We Keep Coding

How can I sort table output when the query is dependent on a $_GET with only PHP?

I have a Website which presents the tools from one table and the corresponding ratings from another table within on page calles f_toolseite.php. I would like for the user to be able to sort the ratings according to best rating and worst ratings. however, since I am using only php the info which tool is being looked at is getting deleted when i press the button to sort the ratings. What I mean by that is that the $_GET variables im using to get to the tool and ratings the user wishes to see are being deleted from the adress bar.
Ive tought of implementing sessions but i cant get it to work. is there any way i can solve this problem with php only?
here is my code
for f_toolseite.php
'''
<html>
<head>
<center>
<div class="tool-container">
<?php
$name = mysqli_real_escape_string($conn, $_GET['name']);
$sql = "SELECT * FROM Tools WHERE t_name = '$name' ";
$result = mysqli_query($conn, $sql);
$queryResults = mysqli_num_rows($result);
if($queryResults > 0 ){
while ($row = mysqli_fetch_assoc($result)){
## $image = base64_encode($row['t_bild']);
## echo "
## <img src=data:image/png;base64,'$image'>";
echo " <div class='tool-box'>
<img src=".$row['t_logo']. " width= 200>
<h3> ".$row['t_kategorie']."</h3>
<br>
<img src=".$row['t_bild']. " width= 800>
<br>
<br>
<p>".$row['t_beschreibung']."<p>
<br>
<p><b>Probier's doch gleich aus!</b></p>
".$row['t_link']."
</div>";
}
}
?>
<br>
<br>
<br>
<br>
<div class="avg-container">
<?php
$id = mysqli_real_escape_string($conn, $_GET['id']);
$sql3 = "SELECT ROUND (AVG (b_nivg)) AS average FROM Bewertungen WHERE t_id = '$id'";
$result3 = mysqli_query($conn, $sql3);
$row = mysqli_fetch_assoc($result3);
$average = $row['average'];
echo ("ALLES IN ALLEM EINE $average VON 10 ");
$sql4 = "SELECT b_industrie
COUNT(b_industrie) AS oft
FROM Bewertungen WHERE t_id = '$id'
GROUP BY b_industrie
ORDER BY oft DESC
LIMIT 1";
$result4 = mysqli_query($conn, $sql4);
$row = mysqli_fetch_assoc($result4);
$industry = $row['oft'];
echo ("Am beliebtesten in der $industry Industrie ");
?>
</div>
<br>
<br>
<br>
<div class="filter-container">
<form action="f_toolseite.php" method="post">
<select name="sort">
<option value="" selected="selected">Nach den neusten Bewertungen geordnet</option>
<option value="b_nivg ASC">Am besten bewertet</option>
<option value="b_nivg DESC">Am schlechtesten bewertet</option>
</select>
<input name="search" type="submit" value="Ordnen"/>
</form>
<?php
if(isset($_POST['sort'])) {
$sort = $_POST['sort'];
}
?>
</div>
<div class="rate-container">
<?php
$id = mysqli_real_escape_string($conn, $_GET['id']);
if(!empty($sort)){
$sql2 = "SELECT * FROM Bewertungen WHERE t_id = '$id' ORDER BY b_datum DESC,'$sort'";
}
else{
$sql2 = "SELECT * FROM Bewertungen WHERE t_id = '$id' ORDER BY b_datum DESC";
}
$result2 = mysqli_query($conn, $sql2);
$queryResults2 = mysqli_num_rows($result2);
$crown= "https://project-disti.wbs.hs-rm.de/learn/ss2021/workspace/dbmgruppe2/Collatio%20(22.06.2021)/img/Webtool-Bilder/crown_PNG16.png";
if($queryResults2 > 0 ){
while ($row = mysqli_fetch_assoc($result2)){
echo " <div class='rating-box'>
<p>".$row['b_vorname']." ".$row['b_nachname']."</p>
<br>
<p>".$row['b_industrie']."</p>
<p>".$row['b_dauer']."<p>
<p>".$row['b_niveau']."<p>
".( $row['b_exp'] == 'pro' ? "<img src= $crown width:10 />" : "" )."
<p>Design: ".$row['b_niv1']." / 10 </p>
<p>Intuitivität: ".$row['b_niv2']." / 10 </p>
<p>Vielseitigkeit: ".$row['b_niv3']." / 10 </p>
<p>Mehrwert: ".$row['b_niv4']." / 10 </p>
<p>Einzigartigkeit: ".$row['b_niv5']." / 10 </p>
<p>Gesamteindruck: ".$row['b_nivg']." / 10 </p>
<p>".$row['b_pro']."<p>
<p>".$row['b_con']."</p>
<p>".$row['b_kommentar']."</p>
<p>".$row['b_datum']."</p>
<br>
<br>
</div>";
}
}
?>
</div>
<footer>
<?php include '../Include/footer.php';?>
</footer>
</body>
</html> '''

You need to change your html form like this and to fetch sort value in from get request instead of post
<form action="f_toolseite.php" method="get">
<input type = "hidden" name = "name" value = "<?= $_GET['name'] ?>" />
<input type = "hidden" name = "id" value = "<?= $_GET['id'] ?>" />
<select name="sort">
<option value="" selected="selected">Nach den neusten Bewertungen geordnet</option>
<option value="b_nivg ASC">Am besten bewertet</option>
<option value="b_nivg DESC">Am schlechtesten bewertet</option>
</select>
<input name="search" type="submit" value="Ordnen"/>

not able to get values from database and updating values to the database

into schooling entry form, I am not able to get value of employee_id from post.
I did Print_r for $employee_id, blank output is rendered.
Also if allocated static value to $employee_id, $sum contains only value posted through the form, instead it should show the value from input form plus value from existing value available in database.
<?php
$get = db_query("SELECT field_employee_id_value FROM field_data_field_employee_id ORDER BY field_employee_id_value ASC");
$getempnames = db_query("SELECT field_employee_id_value FROM field_data_field_employee_id ORDER BY field_employee_id_value ASC");
if(isset($_POST['apply'])){
$sql = db_query("SELECT COUNT(id) as count_id FROM schooling WHERE employee_id = '$_POST[employee_id]' AND claim_year = '$_POST[claim_year]'");
$row = $sql->fetchAssoc();
if('1' == $row['count_id']){
$sqlupdate = db_query("UPDATE schooling SET limit_amount = '".$_POST['limit_amount']."' WHERE employee_id = '$_POST[employee_id]'");
echo "Schooling limit updated to user ";
} elseif ('0' == $row['count_id']){
$sqlinsrt = db_query("INSERT INTO schooling (employee_id, limit_amount, claim_year) VALUES ('".$_POST["employee_id"]."','".$_POST["limit_amount"]."','".$_POST["claim_year"]."')" );
echo "Schooling limit applied to user";
} else{
echo "Already Applied schooling limit";
}
}
if(isset($_POST['save'])){
$employee_id = $_POST['employee_id'];
$claim_amount = $_POST['claim_amount'];
$claim_year = $_POST['claim_year'];
$sqlchkemp = db_query("SELECT COUNT(id) as count_id FROM schooling WHERE employee_id = '$employee_id' AND claim_year = '$claim_year'");
$empavailable = $sqlchkemp->fetchAssoc();
if('1' == $empavailable['count_id']){
$getlimit = db_query("SELECT limit_amount FROM schooling WHERE employee_id = '$employee_id' AND claim_year = '$claim_year'");
$limit = $getlimit->fetchAssoc();
$getemptotalclaim = db_query("SELECT claim_amount FROM schooling
WHERE employee_id = '$employee_id' AND claim_year = '$claim_year'");
$emptotalclaim = $getemptotalclaim->fetchAssoc();
$totalclaimed = array_sum($emptotalclaim);
$availability = $limit['limit_amount'] - $_POST['claim_amount'];
$sum = $totalclaimed['claim_amount'] + $claim_amount;
if ($sum <= $limit['limit_amount']){
$sqlinsert = db_query("UPDATE schooling SET claim_amount = '$sum' WHERE employee_id = '$employee_id'");
echo "values updated successfuly";
}
else{
echo "limit is over, you can avail total amount ".$availability." as per ".$limit['limit_amount']." alloted";
}
}
else{
echo "employee schoolig limit is not set";
}
}
?>
<html>
<body>
<form id='applylimit' action='' method='post' accept-charset='UTF-8'>
<fieldset>
<label>Apply Schooling Limit amount to Employee</label>
<label for='employee_id'>Employee Id</label>
<select name='employee_id'>
<option value="0">Please Select</option>
<?php
while($row = $getempnames->fetchAssoc())
{
?>
<option value = "<?php echo($row['field_employee_id_value'])?>">
<?php echo($row['field_employee_id_value']) ?>
</option>
<?php
}
?>
</select>
<label for='limit_amount'>Limit Amount</label>
<input type='number' name='limit_amount' id='limit_amount' maxlength="50" />
<label for='claim_year'>Claim Year</label>
<select type='number' name='claim_year' id='claim_year' maxlength="50">
<option value="2018-19">2018-19</option>
<option value="2019-20">2019-20</option>
</select>
<button type="submit" name="apply">Apply</button>
</fieldset>
</form>
<form id='schoolingentry' action='' method='post' accept-charset='UTF-8'>
<fieldset>
<label for='employee_id'>Employee Id </label>
<select name='employee_id'>
<option value="0">Please Select</option>
<?php
while($rowemp = $get->fetchAssoc())
{
?>
<option value = "<?php echo($row['field_employee_id_value'])?>" >
<?php echo($rowemp['field_employee_id_value']) ?>
</option>
<?php
}
?>
</select>
<label for='claim_amount'>Claim Amount</label>
<input type='number' name='claim_amount' id='claim_amount' maxlength="50" />
<label for='claim_year'>Claim Year</label>
<select name='claim_year' id='claim_year' maxlength="50">
<option value = "2018-19">2018-19</option>
<option value = "2019-20">2019-20</option>
</select>
<button type="submit" name="save">save</button>
</fieldset>
</form>
</body>
</html>

word of warning, do not put anything submitted from a $_POST straight into a database query. You should sanitize it all by passing in the parameters.
e.g.
$result = db_query('SELECT n.name FROM users n WHERE n.name = :name', array(':name' => $name));
If the first query isn't returning any results, it's likely those two parameters you are passing into the string are not what you expect, or not valid. Try echoing out the two variables, then running the SQL query manually.
Or if you want Drupal to be a bit more verbose, wrap it in a exception catcher..
e.g.
catch (\PDOException $e) {
$error = $e->getMessage();

How to send all possible WHERE options to mysqli?

Hello everyone I am sending 3 var via form / select / input to mysqli_fetch which creates div with another var and put there image which have same id as name.jpg.
Question : How to make option all for instance in colors to send all possible colors to $color_val?
<form action="produkt.php" method="post">
<!-- COLOR-->
<li>
<img class="img_search_bar" src="../img/search/color.jpg" />
<select id="color" name="color">
<option value="all" selected="selected">ALL</option>
<option value="blue">blue</option>
<option value="red">red</option>
<option value="black">black</option>
<option value="white">white</option>
</select>
</li>
<!-- 2 more like this for size and type-->
<INPUT TYPE="submit" name="submit" /></a> <!-- refresh page-->
</form>
<?php
if(isset($_POST['submit'])){
// Storing Selected Value In Variable
$color_val = $_POST['color'];
$size_val = $_POST['size'];
$type_val = $_POST['type'];
// Displaying Selected Value
echo "COLOR :" .$color_val;
echo "<br>SIZE :" .$size_val;
echo "<br>TYPE :" .$type_val;
//making connection to database
$link = mysqli_connect("localhost", "root","" ,"test");
//selecting query from database where var = select var
$query = "SELECT * FROM testtable WHERE color = '$color_val' AND size ='$size_val' AND type = '$type_val'";
if ($result = mysqli_query($link, $query)){
/* fetch associative array */
while ($row = mysqli_fetch_assoc($result)) {
printf ("
<div id='produkt_table'>
<img class='produkt_ikon' src='../img/produkt/ikon/%s.jpg'>
<h3> name : name </h3>
<h4> Prize : %s </h4>
<h5> Stock : %s </h5>
</div>
", $row["id"], $row["prize"], $row["stock"]);
}
/* free result set */
mysqli_free_result($result);
}
}
/* close connection mysqli_close($link);*/
?>

BIG FAT WARNING: YOUR CODE IS INSECURE, SO IS MY EXAMPLE! READ BOTTOM FOR MORE!
Your description is very vague, but I give it a try.
$query = "SELECT * FROM testtable WHERE color = '$color_val' AND size ='$size_val' AND type = '$type_val'";
If you want to match all colors when $color_val === 'ALL', you have to make the query conditional.
Note: this code and your code is INSECURE
if ($color_val === 'ALL' && empty($color_val)) {
$query = "SELECT * FROM testtable WHERE size ='$size_val' AND type = '$type_val'";
} else {
$query = "SELECT * FROM testtable WHERE color = '$color_val' AND size ='$size_val' AND type = '$type_val'";
}
About that Security-Thing
Your code is open to SQL injection, I suggest you start reading the PHP Manual on it or simply google for it.
You don't validate, you don't escape, you could just give away the password to your database as well.

The following code should do. I have made slight changes in your code to get this. You could now optimize this too.
the changes
in html part i have changed the value of option 'all' to 1. this is to easily check the condition in the back end.
The variable $Query_appender is used to store part of the query. if there is a specific color coming through, it will carry the condition else it will carry simply 1.
now i have modified your query to change the color condition to last and appended the value in the variable.
This said, if its just the color, you can check the value of the post variable and write two different queries in a conditional statement.
<form action="produkt.php" method="post">
<!-- COLOR-->
<li>
<img class="img_search_bar" src="../img/search/color.jpg" />
<select id="color" name="color">
<option value="1" selected="selected">ALL</option>
<option value="blue">blue</option>
<option value="red">red</option>
<option value="black">black</option>
<option value="white">white</option>
</select>
</li>
<!-- 2 more like this for size and type-->
<INPUT TYPE="submit" name="submit" /></a> <!-- refresh page-->
</form>
<?php
if(isset($_POST['submit'])){
// Storing Selected Value In Variable
$color_val = $_POST['color'];
$size_val = $_POST['size'];
$type_val = $_POST['type'];
$Query_appender = '1';
if($color_val!=1)
{
$query_appender = "color = '$color_val'";}
// Displaying Selected Value
echo "COLOR :" .$color_val;
echo "<br>SIZE :" .$size_val;
echo "<br>TYPE :" .$type_val;
//making connection to database
$link = mysqli_connect("localhost", "root","" ,"test");
//selecting query from database where var = select var
$query = "SELECT * FROM testtable WHERE size ='$size_val' AND type = '$type_val' AND ".$Query_appender;
if ($result = mysqli_query($link, $query)){
/* fetch associative array */
while ($row = mysqli_fetch_assoc($result)) {
printf ("
<div id='produkt_table'>
<img class='produkt_ikon' src='../img/produkt/ikon/%s.jpg'>
<h3> name : name </h3>
<h4> Prize : %s </h4>
<h5> Stock : %s </h5>
</div>
", $row["id"], $row["prize"], $row["stock"]);
}
/* free result set */
mysqli_free_result($result);
}
}
/* close connection mysqli_close($link);*/
?>

Try putting this in place of $query = "SELECT * FROM testtable WHERE size ='$size_val' AND type = '$type_val' AND ".$Query_appender;
$query = "SELECT * FROM testtable";
if($color_val !='all' || $size_val !='all' || $type_val !='all')
{
$query_arr = array();
if($color_val !='all')
{
$query_arr[] = "color = '$color_val'";
}
if($size_val !='all')
{
$query_arr[] = "size ='$size_val'";
}
if($type_val !='all')
{
$query_arr[] = "type = '$type_val'";
}
$query .=" where ".implode(" AND ", $query_arr);
}

SQL Update Query not updating records

I have a list of games that when clicked lead to a form that allows users to edit records before updating them.
Here is the Edit Games page;
<?php
$gameID = isset($_GET['gameID']) ? $_GET['gameID'] : '';
$gameYear = isset($_GET['gameYear']) ? $_GET['gameYear'] : '';
$gamePrice = isset($_GET['gamePrice']) ? $_GET['gamePrice'] : '';
$gameName = isset($_GET['gameName']) ? $_GET['gameName'] : '';
$sql = "SELECT * FROM game WHERE gameName = $gameName";
$queryresult = mysqli_query($conn, $sql)
or die (mysqli_error($conn));
$row = mysqli_fetch_assoc($queryresult);
$gameID = $row['gameID'];
$gameYear = $row['gameYear'];
$gamePrice = $row['gamePrice'];
$gameName = $row['gameName'];
?>
<div id="form">
<form action="updateGame.php" id="Update" method="get">
<label> Game ID
<input id="text" name="id" value = "<?php echo $gameID; ?>" />
</label>
<label> Year
<input type = "text" name = "year" value = "<?php echo $gameYear; ?>" />
</label>
<label> Price
<input type = "text" name = "price" value = "<?php echo $gamePrice; ?>" />
</label>
<label> Name
<input type = "text" name = "name" value = "<?php echo $gameName; ?>" />
</label>
<input type = "submit" value = "Update">
Here is the update page that runs when the submit button is clicked;
<?php
$gameID = isset($_GET['gameID']) ? $_GET['gameID'] : '';
$gameYear = isset($_GET['gameYear']) ? $_GET['gameYear'] : '';
$gamePrice = isset($_GET['gamePrice']) ? $_GET['gamePrice'] : '';
$gameName = isset($_GET['gameName']) ? $_GET['gameName'] : '';
$sql = "UPDATE game SET gameYear = '$gameYear', gamePrice = '$gamePrice', gameName = '$gameName' WHERE gameID = '$gameID'";
mysqli_query($conn, $sql)
or die (mysqli_error($conn));
mysqli_close($conn);
echo "Updated";
?>
The edit games page works and I can edit the records, when I press the submit button it comes up with the echo statement saying the record was updated, however, no changes happen and I'm not sure why.

Your form uses name="id", not name="gameID", so your $_GET['gameID'] variable is not set on any of your requests, but $_GET['id'] is. Update your form or your GET page, so that the names match.

You've forgot to append the variables in your query. I should be like this:
$sql = "UPDATE game SET gameYear = '".$gameYear."', gamePrice = '".$gamePrice."', gameName = '".$gameName."' WHERE gameID = '".$gameID."'";

How can I get the information form the database as the same form as I insert the data on it with the stored information in order to update it

How can I get the information from the database in the same php form that I inserted the data on it including the stored information in order to update the data in the database :
I used this update statement but there is an error on it :
$sql="UPDATE findings
SET Finding_ID=$_GET[Finding_ID], ServiceType_ID=$_GET[ServiceType_ID], RootCause_ID=$_GET[RootCause_ID] , RiskRating_ID=$_GET[RiskRating_ID] , Impact_ID=$_GET[Impact_ID] ,Efforts_ID= $_GET[Efforts_ID], Likelihood_ID= $_GET[Likelihood_ID], Finding=$_GET[Finding],Implication=$_GET[Implication] , Recommendation =$_GET[Recommendation] , Report_ID=$_GET[Report_ID]
WHERE Finding_ID=$Finding_ID, ServiceType_ID=$ServiceType_ID, RootCause_ID=$RootCause_ID , RiskRating_ID=$RiskRating_ID , Impact_ID=$Impact_ID ,Efforts_ID= $Efforts_ID, Likelihood_ID= $Likelihood_ID, Finding=$Finding,Implication=$Implication , Recommendation =$Recommendation , Report_ID=$Report_ID";
This is my code for the form that I will insert and update the data :
<?php
$con = mysql_connect("localhost","root","mevooo");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
?>
<form method="post" action="test.php">
<fieldset>
<legend>Insert New Data </legend>
<p> Service Name :
<select name="Services">
<option value=""> </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM servicetype_lookup ");
while($row = mysql_fetch_assoc($result)) {
$id = $row['ServiceType_ID'];
$value = $row['ServiceType_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select>
</p>
Ref : <input type="text" name="ref" /><br />
Title : <input type="text" name="title" /><br />
Risk Rating :
<select name="RiskRating">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM riskrating_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['RiskRating_ID'];
$value = $row['RiskRating_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br />
Root Cause :
<select name="RootCause">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM rootcause_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['RiskCause_ID'];
$value = $row['RiskCause_Title'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br />
Impact :
<select name="impact">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM impact_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['Impact_ID'];
$value = $row['Impact_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br />
Likelihood :
<select name="likelihood">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM likelihood_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['Likelihood_ID'];
$value = $row['Likelihood_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br/>
Efforts :
<select name="Efforts">
<option value=""> -Select- </option>
<?php
mysql_select_db("ers_1", $con);
$result = mysql_query("SELECT * FROM efforts_lookup");
while($row = mysql_fetch_assoc($result)) {
$id = $row['Efforts_ID'];
$value = $row['Efforts_Name'];
echo "<option value='$id'>$value</option>";
}
?>
</select><br/>
Finding : <br/>
<TEXTAREA NAME="Finding" COLS=100 ROWS=10>
</TEXTAREA>
<br/>
Implication: <br/>
<TEXTAREA NAME="Implication" COLS=100 ROWS=10>
</TEXTAREA>
<br/>
Recommendation : <br/>
<TEXTAREA NAME="Recommendation" COLS=100 ROWS=10>
</TEXTAREA>
<br/><input type="submit" value=" Save " onclick="window.location.href='Database.php'" />
</fieldset>
</form>
<?php
mysql_select_db("ers_1", $con);
$sql="UPDATE findings
SET Finding_ID=$_GET[Finding_ID], ServiceType_ID=$_GET[ServiceType_ID], RootCause_ID=$_GET[RootCause_ID] , RiskRating_ID=$_GET[RiskRating_ID] , Impact_ID=$_GET[Impact_ID] ,Efforts_ID= $_GET[Efforts_ID], Likelihood_ID= $_GET[Likelihood_ID], Finding=$_GET[Finding],Implication=$_GET[Implication] , Recommendation =$_GET[Recommendation] , Report_ID=$_GET[Report_ID]
WHERE Finding_ID=$Finding_ID AND ServiceType_ID=$ServiceType_ID AND RootCause_ID=$RootCause_ID AND RiskRating_ID=$RiskRating_ID AND Impact_ID=$Impact_ID AND Efforts_ID= $Efforts_ID AND Likelihood_ID= $Likelihood_ID AND Finding=$Finding AND Implication=$Implication AND Recommendation =$Recommendation AND Report_ID=$Report_ID";
mysql_real_escape_string($insert);
mysql_real_escape_string($Finding_ID);
if (!mysql_query($sql,$con))
{
die('Error: ' . mysql_error());
}
echo "1 record updated .";
mysql_close($con);
?>
<input type="button" value="HOME" onclick="location='Database.php'
">
And this is the error :
Notice: Undefined index: Finding_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: ServiceType_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: RootCause_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: RiskRating_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: Impact_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined index: Efforts_ID in C:\xampp\htdocs\ers\edit.php on line 122
Notice: Undefined variable: Finding_ID in C:\xampp\htdocs\ers\edit.php on line 126
Error: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' ServiceType_ID=, RootCause_ID= , RiskRating_ID= , Impact_ID= ,Efforts_ID= , Lik' at line 2

The condition of WHERE should be using AND, OR instead of comma.
WHERE Finding_ID=$Finding_ID, ServiceType_ID=$ServiceType_ID,....
SHOULD BE
WHERE Finding_ID=$Finding_ID AND ServiceType_ID=$ServiceType_ID AND ...

Your query is basically a welcome door to your database to everyone.
1st: Don't ever use direct get parameters inside query. Work with them at first.
2nd: Always add '' even if it's a number. Gives you some extra security.
3rd: WHERE parameters are separated with AND or OR
<?php
// Convert your ID's to INT ( or other specific type you use )
$_Finding_ID = (int)$_GET['Finding_ID'];
$_ServiceType_ID = (int)$_GET['ServiceType_ID'];
$_RootCause_ID = (int)$_GET['RootCause_ID'];
$_RiskRating_ID = (int)$_GET['RiskRating_ID'];
$_Impact_ID = (int)$_GET['Impact_ID'];
$_Efforts_ID = (int)$_GET['Efforts_ID'];
$_Likelihood_ID = (int)$_GET['Likelihood_ID'];
$_Finding = (int)$_GET['Finding'];
$_Implication = (int)$_GET['Implication'];
$_Recommendation = (int)$_GET['Recommendation'];
$_Report_ID = (int)$_GET['Report_ID'];
$sql = "UPDATE
findings
SET
Finding_ID = '".$_Finding_ID."',
ServiceType_ID = '".$_ServiceType_ID."',
RootCause_ID = '".$_RootCause_ID."',
RiskRating_ID = '".$_RiskRating_ID."',
Impact_ID = '".$_Impact_ID."',
Efforts_ID = '".$_Efforts_ID."',
Likelihood_ID = '".$_Likelihood_ID."',
Finding = '".$_Finding."',
Implication = '".$_Implication."',
Recommendation = '".$_Recommendation."',
Report_ID = '".$_Report_ID."'
WHERE
Finding_ID = '".$Finding_ID."'
AND ServiceType_ID ='". $ServiceType_ID."'
AND RootCause_ID = '".$RootCause_ID."'
AND RiskRating_ID = '".$RiskRating_ID."'
AND Impact_ID = '".$Impact_ID."'
AND Efforts_ID = '".$Efforts_ID."'
AND Likelihood_ID = '".$Likelihood_ID."'
AND Finding = '".$Finding."'
AND Implication = '".$Implication."'
AND Recommendation = '".$Recommendation."'
AND Report_ID = '".$Report_ID."'";
?>
Of course there are many more precautions you can do, but this should do best at start.
PS: Long queries are easier to manage and read when divided like that; and try to keep your code clean and pretty. No one likes a scrambled code to work with.