I'm learning PHP and I struggle to find solutions to my issue. I've created a page where membership data can be edited. All my 'type=text' fields display the current value of the member correctly. But the values selected on the 2 drop down fields (Language and Interest) do not display in the edit field. They do update though to MySql but the 'Select One...' option display when I want to edit the members 'Language' and 'Interest' fields.
What should I do so that the current value of the 2 drop downs that is stored in the db, displays on the ui when a member needs to get edited?
Here is my PHP code:
<?php
$id = isset($_GET['id']) ? $_GET['id'] : die('ERROR: Record ID not Found');
include('dbconnect.php');
try{
$sql = "SELECT id, firstName, lastName, idNumber, mobileNumber, email, birthDate, languageType, interest FROM members WHERE id = ? LIMIT 0,1";
$stmt = $conn->prepare($sql);
$stmt->bindParam(1, $id);
$stmt->execute();
$row = $stmt->fetch(PDO::FETCH_ASSOC);
$firstName = $row['firstName'];
$lastName = $row['lastName'];
$idNumber = $row['idNumber'];
$mobileNumber = $row['mobileNumber'];
$email = $row['email'];
$birthDate = $row['birthDate'];
$languageType = $row['languageType'];
$interest = $row['interest'];
}
catch(PDOException $exception){
die('ERROR: '.$exception->getMessage());
}
?>
<?php
$id = isset($_GET['id']) ? $_GET['id'] : die('ERROR: Record ID not found.');
include 'dbconnect.php';
if($_POST){
try{
$sql = "UPDATE members SET
firstName=:firstName,
lastName=:lastName,
idNumber=:idNumber,
mobileNumber=:mobileNumber,
email=:email,
birthDate=:birthDate,
languageType=:languageType,
interest=:interest
WHERE id=:id";
$stmt = $conn->prepare($sql);
$firstName = htmlspecialchars(strip_tags($_POST['firstName']));
$lastName = htmlspecialchars(strip_tags($_POST['lastName']));
$idNumber = htmlspecialchars(strip_tags($_POST['idNumber']));
$mobileNumber = htmlspecialchars(strip_tags($_POST['mobileNumber']));
$email = htmlspecialchars(strip_tags($_POST['email']));
$birthDate = htmlspecialchars(strip_tags($_POST['birthDate']));
$languageType = $_POST['languageType'];
$interest = $_POST['interest'];
$stmt->bindParam(':firstName', $firstName);
$stmt->bindParam(':lastName', $lastName);
$stmt->bindParam(':idNumber', $idNumber);
$stmt->bindParam(':mobileNumber', $mobileNumber);
$stmt->bindParam(':email', $email);
$stmt->bindParam(':birthDate', $birthDate);
$stmt->bindParam(':languageType', $languageType);
$stmt->bindParam(':interest', $interest);
$stmt->bindParam(':id', $id);
if($stmt->execute()){
echo "<div class='alert alert-success'>Member was updated.</div>";
}else{
echo "<div class='alert alert-danger'>Unable to update member. Please try again.</div>";
}
}
catch(PDOException $exception){
die('ERROR: ' . $exception->getMessage());
}
}
?>
And here is the html:
<form action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"] . "?id={$id}");?>" method="post">
<table class='table table-hover table-responsive table-bordered'>
<tr>
<td>First Name</td>
<td><input type='text' name='firstName' value="<?php echo htmlspecialchars($firstName, ENT_QUOTES); ?>" class='form-control' /></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type='text' name='lastName' value="<?php echo htmlspecialchars($lastName, ENT_QUOTES); ?>" class='form-control' /></td>
</tr>
<tr>
<td>ID Number</td>
<td><input type='text' name='idNumber' value="<?php echo htmlspecialchars($idNumber, ENT_QUOTES); ?>" class='form-control' /></td>
</tr>
<tr>
<td>Mobile Number</td>
<td><input type='text' name='mobileNumber' value="<?php echo htmlspecialchars($mobileNumber, ENT_QUOTES); ?>" class='form-control' /></td>
</tr>
<tr>
<td>Email</td>
<td><input type='text' name='email' value="<?php echo htmlspecialchars($email, ENT_QUOTES); ?>" class='form-control' /></td>
</tr>
<tr>
<td>Birth Date</td>
<td><input type='date' name='birthDate' value="<?php echo htmlspecialchars($birthDate, ENT_QUOTES); ?>" class='form-control' /></td>
</tr>
<tr>
<td>Language</td>
<td>
<select name='languageType' class='form-control' value="<?php echo $languageType; ?>" />
<option>Select One...</option>
<option>Afrikaans</option>
<option>English</option>
<option>Zulu</option>
<option>Xhosa</option>
<option>Venda</option>
<option>French</option>
</td>
</tr>
<tr>
<td>Interest</td>
<td>
<select name='interest' class='form-control' value="<?php echo htmlspecialchars($interest, ENT_QUOTES); ?>" />
<option>Select One...</option>
<option>Golf</option>
<option>Rugby</option>
<option>Tennis</option>
<option>Cricket</option>
<option>Swimming</option>
<option>Hiking</option>
<option>Surfing</option>
<option>Movies</option>
<option>Swords</option>
</td>
</tr>
<tr>
<td></td>
<td>
<input type='submit' value='Save Changes' class='btn btn-primary' />
<a href='index.php' class='btn btn-danger'>Back to read members</a>
</td>
</tr>
</table>
</form>
This is all wrong :
<select name='languageType' class='form-control' value="<?php echo $languageType; ?>" />
<option>Select One...</option>
<option>Afrikaans</option>
<option>English</option>
<option>Zulu</option>
<option>Xhosa</option>
<option>Venda</option>
<option>French</option>
<select name='interest' class='form-control' value="<?php echo htmlspecialchars($interest, ENT_QUOTES); ?>" />
<option>Select One...</option>
<option>Golf</option>
<option>Rugby</option>
<option>Tennis</option>
<option>Cricket</option>
<option>Swimming</option>
<option>Hiking</option>
<option>Surfing</option>
<option>Movies</option>
<option>Swords</option>
The Select does not have a value attribute, the value attribute belong to option.
this is how your select should look :
<select name='languageType' class='form-control' />
<option value="Afrikaans">Afrikaans</option>
... <!-- Other options just like I did the first one -->
</select>
if you want the value from the database to be selected then you will need to check if the option is not equal to the db value then select it with the selected attribute of option.
like :
<select name='languageType' class='form-control' />
<option value="">Select One...</option>
<option value="Afrikaans"<?php if($languageType == "Afrikaans"){echo "selected='selected'";?>>Afrikaans</option>
<option value="English" <?php if($languageType == "English"){echo "selected='selected'";?>>English</option>
<option value="Zulu" <?php if($languageType == "English"){echo "selected='selected'";?>>Zulu</option>
<option value="Xhosa" <?php if($languageType == "Xhosa"){echo "selected='selected'";?>>Xhosa</option>
<option value="Venda" <?php if($languageType == "Venda"){echo "selected='selected'";?>>Venda</option>
<option value="French" <?php if($languageType == "French"){echo "selected='selected'";?>>French</option>
</select>
Then do your second dropdown following the above as a guide, also don't forget to close the select option </select>
Related
I am creating a mini bio-metric application in php. i want to be able to attach the capture image to the registration form and save it to mysql database. I was able to find some source code online for capturing the image using webcam.js but I need to attach the captured image to the form for submission to the database.
here is the html source code
<div align="center">
<form method='post' id='emp-SaveForm' action="#" style="width:70%;">
<div class="row">
<div class="col-md-6">
<!-- -->
<div id="my_camera"></div>
<!--<input type=button value="Configure" onClick="configure()" class="btn btn-warning">-->
<input type=button value="Take Snapshot" onClick="take_snapshot()" class="btn btn-info">
<input type=button value="Save Snapshot" onClick="saveSnap()" class="btn btn-success">
</div>
<div class="col-md-4">
<div id="results" ></div>
</div>
</div>
<table class='table table-striped'>
<tr>
<td>Name</td>
<td><input type='text' name='name' class='form-control' placeholder='EX : Surname Othernames' /></td>
</tr>
<tr>
<td>D.o.B</td>
<td><input type='text' name='dob' class='form-control datepicker' placeholder='' ></td>
</tr>
<tr>
<td>Gender</td>
<td>
<select name="gender">
<option value="">Select Gender</option>
<option value="M">Male</option>
<option value="F">Female</option>
</select>
</td>
</tr>
<tr>
<td>BVN</td>
<td><input type='text' name='bvn' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Business Name</td>
<td><input type='text' name='business_name' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Contact Address</td>
<td><input type='text' name='contact_addr' class='form-control ' placeholder=''></td>
</tr>
<tr>
<td>Town/City</td>
<td><input type='text' name='Town_City' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>L.G.A</td>
<td><input type='text' name='lga' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>State</td>
<td>
<select class="form-control" name="state">
<option value="">-- Select State --</option>
<option value="Abia" >Abia</option><option value="Abuja" >Abuja</option><option value="Adamawa" >Adamawa</option><option value="Akwa_ibom" >Akwa-ibom</option><option value="Anambra" >Anambra</option><option value="Bauchi" >Bauchi</option><option value="Bayelsa" >Bayelsa</option><option value="Benue" >Benue</option><option value="Borno" >Borno</option><option value="Cross_River" >Cross-River</option><option value="Delta" >Delta</option><option value="Ebonyi" >Ebonyi</option><option value="Edo" >Edo</option><option value="Ekiti" >Ekiti</option><option value="Enugu" >Enugu</option><option value="Gombe" >Gombe</option><option value="Imo" >Imo</option><option value="International" >International</option><option value="Jigawa" >Jigawa</option><option value="Kaduna" >Kaduna</option><option value="Kano" >Kano</option><option value="Kastina" >Kastina</option><option value="Kebbi" >Kebbi</option><option value="Kogi" >Kogi</option><option value="Kwara" >Kwara</option><option value="Lagos" >Lagos</option><option value="Nasarawa" >Nasarawa</option><option value="Niger" >Niger</option><option value="Ogun" >Ogun</option><option value="Ondo" >Ondo</option><option value="Osun" >Osun</option><option value="Oyo" >Oyo</option><option value="Plateau" >Plateau</option><option value="Rivers" >Rivers</option><option value="Sokoto" >Sokoto</option><option value="Taraba" >Taraba</option><option value="Yobe" >Yobe</option><option value="Zamfara" >Zamfara</option> </select>
</td>
</tr>
<tr>
<td>Phone 1</td>
<td><input type='text' name='phone_1' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Phone 2</td>
<td><input type='text' name='phone_2' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Email Address</td>
<td><input type='text' name='email' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Products and Service Render</td>
<td><input type='text' name='products_services_rendered' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Sub Society Name</td>
<td><input type='text' name='sub_society_name' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Position</td>
<td><input type='text' name='position' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Next of kin Name</td>
<td><input type='text' name='next_kin_name' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Relationship</td>
<td><input type='text' name='relationship' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Phone of Next of Kin</td>
<td><input type='text' name='phone_of_next_kin' class='form-control' placeholder=''></td>
</tr>
<tr>
<td>Payment Status</td>
<td>
<select name="payment_status" class="from-control">
<option value=""></option>
<option value="Paid">Paid</option>
<option value="Unpaid">Unpaid</option>
</select>
</td>
</tr>
<tr>
<td colspan="2">
<input type="hidden" name="mem_id_no" value="" />
<button type="submit" class="btn btn-primary" name="btn-save" id="btn-save">
<span class="glyphicon glyphicon-plus"></span> Save Record
</button>
</td>
</tr>
</table>
</form>
</div>
php for submitting the form
<?php
require_once 'db/dbconfig.php';
require_once 'db/db_connect.php';
if($_POST)
{
$query = "SELECT MAX(CAST(id as decimal))id from users";
if($result = mysqli_query($conn, $query))
{
$rowy = mysqli_fetch_assoc($result);
$count = $rowy['id'];
$count = $count+1;
$code_no = str_pad($count, 4, "0", STR_PAD_LEFT);
}
$str = substr(sha1(mt_rand() . microtime()), mt_rand(0,35), 3);
$name = $_POST['name'];
$dob = $_POST['dob'];
$gen = $_POST['gender'];
$bvn = $_POST['bvn'];
$bn = $_POST['business_name'];
$ca = $_POST['contact_addr'];
$tc = $_POST['Town_City'];
$lga = $_POST['lga'];
$st = $_POST['state'];
$p1 = $_POST['phone_1'];
$p2 = $_POST['phone_2'];
$email = $_POST['email'];
$psr = $_POST['products_services_rendered'];
$ssn = $_POST['sub_society_name'];
$posi = $_POST['position'];
$min = $str.$code_no;
$nkn = $_POST['next_kin_name'];
$rel = $_POST['relationship'];
$ponk = $_POST['phone_of_next_kin'];
$ps = $_POST['payment_status'];
$pho = $_POST['photo'];
$sig = $_POST['signature'];
$dat = date("y:m:d H:m:i");
try{
$stmt = $db_con->prepare("INSERT INTO users(
name,
dob,
gender,
bvn,
business_name,
contact_addr,
Town_City,
lga,
State,
phone_1,
phone_2,
email,
products_services_rendered,
sub_society_name,
position,
mem_id_no,
next_kin_name,
relationship,
phone_of_next_kin,
payment_status,
photo,
signature,
date_registered
) VALUES(:nam, :d, :gen, :bv,:bn,:ca,:tc,:lg,:st,:ph,:pha,:em,:psr,:ssn,:pos,:min,:nkn,:rel,:ponk,:ps,:ph,:sig,:dr)");
$stmt->bindParam(":nam", $name);
$stmt->bindParam(":d", $dob);
$stmt->bindParam(":gen", $gen);
$stmt->bindParam(":bv", $bvn);
$stmt->bindParam(":bn", $bn);
$stmt->bindParam(":ca", $ca);
$stmt->bindParam(":tc", $tc);
$stmt->bindParam(":lg", $lga);
$stmt->bindParam(":st", $st);
$stmt->bindParam(":ph", $p1);
$stmt->bindParam(":pha", $p2);
$stmt->bindParam(":em", $email);
$stmt->bindParam(":psr", $psr);
$stmt->bindParam(":ssn", $ssn);
$stmt->bindParam(":pos", $posi);
$stmt->bindParam(":min", $min);
$stmt->bindParam(":nkn", $nkn);
$stmt->bindParam(":rel", $rel);
$stmt->bindParam(":ponk", $ponk);
$stmt->bindParam(":ps", $ps);
$stmt->bindParam(":ph", $pho);
$stmt->bindParam(":sig", $sig);
$stmt->bindParam(":dr", $dat);
if($stmt->execute())
{
echo "Successfully Added";
}
else{
echo "Query Problem";
}
}
catch(PDOException $e){
echo $e->getMessage();
}
}
?>
jquery for capturing the image
<script language="JavaScript">
// Configure a few settings and attach camera
function configure(){
Webcam.set({
width: 200,
height: 150,
image_format: 'jpeg',
jpeg_quality: 90
});
Webcam.attach( '#my_camera' );
}
// A button for taking snaps
// preload shutter audio clip
var shutter = new Audio();
shutter.autoplay = false;
shutter.src = navigator.userAgent.match(/Firefox/) ? 'shutter.ogg' : 'shutter.mp3';
function take_snapshot() {
// play sound effect
shutter.play();
// take snapshot and get image data
Webcam.snap( function(data_uri) {
// display results in page
document.getElementById('results').innerHTML =
'<img id="imageprev" src="'+data_uri+'"/>';
} );
Webcam.reset();
}
function saveSnap(){
// Get base64 value from <img id='imageprev'> source
var base64image = document.getElementById("imageprev").src;
Webcam.upload( base64image, 'upload.php', function(code, text) {
console.log('Save successfully');
//console.log(text);
});
}
</script>
The php code to move it to a local folder
<?php
// new filename
$filename = 'pic_'.date('YmdHis') . '.jpeg';
$url = '';
if( move_uploaded_file($_FILES['webcam']['tmp_name'],'upload/'.$filename) ){
$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['REQUEST_URI']) . '/upload/' . $filename;
}
// Return image url
echo $url;
here is my code ,, its working perfectly
html code:
">
Take A Picture
javascript code:
Webcam.set({
width: 300,
height: 300,
image_format: 'jpeg',
jpeg_quality: 90,
force_flash: false
});
Webcam.attach( '#my_camera' );
function take_snapshot() {
// take snapshot and get image data
Webcam.snap(function (data_uri) {
// display results in page
document.getElementById('results').innerHTML =
'<h3>Here is your image....</h3>' +
'<img src="' +data_uri+ '" width=\'280px\' height=\'250px\'/>';
Webcam.upload(data_uri, 'saveimages.php', function (code, text) {
alert("Successfull");
});
});
Webcam.reset();
}
php code:
require_once 'core/init.php';
$users_id = sanitize($_POST['users_id']);
$path = 'images/saved_images/webcam'.date('YmdHis').rand(383,1000).'.jpg';
move_uploaded_file($_FILES['webcam']['tmp_name'], $path);
$sql = "INSERT INTO trial(users_id,image) VALUES('$users_id','".$path."')";
$db->query($sql);
echo "<script>window.open('trailmodal.php','_self')</script>";
I have a form with file upload and user name exits checking conditions.
What im facing it the data are not getting insert in mysql db. file as been successfully saved in given path. kindly help me on this im wasted already 2days with that i tried a lot myself.
form.php
<table style="text-align:right">
<form id="add" method="POST" action="action.php" enctype="multipart/form-data">
<tr>
<h4 class='bg-info'>
<br/>         Become a Member of jobportal and find the right job. Create your Profile now, Free!<br/><br/>
</h4>
</tr>
<tr>
<td></td>
<td> * Mandatory Fields </td>
</tr>
<tr>
<div class="col-md-1"></div>
<td>Enter Your Email-ID: *</td>
<td><input class="form-control input-sm" placeholder="Email ID" type="textfield" name="email"required></td>
</tr>
<tr>
<td>Choose password *</td>
<td><input class="form-control input-sm" placeholder="Enter Your Password" type="password" name="password"required/></td>
</tr>
<td>Re-Enter Your password *</td>
<td><input class="form-control input-sm" placeholder="Enter Your Password" type="password" name="repassword"required/></td>
</tr>
<tr>
<td> Please Enter Your Full Name:</td>
<td> <input class="form-control input-sm" placeholder="Enter Full Name" type="textfield" name="name"required></td>
</tr>
<tr>
<td>Your Current Location: *<td>
<select class="form-control input-sm" required name="location">
<option value='' disabled selected style='display:none;'>Select location *</option>
<option>Andhra Pradesh</option>
<option>Arunachal Pradesh</option>
<option>Assam</option>
<option>Bihar</option>
<option>Chhattisgarh</option>
<option>Goa</option>
<option>Gujarat</option>
<option>Haryana</option>
<option>Himachal Pradesh</option>
<option>Jammu and Kashmir</option>
<option>Jharkhand</option>
<option>Karnataka</option>
<option>Kerala</option>
<option>Madhya Pradesh</option>
<option>Maharashtra</option>
<option>Maharashtra</option>
<option>Manipur</option>
<option>Meghalaya</option>
<option>Mizoram</option>
<option>Nagaland</option>
<option>Odisha</option>
<option>Punjab</option>
<option>Rajasthan</option>
<option>Sikkim</option>
<option>Tamil Nadu</option>
<option>Telangana</option>
<option>Tripura</option>
<option>Uttar Pradesh</option>
<option>Uttarakhand</option>
<option>West Bengal</option>
</select></td>
</td>
</tr>
<tr>
<td>Enter Your Mobile Number: *</td>
<td><input class="form-control input-sm" placeholder="mobile number" type="textfield" name="mobilenumber" required/></td>
</tr>
<tr>
<td>Experience:</td>
<td>
<select class="form-control input-sm" required name="experience">
<option value='' disabled selected style='display:none;'>Select Experience</option>
<option>Fresher</option>
<option>1</option>
<option>2</option>
<option>3</option>
<option>4</option>
</select>
</td>
</tr>
<tr>
<td>Key Skill: *</td>
<td>
<input class="form-control input-sm" placeholder="Enter Your Skill" type="textfield" name="keyskill"/>
</td>
</tr>
<tr>
<td>Please Select your PG Degree</td>
<td>
<select class="form-control input-sm" required name="degree">
<option value='' disabled selected style='display:none;'>Select Degree</option>
<option>B.sc</option>
<option>B.E</option>
<option>B.Com</option>
<option>others</option>
</select>
</td>
</tr>
<tr>
<td>Please Select Higher Studies:</td>
<td>
<select class="form-control input-sm" required name="hsc">
<option value='' disabled selected style='display:none;'>Select Higher Studies</option>
<option>HSC</option>
<option>Diploma</option>
<option>ITI</option>
<option>others</option>
</select>
</td>
</tr>
<tr>
<td>Please Select your Gender: *</td>
<td>
<select class="form-control input-sm" required name="gender">
<option value='' disabled selected style='display:none;'>Select</option>
<option>Male</option>
<option>Female</option>
<option>others</option>
</select>
</td>
</tr>
<tr>
<td>Upload your Resume :</td>
<td><input type="file" name="filep"></td>
</tr>
<tr>
<td> </td>
<td>by clicking register u accepting our terms and condtions. click here !</td>
</tr>
<tr>
<td></td>
<td>
<input type="submit" name="add" class="btn btn-info btn-sm" id="add" value="Register With JobPortal">
</td>
</tr>
</form>
</table>
action.php
$con = mysqli_connect('localhost','root','');
if (!$con) {
die('Could not connect: ' . mysql_error());
} else {
echo 'connected';
}
if (isset($_POST['add']) ) {
if (!get_magic_quotes_gpc() ) {
$email = addslashes ($_POST['email']);
} else {
$email = $_POST['email'];
}
$email = $_POST['email'];
$password = md5 ($_POST['password']);
$name = $_POST['name'];
$location = $_POST['location'];
$mobilenumber = $_POST['mobilenumber'];
$experience = $_POST['experience'];
$keyskill = $_POST['keyskill'];
$degree = $_POST['degree'];
$hsc = $_POST['hsc'];
$gender = $_POST['gender'];
$resume = $_FILES['filep']['name'];
$folder = "C:/wamp/www/userlogin/pic/";
$name="SELECT emailid FROM userregistration WHERE emailid='$email'";
mysqli_select_db($con, 'login');
$result = mysqli_query($con, $name);
if (mysqli_num_rows($result)!=0) {
echo "Username already exists";
} else {
echo"data entered done";
}
if (move_uploaded_file($_FILES["filep"]["tmp_name"], $folder . $_FILES["filep"]["name"])) {
echo "images moved sus";
} else {
echo "not done";
}
echo "<p align=center>File ".$_FILES["filep"]["name"]."loaded...";
$sql = "INSERT INTO userregistration "
. "(email, password, name, location, mobilenumber, experience, keyskill, degree, hsc, gender, resume)"
. "VALUES('$email', '$password', '$name', '$location', '$mobilenumber', '$experience', '$keyskill',
'$degree', '$hsc', '$gender', '$resume')";
mysqli_select_db($con, 'login');
$retval = mysqli_query($con, $sql);
if (!$retval) {
die('Could not enter data: ' . mysql_error());
}
echo "Entered data successfully\n";
echo' insert more data ';
mysqli_close($con);
}
What I exactly need is: I want to upload form data with the file url into database and need to check email id or name already exits.
I only get error in $sql = "insert into" portion other than else working fine.
Thanks in advance.
echo your sql query before
mysqli_select_db($con, 'login');
and execute it in your Mysql phpmyadmin...
I guess there is some problem in your query formation, spacing between words or something.
Errors
Missing database name
mysqli_connect("localhost","root","","login");
And error in $sql query
So final well-From code is
<?php
$con= mysqli_connect("localhost","root","","login");;//missing database
if (! $con)
{
die('Could not connect: ' . mysql_error());
}
else{
echo 'connected';
}
if(isset($_POST['add']))
{
if(! get_magic_quotes_gpc() )
{
$email = addslashes ($_POST['email']);
}
else
{
$email = $_POST['email'];
}
$email = $_POST['email'];
$password = md5 ($_POST['password']);
$name = $_POST['name'];
$location = $_POST['location'];
$mobilenumber = $_POST['mobilenumber'];
$experience = $_POST['experience'];
$keyskill = $_POST['keyskill'];
$degree = $_POST['degree'];
$hsc = $_POST['hsc'];
$gender = $_POST['gender'];
$resume = $_FILES['filep']['name'];
$folder = "C:/wamp/www/userlogin/pic/";
$query001="SELECT emailid FROM userregistration WHERE emailid='$email'";
$result = mysqli_query($con, $query001);
if(mysqli_num_rows($result)!=0){
echo "Username already exists";
}
else
{
echo"data entered done";
if (move_uploaded_file($_FILES["filep"]["tmp_name"], $folder . $_FILES["filep"]["name"]))
{
echo "images moved sus";
}
else
{
echo "not done";
}
echo "<p align=center>File ".$_FILES["filep"]["name"]."loaded...";
$sql = "INSERT INTO userregistration (email, password, name, location, mobilenumber, experience, keyskill,
degree, hsc, gender, resume) VALUES('$email','$password','$name','$location','$mobilenumber','$experience','$keyskill','$degree','$hsc','$gender','$resume')";
$retval = mysqli_query($con, $sql);
if(!$retval )
{
die('Could not enter data: ' . mysql_error());
}
else
{
echo "Entered data successfully\n";
echo' insert more data ';
mysqli_close($con);
}
}
}
?>
and be aware with MySQL Injection.
simply you can use mysqli_real_escape_string()
Example
$name = mysqli_real_escape_string($_POST['name']);
Tip from(Comment)
You have $name declared twice in your code - rename the $name select statement. ($name = $_POST['name']; and also $name="SELECT emailid FROM userregistration WHERE emailid='$email'"; ) – Jesse C
I have a simple form on my page and I want to make sure every field is filled before inserting the values into the database. The problem is the condition never met, even if every field is filled I still get "Something is missing"...
Search:
<form method="post" action="<?php echo $_SERVER[" PHP_SELF "]?>">
<input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
<?php if (isset($_POST[ "search"])) { $email_search=m ysql_real_escape_string($_POST[ "email_search"]); $check=m ysql_query( "SELECT * FROM torzsvendegek WHERE email = '$email_search'"); $s=m ysql_fetch_array($check); }?>
<form method="post" action="<?php echo $_SERVER[" PHP_SELF "]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td>
<input type="text" name="email" value="<?php echo $email_search;?>" disabled>
</td>
</tr>
<tr>
<td>Név:</td>
<td>
<input type="text" name="nev" value="<?php echo $s['nev'];?>">
</td>
</tr>
<tr>
<td>Mikor:</td>
<td>
<input type="text" name="mikor">
</td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td>
<input type="text" name="ejszakak">
</td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($s[ 'nyelv']=="magyar" ) echo "selected=\"selected\ ""; ?>>Magyar</option>
<option value="nemet" <?php if($s[ 'nyelv']=="nemet" ) echo "selected=\"selected\ ""; ?>>Német</option>
<option value="lengyel" <?php if($s[ 'nyelv']=="lengyel" ) echo "selected=\"selected\ ""; ?>>Lengyel</option>
<option value="roman" <?php if($s[ 'nyelv']=="roman" ) echo "selected=\"selected\ ""; ?>>Román</option>
<option value="szlovak" <?php if($s[ 'nyelv']=="szlovak" ) echo "selected=\"selected\ ""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s[ 'nyelv']=="egyeb" ) echo "selected=\"selected\ ""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td>
<textarea name="megjegyzes">
<?php echo htmlspecialchars($s[ 'megjegyzes']);?>
</textarea>
</td>
</tr>
</table>
<br>
<table width="440">
<tr>
<td>
<input type="submit" name="submit_add" value="Hozzáad">
</td>
</tr>
</table>
</form>
<?php if (isset($_POST[ "submit_add"]) && !empty($_POST[ "nev"]) && !empty($_POST[ "email"]) && !empty($_POST[ "mikor"]) && !empty($_POST[ "ejszakak"])){ $nev=m ysql_real_escape_string($_POST[ "nev"]); $email=m ysql_real_escape_string($_POST[ "email"]); $mikor=m ysql_real_escape_string($_POST[ "mikor"]); $ejszakak=m ysql_real_escape_string($_POST[ "ejszakak"]); $nyelv=m ysql_real_escape_string($_POST[ "nyelv"]); $megjegyzes=m ysql_real_escape_string($_POST[ "megjegyzes"]); $check2=m ysql_query( "SELECT * FROM torzsvendegek WHERE email = '$email'"); $br="<br>" ; if (mysql_num_rows($check2)> 0) { $adatok = mysql_fetch_array($check2); $osszesen = ($adatok['ejszakak'] + $ejszakak); mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'"); echo "
<br>".$email." Updated"; } else { mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')"); echo "
<br>".$email." Added"; } } else { echo "Something is missing"; } ?>
You made 2 mistakes in your code:
1) You didn't close the first form (missing </form>)
2) You disabled the E-mail input field which resulted in always empty
Here's the updated (though deprecated and insecure!!!) code:
<?php
if(isset($_POST["search"])){
$email_search = mysql_real_escape_string($_POST["email_search"]);
$check = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email_search'");
$s = mysql_fetch_array($check);
}
if(isset($_POST["submit_add"]) && !empty($_POST["nev"]) && !empty($_POST["email"]) && !empty($_POST["mikor"]) && !empty($_POST["ejszakak"])){
$nev = mysql_real_escape_string($_POST["nev"]);
$email = mysql_real_escape_string($_POST["email"]);
$mikor = mysql_real_escape_string($_POST["mikor"]);
$ejszakak = mysql_real_escape_string($_POST["ejszakak"]);
$nyelv = mysql_real_escape_string($_POST["nyelv"]);
$megjegyzes = mysql_real_escape_string($_POST["megjegyzes"]);
$check2 = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email'");
$br = "<br>";
if (mysql_num_rows($check2) > 0){
$adatok = mysql_fetch_array($check2);
$osszesen = ($adatok['ejszakak'] + $ejszakak);
mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'");
echo "<br>".$email." Updated";
} else {
mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')");
echo "<br>".$email." Added";
}
} else {
echo "Something is missing";
}
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
Search: <input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
</form>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td><input type="text" name="email" value="<?php echo $email_search;?>"></td>
</tr>
<tr>
<td>Név:</td>
<td><input type="text" name="nev" value="<?php echo $s['nev'];?>"></td>
</tr>
<tr>
<td>Mikor:</td>
<td><input type="text" name="mikor"></td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td><input type="text" name="ejszakak"></td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($s['nyelv']=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($s['nyelv']=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($s['nyelv']=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($s['nyelv']=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($s['nyelv']=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s['nyelv']=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td><textarea name="megjegyzes"><?php echo htmlspecialchars($s['megjegyzes']);?></textarea></td>
</tr>
</table>
<br>
<table width="440">
<tr>
<td><input type="submit" name="submit_add" value="Hozzáad"></td>
</tr>
</table>
</form>
You need to close your search form tag to keep the two forms separated
Search:<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>"><input placeholder="e-mail address" type="text" name="email_search"><input type="submit" name="search" value="Go"></form>
and
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr><td>E-mail:</td><td><input type="text" name="email" value="<?php echo $email_search;?>" disabled></td></tr>
<tr><td>Név:</td><td><input type="text" name="nev" value="<?php echo $s['nev'];?>"></td></tr>
<tr><td>Mikor:</td><td><input type="text" name="mikor"></td></tr>
<tr><td>Éjszakák száma:</td><td><input type="text" name="ejszakak"></td></tr>
<tr><td>Nemzetisége:</td><td align="left"> <select name="nyelv">
<option value="magyar" <?php if($s['nyelv']=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($s['nyelv']=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($s['nyelv']=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($s['nyelv']=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($s['nyelv']=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s['nyelv']=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select></td></tr>
<tr><td>Megjegyzés:</td><td><textarea name="megjegyzes"><?php echo htmlspecialchars($s['megjegyzes']);?></textarea></td></tr>
</table><br>
<table width="440"><tr><td><input type="submit" name="submit_add" value="Hozzáad"></td></tr></table>
</form>
You did not close your search form and you need to remove the disabled attribute from your email input field.
I re-wrote your code to help you will debugging. I commented out all the stuff related to the database so you can focus on the form fields only. Here is the code I re-wrote. I left comments so you can see what I did.
<?php
/******JUST TO MAKE DEBBUGGING EASIER***/
echo "<pre>"; // Start of the pre> tags
/**ANYTHING TO DO WITH THE DATABASE I HAVE COMMENTED OUT**/
if(isset($_POST["search"])){
$email_search = mysql_real_escape_string($_POST["email_search"]);
/**PRINT_R FOR DEBUGGING PURPOSES, REMOVE!!*/
print_r($email_search);
//$check = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email_search'");
//$s = mysql_fetch_array($check);
}
/***CHECK THE POST DATA, REMOVE FROM APPLICATION ONCE YOU HAVE DEBUGGED THE DATA**/
print_r($_POST);
/***I WILL STORE THE POST DATA IN VARIABLES BEFORE CHECKING**/
$nev = isset($_POST["nev"]) ? mysql_real_escape_string($_POST["nev"]) : null;
$email = isset($_POST["email"]) ? mysql_real_escape_string($_POST["email"]) : null;
$mikor = isset($_POST["mikor"]) ? mysql_real_escape_string($_POST["mikor"]) : null;
$ejszakak = isset($_POST["ejszakak"]) ? mysql_real_escape_string($_POST["ejszakak"]) : null;
$nyelv = isset($_POST["nyelv"]) ? mysql_real_escape_string($_POST["nyelv"]) : null;
$megjegyzes = isset($_POST["megjegyzes"]) ? mysql_real_escape_string($_POST["megjegyzes"]) : null;
if(isset($_POST["submit_add"]) && !is_null($nev) && !is_null($email) && !is_null($mikor) && !is_null($ejszakak)){
/*******
SINCE I ALREADY HAVE THEM, YOU NEED TO REMOVE THEM FROM THE CODE
$nev = mysql_real_escape_string($_POST["nev"]);
$email = mysql_real_escape_string($_POST["email"]);
$mikor = mysql_real_escape_string($_POST["mikor"]);
$ejszakak = mysql_real_escape_string($_POST["ejszakak"]);
$nyelv = mysql_real_escape_string($_POST["nyelv"]);
$megjegyzes = mysql_real_escape_string($_POST["megjegyzes"]);
******/
//$check2 = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email'");
$br = "<br>";
/*********
if (mysql_num_rows($check2) > 0) {
$adatok = mysql_fetch_array($check2);
$osszesen = ($adatok['ejszakak'] + $ejszakak);
mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'");
echo "<br>".$email." Updated";
}else {
mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')");
echo "<br>".$email." Added";
}
****/
}elseif (isset($_POST["submit_add"])) {
echo "Something is missing";
}
echo '</pre>';//end of pre
?>
Search:
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
</form>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td><input type="text" name="email" value="<?php echo $email;?>" ></td>
</tr>
<tr>
<td>Név:</td>
<td><input type="text" name="nev" value="<?php echo $nev;?>"></td>
</tr>
<tr>
<td>Mikor:</td>
<td><input type="text" name="mikor" value="<?php echo $mikor;?>"></td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td><input type="text" name="ejszakak" value="<?php echo $ejszakak;?>"></td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($nyelv=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($nyelv=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($nyelv=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($nyelv=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($nyelv=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($nyelv=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td><textarea name="megjegyzes"><?php echo htmlspecialchars($megjegyzes);?></textarea>
</td>
</tr>
</table><br>
<table width="440">
<tr><td><input type="submit" name="submit_add" value="Hozzáad"></td></tr>
</table>
</form>
I have a little problem. This is what I want to achive:
I have 2 mysql tables (categories, channels), the channel table has a cat_id in it. I want to update/edit a product and place it in another category but the code that I've made shows just one category (id=1) even if the product has a parent id(cat_id) of 5.
try {
//prepare query
$query = "select channel_id, name, category_id from channels where channel_id = ? limit 0,1";
$stmt = $pdo->prepare( $query );
//this is the first question mark
$stmt->bindParam(1, $_REQUEST['id']);
//execute our query
$stmt->execute();
//store retrieved row to a variable
$row = $stmt->fetch(PDO::FETCH_ASSOC);
//values to fill up our form
$channel_id = $row['channel_id'];
$name = $row['name'];
$category_id = $row['category_id'];
}catch(PDOException $exception){ //to handle error
echo "Error: " . $exception->getMessage();
}
$query2 = "SELECT * FROM categories";
$stmt2 = $pdo->prepare( $query2 );
$stmt2->execute();
$results = $stmt2->fetchAll(PDO::FETCH_ASSOC);
?>
<!--we have our html form here where new user information will be entered-->
<form action='#' method='post' border='0'>
<table>
<tr>
<td>Channel Name</td>
<td><input type='text' name='name' value='<?php echo $name; ?>' /></td>
</tr>
<tr>
<td>Category</td>
<td>
<?php foreach($results as $rows) {?>
<select name="fileselect">
<option name='cat_id' value=" <?php echo $rows['category_id']; ?>"> <?php echo $rows['name']; ?></option>
<!-- <input type='text' name='category_id' value='<?php //echo $category_id; ?>' /> -->
<?php } ?>
</select>
</td>
</tr>
<tr>
<td></td>
<td>
<!-- so that we could identify what record is to be updated -->
<input type='hidden' name='channel_id' value='<?php echo $channel_id ?>' />
<!-- we will set the action to edit -->
<input type='hidden' name='action' value='update' />
<input type='submit' value='Edit' />
</td>
</tr>
</table>
</form>
Instead of
<?php foreach($results as $rows) {?>
<select name="fileselect">
<option name='cat_id' value=" <?php echo $rows['category_id']; ?>"> <?php echo $rows['name']; ?></option>
<!-- <input type='text' name='category_id' value='<?php //echo $category_id; ?>' /> -->
<?php } ?>
</select>
Try:
<select name="fileselect">
<?php foreach($results as $rows) {?>
<option name='cat_id' value=" <?php echo $rows['category_id']; ?>"> <?php echo $rows['name']; ?></option>
<!-- <input type='text' name='category_id' value='<?php //echo $category_id; ?>' /> -->
<?php } ?>
</select>
Please, I am having a problem when updating data in the database through a form. When ever I press the Update button to submit any changes made to a record, all the data in the mysql fields corresponding to drop list controls is errased. I do not know what is causing this problem. Here is the code:
<?php
//include database connection
include 'db_connect.php';
// get value of object id that was sent from address bar
$c_id = $_GET['c_id'];
//check any user action
$action = isset( $_POST['action'] ) ? $_POST['action'] : "";
if($action == "update"){ //if the user hit the submit button
//write our update query
//$mysqli->real_escape_string() function helps us prevent attacks such as SQL injection
$query = "UPDATE collections
SET
ctitle = '".$mysqli->real_escape_string($_POST['ctitle'])."',
csubject = '".$mysqli->real_escape_string($_POST['csubject'])."',
creference = '".$mysqli->real_escape_string($_POST['creference'])."',
cyear = '".$mysqli->real_escape_string($_POST['cyear'])."',
cobjecttype = '".$mysqli->real_escape_string($_POST['cobjecttype'])."',
cmaterial = '".$mysqli->real_escape_string($_POST['cmaterial'])."',
ctechnic = '".$mysqli->real_escape_string($_POST['ctechnic'])."',
cwidth = '".$mysqli->real_escape_string($_POST['cwidth'])."',
cheight = '".$mysqli->real_escape_string($_POST['cheight'])."',
cperiod = '".$mysqli->real_escape_string($_POST['cperiod'])."',
cmarkings = '".$mysqli->real_escape_string($_POST['cmarkings'])."',
cdescription = '".$mysqli->real_escape_string($_POST['cdescription'])."',
csource = '".$mysqli->real_escape_string($_POST['csource'])."',
cartist = '".$mysqli->real_escape_string($_POST['cartist'])."'
where c_id='".$mysqli->real_escape_string($_REQUEST['c_id'])."'";
//execute the query
if( $mysqli->query($query) ) {
//if updating the record was successful
echo "The record was updated.";
}else{
//if unable to update new record
echo "Database Error: Unable to update record.";
}
}
//select the specific database record to update
$query = "SELECT c_id, ctitle, csubject, creference, cyear, cobjecttype, cmaterial, ctechnic, cwidth, cheight, cperiod, cmarkings, cdescription, csource, cartist, cfilename
FROM collections
WHERE c_id='".$mysqli->real_escape_string($_REQUEST['c_id'])."'
limit 0,1";
//execute the query
$result = $mysqli->query( $query );
//get the result
$row = $result->fetch_assoc();
//assign the result to certain variable so our html form will be filled up with values
$c_id = $row['c_id'];
$ctitle = $row['ctitle'];
$csubject = $row['csubject'];
$creference = $row['creference'];
$cyear = $row['cyear'];
$cobjecttype = $row['cobjecttype'];
$cmaterial = $row['cmaterial'];
$ctechnic = $row['ctechnic'];
$cwidth = $row['cwidth'];
$cheight = $row['cheight'];
$cperiod = $row['cperiod'];
$cmarkings = $row['cmarkings'];
$cdescription = $row['cdescription'];
$csource = $row['csource'];
$cartist = $row['cartist'];
$cfilename = $row['cfilename'];
?>
<!--we have our html form here where new object information will be entered-->
<table align=left>
<tr>
<td> <?php echo '<img src="./images/'.$cfilename.'" width="300" height="400" />'; ?> </td>
</tr>
<table>
<form action='#' method='post' border='0'>
<table>
<tr>
<td>TITLE</td>
<td><input type='text' name='ctitle' value='<?php echo $ctitle; ?>' /></td>
</tr>
<tr>
<td>SUBJECT</td>
<td><input type='text' name='csubject' value='<?php echo $csubject; ?>' /></td>
</tr>
<tr>
<td>REFERENCE No.</td>
<td><input type='text' name='creference' value='<?php echo $creference; ?>' /></td>
</tr>
<tr>
<td>YEAR</td>
<td><input type='text' name='cyear' value='<?php echo $cyear; ?>' /></td>
<tr><td>OBJECT TYPE</td>
<td>
<select name="cobjecttype" id="cobjecttype" tabindex="">
<option value="">---Select object type---</option>
<option value="ceramic">Ceramic</option>
<option value="clock">Clock</option>
<option value="gold">Gold and silverware</option>
<option value="mask">Mask</option>
<option value="painting">Painting</option>
<option value="sculpture">Sculpture</option>
<option value="tapestry">Tapestry</option>
</select>
</td></tr>
<tr><td>MATERIAL USED</td>
<td>
<select name="cmaterial" id="cmaterial" tabindex="" >
<option value="">---Select Material---</option>
<option value="brass">Brass</option>
<option value="oil">Oil</option>
<option value="wood">Wood</option>
<option value="carved">Canvas/Cotton/Fabric/Linen/Wool</option>
</select>
</td></tr>
<tr><td>TECHNIC</td>
<td>
<select name="ctechnic" id="ctechnic" tabindex="7" >
<option value="">---Select Technic---</option>
<option value="cast">Cast</option>
<option value="carved">Carved</option>
<option value="etched">Etched</option>
</select>
</td></tr>
<tr>
<td>WIDTH</td>
<td width="100"><input name="cwidth" type="text" id="cwidth" value="<?php echo $cwidth; ?>" size="10"></td>
</tr>
<tr>
<td>HEIGHT</td>
<td width="100"><input name="cheight" type="text" id="cheight" value="<?php echo $cheight; ?>" size="10"></td>
</tr>
<tr>
<td>PERIOD</td>
<td width="100"><input name="cperiod" type="text" id="cperiod" value="<?php echo $cperiod; ?>" size="30"></td>
</tr>
<tr>
<td>MARKINGS</td>
<td width="100"><input name="cmarkings" type="text" id="cmarkings" value="<?php echo $cmarkings; ?>" size="30"></td>
</tr>
<tr>
<td>DESCRIPTION</td>
<td width="400"><textarea name="cdescription" rows="2" cols="50" id="cdescription" value="<?php echo $cdescription; ?>"></textarea></td></tr>
<tr>
<td>SOURCE</td>
<td width="100"><input name="csource" type="text" id="csource" value="<?php echo $csource; ?>" size="30"></td>
</tr>
<tr>
<td>ARTIST</td>
<td width="100"><input name="cartist" type="text" id="cartist" value="<?php echo $cartist; ?>" size="30"></td>
</tr>
<td></td>
<td>
<!-- so that we could identify what record is to be updated -->
<input type='hidden' name='c_id' value='<?php echo $c_id ?>' />
<!-- we will set the action to update -->
<input type='hidden' name='action' value='update' />
<input type='submit' value='Save' />
<a href='gallery.php'>Back to display page</a>
</td>
</tr>
</table>
</form>
Can someone help to identify what the problem is?
Such problem occur when you dont validate your POST data correctly. In your code, you are updating your records directly, by using mysql_real_escape_string($variable). But although this might fix some security issues will not validated every data if it is present or not.
Validate your variables to be present and hold data before updating to the query.
you post a form with the method POST, but get the c_id with $_GET
change it to $_POST['c_id'] or $_REQUEST['c_id'] ...