LiquidFire Posted April 20, 2012 Report Share Posted April 20, 2012 Would u mind helping me with how to put the stripslashes and htmlspecialchars in, ima be honest im terrible at php D: Quote Link to comment Share on other sites More sharing options...
uskolte Posted April 21, 2012 Report Share Posted April 21, 2012 Thank you. It is very good demo, I implemented it using ODBC. Quote Link to comment Share on other sites More sharing options...
patymae Posted April 21, 2012 Report Share Posted April 21, 2012 Hello can someone please help me with an employee system? http://shrib.com/mysql http://shrib.com/systememp I have the code in that site, my problem is, the add.php is incorrect.:| Please help me Thank you Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 21, 2012 Author Report Share Posted April 21, 2012 @LiquidFire: Within your ADMIN.php file, I believe you would want to change this line: echo '<td>' . mysql_result($result, $i, 'content') . '</td>'; to this: echo '<td>' . htmlspecialchars(mysql_result($result, $i, 'content')) . '</td>'; and within edit.php, you would want to chnage this line: $content = mysql_real_escape_string(htmlspecialchars($_POST['content'])); to this: $content = stripslashes(mysql_real_escape_string(htmlspecialchars($_POST['content']))); Quote Link to comment Share on other sites More sharing options...
falkencreative Posted April 21, 2012 Author Report Share Posted April 21, 2012 @LadyMustache: Since you are working with different code than I have used at the start of this topic, why don't you make a new topic for your issue within the PHP section? If you can be more clear about what is wrong with add.php and what errors you are getting, that would be helpful. Quote Link to comment Share on other sites More sharing options...
patymae Posted April 22, 2012 Report Share Posted April 22, 2012 @LadyMustache: Since you are working with different code than I have used at the start of this topic, why don't you make a new topic for your issue within the PHP section? If you can be more clear about what is wrong with add.php and what errors you are getting, that would be helpful. Thank you for replying! Sorry my bad. Quote Link to comment Share on other sites More sharing options...
LiquidFire Posted April 23, 2012 Report Share Posted April 23, 2012 thanks for everything what you said to do is working just got 1 more problem with after i finish the edit (see attachment) Quote Link to comment Share on other sites More sharing options...
manjularoshamp Posted May 4, 2012 Report Share Posted May 4, 2012 Hi Administrator, I am very happy for this post. And Thanks so much. I am beginner for PHP.So I have created my staff directory table within refer your post. I want editing my staff directory table. But if click on edit link come following error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@dwu.ac.pg' at line 1" Please check bellow attachment from link. It has my database and php file. http://kithusara.org/download/manju/test.zip If you can help me , I appreciate so much. Thanks, Manjula. Quote Link to comment Share on other sites More sharing options...
teke Posted May 15, 2012 Report Share Posted May 15, 2012 hi, how can sort columns ascendenting ? anyone can help me? Quote Link to comment Share on other sites More sharing options...
ivankusuma Posted May 21, 2012 Report Share Posted May 21, 2012 Hi Administrator, I am very happy for this post. And Thanks so much. can u help me... how to make a id_level(AUTO_INCREMENT) in n group_level.. (1 administrator) (2 super_user) etc... with dropdown menu n if edit show all group not only choosen group sory for my bad english Quote Link to comment Share on other sites More sharing options...
Gunny Posted May 22, 2012 Report Share Posted May 22, 2012 Hi Ben, Great example here, I have been mulling over a way to do this for days! I have obviously had to amend your code somewhat to fit in with my Database setup and required data. The edit.php is successfully pulling the data required. However when I edit the data and click on submit I am getting the Error displayed. I have amended the error messages to identify where the error is, but cannot locate the rror in the code. The error being thrown is for the id being invalid. Can you see where I have gone wrong in the below code at all? Many Thanks Gunny <?php /* EDIT.PHP Allows user to edit specific entry in database */ // creates the edit record form // since this form is used multiple times in this file, I have made it a function that is easily reusable function renderForm($id, $routenumber, $depicao, $arricao, $aircrafttype, $error) { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Edit Record</title> </head> <body> <?php // if there are any errors, display them if ($error != '') { echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>'; } ?> <form action="" method="post"> <input type="hidden" name="id" value="<?php echo $id; ?>"/> <div> <p><strong>ID:</strong> <?php echo $id; ?></p> <strong>Route Number *</strong> <input type="text" name="route_number" value="<?php echo $routenumber; ?>"/><br/> <strong>Dep ICAO</strong> <input type="text" size="5" name="dep_icao" value="<?php echo $depicao; ?>"/><br/> <strong>Arr ICAO</strong> <input type="text" size="5" name="arr_icao" value="<?php echo $arricao; ?>"/><br/> <strong>Aircraft Type*</strong> <input type="text" name="aircraft_type" value="<?php echo $aircrafttype; ?>"/><br/> <p>* Required</p> <input type="submit" name="submit" value="Submit"> </div> </form> </body> </html> <?php } // connect to the database require_once 'connect.php'; $db_server = mysql_connect($db_hostname, $db_username, $db_password); if (!$db_server) die ("Unable to connect to MySQL: " . mysql_error()); mysql_select_db($db_database) or die("Unable to Select database: " . mysql_error()); // check if the form has been submitted. If it has, process the form and save it to the database if (isset($_POST['submit'])) { // confirm that the 'route_id' value is a valid integer before getting the form data if (is_numeric($_POST['route_id'])) { // get form data, making sure it is valid $id = $_POST['route_id']; $routenumber = mysql_real_escape_string(htmlspecialchars($_POST['route_number'])); $depicao = mysql_real_escape_string(htmlspecialchars($_POST['dep_icao'])); $arricao = mysql_real_escape_string(htmlspecialchars($_POST['arr_icao'])); $aircrafttype = mysql_real_escape_string(htmlspecialchars($_POST['aircraft_type'])); // check that firstname/lastname fields are both filled in if ($routenumber == '' || $depicao == '') { // generate error message $error = 'ERROR: Please fill in all required fields!'; //error, display form renderForm($id, $routenumber, $depicao, $arricao, $aircrafttype, $error); } else { // save the data to the database mysql_query("UPDATE route_info SET route_number='$routenumber', dep_icao='$depicao', arr_icao='$arricao', aircraft_type='$aircrafttype' WHERE route_id='$id'") or die(mysql_error()); // once saved, redirect back to the view page header("Location: va.php"); } } else { // if the 'route_id' isn't valid, display an error echo 'Error Invalid Route ID!'; } } else // if the form hasn't been submitted, get the data from the db and display the form { // get the 'route_id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0) if (isset($_GET['route_id']) && is_numeric($_GET['route_id']) && $_GET['route_id'] > 0) { // query db $id = $_GET['route_id']; $query = "Select * from route_info where route_id=$id"; $result = mysql_query($query); $row = mysql_fetch_array($result); // check that the 'route_id' matches up with a row in the databse if($row) { // get data from db $routenumber = $row['route_number']; $depicao = $row['dep_icao']; $arricao = $row['arr_icao']; $aircrafttype = $row['aircraft_type']; // show form renderForm($id, $routenumber, $depicao, $arricao, $aircrafttype, ''); } else // if no match, display result { echo "No results!"; } } else // if the 'route_id' in the URL isn't valid, or if there is no 'route_id' value, display an error { echo 'Error!'; } } ?> Quote Link to comment Share on other sites More sharing options...
falkencreative Posted May 22, 2012 Author Report Share Posted May 22, 2012 @teke: You would use "ASC": http://php.about.com/od/learnmysql/p/SQL_order_by.htm @iv4n: That's a bit outside the scope of this tutorial, since it only covers add/remove/delete, not setting up an entire administrative system with login functionality. If you want something more complex, check out my PHP Login series on the KillerSites Video Library within the PHP section: http://killersites.com/video-library/ Quote Link to comment Share on other sites More sharing options...
falkencreative Posted May 22, 2012 Author Report Share Posted May 22, 2012 @Gunny: You have a route_id set in your URL, correct? It should look like: edit.php?route_id=[number]. Route_id should be numeric -- only consisting of numbers -- otherwise you will get an error. Does that help get you started? Quote Link to comment Share on other sites More sharing options...
Gunny Posted May 22, 2012 Report Share Posted May 22, 2012 @Gunny: You have a route_id set in your URL, correct? It should look like: edit.php?route_id=[number]. Route_id should be numeric -- only consisting of numbers -- otherwise you will get an error. Does that help get you started? Hi Ben, Yes my url ends like this editroute.php?route_id=13 Thanks for your help, I have been going over and over the code for hours now but still cannot find where the issue is! Cheers Gunny Quote Link to comment Share on other sites More sharing options...
falkencreative Posted May 22, 2012 Author Report Share Posted May 22, 2012 After looking over your code, I think the issue is this -- on line 57 if (is_numeric($_POST['route_id']))") $_POST['route_id'] doesn't exist. Your form includes "id" or you can use $_GET['route_id'], but it doesn't use $_POST['route_id']. Quote Link to comment Share on other sites More sharing options...
Gunny Posted May 22, 2012 Report Share Posted May 22, 2012 Ben, Hats of too you my friend you're a genius! I amended line 57 to if (is_numeric($_GET['route_id'])) and line 60 to $id = $_GET['route_id']; All is now working. Thank you so much for your assistance Take care, Gunny Quote Link to comment Share on other sites More sharing options...
ichwara Posted May 22, 2012 Report Share Posted May 22, 2012 @Gunny: I have a problem with the numeric stuff. Is there a way the id should not be numeric? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted May 22, 2012 Author Report Share Posted May 22, 2012 @Gunny: I have a problem with the numeric stuff. Is there a way the id should not be numeric? You can modify the coding so that the id isn't numeric -- that isn't required. Quote Link to comment Share on other sites More sharing options...
socoolraw Posted June 14, 2012 Report Share Posted June 14, 2012 Hi, Ben that is good coding. I have problem in delete and edit pages with "is_numeric". I think so! I cannot delete data whose Id is varchar and it is primary key in database but I can delete and edit data with numeric id in it. In this case I want to go with the type cast so that varchar can be recognize as numeric. I not able to understand the type cast implementation. Can you help me with this? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted June 15, 2012 Author Report Share Posted June 15, 2012 Take a look at intval() -- http://php.net/manual/en/function.intval.php The examples should be pretty clear, but as an example: $id = '42'; // a string $id = intval($id) // string converted to int ...this really sounds like a database issue. If you're dealing with numbers, you really should be using the int type in the database, not varchar. Quote Link to comment Share on other sites More sharing options...
lov3boyz Posted July 4, 2012 Report Share Posted July 4, 2012 Hi Ben, I just start My Website just now , this app php was great but can we coding that our member view his own datebase? Any code? Quote Link to comment Share on other sites More sharing options...
falkencreative Posted July 4, 2012 Author Report Share Posted July 4, 2012 Hi Ben, I just start My Website just now , this app php was great but can we coding that our member view his own datebase? Any code? If you want help, you'll need to explain more about what you need. If you're talking about a member login system, see http://www.killersitesuniversity.com/courses/view/php_login_with_oop_and_mvc Quote Link to comment Share on other sites More sharing options...
lov3boyz Posted July 5, 2012 Report Share Posted July 5, 2012 I mean that i use this basic Php System : view /edit/detele /add records + Member login , Any idea that we can make our user just can view his own database? Example : User A view /edit/detele /add records to A Database and cannot view DateBase of B and C User B view /edit/detele /add records to B Database and cannot view DateBase of A and C User C view /edit/detele /add records to A Database and cannot view DateBase of Aand B Does it Possbile ? Quote Link to comment Share on other sites More sharing options...
lov3boyz Posted July 5, 2012 Report Share Posted July 5, 2012 Hi Ben, can user having they own mysql database use this php apps? For example , I login using My ID then just only can view my data that i add/edit/delete ? Any idea or code for it ? this code i search at Google just now : SELECT * FROM table WHERE id_user = [id_login_user] ? How to add on it ? Sorry my english was so poor Quote Link to comment Share on other sites More sharing options...
Vasilis Posted September 23, 2012 Report Share Posted September 23, 2012 Hi, I am a new member and also new in php/mysql. Thanks a lot for the tutorial, it is a great help for people who just started learning php. I am trying to do something very similar with the tutorial but keep getting an sql error when I try to add a new record. The only difference is that I have some extra fields : "from" "to" "reason" are varchar, "amount" is a decimal and "date" is a timestamp. I am using a form just like the tutorial to add new data: <form action="" method="post"> <div> <strong>From: *</strong> <input type="text" name="from" value="<?php echo $fromm; ?>" /><br/> <strong>To: *</strong> <input type="text" name="to" value="<?php echo $too; ?>" /><br/> <strong>Amount: *</strong> <input type="text" name="amount" value="<?php echo $amountt; ?>" /><br/> <strong>Reason: *</strong> <input type="text" name="reason" value="<?php echo $reasonn; ?>" /><br/> <p>* required</p> <input type="submit" name="submit" value="Submit"> </div> </form> but get an error for this part: // save the data to the database mysql_query("INSERT connections SET from='$from', to='$to', amount='$amount', reason='$reason', date=NOW()") or die(mysql_error()); I would appreciate if someone could help Thanks! Quote Link to comment Share on other sites More sharing options...
falkencreative Posted September 23, 2012 Author Report Share Posted September 23, 2012 What is the exact error message that you are getting? Quote Link to comment Share on other sites More sharing options...
Vasilis Posted September 23, 2012 Report Share Posted September 23, 2012 What is the exact error message that you are getting? Hi Ben, Thanks for the fast reply. I get this: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from='George', to='Paul', amount='3.5', reason='something', date=NOW()' at line 1 Would it help if I paste all the code from new.php? Thanks Quote Link to comment Share on other sites More sharing options...
falkencreative Posted September 23, 2012 Author Report Share Posted September 23, 2012 Personally, I would open up PHPMyAdmin and try pasting the query into a SQL query field (open up your database in PHPMyAdmin and look for the SQL tab). I'm not immediately seeing an issue with the query (though I could be missing something obvious) so entering it into PHPMyAdmin should give you a more specific error message. Quote Link to comment Share on other sites More sharing options...
falkencreative Posted September 23, 2012 Author Report Share Posted September 23, 2012 Actually after giving it more thought, I think I know what is going on -- "from" is a reserved word in MySQL (see http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html). Personally, I would change that column in the database to something else, or use backticks to escape it (see the first solution on http://serverfault.com/questions/124083/mysql-how-to-quote-or-escape-field-names). Quote Link to comment Share on other sites More sharing options...
Vasilis Posted September 23, 2012 Report Share Posted September 23, 2012 Personally, I would open up PHPMyAdmin and try pasting the query into a SQL query field (open up your database in PHPMyAdmin and look for the SQL tab). I'm not immediately seeing an issue with the query (though I could be missing something obvious) so entering it into PHPMyAdmin should give you a more specific error message. I tried that, but it shows me the same generic error. Does it matter that I am not mentioning the id? (it has an AUTO_INCREMENT attribute) Or maybe there is an error with my php? Cheers Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.