I am trying to update my database using a php file that has an html form in it.
When I hit 'update' in the url bar, the updated information is showing. But when I go back to my HTML page that shows me everything in my database, it still has the old information.
What am I not doing?
I know there are security issues, like not using a session, or sanitizing the data, or using my_sql in general. This is just for a school project. After the semester I will be closing the hosting account.
EDIT: I moved the "$id = $_GET['id'];" line above the update query so that "$id" would be defined before query. Updated code.
EDIT2: After following the comments about turning on errors and displaying them after the update query. It showed that the ID was not in fact being read back in. So I added a hidden input value for the ID to give back to the file after the submit button was it.
<?php
error_reporting(E_ALL & ~E_DEPRECATED);
ini_set('display_errors', 1);
$host = 'hose';
$user = 'user';
$pass = 'pass';
$database = 'database';
$table = 'table';
//connecting to server
$conn = mysql_pconnect($host,$user,$pass);
//opening to database
if (!($db = mysql_select_db($database))) {
echo "Could NOT connect to database.";
}
//gathering new data from update form
if (isset($_GET['submit'])) {
$title= $_GET['title'];
$year = $_GET['year'];
$director = $_GET['director'];
$genre = $_GET['genre'];
$runtime = $_GET['runtime'];
$id = $_GET['id'];
$query = mysql_query("UPDATE `collection`
SET `title`='$title', `year`='$year', `director`='$director', `genre`='$genre', `runtime`='$runtime'
WHERE `ID`='$id'");
}
//passing in ID number and running query
$id = $_GET['id'];
$query = "SELECT * FROM '$table' WHERE ID = '$id'";
$result = mysql_query($query);
if (!$result) {
echo 'Could not run query: ' . mysql_error();
exit;
}
//getting row data for ID number
$row = mysql_fetch_array( $result );
?>
<!DOCTYPE html>
<html>
<head>
<meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
<title>title</title>
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="webpage.css">
<style type = "text/css">
table, th, td {
border: 0px solid black;
border-collapse: collapse;
}
table {
margin: auto;
width: 50%;
}
td {
padding: 5px;
}
img {
text-decoration: none;
}
</style>
</head>
<body class="subStyle">
<div class="topnav">
Home
Database
Insert
</div>
<form class='form' method='get'>
<table border=0>
<tr>
<th>Movie Title</th>
<th>Year Made</th>
<th>Director</th>
<th>Genre</th>
<th>Runtime(Minutes)</th>
</tr>
<tr>
<td><input type=text name="title" id="title" maxlength=100 size=50 value="<?php echo $row['title']; ?>"></td>
<td><input type=text name="year" id="year" maxlength=4 size=10 value="<?php echo $row['year']; ?>"></td>
<td><input type=text name="director" id="director" maxlength=100 size=30 value="<?php echo $row['director']; ?>"></td>
<td><input type=text name="genre" id="genre" maxlength=20 size=20 value="<?php echo $row['genre']; ?>"></td>
<td><input type=text name="runtime" id="runtime" maxlength=4 size=20 value="<?php echo $row['runtime']; ?>"></td>
<td><input type=hidden name="id" id="id" value="<?php echo $row['ID']; ?>"></td>
</tr>
<tr><td></td><td></td><td>
<button class='submit' type='submit' name='submit' value='update'>Update Movie</button></td></tr>
</table>
</form>
</body>
</html>
<?php
//check if update worked
if (isset($_GET['submit'])) {
echo '<div class="form" id="form3"><br><br><br><br><br><br>
<Span>Data Updated Successfuly</span></div>';
}
//close connection
mysql_close($conn);
?>
Your code is insecure - Why shouldn't I use mysql_* functions in PHP?
I think the issue is down to variables not being defined - in your query:
UPDATE '$table' SET `title`='$title', `year`='$year',
`director`='$director', `genre`='$genre', `runtime`='$runtime'
WHERE `ID`='$id'
$id is not defined
Related
This is my table html code. I tried sending the data using the normal insert but it only sends the last row data. I don't know how to send the full data . Can someone please help me with this.
<form action="admin_schedule_employee.php" id="schedule_employee" method="post" >
<input type="date" class="input-sm" name="scheduledate" style="margin:10px;">
<table class="table-responsive table table striped table-bordered">
<thead>
<tr>
<th style="width:20%">Employee First Name</th>
<th style="width:20%">Employee ID</th>
<th style="width:20%">Start Time</th>
<th style="width:20%">End Time</th>
</tr>
<?php while($row = mysqli_fetch_array($search_result)): ?>
<tr>
<td><input disabled name="employeename" type="text" value="<?php echo $row['fname']; ?>"></input></td>
<td><input disabled name="employeeid" type="number" value="<?php echo $row['employee_id']; ?>"></input></td>
<td><input name="starttime" type="time"></td>
<td><input name="endtime" type="time"></td>
</tr>
<?php endwhile; ?>
</thead>
<tbody>
</tbody>
</table>
<input type="submit" name="Schedule" value="Schedule">
</form>[This is how my table look like i want to send the whole data to sql database using php][1]
To start with, you will need to create multiple pages:
form.php
process.php
done.php
Creating your user form is simple, place the table in form tags like you have done above, here is an example. Save this page as form.php
<form id="new record" action="process.php" method="POST">
<table width="500px">
<tr>
<td width="50%">
<input type="text" name="fname" id="fname">
</td>
<td width="50%">
<input type="text" name="lname" id="lname">
</td>
</tr>
<tr>
<td width="50%">
</td>
<td width="50%">
<input type="submit" value="Add Record">
</td>
</tr>
</table>
</form>
Next, you will need to create a page which can process this data, and add it to your mysql database. For the following example, I have omitted my database details and substituted them, but you should add your own.
For this example, imagine my database has a table with only an fname and an lname column.
<meta http-equiv="refresh" content="0; url=/done.php" />
<?php
$servername = "your_server_name";
$username = "mysql_username";
$password = 'mysql_password';
$dbname = "database_name";
$fname = $_GET['fname'];
$lname = $_GET['lname'];
try {
$conn = new PDO("mysql:host=$servername; dbname=$dbname", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$sql = "INSERT INTO online (fname, lname)
VALUES ('$fname', '$lname')";
// use exec() because no results are returned
$conn->exec($sql);
echo "New record inserted";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$conn = null;
?>
Hopefully, that will work to insert the record. Now we need a table on the done.php page which can display all the records in the database. Use the following code:
<html lang="en">
<head>
<meta http-equiv="refresh" content="5; url=/done.php" />
<meta charset="utf-8" />
<title></title>
</head>
<body>
<?php
$servername = "your_server_name";
$username = "mysql_username";
$password = 'mysql_password';
$dbname = "database_name";
// Create connection
$conn = mysqli_connect($servername, $username, $password, $dbname);
// Check connection
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$sql = "SELECT * from table_name";
$result = mysqli_query($conn, $sql);
if (mysqli_num_rows($result) > 0) {
// output data of each row
while($row = mysqli_fetch_assoc($result)) {
echo $row["fname"]. ": ";
echo $row["lname"]. "<br /><br />";
}
} else {
echo "No messages";
}
mysqli_close($conn);
?>
</body>
</html>
Hopefully this will work for you.
I've been trying to solve this for awhile, and I'd appreciate it if someone can help me. Here is my problem.
Here is my code; it's simply view the content of a Job Table in the Database and perform a edition as needed, based on the selection. The checkbox is next to each job, and there is an update button at the end of the page to submit..
I'm getting an error updating it. Please help me.
<?php
session_start();
if( isset($_SESSION['username']) ){
include('../CIEcon.php');
echo "<form action= 'adminCleaning.php' method = 'post'>" ;
// when the user click update..
if(isset($_POST['update'])){
if( empty($_POST['Id']) || $_POST['Id'] == 0 ){
echo"<h4> please choose something to update </h4>";
echo"test(1): pass <br> ";
}else{
// comes here even though u dind't chhose, cause
// it set IDs next to each feild..
echo"!!....HERE....!! ";
}
}// end of update $_POAT[update]
$sql = "SELECT * FROM Cleaning ";
$result = mysqli_query($dbCIE, $sql) or die(mysqli_error($dbCIE));
/// NOW DISPLAY ALL INFO FROM CHOSEN DATABASE...
echo "
<table cellpadding ='4' border='1' width='80%' align='center'>
<tr>
<th class='tt' >Check </th>
<th class='tt'> Job's Name</th>
<th class='tt' >Description</th>
<th class='tt' > No Students needed</th>
<th class='tt' >Due Date</th>
</tr>";
while($row = mysqli_fetch_array($result))
{
echo "<br>";
echo "<tr>";
echo "<td> <input type='checkbox' name='Id[]' value='".$row['Id']."' /> </td>"; // array[] cause to edit more than one record...
echo "<td>".'<input type="text" name="jobname['.$row['Id'].']" value='.$row['JobName'].' >'."</td>";
echo "<td>".'<input type="text" name="description['.$row['Id'].']" value='.$row['Description'].'> '."</td>";
echo "<td>".'<input type="text" name="nostudent['.$row['Id'].']" value='.$row['NoStudent'].'>'."</td>";
echo "<td>".'<input type="text" name="duedate['.$row['Id'].']" value='.$row['DueDate'].'>'."</td>";
echo "<input type=hidden name='Id[]' value='".$row['Id']."' >";
echo "</tr>";
echo "jobname['.$row[Id].']" ; // testing.
echo "description['.$row[Id].']" ; // testing.
echo "nostudent['.$row[Id].']" ; // testing.
}
echo "</table>";
/// END THE SEARCH HERE...........
echo " <br>
<div align='center'>
<input type='reset' value='clear' />
<input type='submit' name='update' value='update' />
</div> ";
mysqli_close($dbCIE);
echo "</form>";
}
else{echo "must logout to see this page..!!";}
?>
<html>
<head><title> ..Cleanding.... </title></head>
<style type="text/css">
body{
margin-top: 70px; /*space above the table....*/
background-color: #23438e;
}
table{
background-color: white;
}
.tt{
background: #f26822;
color: white ;
}
</style>
<body>
<!-- <a href= "../AdminIndex.php" > <button> Main Page </button></a> -->
</body>
</html>
First of all, your form and table are outside of <body> tag. You have to display everything like this: <body> **display here** </body>
Second, remove this line echo "<input type=hidden name='Id[]' value='".$row['Id']."' >"; from your code, it's not required.
And now comes to your question, $_POST['Id'] is an array of job ids, so use count() function to check if the array is empty or not and use foreach loop to update each individual row. So you should process your form like this:
// when the user click update..
if(isset($_POST['update'])){
if(count($_POST['Id'])){
// $_POST['Id'] is an array of job id
foreach($_POST['Id'] as $v){
$sqlUpdate = "UPDATE Cleaning SET JobName='" . $_POST['jobname'][$v] . "', Description='" . $_POST['description'][$v] . "', NoStudent='" . $_POST['nostudent'][$v] ."', DueDate='" . $_POST['duedate'][$v] . "' WHERE Id = '" . $v . "'";
$resultUpdate = mysqli_query($dbCIE,$sqlUpdate) or die(mysqli_error($dbCIE));
// If you want you can use mysqli_affected_rows() function to
// check how many were affected by the UPDATE query
}
}else{
echo"<h4>please choose something to update</h4>";
}
}
And your entire code should be like this:
<?php
session_start();
?>
<html>
<head>
<title> ..Cleanding.... </title>
<style type="text/css">
body{
margin-top: 70px; /*space above the table....*/
background-color: #23438e;
}
table{
background-color: white;
}
.tt{
background: #f26822;
color: white ;
}
</style>
</head>
<body>
<?php
if( isset($_SESSION['username']) ){
include('../CIEcon.php');
// when the user click update..
if(isset($_POST['update'])){
if(count($_POST['Id'])){
// $_POST['Id'] is an array of job id
foreach($_POST['Id'] as $v){
$sqlUpdate = "UPDATE Cleaning SET JobName='" . $_POST['jobname'][$v] . "', Description='" . $_POST['description'][$v] . "', NoStudent='" . $_POST['nostudent'][$v] ."', DueDate='" . $_POST['duedate'][$v] . "' WHERE Id = '" . $v . "'";
$resultUpdate = mysqli_query($dbCIE,$sqlUpdate) or die(mysqli_error($dbCIE));
// If you want you can mysqli_affected_rows() function to
// check how many were affected by the UPDATE query
}
}else{
echo"<h4>please choose something to update</h4>";
}
}
$sql = "SELECT * FROM Cleaning ";
$result = mysqli_query($dbCIE, $sql) or die(mysqli_error($dbCIE));
?>
<form action= 'adminCleaning.php' method = 'post'>
<table cellpadding ='4' border='1' width='80%' align='center'>
<tr>
<th class='tt' >Check </th>
<th class='tt'> Job's Name</th>
<th class='tt' >Description</th>
<th class='tt' > No Students needed</th>
<th class='tt' >Due Date</th>
</tr>
<?php
while($row = mysqli_fetch_array($result)){
?>
<tr>
<td> <input type="checkbox" name="Id[]" value="<?php echo $row['Id']; ?>" /> </td>
<td><input type="text" name="jobname[<?php echo $row['Id']; ?>]" value="<?php echo $row['JobName']; ?>" /></td>
<td><input type="text" name="description[<?php echo $row['Id']; ?>]" value="<?php echo $row['Description']; ?>" /></td>
<td><input type="text" name="nostudent[<?php echo $row['Id']; ?>]" value="<?php echo $row['NoStudent']; ?>" /></td>
<td><input type="text" name="duedate[<?php echo $row['Id']; ?>]" value="<?php echo $row['DueDate']; ?>" /></td>
</tr>
<?php
}
?>
</table>
<input type="reset" value="clear" />
<input type="submit" name="update" value="update" />
</form>
<br />
<div align='center'>
</div>
<?php
mysqli_close($dbCIE);
}
else{
echo "must logout to see this page..!!";
}
?>
</body>
</html>
I'm trying to setup a form that can update my product.
the code reads data ok, but $update is getting errors that prevents the update from doing anything.
The errors are :
Undefined variable: update
mysqli::query(): Empty query (after submit the form)
Please Help! Thanks.
//include database configuration file
include("config.php");
$mysqli->set_charset("utf8");
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<title>Edit Page</title>
</head>
<body>
<?php
if(isset($_POST['Submit'])){//if the submit button is clicked
$updateproductname = $_POST['updateproductname'];
$updatesku = $_POST['productsku'];
$updateproductoriginal = $_POST['updateoriginalname'];
$updatedescshort = $_POST['updatedescshort'];
$update = $mysqli->query("UPDATE testproducts".
"SET product_sku=$updatesku, product_name=$updateproductname, 'product_originalname'='$updateproductoriginal', 'product_description_short='$updatedescshort' ".
"WHERE product_id = '$id' ");
$mysqli->query($update) or die("Cannot update");//update or error
}
?>
<?php
//Create a query
$sql = "SELECT * FROM testproducts WHERE product_id = $id";
//submit the query and capture the result
$result = $mysqli->query($sql) or die(mysql_error());
?>
<h2>Update Record <?php echo $id;?></h2>
<form action="" method="post">
<?php
while ($row = $result->fetch_assoc()) {?>
<table border="0" cellspacing="10">
<tr>
<td>Product Name:</td> <td><input type="text" name="updateproductname" value="<?php echo $row['product_name']; ?>"></td>
</tr>
<tr>
<td>Product Original Name:</td> <td><input type="text" name="updateoriginalname" value="<?php echo $row['product_originalname']; ?>"></td>
</tr>
<tr>
<td>Product SKU:</td> <td><input type="text" name="productsku" value="<?php echo $row['product_sku']; ?>"></td>
</tr>
<tr>
<td>ShortDescription:</td> <td><input type="text" name="updatedescshort" size="100" value="<?php echo $row['product_description_short']; ?>"></td>
</tr>
<tr>
<td><INPUT TYPE="Submit" VALUE="Update the Record" NAME="Submit"></td>
</tr>
</table>
<?php
}
?>
</form>
<?php
if($update){//if the update worked
echo "<b>Update successful!</b>";
}
?>
</body>
</html>
a) You are vulnerable to SQL injection attacks
b) Read the docs for mysqli_query(). The function takes a query STRING, and returns a RESULT HANDLE. You're then taking that result handle and trying to re-query it. If you'd bothered having proper error handling on ALL of your mysqli calls, you'd have seen this.
was able to update the record after moving the update and select code to top of html
<?php
if(isset($_POST['Submit'])){//if the submit button is clicked
// Check connection
$productname = $_POST['updateproductname'];
$productoriginal = $_POST['updateoriginalname'];
$sku = $_POST['productsku'];
$descshort = $_POST['updatedescshort'];
$mysqli->query("UPDATE testproducts ".
"SET product_name='$productname',product_originalname='$productoriginal', product_sku='$sku', product_description_short='$descshort'".
" WHERE product_id='$id'");
}
?>
<?php
//Create a query
$sql = "SELECT * FROM testproducts WHERE product_id = $id";
//submit the query and capture the result
$result = $mysqli->query($sql) or die(mysql_error());
//$query=getenv(QUERY_STRING);
//parse_str($query);
//$ud_title = $_POST['Title'];
//$ud_pub = $_POST['Publisher'];
//$ud_pubdate = $_POST['PublishDate'];
//$ud_img = $_POST['Image'];
$mysqli->close();
?>
I have a php application that fetches the requests from mysql database and displays them for further approval. The form is fetched from send_req.php and is displayed inside the div on showrequests.php. This is the code for send_req.php
<table style="border:0;border-color:transparent">
<tr style="background-color:lightblue">
<td>Product ID</td>
<td>Name</td>
<td>Quantity</td>
<td><input type="checkbox" name="selectAll" /></td>
<td>Authorized Quantity</td>
</tr>
<form method="post" action="send_req.php">
<?php
$reqNum = $_POST['rId'];
echo "<h3>Request # $reqNum</h3>";
$showReqs = mysql_query("Select * from request where request_number='".$reqNum."' and status=0");
while($resultA = mysql_fetch_array($showReqs))
{
$rBy = $resultA['requested_by'];
$rTime = $resultA['request_time'];
$rId = $resultA['id'];
$pId = $resultA['product_id'];
$getPrName = mysql_query("select name from products where id='$pId'");
$prN = mysql_fetch_array($getPrName);
$prName = $prN['name'];
$rQuantity = $resultA['requested_quantity'];
$status = $resultA['status'];
?>
<tr>
<input type="hidden" name="rId[]" value="<?php echo $rId; ?>"/>
<td style="background-color:orange"><input type="text" name="prId[]" value="<?php echo $pId; ?>" readonly="readonly" style="border:0px"/></td>
<td style="background-color:orange"><input type="text" name="prName[]" value="<?php echo $prName; ?>" readonly="readonly" style="border:0px"/></td>
<td style="background-color:orange"><input type="text" name="quantity[]" value="<?php echo $rQuantity; ?>" readonly="readonly" style="border:0px"/></td>
<td style="background-color:orange"></td>
<td><input type="text" name="pQuantity[]" /></td>
</tr>
<?php }
?>
<tr>
<td></td>
<td></td>
<td></td>
<input type="hidden" name="rNum" value="<?php echo $reqNum; ?>" />
<td></td>
<td><input type="submit" name="submitReq" value="Send" id="submit_req" style="backgroundColor:Transparent;border:0;color:blue;width:100;"/></td>
</tr>
</form>
</table>
<?php
echo "Requested By:$rBy at ".substr($rTime,11,18)." ".substr($rTime,0,10);
?>
This is the showrequests.php page
<html>
<head>
<script type="text/javascript">
function getRequest(ob)
{
var id = ob.id;
if(window.XMLHttpRequest)
{
ajaxOb = new XMLHttpRequest();
}
else if(window.ActiveXObject)
{
ajaxOb = new ActiveXObject("Microsoft.XMLHTTP");
}
ajaxOb.open("POST", "send_req.php");
ajaxOb.setRequestHeader("Content-Type", "application/x-www-form-urlencoded");
ajaxOb.send("rId=" + id);
ajaxOb.onreadystatechange = function()
{
if(ajaxOb.readyState == 4)
{
if(ajaxOb.status == 200)
{
document.getElementById("showTable").innerHTML = ajaxOb.responseText;
}
}
}
}
</script>
</head>
<body>
<?php
$mysql_con = mysql_connect("localhost","root","") or die("Could not connect ".mysql_error());
$mysql_db = mysql_select_db("cart",$mysql_con) or die("Unable to select db ".mysql_error());
echo "<h2 align='center'>Pending Requests</h2>";
$showReq = mysql_query("Select distinct(request_number) as rNums from request where status=0");
?>
<div style="float:left;margin-right:15px;">
<br/>
<?php
while($result = mysql_fetch_array($showReq))
{
$rNum = $result['rNums'];
?>
<input type="button" name="fetchReq" id="<?php echo $rNum; ?>" value="<?php echo "Request # $rNum"; ?>" style="margin-bottom:5px;backgroundColor:Transparent;border:0;color:blue;width:100;text-Decoration:underline" onclick="getRequest(this)"/>
<?php
echo "<br/>";
}
?>
</div>
<div id="showTable" style="float: left">
</div>
</body>
</html>
My problem now is that everything works fine in chrome and IE but the form is not submitted when i click the submit button in firefox. I am using firefox 20.0.1. Update: I have removed the html,head and body tags from send_req.php
still not working
form is not allowed inside table. Please see also
Form inside a table
Regards,
Michael
Reminder : the structure of an HTML document is :
<!-- No div before html tag -->
<!DOCTYPE html> <!-- Doctype for HTML5 ; use whatever doctype you need -->
<html>
<head>
</head>
<!-- No div before body tag -->
<body>
<!-- Divs only belongs here -->
</body>
</html>
<!-- No div after html tag -->
If you don't follow this basic structure, you're forcing the browser to interpret your invalid code (+ quirks mode when you don't provide a doctype).
Some browser guess well what you tried to do, others don't, as Firefox might.
Please use a HTML validator as W3's validator to check your syntax.
I have ran into an issue trying to use a series of checkboxes to select multiple pieces of equipment from a list so that a user can then "checkout" the items.
Here is my first page that submits the data
<div class="list"><form action="remove.php" enctype="multipart/form-data"
name="form" id="form">
<input type="submit" style="color: white; background: none repeat scroll 0% 0%
black; font-size: 21px; padding-bottom: 30px; position: fixed; height: 30px;
right: 0px; margin-right: 1px;"
value="Checkout" />
<table cellpadding="0" cellspacing="0" border="0" id="table">
<thead>
<tr>
<th>Select</th>
<th>Equipment Number</th>
<th>Equipment</th>
</tr></thead>
<tbody>
<? $sql = "SELECT * FROM equipment";
$result = mysql_query($sql);
while ($rows = mysql_fetch_array($result)) {
if ($rows['equip_avail'] == "1") {
?>
<tr>
<td width="5%"><input type="checkbox" name="equip_id" value="<?php echo
$rows['equip_id']; ?>" /></td>
<td width="13%"><?php echo $rows['equip_num'];?></td>
<td width="20%"><?php echo $rows['equipment']; ?></td>
</tr>
<?php
}
}
echo '</tbody></table></form></div>';
}
?>
And here is the page that then takes the data from the url, and posts it to confirm, I need this page to be able to take multiple "equip_id" from the url (or another workaround I am currently unaware of) and update the information for the correct "user_id". I can get multiple to appear in the URL but only the last one is grabbed.
$id = $_SESSION['id'];
$equip_id =$_GET['equip_id'];
$sql = mysql_query("SELECT * FROM equipment WHERE equip_id='$equip_id'");
while($row = mysql_fetch_array($sql)){
$equip_id = $row['equip_id'];
$equipment = $row["equipment"];
$equip_num = $row["equip_num"];
$equip_avail = $row["equip_avail"];
$user_id= $row['user_id'];
}
if ($_SERVER['REQUEST_METHOD'] === 'POST') {
$user_id = $_POST['user_id'];
$equip_avail = $_POST['equip_avail'];
$sql = mysql_query("UPDATE equipment SET user_id='$user_id',
equip_avail='$equip_avail' WHERE equip_id='$equip_id'");
header("Location: equipment_checkout.php");
exit();
} // close if post
?>
This is the HTML
<table height="225px">
<form action="<? echo 'remove.php?equip_id='.$equip_id.' '?>"
method="post" enctype="multipart/form-data" name="form" id="form">
<td width="423" valign="top"><h2>Equipment: <?php echo $equipment?></h2>
<h2>Equipment Number: <?php echo $equip_num?></h2>
<input name="equip_avail" type="hidden" id="equip_avail" value="0" size="30"
maxlength="24" />
<?if(($_SESSION['id'] !=='0') && ($uaccounttype !== 'e') &&
($uaccounttype !== 'd')){?>
<input name="user_id" type="hidden" id="user_id" value="<? echo $_SESSION['id']
?>" size="30" maxlength="64" />
</tr><?} else {
$sql="SELECT * FROM members WHERE accounttype IN ('b', 'c', 'e')";
$result = mysql_query($sql);
?>
<h2>Select Employee: <select name="user_id" id="user_id">
<? $count = 1;
while($rows = mysql_fetch_array($result)){
if($count == 1){?>
<option value="<?echo $rows['id'];?>">
<? echo $rows['firstname']. " ". $rows['lastname'] ;}} ?></option>
</select></h2>
<?}?>
<input name="Submit" type="submit" value="Check Out"/>
</br>
</td>
</form>
</table>
</div>
What I need this last part to do is for every "equip_id" selected from the first page, to be displayed here and then the database to be updated with the correct "user_id" for each of the equipment selected. Like I said, I can get one to update at a time, I just need to make it so that a large amount can be edited.
**NOTE: I know that this is not a secure way to send data, if any advice on how to so this more securely, I would love it. THANK YOU!!!!
You need to make the input name an array (equip_id[]):
<input type="checkbox" name="equip_id[]" value="<?php echo $rows['equip_id']; ?>" />
And then $_GET['equip_id'] will be an array of $rows['equip_id']s.
Although surely it would be better to use $_POST?
This is what I came up with based on the answer, and it posts all of the equipment selected based on the "equip_id" and then updates the equipment accordingly. I am posting here just in case anybody else is looking for the same solution.
I updated this line as you suggested
<input type="checkbox" name="equip_id[]" value="<?php echo $rows['equip_id']; ?>"
This is the second page that reads the data from the first.
<?foreach ($_GET['equip_id'] as $equip_id) {
$sql = mysql_query("SELECT * FROM equipment WHERE equip_id='$equip_id'") or
die(mysql_error());
while($row = mysql_fetch_array($sql)){
$equipment = $row["equipment"];
$equip_num = $row["equip_num"];
$equip_avail = $row["equip_avail"];
$user_id= $row['user_id'];
$equip_id= $row['equip_id'];}?>
<td width="423" valign="top"><h2>Equipment:
<?php echo $equipment?></h2>
<h2>Equipment Number:<?php echo "$equip_num"?></h2>
<?}
This is the part that posts the data.
if ($_SERVER['REQUEST_METHOD'] === 'POST'){
foreach ($_GET['equip_id'] as $equip_id) {
$equip_id = $equip_id ;
$user_id = $_POST['user_id'];
$sql = mysql_query("UPDATE equipment SET user_id='$user_id', equip_avail='0'
WHERE equip_id='$equip_id'") or die(mysql_error());}
header("Location: member_equipment.php?id='$id'");
exit();}