I would like to insert datetime stamp into a variable once the if-condition is satisfied. But I get the following error:
Notice: Undefined index: status in C:\wamp\www\business\edit_log_widget.php on line 55
The following is the php code:
<?php
include 'scripts/init.php';
include 'html/header.php';
$page = 'servers';
$id =$_SESSION['logid'];
$query = "SELECT *FROM log WHERE logid = $id";
$query_submit = mysql_query($query) or die(mysql_error);
$row = mysql_fetch_assoc($query_submit);
?>
<div class="article">
<h2><span>Edit Logs</span></h2>
<div class="clr"></div>
<form action="" method="POST" >
<p>
<table border="0">
<tr>
<td><label for="Task Name">Task Name:*</label></td>
<td><input type="text" name="task_name" size="45" value="<?php echo $row['task_name'] ?>"/></td>
</tr>
<tr>
<td><label for="description">Problem Description:*</label></td>
<td><textarea name="description" cols="33" rows="10" ><?php echo $row['description'] ?></textarea></td>
</tr>
<tr>
<td><label for="solution">Solution Description:*</label></td>
<td><textarea name="solution" cols="33" rows="10" ><?php echo $row['solution'] ?></textarea></td>
</tr>
<tr>
<td><label for="status">Status:*</label></td>
<td>
<select id="Select2" name="status">
<option>-Select-</option>
<option>Resolved</option>
<option>Un-resolved</option>
<option>In-Progress</option>
</select>
</td>
</tr>
</table>
</p>
<p>
<td><input id="Submit" type="submit" value="Submit" /></td>
<td><input id ="Clear and Restart" type ="reset" value= "Clear and Restart" /></td>
</p>
<?php
if($_POST['status']== 'Resolved')
{
$today = DateTime::createFromFormat('!Y-m-d',date('Y-m-d')); // This is Line 55
}
if(isset($_GET['success']) && empty($_GET['sucess']))
{
echo 'the log has been captured';
}
else
{
if(empty($_POST) === false && empty($errors)=== true)
{
//Update Log details
$update_log = array(
'task_name'=>$_POST['task_name'],
'description' => $_POST['description'],
'solution' =>$_POST['solution'],
'status'=>$_POST['status'],
'closed_date'=>$today,
'userid' =>$_SESSION['userid']);
update_log($update_log);
//redirect
header('Location: edit_log_widget.php?success');
exit();
}
else if(empty($errors) === false)
{
//output errors if the errors array is not empty
echo output($errors);
}
}
?>
</form>
<?php
include 'html/side_menu.php';
include 'html/footer.php';
?>
Update: edit_log.php.
<?php
include 'scripts/init.php';
include 'html/header.php';
$page = 'servers';
$id = $_GET['logid'];
$_SESSION['logid'] = $id;
$query = "SELECT *FROM log WHERE logid = $id";
$query_submit = mysql_query($query) or die(mysql_error);
$row = mysql_fetch_assoc($query_submit);
?>
<div class="article">
<h2><span>Edit Logs</span></h2>
<div class="clr"></div>
<form action="edit_log_widget.php" method="POST" >
<p>
<table border="0">
<tr>
<td><label for="Task Name">Task Name:*</label></td>
<td><input type="text" name="task_name" size="45" value="<?php echo $row['task_name'] ?>"/></td>
</tr>
<tr>
<td><label for="description">Problem Description:*</label></td>
<td><textarea name="description" cols="33" rows="10" ><?php echo $row['description'] ?></textarea></td>
</tr>
<tr>
<td><label for="solution">Solution Description:*</label></td>
<td><textarea name="solution" cols="33" rows="10" ><?php echo $row['solution'] ?></textarea></td>
</tr>
<tr>
<td><label for="status">Status:*</label></td>
<td>
<select id="Select2" name="status">
<option>-Select-</option>
<option value="Resolved">Resolved</option>
<option value="Un-resolved">Un-resolved</option>
<option value="In-Progress">In-Progress</option>
</select>
</td>
</tr>
</table>
</p>
<p>
<td><input id="Submit" type="submit" value="Submit" /></td>
<td><input id ="Clear and Restart" type ="reset" value= "Clear and Restart" /></td>
</p>
</form>
<?php
include 'html/side_menu.php';
include 'html/footer.php';
?>
You haven't specified any value to your options ;)
<option value="Resolved">Resolved</option>
The PHP code is executed before the form has been submitted, and therefor $_POST['status'] has not yet been defined.
$_POST['status']
the entry status of the array $_POST is not defined
You are trying to access variables that are not yet set.
To avoid that you could check first, if the form was submitted before e.g.
<?php
if(!empty($_POST['Submit'])){
if($_POST['status']== 'Resolved')
{
$today = DateTime::createFromFormat('!Y-m-d',date('Y-m-d')); // This is Line 55
}
if(isset($_GET['success']) && empty($_GET['sucess']))
{
echo 'the log has been captured';
}
else
{
if(empty($_POST) === false && empty($errors)=== true)
{
//Update Log details
$update_log = array(
'task_name'=>$_POST['task_name'],
'description' => $_POST['description'],
'solution' =>$_POST['solution'],
'status'=>$_POST['status'],
'closed_date'=>$today,
'userid' =>$_SESSION['userid']);
update_log($update_log);
//redirect
header('Location: edit_log_widget.php?success');
exit();
}
else if(empty($errors) === false)
{
//output errors if the errors array is not empty
echo output($errors);
}
}
}
?>
You're missing some html props, your <option> must have a the value prop like so:
<td>
<select id="Select2" name="status">
<option value="0">-Select-</option>
<option value="1">Resolved</option>
<option value="2">Un-resolved</option>
<option value="3">In-Progress</option>
</select>
</td>
You're getting that error because you're missing it on your first html snippet, while you have it on your second, so there's nothing for PHP to get
I moved all the php to the top of the html form and now it works fine. Thanks guys for trying to help me out
Related
So I am trying to get the title from the URL by using $_GET['title'] in the first PHP file, but I can't get the file on the 2nd file.
URL:
https://easy2book.000webhostapp.com/neworder.php?bookid=101&title=SENIOR%20secondary%20geography%20fieldwork%20and%20assessment%20practice%202021.%20For%20HKDSE%202021%20/%20Ip%20Kim%20Wai%20...%20[et%20al.].
1st File:
<?php
include_once 'header.php';
$id2 = mysqli_real_escape_string($conn, $_GET['bookid']);
$title2 = mysqli_real_escape_string($conn, $_GET['title']);
?>
<section class="neworder-form">
<h2>Order</h2>
<div class="neworder-form-form">
<form action="neworder.inc.php" method="post">
<table>
<tr>
<td>Book ID:</td>
<td>
<input type="text" disabled="disabled" name="bookid2" value="<?= $id2 ?>">
</td>
</tr>
<tr>
<td>Book Title: </td>
<td>
<input type="text" disabled="disabled" name="title2" value="<?= $title2 ?>">
</td>
</tr>
<tr>
<td>Username: </td>
<td>
<input type="text" name="uid2" placeholder="Username...">
</td>
</tr>
<tr>
<td>Comfirmed Book ID: </td>
<td>
<input type="text" name="id2" placeholder="Please enter the Book ID....">
</td>
</tr>
</table>
<button type="submit" name="submit2">Order</button>
</form>
</div>
<?php
// Error messages
if (isset($_GET["error"])) {
if ($_GET["error"] == "emptyinput2") {
echo "<p>Fill in all fields!</p>";
}
else if ($_GET["error"] == "usernametaken2") {
echo "<p>Username already taken!</p>";
}
}
?>
</section>
2nd File:
<?php
if (isset($_POST["submit2"])) {
// First we get the form data from the URL
$uid2 = $_POST["uid2"];
$id2 = $_POST["id2"];
$title2 = $_POST["title2"];
// Then we run a bunch of error handlers to catch any user mistakes we can (you can add more than I did)
// These functions can be found in functions.inc.php
require_once "dbh.inc.php";
require_once 'functions2.inc.php';
// Left inputs empty
// We set the functions "!== false" since "=== true" has a risk of giving us the wrong outcome
if (emptyInputOrder2($uid2,$id2) !== false) {
header("location: ../neworder.php?error=emptyinput&bookid=$id2&title=$title2");
exit();
}
// Is the username exists
if (uidExists2($conn, $uid2) !== true) {
header("location: ../neworder.php?error=undefineuser");
exit();
}
// If we get to here, it means there are no user errors
// Now we insert the user into the database
createUser($conn, $uid2, $id2);
} else {
header("location: ../neworder.php");
exit();
}
The input fields are disbled, disabled inputs are not posted.
Replace $title2 = $_POST[""]; with $title2 = $_POST["title2"];
i have this code in PHP and a database sql.. the situation is .. if i type the 1, 2 or 3 (productID) .. the textbox will be populated and field with database values.. but when i run the program.. fortunately it has no errors.. but when i type the id or 1 and click the submit button.. it doesnt get the neccessary values.. sorry for this im a complete newbie and im practicing PHP for a while now.. any help will do.. thank you..
<?php
session_start();
include_once 'dbconnect.php';
if(!isset($_SESSION['user'])){
header("Location: index.php");
}
$res = mysql_query("SELECT * FROM users WHERE user_id=".$_SESSION['user']);
$userRow = mysql_fetch_array($res);
?>
<?php
require('dbconnect.php');
$id = (isset($_REQUEST['productID']));
$result = mysql_query("SELECT * FROM tblstore WHERE productID = '$id'");
$sql = mysql_fetch_array($result);
if(!$result){
die("Error: Data not found");
} else {
$brandname = $sql['brandname'];
$price = $sql['price'];
$stocks = $sql['stocks'];
}
?>
<html>
<body>
<p>
hi' <?php echo $userRow['username']; ?> Sign Out
</p>
<form method="post">
<table align="center">
<tr>
<td>Search Apparel:</td>
<td><input type="text" name="search" name="productID" /></td>
</tr>
<tr>
<td>Brandname:</td>
<td><input type="text" name="brandname" value="<?php echo $brandname; ?>"/ </td>
</tr>
<tr>
<td>Price:</td>
<td><input type="text" name="price" value="<?php echo $price; ?>"/></td>
</tr>
<tr>
<td>Stocks:</td>
<td><input type="text" name="stocks" value="<?php echo $stocks; ?>"/></td>
</tr>
<tr>
<td> </td>
<td><input type="submit" name="submit" value="Search" /></td>
</tr>
</table>
</form>
</body>
</html>
your getting the id incorrectly, you have:
<?php
$_REQUEST['productID']=8; //for testing
$id = (isset($_REQUEST['productID']));
if you check it you will find the output is true\false as returned by isset
var_dump($id); //true
what you should use is:
<?php
if(isset($_REQUEST['productID'])){ //maybe also check its a number and or valid range
$id=$_REQUEST['productID'];
}
I have a simple form on my page and I want to make sure every field is filled before inserting the values into the database. The problem is the condition never met, even if every field is filled I still get "Something is missing"...
Search:
<form method="post" action="<?php echo $_SERVER[" PHP_SELF "]?>">
<input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
<?php if (isset($_POST[ "search"])) { $email_search=m ysql_real_escape_string($_POST[ "email_search"]); $check=m ysql_query( "SELECT * FROM torzsvendegek WHERE email = '$email_search'"); $s=m ysql_fetch_array($check); }?>
<form method="post" action="<?php echo $_SERVER[" PHP_SELF "]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td>
<input type="text" name="email" value="<?php echo $email_search;?>" disabled>
</td>
</tr>
<tr>
<td>Név:</td>
<td>
<input type="text" name="nev" value="<?php echo $s['nev'];?>">
</td>
</tr>
<tr>
<td>Mikor:</td>
<td>
<input type="text" name="mikor">
</td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td>
<input type="text" name="ejszakak">
</td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($s[ 'nyelv']=="magyar" ) echo "selected=\"selected\ ""; ?>>Magyar</option>
<option value="nemet" <?php if($s[ 'nyelv']=="nemet" ) echo "selected=\"selected\ ""; ?>>Német</option>
<option value="lengyel" <?php if($s[ 'nyelv']=="lengyel" ) echo "selected=\"selected\ ""; ?>>Lengyel</option>
<option value="roman" <?php if($s[ 'nyelv']=="roman" ) echo "selected=\"selected\ ""; ?>>Román</option>
<option value="szlovak" <?php if($s[ 'nyelv']=="szlovak" ) echo "selected=\"selected\ ""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s[ 'nyelv']=="egyeb" ) echo "selected=\"selected\ ""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td>
<textarea name="megjegyzes">
<?php echo htmlspecialchars($s[ 'megjegyzes']);?>
</textarea>
</td>
</tr>
</table>
<br>
<table width="440">
<tr>
<td>
<input type="submit" name="submit_add" value="Hozzáad">
</td>
</tr>
</table>
</form>
<?php if (isset($_POST[ "submit_add"]) && !empty($_POST[ "nev"]) && !empty($_POST[ "email"]) && !empty($_POST[ "mikor"]) && !empty($_POST[ "ejszakak"])){ $nev=m ysql_real_escape_string($_POST[ "nev"]); $email=m ysql_real_escape_string($_POST[ "email"]); $mikor=m ysql_real_escape_string($_POST[ "mikor"]); $ejszakak=m ysql_real_escape_string($_POST[ "ejszakak"]); $nyelv=m ysql_real_escape_string($_POST[ "nyelv"]); $megjegyzes=m ysql_real_escape_string($_POST[ "megjegyzes"]); $check2=m ysql_query( "SELECT * FROM torzsvendegek WHERE email = '$email'"); $br="<br>" ; if (mysql_num_rows($check2)> 0) { $adatok = mysql_fetch_array($check2); $osszesen = ($adatok['ejszakak'] + $ejszakak); mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'"); echo "
<br>".$email." Updated"; } else { mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')"); echo "
<br>".$email." Added"; } } else { echo "Something is missing"; } ?>
You made 2 mistakes in your code:
1) You didn't close the first form (missing </form>)
2) You disabled the E-mail input field which resulted in always empty
Here's the updated (though deprecated and insecure!!!) code:
<?php
if(isset($_POST["search"])){
$email_search = mysql_real_escape_string($_POST["email_search"]);
$check = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email_search'");
$s = mysql_fetch_array($check);
}
if(isset($_POST["submit_add"]) && !empty($_POST["nev"]) && !empty($_POST["email"]) && !empty($_POST["mikor"]) && !empty($_POST["ejszakak"])){
$nev = mysql_real_escape_string($_POST["nev"]);
$email = mysql_real_escape_string($_POST["email"]);
$mikor = mysql_real_escape_string($_POST["mikor"]);
$ejszakak = mysql_real_escape_string($_POST["ejszakak"]);
$nyelv = mysql_real_escape_string($_POST["nyelv"]);
$megjegyzes = mysql_real_escape_string($_POST["megjegyzes"]);
$check2 = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email'");
$br = "<br>";
if (mysql_num_rows($check2) > 0){
$adatok = mysql_fetch_array($check2);
$osszesen = ($adatok['ejszakak'] + $ejszakak);
mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'");
echo "<br>".$email." Updated";
} else {
mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')");
echo "<br>".$email." Added";
}
} else {
echo "Something is missing";
}
?>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
Search: <input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
</form>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td><input type="text" name="email" value="<?php echo $email_search;?>"></td>
</tr>
<tr>
<td>Név:</td>
<td><input type="text" name="nev" value="<?php echo $s['nev'];?>"></td>
</tr>
<tr>
<td>Mikor:</td>
<td><input type="text" name="mikor"></td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td><input type="text" name="ejszakak"></td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($s['nyelv']=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($s['nyelv']=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($s['nyelv']=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($s['nyelv']=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($s['nyelv']=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s['nyelv']=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td><textarea name="megjegyzes"><?php echo htmlspecialchars($s['megjegyzes']);?></textarea></td>
</tr>
</table>
<br>
<table width="440">
<tr>
<td><input type="submit" name="submit_add" value="Hozzáad"></td>
</tr>
</table>
</form>
You need to close your search form tag to keep the two forms separated
Search:<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>"><input placeholder="e-mail address" type="text" name="email_search"><input type="submit" name="search" value="Go"></form>
and
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr><td>E-mail:</td><td><input type="text" name="email" value="<?php echo $email_search;?>" disabled></td></tr>
<tr><td>Név:</td><td><input type="text" name="nev" value="<?php echo $s['nev'];?>"></td></tr>
<tr><td>Mikor:</td><td><input type="text" name="mikor"></td></tr>
<tr><td>Éjszakák száma:</td><td><input type="text" name="ejszakak"></td></tr>
<tr><td>Nemzetisége:</td><td align="left"> <select name="nyelv">
<option value="magyar" <?php if($s['nyelv']=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($s['nyelv']=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($s['nyelv']=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($s['nyelv']=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($s['nyelv']=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($s['nyelv']=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select></td></tr>
<tr><td>Megjegyzés:</td><td><textarea name="megjegyzes"><?php echo htmlspecialchars($s['megjegyzes']);?></textarea></td></tr>
</table><br>
<table width="440"><tr><td><input type="submit" name="submit_add" value="Hozzáad"></td></tr></table>
</form>
You did not close your search form and you need to remove the disabled attribute from your email input field.
I re-wrote your code to help you will debugging. I commented out all the stuff related to the database so you can focus on the form fields only. Here is the code I re-wrote. I left comments so you can see what I did.
<?php
/******JUST TO MAKE DEBBUGGING EASIER***/
echo "<pre>"; // Start of the pre> tags
/**ANYTHING TO DO WITH THE DATABASE I HAVE COMMENTED OUT**/
if(isset($_POST["search"])){
$email_search = mysql_real_escape_string($_POST["email_search"]);
/**PRINT_R FOR DEBUGGING PURPOSES, REMOVE!!*/
print_r($email_search);
//$check = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email_search'");
//$s = mysql_fetch_array($check);
}
/***CHECK THE POST DATA, REMOVE FROM APPLICATION ONCE YOU HAVE DEBUGGED THE DATA**/
print_r($_POST);
/***I WILL STORE THE POST DATA IN VARIABLES BEFORE CHECKING**/
$nev = isset($_POST["nev"]) ? mysql_real_escape_string($_POST["nev"]) : null;
$email = isset($_POST["email"]) ? mysql_real_escape_string($_POST["email"]) : null;
$mikor = isset($_POST["mikor"]) ? mysql_real_escape_string($_POST["mikor"]) : null;
$ejszakak = isset($_POST["ejszakak"]) ? mysql_real_escape_string($_POST["ejszakak"]) : null;
$nyelv = isset($_POST["nyelv"]) ? mysql_real_escape_string($_POST["nyelv"]) : null;
$megjegyzes = isset($_POST["megjegyzes"]) ? mysql_real_escape_string($_POST["megjegyzes"]) : null;
if(isset($_POST["submit_add"]) && !is_null($nev) && !is_null($email) && !is_null($mikor) && !is_null($ejszakak)){
/*******
SINCE I ALREADY HAVE THEM, YOU NEED TO REMOVE THEM FROM THE CODE
$nev = mysql_real_escape_string($_POST["nev"]);
$email = mysql_real_escape_string($_POST["email"]);
$mikor = mysql_real_escape_string($_POST["mikor"]);
$ejszakak = mysql_real_escape_string($_POST["ejszakak"]);
$nyelv = mysql_real_escape_string($_POST["nyelv"]);
$megjegyzes = mysql_real_escape_string($_POST["megjegyzes"]);
******/
//$check2 = mysql_query("SELECT * FROM torzsvendegek WHERE email = '$email'");
$br = "<br>";
/*********
if (mysql_num_rows($check2) > 0) {
$adatok = mysql_fetch_array($check2);
$osszesen = ($adatok['ejszakak'] + $ejszakak);
mysql_query("UPDATE torzsvendegek SET nev = '".$nev."', mikor = '".$adatok['mikor']."".$mikor."".$br."', ejszakak = '".$osszesen."', nyelv = '".$nyelv."', megjegyzes = '".$adatok['megjegyzes']."".$megjegyzes."".$br."' WHERE email = '".$email."'");
echo "<br>".$email." Updated";
}else {
mysql_query("INSERT INTO torzsvendegek (id, nev, email, mikor, ejszakak, nyelv, megjegyzes) VALUES (NULL, '$nev', '$email', '".$mikor."".$br."', '$ejszakak', '$nyelv', '".$megjegyzes."')");
echo "<br>".$email." Added";
}
****/
}elseif (isset($_POST["submit_add"])) {
echo "Something is missing";
}
echo '</pre>';//end of pre
?>
Search:
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<input placeholder="e-mail address" type="text" name="email_search">
<input type="submit" name="search" value="Go">
</form>
<form method="post" action="<?php echo $_SERVER["PHP_SELF"]?>">
<table width="440" border="0" style="text-align:right;">
<tr>
<td>E-mail:</td>
<td><input type="text" name="email" value="<?php echo $email;?>" ></td>
</tr>
<tr>
<td>Név:</td>
<td><input type="text" name="nev" value="<?php echo $nev;?>"></td>
</tr>
<tr>
<td>Mikor:</td>
<td><input type="text" name="mikor" value="<?php echo $mikor;?>"></td>
</tr>
<tr>
<td>Éjszakák száma:</td>
<td><input type="text" name="ejszakak" value="<?php echo $ejszakak;?>"></td>
</tr>
<tr>
<td>Nemzetisége:</td>
<td align="left">
<select name="nyelv">
<option value="magyar" <?php if($nyelv=="magyar") echo "selected=\"selected\""; ?>>Magyar</option>
<option value="nemet" <?php if($nyelv=="nemet") echo "selected=\"selected\""; ?>>Német</option>
<option value="lengyel" <?php if($nyelv=="lengyel") echo "selected=\"selected\""; ?>>Lengyel</option>
<option value="roman" <?php if($nyelv=="roman") echo "selected=\"selected\""; ?>>Román</option>
<option value="szlovak" <?php if($nyelv=="szlovak") echo "selected=\"selected\""; ?>>Szlovák</option>
<option value="egyeb" <?php if($nyelv=="egyeb") echo "selected=\"selected\""; ?>>Egyéb</option>
</select>
</td>
</tr>
<tr>
<td>Megjegyzés:</td>
<td><textarea name="megjegyzes"><?php echo htmlspecialchars($megjegyzes);?></textarea>
</td>
</tr>
</table><br>
<table width="440">
<tr><td><input type="submit" name="submit_add" value="Hozzáad"></td></tr>
</table>
</form>
Please, I am having a problem when updating data in the database through a form. When ever I press the Update button to submit any changes made to a record, all the data in the mysql fields corresponding to drop list controls is errased. I do not know what is causing this problem. Here is the code:
<?php
//include database connection
include 'db_connect.php';
// get value of object id that was sent from address bar
$c_id = $_GET['c_id'];
//check any user action
$action = isset( $_POST['action'] ) ? $_POST['action'] : "";
if($action == "update"){ //if the user hit the submit button
//write our update query
//$mysqli->real_escape_string() function helps us prevent attacks such as SQL injection
$query = "UPDATE collections
SET
ctitle = '".$mysqli->real_escape_string($_POST['ctitle'])."',
csubject = '".$mysqli->real_escape_string($_POST['csubject'])."',
creference = '".$mysqli->real_escape_string($_POST['creference'])."',
cyear = '".$mysqli->real_escape_string($_POST['cyear'])."',
cobjecttype = '".$mysqli->real_escape_string($_POST['cobjecttype'])."',
cmaterial = '".$mysqli->real_escape_string($_POST['cmaterial'])."',
ctechnic = '".$mysqli->real_escape_string($_POST['ctechnic'])."',
cwidth = '".$mysqli->real_escape_string($_POST['cwidth'])."',
cheight = '".$mysqli->real_escape_string($_POST['cheight'])."',
cperiod = '".$mysqli->real_escape_string($_POST['cperiod'])."',
cmarkings = '".$mysqli->real_escape_string($_POST['cmarkings'])."',
cdescription = '".$mysqli->real_escape_string($_POST['cdescription'])."',
csource = '".$mysqli->real_escape_string($_POST['csource'])."',
cartist = '".$mysqli->real_escape_string($_POST['cartist'])."'
where c_id='".$mysqli->real_escape_string($_REQUEST['c_id'])."'";
//execute the query
if( $mysqli->query($query) ) {
//if updating the record was successful
echo "The record was updated.";
}else{
//if unable to update new record
echo "Database Error: Unable to update record.";
}
}
//select the specific database record to update
$query = "SELECT c_id, ctitle, csubject, creference, cyear, cobjecttype, cmaterial, ctechnic, cwidth, cheight, cperiod, cmarkings, cdescription, csource, cartist, cfilename
FROM collections
WHERE c_id='".$mysqli->real_escape_string($_REQUEST['c_id'])."'
limit 0,1";
//execute the query
$result = $mysqli->query( $query );
//get the result
$row = $result->fetch_assoc();
//assign the result to certain variable so our html form will be filled up with values
$c_id = $row['c_id'];
$ctitle = $row['ctitle'];
$csubject = $row['csubject'];
$creference = $row['creference'];
$cyear = $row['cyear'];
$cobjecttype = $row['cobjecttype'];
$cmaterial = $row['cmaterial'];
$ctechnic = $row['ctechnic'];
$cwidth = $row['cwidth'];
$cheight = $row['cheight'];
$cperiod = $row['cperiod'];
$cmarkings = $row['cmarkings'];
$cdescription = $row['cdescription'];
$csource = $row['csource'];
$cartist = $row['cartist'];
$cfilename = $row['cfilename'];
?>
<!--we have our html form here where new object information will be entered-->
<table align=left>
<tr>
<td> <?php echo '<img src="./images/'.$cfilename.'" width="300" height="400" />'; ?> </td>
</tr>
<table>
<form action='#' method='post' border='0'>
<table>
<tr>
<td>TITLE</td>
<td><input type='text' name='ctitle' value='<?php echo $ctitle; ?>' /></td>
</tr>
<tr>
<td>SUBJECT</td>
<td><input type='text' name='csubject' value='<?php echo $csubject; ?>' /></td>
</tr>
<tr>
<td>REFERENCE No.</td>
<td><input type='text' name='creference' value='<?php echo $creference; ?>' /></td>
</tr>
<tr>
<td>YEAR</td>
<td><input type='text' name='cyear' value='<?php echo $cyear; ?>' /></td>
<tr><td>OBJECT TYPE</td>
<td>
<select name="cobjecttype" id="cobjecttype" tabindex="">
<option value="">---Select object type---</option>
<option value="ceramic">Ceramic</option>
<option value="clock">Clock</option>
<option value="gold">Gold and silverware</option>
<option value="mask">Mask</option>
<option value="painting">Painting</option>
<option value="sculpture">Sculpture</option>
<option value="tapestry">Tapestry</option>
</select>
</td></tr>
<tr><td>MATERIAL USED</td>
<td>
<select name="cmaterial" id="cmaterial" tabindex="" >
<option value="">---Select Material---</option>
<option value="brass">Brass</option>
<option value="oil">Oil</option>
<option value="wood">Wood</option>
<option value="carved">Canvas/Cotton/Fabric/Linen/Wool</option>
</select>
</td></tr>
<tr><td>TECHNIC</td>
<td>
<select name="ctechnic" id="ctechnic" tabindex="7" >
<option value="">---Select Technic---</option>
<option value="cast">Cast</option>
<option value="carved">Carved</option>
<option value="etched">Etched</option>
</select>
</td></tr>
<tr>
<td>WIDTH</td>
<td width="100"><input name="cwidth" type="text" id="cwidth" value="<?php echo $cwidth; ?>" size="10"></td>
</tr>
<tr>
<td>HEIGHT</td>
<td width="100"><input name="cheight" type="text" id="cheight" value="<?php echo $cheight; ?>" size="10"></td>
</tr>
<tr>
<td>PERIOD</td>
<td width="100"><input name="cperiod" type="text" id="cperiod" value="<?php echo $cperiod; ?>" size="30"></td>
</tr>
<tr>
<td>MARKINGS</td>
<td width="100"><input name="cmarkings" type="text" id="cmarkings" value="<?php echo $cmarkings; ?>" size="30"></td>
</tr>
<tr>
<td>DESCRIPTION</td>
<td width="400"><textarea name="cdescription" rows="2" cols="50" id="cdescription" value="<?php echo $cdescription; ?>"></textarea></td></tr>
<tr>
<td>SOURCE</td>
<td width="100"><input name="csource" type="text" id="csource" value="<?php echo $csource; ?>" size="30"></td>
</tr>
<tr>
<td>ARTIST</td>
<td width="100"><input name="cartist" type="text" id="cartist" value="<?php echo $cartist; ?>" size="30"></td>
</tr>
<td></td>
<td>
<!-- so that we could identify what record is to be updated -->
<input type='hidden' name='c_id' value='<?php echo $c_id ?>' />
<!-- we will set the action to update -->
<input type='hidden' name='action' value='update' />
<input type='submit' value='Save' />
<a href='gallery.php'>Back to display page</a>
</td>
</tr>
</table>
</form>
Can someone help to identify what the problem is?
Such problem occur when you dont validate your POST data correctly. In your code, you are updating your records directly, by using mysql_real_escape_string($variable). But although this might fix some security issues will not validated every data if it is present or not.
Validate your variables to be present and hold data before updating to the query.
you post a form with the method POST, but get the c_id with $_GET
change it to $_POST['c_id'] or $_REQUEST['c_id'] ...
I need to pass back a large string of results to a form, so that the form can read those results from the URL and then populate the form with them. Problem is, the link ends up being:
&key=value&key=value ... until it can't process anymore (I assume a URL has a length limit?) resulting in my form not being able to fully populate. I need another way to pass values back to my form file.
VIEW.php file (basically just a table of values right as they are from the database, with the first column "id" being a link. When I click on "id", it goes back to my add.php(form page) and populates the form with the data matching that id)
<table border="0" cellpadding="0" cellspacing="0" id="table">
<thead>
<tr>
<th>ID</th>
<th>NAME</th>
<th>MANUFACTURER</th>
<th>MODEL</th>
<th>DESCRIPTION</th>
<th>ON HAND</th>
<th>REORDER</th>
<th>COST</th>
<th>PRICE</th>
<th>SALE</th>
<th>DISCOUNT</th>
<th>DELETED</th>
<th></th>
</tr>
</thead>
<tbody>
<?php } ?>
<?php
// loop to fetch data
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td>
<a href='molszewski1_a2_add.php'>$row[id]</a></td>";
echo "<td>$row[name]</td>";
echo "<td>$row[manufac]</td>";
echo "<td>$row[model]</td>";
echo "<td>$row[descrip]</td>";
echo "<td>$row[onhand]</td>";
echo "<td>$row[reorder]</td>";
echo "<td>$row[cost]</td>";
echo "<td>$row[price]</td>";
echo "<td>$row[sale]</td>";
echo "<td>$row[discont]</td>";
echo "<td>$row[deleted]</td>";
$status = "$row[deleted]";
echo "<td><a href='molszewski1_a2_delete.php?id=$row[id]&flag=$status&sort=$sort'>";
$status = "$row[deleted]";
if ($status == 'n') {
$flag = "restore";
echo "delete";
} else if ( $status == 'y') {
$flag = "delete";
echo "restore";
}
echo "</a></td>";
echo "</tr>";
} ?>
<?php { ?>
</tbody>
</table>
ADD.php (form page where the form is supposed to fetch the data and populate it)
<?php
// If no form has been submitted, present form
if (empty($_GET))
{
add_form();
}
// if a form has been submitted
else
{
// if form_validity() == 1, proceed to connect
if (form_validity() == 1)
{
// connect to mysql + database
connect();
$saleItem = "n";
$discountItem = "n";
if( array_key_exists( 'saleItem', $_GET ) && $_GET['saleItem'] == 'y' )
{ $saleItem = "y"; }
if( array_key_exists( 'discountItem', $_GET ) && $_GET['discountItem'] == 'y' )
{ $discountItem = "y"; }
// get values from form, insert into database
$sql=("INSERT INTO inventory (name,
manufac,
model,
descrip,
onhand,
reorder,
cost,
price,
sale,
discont,
deleted)
VALUES ('$_GET[itemName]',
'$_GET[manufacturer]',
'$_GET[model]',
'$_GET[description]',
'$_GET[numberOnHand]',
'$_GET[reorderLevel]',
'$_GET[cost]',
'$_GET[sellingPrice]',
'$saleItem',
'$discountItem', 'n')");
// if the query doesn't work, display error message
if (!(mysql_query($sql))) { die ("could not query: " . mysql_error()); }
add_form();
// redirect to view.php after form submission
// use php instead
echo "<meta http-equiv='REFRESH' content='0;url=molszewski1_a2_view.php'>";
}
else
{
// if form is not valid (form_validity returns 0), display error messages
add_form();
}
}
?>
FUNCTIONS.php (all my functions for stuff like the form)
<?php function page_navigation(){ ?>
<div class="center">
<input type="button" value="ADD" />
<input type="button" value="VIEW" />
<input type="button" value="VIEW DELETED" />
<input type="button" value="VIEW ACTIVE" />
<br />
<br />
</div>
<?php } ?>
<?php function add_form() { ?>
<form action="molszewski1_a2_add.php" method="get" id="form">
<table width="529px">
<tr>
<td>ITEM NAME</td>
<td><input name="itemName" size="30" type="text" value="<?php echo $_GET["itemName"] ?>"/></td>
</tr>
<tr>
<td>MANUFACTURER</td>
<td><input name="manufacturer" size="30" type="text" value="<?php echo $_GET["manufacturer"] ?>"/></td>
</tr>
<tr>
<td>MODEL</td>
<td><input name="model" size="30" type="text" value="<?php echo $_GET["model"] ?>"/></td>
</tr>
<tr>
<td>DESCRIPTION</td>
<td><textarea name="description" rows="3" cols="20"><?php echo $_GET["description"] ?></textarea></td>
</tr>
<tr>
<td>ON HAND</td>
<td><input name="numberOnHand" size="30" type="text" value="<?php echo $_GET["numberOnHand"] ?>"/></td>
</tr>
<tr>
<td>REORDER LEVEL</td>
<td><input name="reorderLevel" size="30" type="text" value="<?php echo $_GET["reorderLevel"] ?>"/></td>
</tr>
<tr>
<td>COST</td>
<td><input name="cost" size="30" type="text" value="<?php echo $_GET["cost"] ?>"/></td>
</tr>
<tr>
<td>SELLING PRICE</td>
<td><input name="sellingPrice" size="30" type="text" value="<?php echo $_GET["sellingPrice"] ?>"/></td>
</tr>
<tr>
<td>SALE ITEM</td>
<td>
<input type="checkbox" name="saleItem" value="y" <?php if( isset( $_GET['saleItem'] ) ){ ?> checked="checked" <?php } ?> />
</td>
</tr>
<tr>
<td>DISCOUNTED ITEM</td>
<td>
<input type="checkbox" name="discountItem" value="y" <?php if( isset( $_GET['discountItem'] ) ){ ?> checked="checked" <?php } ?> />
</td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="save" name="submit" id="submit" /></td>
</tr>
</table>
</form>
<?php } ?>
Use method="post" and $_POST (instead of $_GET).
POST requests can be much larger than GET requests as GET requests are limited by the maximum length of a URL. POST requests are limited by the size of the max_post_size ini-value which is usually a few megabytes.