I am working on a "forgotten username" system I'm using two forms in two different pages so the code goes as follows:-
recover_page.php:
<form action="security.php" method="post" enctype="multipart/form-data">
Please Enter your email address:<br>
<input type="text" name="email" value="<?php $_POST['email']?>">
<input type="submit" value="submit">
</form>
its php code:
<?php
include "session.php";
include "database/db.php";
$mode_allowed = array('username','password');
if(isset($_GET['mode']) === false && in_array($_GET['mode'],$mode_allowed)===false){
header('location:index.php');
}
?>
now the second page (security.php):
<form action="security.php" method="POST" enctype="multipart/form-data">
<p> Answer this question <p>
<select type="text" selected="selected" name="security_question" value="<?php $security_question?>">
<option name="security_question" value="<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
$array = mysql_fetch_array($security_question);
echo $array[0];
?>">
<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
$array = mysql_fetch_array($security_question);echo $array[0]; ?>
</option> </select> <br>
<input type="text" name="answer"/> <br>
<input type="submit" value="submit">
</form>
its php code :
// code to check if the email exists in the database or no
<?php
include "session.php";
include "database/db.php";
$mode_allowed = array('username','password');
if(isset($_POST['email']) === true && empty($_POST['email']) === false){
if(email_exists($_POST['email']) === false){
echo "Sorry, we can't find this email";
exit();
}
}
?>
//code to search for the answer in the database and compare it with the answer that the user has entered in the field "answer"
<?php
echo "<input type='hidden' name='email' value=' '".$_SESSION['email']."' '>";
if(isset($_POST['answer'])){
$answer = $_POST['answer'];
if(!empty($answer)){
$sql = mysql_query("SELECT `username` FROM `users` WHERE `email` ='".mysql_real_escape_string($_SESSION['email'])."' AND `answer`='".mysql_real_escape_string($answer)."'");
if(mysql_num_rows($sql) == 1){
header('location:last.php?success');
}else {
echo "Wrong answer";
}
}else{
echo "<script type='text/javascript'>alert('you must answer this question');</script>";
}
}
?>
Now this works fine when i write the sql statment without the hidden input like this:-
$sql = mysql_query("SELECT `username` FROM `users` WHERE `answer`='".mysql_real_escape_string($answer)."'");
and also, i can echo out the $_SESSION['email']; and it will give me the right value of the hidden field. so why is the sql unable to get this value?!
Editing the code for you last script (putting the code and the html together), something like this:-
<?php
include "session.php";
include "database/db.php";
$Message = "";
$mode_allowed = array('username','password');
if(isset($_POST['email']) === true && empty($_POST['email']) === false)
{
if(email_exists($_POST['email']) === false)
{
echo "Sorry, we can't find this email";
exit();
}
}
if(isset($_POST['answer']))
{
$answer = $_POST['answer'];
if(!empty($answer))
{
$sql = mysql_query("SELECT `username` FROM `users` WHERE `email` ='".mysql_real_escape_string($_SESSION['email'])."' AND `answer`='".mysql_real_escape_string($answer)."'");
if(mysql_num_rows($sql) == 1)
{
header('location:last.php?success');
}
else
{
$Message = "Wrong answer";
}
}
else
{
echo "<script type='text/javascript'>alert('you must answer this question');</script>";
}
}
?>
<form action="security.php" method="POST" enctype="multipart/form-data">
<p> Answer this question </p>
<select type="text" selected="selected" name="security_question" value="<?php $security_question?>">
<option name="security_question" value="<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
$array = mysql_fetch_array($security_question);
echo $array[0];
?>">
<?php $security_question =mysql_query("SELECT `security_question` FROM `users` WHERE `email`='".mysql_real_escape_string($_POST['email'])."' ");
$array = mysql_fetch_array($security_question);echo $array[0]; ?>
</option>
</select> <br>
<input type="text" name="answer"/> <br>
<input type='hidden' name='email' value='<?php $_POST['email']?>'>
<input type="submit" value="submit">
<?php if ($Message != '') echo "<br /> $Message";?>
</form>
Related
I have a edit form that has some checkboxes on it and I am having trouble getting the new checkbox values posted back to the db after it has been changed. So far the form will load in the current values in the db but after you click different check boxes it wont update the change in the db. Any help would be appreciated.
<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $firstname, $contactname, $phone, $type, $sex, $markers, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<div>
<p><strong>ID:</strong> <?php echo $id; ?></p>
<strong>First Name: *</strong> <input type="text" name="firstname" value="<?php echo $firstname; ?>"/><br/>
<strong>Contact Name: *</strong> <input type="text" name="contactname" value="<?php echo $contactname; ?>"/><br/>
<strong>Phone Number: *</strong> <input type="text" name="phone" value="<?php echo $phone; ?>"/><br/>
<strong>Type: *</strong>
<select name="type">
<option value="">Select...</option>
<option value="Inpatient Hospital" <?php if($type=="Inpatient Hospital")echo "selected=\"selected\""; ?>>Inpatient Hospital</option>
<option value="Residential Facility"<?php if($type=="Residential Facility")echo "selected=\"selected\""; ?>>Residential Facility</option>
<option value="Behavioral Treatment Facility"<?php if($type=="Behavioral Treatment Facility")echo "selected=\"selected\""; ?>>Behavioral Treatment Facility</option>
<option value="Therapeutic Group Home"<?php if($type=="Therapeutic Group Home")echo "selected=\"selected\""; ?>>Therapeutic Group Home</option>
<option value="Drug or Addictions Rehab"<?php if($type=="Drug or Addictions Rehab")echo "selected=\"selected\""; ?>>Drug or Addictions Rehab</option>
</select><br/>
<input type="radio" name="sex" value="Male" <?php echo ($sex=="Male")?'checked="checked"':'' ?>size="17">Male
<input type="radio" name="sex" value="Female" <?php echo ($sex=="Female")?'checked="checked"':'' ?> size="17">Female
<input type="radio" name="sex" value="Both" <?php echo ($sex=="Both")?'checked="checked"':'' ?> size="17">Both<br/>
<strong>Markers: *</strong> <input type="text" name="markers" value="<?php echo $markers; ?>"/><br/>
<?php
// Create connection
$con=mysqli_connect("localhost","un","pw","childcare");
// Check connection
if (mysqli_connect_errno($con))
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT FMarkers FROM faci WHERE ID='$id'");
while($row = mysqli_fetch_array($result))
{
$focus=explode(",",$row['FMarkers']);
?>
Autism<input type="checkbox" name="FMarkers[]" value="Autism" <?php if(in_array("Autism",$focus)) { ?> checked="checked" <?php } ?> >
Attachement Disorder<input type="checkbox" name="FMarkers[]" value="Attachement Disorder" <?php if(in_array("Attachement Disorder",$focus)) { ?> checked="checked" <?php } ?> >
Dissociative Disorder<input type="checkbox" name="FMarkers[]" value="Dissociative Disorder" <?php if(in_array("Dissociative Disorder",$focus)) { ?> checked="checked" <?php } ?> >
ODD<input type="checkbox" name="FMarkers[]" value="ODD" <?php if(in_array("ODD",$focus)) { ?> checked="checked" <?php } ?> >
ADHD<input type="checkbox" name="FMarkers[]" value="ADHD" <?php if(in_array("ADHD",$focus)) { ?> checked="checked" <?php } ?> >
<?php
//print_r(array_values($focus));
//echo("<pre>\n");
//print_r($_POST);
//echo("</pre>\n");
//var_dump($dog);
//these below are different ways I have tried to get it to work
//$markers = implode(',', $_POST['dog']);
//$markers=$_POST['focus'];
//$markers = implode(",",$markers);
//$markers = implode(",",$_POST['focus']);
//$check = isset($_POST['focus']) ? $_POST['focus'] : '';
//$markers = is_array($check) ? implode(", ", $check) : '';
//echo $markers;
?>
<?php
}
?>
<p>* Required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}
// connect to the database
include('connect-db.php');
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (is_numeric($_POST['id']))
{
// get form data, making sure it is valid
$id = $_POST['id'];
$firstname = mysql_real_escape_string(htmlspecialchars($_POST['firstname']));
$contactname = mysql_real_escape_string(htmlspecialchars($_POST['contactname']));
$phone = mysql_real_escape_string(htmlspecialchars($_POST['phone']));
$type = mysql_real_escape_string(htmlspecialchars($_POST['type']));
$sex = mysql_real_escape_string(htmlspecialchars($_POST['sex']));
$markers = mysql_real_escape_string(htmlspecialchars($_POST['markers']));
// check that firstname/lastname fields are both filled in
if ($firstname == '' || $contactname == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $firstname, $contactname, $phone, $type, $sex, $markers, $error);
}
else
{
// save the data to the database
mysql_query("UPDATE faci SET FName='$firstname', FContact='$contactname', FPhone='$phone', FType='$type', FSex='$sex', FMarkers='$markers' WHERE ID='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: facility-view.php");
}
}
else
{
// if the 'id' isn't valid, display an error
echo 'Error!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
$result = mysql_query("SELECT * FROM faci WHERE ID=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$firstname = $row['FName'];
$contactname = $row['FContact'];
$phone = $row['FPhone'];
$type = $row['FType'];
$sex = $row['FSex'];
$markers = $row['FMarkers'];
// show form
renderForm($id, $firstname, $contactname, $phone, $type, $sex, $markers, '');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'Error!';
}
}
?>
This is kind of the error I'm getting:
Database query failed.
I've uploaded this webpage: http://widgetcorp.bugs3.com/public/edit_subject.php?subject=1
Here's my file:
<?php require_once("../includes/session.php"); ?>
<?php require_once("../includes/db_connection.php"); ?>
<?php require_once("../includes/functions.php"); ?>
<?php require_once("../includes/validation_functions.php"); ?>
<?php find_selected_page(); ?>
<?php
if (!$current_subject)
{
// subject ID was missing or invalid or
// subject couldn't be found in database
redirect_to("manage_content.php");
}
?>
<?php
if (isset($_POST['submit']))
{
// validations
$required_fields = array("menu_name", "position", "visible");
validate_presences($required_fields);
$fields_with_max_lengths = array("menu_name" => 30);
validate_max_lengths($fields_with_max_lengths);
if (empty($errors))
{
// Perform Update
$id = $current_subject["id"];
$menu_name = mysql_prep($_POST["menu_name"]);
$position = (int) $_POST["position"];
$visible = (int) $_POST["visible"];
$query = "UPDATE subjects SET ";
$query .= "menu_name='{$menu_name}', ";
$query .= "position={$position}, ";
$query .= "visible={$visible} ";
$query .= "WHERE id={$id} ";
$query .= "LIMIT 1";
$result = mysqli_query($connection, $query);
if ($result && mysqli_affected_rows($connection) >= 0)
{
// Success
$_SESSION["message"] = "Subject updated.";
redirect_to("manage_content.php");
}
else
{
// Failure
$message = "Subject update failed.";
}
}
}
// else
// {
// // This is probably a GET request
// }
?>
<?php include("../includes/layouts/header.php"); ?>
<div id="main">
<div id="navigation">
<?php
echo navigation($current_subject, $current_page);
?>
</div>
<div id="page">
<?php
// echo message();
// $message is just a variable, doesn't use the SESSION
if(!empty($message))
{
echo "<div class=\"message\">" . htmlentities($message) . "</div>";
}
?>
<?php echo form_errors($errors); ?>
<h2>Edit Subject: <?php echo htmlentities($current_subject["menu_name"]); ?></h2>
<form action="edit_subject.php?subject=<?php echo htmlentities($current_subject["menu_name"]); ?>" method="post">
<p>Menu name:
<input type="text" name="menu_name" value="<?php echo htmlentities($current_subject["menu_name"]); ?>" />
</p>
<p>Position:
<select name="position">
<?php
$subject_set = find_all_subjects();
$subject_count = mysqli_num_rows($subject_set);
for ($count=1; $count <= $subject_count; $count++)
{
echo "<option value=\"{$count}\"";
if ($current_subject["position"] == $count)
{
echo " selected";
}
echo ">{$count}</option>";
}
?>
</select>
</p>
<p>Visible:
<input type="radio" name="visible" value="0" <?php if ($current_subject["visible"] == 0) { echo "checked"; } ?> /> No
<input type="radio" name="visible" value="1" <?php if ($current_subject["visible"] == 1) { echo "checked"; } ?> /> Yes
</p>
<input type="submit" name="submit" value="Edit Subject" />
</form>
<br />
Cancel
Delete Subject
</div>
The problem is somewhere else and not with your UPDATE query actually. If you see the link you posted, you are passing subject parameter with url, whose value is 1 which is integer.
Now when you click submit it's changing the url to http://widgetcorp.bugs3.com/public/edit_subject.php?subject=About%20Widget%20Corp .
Here as you see the subject parameter is not integer but string value name of subject. And that is causing the problem.
You are getting error as it's not retrieving the subject data from database correctly because of wrong id type. You just need to make sure the form is being posted to right url, which would be http://widgetcorp.bugs3.com/public/edit_subject.php?subject=1.
You need to correct the action parameter on the <form> tag for that.
Look for the line below in your code:
<form action="edit_subject.php?subject=<?php echo htmlentities($current_subject["menu_name"]); ?>" method="post">
And change it to
<form action="edit_subject.php?subject=<?php echo htmlentities($current_subject["id"]); ?>" method="post">
If you see, now the form will be submitted to http://widgetcorp.bugs3.com/public/edit_subject.php?subject=1, which is the correct url.
I was programming something and I faced the problem. I was wondering where is the problem, because my code stop working after mysql_query("UPDATE ...") part. Here is the code, I hope someone will help me.
<?php include("/includes/template/header.php"); ?>
<section>
<form action="" method="post">
<input type="post" name="ime" placeholder="Ime"><br>
<input type="post" name="prezime" placeholder="Prezime"><br>
<input type="post" name="broj" placeholder="Broj telefona"><br>
<input type="post" name="adresa" placeholder="Adresa"><br>
<input type="submit" name="submit" value="Trazi">
</form>
<?php
include("includes/config.php");
if(isset($_POST['submit']))
{
if(!empty($_POST['ime']) && !empty($_POST['prezime']))
{
$trazeno_ime = $_POST['ime'];
$trazeno_prezime = $_POST['prezime'];
$query = "SELECT id, broj_telefona, adresa FROM korisnici WHERE ime = '$trazeno_ime' AND prezime='$trazeno_prezime'";
if ($query_run = mysql_query($query))
{
if(mysql_num_rows($query_run)!=NULL)
{
$query_row = mysql_fetch_assoc($query_run);
$id = $query_row["id"];
$brojtel = $query_row["broj_telefona"];
$adresa = $query_row["adresa"];
echo "<form action=\"\" method=\"post\">";
echo "<input type=\"post\" name=\"ime1\" value=\"$trazeno_ime\"><br></br>";
echo "<input type=\"post\" name=\"prezime1\" value=\"$trazeno_prezime\"><br></br>";
echo "<input type=\"post\" name=\"broj1\" value=\"$brojtel\"><br></br>";
echo "<input type=\"post\" name=\"adresa1\" value=\"$adresa\"><br></br>";
echo "<input type=\"submit\" name=\"submit1\" value=\"Promijeni\">";
echo "</form>";
if(isset($_POST['submit1']))
{
if(!empty($_POST['ime1']) && !empty($_POST['prezime1']) && !empty($_POST['broj1']) && !empty($_POST['broj1']) && !empty($_POST['adresa']))
{
$novoime = $_POST['ime1'];
$novoprezime = $_POST['prezime1'];
$novobroj = $_POST['broj1'];
$novoadresa = $_POST['adresa1'];
mysql_query("UPDATE korisnici SET ime='$novoime', prezime='$novoprezime', broj_telefona='$novobroj', adresa='$novoadresa' WHERE id=$id") or die(mysql_error());
echo "Uspješno promijenjeni podaci";
}
else
{
echo "Morate unijeti sva polja";
}
}
else
{
echo "Glupost";
}
}
else
{
echo "Nema korisnika u bazi";
}
}
else
{
echo "Hahu";
}
}
else
{
echo "Unesi podatke";
}
}
?>
</section>
</div>
</body>
You need to add quotes to your id statement see below.
"UPDATE korisnici SET ime='$novoime', prezime='$novoprezime', broj_telefona='$novobroj', adresa='$novoadresa' WHERE id='$id'"
Hi this is my PHP code for attendance sign in, but it enters multiple entry when i remove the while loop.
Please help me to get which loop is better to this coding...
It is working fine when i remove the while loop. However it is possible to enter multiple entries in attendance.
<?php
$conn = mysqli_connect("localhost", "Vijay", "vijay123", "test");
if (mysqli_connect_errno())
{
echo "Unable to connect the Server" . mysqli_connect_error();
}
if ($_SERVER["REQUEST_METHOD"] == "POST")
{
// getting details from form
$EmployeeNoA = mysqli_real_escape_string($conn, $_POST['EmployeeNoA']);
$EmployeeNameA = mysqli_real_escape_string($conn, $_POST['EmployeeNameA']);
$Shift = mysqli_real_escape_string($conn, $_POST['Shift']);
$SignInDay = mysqli_real_escape_string($conn, $_POST['SignInDay']);
$SignInDate = mysqli_real_escape_string($conn, $_POST['SignInDate']);
$SignInTime = mysqli_real_escape_string($conn, $_POST['SignInTime']);
if ($Shift == "0")
{
echo "<script>alert('Please Select the Shift!');</script>";
}
else
{
// $rowcount = mysqli_query($conn, "SELECT * From attend");
// $rowCount = mysqli_num_rows($rowcount);
$ver = mysqli_query($conn, "SELECT * FROM attend WHERE EmployeeNoA='$EmployeeNoA' && SignInDate='$SignInDate'");
while ($view = mysqli_fetch_array($ver, MYSQL_ASSOC)) // **it is repeatedly running and store multiple data and error message.
{
if ($SignInDate != $view['SignInDate'])
{
$sql = "INSERT INTO attend (EmployeeNoA, EmployeeNameA, Shift, Day, SignInDate, SignInTime) VALUES ('$EmployeeNoA', '$EmployeeNameA', '$Shift', '$SignInDay', '$SignInDate', '$SignInTime')";
if (!mysqli_query($conn, $sql))
{
echo mysqli_error($conn);
}
else
{
echo "<script>alert ('You have Signed In!');</script>";
}
}
else
{
echo "<script>alert ('You have ALREADY Signed In!');</script>";
}
}
}
}
?>
Here Pls find my html
<h2 style="text-align:center;margin-bottom:1.5em;margin-top:1.5em;font-family:sans-serif">ATTENDANCE SIGN IN</h2>
<form action="<?php ($_SERVER['PHP_SELF']);?>" method="POST">
<div style="margin-top:20px;margin-left:20px;">
<table cellpadding="5">
<tr><td><label>Employee No:</label></td><td><input type="text" name="EmployeeNoA" value="<?php echo $EmployeeNo; ?>" readonly="readonly"></td></tr>
<tr><td><label>Employee Name:</label></td><td><input type="text" name="EmployeeNameA" value="<?php echo $EmployeeName; ?>" readonly="readonly"></td></tr>
<tr><td style="vertical-align:top;"><label>Shift:</label></td><td>
<select name="Shift" id="Shift">
<option value="0">-- Select --</option>
<option value="Shift1">I Shift</option>
<option value="Shift2">IA Shift</option>
<option value="Shift3">II Shift</option>
<option value="Shift4">General Shift</option>
<option value="Shift5">General A Shift</option>
</select>
<!--<tr><td style="vertical-align:top;"><label>Shift:</label></td><td style="line-height:1.6em; text-align:justify;font-weight:bold;"><input type="radio" name="shift" value="I"> I Shift <span style="font-weight:normal;font-size:small;color:grey;">6:00 - 3:00</span><br/><input type="radio" name="shift" value="IA"> IA Shift <span style="font-weight:normal;font-size:small;color:grey;">7:00 - 4:00</span><br/><input type="radio" name="shift" value="II"> II Shift<br/><input type="radio" name="shift" value="G"> Gen. Shift <span style="font-weight:normal;font-size:small;color:grey;">8:00 - 5:00</span><br/><input type="radio" name="shift" value="G1"> G I Shift <span style="font-weight:normal;font-size:small;color:grey;">10:00 - 7:00</span>--><td></tr>
<tr><td><label>Day:</label></td><td><input style="text-align:center;" type="text" name="SignInDay" value="<?php date_default_timezone_set('Asia/Kolkata'); echo date('l'); ?>" readonly="readonly"></td></tr>
<tr><td><label>SignIn Date:</label></td><td><input style="text-align:center;" type="text" name="SignInDate" value="<?php date_default_timezone_set('Asia/Kolkata'); echo date('Y-m-d'); ?>" readonly="readonly"></td></tr>
<tr><td><label>SignIn Time:</label></td><td><input style="text-align:center;color:blue;" type="text" name="SignInTime" value="<?php date_default_timezone_set('Asia/Kolkata'); echo date('H:i:s'); ?>" readonly="readonly"></td></tr>
<tr><td style="text-align:center;" colspan="2"><input style="margin-top:20px;" type="submit" name="signin" value="Sign In"> <button type="close" name="close" onclick="closeWin()">Exit</button></td></tr>
</table>
</div>
</form>
It looks like you just want to test whether the first query returns any rows. Use:
$ver = mysqli_query($conn, "SELECT COUNT(*) AS count FROM attend WHERE EmployeeNoA='$EmployeeNoA' && SignInDate='$SignInDate'");
$row = mysqli_fetch_assoc($ver);
if ($row['count'] == 0) {
sql = "INSERT INTO attend (EmployeeNoA, EmployeeNameA, Shift, Day, SignInDate, SignInTime) VALUES ('$EmployeeNoA', '$EmployeeNameA', '$Shift', '$SignInDay', '$SignInDate', '$SignInTime')";
if (!mysqli_query($conn, $sql)) {
echo mysqli_error($conn);
} else {
echo "<script>alert ('You have Signed In!');</script>";
}
} else {
echo "<script>alert ('You have ALREADY Signed In!');</script>";
}
I wanna update my product when there's user login. Here's my code in edit.php
<?php
$id= (int)$_GET['id'];
$query = "SELECT * FROM game WHERE gameId=".$id."";
$rs = mysql_query($query);
while($data = mysql_fetch_array($rs))
{
?>
<form action="doUpdate.php" method="post">
<?php echo "<image src=\"images/".$id.".png\" alt=\"gameImage\" </image>"?>
<div class="cleaner"></div>
<div class="myLabel">Name</div><div>: <input type="text" value="<?php echo $data['gameName'];?>" name="gameName"/></div>
<div class="myLabel">Developer</div><div>: <input type="text" value="<?php echo $data['gameDeveloper'];?>" name="gameDeveloper"/></div>
<div class="myLabel">Price</div><div>: <input type="text" value="<?php echo $data['gamePrice'];?>" name="gamePrice"/></div>
<br/>
<div id="txtError" style="color:#D70005">
<?php
if(isset($err))
{
if($err==1) echo"All Fields must be filled";
else if($err==2) echo"Price must be numeric";
else if($err==3) echo"Price must be between 1-10";
}
?>
</div>
<input type="submit" value="Submit"/>
<input type="button" value="Cancel"/></span>
<?php
}
?>
</form>
This is my code in doUpdate.php
<?php
$nama = $_POST['gameName'];
$dev = $_POST['gameDeveloper'];
$harga =$_POST['gamePrice'];
$id= (int)$_REQUEST['id'];
if($nama == "" || $dev == "" || $harga == "" )
{
header("location:edit.php?err=1");
}
else if(!is_numeric($harga))
{
header("location:edit.php?err=2");
}
else if($harga < 1 || $harga >10)
{
header("location:edit.php?err=3");
}
else
{
$query = "UPDATE game SET gameName='".$nama."', gameDeveloper='".$dev."', gamePrice=".$harga." where gameId=".$id."";
mysql_query($query);
header("location:product.php");
}
?>
Why I can't change name, developer, or price even I already give the action in form? And why if I delete the name, developer, and price to know wether the validation works or not, it said that Undefined index in edit.php $id= (int)$_GET['id']; ?
You are trying to get $_REQUEST['id'] in doUpdate.php but there is no such field in the form.
You have to add it as a hidden field.
Also you have to format your strings.
Every string you're gonna put into query you have to escape special characters in.