LiquidFire Posted April 20, 2012 Report Posted April 20, 2012 Would u mind helping me with how to put the stripslashes and htmlspecialchars in, ima be honest im terrible at php D: Quote
uskolte Posted April 21, 2012 Report Posted April 21, 2012 Thank you. It is very good demo, I implemented it using ODBC. Quote
patymae Posted April 21, 2012 Report Posted April 21, 2012 Hello can someone please help me with an employee system? http://shrib.com/mysql http://shrib.com/systememp I have the code in that site, my problem is, the add.php is incorrect.:| Please help me Thank you Quote
falkencreative Posted April 21, 2012 Author Report Posted April 21, 2012 @LiquidFire: Within your ADMIN.php file, I believe you would want to change this line: echo '<td>' . mysql_result($result, $i, 'content') . '</td>'; to this: echo '<td>' . htmlspecialchars(mysql_result($result, $i, 'content')) . '</td>'; and within edit.php, you would want to chnage this line: $content = mysql_real_escape_string(htmlspecialchars($_POST['content'])); to this: $content = stripslashes(mysql_real_escape_string(htmlspecialchars($_POST['content']))); Quote
falkencreative Posted April 21, 2012 Author Report Posted April 21, 2012 @LadyMustache: Since you are working with different code than I have used at the start of this topic, why don't you make a new topic for your issue within the PHP section? If you can be more clear about what is wrong with add.php and what errors you are getting, that would be helpful. Quote
patymae Posted April 22, 2012 Report Posted April 22, 2012 @LadyMustache: Since you are working with different code than I have used at the start of this topic, why don't you make a new topic for your issue within the PHP section? If you can be more clear about what is wrong with add.php and what errors you are getting, that would be helpful. Thank you for replying! Sorry my bad. Quote
LiquidFire Posted April 23, 2012 Report Posted April 23, 2012 thanks for everything what you said to do is working just got 1 more problem with after i finish the edit (see attachment) Quote
manjularoshamp Posted May 4, 2012 Report Posted May 4, 2012 Hi Administrator, I am very happy for this post. And Thanks so much. I am beginner for PHP.So I have created my staff directory table within refer your post. I want editing my staff directory table. But if click on edit link come following error "You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '@dwu.ac.pg' at line 1" Please check bellow attachment from link. It has my database and php file. http://kithusara.org/download/manju/test.zip If you can help me , I appreciate so much. Thanks, Manjula. Quote
teke Posted May 15, 2012 Report Posted May 15, 2012 hi, how can sort columns ascendenting ? anyone can help me? Quote
ivankusuma Posted May 21, 2012 Report Posted May 21, 2012 Hi Administrator, I am very happy for this post. And Thanks so much. can u help me... how to make a id_level(AUTO_INCREMENT) in n group_level.. (1 administrator) (2 super_user) etc... with dropdown menu n if edit show all group not only choosen group sory for my bad english Quote
Gunny Posted May 22, 2012 Report Posted May 22, 2012 Hi Ben, Great example here, I have been mulling over a way to do this for days! I have obviously had to amend your code somewhat to fit in with my Database setup and required data. The edit.php is successfully pulling the data required. However when I edit the data and click on submit I am getting the Error displayed. I have amended the error messages to identify where the error is, but cannot locate the rror in the code. The error being thrown is for the id being invalid. Can you see where I have gone wrong in the below code at all? Many Thanks Gunny <?php /* EDIT.PHP Allows user to edit specific entry in database */ // creates the edit record form // since this form is used multiple times in this file, I have made it a function that is easily reusable function renderForm($id, $routenumber, $depicao, $arricao, $aircrafttype, $error) { ?> <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>Edit Record</title> </head> <body> <?php // if there are any errors, display them if ($error != '') { echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>'; } ?> <form action="" method="post"> <input type="hidden" name="id" value="<?php echo $id; ?>"/> <div> <p><strong>ID:</strong> <?php echo $id; ?></p> <strong>Route Number *</strong> <input type="text" name="route_number" value="<?php echo $routenumber; ?>"/><br/> <strong>Dep ICAO</strong> <input type="text" size="5" name="dep_icao" value="<?php echo $depicao; ?>"/><br/> <strong>Arr ICAO</strong> <input type="text" size="5" name="arr_icao" value="<?php echo $arricao; ?>"/><br/> <strong>Aircraft Type*</strong> <input type="text" name="aircraft_type" value="<?php echo $aircrafttype; ?>"/><br/> <p>* Required</p> <input type="submit" name="submit" value="Submit"> </div> </form> </body> </html> <?php } // connect to the database require_once 'connect.php'; $db_server = mysql_connect($db_hostname, $db_username, $db_password); if (!$db_server) die ("Unable to connect to MySQL: " . mysql_error()); mysql_select_db($db_database) or die("Unable to Select database: " . mysql_error()); // check if the form has been submitted. If it has, process the form and save it to the database if (isset($_POST['submit'])) { // confirm that the 'route_id' value is a valid integer before getting the form data if (is_numeric($_POST['route_id'])) { // get form data, making sure it is valid $id = $_POST['route_id']; $routenumber = mysql_real_escape_string(htmlspecialchars($_POST['route_number'])); $depicao = mysql_real_escape_string(htmlspecialchars($_POST['dep_icao'])); $arricao = mysql_real_escape_string(htmlspecialchars($_POST['arr_icao'])); $aircrafttype = mysql_real_escape_string(htmlspecialchars($_POST['aircraft_type'])); // check that firstname/lastname fields are both filled in if ($routenumber == '' || $depicao == '') { // generate error message $error = 'ERROR: Please fill in all required fields!'; //error, display form renderForm($id, $routenumber, $depicao, $arricao, $aircrafttype, $error); } else { // save the data to the database mysql_query("UPDATE route_info SET route_number='$routenumber', dep_icao='$depicao', arr_icao='$arricao', aircraft_type='$aircrafttype' WHERE route_id='$id'") or die(mysql_error()); // once saved, redirect back to the view page header("Location: va.php"); } } else { // if the 'route_id' isn't valid, display an error echo 'Error Invalid Route ID!'; } } else // if the form hasn't been submitted, get the data from the db and display the form { // get the 'route_id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0) if (isset($_GET['route_id']) && is_numeric($_GET['route_id']) && $_GET['route_id'] > 0) { // query db $id = $_GET['route_id']; $query = "Select * from route_info where route_id=$id"; $result = mysql_query($query); $row = mysql_fetch_array($result); // check that the 'route_id' matches up with a row in the databse if($row) { // get data from db $routenumber = $row['route_number']; $depicao = $row['dep_icao']; $arricao = $row['arr_icao']; $aircrafttype = $row['aircraft_type']; // show form renderForm($id, $routenumber, $depicao, $arricao, $aircrafttype, ''); } else // if no match, display result { echo "No results!"; } } else // if the 'route_id' in the URL isn't valid, or if there is no 'route_id' value, display an error { echo 'Error!'; } } ?> Quote
falkencreative Posted May 22, 2012 Author Report Posted May 22, 2012 @teke: You would use "ASC": http://php.about.com/od/learnmysql/p/SQL_order_by.htm @iv4n: That's a bit outside the scope of this tutorial, since it only covers add/remove/delete, not setting up an entire administrative system with login functionality. If you want something more complex, check out my PHP Login series on the KillerSites Video Library within the PHP section: http://killersites.com/video-library/ Quote
falkencreative Posted May 22, 2012 Author Report Posted May 22, 2012 @Gunny: You have a route_id set in your URL, correct? It should look like: edit.php?route_id=[number]. Route_id should be numeric -- only consisting of numbers -- otherwise you will get an error. Does that help get you started? Quote
Gunny Posted May 22, 2012 Report Posted May 22, 2012 @Gunny: You have a route_id set in your URL, correct? It should look like: edit.php?route_id=[number]. Route_id should be numeric -- only consisting of numbers -- otherwise you will get an error. Does that help get you started? Hi Ben, Yes my url ends like this editroute.php?route_id=13 Thanks for your help, I have been going over and over the code for hours now but still cannot find where the issue is! Cheers Gunny Quote
falkencreative Posted May 22, 2012 Author Report Posted May 22, 2012 After looking over your code, I think the issue is this -- on line 57 if (is_numeric($_POST['route_id']))") $_POST['route_id'] doesn't exist. Your form includes "id" or you can use $_GET['route_id'], but it doesn't use $_POST['route_id']. Quote
Gunny Posted May 22, 2012 Report Posted May 22, 2012 Ben, Hats of too you my friend you're a genius! I amended line 57 to if (is_numeric($_GET['route_id'])) and line 60 to $id = $_GET['route_id']; All is now working. Thank you so much for your assistance Take care, Gunny Quote
ichwara Posted May 22, 2012 Report Posted May 22, 2012 @Gunny: I have a problem with the numeric stuff. Is there a way the id should not be numeric? Quote
falkencreative Posted May 22, 2012 Author Report Posted May 22, 2012 @Gunny: I have a problem with the numeric stuff. Is there a way the id should not be numeric? You can modify the coding so that the id isn't numeric -- that isn't required. Quote
socoolraw Posted June 14, 2012 Report Posted June 14, 2012 Hi, Ben that is good coding. I have problem in delete and edit pages with "is_numeric". I think so! I cannot delete data whose Id is varchar and it is primary key in database but I can delete and edit data with numeric id in it. In this case I want to go with the type cast so that varchar can be recognize as numeric. I not able to understand the type cast implementation. Can you help me with this? Quote
falkencreative Posted June 15, 2012 Author Report Posted June 15, 2012 Take a look at intval() -- http://php.net/manual/en/function.intval.php The examples should be pretty clear, but as an example: $id = '42'; // a string $id = intval($id) // string converted to int ...this really sounds like a database issue. If you're dealing with numbers, you really should be using the int type in the database, not varchar. Quote
lov3boyz Posted July 4, 2012 Report Posted July 4, 2012 Hi Ben, I just start My Website just now , this app php was great but can we coding that our member view his own datebase? Any code? Quote
falkencreative Posted July 4, 2012 Author Report Posted July 4, 2012 Hi Ben, I just start My Website just now , this app php was great but can we coding that our member view his own datebase? Any code? If you want help, you'll need to explain more about what you need. If you're talking about a member login system, see http://www.killersitesuniversity.com/courses/view/php_login_with_oop_and_mvc Quote
lov3boyz Posted July 5, 2012 Report Posted July 5, 2012 I mean that i use this basic Php System : view /edit/detele /add records + Member login , Any idea that we can make our user just can view his own database? Example : User A view /edit/detele /add records to A Database and cannot view DateBase of B and C User B view /edit/detele /add records to B Database and cannot view DateBase of A and C User C view /edit/detele /add records to A Database and cannot view DateBase of Aand B Does it Possbile ? Quote
lov3boyz Posted July 5, 2012 Report Posted July 5, 2012 Hi Ben, can user having they own mysql database use this php apps? For example , I login using My ID then just only can view my data that i add/edit/delete ? Any idea or code for it ? this code i search at Google just now : SELECT * FROM table WHERE id_user = [id_login_user] ? How to add on it ? Sorry my english was so poor Quote
Vasilis Posted September 23, 2012 Report Posted September 23, 2012 Hi, I am a new member and also new in php/mysql. Thanks a lot for the tutorial, it is a great help for people who just started learning php. I am trying to do something very similar with the tutorial but keep getting an sql error when I try to add a new record. The only difference is that I have some extra fields : "from" "to" "reason" are varchar, "amount" is a decimal and "date" is a timestamp. I am using a form just like the tutorial to add new data: <form action="" method="post"> <div> <strong>From: *</strong> <input type="text" name="from" value="<?php echo $fromm; ?>" /><br/> <strong>To: *</strong> <input type="text" name="to" value="<?php echo $too; ?>" /><br/> <strong>Amount: *</strong> <input type="text" name="amount" value="<?php echo $amountt; ?>" /><br/> <strong>Reason: *</strong> <input type="text" name="reason" value="<?php echo $reasonn; ?>" /><br/> <p>* required</p> <input type="submit" name="submit" value="Submit"> </div> </form> but get an error for this part: // save the data to the database mysql_query("INSERT connections SET from='$from', to='$to', amount='$amount', reason='$reason', date=NOW()") or die(mysql_error()); I would appreciate if someone could help Thanks! Quote
falkencreative Posted September 23, 2012 Author Report Posted September 23, 2012 What is the exact error message that you are getting? Quote
Vasilis Posted September 23, 2012 Report Posted September 23, 2012 What is the exact error message that you are getting? Hi Ben, Thanks for the fast reply. I get this: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'from='George', to='Paul', amount='3.5', reason='something', date=NOW()' at line 1 Would it help if I paste all the code from new.php? Thanks Quote
falkencreative Posted September 23, 2012 Author Report Posted September 23, 2012 Personally, I would open up PHPMyAdmin and try pasting the query into a SQL query field (open up your database in PHPMyAdmin and look for the SQL tab). I'm not immediately seeing an issue with the query (though I could be missing something obvious) so entering it into PHPMyAdmin should give you a more specific error message. Quote
falkencreative Posted September 23, 2012 Author Report Posted September 23, 2012 Actually after giving it more thought, I think I know what is going on -- "from" is a reserved word in MySQL (see http://dev.mysql.com/doc/refman/5.5/en/reserved-words.html). Personally, I would change that column in the database to something else, or use backticks to escape it (see the first solution on http://serverfault.com/questions/124083/mysql-how-to-quote-or-escape-field-names). Quote
Vasilis Posted September 23, 2012 Report Posted September 23, 2012 Personally, I would open up PHPMyAdmin and try pasting the query into a SQL query field (open up your database in PHPMyAdmin and look for the SQL tab). I'm not immediately seeing an issue with the query (though I could be missing something obvious) so entering it into PHPMyAdmin should give you a more specific error message. I tried that, but it shows me the same generic error. Does it matter that I am not mentioning the id? (it has an AUTO_INCREMENT attribute) Or maybe there is an error with my php? Cheers Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.