How to solve this problem?

Question

How to solve this problem?

<!doctype html>
<html lang="EN">
the <head>
<title>Admin panel</title>
</head>
the <body>
<?php

 $link = mysqli_connect("localhost", "root", "", "practice"); // Connect to the database

 // I swear, if the connection could not be established
 if (!$link) {
 echo 'cannot connect to the database. Error code: '. mysqli_connect_errno() . 'error:' . mysqli_connect_error();
exit;
}

 //If the variable Name passed
 if (isset($_POST["Username"])) {
 //If it is update request, updating
 if (isset($_GET['red_id'])) {
 $sql = mysqli_query($link, "UPDATE `users` SET `username` = '{$_POST['username']}',`email` = '{$_POST['email']}',`password` = '{$_POST['password']}',`role` = '{$_POST['role']}' WHERE `id`={$_GET['red_id']}");
 } else {
 //Otherwise, insert the data, putting them in the query
 $sql = mysqli_query($link, "INSERT INTO `users` (`username`, `email`, `password`, `role`) VALUES ('{$_POST['username']}', '{$_POST['email']}', '{$_POST['password']}', '{$_POST['role']}')");
}

 //If the insert was successful
 if ($sql) {
 echo '<p>Successfully!</p>';
 } else {
 echo '<p>an error Occurred: '. mysqli_error($link) . '</p>';
}
}

 if (isset($_GET['del_id'])) { //check whether the variable
 //delete the row from the table
 $sql = mysqli_query($link, "DELETE FROM `users` WHERE `ID` = {$_GET['del_id']}");
 if ($sql) {
 echo "<p>Item deleted.</p>";
 } else {
 echo '<p>an error Occurred: '. mysqli_error($link) . '</p>';
}
}

 //If the passed variable red_id, it is necessary to update the data. To start we'll get them from the database
 if (isset($_GET['red_id'])) {
 $sql = mysqli_query($link, "SELECT `ID`, `username`, `email`, `password`, `role` FROM `users` WHERE `ID`={$_GET['red_id']}");
 $user = mysqli_fetch_array($sql);
}
?>
 <form action="" method="post">
<table>
the <tr>
 <td>user Name:</td>
 <td><input type="text" name="Username" value="<?= isset($_GET['red_id']) ? $user['Username'] : "; ?>"></td>
</tr>
the <tr>
<td>E-mail:</td>
 <td><input type="text" name="Email" size="3" value="<?= isset($_GET['red_id']) ? $user['Email'] : "; ?>"></td>
</tr>
the <tr>
<td>Password:</td>
 <td><input type="text" name="Password" size="3" value="<?= isset($_GET['red_id']) ? $user['Password'] : "; ?>"></td>
</tr>
the <tr>
<td>Role:</td>
 <td><input type="text" name="Role" size="3" value="<?= isset($_GET['red_id']) ? $user['Role'] : "; ?>"></td>
</tr>
the <tr>
 <td colspan="2"><input type="submit" value="OK"></td>
</tr>
</table>
</form>
 <table border='1'>
the <tr>
<td>ID</td>
 <td>user Name</td>
<td>E-mail</td>
<td>Password</td>
<td>Role</td>
<td>Delete</td>
<td>Change</td>
</tr>
<?php
 $sql = mysqli_query($link, 'SELECT `ID`, `Username`, `Email`, `Password`, `Role` FROM `users`);
 while ($result = mysqli_fetch_array($sql)) {
 echo '<tr>' .
 "<td>{$result['ID']}</td>" .
 "<td>{$result['Username']}</td>" .
 "<td>{$result['Email']}</td>" .
 "<td>{$result['Password']}</td>" .
 "<td>{$result['Role']}</td>" .
 "<td><a href='?del_id={$result['ID']}'>Delete</a></td>" .
 "<td><a href='?red_id={$result['ID']}'>Edit</a></td>" .
'</tr>';
}
?>
</table>
 <p><a href="?add=new">Add new product</a></p>
</body>
</html>
<code>

PHP

ova_Connel asked April 19th 20 at 12:16

Related questions

More answers about "How to solve this problem?"

1 answer

Keaton answered on · Answer 1 · 2020-04-19T10:18:50.228Z

Keaton answered on April 19th 20 at 12:18

To read the logs to see the syntax error in the query and remove the extra comma.

here again, you and your logs.
where this will take? - Lucile8 commented on April 19th 20 at 12:21

And where is it unnecessary? - ova_Connel commented on April 19th 20 at 12:24

@ova_Connel, `Role` FROM `users` - karli.Bruen commented on April 19th 20 at 12:27

@karli.Bruen, Yes that I have already explained. Only now the buttons have stopped working. If you change the data in the form clears all data from the row, except for id number - ova_Connel commented on April 19th 20 at 12:30

@ova_Connel, print_r help you, learn to debug, where it means that there are more schools - karli.Bruen commented on April 19th 20 at 12:33

@ova_Connel, well, not simple movements with quotes and concatenation, remove these curly brackets of the variables

'<td><a href="?del_id=' . $result['ID'] . '">Delete</a></td>' .
 //

- karli.Bruen commented on April 19th 20 at 12:36

@ova_Connel, use fetch_assoc you don't need the extra data, well, at least to INTA fuchuan to chastity parameters ID of het in queries - karli.Bruen commented on April 19th 20 at 12:39

@karli.Bruen, yeah. Once again, now all the code went to crap - ova_Connel commented on April 19th 20 at 12:42

@karli.Bruen, but I do not agree. Double quotes for strings, concatenate to format, curly braces to denote variables in rows - all very comfortable and quite kosher. The original version was perfect. - Merl commented on April 19th 20 at 12:45

@ova_Connel, by the way, in your code you have no protection from SQL injections. When using these holes the hacker would kill the database will hurt... - Merl commented on April 19th 20 at 12:48

@Merl, probably a matter of taste, I do not write HTML in double quotes and not use the braces, and the concatenation of separate variable - karli.Bruen commented on April 19th 20 at 12:51

@Merl, Yes, I do it for the course. I'll even host it will not spread. Purely on LAN show all - ova_Connel commented on April 19th 20 at 12:54

@ova_Connel, then sincerely soverow your teacher to take a long line, and you add the rod at a long and steady memory that you can'T DO that! If you teach, and will teach exactly what to do - that is sabotage, rather than study. - Merl commented on April 19th 20 at 12:57

@Merl, about functions I can tell what's wrong? In the source code that I care about - it works, and is not in any. If you want, you can throw the source code - ova_Connel commented on April 19th 20 at 13:00

@Lucile8, And you don't know where logs come from. And don't "poke", please, we are with you on the brotherhood did not drink. - Keaton commented on April 19th 20 at 13:03

@ova_Connel, you ultimately want for you the entire course wrote because you can't understand a word in your code.
Usually it appeal to more Soobrazitelny classmates who are not averse to earn extra money - Lucile8 commented on April 19th 20 at 13:06

@Keaton, I don't know. tell me.
What specific log you mean? - Lucile8 commented on April 19th 20 at 13:09

@Lucile8, lol. I have the whole course already. I just need to solve the trouble with the change. If You read between the lines and only see what You need, then re-read again. Because I wrote that before adding the adjustments all worked, be careful, please. Thank you - ova_Connel commented on April 19th 20 at 13:12

@ova_Connel, he learn to read.
I never wrote that you have this code did not work.
I wrote you word it does not understand.
And in this case it is necessary to seek paid help to fellow students - Lucile8 commented on April 19th 20 at 13:15

@Lucile8, okay. You have the tick-tock of the brain, in conjunction with the stroke ass. With you to no avail to communicate, toxic - ova_Connel commented on April 19th 20 at 13:18

@Lucile8the fuck are you here at all then vysralsya. If you 0 help. You usles - ova_Connel commented on April 19th 20 at 13:21

for people like you - definitely.
can beg more - maybe someone will take pity and poke your nose - Lucile8 commented on April 19th 20 at 13:24

@ova_Connel, need to be protected from SQL injections. For example, one query:

$sql = mysqli_query($link, "DELETE FROM `users` WHERE `ID` = '".mysqli_real_escape_string($link, $_GET['del_id'])."'");

Or the second option, prepared queries:

$stmt = mysqli_prepare($link, "DELETE FROM `users` WHERE `ID` =?");
mysqli_stmt_bind_param($stmt, "s", $_GET['del_id']);
mysqli_stmt_execute($stmt);
mysqli_stmt_close($stmt);

And now about the second part of the question: what isn't working? What "here is not what"? Are you talking about? - Merl commented on April 19th 20 at 13:27

@Lucile8, look at your answers and immediately want to use the toilet, take a shit. Not one clear answer. Hmm... something about me trying to say - ova_Connel commented on April 19th 20 at 13:30

@Merl, this situation - when changing this clears all data from the string. In the source code everything works. The syntax I have not changed, just added a couple of variables.
Here is an example. Changed the user under the ID 5 in the end, all fields are cleared except the ID:

- ova_Connel commented on April 19th 20 at 13:33

@ova_Connel,
if (isset($_POST["Username"]))
..
SET `username` = '{$_POST['username']}' - Keaton commented on April 19th 20 at 13:36

@Keatonyeah. The change of register, the result has not changed - ova_Connel commented on April 19th 20 at 13:39

@Keaton, furthermore, he even stopped to clear the fields. Purely going on the link and all - ova_Connel commented on April 19th 20 at 13:42

@Keaton, it's Strange that this works, and mine doesn't:

<!doctype html>
<html lang="EN">
the <head>
<title>Admin panel</title>
</head>
the <body>
<?php
 $host = 'localhost'; // Host, we have everything locally
 $user = 'root'; // the name of the user you have just created
 $pass = "; // your password to the user
 $db_name = 'db'; // database Name
 $link = mysqli_connect($host, $user, $pass, $db_name); // Connect to the database

 // I swear, if the connection could not be established
 if (!$link) {
 echo 'cannot connect to the database. Error code: '. mysqli_connect_errno() . 'error:' . mysqli_connect_error();
exit;
}

 //If the variable Name passed
 if (isset($_POST["Name"])) {
 //If it is update request, updating
 if (isset($_GET['red_id'])) {
 $sql = mysqli_query($link, "UPDATE `products` SET `Name` = '{$_POST['Name']}',`Price` = '{$_POST['Price']}' WHERE `ID`={$_GET['red_id']}");
 } else {
 //Otherwise, insert the data, putting them in the query
 $sql = mysqli_query($link, "INSERT INTO `products` (`Name`, `Price`) VALUES ('{$_POST['Name']}', '{$_POST['Price']}')");
}

 //If the insert was successful
 if ($sql) {
 echo '<p>Successfully!</p>';
 } else {
 echo '<p>an error Occurred: '. mysqli_error($link) . '</p>';
}
}

 if (isset($_GET['del_id'])) { //check whether the variable
 //delete the row from the table
 $sql = mysqli_query($link, "DELETE FROM `products` WHERE `ID` = {$_GET['del_id']}");
 if ($sql) {
 echo "<p>Item deleted.</p>";
 } else {
 echo '<p>an error Occurred: '. mysqli_error($link) . '</p>';
}
}

 //If the passed variable red_id, it is necessary to update the data. To start we'll get them from the database
 if (isset($_GET['red_id'])) {
 $sql = mysqli_query($link, "SELECT `ID`, `Name`, `Price` FROM `products` WHERE `ID`={$_GET['red_id']}");
 $product = mysqli_fetch_array($sql);
}
?>
 <form action="" method="post">
<table>
the <tr>
<td>Name:</td>
 <td><input type="text" name="name" value="<?= isset($_GET['red_id']) ? $product['Name'] : "; ?>"></td>
</tr>
the <tr>
<td>Price:</td>
 <td><input type="text" name="Price" size="3" value="<?= isset($_GET['red_id']) ? $product['Price'] : "; ?>"> RUB</td>
</tr>
the <tr>
 <td colspan="2"><input type="submit" value="OK"></td>
</tr>
</table>
</form>
 <table border='1'>
the <tr>
<td>Identifier</td>
<td>Name</td>
<td>Price</td>
<td>Delete</td>
<td>Edit</td>
</tr>
<?php
 $sql = mysqli_query($link, 'SELECT `ID`, `Name`, `Price` FROM `products`);
 while ($result = mysqli_fetch_array($sql)) {
 echo '<tr>' .
 "<td>{$result['ID']}</td>" .
 "<td>{$result['Name']}</td>" .
 "<td>{$result['Price']} ₽</td>" .
 "<td><a href='?del_id={$result['ID']}'>Delete</a></td>" .
 "<td><a href='?red_id={$result['ID']}'>Edit</a></td>" .
'</tr>';
}
?>
</table>
 <p><a href="?add=new">Add new product</a></p>
</body>
</html>
<code>

- ova_Connel commented on April 19th 20 at 13:45

Because a letter is an uppercase letter and uppercase are different characters.

$sql = mysqli_query($link, "INSERT INTO `users` (`username`, `email`, `password`, `role`) VALUES ('".mysqli_real_escape_string($link, $_POST['Username'])."', '".mysqli_real_escape_string($link, $_POST['Email'])."', '".mysqli_real_escape_string($link, $_POST['Password'])."', '".mysqli_real_escape_string($link, $_POST['Role'])."')");

- Merl commented on April 19th 20 at 13:48