So I've got a form to edit entries which is populating with what has already been entered from the database. When I make an edit, it is saving and redirecting me back to the listing page with no errors, but it's not changing anything. I'm guessing it's getting confused as to where to pull the values from.
This is the the SQL Query to populate the form with the values (this part works):
<?php
// query db
$gigid = $_GET['gigid'];
$con = mysqli_connect("***********","***********","***********","***********");
$result = mysqli_query($con, "SELECT * FROM gigs WHERE gigid=$gigid") or die(mysqli_error());
$row = mysqli_fetch_array($result);
mysqli_close($con);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$gig_name = $row['gig_name'];
$gig_type = $row['gig_type'];
$gig_date = $row['gig_date'];
$gig_customer = $row['gig_customer'];
$gig_venue = $row['venue_name'];
$gig_fee = $row['gig_fee'];
$gig_status = $row['gig_status'];
}
?>
This is an excerpt from the form:
<form class="form-horizontal" id="create-ticket" method='post' action='edit_gig_process.php? gigid=<?php echo $_GET['gigid']; ?>'>
<fieldset>
<legend>Edit Gig Information</legend>
<input type="hidden" class="input-xxlarge" id="gig_date_created" name="gig_date_created">
<input type="hidden" class="input-xxlarge" id="userid" name="userid">
<div class="control-group">
<label class="control-label" for="gigid">Gig ID</label>
<div class="controls">
<input type="text" name="gigid" disabled="disabled" value="<?php echo $_GET['gigid']; ?>" />
</div>
</div>
<div class="control-group">
<label class="control-label" for="gig_name">Gig Name (Required)</label>
<div class="controls">
<input type="text" class="input-xxlarge" id="gig_name" value="<?php echo $row['gig_name']; ?>" name="gig_name">
</div>
</div>
This is an excerpt from the update query:
$gigid = $_GET['gigid'];
$sql= "UPDATE gigs set
gig_name='$gig_name',
gig_type='$gig_type',
gig_customer='$gig_customer',
gig_date='$gig_date_created',
gig_start_time='$gig_start_time',
gig_end_time='$gig_end_time',
gig_fee='$gig_fee',
gig_status='$gig_status',
venue_name='$venue_name',
venue_address='$venue_address',
venue_contact='$venue_contact',
WHERE
gigid='$gigid'";
header('Location: http://managegigs.com/cp/my-gigs.php');
mysqli_close($con);
You are not running a update query, your update is just a string.
After
$sql= "UPDATE gigs set
gig_name='$gig_name',
gig_type='$gig_type',
gig_customer='$gig_customer',
gig_date='$gig_date_created',
gig_start_time='$gig_start_time',
gig_end_time='$gig_end_time',
gig_fee='$gig_fee',
gig_status='$gig_status',
venue_name='$venue_name',
venue_address='$venue_address',
venue_contact='$venue_contact'
WHERE
gigid='$gigid'";
add:
mysqli_query($con,$sql);
also, at least change this:
$gigid = $_GET['gigid'];
add:
$gigid = mysqli_real_escape_string($gigid);
directly after to have it a little secured. Putting $_GET directly to DB is dangerous.
Uploadpart in complete:
$gig_name = $_POST['gig_name'];
// fetch all $_POST(ed) data
// and secure with
$gig_name = mysqli_real_escape_string($con,$gig_name);
$gigid = $_GET['gigid'];
$gigid = mysqli_real_escape_string($con,$gigid);
$sql= "UPDATE gigs set
gig_name='$gig_name',
gig_type='$gig_type',
gig_customer='$gig_customer',
gig_date='$gig_date_created',
gig_start_time='$gig_start_time',
gig_end_time='$gig_end_time',
gig_fee='$gig_fee',
gig_status='$gig_status',
venue_name='$venue_name',
venue_address='$venue_address',
venue_contact='$venue_contact'
WHERE
gigid='$gigid'";
mysqli_query($con,$sql);
header('Location: http://managegigs.com/cp/my-gigs.php');
mysqli_close($con);
Related
Been trying to get this PHP to send to my database but for some reason it won't work but it isn't giving me any errors either. The code probably isn't the prettiest only been working on PHP for 6 months so any help is much appreciated.
<form method="POST">
<div class="form-group">
<label for="exampleFormControlSelect1">Send Message to: </label>
<select class="form-control" id="slectrecipient" name="recipient">
<?php
include("conn.php");
$info = "SELECT FirstName, SecondName, id FROM PT_accounts WHERE NOT id='$accountid'";
$result4 = $conn->query($info);
if(!$result4){
echo $conn->error;
}
while($row4 = $result4->fetch_assoc()){
$recipientfirst = $row4['FirstName'];
$recipientsecond = $row4['SecondName'];
$recipientid = $row4['id'];
echo "<option value='$recipientid'> $recipientfirst $recipientsecond</option>";
}
if(isset($_POST['messagetext'])){
$currentdate = date("Y-m-d H:i:s");
$messagetext = $_POST['messagetext'];
$recipid = $_POST['recipient'];
echo $currentdate;
echo $messagetext;
echo $recipid;
$messageinsert = "INSERT INTO PT_Messages (SenderID, RecipientID, Date, Message)
VALUES ('$accountid', '$recipid', '$currentdate', '$messagetext') ";
$result5 = $conn->query($messageinsert);
if(!$result5){
echo $conn->error;
}else{
echo "<p> $messageinsert</p>";
echo "<p>Message Sent!</p>";
}
}
?>
</select>
</div>
<div class="form-group">
<label for="exampleFormControlTextarea1">Message :</label>
<text class="form-control" id="messagetext" rows="3"></textarea>
</div>
<input type="submit" class="btn btn-primary btn-sm" value="Send">
</form>
I know there's two $row and $results but I've altered these in my actual to be different so I know that's not the issue. I'm unsure if it's the select tag with the option value that isn't written correctly. Or if I have to somehow set the dropdown menu selection as a PHP variable to then be sent to the database?
Thanks to user3783243
I didn't name the textarea but had set it as an id.
<input type="text" class="form-control" name="messagetext" id="messageid" rows="3">
I had it as id="messagetext"
I'm trying to do an update page, the data that I'm fetching are input texts, dates, dropdowns and a textarea.
The data on input texts & date works completely fine however, the data on my dropdowns and textarea wont appear.
I still can update it, the only problem here is it just won't appear. So I'm hoping if anybody can help me and see what I missed in my coding.
How my form looks like:
Solution:
I've found the solution to this question and below is my new html coding. There a few php coding that I edited at the dropdown and the dates.
Updated html code:
php code that are outside from my html:
<?php
session_start();
require('db.php');
include("auth.php");
$noID=$_REQUEST['noID'];
$query = "SELECT * from daftartempah where noID='".$noID."'";
$result = mysqli_query($con, $query) or die ( mysqli_error());
$row = mysqli_fetch_assoc($result);
?>
php code that are inside my html:
<?php
$status = "";
if(isset($_POST['new']) && $_POST['new']==1)
{
$noID=$_REQUEST['noID'];
$trn_date = date("Y-m-d H:i:s");
$pemohon =$_REQUEST['pemohon'];
$trkhMula = $_REQUEST['trkhMula'];
$trkhAkhir =$_REQUEST['trkhAkhir'];
$n_program = $_REQUEST['n_program'];
$lokasi =$_REQUEST['lokasi'];
$n_anjuran = $_REQUEST['n_anjuran'];
$catatan = $_REQUEST['catatan'];
$status_hr = $_REQUEST['status_hr'];
$submittedby = $_SESSION["username"];
$update="update daftartempah set trn_date='".$trn_date."', pemohon='".$pemohon."', trkhMula='".$trkhMula."', trkhAkhir='".$trkhAkhir."', n_program='".$n_program."', lokasi='".$lokasi."', n_anjuran='".$n_anjuran."', catatan='".$catatan."', status_hr='".$status_hr."', submittedby='".$submittedby."' where noID='".$noID."'";
mysqli_query($con, $update) or die(mysqli_error());
$status = "Record Updated Successfully. </br></br>
<a href='Page8.php'>View Updated Record</a>";
echo '<p style="color:#FF0000;">'.$status.'</p>';
}else {
?>
Dropdowns:
<div class="form-group row text-left">
<label for="example-text-input" class="col-3 col-form-label"><b>Dept/Kelab/Anjuran: </b></label>
<div class="col-8">
<select class="form-control" name="n_anjuran" id="namaAnjuran">
<option selected name="" value="<?php echo $row['n_anjuran'];?>"><?php echo $row['n_anjuran'];?></option>
<?php
$sql = mysqli_query($con, "SELECT kd_dept, desc_dept From koddept");
$rows = mysqli_num_rows($sql);
while ($rows = mysqli_fetch_array($sql)){
echo "<option value='". $rows['kd_dept'] ."'>" .$rows['desc_dept'] ."</option>" ;
}
?>
</select>
</div>
</div>
Textarea:
<div class="form-group row text-left">
<label for="exampleTextarea" class="col-3 col-form-label"><b>Catatan: </b></label>
<div class="col-8">
<textarea class="form-control" rows="3" name="catatan" required><?php echo $row['catatan'];?></textarea>
</div>
</div>
My new form:
All questions are welcome, feel free to comment and ask, I'll try to help.
I am trying to do a simple edit/update of my data in the database. But somehow it will not work.
So I am able to read out the saved data into the form. I also don't have any errors
I have stared at my code and googled for hours but I don't see where I might have made a mistake with my code.
The printed echo gives the following output which seems to be right:
HTML code:
<form id="formAddCategory" class="FrmCat" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="form-group">
<!-- hidden id from tbl -->
<input type="hidden" name="hiddenId" value="<?php echo $hiddenID ?>" />
<label for="recipient-name" class="control-label">Category Name:</label>
<input type="text" class="form-control" id="recipient-name1" name="category" required="" value="<?php echo $category ?>" />
</div>
<button type="submit" id="btnEditCat" class="btn btn-danger" name="editCategory">Save Category</button>
</form>
Part of my php code to edit/update:
<?php
//edit/update data to db
if(isset($_POST['editCategory'])){
$categoryUpdate = mysqli_real_escape_string($con, $_POST['category']);
$categoryID = mysqli_real_escape_string($con, $_POST['hiddenId']);
$qry = "UPDATE tbl_Category SET category = $categoryUpdate WHERE category_id = $categoryID";
$result = mysqli_query($con, $qry);
echo $qry;
if($result){
header("Location: category.php");
}
}
?>
You need single quote ' to wrap your parameter:
$qry = "UPDATE tbl_Category SET category = '$categoryUpdate' WHERE category_id = '$categoryID'";
You should use single quotes (') for values
$qry = "UPDATE tbl_Category SET category = '$categoryUpdate' WHERE category_id = '$categoryID'";
Also you can use like this to avoid SQL injection (See here)
$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}
I am new to PHP and want to create a form where the user inserts data into the form (which works) and then that gets stored on MYSQL DB (that works), now the data has to be displayed and then must be able to modify certain records, now I have the part where the records shows and also the "edit" button, but something went wrong somewhere as the same record keeps appearing, so I guess something is wrong with my code :(
Please help:
Here is the index.php code:
<?php
include('dbinfo.php');
$sql="SELECT * FROM stats";
$result = mysql_query($sql, $db) or die (mysql_error());
$pageTitle = "My Stats Database";
include("header.php");
print <<<HERE
<h2> My Contacts</h2>
Select a Record to update add new stat.
<table id="home">
HERE;
while ($row=mysql_fetch_array($result)){
$id=$row["id"];
$type=$row["type"];
$depthead=$row["depthead"];
$person=$row["person"];
$descr=$row["descr"];
$recdate=$row["recdate"];
$tolog=$row["tolog"];
$senttorev=$row["senttorev"];
$recfromrev=$row["recfromrev"];
print <<<HERE
<tr>
<td>
<form method="POST" action="updateform.php">
<input type="hidden" name="sel_record" value="$id">
<input type="submit" name="update" value=" Edit " </form>
</td>
<td><strong> Description: </strong>$descr,<p> <strong>Type: </strong>$type</p> <p><strong> Department Head: </strong>$depthead</p>
<strong> Test Analyst: </strong> $person<br/></td>
HERE;
}
print "</tr></table></body></html>";
?>
Then here is my update updateform.php script:
<?php
include("dbinfo.php");
$sel_record = $_POST['sel_record'];
//$sel_record = (isset($_POST['sel_record'])) ? $_POST['sel_record'] : '';
$sql = "SELECT * FROM stats WHERE id = 'sel_record'";
//execute sql query and get result
$result = mysql_query($sql, $db) or die (mysql_error());
if (!$result) {
print "<h1> Something went wrong!</h1>";
} else
{ //begin while loop
while ($record = mysql_fetch_array($result, MYSQL_ASSOC)){
$id = $record["id"];
$type = $record['type'];
$depthead = $record['depthead'];
$person = $record["person"];
$descr = $record["descr"];
$recdate = $record["recdate"];
$tolog = $record["tolog"];
$senttorev = $record["senttorev"];
$recfromrev = $record["recfromrev"];
}
}
//end while loop
$pagetitle = "Edit Stat";
include ("header.php");
print <<<HERE
<h2> Modify this Stat</h2>
<p> Change the values in the boxes and click "Modify Record" button </p>
<form id="stat" method="POST" action="update.php">
<input type="hidden" name="id" value="$id">
<div>
<label for="type">Type*:</label>
<input type="text" name="type" id="type" value="$type">
</div>
<p>
</p>
<div>
<label for = "depthead" >Department Head*:</label>
<input type = "text" name = "depthead" id = "depthead" value = "$depthead">
</div>
<p>
</p>
<div>
<label for="person">Test Analyst*:</label>
<input type="text" name="person" id="person" value="$person">
</div>
<p>
</p>
<div>
<label for="descr">Description*:</label>
<input type="text" name="descr" id="descr" value="$descr">
</div>
<p>
</p>
<div>
<label for="recdate">Date Received*:</label>
<input type="text" name="recdate" id="recdate" value="$recdate">
</div>
<p>
</p>
<div>
<label for="tolog">Date to log*:</label>
<input type="text" name="tolog" id="tolog" value="$tolog">
</div>
<p>
</p>
<div>
<label for="senttorev">Sent to Rev:</label>
<input type="text" name="senttorev" id="senttorev" value="$senttorev">
</div>
<p>
</p>
<div>
<label for="recfromrev">Received from Rev*:</label>
<input type="text" name="recfromrev" id="recfromrev" value="$recfromrev">
</div>
<p>
</p>
<div id="mySubmit">
<input type="submit" name="submit" value="Modify Record">
</div>
</form>
HERE;
?>
And then the actual updating of the mysql has an update.php script:
<?php
include "dbinfo.php";
$id = $_POST['id'];
$type = $_POST['type'];
$depthead = $_POST['depthead'];
$person = $_POST['person'];
$descr=$_POST['descr'];
$recdate=$_POST['recdate'];
$tolog=$_POST['tolog'];
$senttorev=$_POST['senttorev'];
$recfromrev=$_POST['recfromrev'];
$sql="UPDATE stats SET
depthead='$depthead',
person='$person',
descr='$descr',
recdate='$recdate',
tolog='$tolog',
senttorev='$senttorev',
recfromrev='$recfromrev'
WHERE id='$id'";
$result=mysql_query($sql) or die (mysql_error());
print "<html><head><title>Update Results</titlel></head><body>";
include "header.php";
print <<<HERE
<h1>The new Record looks like this: </h1>
<td>
<p><strong>Type: </strong>$type</p>
<p><strong>Department Head: </strong>$depthead</p>
<p><strong>Test Analyst: </strong> $person</p>
<p><strong>Description: </strong>$descr</p>
<p><strong>Received Date:</strong>$recdate</p>
<p><strong>Date to Log:</strong>$tolog</p>
<p><strong>Sent to rev:</strong>$senttorev</p>
<p><strong>Received from Rev:</strong>$recfromrev</p>
<br/>
HERE;
Can someone please tell me why only one of the records keeps appearing doesn't matter which one I select from my index.php page. For some reason I think it is my $sel_record variable, but I am not sure and have run out of Ideas..
Thank you in advance..
Here's your issue in updateform.php:
$sql = "SELECT * FROM stats WHERE id = 'sel_record'";
That should be:
$sql = "SELECT * FROM stats WHERE id = $sel_record";
You missed out the $ symbol to call a variable, and you don't need quotation marks around an ID.
I have looked everywhere here in Stackoverflow and I´ve searced 16.493 sites on Google but no answers to the most basic thing in php (edit record)
I´ve managed to code the most complicated stuff - but this is like a cancer and would also help others.
I have to files - edit.php - and update.php
edit.php works and it retrieves the data from the record
Here is the edit.php
<?php
mysql_connect('localhost', 'user', 'pass') or die(mysql_error());
mysql_select_db("db") or die(mysql_error());
$UID = (int)$_GET['id'];
$query = mysql_query("SELECT * FROM cloudbig WHERE id = '$UID'") or die(mysql_error());
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$fs = $row['fs'];
$texti = $row['texti'];
}
?>
<form name="form1" method="post" action="update.php">
<input type="text" name="fs" value="<?php echo $texti ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
<?php
}
?>
and here is update.php
<?php
$id = $_REQUEST["id"];
$fs = $_POST["fs"];
$texti = $_POST["texti"];
mysql_connect('localhost', 'user', 'pass') or die(mysql_error());
echo "MySQL Connection Established! <br>";
mysql_select_db("db") or die(mysql_error());
echo "Database Found! <br>";
$query = "UPDATE cloudbig SET fs = '$fs', texti = '$texti' WHERE id = '$id'";
$res = mysql_query($query);
if ($res)
echo "<p>Record Updated<p>";
else
echo "Problem updating record. MySQL Error: " . mysql_error();
?>
I´ve done a whole news/online magazine site in php but simple edit.php function is a problem
I think that the short answer is that you never post the "id" up to the update.php script. Your form needs to look like this:
<form name="form1" method="post" action="update.php">
<input type="hidden" name="id" value="<?php echo $UID ?>">
<input type="text" name="fs" value="<?php echo $fs; ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
which will send the id into the POST array where it can be accessed by $id = $_REQUEST["id"];
You can also accomplish this by sending it via _GET by modifying the form action:
<form name="form1" method="post" action="update.php?id=<?php echo $UID ?>">
<input type="text" name="fs" value="<?php echo $fs; ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
which will put it in the $_GET array where it will also be seen in the $_REQUEST array.
Lastly, there are some MAJOR ISSUES with your code:
First and foremost, it is subject to SQL injection! You MUST escape
your variables before passing them into a MySQL query.
Second. As pointed out by iDifferent, you appear to bve echoing the wrong value into the fs field (you're setting it equal to the texti field)
Third, why do you have this loop?
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$fs = $row['fs'];
$texti = $row['texti'];
}
If you're fetching by ID you should never have duplicates. Make sure that ID is a primary key and there is no reason to check for multiple rows.