CloudBreaker

I have to unlearn some of the bad habits I have learned from all these online classes then. Until I correct these bad habits, you can label me "the town idiot". Jacques1, I use prepared statements now, and you are the one that suggested I always do so to avoid SQL injections, so I'm not a total loss... and its not that I don't care, its because I'm having a hard time wrapping my head around a certain concept.

I would use these lines so the I'd would not show up in the browser. // redirect user after delete is successful header("Location: view.php"); } else // if the 'id' variable isn't set, redirect the user { header("Location: view.php"); } I do use session variables. I was just trying to focus on the deleting a record. you have to use $_GET['id']; if you're passing and I'd to another page... <?php // connect to the database include('connect-db.php'); // confirm that the 'id' variable has been set if (isset($_GET['id']) && is_numeric($_GET['id'])) { // get the 'id' variable from the URL $id = $_GET['id']; // delete record from database if ($stmt = $mysqli->prepare("DELETE FROM players WHERE id = ? LIMIT 1")) { $stmt->bind_param("i",$id); $stmt->execute(); $stmt->close(); } else { echo "ERROR: could not prepare SQL statement."; } $mysqli->close(); // redirect user after delete is successful header("Location: view.php"); } else // if the 'id' variable isn't set, redirect the user { header("Location: view.php"); } ?>

I don't know if "child IDs" is the right terminology, but my head wrapped around the logic. For a hypothetical example: I have a table called "salesmen" with fields for names etc., and all the names would have associated ids. I have another table called "sales" and that table would contain information of all the sales particular to the specific salesmen. Each one of those sales would have their own ID (which would be different from the salespersons ID because one person would have multiple sales.) Let say there was a mistake and a sale had to be deleted from the "sales" table. As you navigate through the webpage you'd be passing the ID of that particular sales person (http://localhost/salesperson.php?id=15) 15 being that sales person's ID. All the sales for this individual is listed in a table (on the web page) and there is a column with a "Delete" link in every row for that sale. The problem is I've already retrieved the ID from the previous URL (which is 15, the salesperson's ID), and I can't use the typical method to pass the sale ID from the sales table to be deleted..... <td><a href="admin_subfile_delete.php?id=<?php echo $id;?>" onclick="return confirm('Are you sure that you want to delete this sale?');">Delete</a></td> With the above line, I'd be deleting the salesperson, which is no good => (http://localhost/hsa/salesperson_delete.php?id=15). I've tried the following clip of code for a test...but it just doesn't work. (primary_id is that particular sale's ID). Maybe I'm going about this all wrong... // connect to the database include('dbconfig.php'); // confirm that the 'id' variable has been set if (isset($_GET['id']) && is_numeric($_GET['id'])) { // get the 'id' variable from the URL $id = $_GET['id']; // get the records from the database if ($result = $mysqli->query("SELECT * FROM sales ORDER BY primary_id")) { // delete record from database if ($stmt = $mysqli->prepare("DELETE FROM sales WHERE primary_id = ? LIMIT 1")) { $stmt->bind_param("i",$row->primary_id); $stmt->execute(); $stmt->close();

Simply put, I have projects, (each with their unique ID). Each of these projects have multiple files uploaded to them (each of these file have there own IDs along with their own table - submittal_files. Typically, if I'm going delete a record from a table I'll do something like this inside a table data tag... <a href="submittal-view.php?delete=<?php echo $id;?>"onclick="return confirm('Are you sure you want to delete this file?');">Delete</a> Then something like this... if(isset(GET_['delete'])){ $delete_id = GET_['delete']; mysqli_query($conn, "DELETE FROM whatevertable WHERE file_id = '$delete_id'"); } The problem is the file I want deleted does not have the same id as the project id and I need to also pass the project ID as well. I've tried this with no luck... <a href="submittal-view.php?id=<?php echo $id;?>delete=<?php echo primary_id;?> "onclick="return confirm('Are you sure you want to delete this file?');">Delete</a> ("primary_id" is the id to that particular file). The code I have below does not have any errors, because it's not attempting to delete a file row in the table yet. Line 92 is the line I'm having trouble with. I'm still a beginner, so go easy on me. CB <?php include_once 'dbconfig.php'; ?> <?php session_start(); if(!$_SESSION['user_loginName']){ header("location: index.php"); } else { $project_id=$_SESSION['project_id']; if(isset($_GET['id']) && is_numeric($_GET['id'])){ $edit_id = $_GET['id']; //grab discipline $name = $_SESSION['firstName']; $sel = "SELECT * FROM hsa_users WHERE user_firstName='$name'"; $run = mysqli_query($conn, $sel); $row=mysqli_fetch_array($run);{ $discipline = $row['user_discipline']; //End of grab discipline } //grab submittal No. $s = "SELECT * FROM submittals WHERE id='$edit_id'"; //note...it doesn't have to be $sql everytime. $run = mysqli_query($conn, $s); $row=mysqli_fetch_array($run);{ $sub_number = $row['sub_number']; } //end of grab submittal No. $result = mysqli_query($conn,"SELECT * FROM submittal_files WHERE no=$edit_id"); while($row = mysqli_fetch_array($result, MYSQLI_ASSOC)){ $primary_id =$row['primary_id']; $id =$row['no']; } } ?> <!DOCTYPE html> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <title>Upload Files</title> <link rel="stylesheet" href="rfi-style.css" type="text/css" /> </head> <body> <div id="header"> <label>Submittal No. <?php echo $sub_number;?> File Uploads (<?php echo $_SESSION['projName'];?>) </label> </div> <div id="body"> <table width="80%" border="1"> <tr> <th colspan="6">your uploads...<label><a href="submittal-files.php?id=<?php echo $edit_id;?>">upload new files...</a></label></th> </tr> <tr> <td>File Name</td> <td>File Type</td> <td>File Size(KB)</td> <td>View</td> <td>Uploaded By</td> <td>Action</td/> </tr> <?php $i=1; $sql="SELECT * FROM submittal_files WHERE no=$edit_id"; $result_set=mysqli_query($conn,$sql); while($row=mysqli_fetch_array($result_set)) { ?> <tr> <td><?php echo $row['file'] ?></td> <td><?php echo $row['type'] ?></td> <td><?php echo $row['size'] ?></td> <td><a href="submittal_files/<?php echo $row['file'] ?>" target="_blank">view file</a></td> <td><?php echo $row['uploaded_by']?></td> <td> <a href="submittal-view.php?id=<?php echo $id;?>"onclick="return confirm('Are you sure you want to delete this file?');">Delete</a> </td> </tr> <?php } ?> </table> </div> </body> </html> <?php } ?>

Yes mac_gyver i did try to find out why I was getting errors. I have not been at my computer for awhile because I had a family member pass away and I just did not have recall did when I was trying to code every day after work. I before I took a break I created a nice file management system that associates files with each rfi or submittal in the user has the need. I just need to get back into things. I feel like I forgot a lot. CB

My apologies...here are the warnings: ! ) Notice: Undefined variable: user_firstName in B:\Programs\wamp\www\hsa\edit_user.php on line 91 ( ! ) Notice: Undefined variable: user_lastName in B:\Programs\wamp\www\hsa\edit_user.php on line98 Call Stack #TimeMemoryFunctionLocation 10.0017266664{main}( )..\edit_user.php:0 "/> ( ! ) Notice: Undefined variable: user_company in B:\Programs\wamp\www\hsa\edit_user.php on line 105 Call Stack #TimeMemoryFunctionLocation 10.0017266664{main}( )..\edit_user.php:0 "/> ( ! ) Notice: Undefined variable: user_email in B:\Programs\wamp\www\hsa\edit_user.php on line 129 Call Stack #TimeMemoryFunctionLocation 10.0017266664{main}( )..\edit_user.php:0 "/> ( ! ) Notice: Undefined variable: user_loginName in B:\Programs\wamp\www\hsa\edit_user.php on line 136 Call Stack #TimeMemoryFunctionLocation 10.0017266664{main}( )..\edit_user.php:0 "/> ! ) Notice: Undefined variable: user_pass in B:\Programs\wamp\www\hsa\edit_user.php on line 143 Call Stack #TimeMemoryFunctionLocation 10.0017266664{main}( )..\edit_user.php:0 " required="required"/> Table structure: https://drive.google.com/file/d/0B06KJO0YEuzxcjhIN1pwQWZ6XzA/view?usp=sharing ( ! ) Notice: Undefined index: user_discipline in B:\Programs\wamp\www\hsa\edit_user.php on line 179 ( ! ) Notice: Undefined index: email_alerts in B:\Programs\wamp\www\hsa\edit_user.php on line 183 ( ! ) Notice: Undefined variable: id in B:\Programs\wamp\www\hsa\edit_user.php on line 187

Not sure what I'm missing here. I a very similar script updating fields with no problems. The data is being called from the database without any errors, but as soon as I hit submit whether or not I update a field or not I get a couple of undefined variables. Did I misplace a curly bracket? thanks, CB <?php // Connect to MySQL $conn = mysqli_connect("localhost","root","","hsa_project_hub"); session_start(); if(!$_SESSION['admin_login']){ header("location: admin_login.php"); } else { // Grab user id from admin_userList.php and pull user info from database if(isset($_GET['id']) && is_numeric($_GET['id'])){ $edit_id=$_GET['id']; $sql = "select * from hsa_users where id='$edit_id'"; $result=mysqli_query($conn,$sql); $row=mysqli_fetch_assoc($result); $run = mysqli_query($conn,$sql); $row=mysqli_fetch_array($run); $id =$row['id']; $user_firstName =$row['user_firstName']; $user_lastName =$row['user_lastName']; $user_company =$row['user_company']; $user_discipline =$row['user_discipline']; $user_email =$row['user_email']; $user_loginName =$row['user_loginName']; $user_pass =$row['user_pass']; $email_alerts =$row['email_alerts']; } ?> <!DOCTYPE HTML> <html> <head> <title>Project Hub New User</title> <link href="hsastyle.css" rel="stylesheet"> </head> <body> <div id="main_container"> <p><em>version 1.0 beta</em></p> <div id="banner"> <div id="logo"> <img src="images/hsa-logo.jpg" alt=HSA logo> </div> <a href = "admin.php"> <H2><em>Admin Panel</em></h2> <H5><a href="adminLogout.php">Log Out</a></H5> <H6>Welcome <?php echo $_SESSION['admin_login'];?> </a> </div> <!--End Banner--> <!--form for adding users--> <h1 align="center">Edit User</h1> <form action="edit_user.php" method="post"> <table align="center" bgcolor="d8d8d8" width="960"> <tr align="center"> </tr> <tr> <td align="right"><strong>First Name:</strong></td> <td> <input type="text" name="user_firstName" value="<?php echo $user_firstName;?>"/> </td> </tr> <tr> <td align="right"><strong>Last Name:</strong></td> <td> <input type="text" name="user_lastName" value="<?php echo $user_lastName;?>"/> </td> </tr> <tr> <td align="right"><strong>Company:</strong></td> <td> <input type="text" name="user_company" value="<?php echo $user_company;?>"/> </td> </tr> <tr> <td align="right"><strong>Discipline:</strong></td> <td> <select name="discipline"> <option><?php echo $user_discipline;?></option> <option>Architect</option> <option>General Contractor</option> <option>Owner</option> <option>Structural Engineer</option> <option>MEP Engineer</option> <option>Civil Engineer</option> <option>Landscape Architect</option> <option>Developer</option> </select> </td> </tr> <tr> <td align="right"><strong>Email:</strong></td> <td> <input type="email" name="user_email" value="<?php echo $user_email;?>"/> </td> </tr> <tr> <td align="right"><strong>Log In Name:</strong></td> <td> <input type="text" name="user_loginName" value="<?php echo $user_loginName;?>"/> </td> </tr> <tr> <td align="right"><strong>Password:</strong></td> <td> <input type="text" name="user_pass" value="<?php echo $user_pass;?>" required="required"/> </td> </tr> <tr> <td align="right"><strong>Email Alerts:</strong></td> <td><br> <input type="radio" name="email_alerts" value="yes">Yes<br> <input type="radio" name="email_alerts" value="no">No </td> </tr> <tr align="left"> <td colspan="6"> <input type="submit" name="update" value="Update"/> </td> </tr> </table> </form> <?php //getting the text information and saving in local variables if(isset($_POST['update'])){ $user_firstName =mysqli_real_escape_string($conn,$_POST['user_firstName']); $user_lastName =mysqli_real_escape_string($conn,$_POST['user_lastName']); $user_company =mysqli_real_escape_string($conn,$_POST['user_company']); $user_discipline =mysqli_real_escape_string($conn,$_POST['user_discipline']); $user_email =mysqli_real_escape_string($conn,$_POST['user_email']); $user_loginName =mysqli_real_escape_string($conn,$_POST['user_loginName']); $user_pass =mysqli_real_escape_string($conn,$_POST['user_pass']); $email_alerts =mysqli_real_escape_string($conn,$_POST['email_alerts']); $update = "UPDATE hsa_users SET `user_firstName`='$user_firstName', `user_lastName`='$user_lastName', `user_company`='$user_company', `user_discipline`='$user_discipline', `user_email`='$user_email', `user_loginName`='$user_loginName', `user_pass`='$user_pass', `email_alerts`='$email_alerts' WHERE id=$id"; $run_update = mysqli_query($conn, $update); if($run_update){ echo "<script>alert('User has been successfully updated.')</script>"; echo "<script>window.open('admin_userlist.php','_self')</script>"; } } ?> </div> <!--End main container--> </body> </html> <?php } ?>

I incidentally imported an older database...thanks.

Had this working fine for weeks, then I come back and I get a warning. There's a chance I could have "fat-fingered" something in the code...but I've gone through line by line and haven't found anything. Maybe I'm looking to hard... Warning: mysqli_fetch_assoc() expects parameter 1 to be mysqli_result, boolean given in B:\Programs\wamp\www\hsa\rfi_list.php on line 29 thanks, CB <?php $conn = mysqli_connect("localhost","root","","hsa_project_hub"); session_start(); if(!$_SESSION['user_loginName']){ header("location: index.php"); } else { ?> <?php //assign project ID value to local variable $project_id=$_SESSION['project_id']; $sql = "SELECT rfis.no,rfis.name,rfis.subject,rfis.issued_by,rfis.date_submit,rfis.needed_by,rfis.answered_by,rfis.date_returned,rfis.status\n" . "FROM projects,rfis\n" . "WHERE projects.project_id=rfis.id\n" . "AND project_id=$project_id"; $result=mysqli_query($conn,$sql); $row=mysqli_fetch_assoc($result); $run = mysqli_query($conn, $sql); $i=0; ?> <!DOCTYPE HTML> <html> <head> <title>RFI List</title> <link href="hsastyle.css" rel="stylesheet"> </head> <body> <div id="main_container"> <p><em>version 1.0 beta</em></p> <div id="banner"> <div id="logo"> <img src="images/hsa-logo.jpg" alt=HSA logo> </div> <div id="logout"><H5><a href="logout.php">Log Out</a></H5></div> <div id="welcome"><h6>Welcome <?php echo $_SESSION['firstName'];?></h6></div> <div id="project_name"> <strong><em><?php echo $_SESSION['projName']?></em></strong> </div> </div> <!--End Banner--> <div id="create"> <FORM> <INPUT Type="BUTTON" Value="Create New RFI" Onclick="window.location.href='new_rfi.php'"> </FORM> </div> <div id="user_list"> <FORM> <INPUT Type="BUTTON" Value="Back to Projects" Onclick="window.location.href='main.php'"> </FORM> </div> <div class="CSSTableGenerator" > <table align="center"> <tr align="center"> <th>RFI No.</th> <th>Subject</th> <th>Issued by:</th> <th>Date Submitted</th> <th>Needed by:</th> <th>Answered by:</th> <th>Date Returned</th> <th>Status</th> </tr> <?php //assign values to local variables while($row=mysqli_fetch_array($run)){ $rfi_id =$row["no"]; $rfiName =$row["name"]; $subject =$row["subject"]; $issued_by =$row["issued_by"]; $date_submit =$row["date_submit"]; $needed_by =$row["needed_by"]; $answered_by =$row["answered_by"]; $date_returned =$row["date_returned"]; $status =$row["status"]; $i++; ?> <tr align="center"> <td><a href="edit_rfi.php?id=<?php echo $rfi_id;?>"><?php echo $rfiName;?></a></td> <td><?php echo $subject;?></td> <td><?php echo $issued_by;?></td> <td><?php echo $date_submit;?></td> <td><?php echo $needed_by;?></td> <td><?php echo $answered_by;?></td> <td><?php echo $date_returned;?></td> <td><?php echo $status;?></td> </tr> <?php } ?> </table> </div><!-- end of table style </div> <!--End main container--> <!--<p id="copy_right">Heitkamp Swift Architects © 2015</p>--> </body> </html> <?php } ?>

scootstah, I think this works... I'm not getting any on the local host. I'll have to test it on a web server. <!DOCTYPE html> <?php $conn = mysqli_connect("localhost","root","","hsa_project_hub"); $project_id = 215016; $Project_name = "MD Anderson"; $sql = "SELECT * FROM user_project WHERE project_id='$project_id'"; $result=mysqli_query($conn,$sql); $i=0; ?> <html> <body> <style> table, th, td { border: 1px solid black; border-collapse: collapse; } th, td { padding: 3px; text-align: left; } </style> <form id="Email" name="Email" method="post" action="checkbox2.php" enctype="multipart/form-data"><br> <table align="center"> <tr align="center"> <th>First Name</th> <th>Last Name</th> <th>Discipline</th> <th>Email</th> </tr> <?php $run = mysqli_query($conn, $sql); while($row=mysqli_fetch_array($run)){ $firstName =$row["first_name"]; $lastName =$row["last_name"]; $discipline =$row["user_discipline"]; $email =$row["user_email"]; $i++; ?> <tr align="center"> <td> <input type='checkbox' name='mail[]' value="<?php echo $row['id']; ?>" checked> <?php echo $firstName;?> </td> <td><?php echo $lastName;?></td> <td><?php echo $discipline;?></td> <td><?php echo $email;?></td> </tr> <?php } ?> </table> </form> <?php if (!empty($_POST['mail'])) { $ids = array_map('intval', array_values($_POST['mail'])); $sql = "SELECT FROM user_project WHERE project_id='$project_id' AND id IN(implode(',', $ids))"; $result=mysqli_query($conn,$sql); $to = array(); while ($row = mysqli_fetch_assoc($result)) { $to[] = $row['user_email']; } mail(implode(', ', $to), $subject, $message, $headers); } ?> <input name="send_emails" type="submit"> </body> </html>

Forget what I have up above...Still having some issues... <!DOCTYPE html> <?php $conn = mysqli_connect("localhost","root","","hsa_project_hub"); $project_id = 215016; $Project_name = "MD Anderson"; $sql = "SELECT * FROM user_project WHERE project_id='$project_id'"; $result=mysqli_query($conn,$sql); $i=0; ?> <?php if (isset($POST['send_emails'])) { if (isset($_POST['mail'])) { $strMail = implode(",",$_POST['mail']); } else { $strMail = ""; } echo "The choose emails are: " . $strMail; exit(); } ?> <html> <body> <style> table, th, td { border: 1px solid black; border-collapse: collapse; } th, td { padding: 3px; text-align: left; } </style> <form id="Email" name="Email" method="post" action="checkbox2.php" enctype="multipart/form-data"><br> <table align="center"> <tr align="center"> <th>First Name</th> <th>Last Name</th> <th>Discipline</th> <th>Email</th> </tr> <?php //$strMail = implode(";",$row['user_email']); $run = mysqli_query($conn, $sql); while($row=mysqli_fetch_array($run)){ $firstName =$row["first_name"]; $lastName =$row["last_name"]; $discipline =$row["user_discipline"]; $email =$row["user_email"]; $i++; ?> <tr align="center"> <td> <input type='checkbox' name='mail[]' checked> <?php echo $firstName;?> </td> <td><?php echo $lastName;?></td> <td><?php echo $discipline;?></td> <td><?php echo $email;?></td> </tr> <?php } ?> </table> </form> <?php $run = mysqli_query($conn, $sql); while($row=mysqli_fetch_array($run)){ $firstName =$row["first_name"]; $lastName =$row["last_name"]; $discipline =$row["user_discipline"]; $email =$row["user_email"]; $i++; $strMail = array($row['user_email']); } $to = "$strMail"; $subject = "action required on HeitkampSwift Project Hub"; $message = "Action is require for $project_id"; $headers = "From: webmaster@webmaster.com"; mail($to, $subject, $message, $headers); ?> <input name="send_emails" type="submit"> </body> </html>

I'm getting close (I think). The problem is that I can't figure out why my imploded value $strMail with not echo. <!DOCTYPE html> <?php $conn = mysqli_connect("localhost","root","","hsa_project_hub"); $project_id = 215016; $Project_name = "MD Anderson"; if (isset($_POST['send_emails'])) { if(isset($POST['user_email'])) { $strMail = implode(";",$_POST['user_email']); $to = "$strMail"; $subject = "action required on HeitkampSwift Project Hub"; $message = "Action is require for $project_id"; $headers = "From: webmaster@webmaster.com"; mail($to, $subject, $message, $headers); } else { $strMail = ""; } echo "Selected emails are: " . $strMail; } ?> <form name="email_form" action="checkbox2.php" method="post"> <?php $sql = "SELECT * FROM user_project WHERE project_id='$project_id'"; $result=mysqli_query($conn,$sql); echo "<table border='2' align=center > <tr> <th>First Name</th> <th>last Name</th> <th>Discipline</th> <th>Email</th> </tr>"; while($row = mysqli_fetch_array($result)) { echo "<tr>"; echo "<td> <input type='checkbox' name='mail[]' checked>" . $row['first_name'] . "</td>"; echo "<td>" . $row['last_name'] . "</td>"; echo "<td>" . $row['user_discipline'] . "</td>"; echo "<td>" . $row['user_email'] . "</td>"; echo "</tr>"; } echo "</table>"; ?> <input name="send_emails" type="submit"> </form> <html> <body> </body> </html>

Where in my script above would I utilize the the clause? thanks

It looks like that code handles one email using a form. I have a mysql query that takes the proper emails out of the database. Once I get this small script figured out, I'll put it into the larger script which handles questions from a contractor and posts answers to those questions from an architect or engineer (in other words a request for information- RFI). Any part of that RFI is edited by any of the users they will hit "modify" and the form will be submitted (I have all of this coded already) and team members which are pulled from the database (got that working) should receive an email alerting them that there has been some activity on that particular RFI. So, there will be no input from a user. I'm trying to figure out how to get the email address that are pulled from the database into the "To:" line. See attached file. https://drive.google.com/file/d/0B06KJO0YEuzxWFliamQ3OFpfSFk/view?usp=sharing thanks, CB