As the title suggests I am trying to link a populated drop down list to a form on another page.
My dropdown list is currently connected to my database which displays the addressID's of 6 people. So when the user selects for example AddressID 3 it will take them to the next page (customerdetails.php) which will then allow them to update the form which will update the database accordingly.
My current code is as follows
<?php
//adding the database connection
$username = "root";
$password = "";
$hostname = "localhost";
//connection to the databse
$dbhandle = mysql_connect ($hostname, $username, $password)
or die ("Unable to Connect to MySQL");
echo "Connected to MySQL";
//selecting the database we want to work with
$selected = mysql_select_db("my_guitar_shop2", $dbhandle)
or die("Could not select my_guitar_shop2");
?>
<p>AddressID:</p> <br>
<?php
$sql = "SELECT addressID FROM addresses";
$result = mysql_query($sql);
echo "<select name='addressID' onchange = 'getAddressID(this)'>";
while ($row = mysql_fetch_array($result)) {
echo "<option value='" . $row['addressID'] ."'>" . $row['addressID'] ."</option>";
}
echo "</select>";
?>
Now on the customerdetails.php page i have the code:
<?php
$adrresIDSelected = $_GET['addressID'];
?>
For the life of me I cannot seem to connect the 2 pages together.
Am i anywhere near the correct path? I would prefer not to use javascript as I have no prior knowledge of it.
Many thanks in advance
UPDATE
customerdetails.php page
<?php
//adding the database connection
$username = "root";
$password = "";
$hostname = "localhost";
//connection to the databse
$dbhandle = mysql_connect ($hostname, $username, $password)
or die ("Unable to Connect to MySQL");
echo "Connected to MySQL";
//selecting the database we want to work with
$selected = mysql_select_db("my_guitar_shop2", $dbhandle)
or die("Could not select my_guitar_shop2");
?>
<?php
$addrresIDSelected = $_GET['addressID'];
?>
Contact Form
<form class="form">
<p class="first">
<label for="name">FirstLine</label>
<input type="text" name="firstline" id="first" />
</p>
<p class="second">
<label for="email">SecondLine</label>
<input type="text" name="secondline" id="second" />
</p>
<p class="city">
<label for="web">City</label>
<input type="text" name="city" id="web" />
</p>
<p class="state">
<label for="web">State</label>
<input type="text" name="state" id="web" />
</p>
<p class="zip">
<label for="web">Zip Code</label>
<input type="number" name="zip" id="web" />
</p>
<p class="update">
<input type="button" value="Update" />
</p>
<p class="remove">
<input type="button" value="Remove" />
</p>
</form>
First solution (no Javascript)
For a solution without Javascript, you will need to use the select within a form element and use a submit button too to send the information completed/selected in the form to the desired page:
...
<form action="customerdetails.php" method="get">
<select name="addressID">
<?php
$sql = "SELECT addressID FROM addresses";
$result = mysql_query($sql);
while ($row = mysql_fetch_array($result)) {
echo "<option value='" . $row['addressID'] ."'>" . $row['addressID'] ."</option>";
}
?>
</select>
<input type="submit" value="Take me to the other page">
</form>
...
UPDATE - Second solution (with Javascript)
For using the getAddressID Javascript function to send the ID instead of using a form, you will need to update the function a bit:
<script>
function getAddressID (option) {
var addressID = option.value;
// you do not need the <your_domain> prefix here, as probably both your php scripts are on the same server/domain and same folder
window.location.replace ("customerdetails.php?addressID =" + addressID);
//-----------------------------------------------------^
// Extra space must be removed!
}
</script>
Related
I have a select dropdown list that contains all existing usernames found in my table. I want to delete an entry from my table by selecting the corresponding username. I can't seem to find the error in my php file...I get the "Successfully deleted" message even if the entry is still there. Want to know what's wrong with my php. Thanks.
Here's the concerned portion of the View:
<form action="deleting.php" method="post">
<select id="username">
<option ng-repeat="user in users">
{{user.username}}
</option>
</select>
<input type="submit" value="Delete"/>
</form>
Here's my deleting.php file
<?php
$servername = "localhost";
$username = "root";
$password = "";
$dbname = "abc";
$conn = mysqli_connect($servername, $username, $password, $dbname);
if (!$conn) {
die("Connection failed: " . mysqli_connect_error());
}
$deletecontent= isset( $_POST["username"] ) ? $_POST["username"] : "null" ;
$sql = "DELETE from users where username='$deletecontent'";
if (mysqli_query($conn, $sql)) {
echo "Successfully deleted";
} else {
echo "Error: " . $sql . "<br>" . mysqli_error($conn);
}
mysqli_close($conn);
?>
You can get value in $_POST only when there is name attribute in your input. so try
<select id="username" name="username">
You have to add name attribute to select option. Then only it can be accessed using $_POST.
<select id="username" name = "username">
Set name="username" in <select>
and,
set value attribute in <option>.
<form action="deleting.php" method="post">
<select id="username" name="username">
<option ng-repeat="user in users" value="{{user.username}}">
{{user.username}}
</option>
</select>
<input type="submit" value="Delete"/>
</form>
I'm a complete newbie in php & MySQL
Basically what I want to do is be able to retrieve data from a table
in MySQL database and put it in a drop down menu .
After I fill in the other fields I want to data from the drop down menu to be written to another table in the same database .
This is my insert.php file
<?php
#### INSERTS A SINGLE CUSTOMER IN Company-->Customer Database with UTF8 Change for special German Characters - Cyrilic Doesnt work - Other change then utf8 ???
#### Getting Data from Index.php
$servername = "127.0.0.1";
$username = "root";
$password = "";
$dbname = "company";
//making an array with the data recieved, to use as named placeholders for INSERT by PDO.
#### Getting DAta from Index.php
$data = array('CustomerName' => $_POST['CustomerName'] , 'Address1' => $_POST['Address1'], 'Address2' => $_POST['Address2'], 'City' => $_POST['City'], 'PostCode' => $_POST['PostCode'], 'CountryID' => $_POST['CountryID'], 'ContactName' => $_POST['ContactName'], 'ContactEmail' => $_POST['ContactEmail'], 'ContactPhone' => $_POST['ContactPhone'], 'ContactFax' => $_POST['ContactFax'], 'Website' => $_POST['Website']);
try {
// preparing database handle $dbh
$dbh = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password,array(PDO::MYSQL_ATTR_INIT_COMMAND => "SET NAMES utf8")); ### Database Connect with Special characters Change
// set the PDO error mode to exception
$dbh->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// query with named placeholders to avoid sql injections
$query = "INSERT INTO customer (CustomerName, Address1, Address2, City, PostCode, CountryID, ContactName, ContactEmail, ContactPhone, ContactFax, Website )
VALUES (:CustomerName, :Address1, :Address2, :City, :PostCode, :CountryID, :ContactName, :ContactEmail, :ContactPhone, :ContactFax, :Website )";
//statement handle $sth
$sth = $dbh->prepare($query);
$sth->execute($data);
echo "New record created successfully";
}
catch(PDOException $e)
{
echo $sql . "<br>" . $e->getMessage();
}
$dbh = null;
?>
And this is the source from the html page
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Add New Product</title>
</head>
<body>
<form action="insert.php" method="post">
<p>
<label for="CustomerName">CustomerName:</label>
<input type="text" name="CustomerName" id="CustomerName">
</p>
<p>
<label for="Address1">Address 1:</label>
<input type="text" name="Address1" id="Address1">
</p>
<p>
<label for="Address2">Address 2:</label>
<input type="text" name="Address2" id="Address2">
</p>
<p>
<label for="City">City:</label>
<input type="text" name="City" id="City">
</p>
<p>
<label for="PostCode">Post Code:</label>
<input type="text" name="PostCode" id="PostCode">
</p>
<p>
<label for="CountryID">Country ID:</label>
<input type="text" name="CountryID" id="CountryID">
</p>
<p>
<label for="ContactName">Contact Name:</label>
<input type="text" name="ContactName" id="ContactName">
</p>
<p>
<label for="ContactEmail">Contact Email:</label>
<input type="text" name="ContactEmail" id="ContactEmail">
</p>
<p>
<label for="ContactPhone">Contact Phone:</label>
<input type="text" name="ContactPhone" id="ContactPhone">
</p>
<p>
<label for="ContactFax">Contact Fax:</label>
<input type="text" name="ContactFax" id="ContactFax">
</p>
<p>
<label for="Website">Website:</label>
<input type="text" name="Website" id="Website">
</p>
<input type="submit" value="Add Records">
</form>
</body>
</html>
So I wanna add this php code that pulls out the country list and prefixes for the phone numbers and then when I hit the submit button the actual output of the drop down menu to we written in the customers table
<p>
<label for="CountryID">Country:</label>
<?php
$servername = "localhost";
$username = "root";
$password ="";
$dbname = "company";
$con_qnt = mysqli_connect($servername, $username, $password, $dbname);
if(!mysqli_connect("localhost","root",""))
{
die('oops connection problem ! --> '.mysqli_connect_error());
}
if(!mysqli_select_db($con_qnt, "company"))
{
die('oops database selection problem ! --> '.mysqli_connect_error());
}
$sql = "SELECT * FROM country";
$result = mysqli_query($con_qnt, "SELECT * FROM country" );
echo "<select name='label'>";
while ($row = mysqli_fetch_array($result)) {
echo "<option value='" . $row['CountryName' ] . "'>" . $row['CountryName' ] . " (" .$row['PhonePrefix' ] . ")" . "</option>";
}
echo "</select>";
?>
<name="CountryID" id="CountryID">
</p>
I don't even know if this is doable - I searched for long time but couldn't find anything that is kind of what I need . Mostly I found hard coded html dropdown menus . In fact hard coding this will work for the countries but it wont work if I want it to be able to show lets say products in a drop down menu . Thank you all in advance .
Hi I just made a quick sample to answer your question on how to populate dropdown using data from database.
In this example, I used
JQuery's AJAX Function
so first, for the backend, (this is just a quick sample to select data. Do not use this as a pattern for your future codes
<?php
$dbh = new PDO("mysql:host=localhost;dbname=dbhelp", 'root', 'pup');
$stmt = $dbh->prepare("SELECT * from t_country");
$stmt->execute();
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
echo json_encode($result);
?>
I repeat. This is just for quick reference. Do not use it as a pattern for your code.
So using that code, we have now selected data from our table country and usedjson_encode to make it in json format. read more about this here. http://php.net/manual/en/function.json-encode.php.
Next one is the frontend(HTML part)
<body>
// empty dropdown button to be filled by data from database
<select id="country">
</select>
//include the jquery library
<script src="//code.jquery.com/jquery-1.11.3.min.js"></script>
<script type="text/javascript">
$(document).ready(function () {
$.ajax ({
url : 'dropdown_database.php', // the url from which the data will be pulled
success: function(data) {
var country = $.parseJSON(data); // parse the json format data
$.each(country, function(i, d) {
$('#country').prepend('<option>'+ d.country +'</option>'); // this one adds the <option></option> tag in the dropdown
});
}
});
});
</script>
If I got you right, you want to replace this:
<p>
<label for="CountryID">Country ID:</label>
<input type="text" name="CountryID" id="CountryID">
</p>
With a dropdown so you can quickly pick the country from the dropdown instead of memorizing the ID for each individual country. And to create the select you are using this code:
<p>
<label for="CountryID">Country:</label>
<?php
// some code here that I removed to avoid noise
$sql = "SELECT * FROM country";
$result = mysqli_query($con_qnt, "SELECT * FROM country" );
echo "<select name='label'>";
while ($row = mysqli_fetch_array($result)) {
echo "<option value='" . $row['CountryName' ] . "'>" . $row['CountryName' ] . " (" .$row['PhonePrefix' ] . ")" . "</option>";
}
echo "</select>";
?>
<name="CountryID" id="CountryID">
</p>
That should work fine... after you fix some issues:
If you want to replace the input with the select, the select should have the same name as the input so the value is processed automatically. Right now the select has "label" as the name and there is a strange (and incorrect) name tag. To fix this:
Get rid of the unnecessary name tag.
Replace the name attribute in the select with value "CountryID":
echo "<select name='CountryID'>";
The option value should be the country ID so, unless the ID is the country name (not the best choice), you are not using the right value. Change that line too:
echo "<option value='" . $row['CountryID' ] . "'>" . $row['CountryName' ] . " (" .$row['PhonePrefix' ] . ")" . "</option>";
(Considering CountryID as the ID, replace it for the right column name).
And I think with those two changes, the rest of the code should work just fine with insert.php that wouldn't require any updates at all. Finally it would look something like this:
<p>
<label for="CountryID">Country:</label>
<?php
// some code here that I removed to avoid noise
$sql = "SELECT * FROM country";
$result = mysqli_query($con_qnt, "SELECT * FROM country" );
echo "<select name='CountryID'>";
while ($row = mysqli_fetch_array($result)) {
echo "<option value='" . $row['CountryID' ] . "'>" . $row['CountryName' ] . " (" .$row['PhonePrefix' ] . ")" . "</option>";
}
echo "</select>";
?>
</p>
Using AJAX How can I generate selections for a dropdown menu based on records available in a database?.
How can then use these selections to prefill a form with record/row data from a database when selected?
Heres a mock up I created of what I'm trying to do:
http://oi58.tinypic.com/2urb2ae.jpg
PHP FILE: contact_form.php
-----------------------------------------------------------
<?php
define('DB_NAME', 'xxx');
define('DB_USER', 'xxx');
define('DB_PASSWORD', 'xxx');
define('DB_HOST', 'xxx');
$connection = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD);
if(!$connection){
die('Database connection failed: ' . mysqli_connect_error());
}
$db_selected = mysqli_select_db($connection, DB_NAME);
if(!$db_selected){
die('Can\'t use ' .DB_NAME . ' : ' . mysqli_connect_error());
}
echo 'Connected successfully';
if (isset($_POST['itemname'])){
$itm = $_POST['itemname'];
}
else {
$itm = '';
}
if($_POST['mile']){
$mi = $_POST['mile'];
}else{
echo "Miles not received";
exit;
}
if($_POST['email']){
$email = $_POST['email'];
}else{
echo "email not received";
exit;
}
$sql = "INSERT INTO seguin_orders (itemname, mile, email)
VALUES ('$itm', '$mi', '$email')";
if (!mysqli_query($connection, $sql)){
die('Error: ' . mysqli_connect_error($connection));
}
CONACT FORM: formz.php
------------------------------------------------------------------------------
<html>
<header>
</header>
<body>
<form action="/demoform/contact_form.php" class="well" id="contactForm" method="post" name="sendMsg" novalidate="">
<big>LOAD PAST ORDERS:</big>
<select id="extrafield1" name="extrafield1">
<option value="">Please select...</option>
<?php
$email = $_POST['email'];
$query="select * from tablename WHERE email={$_POST['email']}";
$res=mysqli_query($connection,$query);
while($row = mysqli_fetch_assoc($res))
{
?>
<option value="<?php echo $row['fieldname']; ?>"><?php echo $row['fieldname']; ?></option>
<?php
}
?>
</select>
</br>
<input type="text" required id="mile" name="mile" placeholder="Miles"/>
</br>
<input id="email" name="email" placeholder="Email" required="" type="text" value="demo#gmail.com" readonly="readonly"/>
</br>
<input id="name" name="itemname" placeholder="ITEM NAME 1" required="" type="text" />
</br>
<input type="reset" value="Reset" />
<button type="submit" value="Submit">Submit</button>
</form>
</body>
</html>
Using an exemple, let's assume you want to fill the "name" select based on the option selected at the "gender" select:
<select name="gender" id="gender">
<option value="m">Male</select>
<option value="f">Female</select>
</select>
When nothing is selected yet, the "name" select is empty:
<select name="name" id="name">
<option value="NULL">Please select a gender first</option>
</select>
So, what you gotta do is: when the gender select got some selection, you populate the name select with values based on the gender select option.
$(document).ready(function() {
$('select#gender').change(function(){
$('select#name').load('LOAD_NAMES_BASED_ON_GENDER.php?gender='+$(this).val());
});
});
And your PHP file responsible for loading the names based on gender should look like:
$gender = $_GET['gender'];
$list = // the way you retrieve your list of names from your DB
And then you loop this $list into an list of options, such like:
foreach($list as $key=>$value)
echo '<option value="$key">$value</option>';
This simple.
PS: the load() function is kind of an alias for the $.ajax request, given that the only purpose here is to retrieve data.
I am a complete beginner, so please bear with me. This is just a test project I am putting together to try to teach myself some of the basics.
I know that a lot of my commands are outdated and/or susceptible to injection, but I'd rather stick with this for now (many reasons).
I just had a question about trying to use SELECT from WHILE, and figured that out and got it to echo the correct response on the page.
Now, how do I make it echo that as a value for an HTML text box? It won't work, and I've tried to look for typos but I don't know what I am doing, frankly.
I see that the $studentid and $teacherinfo show fine, I presume because they are normal variables.
Can I somehow define two more variables for first name and last name further up in the page so that I do not need to include so much code in each input (and to keep it from being buggy)?
Here is my code for the page. The inputs will be hidden, but I have been making them text boxes for debugging purposes.
<?php
$connection = mysql_connect($serverName, $userName, $password) or die('Unable to connect to Database host' . mysql_error());
$dbselect = mysql_select_db($dbname, $connection) or die("Unable to select database:$dbname" . mysql_error());
$studentid = $_POST['student_id'];
$teacherinfo = $_POST['teacher'];
$result = mysql_query("SELECT `first_name` FROM `students` WHERE student_id = '$studentid'",$connection);
?>
</head>
<body>
<div align="center">
<form method="post" action="vote_post.php">
<h1>Vote for Teacher of the Month</h1>
<h4>(step 2 of 2)</h4>
<h2>Confirm the Information Below</h2>
<h5>Student id: <?php echo $studentid ?></br>
Student first name: <?php
while($row = mysql_fetch_array($result)){
echo $row['first_name'];
}
?>
</br>
Voted for: <?php echo $teacherinfo ?>
</h5>
<input type="text" name="student_id" value="<?php echo $studentid; ?>"/></br>
<input type="text" name="first_name" value="<?php while($row = mysql_fetch_array($result)){
echo $row['first_name'];
} ?>"/>
</br>
<input type="text" name="last_name" value="<?php while($row = mysql_fetch_array($result)){
echo $row['last_name'];
} ?>"/>
</br>
<input type="text" name="teacher" value="<?php echo $teacherinfo; ?>"/></br>
<input type="submit" value="Submit Vote" class="inputbutton"/></br></br></br>
</form>
You can't use while because your query return only one student. You have to use if instead of while. If your query return many students you can use while.
Try this code:
<?php
if($row = mysql_fetch_array($result)){
?>
Student first name: <?php echo $row['first_name'];?>
</br>
Voted for: <?php echo $teacherinfo ?></h5>
<input type="text" name="student_id" value="<?php echo $studentid; ?>"/></br>
<input type="text" name="first_name" value="<?php echo $row['first_name'];?>"/></br>
<input type="text" name="last_name" value="<?php echo $row['last_name'];?>"/></br>
<input type="text" name="teacher" value="<?php echo $teacherinfo; ?>"/></br>
<input type="submit" value="Submit Vote" class="inputbutton"/></br></br></br>
<?php
}
?>
I hope this help.
I tried to build a code that will help you. Remember that you use last_name, but does not return the field in SQL.
</head>
<body>
<div align="center">
<form method="post" action="vote_post.php">
<h1>Vote for Teacher of the Month</h1>
<h4>(step 2 of 2)</h4>
<h2>Confirm the Information Below</h2>
<?php
$connection = mysql_connect($serverName, $userName, $password) or die('Unable to connect to Database host' . mysql_error());
$dbselect = mysql_select_db($dbname, $connection) or die("Unable to select database:$dbname" . mysql_error());
$studentid = $_POST['student_id'];
$teacherinfo = $_POST['teacher'];
$result = mysql_query("SELECT `first_name`,`last_name`,`student_id` FROM `students` WHERE student_id = $studentid",$connection);
while($row = mysql_fetch_array($result)){
echo "<h5>Student id: $row['student_id'] </br>" .
"Student first name: $row['first_name'] </br>" .
"Voted for: $teacherinfo </h5> " .
"<input type='text' name='student_id' value='$row[\'student_id\']' /></br>" .
"<input type='text' name='first_name' value='$row[\'first_name\']' /></br>" .
"<input type='text' name='last_name' value='$row[\'last_name\']' /></br>" .
"<input type='text' name='teacher' value='$teacherinfo' /></br>"
}
?>
<input type="submit" value="Submit Vote" class="inputbutton"/></br></br></br>
</form>
WHILE I left because I do not know if your query can return more than one record, despite appearing to be a key. If you do not need to check the response of the Ragnar.
I'm trying to make a form that uses a drop down, radio buttons, text field, textarea, and a hidden value(the time) then takes that information from that form and updates SQL database.
My form is below and it all loads correctly but I'm having issues updating the values and trying to figure out how to make the radio buttons and dropdowns to work since I can't make the value php code and need to pass the value. Everything I'm finding on the web is how to do text fields where the user types something.
When I select update it just submits the data but nothing changes. On my update.php I have a sanitize function at the very end and am unsure how to pass the variables in. Do I create an array named $var and input all my variables into it or pass each variable at a time?
I've been searching the web for HOW TO's and am currently reading two books but they don't go into enough detail so thanks for any assistance.
control.php
<?php
session_start();
if( !isset($_SESSION['myusername']) ){ header("Location: login.php"); }
?>
<?php
require("../../system/templates/includes/constants.php");
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
if(!$connection) { die("Database connection failed: " .mysql_error()); }
$db_select = mysql_select_db(DB_NAME,$connection);
if(!$db_select) { die("Database selection failed: " . mysql_error()); }
?>
<form method="post" action="update.php">
<select name="name" required="true" value="<?php echo $row['name']; ?>">
<?php
$query="SELECT id, name FROM modules";
$result=mysql_query($query);
while ($row=mysql_fetch_array($result)) {
echo "<option value=\"" . $row['id'] . "\">" . $row['name'] . "</option>";
}
?>
</select>
<br />
Select Status:
Red <input type="radio" value="red" name="status" />
Yellow <input type="radio" value="yellow" name="status" />
Green <input type="radio" checked="checked" value="green" name="status" />
<br />
Reason:
<br />
<select name="reason" required="true">
<option value="0" selected="selected" value="">Select Reason</option>
<option value="ONLINE">Online</option>
<option value="MAINTENANCE">Maintenance</option>
<option value="ERROR">Error</option>
<option value="OFFLINE">Offline</option>
<option value="">No Reason</option>
</select>
<br />
ETA:
<br />
<input type="text" name="eta" value="<?php echo $row['eta']; ?>" maxlength="8" />
<br />
Description:
<br />
<textarea rows="5" cols="30" name="explanation" wrap="hard" required="true" maxlength="320" value="<?php echo $row['description']; ?>" /></textarea>
<br />
<div align="right">
<input name="update" type="submit" value="Update"/>
<input type="hidden" name="last_updated" value="<?php $mysqldate = date ('H:i'); $phpdate = strtotime ( $mysqldate );?> />
</form>
update.php
<?php
print_r(_POST);
if(isset($POST['update']))
{
$connection = mysql_connect(DB_SERVER, DB_USER, DB_PASS);
if(! $connection)
{
die('Could not connect: ' .mysql_error());
}
$name = $POST['name'];
$status = $POST['status'];
$reason = $POST['reason'];
$eta = $POST['eta'];
$description = $POST['description'];
$last_updated = $POST['last_updated'];
$updated_by = $POST['updated_by'];
$sql = "UPDATE module SET status = $status , reason = $reason , eta = $eta , description = $description , last_updated = $last_updated , updated_by = $updated_by WHERE name = $name";
mysql_select_db('status');
$retval = mysql_query ( $sql, $connection);
if (!retval)
{
die('Could not update data: ' . mysql_error());
}
echo "Updated data successfully";
mysql_close($connection);
} else {
// not sure what to do here
}
function sanitizeString($var)
{
$var = stripslashes($var);
$var = htmlentities($var);
$var = strip_tags($var);
return $var;
}
function sanitizeMySQL($var)
{
$var = mysql_real_escape_string($var);
$var = satnizeString($var);
return $var;
}
header("Location: control.php");
?>
As always I greatly appreciate any assistance anyone can offer. I'm still in the very early stages of learning this and this website and community has helped me more than any book/tutorial I've read so far.
Your SQL statement needs quotation marks for each parameter.
$sql = "UPDATE module SET status = '$status' , reason = '$reason' , eta = '$eta' , description = '$description' , last_updated = '$last_updated' , updated_by = '$updated_by' WHERE name = '$name' ";
As for the sanitizeString() function, it only takes in one string at a time. Maybe something like the one below may be simple and clean:
$params = array($name, $status, $reason); // put all your params in here
foreach ($params as &$p) { // the '&' before $p is essential, so do not forget it
$p = sanitizeString($p);
}
Hope it helps.