PHP and mySQL "UPDATE" doesn't actually update

PHP and mySQL "UPDATE" doesn't actually update - php

So me and my friend came to a conclusion that it's the $_email variable that screws everything up. As long as it's hard coded in, it works. But as soon as it's left as a $_email everywhere, it doesn't. The message goes through as "updated" but it doesn't update.
require_once('appVars6.php');
require_once('connectVars6.php');
$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$_id = $_GET['id'];
$_queryOne = "SELECT * FROM midterm WHERE id = '$_id'";
$_resultOne = mysqli_query($_dbc, $_queryOne) or die ('Error Querying Database');
while ($_row = mysqli_fetch_array($_resultOne)) {
echo '<form class="update" method="post" action="MT_vjones_udpateRecord.php?id=' . $_id . '">';
echo '<input type="hidden" name="id" id="id" value="' . $_row['id'] . '" />';
echo '<input type="text" name="firstName" id="firstName" value="' . $_row['firstName'] . '" /><br />';
echo '<input type="text" name="lastName" id="lastName" value="' . $_row['lastName'] . '" /><br />';
echo '<input type="text" name="email" id="email" value="' . $_row['email'] . '" /><br />';
echo '</form>';
}
if ( isset($_GET['firstName']) && isset($_GET['lastName']) && isset($_GET['email'])) {
$_id = $_GET['id'];
$_firstName = $_GET['firstName'];
$_lastName = $_GET['lastName'];
$_email = $_GET['email'];
}
else if ( isset($_POST['firstName']) && isset($_POST['lastName']) && isset($_POST['email'])) {
$_id = $_POST['id'];
$_firstName = mysqli_real_escape_string($_dbc, trim($_POST['firstName']));
$_lastName = mysqli_real_escape_string($_dbc, trim($_POST['lastName']));
$_email = mysqli_real_escape_string($_dbc, trim($_POST['email']));
}
else {
echo '<br />';
echo '<p class="error">Sorry, no record was selected.</p>';
}
if(isset($_POST['submit'])) {
if ($_POST['confirm'] == 'Yes') {
//$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$_query = "UPDATE midterm " .
"SET email = '$_email'" .
"WHERE id = $_id" ;
$_result = mysqli_query($_dbc, $_query) or die (mysqli_error($_dbc));
mysqli_close($_dbc);
echo '<p>The record of ' . $_firstName . ' ' . $_lastName . ' for ' . $_email . ' was successfully updated.';
}
else {
echo '<p class="error">The record was not updated.</p>';
}
}
else if (isset($_id) && isset($_firstName) && isset($_lastName) && isset($_email)) {
echo '<p>Are you sure you want to update the following record?</p>';
/*echo '<form class="update" method="post" action="MT_vjones_updateRecord.php">';
echo '<input type="text" name="firstName" id="firstName" value="' . $_firstName . '" /><br />';
echo '<input type="text" name="lastName" id="lastName" value="' . $_lastName . '" /><br />';
echo '<input type="text" name="email" id="email" value="' . $_email . '" /><br />';
echo '</form>';*/
echo '<form class="update" method="post" action="MT_vjones_updateRecord.php?id=' . $_id . '">';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="Yes" /> Yes </div><br />';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="No" checked="checked" /> No </div><br /><br />';
echo '<input class="applyBtn" type="submit" value="UPDATE" name="submit" />';
echo '<input type="hidden" name="id" value="' . $_id . '" />';
echo '<input type="hidden" name="firstName" value="' . $_firstName . '" />';
echo '<input type="hidden" name="lastName" value="' . $_lastName . '" />';
echo '<input type="hidden" name="email" value="*testBACK2FUN#test.com*" />';
}
echo '<p><< Back to the Admin Page</p>';
As you can see, we put in the email address in there for testing purposes...

check the id matches what you are intending to update.
To be sure print the $_id and $_email prior to the update and after.
#user710502: You don't need to segregate quotes with double-quotes in PHP. It reads it anyway, the only time you might bother is if you are reading from an array
eg:
"UPATE midterm SET email='".$POST['email']."'"

$_query = "UPDATE midterm " .
"SET email = '$_email' WHERE id = '$_id'" ;
should be
$_query = "UPDATE midterm " .
"SET email = $_email".
"WHERE id = $_id " ;

Reason is you are using $_ before variable which is not a valid variable declaration.
Because $_ is reserved for SUPER GLOBAL in php (i.e $_SESSION,$_SERVER,$_POST,$_GET,$_COOKIE etc).
if its not a issue for you then you need to concat your variable as below.
$_query = "UPDATE midterm SET email = '".$_email."' WHERE id = '".$_id."'" ;

SOLVED! Form issues.
SHOULD BE:
<?php
require_once('appVars6.php');
require_once('connectVars6.php');
$_dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$_id = $_GET['id'];
$_queryOne = "SELECT * FROM midterm WHERE id = '$_id'";
$_resultOne = mysqli_query($_dbc, $_queryOne) or die ('Error Querying Database');
while ($_row = mysqli_fetch_array($_resultOne)) {
echo '<form class="update" method="post" action="MT_vjones_udpateRecord.php?id=' . $_id . '">';
echo '<input type="hidden" name="id" id="id" value="' . $_row['id'] . '" />';
echo '<input type="hidden" name="firstName" id="firstName" value="' . $_row['firstName'] . '" />';
echo '<input type="hidden" name="lastName" id="lastName" value="' . $_row['lastName'] . '" />';
echo '<input type="hidden" name="email" id="email" value="' . $_row['email'] . '" />';
echo '</form>';
}
if ( isset($_GET['firstName']) && isset($_GET['lastName']) && isset($_GET['email'])) {
$_id = $_GET['id'];
$_firstName = $_GET['firstName'];
$_lastName = $_GET['lastName'];
$_email = $_GET['email'];
}
else if ( isset($_POST['firstName']) && isset($_POST['lastName']) && isset($_POST['email'])) {
$_id = $_POST['id'];
$_firstName = mysqli_real_escape_string($_dbc, trim($_POST['firstName']));
$_lastName = mysqli_real_escape_string($_dbc, trim($_POST['lastName']));
$_email = mysqli_real_escape_string($_dbc, trim($_POST['email']));
}
else {
echo '<br />';
echo '<p class="error">Sorry, no record was selected.</p>';
}
if(isset($_POST['submit'])) {
if ($_POST['confirm'] == 'Yes') {
$_query = "UPDATE midterm " .
"SET email = '$_email'" .
"WHERE id = $_id" ;
$_result = mysqli_query($_dbc, $_query) or die (mysqli_error($_dbc));
mysqli_close($_dbc);
echo '<p>The record of ' . $_firstName . ' ' . $_lastName . ' for ' . $_email . ' was successfully updated.';
}
else {
echo '<p class="error">The record was not updated.</p>';
}
}
else if (isset($_id) && isset($_firstName) && isset($_lastName) && isset($_email)) {
echo '<p>Are you sure you want to update the following record?</p>';
echo '<form class="update" method="post" action="MT_vjones_updateRecord.php?id=' . $_id . '">';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="Yes" /> Yes </div><br />';
echo '<div class="yesNo"><input class="radio" type="radio" name="confirm" value="No" checked="checked" /> No </div><br /><br />';
echo '<input type="hidden" name="id" value="' . $_id . '" />';
echo '<input type="text" name="firstName" value="' . $_firstName . '" /><br />';
echo '<input type="text" name="lastName" value="' . $_lastName . '" /><br />';
echo '<input type="text" name="email" value="' . $_email . '" />';
echo '<input class="applyBtn" type="submit" value="UPDATE" name="submit" />';
}
echo '<p><< Back to the Admin Page</p>';
?>

Related

Issues with Inserting array hidden form values into the database [duplicate]

I have seen a ton of people like me posting about this issue on this forum.
I have not been able to resolve my own issue from any of those examples.
For instance, this code below is from a page called review.php:
<?php
error_reporting(E_ALL);
echo "DEBUG POST DATA: <pre>".print_r($_POST, 1)."</pre>";
if(isset($_POST['employeename']))
$employeename = $_POST['employeename'];
if(isset($_POST['email']))
$email = $_POST['email'];
if(isset($_POST['ttitle']))
$ttitle = $_POST['ttitle'];
$rowIDs = $_POST['rowIDs'];
$row2IDs = $_POST['row2IDs'];
echo $employeename .'<br>';
echo $ttitle .'<br> <hr width=400 align=left>';
$rowIDs = $_POST['rowIDs'];
foreach ($rowIDs as $id) {
$sourcename = $_POST['sourcename' . $id];
$sourceaddress = $_POST['sourceaddress' . $id];
$income = $_POST['income' . $id];
echo 'Name: '. $sourcename . '<br />';
echo 'Address: '. $sourceaddress . '<br />';
echo 'Income: '. $income . '<br /><br>';
}
foreach ($row2IDs as $id) {
$spousename = $_POST['spousename' . $id];
$spouseAddress = $_POST['spouseAddress' . $id];
$spouseIncome = $_POST['spouseIncome' . $id];
echo 'Name: '. $spousename . '<br />';
echo 'Address: '. $spouseAddress . '<br />';
echo 'spouseIncome: '. $spouseIncome . '<br /><br>';
echo 'Your email: '. $email . '<br /><br>';
}
?>
<body>
<form action='final.php' method = 'POST'>
<input type="hidden" name="employeename" value="<?php echo $employeename; ?>">
<input type="hidden" name="ttitle" value="<?php echo $ttitle; ?>">
<input type="hidden" name="sourcename[]" value="<?php echo $_POST['sourcename' . $id]; ?>">
<input type="hidden" name="sourceaddress[]" value="<?php echo $_POST['sourceaddress' . $id]; ?>">
<input type="hidden" name="income[]" value="<?php echo $_POST['income' . $id]; ?>">
<input type="hidden" name="spousename[]" value="<?php echo $_POST['spousename' . $id]; ?>">
<input type="hidden" name="spouseAddress[]" value="<?php echo $_POST['spouseAddress' . $id]; ?>">
<input type="hidden" name="spouseIncome[]" value="<?php echo $_POST['spouseIncome' . $id]; ?>">
Return to correct changes <input type="submit" value="submit" />
</form>
</body>
When I run it, I get:
Notice: Array to string conversion in C:\xampp\htdocs\folder\forms\final.php on line 70
The error points to this line:
if( mysqli_stmt_execute($sth) ) {...
which is a part of the following insert statement:
$sql = 'INSERT INTO `mydb`.`wp_mytable` ( `employeeID`'
. ', `sourcename`, `sourceaddress`, `income`,`spousename`,`spouseAddress`,`spouseincome` )'
. ' VALUES ( ? , ? , ? , ? , ? , ? , ? )';
if( $sth = mysqli_prepare($conn,$sql) ) {
mysqli_stmt_bind_param($sth,'sssssss'
,$last_id
,$_POST["sourcename"]
,$_POST["sourceaddress"]
,$_POST["income"]
,$_POST["spousename"]
,$_POST["spouseAddress"]
,$_POST["spouseIncome"]
);
I also know that I need to do a FOR loop on these fields like this one below that I am passing as an array in hidden form.
<input type="hidden" name="sourcename[]" value="<?php echo $_POST['sourcename' . $id]; ?>">
How do incorporate a foreach loop on these hidden form fields on review.php so that users can store as many rows as possible without these errors getting in the way?
Thank you

How do I get rid of this Notice: Array to string conversion in... error

I have seen a ton of people like me posting about this issue on this forum.
I have not been able to resolve my own issue from any of those examples.
For instance, this code below is from a page called review.php:
<?php
error_reporting(E_ALL);
echo "DEBUG POST DATA: <pre>".print_r($_POST, 1)."</pre>";
if(isset($_POST['employeename']))
$employeename = $_POST['employeename'];
if(isset($_POST['email']))
$email = $_POST['email'];
if(isset($_POST['ttitle']))
$ttitle = $_POST['ttitle'];
$rowIDs = $_POST['rowIDs'];
$row2IDs = $_POST['row2IDs'];
echo $employeename .'<br>';
echo $ttitle .'<br> <hr width=400 align=left>';
$rowIDs = $_POST['rowIDs'];
foreach ($rowIDs as $id) {
$sourcename = $_POST['sourcename' . $id];
$sourceaddress = $_POST['sourceaddress' . $id];
$income = $_POST['income' . $id];
echo 'Name: '. $sourcename . '<br />';
echo 'Address: '. $sourceaddress . '<br />';
echo 'Income: '. $income . '<br /><br>';
}
foreach ($row2IDs as $id) {
$spousename = $_POST['spousename' . $id];
$spouseAddress = $_POST['spouseAddress' . $id];
$spouseIncome = $_POST['spouseIncome' . $id];
echo 'Name: '. $spousename . '<br />';
echo 'Address: '. $spouseAddress . '<br />';
echo 'spouseIncome: '. $spouseIncome . '<br /><br>';
echo 'Your email: '. $email . '<br /><br>';
}
?>
<body>
<form action='final.php' method = 'POST'>
<input type="hidden" name="employeename" value="<?php echo $employeename; ?>">
<input type="hidden" name="ttitle" value="<?php echo $ttitle; ?>">
<input type="hidden" name="sourcename[]" value="<?php echo $_POST['sourcename' . $id]; ?>">
<input type="hidden" name="sourceaddress[]" value="<?php echo $_POST['sourceaddress' . $id]; ?>">
<input type="hidden" name="income[]" value="<?php echo $_POST['income' . $id]; ?>">
<input type="hidden" name="spousename[]" value="<?php echo $_POST['spousename' . $id]; ?>">
<input type="hidden" name="spouseAddress[]" value="<?php echo $_POST['spouseAddress' . $id]; ?>">
<input type="hidden" name="spouseIncome[]" value="<?php echo $_POST['spouseIncome' . $id]; ?>">
Return to correct changes <input type="submit" value="submit" />
</form>
</body>
When I run it, I get:
Notice: Array to string conversion in C:\xampp\htdocs\folder\forms\final.php on line 70
The error points to this line:
if( mysqli_stmt_execute($sth) ) {...
which is a part of the following insert statement:
$sql = 'INSERT INTO `mydb`.`wp_mytable` ( `employeeID`'
. ', `sourcename`, `sourceaddress`, `income`,`spousename`,`spouseAddress`,`spouseincome` )'
. ' VALUES ( ? , ? , ? , ? , ? , ? , ? )';
if( $sth = mysqli_prepare($conn,$sql) ) {
mysqli_stmt_bind_param($sth,'sssssss'
,$last_id
,$_POST["sourcename"]
,$_POST["sourceaddress"]
,$_POST["income"]
,$_POST["spousename"]
,$_POST["spouseAddress"]
,$_POST["spouseIncome"]
);
I also know that I need to do a FOR loop on these fields like this one below that I am passing as an array in hidden form.
<input type="hidden" name="sourcename[]" value="<?php echo $_POST['sourcename' . $id]; ?>">
How do incorporate a foreach loop on these hidden form fields on review.php so that users can store as many rows as possible without these errors getting in the way?
Thank you

While Loop inside While Loop

I have a problem with this code in that the second while loop only runs the first time through the code, and then also it makes it so that the $row['id'] does not get a value. Can you help me figure out where I went wrong with this?
$result = mysqli_query($con,"SELECT * FROM faq ORDER BY `order`");
$result2 = mysqli_query($con,"SELECT * FROM sections ORDER BY `order`");
while($row = mysqli_fetch_array($result))
{
echo '<form action="../../includes/faqupdate.php" method="post" style="margin:40px;">';
echo '<input type="text" name="order" style="width:20px;text-align:center;" onclick="this.value=\'\';" onfocus="this.select()" onblur="this.value=!this.value?\'' . $row['order'] . '\':this.value;" value="' . $row['order'] . '">';
echo '<input type="text" name="heading" onclick="this.value=\'\';" onfocus="this.select()" onblur="this.value=!this.value?\'' . $row['heading'] . '\':this.value;" value="' . $row['heading'] . '">';
echo '<select name="section">';
$section = $row['section'];
while($row = mysqli_fetch_array($result2)) {
$sectionname = $row['sectionname'];
if ($sectionname == $section) {
echo '<option value="' . $sectionname . '" selected="selected">' . $sectionname . '</option>';
} else {
echo '<option value="' . $sectionname . '">' . $sectionname . '</option>';
}
}
echo '</select>';
echo '<input type="text" name="id" style="width:20px;background-color:#CCC;text-align:center;" value="' . $row['id'] . '" readonly>';
echo '<textarea name="content" cols="98" rows="10">' . $row['content'] . '</textarea>';
echo '<input type="submit" name="submission" value="Update">';
echo '<input type="submit" name="submission" value="Delete">';
echo '</form>';
}

Another issue I see with your code is that you will only be able fetch the result set of the query once. So instead get the values beforehand, and store them in a variable like so.
$result2 = mysqli_query($con, "SELECT * FROM sections ORDER BY `order`");
$sectionnames = array();
while($row = mysqli_fetch_array($result2)) {
$sectionnames[] = $row['sectionname'];
}
$result = mysqli_query($con,"SELECT * FROM faq ORDER BY `order`");
while($row = mysqli_fetch_array($result))
{
echo '<form action="../../includes/faqupdate.php" method="post" style="margin:40px;">';
echo '<input type="text" name="order" style="width:20px;text-align:center;" onclick="this.value=\'\';" onfocus="this.select()" onblur="this.value=!this.value?\'' . $row['order'] . '\':this.value;" value="' . $row['order'] . '">';
echo '<input type="text" name="heading" onclick="this.value=\'\';" onfocus="this.select()" onblur="this.value=!this.value?\'' . $row['heading'] . '\':this.value;" value="' . $row['heading'] . '">';
echo '<select name="section">';
$section = $row['section'];
foreach ($sectionnames as $sectionname) {
if ($sectionname == $section) {
echo '<option value="' . $sectionname . '" selected="selected">' . $sectionname . '</option>';
} else {
echo '<option value="' . $sectionname . '">' . $sectionname . '</option>';
}
}
echo '</select>';
echo '<input type="text" name="id" style="width:20px;background-color:#CCC;text-align:center;" value="' . $row['id'] . '" readonly>';
echo '<textarea name="content" cols="98" rows="10">' . $row['content'] . '</textarea>';
echo '<input type="submit" name="submission" value="Update">';
echo '<input type="submit" name="submission" value="Delete">';
echo '</form>';
}

It's because you are redeclaring $row, try:
$result = mysqli_query($con,"SELECT * FROM faq ORDER BY `order`");
$result2 = mysqli_query($con,"SELECT * FROM sections ORDER BY `order`");
while($row = mysqli_fetch_array($result))
{
echo '<form action="../../includes/faqupdate.php" method="post" style="margin:40px;">';
echo '<input type="text" name="order" style="width:20px;text-align:center;" onclick="this.value=\'\';" onfocus="this.select()" onblur="this.value=!this.value?\'' . $row['order'] . '\':this.value;" value="' . $row['order'] . '">';
echo '<input type="text" name="heading" onclick="this.value=\'\';" onfocus="this.select()" onblur="this.value=!this.value?\'' . $row['heading'] . '\':this.value;" value="' . $row['heading'] . '">';
echo '<select name="section">';
$section = $row['section'];
while($row2 = mysqli_fetch_array($result2)) {
$sectionname = $row2['sectionname'];
if ($sectionname == $section) {
echo '<option value="' . $sectionname . '" selected="selected">' . $sectionname . '</option>';
} else {
echo '<option value="' . $sectionname . '">' . $sectionname . '</option>';
}
}
echo '</select>';
echo '<input type="text" name="id" style="width:20px;background-color:#CCC;text-align:center;" value="' . $row['id'] . '" readonly>';
echo '<textarea name="content" cols="98" rows="10">' . $row['content'] . '</textarea>';
echo '<input type="submit" name="submission" value="Update">';
echo '<input type="submit" name="submission" value="Delete">';
echo '</form>';
}

Rename your $row in your second while condition for $row2

Invalid argument supplied for foreach() - Yet output is showing

I am working to show editable fields based on query results. I know the query is functioning properly, and it is returning an array. The array is populating the form fields properly, however, I am getting the "Invalid argument supplied for foreach()" warning. I am new at this, and at a loss as to what is happening. I appreciate any suggestions.
Here is the code:
// Grab the profile data from the database
$query8 = "SELECT * FROM EDUCATION WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "' ORDER BY RECORD";
$data = mysqli_query($dbc, $query8);
echo '<pre>' . print_r($data, true) . '</pre>';
$rowcount = 1;
while ($row = mysqli_fetch_assoc($data))
{
if (is_array($row))
{
echo '<p> It is an Array</p>';
}
foreach($row as &$item)
{
$record = $row['RECORD'];
$school = $row['SCHOOL'];
$type = $row['TYPE'];
$degree = $row['DEGREE'];
$major = $row['MAJOR'];
$grad = $row['GRAD'];
?>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend>Education History </legend>
<?php
echo '<input type="hidden" id="record" name="record" value="' . $record . '">';
echo 'Rowcount' . $rowcount. '</br>';
// Insert Listbox here
$queryschool = "SELECT * FROM SCHOOL";
$list = mysqli_query($dbc, $queryschool);
if($list)
{
echo 'School Type? ';
echo '<select name="school_code">';
while($row = mysqli_fetch_assoc($list))
{
echo "<option value={$row['CODE']}>{$row['TYPE']}" ;
echo '</option>';
}
echo '</select>';
}
echo '<br />';
echo '<label for="school">School Name:</label>';
echo '<input type="text" id="school" name="school" size="40" maxlength="40" value="' . ( (!empty($school)) ? $school : "") . '" /><br />';
// Insert Listbox here
$querydegree = "SELECT * FROM DEGREE";
$list = mysqli_query($dbc, $querydegree);
if($list)
{
echo 'Degree Type? ';
echo '<select name="degree_code">';
while($row = mysqli_fetch_assoc($list))
{
echo "<option value={$row['CODE']}>{$row['DEGREE']}";
echo '</option>';
}
echo '</select>';
}
echo '<br />';
echo '<label for="major">Field of study:</label>';
echo '<input type="text" id="major" name="major" size="40" maxlength="40" value="' . ( (!empty($major)) ? $major : "") . '" /><br />';
echo '<label for="grad">Did you graduate?:</label>';
echo '<input type="radio" id="grad" name="grad" value="Y" ' . ($grad == "Y" ? 'checked="checked"':'') . '/>Yes ';
echo '<input type="radio" id="grad" name="grad" value="N" ' . ($grad == "N" ? 'checked="checked"':'') . '/>No<br />';
?>
</fieldset>
<?php
$rowcount++;
}
}
;
echo '<label for="another">Do you need to enter more educational experience?:</label>';
echo '<input type="radio" id="another" name="another" value="Y" ' . ($another == "Y" ? 'checked="checked"':'') . '/>Yes ';
echo '<input type="radio" id="another" name="another" value="N" ' . ($another == "N" ? 'checked="checked"':'') . '/>No<br />';
?>
<input type="submit" value="Save Profile" name="submit" />
</form>

foreach ($row as &$item)
replace this with:
foreach ($row as $item)
And then for each variable you should probably change
$record = $row['RECORD'];
to
$record = $item['RECORD'];

foreach($row as &$item) should be
foreach($row as $item)
there is no need to use the foreach here you can just do this like like
while ($row = mysqli_fetch_assoc($data))
{
$record = $row['RECORD'];
$school = $row['SCHOOL'];
$type = $row['TYPE'];
$degree = $row['DEGREE'];
$major = $row['MAJOR'];
$grad = $row['GRAD'];
}

You're not changing the row item, so don't pass by reference to the foreach. Also, shouldn't you be using $item instead of $row? Do this:
foreach($row as $item)
{
$record = $item['RECORD'];
$school = $item['SCHOOL'];
....
Don't do This:
foreach($row as &$item)
{
$record = $row['RECORD'];
$school = $row['SCHOOL'];
....

Update "posting" in PHP, but when checking database, the database shows NULL

I am working on this code, and I am at wits end right now. For some reason my I can't update my database.
The code below is updated, the code no longer works, the update command seems to stall the PHP and causes and error. If anyone can resolve this it would be greatly appreciated.
<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PDI NCMR - Edit</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
<div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>
<?php
if (isset($_POST['submit'])) {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Enter data into the database
$id = mysqli_real_escape_string($dbc, trim($_POST['id']));
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = "$_GET['id']"";
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// and at least use a basic mechanism to trap possibles errors
mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc));
// Confirm success with the user
echo '<p>If you wish to edit more NCMRs, please go to the admin page!</p>';
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
mysqli_close($dbc);
}
else {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['id'])) {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
else {
$query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo '<form action="edit.php?id=<?php echo $id;?>" method="POST">'
echo '<fieldset>';
echo '<div id="box1">';
if (empty($row['ab'])) $row['ab'] = "Empty";
if (empty($row['date'])) $row['date'] = "Empty";
if (empty($row['part'])) $row['part'] = "Empty";
if (empty($row['rev'])) $row['rev'] = "Empty";
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
echo '<div id="ab"><span class="b">Added By: </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
echo '<div id="date"><span class="b">Date Filed: </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
echo '<div id="part"><span class="b">Part Number: </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
echo '<div id="rev"><span class="b">Part Revision: </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
echo '<div id="ncmrqty"><span class="b">NCMR Qty: </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
echo '</div>';
//Company, Customer NCMR, Internal RMA, and Job Number
echo '<div id="box2">';
if (empty($row['comp'])) $row['comp'] = "Empty";
if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
if (empty($row['rma'])) $row['rma'] = "Empty";
if (empty($row['jno'])) $row['jno'] = "Empty";
echo '<div id="comp"><span class="b">Company: </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
echo '<div id="ncmrid"><span class="b">Customer NCMR ID: </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
echo '<div id="rma"><span class="b">Internal RMA #: </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
echo '<div id="jno"><span class="b">Job #: </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
echo '</div>';
//Type of Failure and Class of Failure
echo '<div id="box3">';
echo '<h2>Failure</h2>';
echo '<div id="cof"><span class="b">Class of Failure: </span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>';
echo '<div id="fdt"><span class="b">Failure Due To: </span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>';
echo '</div>';
//Fabricators
echo '<div id="box4">';
echo '<h2>Fabricators</h2>';
if ($row['fab1']="--None--")
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
if ($row['fab2']="--None--")
{
echo'<div id="fab2">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab2'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
}
if ($row['fab3']="--None--")
{
echo'<div id="fab3">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab3'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
} echo '</div>';
//Nonconformity, Disposition, Comments and Comments & Additional Details
echo '<div id="box5">';
if (empty($row['non'])) $row['non'] = "Empty";
if (empty($row['dis'])) $row['dis'] = "Empty";
if (empty($row['comm'])) $row['comm'] = "Empty";
if (empty($row['caad'])) $row['caad'] = "Empty";
echo '<div id="non"><span class="b">Nonconformity: </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
echo '<div id="dis"><span class="b">Disposition: </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
echo '<div id="comm"><span class="b">Comments: </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
echo '<div id="caad"><span class="b">Comments and/or Additional Details: </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';
echo '<div id="podr">';
if (empty($row['po'])) $row['po'] ="Empty";
if (empty($row['pod'])) $row['pod'] ="Empty";
if (empty($row['dir'])) $row['dri'] ="Empty";
echo '<div id="po"><span class="b">PO: </span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>';
echo '<div id="pod"><span class="b">PO Date: </span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>';
echo '<div id="dri"><span class="b">Date Received: </span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>';
echo '</div>';
echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
echo '</div>';
?>
</body>
</html>

Your form method is POST so you need to add hidden field to embed/save the ID (value from $_GET) so when you submit this form you will get value from textarea as well as correct ID value using $_POST['id'].
I've removed some unrelated statement.
.....
.....
<?php
$id=0;
if(isset($_GET['id']))
$id=$_GET['id'];
if (isset($_POST['submit'])) {
$id=$_POST["id"];
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$ncmrsr = mysqli_real_escape_string($dbc, trim($_POST['ncmrsr']));
$ncmrsc = mysqli_real_escape_string($dbc, trim($_POST['ncmrsc']));
$query = "UPDATE ncmr SET ncmrsr = '$ncmrsr', ncmrsc = '$ncmrsc' WHERE id = $id";
$result=mysqli_query($dbc, $query);
if($result)
echo '<p>Your comments have been successfully entered. Please return to the admin page to view the final report!</p>';
mysqli_close($dbc);
}
else
{
if(!isset($_GET['id']))
{
header("Location: list.php");
exit();
}
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$query = "SELECT * FROM ncmr WHERE id = $id";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo'<div id="title"><h3 id="NCMR2">Non-Conforming Materials Report (NCMR: ' . $row['rma'] . ')</h3></div>';
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';
echo '<div id="box6">';
// We know both $ncmrsr AND $ncmrsc are blank
if (empty($row['ncmrsr']) && empty($row['ncmrsc'])) {
// add comment.
echo '<div id="ncmrsr"><span class="b">NCMR Supplier Response:<br /></span><textarea name="ncmrsr" rows="6" cols="105" ></textarea></div>';
echo '<div id="ncmrsc"><span class="b">NCMR Supplier Comment:<br /></span><textarea name="ncmrsc" rows="6" cols="105" ></textarea></div>';
echo '<div id="button2"><input type="submit" name="submit" value="Add Comment" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>";
}
else {
// echo the two fields.
if (empty($row['ncmrsr'])) $row['ncmrsr'] ="Empty";
if (empty($row['ncmrsc'])) $row['ncmrsc'] ="Empty";
echo '<div id="ncmrsr"><span class="b">NCMR Supplier Response:</span><br />' . $row['ncmrsr'] . '</div>';
echo '<div id="ncmrsc"><span class="b">NCMR Supplier Comment:</span><br />' . $row['ncmrsc'] . '</div>';
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
// End of check for a single row of user results
else {
echo '<p class="error">Please contact the web administrator, there seems to be an error!</p>';
}
mysqli_close($dbc);
}
echo '</div>';
?>
</body>
</html>

You need to cleanse any and all input from the user. If $GET or $POST exist on the same line as a query string, you need to escape it like this one:
$query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
Better yet, you're already using mysqli, so use a prepared statement instead.
If you're using mysqli, you may be using InnoDB, and it maybe that transactions are implicitly on, and auto-commit for the connection is off, so you may not be committing the transaction, at least if one is in effect. Try adding mysqli_commit() before the close, and see if it helps.
In general, in development mode, you might wanna check your php.ini for error reporting, and check error_log on your web server to see if errors are reported there. If the query fails, it may not show up on the page output, but it may show up in the error log.

I'll suggest you test if mysqli_query($dbc, $query) was successful
if (mysqli_query($dbc, $query)) {
echo '<p>Your comments have been successfully entered. Please return to the admin page to view the final report!</p>';
} else {
echo mysqli_error($dbc);
}

We Keep Coding

PHP, A popular general-purpose scripting language that is especially suited to web development.

PHP and mySQL "UPDATE" doesn't actually update - php

$_query = "UPDATE midterm " . "SET email = '$_email' WHERE id = '$_id'" ; should be $_query = "UPDATE midterm " . "SET email = $_email". "WHERE id = $_id " ;

Related

Issues with Inserting array hidden form values into the database [duplicate]

How do I get rid of this Notice: Array to string conversion in... error

While Loop inside While Loop

Invalid argument supplied for foreach() - Yet output is showing

Update "posting" in PHP, but when checking database, the database shows NULL

Categories

Resources