G'Day
I have a php page that I want to edit an entry but for the life of me I can not figure out why it is coming up with this erro.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= po_postcode = '4060', email ='-', phone = '732997688', fax = '' WHERE id='1'' at line 1
HELP I am desperate and going insane. (Similar Code works on another page but not this one)....
Can someone PLEASE HELP.
{
<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<table width="347" border="0" align="center">
<tr valign="baseline">
<td align="right" nowrap="nowrap"><p align="center"><img src="hartwell_banner.JPG" width="624" height="134" /></p>
</tr>
</table>
<table align="center">
<tr valign="baseline">
<td width="290" align="right" nowrap="nowrap"><div align="left"><h2 align="left"><p align="left">Enter a New Contact</p></h2></div></td>
<td width="290" align="center" nowrap="nowrap"><div align="left"><h2 align="center"><p align="center">Return to Index</p>
</h2>
</div></td>
</tr>
</table>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<table align="center">
<tr valign="baseline">
<td width="98" align="right" nowrap="nowrap"><div align="left">ID:</div></td>
<td width="329"><input type="text" name="id" value="<?php echo $id; ?>" size="40" readonly = "readonly" /> * </td>
</tr>
<tr valign="baseline">
<td width="98" align="right" nowrap="nowrap"><div align="left">Name:</div></td>
<td width="329"><input type="text" name="name" value="<?php echo $name; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Street </div></td>
<td><input type="text" name="po_street" value="<?php echo $po_street; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Suburb</div></td>
<td><Input type ="text" name="po_suburb" value="<?php echo $po_suburb; ?> " size="30" maxlength="50" >*</td>
<tr valign="baseline">
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">State</div></td>
<td><Input type ="text" name="po_state" value="<?php echo $po_state; ?>" size="5" maxlength="3" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Postcode</div></td>
<td><Input type ="text" name="po_postcode" value="<?php echo $po_postcode; ?>" size="5" maxlength="4"/> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Email:</div></td>
<td><input type="text" name="email" value="<?php echo $email; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Phone:</div></td>
<td><input name="phone" type="text" value="<?php echo $phone; ?>" size="12" maxlength="10" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Fax:</div></td>
<td><input name="fax" type="text" value="<?php echo $fax; ?>" size="12" maxlength="10" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </td>
<td> <input type="submit" name="submit" value="Submit"> * Denotes Required Field<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?> </td>
</tr>
<tr valign="baseline">
<td colspan="2" align="right" nowrap="nowrap"><div align="center"><img src="hartwell_costs.JPG" alt="" width="340" height="147" /></div></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (isset($_POST['id']))
{
// get form data, making sure it is valid
$id = mysql_real_escape_string(htmlspecialchars($_POST['id']));
$name = mysql_real_escape_string(htmlspecialchars($_POST['name']));
$po_street = mysql_real_escape_string(htmlspecialchars($_POST['po_street']));
$po_suburb = mysql_real_escape_string(htmlspecialchars($_POST['po_suburb']));
$po_state = mysql_real_escape_string(htmlspecialchars($_POST['po_state']));
$po_postcode = mysql_real_escape_string(htmlspecialchars($_POST['po_postcode']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$phone = mysql_real_escape_string(htmlspecialchars($_POST['phone']));
// check that firstname/lastname fields are both filled in
if ($id == '' || $name == '' || $po_street == '' || $po_suburb == ''|| $po_state == '' || $po_postcode == ''|| $email == '' || $phone == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax, $error);
}
else
{
// save the data to the database
mysql_select_db($database_hartwell, $hartwell);
mysql_query("UPDATE contact SET id= '$id', name='$name', po_street ='$po_street', po_suburb = '$po_suburb', po_state = '$po_state', = po_postcode = '$po_postcode', email ='$email', phone = '$phone', fax = '$fax' WHERE id='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
{
//if the 'id' isn't valid, display an error
echo 'ID Not Valid!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
mysql_select_db($database_hartwell, $hartwell);
$result = mysql_query("SELECT * FROM contact WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$id = $row['id'];
$name = $row['name'];
$po_street = $row['po_street'];
$po_suburb = $row['po_suburb'];
$po_state = $row['po_state'];
$po_postcode = $row['po_postcode'];
$email = $row['email'];
$phone = $row['phone'];
$fax = $row['fax'];
// show form
renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax,'');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'No ID Value!';
}
}
?>
The error is right there in your query, just like the error message says:
, = po_postcode = '$po_postcode',
^
|
+ this doesn't belong here
remove the equal sign here:
'$po_state', = po_postcode
mysql_query("UPDATE contact SET id= '$id', name='$name', po_street ='$po_street', po_suburb = '$po_suburb', po_state = '$po_state', po_postcode = '$po_postcode', email ='$email', phone = '$phone', fax = '$fax' WHERE id='$id'")
So the problem is here = po_postcode = '$po_postcode',
Related
I have weird problem which is when i run update function it was successfully executed & i check at mysql database it was updated. However, after a few minutes the value at mysql database reverting to original value (before update).
As i can see my codes seems OK because i can update the value at mysql database but somehow maybe its related with $_SESSION which is i am not familiar with. Below is my code:-
<?php session_start();
$staff_no=$_SESSION['staff_no'];
$user_name=$_SESSION['user_name'];
$pass=$_SESSION['pass'];
$level=$_SESSION['level'];
include("../connect.php");
include ("../session.php");
$today=date('Y-m-d');
$VendorID=$_GET['vendorid'];
if($submit=isset($_POST['submit']))
{
$VendorID=isset($_POST['VendorID']) ? $_POST['VendorID'] : '';
$CompanyName=isset($_POST['CompanyName']) ? $_POST['CompanyName'] : '';
$Address=isset($_POST['Address']) ? $_POST['Address'] : '';
$TelephoneNo=isset($_POST['TelephoneNo']) ? $_POST['TelephoneNo'] : '';
$FacsimileNo=isset($_POST['FacsimileNo']) ? $_POST['FacsimileNo'] : '';
$URL=isset($_POST['URL']) ? $_POST['URL'] : '';
$RegisterDate=isset($_POST['RegisterDate']) ? $_POST['RegisterDate'] : '';
$status=isset($_POST['status']) ? $_POST['status'] : '';
$region=isset($_POST['region']) ? $_POST['region'] : '';
$sql2 = "UPDATE vendor SET VendorID='$VendorID',CompanyName='$CompanyName',Address='$Address',TelephoneNo='$TelephoneNo',
FacsimileNo='$FacsimileNo',URL='$URL',RegisterDate='$RegisterDate',status='$status',region='$region'
WHERE VendorID='$VendorID'";
if(#mysqli_query($con, $sql2))
{
echo "<script type='text/javascript'>\n";
echo "alert('Successfully edit data');\n";
echo "</script>";
echo "<script>window.navigate('vendordetails_add.php?vendorid=$VendorID')</script>";
}
else
echo 'the data failed to edit'.mysqli_error();
}//if isset submit
$sql =mysqli_query($con, "SELECT * FROM vendor WHERE VendorID='$VendorID'");
$row = mysqli_fetch_array($sql);
$id=$row['id'];
$VendorID=$row['VendorID'];
$CompanyName=$row['CompanyName'];
$Address=$row['Address'];
$TelephoneNo=$row['TelephoneNo'];
$FacsimileNo=$row['FacsimileNo'];
$URL=$row['URL'];
$RegisterDate=$row['RegisterDate'];
$status=$row['status'];
$region=$row['region'];
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
</head>
<body>
<form name="vendor_edit" enctype="multipart/form-data" method="post" action="<?php $_SERVER['PHP_SELF'] ?>">
<input type="hidden" name="VendorID" value="<?php echo $VendorID; ?>" />
<input type="hidden" name="status" value="<?php echo $status; ?>" />
<table width="784" border="0" align="center" cellpadding="0" cellspacing="0">
<tr>
<td height="80" valign="top">
<table width="100%" border="0" cellpadding="0" cellspacing="0" background="../image/center.jpg">
<tr>
<td height="20" valign="top"> </td>
<td width="81" valign="top" class="txt">Company</td>
<td colspan="2" valign="top"><input name="CompanyName" type="text" class="text" id="CompanyName" size="50" value="<?php echo $CompanyName; ?>"/></td>
</tr>
<tr>
<td height="60" valign="top"> </td>
<td valign="top" class="txt">Address</td>
<td colspan="2" valign="top"><textarea name="Address" cols="40" rows="4" class="txt" id="Address"><?php echo $Address; ?></textarea></td>
</tr>
<tr>
<td height="21" valign="top"> </td>
<td valign="top" class="txt">Telephone No</td>
<td colspan="2" valign="top"><input name="TelephoneNo" type="text" class="text" id="TelephoneNo" size="15" value="<?php echo $TelephoneNo; ?>"/></td>
</tr>
<tr>
<td height="21" valign="top"> </td>
<td valign="top" class="txt"> Fax No</td>
<td colspan="2" valign="top"><input name="FacsimileNo" type="text" class="text" id="FacsimileNo" size="15" value="<?php echo $FacsimileNo; ?>"/></td>
</tr>
<tr>
<td height="21" valign="top"> </td>
<td valign="top" class="txt">Website</td>
<td colspan="2" valign="top"><input name="URL" type="text" class="text" id="URL" size="30" value="<?php echo $URL; ?>"/></td>
</tr>
<tr>
<td height="21" valign="top"> </td>
<td valign="top" class="txt">Region</td>
<td colspan="2" valign="top">
<select name=region id="region">
<option value="Malaysia"<?php if ($region=='Malaysia'){ ?> selected="yes" <?php } ?> >Malaysia </option>
<option value="International"<?php if ($region=='International'){?> selected="yes" <?php } ?> >International</option>
</select></td>
</tr>
<tr>
<td height="21" valign="top"> </td>
<td valign="top" class="txt">Status</td>
<td colspan="2" valign="top">
<select name=status id="status">
<option value="Active"<?php if ($status=='Active'){ ?> selected="yes" <?php } ?> >Active </option>
<option value="KIV"<?php if ($status=='KIV'){?> selected="yes" <?php } ?> >KIV</option>
<option value="Reconsider"<?php if ($status=='Reconsider'){?> selected="yes" <?php } ?> >Reconsider</option>
</select></td>
</tr>
<tr>
<td height="21" valign="top"> </td>
<td valign="top" class="txt">Register Date</td>
<td colspan="2" valign="top"><input name="RegisterDate" type="text" class="text" id="RegisterDate" value="<?php echo $RegisterDate; ?>" size="15"/></td>
</tr>
<tr>
<td height="21" valign="top"> </td>
<td valign="top"> </td>
<td colspan="2" width="613" valign="top">
<input type="submit" name="submit" class="text" value="Update" />
<input type="button" name="back" value="Back" class="text" onClick="window.history.back(); return false;" /></td>
</tr>
</td>
</table>
</form>
</body>
</html>
Another page that involve $status is vendor_add.php :-
<?php
session_start();
$staff_no=$_SESSION['staff_no'];
$user_name=$_SESSION['user_name'];//call session back
$pass=$_SESSION['pass'];
$level=$_SESSION['level'];
include("../connect.php");
include ("../session.php");
$today=date('Y/m/d');
if($submit=isset($_POST['submit']))
{
$sql=mysqli_query($con, "SELECT VendorID FROM vendor ORDER BY VendorID DESC LIMIT 1");
$row=mysqli_fetch_array($sql);
$temp=$row['VendorID'];
$VendorID=$temp + 1;
$today=date('Y-m-d');
$CompanyName=isset($_POST['CompanyName']) ? $_POST['CompanyName'] : '';
$Address=isset($_POST['Address']) ? $_POST['Address'] : '';
$TelephoneNo=isset($_POST['TelephoneNo']) ? $_POST['TelephoneNo'] : '';
$FacsimileNo=isset($_POST['FacsimileNo']) ? $_POST['FacsimileNo'] : '';
$URL=isset($_POST['URL']) ? $_POST['URL'] : '';
$RegisterDate=isset($_POST['RegisterDate']) ? $_POST['RegisterDate'] : '';
$region=isset($_POST['region']) ? $_POST['region'] : '';
$sql2 = "INSERT INTO vendor(VendorID,CompanyName,Address,TelephoneNo,FacsimileNo,URL,RegisterDate,region,status)VALUES
('$VendorID','$CompanyName','$Address','$TelephoneNo','$FacsimileNo','$URL','$RegisterDate','$region','active')";
if(mysqli_query($con, $sql2))
{
echo "<script type='text/javascript'>\n";
echo "alert('Successfully add data');\n";
echo "</script>";
echo "<script>window.navigate('vendordetails_add.php?vendorid=$VendorID')</script>";
}
else
echo 'the data could not be added'.mysqli_error();
}//if isset submit
mysqli_close($con);
?>
And also my connect.php :-
<?php
//connection to database
//must include this file in every file to undeny data access
$dbuser = "root";
$dbserver = "localhost";
$dbpass = "mypass123";
$dbname = "vendor";
$con= new mysqli($dbserver, $dbuser, $dbpass) or die ("UNABLE TO CONNECT TO DATABASE");
mysqli_select_db($con, $dbname) or die ("UNABLE TO SELECT DATABASE");
?>
sorry for the trouble. i found the culprit of my headache. The script was developed by ex-staff. I discovered there was autorun.php script included in index.php.
autorun.php will automatically put the status of vendor either "Active", "KIV" & "Reconsider" based on timeframe specified in the script. Thats why everytime i update the status it will revert back to "Active" after a few minutes.
Anyhow thanks for ur help..!!
If you use InnoDB-tables, which support transactions, each operation on one of these tables starts an implicit transaction if you do not have an explicit transaction started.
https://dev.mysql.com/doc/refman/5.7/en/commit.html
As long as you are within the same session (keywords "connection pooling" and "connection timeout"), your changes are visible to you, but to nobody else. When your connection finally times out, the transaction is rolled back instead of commited. This is true because you never close your session here.
To make your changes permanent, you have 3 options:
Cast a commit after your operation
Set implicit commit and close your session properly
Use for example MyISAM tables (though they lack the use of foreign key constraints)
In general, you should:
close your result sets properly (mysqli_free_result)
make sure your connection gets closed properly whenever your script terminates
make sure all of your transaction details are set up properly, otherwise you will run into locking issues
This should solve your problem, at the end of your whole php script part (before the ?>), do the following:
mysqli_free_result($con, $sql);
mysqli_query($con, "COMMIT");
mysqli_close($con);
customer_register.php
<?php
session_start();
?>
<form action="customer_register.php" method="post" enctype="multipart/form-data">
<?php
if (isset($_POST['c_name']) && isset($_POST['c_email']) && isset($_POST['c_usrname']) && isset($_POST['c_password']) && isset($_POST['c_country']) && isset($_POST['c_city']) && isset($_POST['c_contact']) && isset($_POST['c_address']) && isset($_FILES['c_image']['name'])) {
$c_ip_add = getIp();
$c_name = $_POST['c_name'];
$c_email = $_POST['c_email'];
$c_username = $_POST['c_usrname'];
$c_password = $_POST['c_password'];
$c_country = $_POST['c_country'];
$c_city = $_POST['c_city'];
$c_contact = $_POST['c_contact'];
$c_address = $_POST['c_address'];
$c_image = #$_FILES['c_image']['name'];
$c_tmp_name = #$_FILES['c_image']['tmp_name'];
$location = 'customer/customer_images/';
if (!empty($c_name) && !empty($c_email) && !empty($c_username) && !empty($c_password) && !empty($c_country) && !empty($c_city) && !empty($c_contact) && !empty($c_address) && !empty($c_image)) {
move_uploaded_file($c_tmp_name, $location.$c_image);
$select_user = "SELECT customers_username FROM customers WHERE customers_username = '$c_username'";
$run_select_user = mysqli_query($conn, $select_user);
if (mysqli_num_rows($run_select_user) == NULL) {
$insert_customer = "INSERT INTO customers(customers_ip, customers_name, customers_email, customers_username, customers_pass, customers_country, customers_city, customers_contact, customers_address, customers_image) VALUES ('$c_ip_add', '$c_name', '$c_email', '$c_username', '$c_password', '$c_country', '$c_city', '$c_contact', '$c_address', '$c_image')";
$run_insert_customer = mysqli_query($conn, $insert_customer);
$select_cart = "SELECT * FROM cart WHERE ip_add = '$c_ip_add'";
$run_select_cart = mysqli_query($conn, $select_cart);
$check_cart = mysqli_num_rows($run_select_cart);
if ($check_cart == 0) {
$_SESSION['customer_email'] = $c_email;
$_SESSION['username'] = $c_username;
echo '<script>alert("Account has been successfully created")</script>';
echo '<script>window.open("customer/my_account.php","_self")</script>';
} else {
$_SESSION['customer_email'] = $c_email;
$_SESSION['username'] = $c_username;
echo '<script>alert("Account has been successfully created")</script>';
echo '<script>window.open("checkout.php","_self")</script>';
}
} else {
echo "<div align='center' style='color:white; font-size:20px; padding:20px 0px;'><b>The Username already exists. Please try another username.</b></div>";
}
} else {
echo "<div align='center' style='color:white; font-size:20px; padding:20px 0px;'><b>All Fileds are required</b></div>";
}
}
?>
<table align="center" width="750">
<thead>
<tr align="center">
<th colspan="3"><h1>Create an Account</h1></th>
</tr>
</thead>
<tbody>
<tr>
<td id="label" align="right">Name:</td>
<td><input type="text" name="c_name" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Email:</td>
<td><input type="text" name="c_email" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Username:</td>
<td><input type="text" name="c_usrname" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Password:</td>
<td><input type="password" name="c_password" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Image:</td>
<td><input type="file" name="c_image" required></td>
</tr>
<tr>
<td id="label" align="right">Country:</td>
<td>
<select name="c_country">
<option size="50">Select Country</option>
<?php countries(); ?>
</select>
</td>
</tr>
<tr>
<td id="label" align="right">City:</td>
<td><input type="text" name="c_city" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Contact:</td>
<td><input type="text" name="c_contact" size="40" required></td>
</tr>
<tr>
<td id="label" align="right">Address:</td>
<td><input type="text" name="c_address" size="40" required></td>
</tr>
<tr align="center">
<td colspan="3"><input type="submit" name="register" value="Create Account"></td>
</tr>
</tbody>
</table>
</form>
customer_login.php
<?php
session_start();
?>
<form method="post" action="">
<table width="500" align="center" bgcolor="skyblue">
<thead>
<tr align="center">
<th colspan="4"><h2>Login or Register to Buy!</h2></th>
</tr>
</thead>
<tbody>
<tr>
<td align="right"><b>Email:</b></td>
<td><input type="text" name="email" placeholder="Enter Email"></td>
</tr>
<tr>
<td align="right"><b>Password:</b></td>
<td><input type="password" name="pass" placeholder="Enter Password"></td>
</tr>
<tr align="center">
<td colspan="4">Forgot Password?</td>
</tr>
<tr align="center">
<td colspan="3"><input type="submit" name="login" value="Login"></td>
</tr>
</tbody>
</table>
<h2 style="float:right; padding:10px;">New? Register Here</h2>
</form>
<?php
if (isset($_POST['email']) && isset($_POST['pass'])) {
$email = $_POST['email'];
$pass = $_POST['pass'];
if (!empty($email) && !empty($pass)) {
$select_id = "SELECT * FROM customers WHERE customers_email = '$email' AND customers_pass = '$pass'";
$run_select_id = mysqli_query($conn, $select_id);
foreach ($run_select_id as $details) {
$usrname = $details['customers_username'];
$id = $details['customers_id'];
}
$num_run_select = mysqli_num_rows($run_select_id);
if ($num_run_select == NULL) {
echo '<script>alert("Invalid : Email/Password combination")</script>';
exit();
}
$c_ip_add = getIp();
$select_cart = "SELECT * FROM cart WHERE ip_add = '$c_ip_add'";
$run_select_cart = mysqli_query($conn, $select_cart);
$check_cart = mysqli_num_rows($run_select_cart);
if ($num_run_select > 0 AND $check_cart == 0) {
$_SESSION['customer_email'] = $email;
$_SESSION['username'] = $usrname;
$_SESSION['id'] = $id;
echo "<script>alert('You Have Logged In Succesfully')</script>";
echo "<script>window.open('customer/my_account.php','_self')</script>";
exit();
} else {
$_SESSION['customer_email'] = $email;
$_SESSION['username'] = $usrname;
$_SESSION['id'] = $id;
echo "<script>alert('You Have Logged In Succesfully')</script>";
echo "<script>window.open('checkout.php','_self')</script>";
}
} else {
echo 'Please enter valid email ID';
}
}
?>
my_account.php
<?php
session_start();
?>
<ul id="categories">
<?php
$location = 'customer_images/';
$usr_email = $_SESSION['customer_email'];
$user_name = #$_SESSION['username'];
$usr_id = $_SESSION['id'];
$select_image = "SELECT * FROM customers WHERE customers_id = '$usr_id'";
$run_image = mysqli_query($conn,$select_image);
foreach ($run_image as $select_all_data) {
$id = $select_all_data['customers_id'];
$name = $select_all_data['customers_name'];
$username = $select_all_data['customers_username'];
$email = $select_all_data['customers_email'];
$country = $select_all_data['customers_country'];
$city = $select_all_data['customers_city'];
$contact = $select_all_data['customers_contact'];
$address = $select_all_data['customers_address'];
$image = $select_all_data['customers_image'];
echo "<li style=''><img src='$location$image' height='150' width='174' style='text-align:center; border:3px solid black; padding:4px; border-radius: 109px;'></li>";
}
?>
<li>My Orders</li>
<li>Edit Account</li>
<li>Change Password</li>
<li>Delete Account</li>
<li>Logout</li>
</ul>
</div>
<div class="content_area2">
<?php cart(); ?>
<div id="my_account_menu">
<span>
<?php
if (isset($_SESSION['customer_email'])) {
echo "Welcome <i style='color:orange;'>" . $_SESSION['username']. ' </i>';
}
?>
<?php
if (!isset($_SESSION['customer_email'])) {
echo "<a href='../checkout.php' style='color:white;'>Login</a>";
} else {
echo "<a href='../logout.php' style='color:orange;'>Logout</a>";
}
?>
</span>
</div>
<?php getIp(); ?>
<div id="products_box">
<?php
if (!isset($_GET['my_orders']) && !isset($_GET['edit_account']) && !isset($_GET['change_pass']) && !isset($_GET['delete_account'])) {
?>
<div style="text-align:center;">
<table>
<tbody>
<tr>
<td id="label">Name : </td>
<td id="detail"><?php echo #$name; ?></td>
</tr>
<tr>
<td id="label">Username (Display Name) : </td>
<td id="detail"><?php echo #$username; ?></td>
</tr>
<tr>
<td id="label">Email : </td>
<td id="detail"><?php echo #$email; ?></td>
</tr>
<tr>
<td id="label">City : </td>
<td id="detail"><?php echo #$city; ?></td>
</tr>
<tr>
<td id="label">Contact : </td>
<td id="detail"><?php echo #$contact; ?></td>
</tr>
<tr>
<td id="label">Address : </td>
<td id="detail"><?php echo #$address; ?></td>
</tr>
</tbody>
</table>
</div>
<div style="padding:20px;"><b>You can see your orders by clicking this link</b></div>
<?php
}
?>
The problem is when I login it is working fine but when I register the user it gives the error undefined
$usr_id = $_SESSION['id'];
in my_account.php and all the information about the user is not displayed
I HAVE STARTED THE SESSION
I think you forget to call session_start before to do anything, even when there is no existing session.
<?php
session_start()
// your code...
You may want to look how it works with the basic example from the session_start function
As stated within the PHP session_start documentation:
To use cookie-based sessions, session_start() must be called before outputing anything to the browser.
So you may want to include this call after PHP opening tag <?php as I wrote above
You have to initiate the session by using session_start() on every page where you want to use the session. And this is missing on my_account.php
Ex:
<?php
session_start();
// your code
nowhere in your customer_register.php file do you actually set $_SESSION['id'].
in addition to this:
there are no form tags around your register form, so its hard to see how any data is getting into the script anyway.
your'e also silencing (#) errors. If this is a learning task, which from your comments I assume it is, thats a very counterproductive thing to do.
As you only set $_SESSION['id'] in the login handing script, its not going to be available across pages unless they go through that form. Its hard to tell from your code what your'e intended user journey is, but as it stands at the moment it looks like your'e expecting them to register, then be able to see the account page as a logged in user.
Just set $_SESSION['id'] in the register script, or dispense with it entirely and use the username (seeing as you validate it as unique anyway).
Also, your'e query in the my_account.php is looking for a column customer_id which (as far as I can see) you dont actually set in the insert statement.
This is the trouble with programming, it only does what you tell it to do.
So I'm having a challenge with a subscription system that I've been building.
I'm using a simple login php page to validate the username and password of the user against the DB, once authenticated the script creates a secure session and calls the edit_subscription.php file and passes the ID of the user through the Url.
The edit_subscription.php file takes the ID and pulls the user info using MYsql
and loads their info into a form. The user can then edit or modify their subscription details and press the submit button to update the DB.
Everything works except the mysql Update back to the DB.
I've managed to narrow the problem down to the ID variable
If I hardcode the variable into the update command it works and the db is updated
If I hardcode the ID into a variable used in the update command, it works up to a point. if I move that hardcoded variable in front of line 42 the update command will no longer work.
I think it's something to do with the post command, but even when I load the old ID into a hidden form and try to have it repost for the update command it still doesn't work and treats the variable as if it's empty.
I've tried for hours to get this working, and just can seem to get it going.
anyone have any suggestions pertaining to specifically this issue
(please don't comment of security or, best practices unless it relates specifically to the issue described thanks)
<?
$id = htmlspecialchars($_GET['ID']);
$username="****";
$database="****";
$host="****";
$pass ="****";
mysql_connect($host,$username,$pass);
#mysql_select_db($database) or die( "Unable to select database");
$result = mysql_query("SELECT * FROM `****`.`****` WHERE `Subscriber ID` = '$id' LIMIT 1");
$name_old=mysql_result($result,0,"Name");
$address1_old=mysql_result($result,0,"Address 1");
$address2_old=mysql_result($result,0,"Address 2");
$city_old=mysql_result($result,0,"City");
$prov_old=mysql_result($result,0,"Prov");
$postal_old=mysql_result($result,0,"Postal");
$country_old=mysql_result($result,0,"Country");
$email_old=mysql_result($result,0,"Email");
$qty_old=mysql_result($result,0,"qty");
$status_old=mysql_result($result,0,"Status");
$ezine_old=mysql_result($result,0,"Ezine");
$mailout_old=mysql_result($result,0,"Mailout");
$password_old=mysql_result($result,0,"Password");
$nameErr = $emailErr = $passwordErr = "";
$name=$_POST['name'];
$email=$_POST['email'];
$address1=$_POST['address1'];
$address2=$_POST['address2'];
$city=$_POST['city'];
$province=$_POST['prov'];
$postal=$_POST['postal'];
$country=$_POST['country'];
$password=$_POST['password'];
$mailout=$_POST['mailout'];
$ezine=$_POST['ezine'];
$status="Subscribed";
$qty=$_POST['qty'];
if ($_SERVER["REQUEST_METHOD"] == "POST") {
if (empty($_POST["password"])) {
$passwordErr = "* Password is required";
}
if (empty($_POST["name"])) {
$nameErr = "* Name is required";
} else {
$name = test_input($_POST["name"]);
if (!preg_match("/^[a-zA-Z ]*$/",$name)) {
$nameErr = "* Invalid Characters";
}
}
if(isset($_POST['mailout'])){}
else{
$mailout="NO";
}
if(isset($_POST['ezine'])){}
else{
$ezine="NO";
}
if (empty($_POST["email"])) {
$emailErr = "* Email is required";
} else {
$email = test_input($_POST["email"]);
if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$emailErr = "* Invalid email";
}
}
if($name != NULL AND $nameErr == ""){
if($email != NULL AND $emailErr == ""){
if($password != NULL AND $passwordErr == ""){
mysql_query("UPDATE `Subscribers` SET
`Name` ='$name',
`Email` = '$email',
`Address 1` = '$address1',
`Address 2` = '$address2',
`City` = '$city',
`Prov` = '$province',
`Postal` = '$postal',
`Country` = '$country',
`Password` = '$password',
`qty` = '$qty',
`Status` = '$status',
`Mailout` = '$mailout',
`Ezine` = '$ezine',
WHERE `Subscriber ID` = $id");
mysql_close();
echo ("<p align=\"center\"><font color=\"red\">Thank you for updating your subscription, you should receive an email confirmation shortly</font></p>");
}
}
}
}
function test_input($data) {
$data = trim($data);
$data = stripslashes($data);
$data = htmlspecialchars($data);
return $data;
}
?>
<form method="post" action="<?php echo htmlspecialchars($_SERVER["PHP_SELF"]);?>">
<table width="100%" border="0">
<tr>
<td width="11%" align="right">Name</td>
<td width="3%"> </td>
<td width="47%"><input type="text" name="name" value="<?php echo $name_old;?>">
<font color="red"> <?php echo $nameErr;?></font></td>
<td width="39%" bgcolor="#CCCCCC"><input type="checkbox" name="ezine" value="YES"
<? if($ezine_old =="YES"){echo "checked";} ?>>
Subscribe by email</td>
</tr>
<tr>
<td width="11%" align="right">Address 1</td>
<td> </td>
<td width="47%"><input type="text" name="address1" value="<?php echo $address1_old;?>"></td>
<td bgcolor="#CCCCCC"><input type="checkbox" name="mailout" value="YES" <? if($mailout_old =="YES"){echo "checked";} ?>>
Subscribe by Post </td>
</tr>
<tr>
<td width="11%" align="right">Address 2</td>
<td> </td>
<td width="47%"><input type="text" name="address2" value="<?php echo $address2_old;?>"></td>
<td bgcolor="#CCCCCC"><input type="text" name="qty" value="<?php echo $qty_old;?>" size="5">
# of copies.</td>
</tr>
<tr>
<td align="right">City</td>
<td> </td>
<td><input type="text" name="city" value="<?php echo $city_old;?>"></td>
<td> </td>
</tr>
<tr>
<td align="right">Province</td>
<td> </td>
<td><input type="text" name="prov" value="<?php echo $prov_old;?>" >
<td> </td>
</tr>
<tr>
<td align="right">Postal</td>
<td> </td>
<td><input type="text" name="postal"value="<?php echo $postal_old;?>" ></td>
<td></td>
</tr>
<tr>
<td align="right">Country</td>
<td> </td>
<td><input type="text" name="country" value="<?php echo $country_old;?>" ></td>
<td> </td>
</tr>
<tr>
<td align="right">Email</td>
<td> </td>
<td colspan="2"><input type="text" name="email" value="<?php echo $email_old;?>">
<font color="red"><?php echo $emailErr;?></font></td>
</tr>
<tr>
<td align="right">Password</td>
<td> </td>
<td colspan="2"><input type="password" name="password" value="<?php echo $password_old;?>">
<font color="red"> <?php echo $passwordErr;?></font></td>
</tr>
<tr>
<td align="right"> </td>
<td> </td>
<td> </td>
<td></td>
</tr>
<tr>
<td align="right"> </td>
<td><img src="images/shim.png" width="20" height="20" /></td>
<td><input type="Submit" ></td>
<td> </td>
</tr>
</table>
<p> </p>
</form>
There is a comma after
Ezine = '$ezine' ,
Remove it. Also you shall also use mysqli extension or PDO sql . mysql_ is deprecated
As you said, there is a lot wrong with that code.. however to satisfy your question here is the simple answer:
You left an extra comma in your update statement.
`Ezine` = '$ezine',
In the future try always checking if the query went through.
$result = mysql_query(..);
if($result) {
// it worked
} else {
// it failed
echo mysql_error(); // or mysqli_error($link); or $link->error, etc.
}
Best of luck
I wonder is it possible to keep the user input inside form field after form submitted, so that the user can update the entry. I've a html registration form [with some JS validation], then a php file to insert data to sql & meanwhile display back the inserted data in a table view. i also include the form's html code in php file so i can see the form after being submitted. but i couldn't keep the data in the field after form submitted! here is the form:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascript">
<!--
function validateNum(evt) {
var theEvent = evt;
var key = theEvent.keyCode || theEvent.which;
key = String.fromCharCode( key );
var regex = /[0-9]/;
if( !regex.test(key) ) {
theEvent.returnValue = false;
if(theEvent.preventDefault) theEvent.preventDefault();
}
}
function validate(evt){
if( document.myForm.ic.value == ""){
alert( "IC Number cann't be empty!" );
document.myForm.ic.focus() ;
return false;}
else if(isNaN( document.myForm.ic.value ) || document.myForm.ic.value.length != 12){
evt.preventDefault();
alert( "Please provide your correct IC Number!" );
document.myForm.ic.focus() ;
return false;}
if( document.myForm.name.value == "") {
alert( "Name cann't be empty!" );
document.myForm.name.focus() ;
return false;
}
if( document.myForm.contact.value == ""){
alert( "Contact number cann't be empty!");
document.myForm.contact.focus() ;
return false;
} else if(isNaN( document.myForm.contact.value ))
{
evt.preventDefault();
alert( "Please provide your correct Contact Number!" );
document.myForm.contact.focus() ;
return false;
}
if( document.myForm.address.value == "" ){
alert( "Please provide your Address!" );
document.myForm.address.focus() ;
return false;
}
}
//-->
</script>
</head>
<style type="text/css">
h2 {
color: #06C;
}
body {
background-color: #FFC;
}
</style>
<body>
<form name="myForm" method="post" action="insert.php" onsubmit="return(validate(event));">
<div align="center"><br>
<table width="453" border="0">
<tr>
<th colspan="4" bgcolor="#99FFFF" scope="col">
<h3>Workshop Name: PHP! </h3></th>
</tr>
<tr bgcolor="#99FF99">
<td width="142"> IC Number</td>
<td width="15"><div align="center">:</div></td>
<td colspan="2"><div align="right">
<input
name="ic" type="text" id="ic" maxlength="12" size="45" onkeypress='validateNum(event)'/>
</div></td>
</tr>
<tr bgcolor="#99FFFF">
<td>Full Name</td>
<td><div align="center">:</div></td>
<td colspan="2"><div align="right">
<input
name="name" type="text" id="name" size="45"/>
</div></td>
</tr>
<tr bgcolor="#99FF99">
<td>Contact No.</td>
<td><div align="center">:</div></td>
<td colspan="2"><div align="right">
<input
name="contact" type="text" id="contact" size="45" onkeypress='validateNum(event)' />
</div></td>
</tr>
<tr bgcolor="#99FFFF">
<td>Email</td>
<td><div align="center">:</div></td>
<td colspan="2"><div align="right">
<input
name="mail" type="text" id="mail" size="45"/>
</div></td>
</tr>
<tr bgcolor="#99FF99">
<td height="60">Address</td>
<td><div align="center">:</div></td>
<td colspan="2">
<div align="right">
<textarea name="address" id="address" cols="35" rows="3"></textarea>
</div>
</td>
</tr>
<tr bgcolor="#99FFFF">
<td colspan="2"> </td>
<td width="231"><input type="reset" value="Clear" /></td>
<td width="47"><div align="right">
<input type="submit" value="Submit" />
</div></td>
</tr>
</table>
<br>
</div>
</form>
</body>
</html>
here is the insert.php file:
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<script type="text/javascript">
<!--
function validateNum(evt) {
var theEvent = evt;
var key = theEvent.keyCode || theEvent.which;
key = String.fromCharCode( key );
var regex = /[0-9]/;
if( !regex.test(key) ) {
theEvent.returnValue = false;
if(theEvent.preventDefault) theEvent.preventDefault();
}
}
function validate(evt){
if( document.myForm.ic.value == ""){
alert( "IC Number cann't be empty!" );
document.myForm.ic.focus() ;
return false;}
else if(isNaN( document.myForm.ic.value ) || document.myForm.ic.value.length != 12){
evt.preventDefault();
alert( "Please provide your correct IC Number!" );
document.myForm.ic.focus() ;
return false;}
if( document.myForm.name.value == "") {
alert( "Name cann't be empty!" );
document.myForm.name.focus() ;
return false;
}
if( document.myForm.contact.value == ""){
alert( "Contact number cann't be empty!");
document.myForm.contact.focus() ;
return false;
} else if(isNaN( document.myForm.contact.value ))
{
evt.preventDefault();
alert( "Please provide your correct Contact Number!" );
document.myForm.contact.focus() ;
return false;
}
if( document.myForm.address.value == "" ){
alert( "Please provide your Address!" );
document.myForm.address.focus() ;
return false;
}
}
//-->
</script>
</head>
<style type="text/css">
h2 {
color: #06C;
}
body {
background-color: #FFC;
}
</style>
<body>
<form name="myForm" method="post" action="update.php" onsubmit="return(validate(event));">
<div align="center"><br>
<table width="453" border="0">
<tr>
<th colspan="4" bgcolor="#99FFFF" scope="col">
<h3>Workshop Name: PHP! </h3></th>
</tr>
<tr bgcolor="#99FF99">
<td width="142"> IC Number</td>
<td width="15"><div align="center">:</div></td>
<td colspan="2"><div align="right">
<input
name="ic" type="text" id="ic" maxlength="12" size="45" onkeypress='validateNum(event)'/>
</div></td>
</tr>
<tr bgcolor="#99FFFF">
<td>Full Name</td>
<td><div align="center">:</div></td>
<td colspan="2"><div align="right">
<input
name="name" type="text" id="name" size="45"/>
</div></td>
</tr>
<tr bgcolor="#99FF99">
<td>Contact No.</td>
<td><div align="center">:</div></td>
<td colspan="2"><div align="right">
<input
name="contact" type="text" id="contact" size="45" onkeypress='validateNum(event)' />
</div></td>
</tr>
<tr bgcolor="#99FFFF">
<td>Email</td>
<td><div align="center">:</div></td>
<td colspan="2"><div align="right">
<input
name="mail" type="text" id="mail" size="45"/>
</div></td>
</tr>
<tr bgcolor="#99FF99">
<td height="60">Address</td>
<td><div align="center">:</div></td>
<td colspan="2">
<div align="right">
<textarea name="address" id="address" cols="35" rows="3"></textarea>
</div>
</td>
</tr>
<tr bgcolor="#99FFFF">
<td colspan="2"> </td>
<td width="231"><input type="reset" value="Clear" /></td>
<td width="47"><div align="right">
<input type="submit" value="Update" />
</div></td>
</tr>
</table>
<br>
</div>
</form>
<br>
</div>
</form>
<div align="center">
<?php
if (!mysql_connect('localhost', 'root', '')) {
echo "Connected";
}
mysql_select_db("workshop");
// Get values from form
$ic = mysql_real_escape_string($_POST['ic']);
$name = mysql_real_escape_string($_POST['name']);
$contact = mysql_real_escape_string($_POST['contact']);
$mail = mysql_real_escape_string($_POST['mail']);
$address = mysql_real_escape_string($_POST['address']);
if (staff_detail_exist($ic) == "available") {
insert_staff_detail($ic, $name, $contact, $mail, $address, $paytype);
echo "<p style='text-align:center; color:green;'>" . "Workshop application successful! You will be notified shortly via E-mail after confirmation! Thank You!";
} else if (staff_detail_exist($ic) == "exist") {
echo "<p style='text-align:center; color:red;'>" . "Record already exists! Please enter another Staff ID. Thank You!" . "</p>";
}
function insert_staff_detail($ic, $name, $contact, $mail, $address, $paytype) {
$sql = "INSERT INTO apply (staffid, staffname, staffno, staffemail, staffaddress, paytype) VALUES ('$ic', '$name', '$contact', '$mail', '$address','$paytype')";
mysql_query($sql);
}
function staff_detail_exist($ic) {
$result = null;
$sql = "SELECT * FROM apply WHERE staffid = '$ic'";
$data = mysql_query($sql);
if (mysql_num_rows($data) == 0) {
$result = "available";
} else {
$result = "exist";
}
return $result;
}
$staffid = $_POST['ic'];
$con = mysql_connect("localhost", "root", "");
if (!$con) {
die('Could not connect: ' . mysql_error());
}
mysql_select_db("workshop", $con);
$result = mysql_query("SELECT * FROM apply where staffid = '$ic'");
echo "<table width=400 border=1 cellpadding=0 align=center>";
while ($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<th>Staff/IC Number: </th><td>" . "<center>" . $row['staffid'] . "</center>" . "</td>";
echo "</tr>";
echo "<th>Name: </th><td>" . "<center>" . $row['staffname'] . "</center>" . "</td>";
echo "</tr>";
echo "<th>Email: </th><td>" . "<center>" . $row['staffemail'] . "</center>" . "</td>";
echo "</tr>";
echo "<th>Contact No.: </th><td>" . "<center>" . $row['staffno'] . "</center>" . "</td>";
echo "</tr>";
echo "<th>Address: </th><td>" . "<center>" . $row['staffaddress'] . "</center>" . "</td>";
echo "</tr>";
}
echo "</table>";
mysql_close($con);
?>
</body>
</html>
I've tried to add like value="<? echo "$row['staffid']"?>" in the form's field at php file but no luck! I've only basic in php. So, any help? thank you!
thanks all, its finally working :) i've used value="<?php echo isset($_POST['myField']) ? $_POST['myField'] : 'myField_db' ?>" inside the input tag. so, its like: <input type="text" name="myField" value="<?php echo isset($_POST['myField']) ? $_POST['myField'] : 'myField_db' ?>" /> where myField is input name & myField_db is the column name from database.
Take the form posted values just above your html code like this
<?php
if (isset($_POST["submit"]) && $_POST["submit"]=='Submit') {
$name=$_POST["name"];
}
?>
And echo it in your html form.
<input name="name" type="text" id="name" size="45" value="<? echo $name?>"/>
I've used this function a few times; quite handy
function getPost($field){
return (isset($_POST[$field]) && $_POST[$field] != "" ? $_POST[$field] : "");
}
Usage
<input type="text" name="contact" value="<?php echo getPost("contact"); ?>" />
This is for the cases where a user submits information and is for some reason sent back to the form again - perhaps their entries didn't pass PHP validation, for example.
I need to pass back a large string of results to a form, so that the form can read those results from the URL and then populate the form with them. Problem is, the link ends up being:
&key=value&key=value ... until it can't process anymore (I assume a URL has a length limit?) resulting in my form not being able to fully populate. I need another way to pass values back to my form file.
VIEW.php file (basically just a table of values right as they are from the database, with the first column "id" being a link. When I click on "id", it goes back to my add.php(form page) and populates the form with the data matching that id)
<table border="0" cellpadding="0" cellspacing="0" id="table">
<thead>
<tr>
<th>ID</th>
<th>NAME</th>
<th>MANUFACTURER</th>
<th>MODEL</th>
<th>DESCRIPTION</th>
<th>ON HAND</th>
<th>REORDER</th>
<th>COST</th>
<th>PRICE</th>
<th>SALE</th>
<th>DISCOUNT</th>
<th>DELETED</th>
<th></th>
</tr>
</thead>
<tbody>
<?php } ?>
<?php
// loop to fetch data
while($row = mysql_fetch_array($result)) {
echo "<tr>";
echo "<td>
<a href='molszewski1_a2_add.php'>$row[id]</a></td>";
echo "<td>$row[name]</td>";
echo "<td>$row[manufac]</td>";
echo "<td>$row[model]</td>";
echo "<td>$row[descrip]</td>";
echo "<td>$row[onhand]</td>";
echo "<td>$row[reorder]</td>";
echo "<td>$row[cost]</td>";
echo "<td>$row[price]</td>";
echo "<td>$row[sale]</td>";
echo "<td>$row[discont]</td>";
echo "<td>$row[deleted]</td>";
$status = "$row[deleted]";
echo "<td><a href='molszewski1_a2_delete.php?id=$row[id]&flag=$status&sort=$sort'>";
$status = "$row[deleted]";
if ($status == 'n') {
$flag = "restore";
echo "delete";
} else if ( $status == 'y') {
$flag = "delete";
echo "restore";
}
echo "</a></td>";
echo "</tr>";
} ?>
<?php { ?>
</tbody>
</table>
ADD.php (form page where the form is supposed to fetch the data and populate it)
<?php
// If no form has been submitted, present form
if (empty($_GET))
{
add_form();
}
// if a form has been submitted
else
{
// if form_validity() == 1, proceed to connect
if (form_validity() == 1)
{
// connect to mysql + database
connect();
$saleItem = "n";
$discountItem = "n";
if( array_key_exists( 'saleItem', $_GET ) && $_GET['saleItem'] == 'y' )
{ $saleItem = "y"; }
if( array_key_exists( 'discountItem', $_GET ) && $_GET['discountItem'] == 'y' )
{ $discountItem = "y"; }
// get values from form, insert into database
$sql=("INSERT INTO inventory (name,
manufac,
model,
descrip,
onhand,
reorder,
cost,
price,
sale,
discont,
deleted)
VALUES ('$_GET[itemName]',
'$_GET[manufacturer]',
'$_GET[model]',
'$_GET[description]',
'$_GET[numberOnHand]',
'$_GET[reorderLevel]',
'$_GET[cost]',
'$_GET[sellingPrice]',
'$saleItem',
'$discountItem', 'n')");
// if the query doesn't work, display error message
if (!(mysql_query($sql))) { die ("could not query: " . mysql_error()); }
add_form();
// redirect to view.php after form submission
// use php instead
echo "<meta http-equiv='REFRESH' content='0;url=molszewski1_a2_view.php'>";
}
else
{
// if form is not valid (form_validity returns 0), display error messages
add_form();
}
}
?>
FUNCTIONS.php (all my functions for stuff like the form)
<?php function page_navigation(){ ?>
<div class="center">
<input type="button" value="ADD" />
<input type="button" value="VIEW" />
<input type="button" value="VIEW DELETED" />
<input type="button" value="VIEW ACTIVE" />
<br />
<br />
</div>
<?php } ?>
<?php function add_form() { ?>
<form action="molszewski1_a2_add.php" method="get" id="form">
<table width="529px">
<tr>
<td>ITEM NAME</td>
<td><input name="itemName" size="30" type="text" value="<?php echo $_GET["itemName"] ?>"/></td>
</tr>
<tr>
<td>MANUFACTURER</td>
<td><input name="manufacturer" size="30" type="text" value="<?php echo $_GET["manufacturer"] ?>"/></td>
</tr>
<tr>
<td>MODEL</td>
<td><input name="model" size="30" type="text" value="<?php echo $_GET["model"] ?>"/></td>
</tr>
<tr>
<td>DESCRIPTION</td>
<td><textarea name="description" rows="3" cols="20"><?php echo $_GET["description"] ?></textarea></td>
</tr>
<tr>
<td>ON HAND</td>
<td><input name="numberOnHand" size="30" type="text" value="<?php echo $_GET["numberOnHand"] ?>"/></td>
</tr>
<tr>
<td>REORDER LEVEL</td>
<td><input name="reorderLevel" size="30" type="text" value="<?php echo $_GET["reorderLevel"] ?>"/></td>
</tr>
<tr>
<td>COST</td>
<td><input name="cost" size="30" type="text" value="<?php echo $_GET["cost"] ?>"/></td>
</tr>
<tr>
<td>SELLING PRICE</td>
<td><input name="sellingPrice" size="30" type="text" value="<?php echo $_GET["sellingPrice"] ?>"/></td>
</tr>
<tr>
<td>SALE ITEM</td>
<td>
<input type="checkbox" name="saleItem" value="y" <?php if( isset( $_GET['saleItem'] ) ){ ?> checked="checked" <?php } ?> />
</td>
</tr>
<tr>
<td>DISCOUNTED ITEM</td>
<td>
<input type="checkbox" name="discountItem" value="y" <?php if( isset( $_GET['discountItem'] ) ){ ?> checked="checked" <?php } ?> />
</td>
</tr>
<tr>
<td colspan="2"><input type="submit" value="save" name="submit" id="submit" /></td>
</tr>
</table>
</form>
<?php } ?>
Use method="post" and $_POST (instead of $_GET).
POST requests can be much larger than GET requests as GET requests are limited by the maximum length of a URL. POST requests are limited by the size of the max_post_size ini-value which is usually a few megabytes.