I've read through a number of similar questions, so I know this has been answered before, but now my question is why isn't what I'm doing working?
I'm new to web development, developing a web form that passes the submitted data to a CSV file. What I currently do, is after all form validation is done on the form page "form.php", it sends the user to another page "submittedApplication.php", and in the same statement goes all of my code to push the data into a CSV.
What I NEED, is to pass one particular variable from "form.php", over to "submittedApplication.php". It's a reference number that I have a random generator for, on form.php.
In my code I use a function to create the reference number, I store it in a variable called $result. In the bottom of the validation I use
header('Location: submittedApplication.php?result={$result}');
to try and pass it over, and then in the second page I use
echo $_GET['result'];
to try and grab the variable.
If you spot it in my code, I've also tried the hidden input method, to no avail as well.
Here is my form.php main page
<!DOCTYPE html>
<html>
<?php
//Define variables and set to empty values
//###CUSTOMER DATA###
//Name
$custName= "";
$custNameError = "";
//Reference Number
$result = gen_uid();
//Error holders
$errors = ""; //Generic Error list at top of form, can be appended to
$error = 0; //Error Tally, If 0 = good. If 1 = error.
//Generates a 10 character random string with a prefix and current date attached
function gen_uid($l=10){
$prefix = "BLANK DATA#";
$str = "";
date_default_timezone_set('America/New_York');
$date = date("Y.m.d");
for ($x=0;$x<$l;$x++)
$str .= substr(str_shuffle("0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"), 0, 1);
echo $prefix . $str . "<br/>" . "Generated On: " . $date; }
//for testing
echo $result;
if($_SERVER["REQUEST_METHOD"] == "GET"){
$custName = "";
$custAddress = "";
}
else if ($_SERVER["REQUEST_METHOD"] == "POST") { // Checking null values in message.
$custName = $_POST['customername'];
$custAddress = $_POST['CustomerMailingAddress'];
$passedResult = $_POST['result'];
//################################## Form Validation #####################################
//CUSTOMER NAME
if(!isset($custName) || $custName == "")
{
$custNameError = "Name required";
$errors .= "Customer contact information required, Contractor optional.<br/>";
$custName = "";
$error = 1;
}
else{
$custName = $_POST['customername'];
}
if($error == 0)
{
echo "<input type='hidden' name='result' value='{$result}'/>";
//this is where the creating of the csv takes place
$cvsData = $custName . "," . $custAddress . "," . $custPhone . "," . $custMobile . "," . $custFax . "," . $custEmail . "," . $conName . "," . $conAddress . "," .
$custPhone . "," . $conPhone . "," . $custMobile . "," . $conMobile . "," . $custEmail . "," . $conEmail . "," . $accNum ."\n";
$fp = fopen("formTest.csv","a"); // $fp is now the file pointer to file $filename
if($fp){
fwrite($fp,$cvsData); // Write information to the file
fclose($fp); // Close the file
}
header('Location: submittedApplication.php?result={$result}');
}
}
?>
<body>
<h2 align="center"><u>Service Request Application Form</u></h2>
<hr>
<h4>NOTES:</h4>
<div id="wrapper">
<br/>
<h3 class="error"><?php echo $errors; ?></h3>
<form method="post" align="center" name="applicationform" id="applicationform" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>" enctype="multipart/form-data">
<!--###################################### CONTACT INFORMATION FIELDSET ######################################-->
<fieldset style="border: 1px black solid" align="center">
<legend style="font-weight:bold"><u>Contact Information</u></legend>
<table>
<tr>
<th></th>
<th><u>Customer</u></th>
<th title="Electrician"><u>Consultant/Contractor</u></th>
</tr>
<tr>
<td>
<tr>
<td align="right" id="namelabel">Contact Name:</td>
<td><input type="text" id="customername" name="customername" value="<?php echo $custName;?>" title="Name of contact on account"/></td>
<td><input type="text" id="contractorname" name="contractorname" title="Name of contractor or consultant" /></td>
</tr>
<tr>
<td></td>
<td><div class="error"><?php echo $custNameError;?></div></td>
<td></td>
</tr>
</td>
</tr>
</table>
</table>
</form>
</div>
</body>
</html>
And here is my second page submittedApplication.php
<!DOCTYPE html>
<html>
<body>
<h2 align="center"><u>Service Request Application Form</u></h2>
<hr>
<h4>NOTES:</h4>
<hr>
<div align="center"><h3>Application Submitted Successfully!</h3> </div>
<?php
echo $_GET['result'];
?>
</body>
</html>
Any and all tips are appreciated!
The way I would normally tackle passing values between pages is to use session variables.
You can do this in your form.php page
session_start();
$SESSION_["result"] = $result;
Then do the following in your other page
session_start();
if(isset($SESSION_["result"]) {
$result = $SESSION_["result"];
}
Just make sure you destroy or unset any session variables when you're done with them.
Related
I'm looking for help with my products list.
My Code:
<!DOCTYPE html>
<html>
<head>
<title> Produktliste </title>
</head>
<body>
<iframe name="dir" style="display:none;"></iframe>
<form action="shop.php" method="post">
<p> <h2> Produkt hinzufügen </h2> </p>
<p> Produktname: <input type="text" name="Produktname"/> </p>
<p> Produktbeschreibung: <textarea rows=2 cols=20 name="Produktbeschreibung"></textarea> </p>
<p> Preis: <input type="text" name="Preis"/> </p>
<input type="submit" name="speichern" value="Speichern"/>
</form>
<?php
$connect = new mysqli ('localhost', 'root', '');
$connect->select_db('shop');
if (#$_REQUEST["Produktname"] && #$_REQUEST["Produktbeschreibung"] && #$_REQUEST["Preis"]) {
$produktname = #$_REQUEST["Produktname"];
$beschreibung = #$_REQUEST["Produktbeschreibung"];
$preis = #$_REQUEST["Preis"];
$result = $connect->query("INSERT INTO `shop`.`produkte` (`Produktname`, `Beschreibung`, `Preis`) VALUES ('$produktname', '$beschreibung', '$preis');");
if(!$result) {
echo "SQL Fehler: " . $connect->error;
die;
} else { echo "Letzte ID: " . $connect->insert_id;
}
}
?>
<table border="2" width="30%" style="border:1px solid #000000; border-spacing:inherit; text-align:left;">
<br><br>
<tr>
<td> Produkt </td>
<td> Beschreibung </td>
<td> Preis </td>
<td> Funktionen </td>
<?php
$result = $connect->query("SELECT * FROM produkte");
while($obj = $result->fetch_object()) {
echo '<tr><td>' . $obj->Produktname . '</td><td>' . $obj->Beschreibung . '</td><td>' . $obj->Preis . ' EUR ' . '</td><td> Bearbeiten, Löschen </td></tr>';
}
?>
</tr>
</table>
<?php
if (isset($_REQUEST["delete"])) {
$url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$urlpart = explode('=', $url);
$ProduktID = end($urlpart);
$result = $connect->query("DELETE FROM `shop`.`produkte` WHERE `ProduktID` = $ProduktID;");
header('Location: ./shop.php');
}
if(isset($_REQUEST["id"])) {
$url = "http://$_SERVER[HTTP_HOST]$_SERVER[REQUEST_URI]";
$urlpart = explode('=', $url);
$ProduktID = end($urlpart);
// Update SQL Data?
}
if (!$result) {
echo "SQL Fehler: " . $connect->error;
die;
}
?>
</body>
</html>
I'm now looking for a way to retrieve the MySQL Data with the equivalent ID into the existing HTML Form and update it back to the MySQL Database... I'm currently learning PHP at the University and I can't think any further by myself.
It needs to get done withing this PHP File, like everything else is.
Thanks for any help! :)
If I understand you correct, you want to echo inserted row from database. Change the line:
$result = $connect->query("SELECT * FROM produkte");
into:
$result = $connect->query("SELECT * FROM produkte WHERE ID_prod_column = '$insertID'");
Try something like this. Just change "ID_prod_column" to correct name and $insertID to correct variable.
I have a php script that generates 3 files:
A .txt file
A .php file
The Script works fine but one thing destroys the idyll, the script does not write the vars in the 2nd generated script (I have also tried . $var . ). Any help would be appreciated.
The Code:
<?php
$filename = uniqid(rand(), true) . '.php';
$fh = fopen($filename, "w+");
if($fh)
{
fwrite($fh, "<html><body>
<div align='center'>
Neue Nachricht erstellen<br><br>
<form action='' . $filenamebes . '' Method='post'>
Titel:<br>
<input name='Name' size='40'><br><br>
Inhalt:<br>
<textarea name='inhalt' cols='40' rows='12'
wrap='physical'></textarea><p>
<input type='submit' value='Absenden'>
</form><br><br>
<?php
$beitrag = file('' . $filenametxt . '');
krsort($beitrag);
foreach($beitrag as $ausgabe)
{
$ausgabe = stripslashes($ausgabe);
$zerlegen = explode('|', $ausgabe);
echo '
<table align=\'center\'
border=\'1\' cellspacing=\'0\'
cellpadding=\'5\' bordercolorlight=\'black\'
bordercolordark=\'black\' width=\'50%\'>
<tr>
<td>
Titel: <a href=\'mailto:$zerlegen[0]\'>$zerlegen[1]</a>
am $zerlegen[2]
</td>
</tr>
<tr>
<td>
$zerlegen[3]
</td>
</tr>
</table><br>
';
}
?>
</div>
</body>
</html>
");
}
fclose($fh);
$filenametxt = uniqid(rand(), true) . '.txt';
$fhtxt = fopen($filenametxt, "w+");
if($fhtxt)
{
fwrite($fhtxt, "");
}
fclose($fhtxt);
$filenamebes = uniqid(rand(), true) . '.php';
$fhbes = fopen($filenamebes, "w+");
if($fhbes)
{
fwrite($fhbes, "<html>
<head>
<title>Speichere Nachricht</title>
</head>
<body>
<?php
$user = {$_POST['Name']};
$user = htmlentities($user);
$inhalt = {$_POST['inhalt']};
$inhalt = htmlentities($inhalt);
$inhalt = str_replace('\n', '<br>', $inhalt);
$email = {$_POST['EMail']};
$email = htmlentities($email);
if ($inhalt == '' or $user == '')
{
echo 'Sie müssen das Feld \'Namen\'
und \'Inhalt\' ausfüllen';
}
else
{
$datum= date('d.m.Y H:i:s');
$eintrag='$email|$user|$datum|$inhalt';
$datei = fopen('' . $filenametxt . '', 'a');
fwrite($datei, '\n'.$eintrag);
fclose($datei);
echo 'Ihre Nachricht wurde erfolgreich gespeichert';
}
?>
<br>
<a href='' . $filename . ''>Zurück</a>
</body>
</html>");
}
fclose($fhbes);
echo "PHP = $filename TXT = $filenametxt BES = $filenamebes <br><br><a href='".$filename."'>ÖffnenPHP</a> <br><br><a href='".$filenametxt."'>ÖffnenTXT</a> <br><br><a href='".$filenamebes."'>ÖffnenBES</a>"
?>
You are using Super string format to build your string.
Super string means double quotes "".
here
fwrite($fh, "<html><body>
and you use php variables in the super string format. So php identify the variable as a string or whatever it contains
Ex :
$a="ABCD";
echo "$a"; // this will print ABCD
but when you do it this way
$a="ABCD";
echo '$a';// this will print $a
Here is the solution
fwrite($fh, '<html><body>
<div align="center">
Neue Nachricht erstellen<br><br>
<form action=" . $filenamebes . " Method="post">
Titel:<br>
<input name="Name" size="40"><br><br>
Inhalt:<br>
<textarea name="inhalt" cols="40" rows="12"
wrap="physical"></textarea><p>
<input type="submit" value="Absenden">
</form><br><br>
<?php
$beitrag = file(" . $filenametxt . ");
krsort($beitrag);
foreach($beitrag as $ausgabe)
{
$ausgabe = stripslashes($ausgabe);
$zerlegen = explode("|", $ausgabe);
echo "
<table align=\"center\"
border=\"1\" cellspacing=\"0\"
cellpadding=\"5\" bordercolorlight=\"black\"
bordercolordark=\"black\" width=\"50%\">
<tr>
<td>
Titel: $zerlegen[1]
am $zerlegen[2]
</td>
</tr>
<tr>
<td>
$zerlegen[3]
</td>
</tr>
</table><br>
";
}
?>
</div>
</body>
</html>
');
PHP is treating those terms "$filenamebes" "$zerlegen" as actual variables.
Because those variables don't exist, it will not write anything to the file.
Instead you should escape those variables like so: \$filenamebes. This will allow you to physically write $filenamebes to the file, and not have PHP search for its value (null).
Proof of concept:
<?php
$a = 'test';
$s = "\$a";
echo $s ."\n"; //will print '$a'
echo "---\n";
$s = "$a";
echo $s ."\n"; //will print 'test'
I have been trying to make my select sticky so that it will retain the value of the firstname and lastname of the user that is currently being searched. I have tried many approaches including structuring my php differently so that the script is at the beginning of the file and starts with if(isset($_POST['submit'])){} then it echoes the html with the fields filled out and else{} echo the html blank. This approach below is the closest I have gotten to making it sticky I think but I still can't get it to work.
<?php
$user_id = 2;
$user_firstname = "Soren";
$user_lastname = "Craig";
require ('mysqli_connect.php');
# based on student name, get list of files uploaded
$pageTitle = "View User Files";
include ('includes/header.html');
?>
<div class="container">
<h2>Uploaded Files</h2>
<div class="form-group col-xs-4">
<form action="newview.php" method="POST">
<label for="sel1">Select User:</label>
<select class="form-control" id="select-user" name="select-user">
<option><?php if(isset($firstname) && isset($lastname)) echo $lastname . ", " . $firstname?></option>
<?php
$query = "SELECT user_id, firstname, lastname FROM studentusers ORDER BY lastname ASC";
$stmt = mysqli_prepare($dbconnect, $query);
if(mysqli_stmt_execute($stmt))
{
mysqli_stmt_bind_result($stmt, $user_id, $firstname, $lastname);
while(mysqli_stmt_fetch($stmt))
{
echo '<option value="' . $user_id . '">' . $lastname . ", " . $firstname . "</option>";
}
}
echo "</select>";
mysqli_stmt_close($stmt);
echo '<button type="submit" name="submit" class="btn btn-primary">Submit</button>
</form>';
if(isset($_POST['submit']))
{
$user_id = $_POST['select-user'];
echo '<p>' . $firstname . " " . $lastname . '</p>
<table class="table table-hover">
<thead>
<tr>
<th>Name</th>
<th>Description</th>
<th>Date</th>
</tr>
</thead>
<tbody>';
$query = "SELECT filename, posteddate FROM fileuploads WHERE user_id = ?";
$statement = mysqli_prepare($dbconnect, $query);
mysqli_stmt_bind_param($statement, 'i', $user_id);
if(mysqli_stmt_execute($statement))
{
// bind the result
mysqli_stmt_bind_result($statement, $fileName, $fileDate);
while(mysqli_stmt_fetch($statement))
{
echo "<tr>
<td> " . $fileName . " </td>
<td></td>
<td>" . date('F j, Y', strtotime($fileDate)) . "</td>
</tr>";
}
}
}
?>
</div>
</body>
</html>
Any help is much appreciated... Thanks!
You mean that after the form's submitted and re-displayed, you want the previous selected values to be already-selected in the form?
Easy enough:
while(...) {
if (should be selected) {
<option selected="selected">...</option>
} else {
<option>...</option>
}
}
I am fairly new to php and have been searching for three days to find my problem. The script below worked for two years, and now suddenly the second POST command never populates (it is the last lines of code, and when I echo $_POST['input']; nothing is ever there.) I have looked at var_dump$[_$POST] and it gets $formType, but never $input.
Why would this suddenly stop working? It goes to the next form, but nothing works because it all counts on $input being passed on.
I am running on a unix server, Network Solutions.
Any help is greatly appreciated!!
here is the code (sanitized names of directories and databases, obviously):
<?php
session_start();
if ($_SESSION['auth'] != "yes") {
header("Location: login.php");
exit();
}
if (isset($_REQUEST['Enter'])) {
header("Location: http://www.mysite.com/subdirectory/nextform.php");
} else if (isset($_REQUEST['Delete'])) {
header("Location: http://www.mysite.com/subdirectory/deleterow.php");
}
########################################
####checks what kind of service request######
#########################################
?>
<form name="form" method="post" action="<?php
echo htmlentities($_SERVER['PHP_SELF']);
?>">
<p><legend>Form Type</legend></p>
<p> <basefont size = "4"></p>
<p><label for="formType" required>*Select Type of Form:</label></p>
<p><select name="formType"></p>
<p><option value="">select</option></p>
<p><option value="Garda">Security Officer</option></p>
<p><option value="Surveil">Surveil</option></p>
<p><option value="EmployApp">Employment Application</option></p>
<p></select></p>
<p><input type="submit" name="Submit" value="Submit" /></p>
</form>
<?php
$formType = $_POST['formType'];
SESSION_register("formType");
if ($formType == Garda) {
// Connects to your Database
include("introGardaform.php");
$database = "Gardaform"; // provide your database name
$db_table = "GardaINQ"; // leave this as is
$db = mysql_connect($hostname, $db_user, $db_password);
mysql_select_db($database, $db);
$data = mysql_query("SELECT * FROM GardaINQ") or die(mysql_error());
// puts the "GardaINQ"database table info into the $info array
//$info = mysql_fetch_array( $data );
Print "<table border cellpadding=15>";
while ($info = mysql_fetch_array($data)) {
Print "<tr>";
Print "<th>Inquiry Number:</th> <td>" . $info['Inquiry_num'] . "</td> ";
Print "<th>Contact Name:</th> <td>" . $info['contactName'] . " </td>";
Print "<th>Contact Number:</th> <td>" . $info['contactNum'] . " </td></tr>";
}
Print "</table>";
}
if ($formType == Surveil) {
// Connects to your Database
include("investfm.php");
$database = "investigateform"; // provide your database name
$db_table = "surveil"; // leave this as is
$db = mysql_connect($hostname, $db_user, $db_password);
mysql_select_db($database, $db);
$data = mysql_query("SELECT * FROM surveil") or die(mysql_error());
// puts the "surveil"database table info into the $info array
//$info = mysql_fetch_array( $data );
Print "<table border cellpadding=15>";
while ($info = mysql_fetch_array($data)) {
Print "<tr>";
Print "<th>Inquiry Number:</th> <td>" . $info['Inquiry_num'] . "</td> ";
Print "<th>Contact Name:</th> <td>" . $info['contactName'] . " </td>";
Print "<th>Contact Number:</th> <td>" . $info['contactNum'] . " </td></tr>";
}
Print "</table>";
}
if ($formType == EmployApp) {
// Connects to your Database
include("introhires.php");
$database = "hires"; // provide your database name
$db_table = "hiresentry"; // leave this as is
$db = mysql_connect($hostname, $db_user, $db_password);
mysql_select_db($database, $db);
$data = mysql_query("SELECT * FROM hiresentry") or die(mysql_error());
// puts the "hiresentry"database table info into the $info array
//$info = mysql_fetch_array( $data );
Print "<table border cellpadding=15>";
while ($info = mysql_fetch_array($data)) {
Print "<tr>";
Print "<th>First Name:</th> <td>" . $info['firstName'] . " </td>";
Print "<th>Last Name:</th> <td>" . $info['lastName'] . " </td>";
Print "<th>Date:</th> <td>" . $info['date'] . " </td></tr>";
}
Print "</table>";
}
?>
<form name="finddata" method="POST" action="<?php
echo htmlentities($_SERVER['PHP_SELF']);
?>">
<p> <basefont size = "4"></p>
<p><label for="finddata" required>Enter Inquiry Number for Garda or Surveil, Last name for Employment
Application:</label></p>
<p><input type = "text" size="20" maxlength="40" required onKeyPress="return noenter()"
name="input"></p>
<p><input type="hidden" value="<?php
echo $formType;
?>" name="formType"></p>
<p><input type="submit" name="Enter" value="Enter" ></p><br/>
<p><input type="submit" style="font-face: 'Comic Sans MS'; font-size: larger; color: red; background-color: #FFFFC0; border: 3pt ridge lightgrey" name = "Delete" value="Delete"></p>
</form>
<?php
$input = $_POST['input'];
SESSION_register("input");
echo $_POST['input'];
?>
You have used SESSION_register("formType"); undefined function and This function has been DEPRECATED as of PHP 5.3.0 and REMOVED as of PHP 5.4.0.
So you can use $_SESSION["formType"]=$formType;, also
Need to wrap " or ' to check the string. Try this,
if($formType=="Garda"){
and if($formType=="EmployApp"){
instead of
if($formType==Garda){
if($formType==EmployApp){
You have a lot of issues on your code.
You are comparing your $formtype variable to a constant instead. It has to be like this. if($formType=="Garda"){ and if($formType=="Surveil"){ and if($formType=="EmployApp"){ add the double quotes to all those if statements as shown.
You are using a deprecated version i.e. session_register
can you try the following:
Remove the action attribute completely from both the forms as by default it is POST to self.
replace the font-face css property to font-family property in the last element of the second form. however that should not be the cause of the issue you are facing.
As there are 2 forms in the page and there are 2 code blocks depending on the form post, I assume that your second form post creates the issue in the first part of the code as the data for the first from will not be posted from the submit button in the second form. so before executing the piece of code you should identify if that piece of code should be executed or not. A simple multi form setup should look something like this:
<form name="form1" method="post">
<input type="text"/>
<input type="submit" name="form1-submit" value="Submit Name" />
</form>
<!-- form1 specific code -->
<?php
if(isset($_POST["form1-submit"]))
{
// do your stuff here
}
?>
<form name="form2" method="post">
<input type="text"/>
<input type="submit" name="form2-submit" value="Submit Name" />
</form>
<!-- form2 specific code -->
<?php
if(isset($_POST["form2-submit"]))
{
// do your stuff here
}
?>
<!-- independent code -->
<?php
// do your common code here.
?>
If you can write the code in above manner you will be able to resolve your problem yourself. please let us know in case above helped.
I have a php page with form for updating records and image I don’t know what is wrong with the update statement ,,, the values of fields are taken and I can see them on url through the GET method ... But when I run the page and update record information is not changing and nothing appear on the page ,,, since none of fields r taking the update I think my update statement having problem ,,,here is the code:
<?php
// Connect to the database
require("includes/conn.php");
// Script Variables
$target_dir = 'images/';
$file_given = false;
$inputs_given = false;
$id_given = false;
if(isset($_POST['serialid']) && $_POST['serialid'] != "")
{
$serialid = $_POST['serialid'];
$id_given = true;
}
// You only need to catch input from a create or modify action, so start by checking for ALL the REQUIRED inputs
if(isset($_POST['name']) && $_POST['name'] != "" && isset($_POST['description']) && $_POST['description'] != "" && isset($_POST['price']) && $_POST['price'] != "")
{
$name = $_POST['name'];
$paragraph = $_POST['description'];
$price = $_POST['price'];
if(isset($_POST['picture']) && $_POST['picture'] != "")
{
$picture = basename($_FILES['picture']['name']);
$file_given = true;
}
// Just some verification (not really much, but you can write your own functions and slot them in
$name_safe = true;
$description_safe = true;
$price_safe = true;
$picture_safe = false;
if($_FILES["picture"]["type"] == "image/gif" || $_FILES["picture"]["type"] == "image/jpg" || $_FILES["picture"]["type"] == "image/png" || $_FILES["picture"]["type"] == "image/bmp")
$picture_safe = true;
if($name_safe && $description_safe && $price_safe && $picture_safe)
$inputs_given = true;
}
if($id_given && $inputs_given)
{
// Search for the record and see if it exists
$get_record = mysql_query("SELECT serial, picture FROM products WHERE serial='$serialid'");
$record_exists = mysql_num_rows($get_record);
if($record_exists == 1)
{
if($file_given)
{
$update_image = ", picture='$picture'";
// Now we need to remove the old image from the file system and upload our new one in it's place
$previous_image = mysql_result($get_record,'0','picture');
unlink($target_dir . $previous_image);
//Now that the previous image has been removed, we need to upload our new image
$new_image = $target_dir . $picture ;
move_uploaded_file($_FILES['picture']['tmp_name'], $new_image);
}
else
$update_image = "";
if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price', " . $update_image . " WHERE serial='$serialid'"))
$action_output = "Record successfully modified.";
else
$action_output = "Record modification unsuccessful.";
}
else
$action_output = "The record id you specified does not exist.";
}
?>
<html>
<head>
<title>Manage Records</title>
</head>
<body>
<?php echo $action_output; ?>
</body>
</html>
<?php
// Disconnect from the database
?>
Here is the url when I click the modify
http://localhost/Shopping/update.php?name=View+Sonic+LCD&description=LCD&price=250&picture=C%3A%5CDocuments+and+Settings%5Ce2565%5CMy+Documents%5CTwasul%5Ctlogo%5Cicon%5Cpic1.jpg&serialid=1
My Modify Form is this
<?php
// Connect to the database
require("includes/conn.php");
$id_given = false;
if(isset($_POST['serialid']) && $_POST['serialid'] != "")
{
$serialid = $_POST['serialid'];
$id_given = true;
}
if($id_given)
{
$get_record = mysql_query("SELECT * FROM products WHERE serial='$serialid'");
$record = mysql_fetch_array($get_record);
$output = '<form method="POST" enctype="multipart/form-data" action="update.php?serialid=' . $record['serialid'] . '&action=modify">
<table>
<tr>
<td>Name:</td>
<td><input name="name" type="text" value="' . $record['name'] . '"/></td>
</tr>
<tr>
<td>Description :</td>
<td><textarea name="description" cols="45" rows="5">' . $record['description'] . '</textarea></td>
</tr>
<tr>
<td>Price:</td>
<td><input name="price" type="text" value="' . $record['price'] . '"/></td>
</tr>
<td colspan="2"><img height="50" width="50" src="../images/' . $record['picture'] . '"/><br/>' . $record['picture'] . '</td>
</tr>
<tr>
<td>Modify Image:</td>
<td><input name="picture" type="file" value="" /></td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="Modify Record"/>
</td>
</tr>
</table>
</form>';
}
else
$output = 'No record id was specified.';
?>
<html>
<head>
<title>Modify Record</title>
</head>
<body>
<?php echo $output; ?>
</body>
</html>
<?php
// Disconnect from the database
?>
First, you have an extra comma in this line, before the WHERE :
if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price', " . $update_image . " WHERE serial='$serialid'"))
The correct syntax is :
if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price' " . $update_image . " WHERE serial='$serialid'"))
Then, you said
I can see them on url through the GET method
But in your script you are using $_POST variable to get values, use $_GET instead or change the method of your form to post.
If you want to upload a picture you have to use post method, the file will be available in the $_FILES variable.
In your example, you pass parameters by URL so, with the get method, and the "picture" is just the path to the picture in your PC, and it's not uploaded on the server.
EDIT :
Add "<input type='hidden' name='serialid' value='".$record['serialid']."' />" AND "<input type='hidden' name='action' value='modify' />" in your form instead of add this parameters to the action url of it, and it should work
you have added comma in $update_image = ", picture='$picture'"; as well as in
if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price', " . $update_image . " WHERE serial='$serialid'"))
either remove the comma in $update_image = " picture='$picture'"; or remove in this
if(mysql_query("UPDATE products SET name='$name', description='$description', price='$price' " . $update_image . " WHERE serial='$serialid'"))'