0

Hey! I am a newbie to php, but very interested in. I am currently on highschool and i am trying to make an appointment SQL table that could be managed, in a simple way, via browser that my sister could use. I was getting some results but then i messed up.. :(
i been smashing my head on this:

<?php

   session_start();
   define('ADMIN_PASS', 'password');
   $mysql_server = '------';
   $mysql_nome = '--------';
   $mysql_password = '---------';
   $mysql_database = '-----------';
   $mysql_table = '----------';
   $admin_password = isset($_COOKIE['admin_password']) ? $_COOKIE['admin_password'] : '';
   if (empty($admin_password))
   {
      if (isset($_POST['admin_password']))
      {
         $admin_password = md5($_POST['admin_password']);
         if ($admin_password == md5(ADMIN_PASS))
         {
            setcookie('admin_password', $admin_password);
         }
      }
   }
   $id = isset($_POST['id']) ? $_POST['id'] : '';
   $action = isset($_REQUEST['action']) ? $_REQUEST['action'] : '';
   $nome = isset($_POST['nome']) ? $_POST['nome'] : '';
   $dia = isset($_POST['dia']) ? $_POST['dia'] : '';
   $email = isset($_POST['email']) ? $_POST['email'] : '';
   $estado = isset($_POST['estado']) ? $_POST['estado'] : 0;
   $telefone = isset($_POST['telefone']) ? $_POST['telefone'] : '';
   $hora = isset($_POST['hora']) ? $_POST['hora'] : '';
   $db = mysql_connect($mysql_server, $mysql_nome, $mysql_password);
   if (!$db)
   {
      die('Failed to connect to database server!<br>'.mysql_error());
   }
   mysql_select_db($mysql_database, $db) or die('Failed to select database<br>'.mysql_error());
   if (!empty($action))
   {
      if ($action == 'delete')
      { 

         $sql = "DELETE FROM `marcacao` WHERE `marcacao`.`id` = `id`";
         mysql_query($sql, $db);
         mysql_close($db);
         header('Location: '.basename(__FILE__));
         exit;
      }
      else
      if ($action == 'update')
      {
         $sql = "UPDATE `".$mysql_table."` SET id = '$id', ";
         if (!empty($_POST['password']))
         {
            $crypt_pass = md5($_POST['password']);
            $sql = $sql . "`password` = '$crypt_pass',";
         }
         $sql = $sql . " `dia` = '$dia', `email` = '$email', `estado` = $estado, `telefone` = '$telefone', `hora` = '$hora', `nome` = '$nome' WHERE `id` = '$id'";
         mysql_query($sql, $db);
         mysql_close($db);
         header('Location: '.basename(__FILE__));
         exit;
      }
      else
      if ($action == 'create')
      {
         $sql = "SELECT id FROM ".$mysql_table." WHERE id = '".$_POST['id']."'";
         $result = mysql_query($sql, $db);
         if ($data = mysql_fetch_array($result))
         {
            echo 'User already exists!';
            exit;
         }
         $crypt_pass = md5($_POST['password']);
         $sql = "INSERT `".$mysql_table."` (`id`, `nome`, `dia`, `hora`, `telefone`, `email`, `estado`) VALUES ('$id', '$nome', '$dia', '$hora', '$email', '$telefone', '$estado')";
         mysql_query($sql, $db);
         mysql_close($db);
         header('Location: '.basename(__FILE__));
         exit;
      }
      else
      if ($action == 'logout')
      {
         session_unset();
         session_destroy();
         setcookie('admin_password', '', time() - 3600);
         header('Location: '.basename(__FILE__));
         exit;
      }
   }
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>User administrator</title>
<style type="text/css">
<!--
p
{
   font-size: 13px;
   font-family: Arial;
   font-weight: normal;
   text-decoration: none;
   color: #000000;
}
th
{
   font-size: 13px;
   font-family: Arial;
   font-weight: normal;
   text-decoration: none;
   background-color: #878787;
   color: #FFFFFF;
   text-align: left;
}
td
{
   font-size: 13px;
   font-family: Arial;
   font-weight: normal;
   text-decoration: none;
   color: #000000;
}
input, select
{
   font-size: 13px;
   font-family: Arial;
   font-weight: normal;
   text-decoration: none;
   color: #000000;
   border:1px #000000 solid;
}
-->
</style>
</head>
<body bgcolor="#FFFFFF" topmargin="0" leftmargin="0" marginwidth="0" marginheight="0">
<?php
   if ($admin_password != md5(ADMIN_PASS))
   {
      echo "<center>\n";
      echo "<p>User administrator login</p>\n";
      echo "<form method=\"post\" action=\"" .basename(__FILE__) . "\">\n";
      echo "<input type=\"password\" name=\"admin_password\" size=\"20\" />\n";
      echo "<input type=\"submit\" value=\"Login\" name=\"submit\" />\n";
      echo "</form>\n";
      echo "</center>\n";
   }
   else
   {
      if (!empty($action))
      {
         if (($action == 'edit') || ($action == 'new'))
         {
            $nome_value = '';
            $dia_value = '';
            $email_value = '';
            $estado_value = '';
            $telefone_value = '';
            $hora_value = '';
            $sql = "SELECT * FROM ".$mysql_table." WHERE id = '".$id."'";
            $result = mysql_query($sql, $db);
            if ($data = mysql_fetch_array($result))
            {
               $id_value = $data['id'];
               $nome_value = $data['nome'];
               $dia_value = $data['dia'];
               $email_value = $data['email'];
               $estado_value = $data['estado'];
               $telefone_value = $data['telefone'];
               $hora_value = $data['hora'];
            }
            echo "<center>\n";
            echo "<form action=\"" . basename(__FILE__) . "\" method=\"post\">\n";
            echo "<table border=\"0\">\n";
            if ($action == 'new')
            {
               echo "<input type=\"hidden\" name=\"action\" value=\"create\">\n";
            }
            else
            {
               echo "<input type=\"hidden\" name=\"action\" value=\"update\">\n";
            }
            echo "<input type=\"hidden\" name=\"id\" value=\"". $id_value . "\">\n";
            echo "<tr><td>nome:</td>\n";
            echo "<td><input type=\"text\" size=\"50\" name=\"nome\" value=\"" . $nome_value . "\"></td></tr>\n";
            echo "<tr><td>dia:</td>\n";
            echo "<td><input type=\"text\" size=\"50\" name=\"dia\" value=\"" . $dia_value . "\"></td></tr>\n";
            echo "<tr><td>Email:</td>\n";
            echo "<td><input type=\"text\" size=\"50\" name=\"email\" value=\"" . $email_value . "\"></td></tr>\n";
            echo "<tr><td>campo1</td>\n";
            echo "<td style=\"text-align:left\"><input type=\"text\" size=\"50\" name=\"telefone\" value=\"" . $telefone_value . "\"></td></tr>\n";
            echo "<tr><td>campo2</td>\n";
            echo "<td style=\"text-align:left\"><input type=\"text\" size=\"50\" name=\"hora\" value=\"" . $hora_value . "\"></td></tr>\n";
            echo "<tr><td>estado:</td>\n";
            echo "<td style=\"text-align:left\"><select name=\"estado\" size=\"1\"><option " . ($estado_value == "0" ? "selected " : "") . "value=\"0\">Pendente</option><option " . ($estado_value != "0" ? "selected " : "") . "value=\"1\">Confirmado</option></select></td></tr>\n";
            echo "<tr><td>&nbsp;</td><td style=\"text-align:left\"><input type=\"submit\" name=\"cmdSubmit\" value=\"Save\">";
            echo "&nbsp;&nbsp;";
            echo "<input type=\"reset\" name=\"cmdReset\" value=\"Reset\">&nbsp;&nbsp;";
            echo "<input type=\"button\" name=\"cmdBack\" value=\"Back\" onclick=\"location.href='" . basename(__FILE__) . "'\"></td></tr>\n";
            echo "</table>\n";
            echo "</form>\n";
            echo "</center>\n";
         }
      }
      else
      {
         echo "<table width=\"100%\" cellspacing=\"0\" cellpadding=\"2\">\n";
         echo "<tr><th>ID</th>\n";
         echo "<th>Nome</th>\n";
         echo "<th>Dia</th>\n";
         echo "<th>Hora</th>\n";
         echo "<th>Telefone</th>\n";
         echo "<th>Email</th>\n";
         echo "<th>Estado</th>\n";
         echo "<th>Opcoes</th></tr>\n";
         $sql = "SELECT * FROM ".$mysql_table." ORDER BY nome ASC";
         $result = mysql_query($sql, $db);
         while ($data = mysql_fetch_array($result))
         {
            echo "<tr>\n";
            echo "<td>" . $data['id'] . "</td>\n";
            echo "<td>" . $data['nome'] . "</td>\n";
            echo "<td>" . $data['dia'] . "</td>\n";
            echo "<td>" . $data['hora'] . "</td>\n";
            echo "<td>" . $data['telefone'] . "</td>\n";
            echo "<td>" . $data['email'] . "</td>\n";
            echo "<td>" . ($data['estado'] == "0" ? "Pendente" : "Confirmado") . "</td>\n";
            echo "<td>\n";
            echo "   <a href=\"" . basename(__FILE__) . "?action=edit&id=" . $data['id'] . "\">Editar</a> | \n";
            echo "   <a href=\"" . basename(__FILE__) . "?action=delete&id=" . $data['id'] . "\">Apagar</a>\n";
            echo "</td>\n";
            echo "</tr>\n";
         }
         echo "</table>\n";
         echo "<p><a href=\"" . basename(__FILE__) . "?action=new\">Agendar Marcacao</a>&nbsp;&nbsp;<a href=\"" . basename(__FILE__) . "?action=logout\">Logout</a></p>\n";
      }
   }
?>
</body>
</html>

been around this for a couple of weeks. Can anyone PLZ help me?

4
Contributors
4
Replies
49
Views
4 Years
Discussion Span
Last Post by EvolutionFallen
0

What exactly messed up?

Line 41 should be:

$sql = "DELETE FROM `marcacao` WHERE `marcacao`.`id` = `$id`"; // note the dollar sign to indicate the variable $id

Line 56: I think $estado should have single quotes: '$estado'

Edited by pritaeas

0

MANY THANKS for your reply!

Not quite sure :(

But for instance: when i try to delete a line via browser from the table, it deletes all existing lines on it. It suposed to delete that specified line.
Tried, on line 41, with "", .., '' and `` notations and nothing seams to work anymore.

Runned with your sugestions, same result still, but closer to the end result

0

first fetch all recoed and in loop give a url and pass id in that url redirect url to another page and on that page delete perticular record that match to link id.
for example:-

<a href='anotherpage.php?id=<?php echo $id?>'>delete</a>
0

pritaeas, is the variable in your response supposed to have backticks? I've never indicated values using them. Shouldn't it be

$sql = "DELETE FROM `marcacao` WHERE `marcacao`.`id` = $id";

?

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.