Url forwarding with php

Adem, your second video had the wrong formatting on the URL. But, I got it working by deleting the extra codes in the URL.

Now, The first proposal video looks nice. I see how that works by looking at it. The second shows nicely how it works and what you do to make changes. It says that you just are not getting the page to refresh.
To refresh the page using PHP, you just add a header() function at the end of the update process.

You need to look at the code that saves the changes. The button at the bottom that you showed us just
before you told us it saves but does not refresh. In that code, you need to send the page back to itself so
that it will reload the data displayed and get the new data you just added. Hope that make sense.

I fixed the second video

New Screen Video

An example of the code on my page is as follows

<meta http-equiv="Content-Language" content="tr">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link rel="stylesheet" href="jswindow/jswindow.css" type="text/css" />
<script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>        
<script type="text/javascript" src="jswindow/jswindow-min.js"></script>
<link rel="stylesheet" href="css/bootstrap.min.css">
<link href="css/mavi.css" type="text/css" rel="stylesheet">
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
<script src="js/editor.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
<link href="css/editor.css" type="text/css" rel="stylesheet"/>
<script type="text/javascript" src="js/urunleri-sil.js"></script>

 <?php
 
 if(isset($_POST['product_edit_id'])){
$say = $mysqli->query(" SELECT * FROM multiswitch WHERE urun_kodu='$urun_kodu' AND id NOT IN($_POST['product_edit_id'])");

if($say->num_rows == 0){
    $sorgu = $mysqli->query("UPDATE multiswitch SET urun_kodu='$urun_kodu' WHERE id='$_POST['product_edit_id']'");
    if($sorgu){
        echo '<br /><br /><center><b>Multiswitch Successfully Changed</b></center>';
        echo '<meta HTTP-EQUIV="refresh" CONTENT="01;URL="multiswitch.php"">';
    }else{
        echo '<br /><br /><center><b>Multiswitch Could not be changed due to an error!</b></center>';
    }

    }
 }

 if(isset($_POST['add_product'])){
$say = $mysqli->query(" SELECT * FROM multiswitch WHERE urun_kodu='$urun_kodu' ");

if($say->num_rows == 0){
    $sorgu = $mysqli->query("INSERT INTO multiswitch (id, urun_kodu) values (NULL, '$urun_kodu')");
    if($sorgu){
        echo '<br /><br /><center><b>Multiswitch Product successfully added</b></center>';
        echo '<meta HTTP-EQUIV="refresh" CONTENT="01;URL="multiswitch.php"">';
    }else{
        echo '<br /><br /><center><b>The Multiswitch product could not be added due to an error!</b></center>';
    }

    }
 }

 ?>

HTML tables and codes are here

Well, again, I will explain your problem. You are attempting to alter code on a page, then send it to the browser and then have the browser change pages to a different page. Or maybe the same page.
This makes little sense program-wise. You are using PHP to create a forced HTML page change.
Just do the change right away first and skip loading and reloading the browser’s page data. It just wastes
time and internet page processing.

Once the page is loaded into the browser, it switches pages and therefore nothing sent to the page is displayed or used, it just loads the new page. A total waste of processing. Lets go over the first part:

if($sorgu) { PHP checks to see if there is any value in this variable.
echo some stuff to the HTML object sending to browser when PHP has completed. This is never seen!
echo a META to change pages as soon as the page is viewed inside the browser. A new page is loaded.

So, this code is a bit of a waste of time since the successful message is never veiwed.
You can change this meta line to just: header(“LOCATION: multiswitch.php”); and the new page will load as soon as you reach this line.

Also, the meta echo line is incorrect. It would never work as-is. You can not have embedded double-quotes inside other quotes… Echo 'something “somemore"somemoremore” " just does not work!
You would need to alter that line to use ESCAPES to get the extra quotes placed correctly…

header (“LOCATION: multiswitch.php”); I added it gave the following error

Warning: Cannot modify header information - headers already sent by (output started at C:\SERVER\wamp64\www\projelerim\antenfiyati\multiswitch.php:28) in C:\SERVER\wamp64\www\projelerim\antenfiyati\multiswitch.php on line 152

The multiswitch.php page is its own page

Page refresh works if I upgrade this version

jquery/2.1.4/jquery.min.js"

All transactions are done on the multiswitch.php page

The page needs to be refreshed for the corrected or newly added products to appear in the product list

Something goes wrong but I can’t figure it out
I am confused

All operations will be done on the multiswitch.php page

metadata is here
css js libraries are here

product registration codes to database here

form control js code here

pagination product listing here

Product edit code is here

Product add code here

When I add a product or edit a product, the page is refreshed when successfully written to the database

Can you make me a sample page

Well, I am confused, Adem, what you need help with. If you want an example of how PHP handles data and how to use it for posting data to a database, normally it is quite simple. Here is a base example, but, not a real use example…

<?PHP Code here to check for form posts, update data to database, delete data, add data, etc... Note that this is done on the server therefore no hackers ever see this code and it is 100% safe. ?>

< html>
< body>
normal header stuff goes here setting up the page…
< form> Set up a posted form that sends data to the server and to PHP

<?PHP More PHP code goes here to load data from the database to be displayed based on current records needed or options selected using buttons... ?>

< /form>
< /body>
< /html>
If you use JS, any hacker can see your code. If it contains links to your database, then it is not secured
and a run of the mill hacker can get into your data. If you post your form back to the same page, the data
that is posted and sent to the PHP code at the beginning of the page. The PHP code would validate all
of the data and insure it is safe and accurate. Then, save-delete-add as needed. These are handled by
buttons and data entry form fields. And, if done this way, there is no redirection ever done. It just does the
processing of the data and then displays the page using the current options selected.
The picture of the inputs, decoders and sat antenna’s could be all buttons. When a button is pressed, it
would just post to the page as a “submit” button. Then your PHP code would figure out which button was
selected and set up the correct options for the database and the newly updated web page.

Not sure if this helps, but, I hope it does…

I want to fix all my scripts errors with your help

I want to correct my mistakes by preparing a sample page
I am preparing a sample page according to the information you provide
JS Form control has nothing to do with database, only input and select option are to avoid the option.

alert(“Please enter product code”);
alert(“Please enter product name”);
alert(“Please enter product price”);
as

<?php
###### ENTRY AND AUTHORIZATION CONTROL ##############################################################
    require_once("login_giris.php");
    if(!empty($_SESSION['user_group_uye'])){
    $group = $_SESSION['user_group_uye'];
    }else{
        $group = "";
    }
    if($group != '1'){
    echo "Administrator Login Required.";
    exit;
    }
###### ENTRY AND AUTHORIZATION CONTROL ##############################################################

require_once("database_config.php");

###### WRITING INTO THE CORRECTED PRODUCT INFORMATION DATABASE ######################################
 if(isset($_POST['product_edit_id'])){
    $urun_kodu = strip_tags($mysqli->real_escape_string($_POST['urun_kodu']));
    $product_description = addslashes($_POST['product_description']);
$say = $mysqli->query(" SELECT * FROM multiswitch WHERE urun_kodu='$urun_kodu' AND id NOT IN($_POST['product_edit_id'])");
// Update if the same product is not available
if($say->num_rows == 0){
    $sorgu = $mysqli->query("UPDATE multiswitch SET urun_kodu='$urun_kodu' WHERE id='$_POST['product_edit_id']'");
    if($sorgu){
        echo '<br /><br /><center><b>Multiswitch Successfully Changed</b></center>';
        echo '<meta HTTP-EQUIV="refresh" CONTENT="01;URL="multiswitch.php"">';
    }else{
        echo '<br /><br /><center><b>Multiswitch Could not be changed due to an error!</b></center>';
    }

    }
 }
###### WRITING INTO THE CORRECTED PRODUCT INFORMATION DATABASE ######################################


###### WRITING INTO A NEW PRODUCT DATABASE ##########################################################
 if(isset($_POST['add_product'])){
    $urun_kodu = strip_tags($mysqli->real_escape_string($_POST['urun_kodu']));
    $product_description = addslashes($_POST['product_description']);
$say = $mysqli->query(" SELECT * FROM multiswitch WHERE urun_kodu='$urun_kodu' ");
// Add if the same product is not available
if($say->num_rows == 0){
    $sorgu = $mysqli->query("INSERT INTO multiswitch (id, urun_kodu) values (NULL, '$urun_kodu')");
    if($sorgu){
        echo '<br /><br /><center><b>Multiswitch Product successfully added</b></center>';
        echo '<meta HTTP-EQUIV="refresh" CONTENT="01;URL="multiswitch.php"">';
    }else{
        echo '<br /><br /><center><b>The Multiswitch product could not be added due to an error!</b></center>';
    }

    }
 }
###### WRITING INTO A NEW PRODUCT DATABASE ##########################################################


 ?>

<!DOCTYPE html>
<html>
  <head>
        <meta http-equiv="Content-Language" content="tr">
        <meta charset="UTF-8">
        <meta name="description" content="Merkezi Uydu Anten TV Sistemi Fiyat Çıkarma Web Sitesi">
        <meta name="keywords" content="Uydu, Uydu Anten, Çanak Anten, Merkezi Sistem, Uydu Anten Sistemi, Çanak Anten Sistemi">
        <meta name="author" content="Adem GENÇ">
        <meta name="viewport" content="width=device-width, initial-scale=1.0">
        <link rel="stylesheet" href="jswindow/jswindow.css" type="text/css" />
        <script src="https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js"></script>        
        <script type="text/javascript" src="jswindow/jswindow-min.js"></script>
        <link rel="stylesheet" href="css/bootstrap.min.css">
        <link href="css/mavi.css" type="text/css" rel="stylesheet">
        <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js"></script>
        <script src="js/editor.js"></script>
        <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/font-awesome/4.4.0/css/font-awesome.min.css">
        <link href="css/editor.css" type="text/css" rel="stylesheet"/>
        <script type="text/javascript" src="js/urunleri-sil.js"></script>
        <title>Merkezi Uydu Anten TV Sistemi Fiyat Çıkarma Web Sitesi</title>

    <script type='text/javascript'>

        function Add_or_Update_Product() {
        var urun_kodu = $("input[name='urun_kodu']").val().length;

        if(urun_kodu < 1){
            $(function(){
            jw("b olumsuz").baslik("Product Code Empty").icerik("Please enter product code").kilitle().en(400).boy(100).ac();
            })
            return false;
        }

        }

    </script>

  </head>
  <body style="padding:0; margin:0; font-family:Arial, Helvetica, sans-serif;">
    <div id="jswindow_website_cerceve">

        <table>
            <!-- product listing paging table -->
            <a class="Button" href="?edit=237&urun_kodu=7622524514#a">Edit</a>
        </table>

    <?php
        $product = "multiswitch";
        require_once("pagination.js.php");
    ?>

    <?php
        if(!empty($_GET['edit'])){
    ?>

    <form method="POST" action="multiswitch.php" enctype="multipart/form-data">
        <table>
            <!-- product edit form table -->
            <input type="submit" value=" Save Changes " onclick="return Add_or_Update_Product();"/>
        </table>
    </form>

    <?php
        }else{
    ?>

    <form method="POST" action="multiswitch.php" enctype="multipart/form-data">    
        <table>
            <!-- product add form table -->
            <input type="submit" value=" Add New Product " onclick="return Add_or_Update_Product();"/>
        </table>
    </form>

    <?php
        } // if(!empty($_GET['edit'])){
    ?>

    </div>
  </body>
</html>

This is my sample page
Is there anything wrong or lined up?

Download Sample Page Here

Well, basically it is a good start. My editor says there are errors in your PHP code where you use a query with this in it:
WHERE id=’$_POST[‘product_edit_id’]’ "
As you can see, you have embedded quotes inside other quotes. You can not do this. There are ways to fix this, the easiest is to just concatenate the values. In this way there are no embedded quotes. So, the full line was:
$sorgu = $mysqli->query(“UPDATE multiswitch SET urun_kodu=’$urun_kodu’ WHERE id=’$_POST[‘product_edit_id’]’”);
And, it needs to be changed like this:
$sorgu = $mysqli->query("UPDATE multiswitch SET urun_kodu=’$urun_kodu’ WHERE id=’ " . $_POST[‘product_edit_id’] . " ’ ");
I added extra spaces so you can see how it is done. You are basically ending the string, then concatenating the posted value, then concatenating the rest of the string. It is a minor change, but, it removes the embedded quotes. You can not have single quotes inside of single quotes. Same for the double-quotes. You can use “ESCAPES” for the extra ones, but, it makes it harder to read in my humble opinion.
Also, when you read your posted data, you are not checking for safe inputs. I prefer to use simple filtering as it is enough protection in most cases. If this webpage is only for your own use and never on a real server available to the public, then it is not important. But, you might want to read up on input_filter(). It protects your server from false inputs. You would change this wherever you read posted data:

real_escape_string($_POST['urun_kodu'])

With this version:

filter_input(INPUT_POST, 'urun_kodu')

This is the current way to remove programming and DB coding from inputs. You could improve this protection even further by using “PREPARED STATEMENTS”. But, that is for another post.

It looks like you are understanding the basics. You need to add code to display the tables. The data from the database needs to be read using PHP and displayed in a table format.

This script will run on the real server
Administrators have the authority to perform all transactions
The dealer can only correct or delete her own price offer

Visitor Can Only Produce Price Offer
Generating a Visitor Price Quote
How Does The Price Quote Produce?
Selected from the first page to the last page are assigned to SESSION
On the last page
Written to the database
PDF is created with ajax
Sends a “Price Offer Created” notification email to the manager.
With the button, the visitor sends the “Price Offer Created” to his / her e-mail (optional)

I’m trying to do many things with what I see on the internet
I don’t know the true meaning of many things
I understand the help more easily like the example you showed above

in your example
Is that right?
$urun_kodu = filter_input(INPUT_POST, 'urun_kodu');

Here $urun_kodu
$sorgu = $mysqli->query("UPDATE multiswitch SET urun_kodu='$urun_kodu' WHERE id='".$_POST['product_edit_id']."'");

Is it necessary here too?
urun_kodu=’$urun_kodu’ => urun_kodu=’".$urun_kodu."’

URL forwarding problem solved with die();
Is that right?

if($sorgu){
    echo '<br /><br /><center><b>Multiswitch Successfully Changed</b></center>';
    echo '<meta HTTP-EQUIV="refresh" CONTENT="01;URL="multiswitch.php"">';
    die();
}else{

It sounds to me like you are learning a lot of things at once. It is always good to learn new things!

The filter_input function is used to protect your database from hackers or just users inserting code into
your database. It is similar to the older ways, but, this one is checked on the server before the data is
used. Normally, you would use it for ALL inputs that come from users. For a query, you would want to
get the data first and then use the variable in the query. Normally most programmers do not insert a
filter_input function inside the query. More like:

$urun_kodu = filter_input(INPUT_POST, 'urun_kodu');
$edit_id = filter_input(INPUT_POST,'produce_edit_id');
$sorgu = $mysqli->query("UPDATE multiswitch SET urun_kodu='$urun_kodu' WHERE id='".$edit_id."'");

The code for the if( $sorgu ) { is NOT the way a good programmer would do it. The “DIE()” function is
just for testing and never is used in live websites. Also, you are still using a META to switch pages. As
I mentioned before, that is a HTML command, not a programming command. You would be putting that
HTML command into a page and switching pages. Not needed, just use a header() function instead and
get the same results without the wasted code.

If you have areas on a page where a user can select inputs or enter text such as their name, address,
email or anything else, you should filter the inputs in the PHP before that data is used. OR, you can use
“PREPARED” statements. They allow you to create a query and enter all of the data using placeholders
which are question marks. These are replaced with the data from the posted form. What is nice about
these are that you do not need to use the filter_input functions as they are in the prepared statement
system and run behind the scenes. Here is a simple tutorial on how they work: Prepared-Statements

And, for a future lesson, in this day and age, most programmers prefer to use PDO instead of MySQLi.
It is much more secure and actually faster to use in most cases. You might want to look into that in the
future.

You have suggested such important things for the security of my script that it is impossible not to get excited.

I learned the importance of filter_input. thank you

I will first use this “PREPARED” feature to write to the database at the end of the guests’ price proposal. thank you

Also, you are still using a META to switch pages.

I don’t understand, can you explain it with an example

And, for a future lesson, in this day and age, most programmers prefer to use PDO instead of MySQLi.
It is much more secure and actually faster to use in most cases. You might want to look into that in the
future.

I’m afraid for now that the transition from MySQLi to PDO requires a lot of changes in the code, I’ll try to change it later.

Well, in larger websites, the upgrade to PDO can be done in smaller steps. The output of PDO ends up in the same $results type object. Therefore you can do it in sections. You would basically just use both MySQLi and PDO at the same time. Since PDO connections are simple to start, you can change over the old DB code step by step and the site will still work with both. But, as I said, that would be for a future time. For now, when you have time you can look over this site which covers PDO in depth. It will help when you do get to that step. PDO-the-right-way Just for future info…

Now for the META issues… I will explain the process not the code. I think that might help with your knowledge. I mean, learning the process will make you understand the code behind it. There are two ways to handle this process.

First, the overall need here is to switch the page to another one. You could use AJAX processes to load the current data after it is created, deleted or updated, but, it appears your needs are simple and therefore that is not needed. So, we will talk about just URL switching.

Version one is the way you currently are processing the pages. Here is a list of how that works.
1 Display a page of data from the database adjusting it to look good on the page.
2 Allow changes on the data using forms ( Add, delete, edit )
3 Update any changes made and store them into the database.
4 Create a META to add to the page that is displayed and write it out to HTML on the page
5 The page is rendered (which means is sent to the browser)
6 The browser loads the newly created code and displays the HTML you created
7 Lastly the META kicks in and the page is switched to a new page (the same page actually)
8 The new page loads the data again but does not use the META and therefore is done…
*** As you see, there is a lot going on in your simple one-page display. The real issue with this type of process is that you waste time building a page just to have it switch to a different page even if it is the same page it is a switch. This means that you build the page twice. That is a waste of time. Waste of server processing, etc. Let’s look at a slightly different way to process this.

Version two is almost the same way you currently are processing the pages. Here is how that works.
1 Display a page of data from the database adjusting it to look good on the page.
2 Allow changes on the data using forms ( Add, delete, edit )
3 Update any changes made and store them into the database.
4 The page is rendered (which means is sent to the browser)
5 The browser loads the newly created code and displays the HTML you created
6 The new page loads the data which may have been altered and therefore is done…
*** This version saves all the code dealing with the META which is not really needed. It also displays the new live data and is not an issue. Not META is put into the rendered page and the page is not need to be refreshed, so no URL change really.

Let’s recap some thoughts on this. Any database data manipulation page such as adding, deleting and altering is normally handled on one page. Other pages are not needed. And, the data drives the displays. Which means that you alter the display as needed based on the data used. The form on the page always just posts to itself. Usually using < form method=“POST” action="" > … No page is used in the action section. This makes it post to itself. You put PHP code at the top of the page to handle changes in the data. The displayed items would read from the database which would now contain any changes done in the forms. And, of course allow more options to be altered… But, no refreshes or URL changes are needed since everything is done on the one page. Updates are handled before you display data tables. The page is “refreshed” in a way whenever the user posts the page by making changes. I guess you could say the page is auto-refreshed since when posted, it updates then displays the latest current data.

Well, I may be explaining this too much, but you did show interest in learning. Hope this helps…

Hey, Adem, I looked at your video again. It appears you have a very complete system and it looks very professional. It looks very detailed. And, in the video, it seemed to already work as you want it to.
How did you make that video? Is it from the live site? If so, it looks like it is working good now.

I made the video on local server, but also available on the real server works the same
The script works correctly, I’m just trying to improve small things, I’m trying to code better
Video is the area that visitors see

In fact, the page does not need to be refreshed at the end of Adding and Editing. As you said.

At the end of the process, renewal is required to remove the following messages
Product Successfully Added
Products Successfully Changed

Now I want to ask you a question:
When Generating a Guest, Dealer or Manager Price Quote
The entered or selected data is POSTED to the next page and assigns to SESSION.
and is written from SENSION to the database on the last page.

Is this the correct method?

I could not fully grasp the subject of META, I will investigate this in detail later and try to learn.

First I want to finish shorter topics
1.
When Generating a Guest, Dealer or Manager Price Quote
The entered or selected data is POSTED to the next page and assigns to SESSION.
and is written from SENSION to the database on the last page.
Is this the correct method?

The price offer produced,
I changed to write with PDO instead of writing to database with MySQLi
I replaced it with the PDO you suggested

Is this code correct to allow only the admin to enter the admin panel?
Admin group ID: 1
Registered Reseller ID: 2
Note: I allow Administrator and Registered Reseller access to some pages in the administration panel.

###### ENTRY AND AUTHORIZATION CONTROL ##############################################################
    require_once("login_giris.php");
    if(!empty($_SESSION['user_group_uye'])){
    $group = $_SESSION['user_group_uye'];
    }else{
        $group = "";
    }
    if($group != '1'){
    echo "Administrator Login Required.";
    exit;
    }
###### ENTRY AND AUTHORIZATION CONTROL ##############################################################

Is the “filter_input (INPUT_POST)” you suggested earlier valid in SESSION?

$apartman_adi = strip_tags($mysqli->real_escape_string($_SESSION['apartman_adi']));

Well, let’s take these one at a time since each is a different subject. #1 is about passing things to other pages. There are dozens of ways to do this. In my humble opinion, using SESSION is one of the easiest ways. But, for a quoting system, there might be a better way to handle it. In a large number of quoting systems, the quote is stored into a database table named something like “quotes”. The reason they do that is to allow the quote to be saved for future use. The quote is usually valid for a set period of time such as one week or a set number of days. In this way, when the quote “expires”, it is deleted. Also, in this way, you can send reminders by email to the user reminding them of the quote with an option to delete it. That often drives or pushes the user to respond to the quote and sometimes get more replies from the user. I am not saying you need to do this. I am just telling you how some sites handle quotes.

If you do not save quotes and just want to pass data to the next page, SESSION works great. I do that myself often. If you need to send a large amount of data, you can place an array into the SESSION and pass an entire array, such as a full quote. It is very helpful to use SESSION to pass data back and forth between pages.

So, I would say, yes, this method is a good way to handle it. Just remember you can send more than just one variable in the SESSION array. You can actually use full arrays. That is handy!

Because you want to learn, I mentioned PDO. Most programmers, especially the ones here, suggest using PDO since it is more secure. It is not very hard to learn, but, it is different in the way things are handled. So, perhaps you might want to test it using the site I posted to play with it before completely switching to it.

Yes, most sites keep a “users” or “members” table with the register information such as email address, home or mailing address, phone, and other important items. And, usually a “user_level” or “user_group” field to store a number that is like you have set up. You can create as many levels as you might need.

Well, the SESSION is an array kept in the server and used to pass on data to other pages. It is hard for hackers to get into that since it is on the server. Therefore, you do not need to check the fields for data. I have seen some programmers do that just for extra security, but, it is NOT needed. The browser does not pass the data on, the server does in the header information when it “renders” the page to the browser.
No the answer is NO, it is not needed.

Thank you very much, I understood this very well
My quote is constantly stored in the database, Optional, can delete admin or reseller
Only IDs and Qtys of products are recorded in the price quote database
If the price of the products changes or the exchange rate changes, With the Update Price or Currency link, the products are updated without changing the price or exchange rate.