST["username"]))
{/* can never be empty due to design */}
else
{$username= test_input($_POST['username']);}
$id = 'id';
$query = "UPDATE `bencobricks`. `users` SET `username` = '$username', `password` = 'NULL', `email` = 'email', `membership` = 'membership', `firstName` = 'firstName', `lastName` = 'lastName',
`gender` = 'gender', `dateOfBirth` = 'dateOfBirth', `date` = 'NULL', `sets` = 'sets', `checkbox` = 'checkbox', `adminFlag` = 'adminFlag' WHERE `userID` = '$id'";
$result = mysqli_query($con, $query) or trigger_error("Query Failed! SQL: $query - Error: ". mysqli_error($con), E_USER_ERROR);
// if successfully updated.
if($result){
echo "Successful";
echo "<BR>";
echo "<a href='editUser.php'>View Users Page</a>";
}
else {
echo "ERROR";
}
?>
Attached Files
1.PNG 19.06KB
0 downloads
2.PNG 47.07KB
0 downloadsAfter a ton of trial and error and searching and searching for the answer, I have finally resorted to posting to ask for help. I am very new to php so please bear with me.
I have been building an employee training database at work. Basically to make sure that for example we have the current drivers liscense on file for those employees who drive and have gone through the required company training. I initially built an access database with a frontend that does everything needed. However, the company is very decentralized and we have several users who would regularly need access to the information when they are offsite. The database does work offsite however it is extremely slow. After purchasing a buffalo linkstation, I discovered it has the capability for a mysql server.
I have been able to migrate the data over to the mysql server and build a simple read only php form but cant get the changes you make to update back into the database.
I found a method of fetching the data using json that is based on a drop down selection, upon change, it goes and gets the correct data.
<script type="text/javascript">
function insertResults(json){
$("#Separated").val(json["Separated"]);
$("#id").val(json["id"]);
$("#Employee_ID").val(json["Employee_ID"]);
$("#Last_Name").val(json["Last_Name"]);
$("#First_Name").val(json["First_Name"]);
$("#Date_Of_Birth").val(json["Date_Of_Birth"]);
$("#Original_Hire_Date").val(json["Original_Hire_Date"]);
$("#Current_Hire_Date").val(json["Current_Hire_Date"]);
However, lets say you correct a mis-spelling in their name, I cant seem to write back to the db. I have a submit button that uses this code
<a href="InputFormSubmit.php?id=<?php echo $rows['id']; ?>"><input type="submit" name="submit2" value="Submit"></a>But I guess I cant seem to #1 completely grasp how to pass on the selected information using POST (correct?) to the next form "InputFormSubmit" and #2 correctly build the query for it? Code for it below:
<?php
include_once('db.php');
$Employee_ID = $_POST['Employee_ID'];
$Last_Name = $_POST['Last_Name'];
$First_Name = $_POST['First_Name'];
$id=$_POST['id'];
echo "$id";
echo "$Employee_ID";
// update data in mysql database
$con=mysql_connect("localhost","usernamegoeshere","passwordgoeshere","databasenamegoeshere");
// Check connection
mysql_query("UPDATE tbl_Employee_Master SET Last_Name='$Last_Name', First_Name='$First_Name' WHERE id='$id'");
mysql_close($con);
?>
The proper EmployeeID is passed from the previous form into this one, but the query dies I guess.
What I would like to do is pass the updated info into InputFormSubmit and then run the query and redirect back to the search page. Potentially passing back the employee ID and setting the drop down to that value so you would see the employees file you just updated again.
Super long post, thanks for any direction anyone can give me, Im sure my code looks awful from trying a thousand different things.
Thanks again.
Greetings, I need a bit of php coding help. I have a query that gives me results. What I need to do is take those results and, I think, use php to compare the results and add a 1 to the correct section. Example: 3 tables table name- retail_sales id sales_id amount week table name- online_sales id sales_id amount week table name- sales_person sales_id name I have the query that breaks down results by week: week 1 | retail_sales.amount | online_sales.amount What I need is some php code that will then compare the two together and: if retail_sales.amount > online_sales.amount +1 to retail OR if retail_sales.amount < online_sales.amount +1 to online so you would end up with a result like a sports record (6-2) Any ideas Thank you for any help Hi I have a query where it returns a few fields based on the location. I created a class for the function and an index page. It does not return any values. Can someone please advise/ THE CLASS Code: [Select] <?php /**************************************** * * WIP Progress Class * * ****************************************/ class CHWIPProgress { var $conn; // Constructor, connect to the database public function __construct() { require_once "/var/www/reporting/settings.php"; define("DAY", 86400); if(!$this->conn = mysql_connect(DB_HOST, DB_USERNAME, DB_PASSWORD)) die(mysql_error()); if(!mysql_select_db(DB_DATABASE_NAME, $this->conn)) die(mysql_error()); } public function ListWIPOnLocation($location) { $sql = "SELECT `ProgressPoint.PPDescription` AS Description ,`Bundle.WorksOrder` AS WorksOrder, `Bundle.BundleNumber` AS Number, `Bundle.BundleReference` AS Reference,`TWOrder.DueDate` AS Duedate FROM `TWOrder`,`Bundle`,`ProgressPoint` WHERE `Bundle.CurrentProgressPoint`=`ProgressPoint.PPNumber` AND `TWOrder.Colour=Bundle.Colour` AND `TWOrder.Size=Bundle.Size` AND `TWOrder.WorksOrderNumber`=`Bundle.WorksOrder` AND `ProgressPoint.PPDescription` LIKE '" . $location . "%' ORDER BY TWOrder.DueDate DESC"; mysql_select_db(DB_DATABASE_NAME, $this->conn); $result = mysql_query($sql, $this->conn); echo $sql; while($row = mysql_fetch_array($result, MYSQL_ASSOC)) { $return[] = $row; } return $return; } } ?> The index page Code: [Select] <?php // First of all initialise the user and check for permissions require_once "/var/www/users/user.php"; $user = new CHUser(7); // Initialise the template require_once "/var/www/template/template.php"; $template = new CHTemplate(); // And create a cid object require_once "/var/www/WIPProgress/DisplayWIPOnLocation.php"; $WIPProgress= new CHWIPProgress(); $content = "Check WIP Status on Location <br>"; $content = "<form action='index.php' method='get' name ='location'> <select id='location' > <option>Skin Room</option> <option>Clicking</option> <option>Kettering</option> <option>Closing</option> <option>Rushden</option> <option>Assembly</option> <option>Lasting</option> <option>Making</option> <option>Finishing</option> <option>Shoe Room</option> </select> <input type='submit' /> </form>"; $wip = $WIPProgress->ListWIPOnLocation($_GET['location']); // Now show the details $content .= "<h2>Detail</h2> <table> <tr> <th>PPDescription</th> <th>Works Order</th> <th>Bundle Number</th> <th>Bundle Reference</th> <th>Due Date</th> </tr>"; foreach($wip as $x) { $content .= "<tr> <td>" . $x['Description'] . "</td> <td>" . $x['WorksOrder'] . "</td> <td>" . $x['Number'] . "</td> <td>" . $x['Reference'] . "</td> <td>" . $x['DueDate'] . "</td> </tr>"; } $template->SetTag("content", $content); echo $template->Display(); ?> thank you Code: [Select] $PlayerQuery = "SELECT FirstName, SurName FROM players p, rounds m, entrants e, games t WHERE p.PlayerID = e.PlayerID AND m.GameID = '$ID' AND e.EntrantID = m.Player"; $PlayerResult = mysql_query($PlayerQuery); $PlayerRow = mysql_num_rows($PlayerResult); Can someone suggest why this returns game*the number of results. For each new game it returns an extra duplicate result. For example for 2 games: j Smith j Smith t John t John etc There are no duplicate entry's! and results should be unique. Not in a loop (positive) Hi all, I'm new to php and I was trying to send the results of one query to another query. I need the results of both queries. Here are the queries $cui1 = mysql_query("SELECT DISTINCT CUI FROM MRSTY WHERE STY='ABC' "); $cui2 = mysql_query("SELECT DISTINCT CUI FROM MRSTY WHERE STY='XYZ' "); I want to know if this is possible $cuis = mysql_query("SELECT CUI1,CUI2,REL FROM MRREL WHERE CUI1 IN $cui1 OR CUI1 IN $cui2 "); Thanks. I am able to run and display two queries I need for my program but having issues comparing the two result sets. If they are identical, means both tables are also identical (the query is for the table's schemas in MS-SQL) Here's the relevant part ... Code: [Select] //Variables $table_name=$_POST['table_name']; // Connect via Windows authentication $server = 'win1\i01'; //Connection info for PRO $connectionInfoPRO = array( 'Database' => 'adventureworks', 'CharacterSet' => 'UTF-8' ); $dbPRO = sqlsrv_connect($server, $connectionInfoPRO); if ($dbPRO === false) { exitWithSQLError('Database connection to PRO failed'); } //Connection info for ITG $connectionInfoITG = array( 'Database' => 'adventureworksCOPY', 'CharacterSet' => 'UTF-8' ); $dbITG = sqlsrv_connect($server, $connectionInfoITG); if ($dbITG === false) { exitWithSQLError('Database connection to ITG failed'); } /* Set up and execute the query. */ $query1 = "SELECT COLUMN_NAME, DATA_TYPE, ORDINAL_POSITION, COLUMN_DEFAULT, CHARACTER_MAXIMUM_LENGTH, IS_NULLABLE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='$table_name'"; // Run PRO query $qresult1 = sqlsrv_query($dbPRO, $query1); if ($qresult1 === false) { exitWithSQLError('Query of product data failed.'); } echo '<tr><th>NAME</th><th>TYPE</th><th>POSITION</th><th>DEFAULT</th><th>LENGHT</th><th>IS NULLABLE</th></tr>'; // Retrieve individual rows from the result while ($row1 = sqlsrv_fetch_array($qresult1)) { echo '<tr><td>', htmlspecialchars($row1['COLUMN_NAME']), '</td><td>', htmlspecialchars($row1['DATA_TYPE']), '</td><td>', htmlspecialchars($row1['ORDINAL_POSITION']), '</td><td>', htmlspecialchars($row1['COLUMN_DEFAULT']), '</td><td>', htmlspecialchars($row1['CHARACTER_MAXIMUM_LENGTH']), '</td><td>', htmlspecialchars($row1['IS_NULLABLE']), "</td></tr>\n"; } // null == no further rows, false == error if ($row1 === false) { exitWithSQLError('Retrieving schema failed.'); } //Run ITG query $query2 = "SELECT COLUMN_NAME, DATA_TYPE, ORDINAL_POSITION, COLUMN_DEFAULT, CHARACTER_MAXIMUM_LENGTH, IS_NULLABLE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='$table_name'"; $qresult2 = sqlsrv_query($dbITG, $query2); if ($qresult2 === false) { exitWithSQLError('Query of product data failed.'); } echo '<tr><th>NAME</th><th>TYPE</th><th>POSITION</th><th>DEFAULT</th><th>LENGHT</th><th>IS NULLABLE</th></tr>'; // Retrieve individual rows from the result while ($row2 = sqlsrv_fetch_array($qresult2)) { echo '<tr><td>', htmlspecialchars($row2['COLUMN_NAME']), '</td><td>', htmlspecialchars($row2['DATA_TYPE']), '</td><td>', htmlspecialchars($row2['ORDINAL_POSITION']), '</td><td>', htmlspecialchars($row2['COLUMN_DEFAULT']), '</td><td>', htmlspecialchars($row2['CHARACTER_MAXIMUM_LENGTH']), '</td><td>', htmlspecialchars($row2['IS_NULLABLE']), "</td></tr>\n"; } // null == no further rows, false == error if ($row2 === false) { exitWithSQLError('Retrieving schema failed.'); } How can I compare $row1 and $row2 here (the query results for each one) and validate if they both have same results, each and all columns. Any help is highly appreciated! If ($_GET['CODE'] == '1') { $ThreadID = mysql_escape_string($_GET['threadid']); $ForumID = mysql_result(mysql_query("SELECT forum_id FROM ".FORUM_THREADS." WHERE thread_id='{$ThreadID}'", $db), 0, 'forum_id'); $PostText = mysql_escape_string($_POST['replytext']); $IP = $_SERVER['REMOTE_ADDR']; $PostQuery = "INSERT INTO ".FORUM_POSTS." (`user_id`, `thread_id`, `post_text`, `forum_id`, `ip_address`, `timestamp`) VALUES ('{$memid}', '{$ThreadID}', '{$PostText}', '{$ForumID}', '{$IP}' , CURRENT_TIMESTAMP)"; $PostRes = mysql_query($PostQuery, $db); For some reason whenever this query goes through, it also adds a blank result using all the same information but without any $PostTest so essentially it does query: Code: [Select] INSERT INTO ".FORUM_POSTS." (`user_id`, `thread_id`, `post_text`, `forum_id`, `ip_address`, `timestamp`) VALUES ('{$memid}', '{$ThreadID}', '', '{$ForumID}', '{$IP}' , CURRENT_TIMESTAMP) This is the only query that does this part of the code and I can't see why it is adding 2 queries. FORUM_POSTS = constant containing table name. Below is my query which works fine: $query = " SELECT st.CourseId, c.CourseName, st.Year, st.StudentUsername, st.StudentForename, st.StudentSurname, s.ModuleId, m.ModuleName, m.Credits, s.SessionId, s.SessionWeight, gr.Mark, gr.Grade FROM Course c INNER JOIN Student st ON c.CourseId = st.CourseId JOIN Grade_Report gr ON st.StudentId = gr.StudentId JOIN Session s ON gr.SessionId = s.SessionId JOIN Module m ON s.ModuleId = m.ModuleId WHERE (st.StudentUsername = '".mysql_real_escape_string($studentid)."') "; Below is my results outputted by using php: Course: INFO101 - Bsc Information Communication Technology Year: 3 Student: Mayur Patel (u0867587) Module: CHI2550 - Modern Database Applications Session: AAB 72 (A) Course: INFO101 - Bsc Information Communication Technology Year: 3 Student: Mayur Patel (u0867587) Module: CHI2513 - Systems Strategy Session: AAD 61 (B) Course: INFO101 - Bsc Information Communication Technology Year: 3 Student: Mayur Patel (u0867587) Module: CHI2550 - Modern Database Applications Session: AAE 67 (B) How do I display it using php so that it only shows Course details and Student details only once, it will show each module in the course only once and shows each session being below each module it belongs to: The output from above should look like this in other words: Course: INFO101 - Bsc Information Communication Technology Year: 3 Student: Mayur Patel (u0867587) Module: CHI2550 - Modern Database Applications Session: AAB 72 (A) Session: AAE 67 (B) Module: CHI2513 - Systems Strategy Session: AAD 61 (B) PHP code to output the results: $output1 = ""; while ($row = mysql_fetch_array($result)) { //$result is the query $output1 .= " <p><strong>Course:</strong> {$row['CourseId']} - {$row['CourseName']} <strong>Year:</strong> {$row['Year']}<br/> <strong>Student:</strong> {$row['StudentForename']} {$row['StudentSurname']} ({$row['StudentUsername']}) </p>"; $output1 .= " <p><strong>Module:</strong> {$row['ModuleId']} - {$row['ModuleName']} <br/> <strong>Session:</strong> {$row['SessionId']} {$row['Mark']} ({$row['Grade']}) </p>"; } echo $output1; Thank You Hello all, I have made the multi level marketing downline tree, but the problem with it now, it gives only the downline of one result, as the query gives 2 results what I want now is to make it give the downline of both results not just one, and it's always 2 results, not more here is my code Code: [Select] <?php $id = $_GET['id']; $result = mysql_query("SELECT id FROM users WHERE id = '".$id."' ORDER BY id"); $row = mysql_fetch_assoc($result); if ($row['id'] == 0) { echo" <table> <div id=\".piccenter\""; echo "<tr>"; echo "<img src=\"icon.gif\" border=0 align=\"center\">"; echo ""; } else { echo "<img src=\"images.png\" border=0>"; echo "<br />"; echo "'".$row['id']."'"; echo ""; echo "</div>"; } } $result2 = mysql_query("SELECT id FROM users WHERE recruiteris = '".$row['id']."'"); $rows2 = mysql_fetch_assoc($result2); foreach ($rows2 as $row2) { if ($row2['id'] == 0) { echo" <div id=\".picleft\"> <img src=\"icon.gif\" border=0 align=\"center\">"; } else { echo "<img src=\"images.png\" border=0 >"; echo "<br />"; echo "'".$row2['id']."'"; echo "</div>"; echo " <td>"; echo "</td> "; } } $result3 = mysql_query("SELECT id FROM users WHERE recruiteris = '".$rows2['id']."'"); $row3 = mysql_fetch_assoc($result3); if ($row3['id'] == 0) { echo"<div id=\".picright\"> <img src=\"icon.gif\" border=0 align=\"center\">"; } else { echo "<img src=\"images.png\" border=0>"; echo "<br />"; echo "'".$row3['id']."'"; echo ""; echo " <tr> <td>"; echo "</td> </tr> "; } $result4 = mysql_query("SELECT id FROM users WHERE recruiteris = '".$row3['id']."'"); $rows4 = mysql_fetch_assoc($result4); if ($rows4['id'] == 0) { echo"<img src=\"icon.gif\" border=0 align=\"center\">"; } else { echo "<img src=\"images.png\" border=0>"; echo "<br />"; echo "'".$rows4['id']."'"; echo ""; echo " <tr> <td>"; echo "</td> </tr> "; } $result5 = mysql_query("SELECT id FROM users WHERE recruiteris = '".$rows4['id']."'"); $rows5 = mysql_fetch_assoc($result5); if ($rows5['id'] == 0) { echo"<img src=\"icon.gif\" border=0 align=\"center\">"; } else { echo "<img src=\"images.png\" border=0>"; echo "<br />"; echo "'".$rows5['id']."'"; echo ""; echo " <tr> <td>"; echo "</td> </tr> "; } $result6 = mysql_query("SELECT id FROM users WHERE recruiteris = '".$rows5['id']."'"); $rows6 = mysql_fetch_assoc($result6); if ($rows6['id'] == 0) { echo"<img src=\"icon.gif\" border=0 align=\"center\">"; } else { echo "<img src=\"images.png\" border=0>"; echo "<br />"; echo "'".$rows6['id']."'"; echo ""; echo " <tr> <td>"; echo "</td> </tr> "; } $result7 = mysql_query("SELECT id FROM users WHERE recruiteris = '".$rows6['id']."'"); $rows7 = mysql_fetch_assoc($result7); if ($rows7['id'] == 0) { echo"<img src=\"icon.gif\" border=0 align=\"center\">"; } else { echo "<img src=\"images.png\" border=0>"; echo "<br />"; echo "'".$rows7['id']."'"; echo ""; echo " <tr> <td>"; echo "</td> </tr> "; } $result8 = mysql_query("SELECT id FROM users WHERE recruiteris = '".$rows7['id']."'"); $rows8 = mysql_fetch_assoc($result8); if ($rows8['id'] == 0) { echo"<img src=\"icon.gif\" border=0 align=\"center\">"; } else { echo "<img src=\"images.png\" border=0>"; echo "<br />"; echo "'".$rows8['id']."'"; echo ""; echo " <tr> <td>"; echo "</td> </tr> "; } $result9 = mysql_query("SELECT id FROM users WHERE recruiteris = '".$rows8['id']."'"); $rows9 = mysql_fetch_assoc($result9); if ($rows9['id'] == 0) { echo"<img src=\"icon.gif\" border=0 align=\"center\">"; } else { echo "<img src=\"images.png\" border=0>"; echo "<br />"; echo "'".$rows9['id']."'"; echo ""; echo " <tr> <td>"; echo "</td> </tr> </tbody> </table> "; } ?> Hello all, I am new here so thank you in advance for all of your help. I am writing a pretty simple search script to display data from a table however have run into a snag. Things seem to get complicated all by themselves. I have a drop down to select the predetermined search criteria, because the data has either a 'Y'es or 'N'o. For example there are 50 or so products/brands with ingredients/categories in them. i.e. Brand X contains Sugar=Y, Salt=Y, Vinegar=N Brand Y contains Sugar=N, Salt=N, Vinegar=N Brand Z contains Sugar=Y, Salt=Y, Vinegar=Y Brand A contains Sugar=N, Salt=N, Vinegar=Y I want to display the brands that contain only the selected ingredients. I have added check boxes for the user to select. This runs ok however the return is more of a broader result and requires too much interpretation from the user. i.e. If I want to know which brands contain only salt and vinegar ??BRAND??= Sugar=N, Salt=Y, Vinegar=Y or ??BRAND??= Salt=Y, Vinegar=Y The return comes back: Brand X contains Sugar=Y, Salt=Y, Vinegar=N Brand Z contains Sugar=Y, Salt=Y, Vinegar=Y Brand A contains Sugar=N, Salt=N, Vinegar=Y Ideally the return Should only be: Brand Z contains Sugar=Y, Salt=Y, Vinegar=Y I believe the else if statement would work, I just have no knowledge of where to put it or how it would work. Any suggestions would be greatly appreciated. Hi, say I have a query like so: foreach($_REQUEST['r'] as $position => $row) { $row = implode("', '",$row); $result = mysql_query("Insert into player_stats (position,shirt_number,player_id,goals,cards,substituted,used_sub,injury,season,report_id) values('$position','$row','$currentSeason','$report_id')"); } How do I print the results of that query to my Browser for each time? Thanks I was just wondering if this is a way that you can exclude certain rows from a MySQL query. For example if I have 10 records each with a unique id, is there anyway I can get all of the records except record 5? Thanks for any help. |
|||||||