Admin panel - Creating an edit users button - html

I've created an admin panel on my website so when the admin logs in he can edit users. I'm trying to get it to create a table that displays a list of all the users on the database, however, when I run it I get the error:
No database selected
Here is the code in my editusers.php:
<?php
include 'adminpage.php';
include 'connection.php';
$sql = "SELECT * FROM Users";
$result = mysql_query($sql)or die(mysql_error());
echo "<table>";
echo "<tr><th>UserID</th><th>First Name</th><th>Last Name</th><th>Email</th><th>D-O-B</th></tr>Username</th><th>Password</th><th>";
while($row = mysql_fetch_array($result)){
$userid = $row['UserID'];
$firstname = $row['FirstName'];
$lastname = $row['LastName'];
$email = $row['Email'];
$dob = $row['DateofBirth'];
$username = $row['Username'];
$password = $row['Password'];
// Now for each looped row
echo "<tr><td style='width: 200px;'>".$userid."</td><td style='width: 200px;'>".$firstname."</td><td>".$scale."</td><td>".$lastname."</td><td>".$email."</td></tr>".$dob."</td></tr>".$username."</td></tr>".$password."</td></tr>";
} // End our while loop
echo "</table>"
?>

First of all it looks like you are using mysql which isn't a wise move. This is because Mysql is actually deprecated and was improved to mysqli. Your problem may be to do with your database connection. You also haven't set a database. Like I said you can set an active database in your connection script. It should or could look something like this.
<?php
$conn = mysqli_connect("localhost", "root", "password", "database");
// Evaluate the connection
if (mysqli_connect_errno()) {
echo mysqli_connect_error();
exit();
}
?>
After that, your sql query is correct by selecting all from you table 'users' but in order to proceed I recommend creating a query where you use mysqli_query an select the $sql and $conn as parameters. In all honesty it is much advised to stop and continue once you have adapted to mysqli. Alternatively you can use PDO which in some cases can be seen as better to use rather than mysqli but the choice is yours. I personally would get to grips with mysqli and then look at some answers on Stack Overflow to decide whether you should use PDO or not. Visit the PHP manual here. Enter all the mysql functions you know and it will show you how to use the new mysqli version of the functions. Don't think that it is as simple as just adding and 'i' to the end of a mysql function. That's what I initially thought but there is alot to do with extra parameters etc. Hope this helps :-)

Related

SQL insert is not working

Please can someone help? The code below seems to work and gives no errors, but when I check the database, it hasn't added anything. Tearing my hair out!
<?php
$bcode = $_GET['barcode'];
$businessid = $_GET['businessid'];
$servername = "---------";
$username = "-------";
$password = "-------";
// Create connection
$conn = new mysqli($servername, $username, $password);
// Check connection
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "INSERT INTO 'db741921215'.'Scans' (Barcode, Success, Business) VALUES ('".$barcode."', 'Y', '".$businessid."')";
$con->close();
} ?>
The columns in table 'Scans' is as below:
Help is very, very much appreciated!!!
I see a couple things - use backticks "`" around your table name definitions, not single quotes. Also, save yourself some eye strain and use the fact that PHP interpolates variables just fine within doublequoted strings.
$sql = "INSERT INTO `db741921215`.`Scans`
(Barcode, Success, Business)
VALUES
('$barcode', 'Y', '$businessid')";
Also - you never actual execute the query, do you?
$conn->query($sql);
You seem to be missing the step where you execute the sql statement
I can see where you define it but I don't see where it's executed. i.e.
$conn->query($sql);
Also, you seem to be missing a letter when closing the connection: $con->close() should be $conn->close();

What's the best way to fetch an array

Alright, so I believe that there is a better way that I can fetch an array from the database, here's the code right now that I have.
$id = 1;
$userquery = mysql_query("SELECT * FROM login WHERE id='$id'");
while($row = mysql_fetch_array($userquery, MYSQL_ASSOC)) {
$username = $row['username'];
$password = $row['password'];
$email = $row['email'];
}
So If I am not wrong, you want a better way to get all the returned rows from mysql in a single statement, instead of using the while loop.
If thats the case, then I must say mysql_ drivers do not provide any such functionality, which means that you have to manually loop through them using foreach or while.
BUT, since mysql_ is already depricated, you are in luck! you can actually switch to a much better and newer mysqli_ or the PDO drivers, both of which DO actually have functions to get all the returned rows.
For mysqli_: mysqli_result::fetch_all
For PDO : PDOStatement::fetchAll
Eg.
mysqli_fetch_all($result,MYSQLI_ASSOC);
// The second argument defines what type of array should be produced
// by the function. `MYSQLI_ASSOC`,`MYSQLI_NUM`,`MYSQLI_BOTH`.
Like the comments already told you: PHP's mysql driver is deprecated. And you should use prepared statements and parameters.
for example in PDO your code would look something like this:
//connection string:
$pdo= new PDO('mysql:host=localhost;dbname=my_db', 'my_user', 'my_password');
//don't emulate prepares, we want "real" ones:
$pdo->setAttribute(PDO::ATTR_EMULATE_PREPARES, false);
//use exception-mode if you want to use exception-handling:
$pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$id = 1;
//it's always better to strictly use backticks for db-names (db, tables, fields):
$sql = "SELECT * FROM `login` WHERE `id` = :id";
try
{
//create your prepared statement:
$stmt = $pdo->prepare($sql);
//bind a parameter and explicitly use a parameter of the type integer (in this case):
$stmt->bindParam(":id", $id, PDO::PARAM_INT);
//execute the query
$stmt->execute();
}
catch(PDOException $e)
{
exit("PDO Exception caught: " . $e->getMessage());
}
while($row = $stmt->fetch(PDO::FETCH_ASSOC))
{
$username = $row['username'];
$password = $row['password'];
$email = $row['email'];
}
here you go: your PHP-MySQL routine is save against SQL-injections now and no longer uses deprecated PHP-functions! it's kinda state of the art ;)

Using PDO_MYSQL DSN and Adding Attributes to the Array

I'm trying to create a secure, SQL-injection proof connection to a database using PDO. I've know certain character sets are vulnerable, but that UTF-8 is not one of them. I also know that I should turn PDO's prepared statement emulation mode off. Below is the code that I've put together for the connection. My question is twofold.
Can someone please take a look at my code below to make sure that I'm doing everything correctly? I've tested it, and it works. But is there something else I could add to make it more secure or am I doing it right?
I'm not 100% positive that my syntax for what's inside the array is correct, though I don't get any errors when I do an insert, so I'm inclined to believe that it is. However, is there a way to test or confirm that those attributes are actually being set? Or can someone tell by looking that the syntax is correct and those attributes are definitely being set?
Thanks for any help in advance. My full code for the database connection and an insert using a prepared statement is below.
function addItem($category, $item, $price) {
$dsn = 'mysql:host=localhost;dbname=myDatabase;charset=utf8';
$username = "myUsername";
$password = "myPassword";
$options = array(
PDO::ATTR_EMULATE_PREPARES => false,
PDO::ATTR_ERRMODE => PDO::ERRMODE_EXCEPTION
);
try {
$link = new PDO($dsn, $username, $password, $options);
$query = $link->prepare("INSERT INTO items (category, item, price)
VALUES (:category, :item, :price)");
$query->bindParam(':category', $category);
$query->bindParam(':item', $item);
$query->bindParam(':price', $price);
$query->execute();
echo "New item added successfully";
}
catch(PDOException $e) {
echo "Error: " . $e->getMessage();
}
$link = null;
}

Parse json object from table via php connected to phpmyadmin

I'm using a json-parser in Xcode to fetch a table from phpmyadmin. The parser gets (or should get) the json-formated document via a php-file uploaded on my ftp-server. The file is successfully parsed but it doesn't recognize any objects. I think this is because there are multiple arrays in the json-document.
When there's only one entry the document looks like this:
[{"id":"1","Name":"Eric","Message":"first from web"}]
but when i add an entry it looks like this:
[{"id":"1","Name":"Eric","Message":"first from web"}]
[{"id":"1","Name":"Eric","Message":"first from web"},{"id":"6","Name":"Claes","Message":"Hurrburr"}]
As you can see the old array (containing only the single entry) is still there in the second array with both entries.
I suspect the problem is that the old arrays are still there when i update the database because when i tried parsing the json document with only one entry (only one array) it worked.
So my question is first if thereĀ“s something i missed in my code, or if you know why the old arrays are still there when I update the database or how to remove all previous arrays when the document is updating.
Here is my .php-file:
<?php
$username = "perhaps not sharing this information";
$password = "or this";
$database = "nah";
mysql_connect("the server url",$username, $password);
#mysql_select_db($database) or die("Error here");
$query = "SELECT * FROM debug_db";
$result = mysql_query($query) or die(mysql_error());
$num = mysql_numrows($result);
mysql_close();
$rows = array();
while($r = mysql_fetch_assoc($result))
{
$rows[] = $r;
echo json_encode($rows);
}
?>
And check out the json-document at: http://app.levinnovation.se/getjson.php
Thank you!

Need help connecting to my Mysql database on local server

I'm quite new to databases and have no idea where I have gone wrong. Please help me find out why I can't connect to my database.
I'm getting an error with Dreamweaver - Dynamicaly-related files cannot be discovered because there is no site definition for this document
My Site root is located in htdocs.
the main file I'm trying to run is "dataquery.php" - htdocs/LetsPlays/dataquery.php
<?php
include 'includes/databaseform.php';
$query = "SELECT * FROM userchanel";
$result = mysql_query($query);
while($person = mysql_fetch_array($result));
{
echo $person['chanelurl'];
}
?>
Dataquery is connected to "databaseform.php" - htdocs/LetsPLays/includes/databaseform.php
<?php
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass ='';
$db = 'mysql_tut';
$conn = mysql_connect($dbhost,$dbuser,$dbpas);
mysql_select_db($userchanel);
?>
So I'm trying to connect to userchanel table through user tbl
screenshot: http://imageshack.us/f/23/usertbl.png/
Files run through wordpress are set up to run on 127.0.0.1
Please help me.
Sorry for the noobishness! I have no idea what I'm missing!
When I run the html file all I get is a blank page!
Replace the line
$conn = mysql_connect($dbhost,$dbuser,$dbpas);
with
$conn = mysql_connect($dbhost,$dbuser,$dbpass);
notice the double 's' on $dbpass, also if I may you should not rely on deprecated features when writing new code, use PDO instead, also don't login to db as root, create a user, don't be lazy, with that your database connection code should like:
<?php
$db = new PDO('mysql:dbname=databasename', 'username', 'password',
array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8"));
the init command is not actually necessary I just included it cause I always use it, while the querying could be done as
<?php
include 'includes/databaseform.php';
$query = $db->prepare("SELECT * FROM userchanel");
$query->execute();
while(($person = $query->fetch(PDO::FETCH_ASSOC)) !== false);
{
echo $person['chanelurl'];
}
If you're only using one column you should fetch only that as below:
<?php
include 'includes/databaseform.php';
$query = $db->prepare("SELECT chanelurl FROM userchanel");
$query->execute();
while(($channelurl = $query->fetch(PDO::COLUMN)) !== false);
{
echo $channelurl;
}
I didn't include closing braces for php code as they are not necessary also do some error checking var_dump($db->errorInfo()); and var_dump($query->errorInfo()); - didn't include this in the code as I only use them in checking any issues with my code, good luck!
instead of htdocs/LetsPlays/dataquery.php
try localhost/dataquery.php
I recommend you to make and additional file for database connection and include it anywhere you need. Because when you need to push project live you need to change in every file incase file is includeed you need to change just at one place and it effects every where connection for localhost is
<?php
// Replace the variable values below
// with your specific database information.
$host = "localhost";
$user = "root";
$pass = "";
$db = "yourdatabase";
// This part sets up the connection to the
// database (so you don't need to reopen the connection
// again on the same page).
$ms = mysql_pconnect($host, $user, $pass);
if ( !$ms )
{
echo "Error connecting to database.\n";
}
// Then you need to make sure the database you want
// is selected.
mysql_select_db($db);
?>
Save all the above code in one file save it as dbConfig.php and include it any where
like
include ("dbConfig.php");
Now in that file you are connected to db you can interact with database.