Can't get form to update mysql record - php

I have a three part form that works like this, the first form is called create_ticket.php and it's basically a form with a customers contact info and what they want done. When the ticket is filled out it get's submitted to MySQL then when a search is done of the db you can select the ticket you want by clicking on the select link associated with that ticket in the search result and the browser will open a new window with the 2nd part of the form but it will pass the id associated with that MySQL record in the browser so you see at the end of the url ?id=10 now the 2nd part of the form is what a technician will use to fill out what they did and when they click get signature on the bottom of the page it will pop up the 3rd part of the form which allows the customer to sign on the tech's ipad or Toughbook and when they click accept it should update that record in MySQL associated with that id passed in the url. My issue is it's not working. so you can view the form at http://jemtechnv.com/test/ticket_results.php and see when you click on select it brings you to the technicians form to be filled out.
Here is my code that processes the 2nd part of the form:
<?php
// database connection //
include 'db/db_connect.php';
//This gets all the other information from the form
// start of form inputs //
$work_performed=$_POST['work_performed'];
$item_qty1=$_POST['item_qty1'];
$item_qty2=($_POST['item_qty2']);
$item_qty3=$_POST['item_qty1'];
$item_qty4=($_POST['item_qty2']);
$item_qty5=$_POST['item_qty1'];
$manuf_1=$_POST['manuf_1'];
$manuf_2=$_POST['manuf_2'];
$manuf_3=$_POST['manuf_3'];
$manuf_4=$_POST['manuf_4'];
$manuf_5=$_POST['manuf_5'];
$part_number1=$_POST['part_number1'];
$part_number2=$_POST['part_number2'];
$part_number3=$_POST['part_number3'];
$part_number4=$_POST['part_number4'];
$part_number5=$_POST['part_number5'];
$part_description1=$_POST['part_description1'];
$part_description2=$_POST['part_description2'];
$part_description3=$_POST['part_description3'];
$part_description4=$_POST['part_description4'];
$part_description5=$_POST['part_description5'];
$part1_price=$_POST['part_price1'];
$part2_price=$_POST['part_price2'];
$part3_price=$_POST['part_price3'];
$part4_price=$_POST['part_price4'];
$part5_price=$_POST['part_price5'];
$price_extension1=$_POST['price_extension1'];
$price_extension2=$_POST['price_extension2'];
$price_extension3=$_POST['price_extension3'];
$price_extension4=$_POST['price_extension4'];
$price_extension5=$_POST['price_extension5'];
$material_total=$_POST['material_total'];
$sales_tax=$_POST['sales_tax'];
$shipping_cost=$_POST['shipping_cost'];
$work_date1=$_POST['work_date1'];
$work_date2=$_POST['work_date2'];
$work_date3=$_POST['work_date3'];
$work_date4=$_POST['work_date4'];
$work_date5=$_POST['work_date5'];
$tech_name1=$_POST['tech_name1'];
$tech_name2=$_POST['tech_name2'];
$tech_name3=$_POST['tech_name3'];
$tech_name4=$_POST['tech_name4'];
$tech_name5=$_POST['tech_name5'];
$cost_code1=$_POST['cost_code1'];
$cost_code2=$_POST['cost_code2'];
$cost_code3=$_POST['cost_code3'];
$cost_code4=$_POST['cost_code4'];
$cost_code5=$_POST['cost_code5'];
$pay_rate1=$_POST['pay_rate1'];
$pay_rate2=$_POST['pay_rate2'];
$pay_rate3=$_POST['pay_rate3'];
$pay_rate4=$_POST['pay_rate4'];
$pay_rate5=$_POST['pay_rate5'];
$total_hours1=$_POST['total_hours1'];
$total_hours2=$_POST['total_hours2'];
$total_hours3=$_POST['total_hours3'];
$total_hours4=$_POST['total_hours4'];
$total_hours5=$_POST['total_hours5'];
$hours_subtotal1=$_POST['hours_subtotal1'];
$hours_subtotal2=$_POST['hours_subtotal2'];
$hours_subtotal3=$_POST['hours_subtotal3'];
$hours_subtotal4=$_POST['hours_subtotal4'];
$hours_subtotal5=$_POST['hours_subtotal5'];
$total_hours=$_POST['total_hours'];
$material_total=$_POST['material_total'];
$labor_cost=$_POST['labor_cost'];
$grand_total=$_POST['grand_total'];
//Writes the information to the database
mysql_query("UPDATE INTO tickets WHERE id=$id (work_performed, item_qty1, item_qty2, item_qty3, item_qty4, item_qty5,manuf_1, manuf_2, manuf_3, manuf_4, manuf_5, part_number1, part_number2, part_number3, part_number4, part_number5, part_description1, part_description2, part_description3, part_description_4, part_description_5, part1_price, part2_price, part3_price, part4_price, part5_price, price_extension1, price_extension2, price_extension3, price_extension4, price_extension5, material_total, sales_tax, shipping_cost, work_date1, work_date2, work_date3, work_date4, work_date5, tech_name1, tech_name2, tech_name3, tech_name4, tech_name5, cost_code1, cost_code2, cost_code3, cost_code4, cost_code5, pay_rate1, pay_rate2, pay_rate3, pay_rate4, pay_rate5, total_hours1, total_hours2, total_hours3, total_hours4, total_hours5, hours_subtotal1, hours_subtotal2, hours_subtotal3, hours_subtotal4, hours_subtotal5, total_hours, material_total, labor_cost, grand_total,)
VALUES ('$work_performed','$item_qty1','$item_qty2','$item_qty3','$item_qty4','$item_qty5','$mauf_1','$manuf_2','$manuf_3','$manuf_4','$manuf_5','$part_number1','$part_number2','$part_number3','$part_number4','$part_number5','$part_description1','$part_description2','$part_description3','$part_description_4',
'$part_description5','$part1_price','$part2_price','$part3_price','$part4_price','$part5_price','$price_extension1','$price_extension2','$price_extension3','$price_extension4','$price_extension5','$material_total','$sales_tax','$shipping_cost','$work_date1','$work_date2','$work_date3','$work_date4','$work_date5','$tech_name1','$tech_name2','$tech_name3','$tech_name4','$tech_name5','$cost_code1','$cost_code2','$cost_code3','$cost_code4','$cost_code5','$pay_rate1','$pay_rate2','$pay_rate3','$pay_rate4','$pay_rate5',
'$total_hours1','$total_hours2','$total_hours3','$total_hours4','$total_hours5','$hours_subtotal1','$hours_subtotal2','$hours_subtotal3','$hours_subtotal4','$hours_subtotal5','$total_hours','$material_total','$labor_cost','$grand_total',)") ;
mysql_affected_rows();
?>
<html>
<body>
<center>
<br><br><br>
<form name="results" method="post" action="ticket_results.php" enctype="multipart/form-data" id="ticketresult">
<input type="submit" class="submit" id="ticketresult" style="width: 165px" value="Do Something">
</form>
</center>
</body>
</html>
I'm also aware I need to take MySQL injection precautions but honestly at the moment that's not a priority as I just want to get the form working first then I will go back and clean up the code. Thanks for your help! I've disabled the signature portion of the form so clicking on get signature on the 2nd form will process the form and do the updates for that record, well it's supposed to but doesn't!
UPDATE: I have changed the query syntax as suggested below to this:
mysql_query("UPDATE tickets SET (work_performed, item_qty1, item_qty2, item_qty3, item_qty4, item_qty5,manuf_1, manuf_2, manuf_3, manuf_4, manuf_5, part_number1, part_number2, part_number3, part_number4, part_number5, part_description1, part_description2, part_description3, part_description_4, part_description_5, part1_price, part2_price, part3_price, part4_price, part5_price, price_extension1, price_extension2, price_extension3, price_extension4, price_extension5, material_total, sales_tax, shipping_cost, work_date1, work_date2, work_date3, work_date4, work_date5, tech_name1, tech_name2, tech_name3, tech_name4, tech_name5, cost_code1, cost_code2, cost_code3, cost_code4, cost_code5, pay_rate1, pay_rate2, pay_rate3, pay_rate4, pay_rate5, total_hours1, total_hours2, total_hours3, total_hours4, total_hours5, hours_subtotal1, hours_subtotal2, hours_subtotal3, hours_subtotal4, hours_subtotal5, total_hours, material_total, labor_cost, grand_total,)WHERE id=$id
VALUES ('$work_performed','$item_qty1','$item_qty2','$item_qty3','$item_qty4','$item_qty5','$mauf_1','$manuf_2','$manuf_3','$manuf_4','$manuf_5','$part_number1','$part_number2','$part_number3','$part_number4','$part_number5','$part_description1','$part_description2','$part_description3','$part_description_4',
'$part_description5','$part1_price','$part2_price','$part3_price','$part4_price','$part5_price','$price_extension1','$price_extension2','$price_extension3','$price_extension4','$price_extension5','$material_total','$sales_tax','$shipping_cost','$work_date1','$work_date2','$work_date3','$work_date4','$work_date5','$tech_name1','$tech_name2','$tech_name3','$tech_name4','$tech_name5','$cost_code1','$cost_code2','$cost_code3','$cost_code4','$cost_code5','$pay_rate1','$pay_rate2','$pay_rate3','$pay_rate4','$pay_rate5',
'$total_hours1','$total_hours2','$total_hours3','$total_hours4','$total_hours5','$hours_subtotal1','$hours_subtotal2','$hours_subtotal3','$hours_subtotal4','$hours_subtotal5','$total_hours','$material_total','$labor_cost','$grand_total',)");
but now I get the following error when I submit the form to update the database,
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '(work_performed, item_qty1, item_qty2, item_qty3, item_qty4, item_qty5,manuf_1, ' at line 1

Your query is wrong. The query should be
UPDATE tickets SET work_performed = something, item_qty1 = something .... WHERE id=$id

Related

Retrieve a database record using a value in url without $_POST

Dear whom that may be able to assist.
Link - https://develop.hangoutsdubai.ae/category-beach-entertainment.php
Currently I am using $_POST method for my listings to be able to retrieve the record in the database as a single page listing.
On the above link page, I will add the following to preview :
I am using below $dashedURL to remove %20 in URL and replace with '-'
//############# REPLACE URL %20 WITH DASH (-) #############//
$string = 'category-beach-entertainment-single-profile.php?'.$rs_BeachEntertainmentVenuesListing_rows['nvenueName'].'';
str_replace('%20', '-', $string);
$dashedURL = str_replace(' ', '-', rawurldecode($string));
//############# PART OF FORM BEING SUBMITTED #############//
<!-- CATEGORY BUTTON -->
<form method="post" action="'.$dashedURL.'">
<div>
<input type="submit" value="'.$rs_BeachEntertainmentVenuesListing_rows['nmainCategory'].'" class="singleProfileDetailsCategory">
<input type="hidden" name="txtnid" value="'.$rs_BeachEntertainmentVenuesListing_rows['nid'].'">
</div>
</form>
<!-- H3 VENUE TITLE -->
<form method="post" action="'.$dashedURL.'">
<div>
<span class="name" style="display:none;">'.$venueName.'</span>
<input type="submit" value="'.$rs_BeachEntertainmentVenuesListing_rows['nvenueName'].'" class="name singleProfileDetailsVenueName" itemprop="name">
<input type="hidden" name="txtnid" value="'.$rs_BeachEntertainmentVenuesListing_rows['nid'].'">
</div>
</form>
//############# ON SINGLE PAGE #############//
$txtnid = $_POST['txtnid'];
$sql_BeachEntertainmentVenuesListing = "SELECT * FROM tblvenueListingsBeachEntertainment WHERE nid = $txtnid";
//CONNECT TO MYSQL SERVER
require('inc-conn.php');
//EXECUTE SQL STATEMENT
$rs_BeachEntertainmentVenuesListing = mysqli_query($vconn, $sql_BeachEntertainmentVenuesListing);
//CREATE AN ASSOCIATIVE ARRAY
$rs_BeachEntertainmentVenuesListing_rows = mysqli_fetch_assoc($rs_BeachEntertainmentVenuesListing);<br><br>
Currently my issue is when I copy the single page URL of the venue and would like to share it with someone, the record will display blank. So if I don't select the venue through the main listing page : https://develop.hangoutsdubai.ae/category-beach-entertainment.php it won't display because of $_POST.
For example : Copy this link of a venue and open in a new window or cognitive window and it will display a blank record : https://develop.hangoutsdubai.ae/category-beach-entertainment-single-profile.php?Venue-9-Name
Is it possible to use a different method in order to retrieve all the data from a record without using the main page with all the listings?
The reason is for in case some one would want to share the link of a specific venue but it will show no data. I have tried couple of things but getting stuck. According to my hypothesis there should be a variable that retrieves the name of the venue in the url and retrieve the unique id from that record, then display the data accordingly. Sort of struggling to figure this one out. Any help will be gladly appreciated.

Php script when i click on button or image

I have this code `Lessons List
$sqlessons = 'SELECT * FROM lessons ';
$lessons = $mysqli->query($sqlessons);
while ($row=$lessons->fetch_assoc())
{
echo "<li>$row[lesson_name] : <span>$row[lesson_description]</span></li>";?>
<form action="script.php" method="get">
<input type="submit" value="Add this lesson now!">
</form>
<?php } ?>
</p>
</ul>`
this code presents a list of lessons with a button below of every lesson.
I want to add to this button a funtion that adds to my database :
$user_id ( i have that loaded in session )
$lesson_id (i have that only inside the 'while')
so if I click the button on Lesson1 (lesson_id =1) and I am the user Nick D (user_id=2) then the script will add a line to my database table usersVSlessons :
10,1,2 (the 10 is a random foreign key of the table).
I think you get what I want to do :P
Any ideas?
Place both user_id & lesson_id in input type hidden, get values onclick submit buttom & then make an ajax call to store data in db.
(you can either generate random no. in javascript or you can also use php to generate random value & input type to hidden place it)

How to input data and use get variable

I'm trying to write a page that allows users to type a post and, when submitted, opens a new page with the post on it. This means that the post must be inputted in a database first before it can be retrieved on another page. This is similar to when someone asks a question on stackoverflow. the question appears on a new page and the page is given a unique id, except i would like this unique id to be in a get variable.
HTML of current page (ask.php):
<form method=POST' action='ask.php?q<php echo $id ?>'>
<input type='text' id='post'>
<input type='submit' value='submit' name='submit'>
PHP:
$post=$_POST['post'];
//then run query to input data into database
}
$result=mysql_query("SELECT * FROM questions WHERE user='$user' AND time='$time'");
while ($row = mysql_fetch_assoc($result)){
$id=$row['id'];
}
ask_action.php:
<?php header("Location: http://localhost/biology/question.php?q=$id"); ?>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title></title>
</head>
<body>
<?php
include '../connect.php';
if (isset($_POST['questionSubmit'])){
$question=mysql_real_escape_string($_POST['question']);
$detail=mysql_real_escape_string($_POST['detail']);
$date=date("d M Y");
$time=time();
$user=$_SESSION['id'];
$put=mysql_query("INSERT INTO questions VALUES ('','$question','$detail','$date','$time','$user','biology','0')");
$id=mysql_insert_id();
}
?>
</body>
</html>
If you don't want the "ask" page to be on the same page that you view the post, you can split this in to three pages.
Page 1:
The page with the form where people writes their post and submits. Page 2 will be in the action part of the form.
Page 2:
The page that retrieves the POST data. Here you'll verify all the information and submit it to the database. You then retrieve the insert id and redirect the user to the page where you want to display the results. You use the id from the insert query in the redirecting.
Page 3:
Where the users see the submitted information.
I notice that you've tried this approached somehow, but you've got a few mistakes that needs correcting. First of all your ask.php page needs improvement.
You're missing one apostrophe ( ' ) before the POST in method, and your action needs correcting. Remember that the form action is supposed to go to the page that verifies and handles the data from the form. In this case it would be the *ask_action.php* page. Therefore the ask.php page should be like this:
<form method='POST' action='ask_action.php'>
<input type='text' name='question' />
<input type='text' name='detail' />
<input type='submit'> value='submit' name='submit' />
</form>
*ask_action.php* will handle the data, verify it and redirect to the page that views it. There is no need for html on the page that verifies it.
<?php
include('../connect.php'); // your database connection etc.
if(isset($_POST['submit'])) { // only react if the submit button is pressed
$question = mysql_real_escape_string($_POST['question']);
$detail = mysql_real_escape_string($_POST['detail']);
$date = date("d M Y");
$time = time();
$user = $_SESSION['id'];
mysql_query("INSERT INTO questions VALUES('', '$question', '$date', '$time', '$user', 'biology', 0)");
$id = mysql_insert_id();
header("Location: view_page.php?id=$id");
} else {
echo "Nothing submitted.";
}
?>
Then you'd have a third page where you display the data that you get from the database. If you notice the header function that I've used, it's redirecting the user to view_page.php. This is where you'll display the data by the id number that is supplied. To get the id number you simply use $id = $_GET['id'];.
I also noticed that you're using both time() and date("d M y"). That is not necessary. If you read about time on php.net you'll see that the time function generates the current unix timestamp. You can use that to output a date in the way that you want to. For instance: if you'd like to display both the date and time that the question was submitted you can use this date("d M y H:i", $time) where $time is the time-column in your database table.
This can all be combined in one single page, but I kept them separated so it's easier for you to see the difference.
The first problem here is in your opening form tag. It should read:
<form method='post' action='ask.php?q=<?php echo $id ?>'>
or
<form method='post' action='ask.php?q=<?= $id ?>'>
Your input tag should read:
<input type='text' name='post' id='post' />
I think the functionality you're looking for is provided by mysql_insert_id, as long as your id column is auto-incremented. If you're not auto-incrementing your id column, could you provide more info about your db table?
You have a few problems here. First and foremost you NEED to synthesize your incoming code with something like mysql_escape_string($_POST). You also need to name your text field, currently you're trying to pull it based on ID and that won't work
Change: <input type='text' id='post'> into <input type='text' name='post' id='post'>
Your order is backwards as well. Without using AJAX the best way to do this is to load your posts & id's using PHP at the top of the page, then have the actual writing to the database happen on the resulting page.
On your "submit" page, you need to have the PHP code do the insert into the database then retrieve the ID of that new post using mysql_insert_id. Then that page could redirect the user to the appropriate page using the just-retrieved ID as a GET parameter (using the header function)

how to show error message if someone left a field blank

So I created this page where a user can send data to a msql database but when they leave a field blank and they click submit I want an error to show up saying "You left a field blank".
This is the code:
<?php
$hostname = "";
$db_user = "";
$db_password = "";
$database = "";
$db_table = "";
# STOP HERE
####################################################################
# THIS CODE IS USED TO CONNECT TO THE MYSQL DATABASE
$db = mysql_connect($hostname, $db_user, $db_password);
mysql_select_db($database,$db);
?>
<html>
<head>
<title>Add your url to out database</title>
</head>
<body>
<?php
if (isset($_REQUEST['Submit'])) {
# THIS CODE TELL MYSQL TO INSERT THE DATA FROM THE FORM INTO YOUR MYSQL TABLE
$sql = "INSERT INTO $db_table(title,description,url,keywords) values ('".mysql_real_escape_string(stripslashes($_REQUEST['title']))."','".mysql_real_escape_string(stripslashes($_REQUEST['description']))."','".mysql_real_escape_string(stripslashes($_REQUEST['url']))."','".mysql_real_escape_string(stripslashes($_REQUEST['keywords']))."')";
if($result = mysql_query($sql ,$db)) {
echo '<h1>Thank you</h1>Your information has been entered into our database<br><br>';
} else {
echo "ERROR: ".mysql_error();
}
} else {
?>
<h1><center><img src='addalink.png'><center></h1>
<hr>
<center>
<form method="post" action="">
Name of the song:<br>
<input type="text" name="title"><br>
Artist: <br>
<input type="text" name="description"><br>
Download link: <br>
<font color="#0000FF">http://</font><input type="text" name="url"><br>
<input type="submit" name="Submit" value="Submit">
</form></br>
<?php
}
?> <center>
</body>
</html>
First of all, use a CSS style to style your form's inputs. It's a lot easier to read, and it means if you need to change anything in the future it's quick.
What you're wanting to do is run a script on submit that checks whether or not the values in the required fields are what you expect.
The jQuery Validation Plugin - http://bassistance.de/jquery-plugins/jquery-plugin-validation/ takes care of what you want.
If you want to write your own, it's a process of attaching the validation function to the click event of the submit button (or the onSubmit event of the form) and checking the data that's in the form.
If the data is missing, you add a class to show this. If the data is valid, you remove the previous class.
Finally, you only return true (to submit the form) in the case everything validates.
Keep in mind this is only client side, you still need to validate your data server side for security.
So, the common response is "do this on the front-end". If anything you are posting has security implications then I'd also recommend you check your form data on the back-end.
Also if you're going to go through the process of using mysql_real_escape, you might as well use mysqli and parameterized queries see: http://us2.php.net/manual/en/mysqli-stmt.prepare.php.
If you choose to go the back-end route, especially if you are using AJAX for the post, you can throw an Exception that actually outputs a 500 error along with the message you want to display, and then use Javascript to handle the "error case", so you can provide really nice validation methods that still do the validation on the server side.

implement a button to send information to another php file?

I've got the following php code printing out the contents of a SQL table.
$query="select * from TABLE";
$rt=mysql_query($query);
echo mysql_error();
mysql_close();
?>
<i>Name, Message, Type, Lat, Lng, File </i><br/><br/>
<?php
while($nt=mysql_fetch_array($rt)){
if($nt[name] != null){
echo "$nt[id] $nt[name] $nt[message] $nt[type] $nt[lat] $nt[lng] $nt[file]";
}
}
?>
How would I implement a button so for each "row" if the button is clicked on that row it'll submit the information of that row to another php file?
I want it looking something like...
details details2 details3 BUTTON
details4 details5 details6 BUTTON
details7 details8 details9 BUTTON
details10 details11 details12 BUTTON
Where if BUTTON was hit on row 1 details1,2,3 would be sent to a php file, on row 2 detals 4,5,6 would be sent etc. How would I do this?
Thanks.
it's going to be something like that, depending on the data you need to send:
while($nt = mysql_fetch_array($rt)) {
if($nt[name] != null){
echo "$nt[id] $nt[name] $nt[message] $nt[type] $nt[lat] $nt[lng] $nt[file] ".'send request<br/>';
}
}
You can either use GET method and send a query string to the second php page and receive the variables there, like
next.php?variable1=value1&variable2=value2&...
or use POST method by making a hidden form for each row and assign a hidden field for each variable you want to send.
<form method="post" action"next.php">
<input type="hidden" name="variable1" value="value1" />
<input type="hidden" name="variable2" value="value2" />
.
.
.
</form>
or instead of sending all the values, just send the row ID (if any) using any of these two methods and run another query in next.php to get the information you need from database.
Instead of submitting the entire data, just send the ID and fetch the results from the database in the other script. If you want to have an input button, you can do
<form action="/other-script.php" method="GET">
<?php printf('<input type="submit" name="id" value="%s" />', $nt["id"]); ?>
</form>
but you could also just add a link, e.g.
printf('Submit ID', $nt["id"]);
If you really want to send the entire row values over again, you have to make them into form inputs. In that case, I'd send them via POST though.

Categories