I have been updating my members site so it will work with mysqli. I'm rather new to php and mysql.
I have a page where users can edit their information in a form which posts to send_post.php.
Can anyone tell me what is wrong with my code? I just get a white screen and a syntax error, 'unexpected ',' in send_post.php on line 7'.
This is the page with my form.
<?php
// See if they are a logged in member by checking Session data
include_once("php_includes/check_login_status.php");
if (isset($_SESSION['username'])) {
// Put stored session variables into local php variable
$username = $_SESSION['username'];
}
//Connect to the database through our include
include_once "php_includes/db_conx.php";
// Query member data from the database and ready it for display
$sql = "SELECT * FROM members WHERE username='$username' AND activated='1' LIMIT 1";
$user_query = mysqli_query($db_conx, $sql);
// Now make sure that user exists in the table
$numrows = mysqli_num_rows($user_query);
if($numrows < 1){
echo "That user does not exist or is not yet activated, press back";
exit();
}
while ($row = mysqli_fetch_array($user_query, MYSQLI_ASSOC)) {
$state = $row["state"];
$city = $row["city"];
$name = $row["name"];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<link rel="shortcut icon" href="../../assets/ico/favicon.png">
<title>Edit</title>
</head>
<body>
<br>
<div class = "container">
<div align="center">
<h3><br />
Edit your account info here<br />
<br />
</h3>
<table align="center" cellpadding="8" cellspacing="8">
<form action="send_post.php" method="post" enctype="multipart/form-data" name="form"
id="form">
<tr>
<td><div align="right">Name:</div></td>
<td><input name="city" type="text" id="city" value="<?php echo "$name"; ?>"
size="30" maxlength="24" /></td>
</tr>
<tr>
<td><div align="right">State:</div></td>
<td><input name="state" type="text" id="state" value="<?php echo "$state"; ?>"
size="30" maxlength="64" /></td>
</tr>
<tr>
<td><div align="right">City:</div></td>
<td><input name="city" type="text" id="city" value="<?php echo "$city"; ?>"
size="30" maxlength="24" /></td>
</tr>
<tr>
<td> </td>
<td><input name="Submit" type="submit" value="Submit Changes" /></td>
</tr>
</form>
</table>
</div>
</div>
</body>
</html>
This is the form processing page. send_post.php
<?php
if ($_POST['state']) {
$city = $_POST['city'];
$name = $_POST['name'];
//Connecting to sql db.
$connect = mysqli_connect("localhost","username","password","database");
$mysqli_query=($connect,"UPDATE members (`state`, `city`, `name` WHERE
username='$username'");
VALUES ('$state', '$city', '$name')";
mysqli_query($connect, $query);
mysqli_close($connect);
echo "Your information has been successfully added to the database.";
?>
Add a hidden field in the form like this
<input type="hidden" name="username" value="<?php echo $username; ?>">
Change send_post.php
<?php
//checking that all the fields have been entered
if( isset( $_POST['state'] ) && !empty( $_POST['state'] ) )
{
$state = $_POST['state'];
}
if( isset( $_POST['city'] ) && !empty( $_POST['city'] ) )
{
$city = $_POST['city'];
}
if( isset( $_POST['name'] ) && !empty( $_POST['name'] ) )
{
$name = $_POST['name'];
}
if( isset( $_POST['username'] ) && !empty( $_POST['username'] ) )
{
$username = $_POST['username'];
}
//Connecting to sql db.
$mysqli = new mysqli("localhost","username","password","database");
//updating database
$query = $mysqli->query( "UPDATE members SET `state` = '$state', `city` = '$city', `name` = '$name' WHERE `username` = '$username'" );
//closing mysqli connection
$mysqli->close;
//echoing that the information has been added
echo "Your information has been successfully added to the database.";
?>
change
$mysqli_query=($connect,"UPDATE members (`state`, `city`, `name` WHERE
username='$username'");
VALUES ('$state', '$city', '$name')";
to
$mysqli_query=($connect,"UPDATE members (`state`, `city`, `name`) VALUES ('$state', '$city', '$name') WHERE username='$username' ");
Related
I have a system where I want to limit the foreach to a designated user:
My output shows every date Enrolled, I could limit it to only one, but if I do, the single thing shown will be shown to every user as well.
This should only show one Enrolled Since and Not Enrolled Since, but I don't know if I should use an if statement or use a row query. I tried it but it only outputs error "Uncaught Error: Call to a member function result_array() on array in . . ."
(below is the code I tried to use row for, but outputs the said error above.)
<?php
$result_array = $res->result_array();
$results = array();
foreach ($res->result_array() as $row)
{
$results[] = $row;
}
?>
Here is my codes latest code called viewlogs.php
<?php
session_start();
if (!isset($_SESSION['username']))
{
header('location: login.php');
die();
}
?>
<?php
require"config.php";
require"sqlsrv.php";
$id=$_GET['id'];
$sql= 'SELECT * FROM students WHERE id= :id';
$stmt = $db-> prepare($sql);
$stmt->execute([':id' => $id ]);
$data= $stmt->fetch(PDO::FETCH_OBJ);
$query= 'SELECT EmployeeNo, FirstName, MiddleName, LastName, DateHired, ResignationDate FROM TA3.dbo.Employees';
$statement = $conn->query($query);
$statement->execute();
$res=$statement->fetchAll(PDO::FETCH_OBJ);
$q= 'SELECT TimeLogID, EmployeeID, RecordDate, RecordTime, Type, ActualTime FROM TA3.dbo.TimeLogs';
$st = $conn->query($q);
$st->execute();
$re=$st->fetchAll(PDO::FETCH_OBJ);
if (isset ($_POST['fname']) && (isset($_POST['lname']) && (isset($_POST['email']) && (isset($_POST['usn']) && (isset($_POST['schedule']) && (isset($_POST['year']) && (isset($_POST['strand']))))))))
{
$fname = $_POST['fname'];
$mname = $_POST['mname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
$usn = $_POST['usn'];
$schedule = $_POST['schedule'];
$year = $_POST['year'];
$strand = $_POST['strand'];
}
if (isset ($_POST['DateHired']) && (isset($_POST['ResignationDate']) && (isset($_POST['EmployeeNo']))))
{
$DateHired = $_POST['DateHired'];
$ResignationDate = $_POST['ResignationDate'];
$EmployeeNo = $_POST['EmployeeNo'];
}
if (isset ($_POST['TimeLogID']) && (isset($_POST['EmployeeID']) && (isset($_POST['RecordDate']) && (isset($_POST['RecordTime']) && (isset($_POST['Type']) && (isset($_POST['ActualTime'])))))))
{
$TimeLogID = $_POST['TimeLogID'];
$EmployeeID = $_POST['EmployeeID'];
$RecordDate = $_POST['RecordDate'];
$RecordTime = $_POST['RecordTime'];
$Type = $_POST['Type'];
$ActualTime = $_POST['ActualTime'];
}
?>
<!DOCTYPE html>
<html>
<head>
<title>View Logs</title>
<link rel="icon" type="image/png" sizes="16x16" href="image/favicon-16x16.png">
<link rel="icon" type="image/png" sizes="32x32" href="image/favicon-32x32.png">
<meta name= "viewport" content="width= device-width, initial-scale=1">
<script defer src="js/fontawesome-all.js"></script>
<link rel="stylesheet" type="text/css" href="css/style.css">
<link rel="stylesheet" type="text/css" href="css/viewlogs.css">
</head>
<body>
<div class="back"><a class="henny" href="students.php"><i class="fas fa-backward"></i> Back </a></div>
<div class="title"> <h1>Student Logs<span class="blink">_</span></h1></div>
<div class="grid">
<div class="student-info">
<label>First name</label>
<input value="<?= $data->fname; ?>" type="text" name="fname" readonly/>
<label>Middle name</label>
<input value="<?= $data->mname; ?>" type="text" name="mname" readonly/>
<label>Last name</label>
<input value="<?= $data->lname; ?>" type="text" name="lname" readonly/>
<label>USN</label>
<input value="<?= $data->usn; ?>" type="text" name="usn" readonly/>
<label>Strand</label>
<input value="<?= $data->strand; ?>" type="text" name="strand" readonly/>
<label>Schedule</label>
<input value="<?= $data->schedule; ?>" type="text" name="schedule" readonly/>
</div>
<div class="device-info">
<?php
$i = 0;
foreach ($res as $outcome): ?>
<label>Enrolled since</label>
<input value="<?= date('Y-m-d', strtotime($outcome->DateHired)); ?>" type="text" name="enrolled" readonly/>
<label>Not Enrolled since</label>
<input value="<?= $outcome->ResignationDate; ?>" type="text" name="notenrolled" readonly/>
<?php endforeach; ?>
</div>
<div class="logs">
<table style="width:100%" class="logs-table">
<tr>
<th style="width:25%">Date</th>
<th style="width:25%">Time</th>
<th style="width:12%">In</th>
<th style="width:12%">Break in </th>
<th style="width:12%">Break out</th>
<th style="width:12%">Out</th>
</tr>
</table>
</div>
</div>
<?php
$r = $db->prepare("SELECT * FROM students WHERE id LIKE :id");
$r->execute(array( ':id'=>'%'.$id. '%'));
if ($data=$r->fetch())
{
?>
<a class="print" target="_blank" href="print.php?id=<?= $data['id']; ?>"> Print <i class="fas fa-print"></i></a>
<?php
}
?>
</body>
</html>
and my sqlsrv.php
<?php
/*
Connection for sqlsrv
*/
try {
$conn = new PDO( 'sqlsrv:server=(localdb)\\v11.0;'
. 'AttachDBFileName=C:\\PROGRAMDATA\\TOUCHLINK TIME RECORDER 3\\TA3.mdf;Database=TA3');
$query = 'SELECT EmployeeNo, FirstName, MiddleName, LastName, DateHired FROM TA3.dbo.Employees ORDER BY EmployeeNo ASC';
$stmt = $conn->query($query);
$stmt->execute();
}
catch (PDOException $e) {
echo 'Connection failed: ' . $e->getMessage();
}
?>
IIUC - simply filter your query by the specific EmployeeNo (or whatever identifier of web user) by passing as a parameter the value returned from posted HTML form. This requires you to change code order where you run your query after assigning $_POST values.
...
if (isset ($_POST['DateHired']) && (isset($_POST['ResignationDate']) && (isset($_POST['EmployeeNo']))))
{
$DateHired = $_POST['DateHired'];
$ResignationDate = $_POST['ResignationDate'];
$EmployeeNo = $_POST['EmployeeNo'];
}
...
$query= 'SELECT EmployeeNo, FirstName, MiddleName, LastName, DateHired, ResignationDate
FROM TA3.dbo.Employees
WHERE EmployeeNo = ?';
$statement = $conn->prepare($query);
$statement->bind_param(1, $EmployeeNo);
$statement->execute();
$res = $statement->fetchAll(PDO::FETCH_OBJ);
I'm writing a code for a simple registration system. I have this part where I check if the username or email already exist. If this is the case, it should show an error message, but it doesn't work. If the username or email exist, the registration form is submitted anyway.
This is my code
Registration.php
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<link rel="shortcut icon" href="favicon.png" type="image/x-icon"/>
<link rel="icon" type="image/png" href="favicon.png" />
<title>Registro</title>
</head>
<body>
<?php
if(isset($_POST['submit'])){
$mysqli = NEW
MySQLi('localhost','user','pass','database');
$username = $_POST['username'];
$name = $_POST['name'];
$pass= $_POST['pass'];
$email= $_POST['email'];
$phone= $_POST['phone'];
$querya=mysqli_query($mysqli,"select * from table where username='$username' && email='$email'");
$num_rowss=mysqli_num_rows($querya);
if ($num_rowss>0){
echo "Username or password is taken, please write a new one."
}else{
$query = "INSERT INTO table(username,name,pass,email,phone)VALUES('"
. $mysqli->real_escape_string($username) .
"' , '"
. $mysqli->real_escape_string($name) .
"' , '"
. $mysqli->real_escape_string($pass) .
"' , '"
. $mysqli->real_escape_string($email) .
"' , '"
. $mysqli->real_escape_string($phone) .
"')
";
$insert = $mysqli->query($query);
if($insert){
header('Location: login.php');
}
}
$mysqli->close();
}
?>
<div>
<h1>Register</h1>
<form action="" method="post" name="registro" id="formulario"><br><br>
<table>
<tr><td>Username: <input type="text" name="username" id="username" required></td>
</tr>
<tr><td>Name:<input type="text" name="name" id="name" required></td>
</tr>
<tr><td>Password: <input type="password" name="pass" required></td>
</tr>
<tr><td>Email: <input type="email" name="email" required></td>
</tr>
<tr><td>Phone: <input type="text" name="phone" required></td>
</tr>
<tr><td> <input name="submit" id="submit" type="submit" value="Registrar" /></td></tr>
</table><br><br>
</form>
</div>
</body>
A couple things:
Concern on SQL Injection - Use Parameters
It should be OR, NOT &&. You want to know if the username or e-mail is found.
You should have some way to handle errors also.
Your query should read as the following:
$querya=mysqli_query($mysqli,"select * from table where username='$username' OR email='$email'");
$num_rowss=mysqli_num_rows($querya);
Try this. it works for me sorry if not!
$querya = "SELECT username, email FROM table WHERE username = '".$name."' OR email = '".$email."'";
$result = $mysqli->query($sql);
if(mysqli_num_rows($result) > 0)
{
echo 'Username or password is taken, please write a new one.';
}
else
{
I am not sure what the problem is here. The user data is in my MySQL database, and correct. However when I try to login I get an error saying user/password is incorrect. I am trying to login using the users email address. In addition I want to add the first name, and user id to the session.
<?php
session_start();
include_once 'dbconnect_new.php';
if(isset($_SESSION['user'])!="")
{
header("Location: ../index.php");
}
if(isset($_POST['btn-login']))
{
$s_email = mysql_real_escape_string($_POST['email']);
$s_password = mysql_real_escape_string($_POST['password']);
$s_email = trim($s_email);
$s_password = trim($s_password);
$res=mysql_query("SELECT student_id, student_password, student_firstname FROM studentdata WHERE student_email='$s_email'");
$row=mysql_fetch_array($res);
$count = mysql_num_rows($res); // if uname/pass correct it returns must be 1 row
if($count == 1 && $row['student_password']==md5($s_password))
{
$_SESSION['user'] = $row['student_id'];
header("Location: ../index.php");
}
else
{
?>
<script>
alert('Username / Password Seems Wrong !');
</script>
<?php
}
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>New Reg Page</title>
<link rel="stylesheet" href="style.css" type="text/css" />
</head>
<body>
<center>
<div id="login-form">
<form method="post">
<table align="center" width="30%" border="0">
<tr>
<td>
<input type="text" name="email" placeholder="Your Email" required />
</td>
</tr>
<tr>
<td>
<input type="password" name="password" placeholder="Your Password" required />
</td>
</tr>
<tr>
<td>
<button type="submit" name="btn-login">Sign In</button>
</td>
</tr>
<tr>
<td>Sign Up Here</td>
</tr>
</table>
</form>
</div>
</center>
</body>
</html>
Try this code:-
$s_email = mysql_real_escape_string($_POST['email']);
$s_password = mysql_real_escape_string($_POST['password']);
$s_email = trim($s_email);
$s_password = md5(trim($s_password));
$res=mysql_query("SELECT student_id, student_firstname FROM studentdata WHERE student_email='$s_email' AND student_password = '$s_password'");
if (!$res) {
// Debug query result by below code
//echo 'Could not run query: ' . mysql_error();
//exit;
echo '<script language="javascript">';
echo 'alert("Username / Password Seems Wrong !")';
echo '</script>';
}else{
$row = mysql_fetch_row($result);
$stu_id = $row[0];
$stu_fname = $row[1];
$_SESSION['user'] = $stu_id;
header("Location: ../index.php");
}
Hope this will help you :)
Error stating
Notice: Undefined variable: row in E:\xampp\htdocs\Edit_Supp.php on line 9
Notice: Undefined index: id in E:\xampp\htdocs\Edit_Supp.php on line 12
Supplier Updated
Code: Edit_Supp_Form.php
<?php
$SupplierID = $_GET['id'];
//Connect and select a database
mysql_connect ("localhost", "root", "");
mysql_select_db("supplierdetails");
//Run query
$result1 = mysql_query("SELECT * FROM suppliers WHERE SupplierID=$SupplierID");
while($row = mysql_fetch_array($result1)){
$SupplierID = $_GET['id'] = $row['SupplierID'];
$SupplierID = $row['SupplierID'];
$SupplierName = $row['SupplierName'];
$Currency = $row['Currency'];
$Location = $row['Location'];
$ContactNumber = $row['ContactNumber'];
$Email = $row['Email'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1- strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="content-type" content="text/html; charset=utf-8" />
<meta name="description" content="" />
<meta name="keywords" content="" />
<meta name="author" content="" />
<link rel="stylesheet" type="text/css" href="style.css" media="screen" />
<form action="Edit_Supp.php" method="post">
<br>
</br>
<input type="hidden" name="SupplierID" value="<?php echo $SupplierID;?>"/>
Supplier Name: <input type="text" name="SupplierName" value="<?php echo $SupplierName ;?>" />
<br>
</br>
Currency: <input type="text" name="Currency" value="<?php echo $Currency ;?>" />
<br>
</br>
Location: <input type="text" name="Location" value="<?php echo $Location ;?>" />
<br>
</br>
Contact Number:<input type="text" name="ContactNumber" value="<?php echo $ContactNumber ;?>" />
<br>
</br>
Email:<input type="text" name="Email" value="<?php echo $Email ;?>" />
<br>
</br>
<input type="submit" value= "Edit Supplier Information"/>
</form>
</div>
</body>
</html>
//Plus code for the Edit_Sup which is the code behind this page:
<?php
$con = mysql_connect("localhost", "root", "");
mysql_select_db("supplierdetails");
if (!$con)
{
die('Could not connect: ' . mysql_error());
}
//Run a query
$SupplierID= $_POST['id'] = $row ["SupplierID"];
$result1 = mysql_query ("SELECT * FROM suppliers WHERE SupplierID= '".$SupplierID."'") or die (mysql_error());
$row = mysql_fetch_array($result1);
$SupplierID = $_GET['id'];
$SupplierID = $_POST['id'];
$SupplierName = $_POST['SupplierName'];
$Currency = $_POST['Currency'];
$Location = $_POST['Location'];
$ContactNumber = $_POST['ContactNumber'];
$Email = $_POST['Email'];
$SupplierID = $row['SupplierID'];
$query = "UPDATE suppliers SET SupplierName = '".$SupplierName."', Currency = '".$Currency."', Location = '".$Location."', ContactNumber = '".$ContactNumber."', Email = '".$Email."' WHERE SupplierID = '".$SupplierID."'";
$result1 = mysql_query($query);
//Check whether the query was successful or not
if($result1)
{
echo "Supplier Updated";
}
else
{
die ("Query failed");
}
?>
You have referenced $_POST['id'] in Edit_sup.php, but I don't see any input field with the name id.
and line 9 of Edit_sup.php reads -
$SupplierID= $_POST['id'] = $row ["SupplierID"];
I don't see where you got that $row variable from.
You're trying to get $row['id'], I think what you want is $_POST['SupplierID']
I am a newbie, i want to update the database and when i submit the form to update the record, i get this error
Notice: Undefined index: idno in /Library/WebServer/Documents/practice/employee/edit_employee.php on line 6 Call Stack: 0.0001 633952 1. {main}() /Library/WebServer/Documents/practice/employee/edit_employee.php:0
This is the code
<?php
require_once '../includes/configuration.php';
if (!isset($_POST['enter']))
{
$employee_id_passport = $_GET['idno'];
$sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
$result = mysql_query($sql_query, $connection);
$row = mysql_fetch_assoc($result);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">
<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title> </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>
<body>
<form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
<input type="submit" value="Enter" name="submit" />
</form>
</body>
<html>
<?php
}
else
{
$_POST['employee_id_passport'] = $employee_id_passport;
$_POST['first_name'] = $first_name;
$_POST['surname'] = $surname;
$_POST['mobile_number'] = $mobile_number;
$sql_query_update = "UPDATE employee_master SET first_name = '$first_name', SET surname = '$surname', SET mobile_number = '$mobile_number', WHERE employee_id_passport = '$employee_id_passport'";
$result = mysql_query($sql_query_update, $connection);
}
?>
A few bugs in your code.
Never trust Users to input anything without validating and sanitising their data.
Always test for and act on errors or unexpected conditions.
There is no comma before the WHERE clause in an SQL command.
Try the below:
<?php
require_once '../includes/configuration.php';
if( !isset( $_POST ) ){
# No Update Form Submission
if( isset( $_GET['idno'] ) ){
# ID Number Set for Query
$employee_id_passport = mysql_real_escape_string( $_GET['idno'] );
$sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
if( !( $result = mysql_query( $sql_query , $connection ) ) ){
# Query Failed
}elseif( mysql_num_rows( $result )==0 || mysql_num_rows( $result )>1 ){
# Query Succeeded, but No Rows Returned OR More than One Row Returned
}else{
$row = mysql_fetch_assoc( $result );
}
}else{
# No ID Number sent for Query
}
?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">
<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Employee Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>
<body>
<?php if( $row ){ ?>
<form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
<input type="submit" value="Enter" name="submit" />
</form>
<?php } ?>
</body>
<html>
<?php
} else {
# Declare Error Holder
$error = array();
# Declare Field Holder
$field = array();
# Validate
if( !isset( $_POST['employee_id_passport'] ) || $_POST['employee_id_passport']=='' )
$error['employee_id_passport'] = 'No ID/Passport Set';
elseif( !is_int( $_POST['employee_id_passport'] ) )
$error['employee_id_passport'] = 'ID/Passport is not a Number';
else
$field['employee_id_passport'] = mysql_real_escape_string( $_POST['employee_id_passport'] );
if( !isset( $_POST['first_name'] ) || $_POST['first_name']=='' )
$error['first_name'] = 'No First Name Set';
else
$field['first_name'] = mysql_real_escape_string( $_POST['first_name'] );
if( !isset( $_POST['surname'] ) || $_POST['surname']=='' )
$error['surname'] = 'No First Name Set';
else
$field['surname'] = mysql_real_escape_string( $_POST['surname'] );
if( !isset( $_POST['mobile_number'] ) || $_POST['mobile_number']=='' )
$error['mobile_number'] = 'No First Name Set';
else
$field['mobile_number'] = mysql_real_escape_string( $_POST['mobile_number'] );
if( !count( $error ) ){
# Validation was Passed
$sql_query_update = "UPDATE employee_master
SET first_name = '{$field['first_name']}',
SET surname = '{$field['surname']}',
SET mobile_number = '{$field['mobile_number']}'
WHERE employee_id_passport = '{$field['$employee_id_passport']}'";
if( !( $result = mysql_query($sql_query_update, $connection) ) ){
# Update Query Failed
}else{
# Update Query OK
}
}
?>
The key idno is not set in your $_GET superglobal. Check your query string for &indo=.