User enters email address from php form need to select rec with that email

ddowling57 · July 19, 2014, 5:42am

i have code set up to display mysql table list with update/delete
i am trying to do is use email enter by user in form to plug in to select using that email to pull records from mysql table
i have put form out there had it call code to select but i’m missing something
i’m real new to php would appreciate any help on this
if i use $query= SELECT * FROM ‘place_ad’ where email = ******@gmail.com;
hardcoded works fine

<form action=“myform.php” method=“GET”>
lEmail: <input type=“text” name=“email” />
<input type=“submit” />
</form>

$query= SELECT * FROM ‘place_ad’ where $email = $_POST[‘email’];

droopsnoot · July 19, 2014, 6:08pm

In your HTML form you use “method=GET”, but then you use the $_POST array to access the form variables. So you need to use “method=POST” instead.

Drummin · July 19, 2014, 9:09pm

You are also using the variable $email instead the the field name, which I assume should be email. You are also single quoting the table name, when the whole statement should be in quotes. Also posting directly to query is a very bad idea. I recommend learning PDO and bind any user input that is submitted to query.
Simple fixed version.

$query= "SELECT * FROM place_ad WHERE email = '{$_POST['email']}'";

A PDO version

<?php
$host = "localhost";
//MySQL Database user name.	
$login = "";
//Password for MySQL.
$dbpass = "";
//MySQL Database name.
$dbname = "";
//Establish a connection
$pdo = new PDO("mysql:host=localhost;dbname=$dbname", "$login", "$dbpass");
?>
<html>
<body>
<form action="" method="post">
lEmail: <input type="text" name="email" />
<input type="submit" />
</form>
<?php
if(isset($_POST['email'])):
	$sql = "SELECT * FROM place_ad WHERE email = :email";
	$query = $pdo->prepare($sql);
    $query->bindParam(':email', $_POST['email']);
    $query->execute();
	while($row = $query->fetch(PDO::FETCH_ASSOC)){
		echo "<pre>";
		print_r($row);
		echo "</pre>";
	}
endif;
?>
</body>
</html>

ddowling57 · August 7, 2014, 5:01am

thanks that worked perfectly to display the records i am looking for can you tell me how to ad update and delete to this i can get it to bring up all records with an update and delete on each line but need it just on email owners records

<html>
<head>
</head>
<body>
<?php
$con =mysql_connect("localhost","uniteee0_main","main1234");

if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("uniteee0_main");
echo "<b><center><h1>Update/Delete Ad<h1></center></b><br><br>";

$sql="SELECT * FROM 'place_ad' WHERE email=:email";


if(isset($_POST['update'])){
$UpdateQuery = "UPDATE place_ad SET adnum='$_POST[adnum]',postdate='$_POST[postdate]',company='$_POST[company]',
firstname='$_POST[firstname]',lastname='$_POST[lastname]',email='$_POST[email]',phone1='$_POST[phone1]',
phone2='$_POST[phone2]',state='$_POST[state]',cat='$_POST[cat]',buyerseller='$_POST[buyerseller]',
detail='$_POST[detail]' WHERE adnum='$_POST[hidden]'";               
mysql_query($UpdateQuery, $con);
 
 echo "updated successfully\
";
};
 
if(isset($_POST['delete'])){
$DeleteQuery = "DELETE FROM place_ad WHERE adnum='$_POST[hidden]'";          
mysql_query($DeleteQuery, $con);
};

if(isset($_POST['add'])){
$AddQuery = "INSERT INTO place_ad (company, firstname, lastname, email, phone1, phone2, state, cat, buyerseller, detail);
VALUES ('$_POST[ucompany]','$_POST[ufirstname]','$_POSTl[ulastname]','$_POST[uemail]';
'$_POST[uphone1]','$_POST[uphone2]','$_POST[ustate]','$_POST[ucat]','$_POST[ubuyerseller]';
'$_POST[udetail]')"; 
mysql_query($AddQuery, $con);
};

$sql = "SELECT * FROM place_ad";
$myData = mysql_query($sql,$con);
echo "<table border=1>
<tr>
<th>Adnum</th>
<th>Postdate</th>
<th>Company</th>
<th>Firstname</th>
<th>Lastname</th>
<th>Email</th>
<th>Phone1</th>
<th>Phone2</th>
<th>State</th>
<th>Cat</th>
<th>Buyerseller</th>
<th>Detail</th>
</tr>";
while($record = mysql_fetch_array($myData)){
echo "<form action=dgdupdate.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=text name=adnum value=" . $record['adnum'] . " </td>";
echo "<td>" . "<input type=text name=postdate value=" . $record['postdate'] . " </td>";
echo "<td>" . "<input type=text name=company value=" . $record['company'] . " </td>";
echo "<td>" . "<input type=text name=firstname value=" . $record['firstname'] . " </td>";
echo "<td>" . "<input type=text name=lastname value=" . $record['lastname'] . " </td>";
echo "<td>" . "<input type=text name=email value=" . $record['email'] . " </td>";
echo "<td>" . "<input type=text name=phone1 value=" . $record['phone1'] . " </td>";
echo "<td>" . "<input type=text name=phone2 value=" . $record['phone2'] . " </td>";
echo "<td>" . "<input type=text name=state value=" . $record['state'] . " </td>";
echo "<td>" . "<input type=text name=cat value=" . $record['cat'] . " </td>";
echo "<td>" . "<input type=text name=buyerseller value=" . $record['buyerseller'] . " </td>";
echo "<td>" . "<input type=text name=detail value=" . $record['detail'] . " </td>";
echo "<td>" . "<input type=hidden name=hidden value=" . $record['adnum'] . " </td>";
echo "<td>" . "<input type=submit name=update value=update" . " </td>";
echo "<td>" . "<input type=submit name=delete value=delete" . " </td>";
echo "</tr>";
echo "</form>";
};
echo "<form action=dgdupdate.php method=post>";
echo "<tr>";
echo "<td><input type=text name=uadnum></td>";
echo "<td><input type=text name=upostdate></td>";
echo "<td><input type=text name=ucompany></td>";
echo "<td><input type=text name=ufirstname></td>";
echo "<td><input type=text name=ulastname></td>";
echo "<td><input type=text name=uemail></td>";
echo "<td><input type=text name=uphone1></td>";
echo "<td><input type=text name=uphone2></td>";
echo "<td><input type=text name=ustate></td>";
echo "<td><input type=text name=ucat></td>";
echo "<td><input type=text name=ubuyerseller></td>";
echo "<td><input type=text name=udetail></td>";
echo "<td>" . "<input type=submit name=add value=add" . " </td>";
echo "</form>";
echo "</table>";
mysql_close($con);

?>

</body>
</html>

SpacePhoenix · August 7, 2014, 6:46am

@ddowling57; there’s a couple of big flaws with the code that you’ve posted:

The old mysql_* extension has been deprecated as of version 5.5 of PHP and will very likely be removed from PHP version 5.6. Any site should now be using either the mysqli_* extension (MySQL Improved) or more preferably PDO.
The queries are wide open to potential SQL Injection Attack. Have a read of this Wikipedia article for more information about what an SQL Injection attack is. No user submitted data should be allowed anywhere near a database without being sanitizted and escaped. It’s best to use prepared statements to prevent SQL injection attacks

Drummin · August 7, 2014, 3:24pm

Yes ddowling57, using the example I posted, you should be able to convert the code you posted to PDO binding POST with name placeholders, e.g. :email for each of those POST key/values for both the update and delete queries. Give it a go and post back if you have problems.

ddowling57 · August 8, 2014, 7:18pm

I cant seem to be able to figure out the way to select all records for a email and be able to update any fields all examples i find have update as predefined data depending on <=> to id fields i need to allow updates to any of the fields by displaying record and make changes then hit update any help would be great this is the last part of webpage i’m trying to complete Thanks

Drummin · August 9, 2014, 10:33pm

As for a simple answer, if you want to base updates on the POSTED email address then email will need to be that hidden field, but as you have an input named email already I will call that hidden field oldemail. There however are many issues with you forms mainly

Forms cannot wrap around <tr> cells
Input attribute values are not quoted
Input fields are missing closing tags

You could move your table tags inside the loop, but then each line would be a table and cell/table widths would be all over the place, which would negate the reason for having a table in the first place. One way to deal with a having a form for each line is to place input tags in floating divisions inside a wrapper. To mimic table-cell borders, I’m calling individual left, right, top and bottom borders as needed so there are no doubled borders.

As noted several times you should be using PDO. Making this sample page was a bit of a pain, fixing errors and converting everything but this should Add, Update and Delete records. Note: adnum and postdate are not in the ADD processing, even though those fields are in the form. I wasn’t sure if adnum was an Auto Increment DB field or how you are setting date and as your version didn’t have them for ADD I didn’t include them.

<?php 
$host = "localhost"; 
//MySQL Database user name.    
$login = "";
//Password for MySQL.
$dbpass = "";
//MySQL Database name.
$dbname = ""; 
//Establish a connection
try {
$pdo = new PDO("mysql:host=localhost;dbname=$dbname", "$login", "$dbpass");
} catch (PDOException $e) {
// echo "Database error: ".$e->getMessage(); 
echo "error connecting to DB";
}  

// Update	 
if(isset($_POST['update'])):
	$Updatesql = "UPDATE place_ad SET 
	  adnum = :adnum
	 ,postdate = :postdate
	 ,company = :company
	 ,firstname = :firstname
	 ,lastname = :lastname
	 ,email = :email
	 ,phone1 = :phone1
	 ,phone2 = :phone2
	 ,state = :state
	 ,cat = :cat
	 ,buyerseller = :buyerseller
	 ,detail= :detail 
	WHERE email = :oldemail";
	$Updatequery = $pdo->prepare($Updatesql);
    $Updatequery->bindParam(':adnum', $_POST['adnum']);
    $Updatequery->bindParam(':postdate', $_POST['postdate']);
    $Updatequery->bindParam(':company', $_POST['company']);
    $Updatequery->bindParam(':firstname', $_POST['firstname']);
    $Updatequery->bindParam(':lastname', $_POST['lastname']);
    $Updatequery->bindParam(':email', $_POST['email']);
    $Updatequery->bindParam(':phone1', $_POST['phone1']);
    $Updatequery->bindParam(':phone2', $_POST['phone2']);
    $Updatequery->bindParam(':state', $_POST['state']);
    $Updatequery->bindParam(':cat', $_POST['cat']);
    $Updatequery->bindParam(':buyerseller', $_POST['buyerseller']);
    $Updatequery->bindParam(':detail', $_POST['detail']);
    $Updatequery->bindParam(':oldemail', $_POST['oldemail']);
    $Updatequery->execute();
	$num = $Updatequery->rowCount();
	$message = $num . "updated successfully\
";
endif;               

// Delete
if(isset($_POST['delete'])):
	$Deletesql = "DELETE FROM place_ad WHERE email = :oldemail";
	$Deletequery = $pdo->prepare($Deletesql);
    $Deletequery->bindParam(':oldemail', $_POST['oldemail']);
    $Deletequery->execute();
endif;

//Insert
if(isset($_POST['add'])):
	$Addsql = "INSERT INTO place_ad 
	(company, firstname, lastname, email, phone1, phone2, state, cat, buyerseller, detail)
	VALUES
	(:company, :firstname, :lastname, :email, :phone1, :phone2, :state, :cat, :buyerseller, :detail)";
	$Addquery = $pdo->prepare($Addsql);
    $Addquery->bindParam(':company', $_POST['ucompany']);
    $Addquery->bindParam(':firstname', $_POST['ufirstname']);
    $Addquery->bindParam(':lastname', $_POST['ulastname']);
    $Addquery->bindParam(':email', $_POST['uemail']);
    $Addquery->bindParam(':phone1', $_POST['uphone1']);
    $Addquery->bindParam(':phone2', $_POST['uphone2']);
    $Addquery->bindParam(':state', $_POST['ustate']);
    $Addquery->bindParam(':cat', $_POST['ucat']);
    $Addquery->bindParam(':buyerseller', $_POST['ubuyerseller']);
    $Addquery->bindParam(':detail', $_POST['udetail']);
    $Addquery->execute();
endif;                
?>
<!DOCTYPE html>
<html lang="en">
	<head>
	<title>Update Ads</title>
	<style type="text/css">
	.table-wrapper {
	width:1253px;
	overflow:hidden;
	margin:0 auto;
	padding:0;
	}
	
	.input-cells {
	display:inline;
	float:left;
	height:30px;
	line-height:30px;
	width:85px;
	text-align:center;
	background-color:#FFF;
	margin:0;
	padding:0 1px;
	}
	
	.submit-cells {
	display:inline;
	float:left;
	height:30px;
	line-height:30px;
	width:95px;
	text-align:center;
	background-color:#FFF;
	margin:0;
	padding:0 1px;
	}
	
	.add-cells {
	display:inline;
	float:left;
	width:193px;
	height:30px;
	line-height:30px;
	background-color:#FFF;
	text-align:center;
	padding:0 1px;
	}
	
	input {
	width:90%;
	}
	
	.heading {
	font-weight:700;
	text-align:center;
	}
	
	.marbr {
	border-bottom:1px solid #252525;
	border-right:1px solid #252525;
	}
	
	.mart {
	border-top:1px solid #252525;
	}
	
	.marl {
	border-left:1px solid #252525;
	}
	
	.clear {
	clear:left;
	}	
	</style>
	</head>
<body>
<?php
	
	$sql = "SELECT * FROM place_ad";
    $query = $pdo->prepare($sql);
    $query->execute();		
	$showmessage = (isset($message) ? "<p>".$message."</p>" : "<p></p>");
	echo $showmessage;
	echo '<div class="table-wrapper">
	<div class="input-cells marbr mart marl heading">Adnum</div>
	<div class="input-cells marbr mart heading">Postdate</div>
	<div class="input-cells marbr mart heading">Company</div>
	<div class="input-cells marbr mart heading">Firstname</div>
	<div class="input-cells marbr mart heading">Lastname</div>
	<div class="input-cells marbr mart heading">Email</div>
	<div class="input-cells marbr mart heading">Phone1</div>
	<div class="input-cells marbr mart heading">Phone2</div>
	<div class="input-cells marbr mart heading">State</div>
	<div class="input-cells marbr mart heading">Cat</div>
	<div class="input-cells marbr mart heading">Buyerseller</div>
	<div class="input-cells marbr mart heading">Detail</div>
	<div class="add-cells marbr mart heading">Submit</div>
	<div class="clear"></div>'."\\r";
	
	
    while($record = $query->fetch(PDO::FETCH_ASSOC)){
	echo '<form action="dgdupdate.php" method="post">
		<div class="input-cells marbr marl"><input type="text" name="adnum" value="' . $record['adnum'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="postdate" value="' . $record['postdate'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="company" value="' . $record['company'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="firstname" value="' . $record['firstname'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="lastname" value="' . $record['lastname'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="email" value="' . $record['email'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="phone1" value="' . $record['phone1'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="phone2" value="' . $record['phone2'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="state" value="' . $record['state'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="cat" value="' . $record['cat'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="buyerseller" value="' . $record['buyerseller'] . '" /></div>
		<div class="input-cells marbr"><input type="text" name="detail" value="' . $record['detail'] . '" /></div>
		<div class="submit-cells marbr">
			<input type="hidden" name="oldemail" value="' . $record['email'] . '" />
			<input type="submit" name="update" value="update" />
		</div>
		<div class="submit-cells marbr"><input type="submit" name="delete" value="delete" /></div>
		<div class="clear"></div>
	</form>'."\\r";
	}
	echo '<form action="dgdupdate.php" method="post">
	<div class="input-cells marbr marl"><input type="text" name="uadnum" /></div>
	<div class="input-cells marbr"><input type="text" name="upostdate" /></div>
	<div class="input-cells marbr"><input type="text" name="ucompany" /></div>
	<div class="input-cells marbr"><input type="text" name="ufirstname" /></div>
	<div class="input-cells marbr"><input type="text" name="ulastname" /></div>
	<div class="input-cells marbr"><input type="text" name="uemail" /></div>
	<div class="input-cells marbr"><input type="text" name="uphone1" /></div>
	<div class="input-cells marbr"><input type="text" name="uphone2" /></div>
	<div class="input-cells marbr"><input type="text" name="ustate" /></div>
	<div class="input-cells marbr"><input type="text" name="ucat" /></div>
	<div class="input-cells marbr"><input type="text" name="ubuyerseller" /></div>
	<div class="input-cells marbr"><input type="text" name="udetail" /></div>
	<div class="add-cells marbr"><input type="submit" name="add" value="add" /></div>
	<div class="clear"></div>
	</form>
	</div>'."\\r";
?>
</body>
</html>

ddowling57 · August 11, 2014, 5:36pm

That code worked great but i still get all records and not just email entered records maybe I did something wrong? it displays records with update and delete just fine but all of them and they dont want users able to update or delete any but there records

Drummin · August 11, 2014, 6:16pm

Okay, then you need to add the POST email as the condition for the main query. Here’s that section.

<?php
	if(isset($_POST['email'])):
		$sql = "SELECT * FROM place_ad
		WHERE email = :email";
	    $query = $pdo->prepare($sql);	
	    $query->bindParam(':email', $_POST['email']);
	    $query->execute();		
		$showmessage = (isset($message) ? "<p>".$message."</p>" : "<p></p>");
		echo $showmessage;
		echo '<div class="table-wrapper">
		<div class="input-cells marbr mart marl heading">Adnum</div>
		<div class="input-cells marbr mart heading">Postdate</div>
		<div class="input-cells marbr mart heading">Company</div>
		<div class="input-cells marbr mart heading">Firstname</div>
		<div class="input-cells marbr mart heading">Lastname</div>
		<div class="input-cells marbr mart heading">Email</div>
		<div class="input-cells marbr mart heading">Phone1</div>
		<div class="input-cells marbr mart heading">Phone2</div>
		<div class="input-cells marbr mart heading">State</div>
		<div class="input-cells marbr mart heading">Cat</div>
		<div class="input-cells marbr mart heading">Buyerseller</div>
		<div class="input-cells marbr mart heading">Detail</div>
		<div class="add-cells marbr mart heading">Submit</div>
		<div class="clear"></div>'."\\r";
		
		
	    while($record = $query->fetch(PDO::FETCH_ASSOC)){
		echo '<form action="dgdupdate.php" method="post">
			<div class="input-cells marbr marl"><input type="text" name="adnum" value="' . $record['adnum'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="postdate" value="' . $record['postdate'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="company" value="' . $record['company'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="firstname" value="' . $record['firstname'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="lastname" value="' . $record['lastname'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="email" value="' . $record['email'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="phone1" value="' . $record['phone1'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="phone2" value="' . $record['phone2'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="state" value="' . $record['state'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="cat" value="' . $record['cat'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="buyerseller" value="' . $record['buyerseller'] . '" /></div>
			<div class="input-cells marbr"><input type="text" name="detail" value="' . $record['detail'] . '" /></div>
			<div class="submit-cells marbr">
				<input type="hidden" name="oldemail" value="' . $record['email'] . '" />
				<input type="submit" name="update" value="update" />
			</div>
			<div class="submit-cells marbr"><input type="submit" name="delete" value="delete" /></div>
			<div class="clear"></div>
		</form>'."\\r";
		}
		echo '<form action="dgdupdate.php" method="post">
		<div class="input-cells marbr marl"><input type="text" name="uadnum" /></div>
		<div class="input-cells marbr"><input type="text" name="upostdate" /></div>
		<div class="input-cells marbr"><input type="text" name="ucompany" /></div>
		<div class="input-cells marbr"><input type="text" name="ufirstname" /></div>
		<div class="input-cells marbr"><input type="text" name="ulastname" /></div>
		<div class="input-cells marbr"><input type="text" name="uemail" /></div>
		<div class="input-cells marbr"><input type="text" name="uphone1" /></div>
		<div class="input-cells marbr"><input type="text" name="uphone2" /></div>
		<div class="input-cells marbr"><input type="text" name="ustate" /></div>
		<div class="input-cells marbr"><input type="text" name="ucat" /></div>
		<div class="input-cells marbr"><input type="text" name="ubuyerseller" /></div>
		<div class="input-cells marbr"><input type="text" name="udetail" /></div>
		<div class="add-cells marbr"><input type="submit" name="add" value="add" /></div>
		<div class="clear"></div>
		</form>
		</div>'."\\r";
	endif;
?>

felgall · August 11, 2014, 7:26pm

You should be validating all user inputs before letting those values anywhere near the database.

See http://php.net/manual/en/filter.examples.validation.php for how to validate an email address in PHP.