Jump to content

tracy

Members
  • Posts

    177
  • Joined

  • Last visited

    Never

Posts posted by tracy

  1. Since I took them out, any thoughts on the new errors...

    The delete works fine.  But when I try to edit, I get these errors...

    Warning: require(config.php) [function.require]: failed to open stream: No such file or directory in /home/inv/public_html/update.php on line 4

    Warning: require(config.php) [function.require]: failed to open stream: No such file or directory in /home/inv/public_html/update.php on line 4

    Fatal error: require() [function.require]: Failed opening required 'config.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/inv/public_html/update.php on line 4
  2. Here's the reason I took out lines three and four...

    Warning: require(config.php) [function.require]: failed to open stream: No such file or directory in /home/inv/public_html/NEWWORKINGTESTEDIT.php on line 3

    Warning: require(config.php) [function.require]: failed to open stream: No such file or directory in /home/inv/public_html/NEWWORKINGTESTEDIT.php on line 3

    Fatal error: require() [function.require]: Failed opening required 'config.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/inv/public_html/NEWWORKINGTESTEDIT.php on line 3

    These happen when the lines are there...
    I also noticed they are not in the original php script that works, using get, not post...
  3. What are lines 3 and 4? 

    I took them out because they were causing errors.  The delete works fine.  But when I try to edit, I get these errors...

    Warning: require(config.php) [function.require]: failed to open stream: No such file or directory in /home/inv/public_html/update.php on line 4

    Warning: require(config.php) [function.require]: failed to open stream: No such file or directory in /home/inv/public_html/update.php on line 4

    Fatal error: require() [function.require]: Failed opening required 'config.php' (include_path='.:/usr/lib/php:/usr/local/lib/php') in /home/inv/public_html/update.php on line 4

    [quote author=craygo link=topic=117718.msg483328#msg483328 date=1165936867]
    OK reason why is you probably forgot to make the form method POST instead of GET

    Here is a modified script for both pages. Like before please check the spelling and case of field names. I also added some comments for the stock field. I was not sure of you wanted to be able to modify the stock number. So this code defaults to NO. but there are notes to change it.

    stockmanage.php
    [code]<?php
    // include ("link.php");
    require('config.php');
    include('includes/mysql.php');
    // Check to see if the edit button was pressed
    if(isset($_POST['edit'])){
    // start your array of id's
    $ids = array();
    // fill your array with the id's selected
        foreach($_POST['stockid'] as $id){
        $ids[] = $id;
        }
    // start your form
    echo "<form name=edit action=\"update.php\" method=POST>";
    // Loop through the id's. query database to get infor for each id
      foreach($ids as $stockid){
      $sql = "SELECT * FROM inventory WHERE id = $stockid";
      $res = mysql_query($sql) or die (mysql_error());
      $i=0;
      $r = mysql_fetch_array($res);
    // print the form for each id
      echo "<table width=500 align=center>";
      echo "<tr><td colspan=2 align=center><font color=red size=4><b>Now editing Stock# ".$r['stock']."</b></font></td></tr>";
        while($i < mysql_num_fields($res)){
        $meta = mysql_fetch_field($res, $i);
          /*****************
          If you would like to modify the stock number, remove **** && $meta->name <> "stock"  **** below
          ******************/
          if($meta->name <> "id" && $meta->name <> "stock"){
          echo "<input type=hidden name=stockid[".$r['id']."] value=\"".$r['id']."\">";
          print '<tr>
                 <td width=150>'.$meta->name.'</td>
                 <td width=350><input type=text size=50 name="'.$meta->name.'['.$r['id'].']" value="'.$r[$i].'"></td>
                 </tr>';
          }
        $i++;
        }
      echo "<hr>";
      }
      print '<tr>
             <td colspan=2 align=center><input type=submit value=Change></td>
             </tr>
             </table>
             </form>';
    } else {
    // check to see if the delete button has been pressed
      if(isset($_POST['del'])){
      // Start array of id's
      $ids = array();
      // Fill array with values
      foreach($_POST['stockid'] as $id){
      $ids[] = $id;
      }
      // Loop through array and delete each id
      foreach($ids as $stockid){
      $sql = "DELETE FROM inventory WHERE id = $stockid";
      $res = mysql_query($sql) or die (mysql_error());
        if(!$res){
        echo "Could not DELETE stock# $stockid<br>SQL: $sql<br> Error: ".mysql_error();
        } else {
        echo "Stock# $stockid Sucessfully deleted<br>";
        }
      }
      echo "Click <a href=\"stockmanage.php\">HERE</a> To return to stock list</p>";
    } else {
    // If nothing has been pressed show list of stock items
      if($query= mysql_query("SELECT * FROM inventory")){
      $num = mysql_num_rows($query);
      } else {
      die('There was an error with the query:'.mysql_error());
      }
      if ($num == '0') {
      echo "Nothing Exist.";
      die();
    } else {
    ?>
    <form action="" method=POST>
    <table border="0" cellspacing="2" cellpadding="2">
    <tr>
    <td><font face=Arial>Stock#</font>
    </td>
    <td><font face=Arial>Year</font>
    </td>
    <td><font face=Arial>Make</font>
    </td>
    <td><font face=Arial>Model</font>
    </td>
    <td><font face=Arial>Price</font>
    </td>
    <td><font face=Arial>Miles</font>
    </td>
    <td><font face=Arial>Photo</font>
    </td>
    <td><font face=Arial>Select</font>
    </td>
    </tr>
    <?
    $bgcolor = "FFFFFF";
    while ($info = mysql_fetch_array($query)) {
    $id = $info['id']; // Put your id field here!!!
    $stock = $info['stock'];
    $year = $info['year'];
    $make = $info['make'];
    $model = $info['model'];
    $price = $info['price'];
    $miles = $info['miles'];
    $photo1 = $info['photo1'];
    // Alternate row color
    if ($bgcolor == "#E0E0E0"){
      $bgcolor = "#FFFFFF";
    } else {
      $bgcolor = "#E0E0E0";
    }
    echo ("
    <tr bgcolor=$bgcolor>
    <td> <font face=Arial>$stock</font>
    </td>
    <td> <font face=Arial>$year</font>
    </td>
    <td> <font face=Arial>$make</font>
    </td>
    <td> <font face=Arial>$model</font>
    </td>
    <td> <font face=Arial>$price</font>
    </td>
    <td> <font face=Arial>$miles</font>
    </td>
    <td> <font face=Arial>$photo1</font>
    </td>
    <td colspan=2 align=center><input type=checkbox name=stockid[] value=$id>
    </td>
    </tr>
    ");
    }
    echo "<tr>
    <td align=center colspan=8><input type=Submit name=edit value=Edit>&nbsp;&nbsp;&nbsp;<input type=Submit name=del onclick=\"return confirm('Are you sure you wish to delete the selected item(s)?');\" value=Delete>
    </td>
    <tr>
    </table>
    </form>";
    }
    }
    }
    ?>[/code]

    update.php
    [code]<?php
    echo "<p align=center>";
    // Connect to mysql
    require('config.php');
    include('includes/mysql.php');
    foreach($_POST['stockid'] as $val){
    //$stock = $_POST['stock'][$val];
    $year = $_POST['year'][$val];
    $make = $_POST['make'][$val];
    $model = $_POST['model'][$val];
    $price = $_POST['price'][$val];
    $miles = $_POST['miles'][$val];
    $photo1 = $_POST['photo1'][$val];
    /****************************
    If you want to be able to modify the stock number add **** stock = '".$stock."', **** below
    and uncomment the $stock variable above.
    *****************************/
    $sql = "UPDATE inventory SET
            year = '".$year."',
            make = '".$make."',
            model = '".$model."',
            price = '".$price."',
            miles = '".$miles."',
            photo1 = '".$photo1."' WHERE id = '".$val."'";
    $res = mysql_query($sql);
      if(!$res){
      echo "Could not update stock# $stock<br>SQL: $sql<br> Error: ".mysql_error();
      } else {
      echo "Stock# $stock Sucessfully updated<br>";
      }
    }
    echo "Click <a href=\"stockmanage.php\">HERE</a> To return to stock list</p>";
    ?>[/code]

    Let me know how you make out
    Ray
    [/quote]
  4. I replaced all the $_GET with $_POST and it shows a table with no data...any thoughts?  This is a security effort only.  I'm just trying to go back and make the code more secure.  If I need to start a new thread I will.  Thanks again for all your help.



    [quote author=craygo link=topic=117718.msg482898#msg482898 date=1165867443]
    Well since your query is now based on a number and not a string. I do not think you will have a problem. If you like you can change everything from $_GET to $_POST and that way no information will be passed through the url. Simple security thing for basic users. There are no queries now that look for any type of string. the delete and update queries are based on the id field now. I would probably change it from $_GET to $_POST since someone could substitute the id in the url and delete other rows.

    Ray


    [/quote]
  5. One quick question...

    I was informed recently (perhaps by you) that I can only enter TEXT via the html form (that I am using to get the data into the mysql database).  Is there any way to add some security (EASILY--SIMPLY) at that level...at the input level of the html form or the corresponding php post commands?

    I thought about the real escape string...

    Of course, that page is password protected anyway, but any php attack prevention is an additional help.  Thanks again.



  6. I can do it with phpmyadmin, no problem.  I typically call that field 'id' (short for identifier)...

    Do you need me to do this first or can you demo the code now that you know the name...I will make the other data regarding this field per your instructions above...thanks...
  7. That might be a big part that is messing up my efforts...the auto increment.  The stock number is not auto incremented.  It is uniquely assigned by the dealer.  There is no way to auto incr that...however, the stock number is the main id number for each piece of inventory, so I must use it. 

    If there is a way to associated it with a hidden auto incremented number, fine by me...
    Will the table/php work fine without an auto incr. number?

    Thanks.
  8. I agree, I have some talented people helping me.  I am very interested in the hyperlinks to the edit/delete pages you mentioned.  Could you demonstrate that using my table?  I have trouble getting the hyperlink associated with the actual data for that line of the table...
  9. I mean I have tried it over and over and I can't get it to work...I have posted the table here, in the very first post.  If you feel you can show me how to include a check box in the far right column that selects the stock number of that row when a check box or radio button is present, and then present the contents of that row on a separate php page for editing or deletion, I'd be glad to see your code for that, upload it and see if I can get it to update my mysql table. 

    Again, I have tried for about a month now and just have a problem getting it to work...suggestions are appreciated, as I am new to php.

    [quote author=simcoweb link=topic=114849.msg482759#msg482759 date=1165855966]
    What do you mean you can't do it with a form in HTML? Is the 'action= ' tag pointing to a script that will perform the INSERT function into your database?
    [/quote]
  10. I think we're close on your method-to getting it to work for me.  Any further help is appreciated.  Sorry I don't have more info regarding the error, just what I posted.

    [quote author=craygo link=topic=117718.msg482167#msg482167 date=1165767929]
    Not sure if all the fields I used are the same as yours. Check for spelling and case. Let me know. Also if you could give the entire error and the line it is on.

    Ray
    [/quote]
  11. would it be possible for you to demonstrate, using the code I supplied for the table, exactly what your suggestion should look like in php?  I tried it but fell painfully short...it was simply a mess...I'd like to see your way work and compare it to the checkbox method...

    If it's too much trouble, fine.  Thanks for all your help so far...

    [quote author=obsidian link=topic=117718.msg480482#msg480482 date=1165500180]
    Well, when you pass a value through [b]post[/b] (such as a form), you can use the $_POST variable to access it on your corresponding page. In the example of my "edit" links, you are passing the variable through the URL, and therefor, you can access it via the $_GET variable. Since my "edit" link passes ?id=$info['stock'] through the URL, I can then access that variable on the edit.php page like this:
    [code]
    <?php
    $stock = $_GET['id'];
    $sql = mysql_query("SELECT * FROM inventory WHERE stock = '$stock'");
    ?>
    [/code]

    As far as the delete links go, I like to put a little javascript confirmation in the mix so that you don't [i]accidentally[/i] remove an inventory item. In this case, your page would alter slightly from my first recommendation:
    [code]
    <?php
    // This would be how to process a delete LINK as opposed to the form as mentioned before
    if (isset($_GET['del'])) {
      $sql = "DELETE FROM inventory WHERE stock = '$_GET[del]'";
      mysql_query($sql);
    }

    // Instead of the form and checkboxes, you simply would add this link to the end of your row:
    echo "<td><a href=\"?del=$info[stock]\" onclick=\"return confirm('Are you sure you wish to delete this item?');\">delete</a></td>\n";
    ?>
    [/code]

    The onclick attribute will give you the nice little popup confirmation before deleting an entry.

    Hope this helps ;)
    [/quote]
  12. ok guys...here is the new code...it says unexpected $end on line 74...I can't figure it out. 

    <?php
    // First, somewhere in the header of your page (usually the first logic of any), you want to check
    // and see if the "Delete" button has been pressed and process accordingly
    if (isset($_POST['del']) && count($_POST['del']) > 0) {
      // Run a query to delete all selected records
      $sql = "DELETE FROM inventory WHERE id IN ('" . implode(',', $_POST['del']) . "')";
      mysql_query($sql);
    }

    include ("link.php");

    if($query= mysql_query("SELECT * FROM inventory"))
    {
      $num = mysql_num_rows($query); 
    }else
    {
      die('There was an error with the query:
    '.mysql_error());


    if ($num == '0') {
    echo "Nothing Exist.";
    die();
    }
    else {

    ?>

    // Second, before your table starts, you'll want to start a form for your checkboxes:
    echo "<form name=\"deleteForm\" action=\"\" method=\"post\">\n";

    <table border="0" cellspacing="2" cellpadding="2">
    <tr>
    // Assuming you are already within the confines of your table:
    while ($info = mysql_fetch_array($query)) {
      echo "<td>$info[stock]</td>\n";
      echo "<td>$info[year]</td>\n";
      echo "<td>$info[make]</td>\n";
      echo "<td>$info[model]</td>\n";
      echo "<td>$info[price]</td>\n";
      echo "<td>$info[miles]</td>\n";
      echo "<td>$info[photo1]</td>\n";
     
      // Here is your added checkbox. The value is assuming you have an "ID" column in your inventory table
      // to uniquely identify your records
      echo "<td><input type=\"checkbox\" name=\"del\" value=\"$info[id]\" /></td>\n";
    }

    // You must also add a submit button (I usually label mine according to its function):
    echo "<tr><td colspan=\"8\"><input type=\"submit\" name=\"submit\" value=\"Delete Selected\" /></td></tr>\n";
    <td><font face=Arial>Stock#</font>
    </td>
    <td><font face=Arial>Year</font>
    </td>
    <td><font face=Arial>Make</font>
    </td>
    <td><font face=Arial>Model</font>
    </td>
    <td><font face=Arial>Price</font>
    </td>
    <td><font face=Arial>Miles</font>
    </td>
    <td><font face=Arial>Photo</font>
    </td>
    </tr>

    <?
    ");
    }
    ?>
    </table>
    <?
    }
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.