I am new to PHP and want to create a form where the user inserts data into the form (which works) and then that gets stored on MYSQL DB (that works), now the data has to be displayed and then must be able to modify certain records, now I have the part where the records shows and also the "edit" button, but something went wrong somewhere as the same record keeps appearing, so I guess something is wrong with my code :(
Please help:
Here is the index.php code:
<?php
include('dbinfo.php');
$sql="SELECT * FROM stats";
$result = mysql_query($sql, $db) or die (mysql_error());
$pageTitle = "My Stats Database";
include("header.php");
print <<<HERE
<h2> My Contacts</h2>
Select a Record to update add new stat.
<table id="home">
HERE;
while ($row=mysql_fetch_array($result)){
$id=$row["id"];
$type=$row["type"];
$depthead=$row["depthead"];
$person=$row["person"];
$descr=$row["descr"];
$recdate=$row["recdate"];
$tolog=$row["tolog"];
$senttorev=$row["senttorev"];
$recfromrev=$row["recfromrev"];
print <<<HERE
<tr>
<td>
<form method="POST" action="updateform.php">
<input type="hidden" name="sel_record" value="$id">
<input type="submit" name="update" value=" Edit " </form>
</td>
<td><strong> Description: </strong>$descr,<p> <strong>Type: </strong>$type</p> <p><strong> Department Head: </strong>$depthead</p>
<strong> Test Analyst: </strong> $person<br/></td>
HERE;
}
print "</tr></table></body></html>";
?>
Then here is my update updateform.php script:
<?php
include("dbinfo.php");
$sel_record = $_POST['sel_record'];
//$sel_record = (isset($_POST['sel_record'])) ? $_POST['sel_record'] : '';
$sql = "SELECT * FROM stats WHERE id = 'sel_record'";
//execute sql query and get result
$result = mysql_query($sql, $db) or die (mysql_error());
if (!$result) {
print "<h1> Something went wrong!</h1>";
} else
{ //begin while loop
while ($record = mysql_fetch_array($result, MYSQL_ASSOC)){
$id = $record["id"];
$type = $record['type'];
$depthead = $record['depthead'];
$person = $record["person"];
$descr = $record["descr"];
$recdate = $record["recdate"];
$tolog = $record["tolog"];
$senttorev = $record["senttorev"];
$recfromrev = $record["recfromrev"];
}
}
//end while loop
$pagetitle = "Edit Stat";
include ("header.php");
print <<<HERE
<h2> Modify this Stat</h2>
<p> Change the values in the boxes and click "Modify Record" button </p>
<form id="stat" method="POST" action="update.php">
<input type="hidden" name="id" value="$id">
<div>
<label for="type">Type*:</label>
<input type="text" name="type" id="type" value="$type">
</div>
<p>
</p>
<div>
<label for = "depthead" >Department Head*:</label>
<input type = "text" name = "depthead" id = "depthead" value = "$depthead">
</div>
<p>
</p>
<div>
<label for="person">Test Analyst*:</label>
<input type="text" name="person" id="person" value="$person">
</div>
<p>
</p>
<div>
<label for="descr">Description*:</label>
<input type="text" name="descr" id="descr" value="$descr">
</div>
<p>
</p>
<div>
<label for="recdate">Date Received*:</label>
<input type="text" name="recdate" id="recdate" value="$recdate">
</div>
<p>
</p>
<div>
<label for="tolog">Date to log*:</label>
<input type="text" name="tolog" id="tolog" value="$tolog">
</div>
<p>
</p>
<div>
<label for="senttorev">Sent to Rev:</label>
<input type="text" name="senttorev" id="senttorev" value="$senttorev">
</div>
<p>
</p>
<div>
<label for="recfromrev">Received from Rev*:</label>
<input type="text" name="recfromrev" id="recfromrev" value="$recfromrev">
</div>
<p>
</p>
<div id="mySubmit">
<input type="submit" name="submit" value="Modify Record">
</div>
</form>
HERE;
?>
And then the actual updating of the mysql has an update.php script:
<?php
include "dbinfo.php";
$id = $_POST['id'];
$type = $_POST['type'];
$depthead = $_POST['depthead'];
$person = $_POST['person'];
$descr=$_POST['descr'];
$recdate=$_POST['recdate'];
$tolog=$_POST['tolog'];
$senttorev=$_POST['senttorev'];
$recfromrev=$_POST['recfromrev'];
$sql="UPDATE stats SET
depthead='$depthead',
person='$person',
descr='$descr',
recdate='$recdate',
tolog='$tolog',
senttorev='$senttorev',
recfromrev='$recfromrev'
WHERE id='$id'";
$result=mysql_query($sql) or die (mysql_error());
print "<html><head><title>Update Results</titlel></head><body>";
include "header.php";
print <<<HERE
<h1>The new Record looks like this: </h1>
<td>
<p><strong>Type: </strong>$type</p>
<p><strong>Department Head: </strong>$depthead</p>
<p><strong>Test Analyst: </strong> $person</p>
<p><strong>Description: </strong>$descr</p>
<p><strong>Received Date:</strong>$recdate</p>
<p><strong>Date to Log:</strong>$tolog</p>
<p><strong>Sent to rev:</strong>$senttorev</p>
<p><strong>Received from Rev:</strong>$recfromrev</p>
<br/>
HERE;
Can someone please tell me why only one of the records keeps appearing doesn't matter which one I select from my index.php page. For some reason I think it is my $sel_record variable, but I am not sure and have run out of Ideas..
Thank you in advance..
Here's your issue in updateform.php:
$sql = "SELECT * FROM stats WHERE id = 'sel_record'";
That should be:
$sql = "SELECT * FROM stats WHERE id = $sel_record";
You missed out the $ symbol to call a variable, and you don't need quotation marks around an ID.
Related
So I've got a form to edit entries which is populating with what has already been entered from the database. When I make an edit, it is saving and redirecting me back to the listing page with no errors, but it's not changing anything. I'm guessing it's getting confused as to where to pull the values from.
This is the the SQL Query to populate the form with the values (this part works):
<?php
// query db
$gigid = $_GET['gigid'];
$con = mysqli_connect("***********","***********","***********","***********");
$result = mysqli_query($con, "SELECT * FROM gigs WHERE gigid=$gigid") or die(mysqli_error());
$row = mysqli_fetch_array($result);
mysqli_close($con);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$gig_name = $row['gig_name'];
$gig_type = $row['gig_type'];
$gig_date = $row['gig_date'];
$gig_customer = $row['gig_customer'];
$gig_venue = $row['venue_name'];
$gig_fee = $row['gig_fee'];
$gig_status = $row['gig_status'];
}
?>
This is an excerpt from the form:
<form class="form-horizontal" id="create-ticket" method='post' action='edit_gig_process.php? gigid=<?php echo $_GET['gigid']; ?>'>
<fieldset>
<legend>Edit Gig Information</legend>
<input type="hidden" class="input-xxlarge" id="gig_date_created" name="gig_date_created">
<input type="hidden" class="input-xxlarge" id="userid" name="userid">
<div class="control-group">
<label class="control-label" for="gigid">Gig ID</label>
<div class="controls">
<input type="text" name="gigid" disabled="disabled" value="<?php echo $_GET['gigid']; ?>" />
</div>
</div>
<div class="control-group">
<label class="control-label" for="gig_name">Gig Name (Required)</label>
<div class="controls">
<input type="text" class="input-xxlarge" id="gig_name" value="<?php echo $row['gig_name']; ?>" name="gig_name">
</div>
</div>
This is an excerpt from the update query:
$gigid = $_GET['gigid'];
$sql= "UPDATE gigs set
gig_name='$gig_name',
gig_type='$gig_type',
gig_customer='$gig_customer',
gig_date='$gig_date_created',
gig_start_time='$gig_start_time',
gig_end_time='$gig_end_time',
gig_fee='$gig_fee',
gig_status='$gig_status',
venue_name='$venue_name',
venue_address='$venue_address',
venue_contact='$venue_contact',
WHERE
gigid='$gigid'";
header('Location: http://managegigs.com/cp/my-gigs.php');
mysqli_close($con);
You are not running a update query, your update is just a string.
After
$sql= "UPDATE gigs set
gig_name='$gig_name',
gig_type='$gig_type',
gig_customer='$gig_customer',
gig_date='$gig_date_created',
gig_start_time='$gig_start_time',
gig_end_time='$gig_end_time',
gig_fee='$gig_fee',
gig_status='$gig_status',
venue_name='$venue_name',
venue_address='$venue_address',
venue_contact='$venue_contact'
WHERE
gigid='$gigid'";
add:
mysqli_query($con,$sql);
also, at least change this:
$gigid = $_GET['gigid'];
add:
$gigid = mysqli_real_escape_string($gigid);
directly after to have it a little secured. Putting $_GET directly to DB is dangerous.
Uploadpart in complete:
$gig_name = $_POST['gig_name'];
// fetch all $_POST(ed) data
// and secure with
$gig_name = mysqli_real_escape_string($con,$gig_name);
$gigid = $_GET['gigid'];
$gigid = mysqli_real_escape_string($con,$gigid);
$sql= "UPDATE gigs set
gig_name='$gig_name',
gig_type='$gig_type',
gig_customer='$gig_customer',
gig_date='$gig_date_created',
gig_start_time='$gig_start_time',
gig_end_time='$gig_end_time',
gig_fee='$gig_fee',
gig_status='$gig_status',
venue_name='$venue_name',
venue_address='$venue_address',
venue_contact='$venue_contact'
WHERE
gigid='$gigid'";
mysqli_query($con,$sql);
header('Location: http://managegigs.com/cp/my-gigs.php');
mysqli_close($con);
I'm trying to get my post to update just in case I make a mistake the first time around posting an article to my website.
Not sure what I'm doing wrong here.
Here is my update code:
<div class="row">
<?php
$post_title = "";
$description = "";
$id = $_GET['id'];
$result = mysql_query("SELECT title, description FROM htp_news WHERE id='$id'");
$post_title = mysql_result($result,0,"title");
$description = mysql_result($result,0,"description");
?>
<div class="row">
<form method="post" action="update-news.php">
<input type="hidden" name="ud_id" style="width: 100%" value="<? echo "$id"; ?>">
<div class="grid_12 botspacer60">
Title: <input type="text" name="ud_title" value="<?php echo "$post_title"; ?>">
<br /><br />
News Details:<br />
<textarea id="tiny_mce" name="ud_description" rows="8"><?php echo "$description"; ?></textarea>
</div>
<div class="grid_12">
<input type="submit" value="Update">
<input type="button" value="Cancel" onclick="window.location = '/admin'">
</div>
</form>
</div>
</div>
And here is my action page:
<?php
include($_SERVER['DOCUMENT_ROOT'] . "/includes/database.php");
$ud_id = $_POST['ud_id'];
$ud_title = $_POST['ud_title'];
$ud_description = $_POST['ud_description'];
// Insert record into database by executing the following query:
$query="UPDATE htp_news SET title='$ud_title', description='$ud_description' "."WHERE id='$ud_id'";
mysql_query($query);
echo "The post has been updated.<br />
<a href='edit-delete-news.php'>Update another position.</a><br />";
mysql_close();
?>
I appreciate any guidance on the matter.
Add a space before of WHERE Clause in query.
Use below -
$query="UPDATE htp_news SET title='$ud_title', description='$ud_description' WHERE id='$ud_id'";
Try this you need quotes in query
$result = mysql_query("SELECT `title`, `description` FROM `htp_news` WHERE id='$id'");
$query="UPDATE htp_news SET `title`='".$ud_title."', `description`='".$ud_description."' "." WHERE `id`='".$ud_id."'";
It's all going wrong. I need to output a form onto my website that will do 1 of 2 things:
If the user already has content in the database, provide a form that posts to self to update the existing content.
If the user does not have content in the database, provide a form to let the user add information to the database.
The forms should submit to themselves to keep coding tidy. I'm getting into a right mess. I'll show what I have so far, but I'm getting in a muddle.
//look in db to see if content exists, if it does set variable
$result = mysql_query(
"SELECT * from tbl_profiles
WHERE user_id = $who
");
while($row = mysql_fetch_array($result))
{
$profileText = $row['text'];
}
// Check if user has content in db
$result = mysql_query(
"SELECT * FROM tbl_profiles WHERE user_id='$who'");
if(mysql_fetch_array($result) !== false){
echo
'<form action="../edit/indexUpdate.php" method="post" name="edit">
Comments:<br />
<textarea name="updatedText" id="comments">' .
$profileText .'
</textarea><br />
<input type="submit" value="Submit" />
</form>'
;}
else{
$profileText = $row['text'];
echo
"<form action='../edit/index.php' method='post' name='add'>
Comments:<br />
<textarea name='comments' id='comments'>" .
$profileText
."</textarea><br />
<input type='submit' value='Submit' />
</form>"
;}?>
You've pretty much got the functionality there, just needs tidying up.
Try something like this:
<?php
//look in db to see if content exists, if it does set variable
$profileText="";
if($result = mysql_query("SELECT * from tbl_profiles WHERE user_id = $who")) {
while($row = mysql_fetch_array($result))
{
$profileText .= $row['text'];
}
?>
<form action="../edit/indexUpdate.php" method="post" name="edit">
Comments:<br />
<textarea name="updatedText" id="comments">
<?php echo $profileText; ?>
</textarea><br />
<input type="submit" value="Submit" />
</form>
<?php
} else {
?>
<form action='../edit/index.php' method='post' name='add'>
Comments:<br />
<textarea name='comments' id='comments'>
<?php echo $profileText; ?>
</textarea><br />
<input type='submit' value='Submit' />
</form>
<?php
}
?>
The basic idea is to add a record if new and update if not. What you can do is use an id to represent the record or -1 if it's a new entry
Something along the lines of:
//Defaults
$recordid=-1;
$name='';
$comments='';
//look in db to see if content exists, if it does set variable
$result = mysql_query(
"SELECT * from tbl_profiles
WHERE user_id = $who
");
// Check if user has content in db
$result = mysql_query(
"SELECT * FROM tbl_profiles WHERE user_id='$who'");
if(mysql_fetch_array($result) !== false){
//Yes. Get the id
$recordid = $result->id;
//Get the values
$name= $result->name;
$comments= $result->name;
}
<form action="../edit/index.php" method="post" name="formdata">
<input type="hidden" name="recordid" value="<? echo htmlspecialchars($recordid) ?>">
<input type="hidden" name="name" value="<? echo htmlspecialchars($name) ?>">
<textarea name="comments" id="comments"><? echo htmlspecialchars($comments) ?></textarea>
<input type="submit" value="submit"/>
</form>
This way a new form will have a -1 but an existing will have an id.
As an additional point it is very important to sanitize your inputs for SQL and what you output in HTML to stop SQL Injections. For your reference on this:
SQL
Little Bobby Tables
Cross Site Scripting
here is my problem, I want to send id number through select menu using PHP.
Here is the code:
<form name="update" method="post" action="ex_update.php?id=<?php echo ((int)$_POST['get_id']); ?>">
<p><strong>Enter Name:</strong>
<input type="text" name="name">
<br />
ID:
<label for="select"></label>
<select name="get_id">
<?php
$query = "SELECT * FROM test";
$run = mysql_query($query);
while($output = mysql_fetch_array($run)){
echo "<option value=\"{$output['id']}\">{$output['id']}</option>";}
?>
</select>
</p>
<p>
<input type="submit" name="submit" value="Update!">
</p>
</form>
I have tried but when I submit the id in the URL equals to zero. how can I send id to the URL??
here is the ex_update.php >>>
<?php
$connect = mysql_connect("localhost","root","");
$sel_database = mysql_select_db("test");
$id = (int)$_GET["get_id"];
$name = mysql_real_escape_string( $_POST["name"] );
$query = "UPDATE test SET name='{$name}' WHERE id=={$id}";
if($run = mysql_query($query)){
}else{mysql_error();}
?>
Thanks in advance
You can use the form GET method
<form name="update" method="GET" action="ex_update.php">
You can access that select box value using $_GET['get_id'] in ex_update.php
Here is your First Page
Note action of form...
<form name="update" method="post" action="ex_update.php">
<p><strong>Enter Name:</strong>
<input type="text" name="name">
<br />
ID:
<label for="select"></label>
<select name="get_id">
<?php
$query = "SELECT * FROM test";
$run = mysql_query($query);
while($output = mysql_fetch_array($run)){
echo "<option value=\"{$output['id']}\">{$output['id']}</option>";}
?>
</select>
</p>
<p>
<input type="submit" name="submit" value="Update!">
</p>
</form>
And here you can find ex_update.php. Note: $id = (int)$_POST["get_id"];
<?php
$connect = mysql_connect("localhost","root","");
$sel_database = mysql_select_db("test");
$id = (int)$_POST["get_id"];
$name = mysql_real_escape_string( $_POST["name"] );
$query = "UPDATE test SET name='{$name}' WHERE id={$id}";
if($run = mysql_query($query)){
}else{mysql_error();}
?>
I have looked everywhere here in Stackoverflow and I´ve searced 16.493 sites on Google but no answers to the most basic thing in php (edit record)
I´ve managed to code the most complicated stuff - but this is like a cancer and would also help others.
I have to files - edit.php - and update.php
edit.php works and it retrieves the data from the record
Here is the edit.php
<?php
mysql_connect('localhost', 'user', 'pass') or die(mysql_error());
mysql_select_db("db") or die(mysql_error());
$UID = (int)$_GET['id'];
$query = mysql_query("SELECT * FROM cloudbig WHERE id = '$UID'") or die(mysql_error());
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$fs = $row['fs'];
$texti = $row['texti'];
}
?>
<form name="form1" method="post" action="update.php">
<input type="text" name="fs" value="<?php echo $texti ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
<?php
}
?>
and here is update.php
<?php
$id = $_REQUEST["id"];
$fs = $_POST["fs"];
$texti = $_POST["texti"];
mysql_connect('localhost', 'user', 'pass') or die(mysql_error());
echo "MySQL Connection Established! <br>";
mysql_select_db("db") or die(mysql_error());
echo "Database Found! <br>";
$query = "UPDATE cloudbig SET fs = '$fs', texti = '$texti' WHERE id = '$id'";
$res = mysql_query($query);
if ($res)
echo "<p>Record Updated<p>";
else
echo "Problem updating record. MySQL Error: " . mysql_error();
?>
I´ve done a whole news/online magazine site in php but simple edit.php function is a problem
I think that the short answer is that you never post the "id" up to the update.php script. Your form needs to look like this:
<form name="form1" method="post" action="update.php">
<input type="hidden" name="id" value="<?php echo $UID ?>">
<input type="text" name="fs" value="<?php echo $fs; ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
which will send the id into the POST array where it can be accessed by $id = $_REQUEST["id"];
You can also accomplish this by sending it via _GET by modifying the form action:
<form name="form1" method="post" action="update.php?id=<?php echo $UID ?>">
<input type="text" name="fs" value="<?php echo $fs; ?>" size="60">
<textarea rows="8" name="texti" id="userName" cols="60"><?php echo $texti ?></textarea>
<input type="submit" name="save" value="submit" />
</form>
which will put it in the $_GET array where it will also be seen in the $_REQUEST array.
Lastly, there are some MAJOR ISSUES with your code:
First and foremost, it is subject to SQL injection! You MUST escape
your variables before passing them into a MySQL query.
Second. As pointed out by iDifferent, you appear to bve echoing the wrong value into the fs field (you're setting it equal to the texti field)
Third, why do you have this loop?
if(mysql_num_rows($query)>=1){
while($row = mysql_fetch_array($query)) {
$fs = $row['fs'];
$texti = $row['texti'];
}
If you're fetching by ID you should never have duplicates. Make sure that ID is a primary key and there is no reason to check for multiple rows.