Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 7 years ago.
Improve this question
I'm having a problem with my PHP. I would like to send data from my page to another page. But it's all in PHP. I need to take an input value and a combobox value. And I don't know how to do it.
Here's my PHP :
<?php
session_start();
$q = intval($_GET['q']);
$db = mysql_connect('localhost', 'root', 'root');
mysql_select_db('Projet',$db);
$sql2 = "select IDControle, NomControle from Controle WHERE IDUser='".$_SESSION['id']."'";
$req2 = mysql_query($sql2) or die('Erreur SQL !<br>'.$sql2.'<br>'.mysql_error());
echo'<select id="controleChoix" name="controleChoix">';
while ($data2 = mysql_fetch_array($req2)){
echo '<option value="'.$data2['IDControle'].'">'.$data2['NomControle'].'</option>';
}
echo '</select>';
echo '<input type="hidden" name="selected_text" id="selected_text" value="" />';
$sql = "select ID, Nom, Prenom from User where Groupe ='".$q."'";
$req = mysql_query($sql) or die('Erreur SQL 2!<br>'.$sql.'<br>'.mysql_error());
echo '<ul class="list-group">';
while ($data = mysql_fetch_array($req)){
echo '<li class="list-group-item"><strong>Nom</strong> : '.$data['Nom'].' <br> <strong>Prénom</strong> : '.$data['Prenom'].'<br>';
echo '<input type="text" name="note" id="note"/> ';
echo '<a class="label label-success" href="ajouterNote.php?var1='.$data2['IDControle'].'&var2='.$data['ID'].'&var3='.$test.'"><i class="fa fa-fw fa-check"></i></a></li>';
}
echo '</ul>';
echo '<a class="btn btn-primary" href="#">Ajouter toutes les notes</i></a></li>';
?>
I need to send the input note.value, the select controleChoix.value and the intval q that I've received from another page.
As you already seem to use SESSIONS, you could easily transfer your data from one page to another using these $_SESSION variables.
https://secure.php.net/manual/en/book.session.php
edit: Please keep in mind that this isn't secure at all. The values can easily be changed by the user. Using this you might want to validate the values first, before using.
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 2 years ago.
Improve this question
So I've this admin-dashboard where I want to click on the options link which will take me to another page or show a modal of that particular person's details.
So basically, I want to get the ID of one particular person and send it to backend for query and display the details.
My doctor-details.php file
<?php
require('config.php');
$sql = "SELECT * FROM doctor";
$result = mysqli_query($conn, $sql);
$count = mysqli_num_rows($result);
if($count > 0){
while($rows = mysqli_fetch_array($result)){
?>
<tr>
<td><?php echo $rows['id'];?> </td>
<td><?php echo $rows['f_name'];?></td>
<td><?php echo $rows['l_name'];?></td>
<td><?php echo $rows['email'];?></td>
<td><?php echo $rows['contact_number'];?></td>
<td><?php echo $rows['gender'];?></td>
<td> Options</td>
</tr>
<?php
}
}
?>
my ajax code for doctor's details
//For Doctor
$(document).ready(function(){
$("#load-doctor-data").click(function(){
$.ajax({
url: 'views/admin/doctor-details.php',
type: 'POST',
success: function(result){
$("#response-doctor").html(result);
}
});
});
});
//Hide table on login
$("#show-doctor-details").hide();
$(document).ready(function(){
$("#load-doctor-data").click(function(){
$("#show-doctor-details").show();
$("#show-patient-details").hide();
});
});
window.addEventListener('load', function() {
var trs = document.getElementById('response-doctor').querySelectorAll('tr');
for (var i = 0; i < trs.length; i++) {
var tds = trs[i].querySelectorAll('td');
tds[tds.length-1].querySelector('a').setAttribute('href', '/user/'+tds[0].innerHTML);
}
});
My bad, this sloution more easier (inside doctor-details.php):
<td> Options</td>
You can make entire table row as link
For example:
<tr a="profile.php?id=<?php echo $rows['id'?];">
...
<tr>
This is how you can add link on every row which leads you to profile.php file where you can show personal information. When you are in profile.php you can access person's id with $_GET['id'] and fetch data from database using this id. If you are looking for more detailed answer don't hesitate to ask.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 6 years ago.
Improve this question
I have 2 select 2 drop down list. One is for country and one is for city . So now, I want to select country and my city select 2 should only load all based on my country selection. How is that possible?
You can create form scratch http://www.yiiframework.com/wiki/723/creating-a-dependent-dropdown-from-scratch-in-yii2/ or use a proper extension http://demos.krajee.com/widget-details/depdrop
You cand this code in form
<?php $Country= ArrayHelper::map(Country::find()->all(),'id', 'country_name');?>
<?php echo $form->field($model, 'country')->dropDownList($Country,
['prompt'=>'-Choose a Category-',
'onchange'=>'
$.post( "'.urldecode(Yii::$app->urlManager->createUrl('country/lists&id=')).'"+$(this).val(), function( data ) {
$( "select#city_id" ).html( data );
});
']); ?>
<?php echo $form->field($model, 'city')->dropDownList(
['prompt'=>'-Choose a Sub Category-'],
['id'=>'city_id']
);?>
<div class="form-group">
<?= Html::submitButton($model->isNewRecord ? 'Create' : 'Update', ['class' => $model->isNewRecord ? 'btn btn-success' : 'btn btn-primary']) ?>
</div>
<?php ActiveForm::end(); ?>
and create list action in controller
public function actionLists($id)
{
$sql = "select * from city where country_id ='$id' ";
$models = City::findBySql($sql)->asArray()->all();
if(sizeof($models) >0)
{
echo "<option value="">-Choose City-</option>";
foreach($models as $model)
{
echo "<option value='".$model['id']."'>".$model['city_name']."</option>";
}
}
else
{
echo "<option>-Choose a Sub City-</option><option></option>";
}
}
Closed. This question needs debugging details. It is not currently accepting answers.
Edit the question to include desired behavior, a specific problem or error, and the shortest code necessary to reproduce the problem. This will help others answer the question.
Closed 7 years ago.
Improve this question
I want to select multiple items to delete the records in the database. But i am not being able to. My delete.php is fine. How can i use it to delete multiple selected items. I just created a checkbox. How can i make that checkbox work.
echo"<TR><TD>Select</td><TD>S.N.</td><td><B>Full Name</B></td><td><B>Options</B></td></TR>";
while ($myrow = $result->fetch_assoc())
{
echo "<tr><td><input type='checkbox'name='mycheck'onclick='toggleform('document.myform','mycheck','ptext')'></td>";
echo "<TD>".$myrow['id']."</TD>";
echo "<TD>".$myrow['name']." </TD>";
echo "<TD>View ";
echo "Delete ";
echo "Edit";
}
<input type="button" name= "ptext" value="Delete selected">
You have to create checkbox name as array type i.e. mycheck[]. Then, In delete_all.php page, find total checked checkbox and delete it accordingly.
<form method='POST' action="delete_all.php">
<?php
echo"<TR><TD>Select</td><TD>S.N.</td><td><B>Full Name</B></td><td><B>Options</B></td></TR>";
while ($myrow = $result->fetch_assoc())
{
echo "<tr><td><input type='checkbox' name='mycheck[]' value=".$myrow['id']."></td>";
echo "<TD>".$myrow['id']."</TD>";
echo "<TD>".$myrow['name']." </TD>";
echo "<TD>View ";
echo "Delete ";
echo "Edit";
}
?>
<input type="submit" name= "ptext" value="Delete selected">
</form>
delete_all.php
<?
extract($_POST);
$totalCheckboxChecked = sizeof($mycheck);
for($i=0;$i<$totalCheckboxChecked;$i++)
{
$idToDelete = $mycheck[$i];
echo "DELETE FROM table_Name WHERE id_ColumnName = '$idToDelete'";
// Execute Your Querys
}
?>
Are you getting all ids on the delete.php page? if yes then simple use
DELETE FROM tableName
WHERE id IN ($id1 , $id2 , $id3 , etc);
if not, The way i would do it is, i would use form, and then post it in the delete.php page using method post, and then simply take the values from super global
$_POST[]
and use the above query, hope this helps.
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I want to know how to prevent this type of xss, i've been trying for about 4 hours but nothing works.
"><img+src%3Dx+onerror%3Dprompt('XSS')>
This is what I use to prevent xss:
$term = mysql_real_escape_string($_GET['term']);
$term = strip_tags($term);
This is how I print the results:
echo "<i>Search results for <b>" . strip_tags($term) . "</b> based on the <b>Name</b> of the servers</i><br /><br />";
Here is my full php code:
<?php
$term = strip_tags($_GET['term']);
$keywords = preg_split('#\s+#', $term);
$c = 0;
foreach($keywords as $keyword){
if(strlen($keyword) < 3){
$c++;
}
}
if($c > 0){
$errors[] = "One of the keywords you entered is too short.";
}
if(strlen($term) < 4){
$errors[] = "Search string too short!";
}
if(empty($errors) !== true){
echo output_errors($errors);
} else {
echo "<i>Search results for <b>" . strip_tags($term) . "</b> based on the <b>Name</b> of the servers</i><br /><br />";
$name_where = "`name` LIKE '%" . implode("%' OR `name` LIKE '%", $keywords) . "%'";
$query = mysql_query("SELECT * FROM `servers` WHERE {$name_where} AND `disabled` = 0");
?>
$term = filter_var($term, FILTER_SANITIZE_STRING);
Maybe try someting like this:
$term = filter_var($term, FILTER_SANITIZE_STRING);
$term = filter_var($term, FILTER_SANITIZE_FULL_SPECIAL_CHARS);
Theres a lot of filters with which you can filter like everything out.
The advantage of filter_var() is that you can control the behaviour by, for example, stripping or encoding low and high characters.
Here is a list of filters: Filters
You can also filter_input to get external variables and optionally filter them.
<?php
// FILTER_SANITIZE_SPECIAL_CHARS filter HTML-escapes special characters
$term = filter_input(INPUT_GET, 'term', FILTER_SANITIZE_SPECIAL_CHARS);
// FILTER_SANITIZE_STRING strips or encodes unwanted characters
$term = filter_input(INPUT_GET, 'term', FILTER_SANITIZE_STRING);
Closed. This question needs details or clarity. It is not currently accepting answers.
Want to improve this question? Add details and clarify the problem by editing this post.
Closed 8 years ago.
Improve this question
I'm in trouble with a simple php foreach wich attribute classes (odd / even) to divs. I think i have a synthax error because it works but the loop is not ended (Uncaught RangeError: Maximum call stack size exceeded in console :
<?php
$count = 0;
foreach( $this->boutiques_details as $key => $value){
if ($value->ville == $this->ville) {
echo '<div data-lng="$this->escape($value->longitude)" data-lat=" $this->escape($value->latitude)" class="' . (++$count%2 ? "shop odd" : "shop even") . '">';
?>
<p><b><?php echo $this->escape($value->ville)?></b></p>
<p><?php echo $this->escape($value->quartier)?></p>
<p><?php echo $this->escape($value->adresse)?></p>
<p><?php echo $this->escape($value->num_contact_1)?></p>
</div>
<?php
}
}
?>
Thanks for help!
You have some PHP code in the string you're trying to echo, but it's not being evaluated by PHP because it's inside the string:
echo '<div data-lng="$this->escape($value->longitude)" data-lat="$this->escape($value->latitude)" class="' . (++$count%2 ? "shop odd" : "shop even") . '">';
Replace the above with the following:
echo '<div data-lng="' . $this->escape($value->longitude) . '" data-lat="' . $this->escape($value->latitude) . '" class="' . (++$count%2 ? "shop odd" : "shop even") . '">';
This way, the PHP parts (such as $this->escape($value->longitude)) will be recognized by PHP, and their results will be inserted in the string you are echoing.
Because you were echoing the PHP parts directly, javascript (jQuery) probably recognized the dollar sign ($), tried to do something with it but didn't know how, and failed.