UPDATE Code causing Error, but it looks fine to me: - php

Issue 2.
I am now getting an error in where the code is not inputting the actual ID number into the query...
Here is the error:
Query Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
The code has been updated to show the new code. (again) this time with a hidden script, and a few other tweaks. I've about lost hope on getting this to work.
Issue 1 Solved:
This line of code is brining back and error:
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = "$_GET['id']"";
The error is:
**Parse error: syntax error, unexpected T_VARIABLE in /home/pawz/public_html/kaboomlabs.com/testbed/edit.php on line 49**
I can't figure out why it is doing it, if someone can show me my mistake it be greatlyfully appreciated.
Ok, here is the code in it's entirety.
<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PDI NCMR - Edit</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
<div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>
<?php
$id=0;
if(isset($_GET['id']))
$id= mysqli_real_escape_string($dbc, trim($_GET['id']));
if (isset($_POST['submit'])) {
$id= mysqli_real_escape_string($dbc, trim($_POST["id"]));
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Enter data into the database
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = $id";
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// and at least use a basic mechanism to trap possibles errors
mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc));
// Confirm success with the user
echo '<p>If you wish to edit more NCMRs, please go to the admin page!</p>';
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
mysqli_close($dbc);
}
else {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['id'])) {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
else {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';
echo '<div id="box1">';
if (empty($row['ab'])) $row['ab'] = "Empty";
if (empty($row['date'])) $row['date'] = "Empty";
if (empty($row['part'])) $row['part'] = "Empty";
if (empty($row['rev'])) $row['rev'] = "Empty";
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
echo '<div id="ab"><span class="b">Added By: </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
echo '<div id="date"><span class="b">Date Filed: </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
echo '<div id="part"><span class="b">Part Number: </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
echo '<div id="rev"><span class="b">Part Revision: </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
echo '<div id="ncmrqty"><span class="b">NCMR Qty: </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
echo '</div>';
//Company, Customer NCMR, Internal RMA, and Job Number
echo '<div id="box2">';
if (empty($row['comp'])) $row['comp'] = "Empty";
if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
if (empty($row['rma'])) $row['rma'] = "Empty";
if (empty($row['jno'])) $row['jno'] = "Empty";
echo '<div id="comp"><span class="b">Company: </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
echo '<div id="ncmrid"><span class="b">Customer NCMR ID: </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
echo '<div id="rma"><span class="b">Internal RMA #: </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
echo '<div id="jno"><span class="b">Job #: </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
echo '</div>';
//Type of Failure and Class of Failure
echo '<div id="box3">';
echo '<h2>Failure</h2>';
echo '<div id="cof"><span class="b">Class of Failure: </span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>';
echo '<div id="fdt"><span class="b">Failure Due To: </span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>';
echo '</div>';
//Fabricators
echo '<div id="box4">';
echo '<h2>Fabricators</h2>';
if ($row['fab1']="--None--")
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
if ($row['fab2']="--None--")
{
echo'<div id="fab2">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab2'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
}
if ($row['fab3']="--None--")
{
echo'<div id="fab3">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab3'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
} echo '</div>';
//Nonconformity, Disposition, Comments and Comments & Additional Details
echo '<div id="box5">';
if (empty($row['non'])) $row['non'] = "Empty";
if (empty($row['dis'])) $row['dis'] = "Empty";
if (empty($row['comm'])) $row['comm'] = "Empty";
if (empty($row['caad'])) $row['caad'] = "Empty";
echo '<div id="non"><span class="b">Nonconformity: </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
echo '<div id="dis"><span class="b">Disposition: </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
echo '<div id="comm"><span class="b">Comments: </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
echo '<div id="caad"><span class="b">Comments and/or Additional Details: </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';
echo '<div id="podr">';
if (empty($row['po'])) $row['po'] ="Empty";
if (empty($row['pod'])) $row['pod'] ="Empty";
if (empty($row['dir'])) $row['dri'] ="Empty";
echo '<div id="po"><span class="b">PO: </span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>';
echo '<div id="pod"><span class="b">PO Date: </span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>';
echo '<div id="dri"><span class="b">Date Received: </span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>';
echo '</div>';
echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>";
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
echo '</div>';
?>
</body>
</html>

You need to use concatenation operator . before and after $_GET['id'] thingie. Or embed it into string:
".... WHERE id = {$_GET['id']}";
(note, that your $_GET['id'] is not sanitized and taken directly from the network input. not the best thing to do).

Your forget concatenation operators here: "$_GET['id']"", should be ".$_GET['id'].";"
Each time you see a Parse error: syntax error, the fault is on your side. You have the filename and the line number, you just have to look :-)

You have misquoted $_GET['id'] at the end:
WHERE id = "$_GET['id']"
// should be
WHERE id = '{$_GET['id']}'
However you should first escape it with mysql_real_escape_string()
$id = mysql_real_escape_string($_GET['id']);
// Then use
WHERE id = '$id'

My memory of php is getting fuzzy but this part looks wrong:
WHERE id = "$_GET['id']"";
I assume you are using double quotes there to prevent confusion with the single quotes in your variable but I would imagine you would want some kind of concatenation operator there. ie:
WHERE id = ".$_GET['id'];
Alternatively you could just do
$getid = $_GET['id']
before hand and use the simpler variable name in your expression. This would be more consistent with how you deal with the rest of the variables...

Escape getting the id off the querystring like you did for the other values. It isn't concatinating properly.

You forgot to add the operator . for string concatenation. This is how it should look:
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = ".$_GET['id'];
And, very important: Never use unverified request data in SQL queries or you will be vulnerable to MySQL injections! in this case, if the id is always an integer, adding (int) before $_GET['id'] will help:
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = ".(int)$_GET['id'];

Ok, after a lot of work, switching code around and sleepless nights I seem to of answered my own question with help here, and I gave kudos to those who did give answers that pointed me in the right direction.
Here is what I did, from the original code I changed these bits:
Lines 20 through 28: I put the accessing the database before the script, don't ask me why I didn't see this before, but I did it, a beginners mistake I am sure, but still it happens especially since I am still a beginnier.
This is the code between lines 20-28 as it looks now.
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$id= mysqli_real_escape_string($dbc, trim(0));
if(isset($_GET['id']))
$id= mysqli_real_escape_string($dbc, trim($_GET['id']));
if (isset($_POST['submit'])) {
$id= mysqli_real_escape_string($dbc, trim($_POST["id"]));
Line 54 was rewritten as suggested here.
It now is has the correct amount of quote marks on the end of it, and looks like this.
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '$id'";[/code]
I removed line 67.
This one:
echo "Query is : " . $query . "<br />";
I removed line 97 and 98.
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
That is all the edits.
Here is the complete code.
<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
<div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>
<?php
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$id= mysqli_real_escape_string($dbc, trim(0));
if(isset($_GET['id']))
$id= mysqli_real_escape_string($dbc, trim($_GET['id']));
if (isset($_POST['submit'])) {
$id= mysqli_real_escape_string($dbc, trim($_POST["id"]));
// Enter data into the database
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '$id'";
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// and at least use a basic mechanism to trap possibles errors
mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc));
// Confirm success with the user
echo '<p>If you wish to edit more NCMRs, please go to the admin page!</p>';
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
mysqli_close($dbc);
}
else {
// Grab the profile data from the database
if (!isset($_GET['id'])) {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
else {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';
echo '<div id="box1">';
if (empty($row['ab'])) $row['ab'] = "Empty";
if (empty($row['date'])) $row['date'] = "Empty";
if (empty($row['part'])) $row['part'] = "Empty";
if (empty($row['rev'])) $row['rev'] = "Empty";
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
echo '<div id="ab"><span class="b">Added By: </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
echo '<div id="date"><span class="b">Date Filed: </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
echo '<div id="part"><span class="b">Part Number: </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
echo '<div id="rev"><span class="b">Part Revision: </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
echo '<div id="ncmrqty"><span class="b">NCMR Qty: </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
echo '</div>';
//Company, Customer NCMR, Internal RMA, and Job Number
echo '<div id="box2">';
if (empty($row['comp'])) $row['comp'] = "Empty";
if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
if (empty($row['rma'])) $row['rma'] = "Empty";
if (empty($row['jno'])) $row['jno'] = "Empty";
echo '<div id="comp"><span class="b">Company: </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
echo '<div id="ncmrid"><span class="b">Customer NCMR ID: </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
echo '<div id="rma"><span class="b">Internal RMA #: </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
echo '<div id="jno"><span class="b">Job #: </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
echo '</div>';
//Type of Failure and Class of Failure
echo '<div id="box3">';
echo '<h2>Failure</h2>';
echo '<div id="cof"><span class="b">Class of Failure: </span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>';
echo '<div id="fdt"><span class="b">Failure Due To: </span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>';
echo '</div>';
//Fabricators
echo '<div id="box4">';
echo '<h2>Fabricators</h2>';
if ($row['fab1']=="--None--")
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
if ($row['fab2']="--None--")
{
echo'<div id="fab2">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab2'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
}
if ($row['fab3']="--None--")
{
echo'<div id="fab3">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab3'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
} echo '</div>';
//Nonconformity, Disposition, Comments and Comments & Additional Details
echo '<div id="box5">';
if (empty($row['non'])) $row['non'] = "Empty";
if (empty($row['dis'])) $row['dis'] = "Empty";
if (empty($row['comm'])) $row['comm'] = "Empty";
if (empty($row['caad'])) $row['caad'] = "Empty";
echo '<div id="non"><span class="b">Nonconformity: </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
echo '<div id="dis"><span class="b">Disposition: </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
echo '<div id="comm"><span class="b">Comments: </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
echo '<div id="caad"><span class="b">Comments and/or Additional Details: </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';
echo '<div id="podr">';
if (empty($row['po'])) $row['po'] ="Empty";
if (empty($row['pod'])) $row['pod'] ="Empty";
if (empty($row['dir'])) $row['dri'] ="Empty";
echo '<div id="po"><span class="b">PO: </span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>';
echo '<div id="pod"><span class="b">PO Date: </span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>';
echo '<div id="dri"><span class="b">Date Received: </span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>';
echo '</div>';
echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>";
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
echo '</div>';
?>
</body>
</html>

Related

function unable to call WHERE id = $id

I'm trying to do a multiple edit function, the code goes through but the database is not updated. I figure the problem is that at WHERE id = $id no value gets called out because if I replace $id with an actual id e.g. id = 001 the entry 001 gets updated.
This page selects which entries get edited
<?php
if (!mysqli_connect_errno($con)) {
$queryStr = "SELECT * " . "FROM crewlist";
}
$result = mysqli_query($con, $queryStr);
while ($row = mysqli_fetch_array($result)) {
if (date("Y-m-d") > $row['start_date'] && date("Y-m-d") < $row['end_date']) {
echo "<tr><th>" . "<input type = 'checkbox' name = 'checkbox2[]' value='" . $row['crew_name']. "' >" . "</th>";
echo "<th>" . "" . $row["crew_name"] . "";
echo "<th>" . $row["crew_rank"] . "</th>";
echo "<th>" . $row["start_date"] . "</th>";
echo "<th>" . $row["end_date"] . "</th>";
echo "<th>" . $row["watchkeeping"] . "</th>";
echo "<th>" . $row["active"] . "</th>";
} else {
}
}
?>
This is the edit page
<?php include 'header.php'; ?>
<div id="container4"><?php
require ("dbfunction.php");
$con = getDbConnect();
$checkbox2 = $_POST['checkbox2'];
if (!mysqli_connect_errno($con)) {
$str = implode($checkbox2);
$queryStr = "SELECT * " .
"FROM crewlist WHERE ($str) && crew_id";
}
$result = mysqli_query($con, $queryStr);
?><form action="handlemultiedit.php" method="post"><?php
if ($_POST['submit']) {
$checkbox2 = $_POST['checkbox2'];
foreach ($checkbox2 as $crewname) {
?>
<input type="hidden" name="crew_id" value="<?php $id = isset($_GET['id']) ? $_GET['id'] : ''; ?>" />
<?php echo "<tr><th>" . $crewname . ":</th><br>";
echo " <tr>
<td>Shift 1:</td>
<td><input type=\"time\" name=\"start_hour\" value=\"start_hour\" id=\"start_hour\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour\" value=\"end_hour\" id=\"end_hour\" step=\"1800\" required>
</td>
</tr>
<tr>
<td>Shift 2:</td>
<td><input type=\"time\" name=\"start_hour2\" value=\"start_hour2\" id=\"start_hour2\" step=\"1800\" required> to <input type=\"time\" name=\"end_hour2\" value=\"end_hour2\" id=\"end_hour2\" step=\"1800\" required>
</td>
</tr><br><br>";
?><?php
}?><td><input type="submit" value="Submit" ></td></form><?php
}
?>
print_r($_POST);
require 'dbfunction.php';
$con = getDbConnect();
$crew_id = $_POST["crew_id"];
$start_hour = $_POST["start_hour"];
$end_hour = $_POST["end_hour"];
$start_hour2 = $_POST["start_hour2"];
$end_hour2 = $_POST["end_hour2"];
if (!mysqli_connect_errno($con)) {
$sqlQueryStr = "UPDATE crewlist SET start_hour = '$start_hour',end_hour = '$end_hour', start_hour2 = '$start_hour2',end_hour2 = '$end_hour2' WHERE crew_id = $crew_id";
mysqli_query($con, $sqlQueryStr);
}
//header('Location: crewlisting.php');
mysqli_close($con);
?>
Try placing single quotes (i.e. 's) around your final variable in your statement, as you have done with all of your other variables, i.e. change it to "WHERE crew_id = '$crew_id'";

WIll foreach loop accomplish this? How?

I am trying to create a form page that will allow the end-user the ability to update multiple entries in a table. The user is tagged by an ID_NUM and the entries by RECORD. I want to display each row in the form, with each row stacked on the page in separate instances. As below:
School Name:
School Type:
Degree:
Major:
Graduate:
School Name:
School Type:
Degree:
Major:
Graduate:
I want the submit to trigger an update to any changes in any row. Here is the code I have for the basic form. What do I need to do to integrate the foreach loop, if that is the best way to solve the problem?
<?php
// Start the session
require_once('startsession.php');
// Insert Page Header
$page_title = 'Edit Profile';
require_once('header.php');
// Make sure the user is logged in before going any further.
if (!isset($_SESSION['email'])) {
echo '<p class="login">Please log in to access this page.</p>';
exit();
}
// Insert navmenu
require_once('navmenu.php');
require_once('vary.php');
require_once('appvars.php');
require_once('connectvars.php');
// Connect to the database using vary.php
if (isset($_POST['submit']))
{
// Grab the profile data from the POST
$record2 = $_POST['record'];
$school2 = $_POST['school'];
$type2 = $_POST['school_code'];
$degree2 = $_POST['degree_code'];
$desc2 = $_POST['desc'];
$grad2 = $_POST['grad'];
$another2 = $_POST['another'];
// Update the profile data in the database
if (!empty($school2)) {
$query3 = "UPDATE EDUCATION SET SCHOOL = '$school2' WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "' AND RECORD = '" . $record2 . "'";
mysqli_query($dbc, $query3);
}
if (!empty($type2)) {
$query4 = "UPDATE EDUCATION SET TYPE = '$type2' WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "' AND RECORD = '" . $record2 . "'";
mysqli_query($dbc, $query4);
}
if (!empty($degree2)) {
$query5 = "UPDATE EDUCATION SET DEGREE = '$degree2' WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "' AND RECORD = '" . $record2 . "'";
mysqli_query($dbc, $query5);
}
if (!empty($desc2)) {
$query6 = "UPDATE EDUCATION SET MAJOR = '$desc2' WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "' AND RECORD = '" . $record2 . "'";
mysqli_query($dbc, $query6);
}
if (!empty($grad2)) {
$query7 = "UPDATE EDUCATION SET GRAD = '$grad2' WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "' AND RECORD = '" . $record2 ."'";
mysqli_query($dbc, $query7);
}
// Confirm success with the user
if ($another2=="Y")
{
// Clear the variables and reload the page for new submit
$record2 = "";
$school2 = "";
$type2 = "";
$degree2 = "";
$major2 = "";
$grad2 = "";
$another2 = "";
echo '<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.avant.jobs/portal/addeducation.php">';
}
else
{
echo '<p>The education section of your profile has been successfully updated. Would you like to continue??</p>';
echo '<meta HTTP-EQUIV="REFRESH" content="0; url=http://www.avant.jobs/portal/workcheck.php">';
}
mysqli_close($dbc);
exit();
}
else
{
echo '<p class="error">You must enter all of the profile data.</p>';
}
// End of check for form submission
// Grab the profile data from the database
$query8 = "SELECT * FROM EDUCATION WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "'";
$data = mysqli_query($dbc, $query8);
$row = mysqli_fetch_array($data);
if ($row != NULL)
{
$record = $row['RECORD'];
$school = $row['SCHOOL'];
$type = $row['TYPE'];
$degree = $row['DEGREE'];
$desc = $row['MAJOR'];
$grad = $row['GRAD'];
}
else
{
echo '<p class="error">There was a problem accessing your profile.</p>';
}
;
?>
<form enctype="multipart/form-data" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<fieldset>
<legend>Education History </legend>
<?php
echo '<input type="hidden" id="record" name="record" value="' . $record . '">';
// Insert Listbox here
$queryschool = "SELECT * FROM SCHOOL";
$list = mysqli_query($dbc, $queryschool);
if($list)
{
echo 'School Type? ';
echo '<select name="school_code">';
while($row = mysqli_fetch_assoc($list))
{
echo "<option value={$row['CODE']}>{$row['TYPE']}" ;
echo '</option>';
}
echo '</select>';
}
echo '<br />';
echo '<label for="school">School Name:</label>';
echo '<input type="text" id="school" name="school" size="40" maxlength="40" value="' . ((!empty($school)) ? $school : "") . '" /><br />';
// Insert Listbox here
$querydegree = "SELECT * FROM DEGREE";
$list = mysqli_query($dbc, $querydegree);
if($list)
{
echo 'Degree Type? ';
echo '<select name="degree_code">';
while($row = mysqli_fetch_assoc($list))
{
echo "<option value={$row['CODE']}>{$row['DEGREE']}";
echo '</option>';
}
echo '</select>';
}
echo '<br />';
echo '<label for="desc">Field of study:</label>';
echo '<input type="text" id="desc" name="desc" size="40" maxlength="40" value="' . ( (!empty($desc)) ? $desc : "") . '" /><br />';
echo '<label for="grad">Did you graduate?:</label>';
echo '<input type="radio" id="grad" name="grad" value="Y" ' . ($grad == "Y" ? 'checked="checked"':'') . '/>Yes ';
echo '<input type="radio" id="grad" name="grad" value="N" ' . ($grad == "N" ? 'checked="checked"':'') . '/>No<br />';
?>
</fieldset>
<?php
echo '<label for="another">Do you need to enter more educational experience?:</label>';
echo '<input type="radio" id="another" name="another" value="Y" ' . ($another == "Y" ? 'checked="checked"':'') . '/>Yes ';
echo '<input type="radio" id="another" name="another" value="N" ' . ($another == "N" ? 'checked="checked"':'') . '/>No<br />';
?>
<input type="submit" value="Save Profile" name="submit" />
</form>
<?php
// Insert Page Footer
require_once('footer.php');
?>
As I am new to this and trying to teach my self, any help is appreciated! Thank you.
Instead of having multiple UPDATE queries, you can integrate them to 1 query,
$comma = FALSE;
$query = "UPDATE EDUCATION SET ";
// Update the profile data in the database
if (!empty($school2)) {
$query .= "SCHOOL = '$school2'";
$comma = TRUE;
}
if (!empty($type2)) {
if($comma === TRUE)
$query .= ", ";
$query .= "TYPE = '$type2' ";
$comma = TRUE;
}
if (!empty($degree2)) {
if($comma === TRUE)
$query .= ", ";
$query5 = "DEGREE = '$degree2'";
$comma = TRUE;
}
if (!empty($desc2)) {
if($comma === TRUE)
$query .= ", ";
$query .= "MAJOR = '$desc2'";
$comma = TRUE;
}
if (!empty($grad2)) {
if($comma === TRUE)
$query .= ", ";
$query .= "GRAD = '$grad2'";
}
$query .= "WHERE ID_NUM = '" . $_SESSION['IDNUM'] . "' AND RECORD = '" . $record2 ."'";
if (!empty($school2) || !empty($type2) || !empty($degree2) || !empty($desc2) || !empty($grad2)) {
mysqli_query($dbc, $query);

UPDATE is updating some fields but not others

Ok, this is an odd one for some reason. UPDATE is updating fields, but it completely bypasses this one field, and I can't seem to find a reason why.
The field is partdesc
Here is the entire code:
<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PDI NCMR - Edit</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
<div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>
<?php
function cleanPostVar(&$dbc, $key) {
if (array_key_exists($key, $_POST)) {
return mysqli_real_escape_string($dbc, trim($_POST[$key]));
} else {
return '';
}
}
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$id= mysqli_real_escape_string($dbc, trim(0));
if(isset($_GET['id']))
$id= mysqli_real_escape_string($dbc, trim($_GET["id"]));
if (isset($_POST['submit'])) {
$id= mysqli_real_escape_string($dbc, trim($_POST["id"]));
// Enter data into the database
$ab = cleanPostVar($dbc,'ab');
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = cleanPostVar($dbc,'part');
$rev = cleanPostVar($dbc,'rev');
$partdesc = cleanPostVar($dbc,'partdesc');
$ncmrqty = cleanPostVar($dbc,'ncmrqty');
$comp = cleanPostVar($dbc,'comp');
$ncmrid = cleanPostVar($dbc,'ncmrid');
$rma = cleanPostVar($dbc,'rma');
$jno = cleanPostVar($dbc,'jno');
$fdt = cleanPostVar($dbc,'fdt');
$cof = cleanPostVar($dbc,'cof');
$fab1= cleanPostVar($dbc,'fab1');
$fab2= cleanPostVar($dbc,'fab2');
$fab3= cleanPostVar($dbc,'fab3');
$non= cleanPostVar($dbc,'non');
$dis= cleanPostVar($dbc,'dis');
$comm= cleanPostVar($dbc,'comm');
$caad= cleanPostVar($dbc,'caad');
$po= cleanPostVar($dbc,'po');
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));
$query = "UPDATE testbed SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '$id'";
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// and at least use a basic mechanism to trap possibles errors
mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc));
// Confirm success with the user
echo '<p>If you wish to edit more NCMRs, please go to the admin page!</p>';
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
mysqli_close($dbc);
}
else {
// Grab the profile data from the database
if (!isset($_GET['id'])) {
$query = "SELECT * FROM testbed WHERE id = '$id'";
}
else {
$query = "SELECT * FROM testbed WHERE id = '$id'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';
echo '<div id="box1">';
if (empty($row['ab'])) $row['ab'] = "Empty";
if (empty($row['date'])) $row['date'] = "Empty";
if (empty($row['part'])) $row['part'] = "Empty";
if (empty($row['rev'])) $row['rev'] = "Empty";
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
echo '<div id="ab"><span class="b">Added By: </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
echo '<div id="date"><span class="b">Date Filed: </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
echo '<div id="part"><span class="b">Part Number: </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
echo '<div id="rev"><span class="b">Part Revision: </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
echo '<div id="ncmrqty"><span class="b">NCMR Qty: </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
echo '</div>';
//Company, Customer NCMR, Internal RMA, and Job Number
echo '<div id="box2">';
if (empty($row['comp'])) $row['comp'] = "Empty";
if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
if (empty($row['rma'])) $row['rma'] = "Empty";
if (empty($row['jno'])) $row['jno'] = "Empty";
echo '<div id="comp"><span class="b">Company: </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
echo '<div id="ncmrid"><span class="b">Customer NCMR ID: </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
echo '<div id="rma"><span class="b">Internal RMA #: </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
echo '<div id="jno"><span class="b">Job #: </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
echo '</div>';
//Type of Failure and Class of Failure
echo '<div id="box3">';
echo '<h2>Failure</h2>';
echo '<div id="cof"><span class="b">Class of Failure: </span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>';
echo '<div id="fdt"><span class="b">Failure Due To: </span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>';
echo '</div>';
//Fabricators
echo '<div id="box4">';
echo '<h2>Fabricators</h2>';
if ($row['fab1']=="--None--")
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
if ($row['fab2']="--None--")
{
echo'<div id="fab2">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab2'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
}
if ($row['fab3']="--None--")
{
echo'<div id="fab3">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab3'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
} echo '</div>';
//Nonconformity, Disposition, Comments and Comments & Additional Details
echo '<div id="box5">';
if (empty($row['non'])) $row['non'] = "Empty";
if (empty($row['dis'])) $row['dis'] = "Empty";
if (empty($row['comm'])) $row['comm'] = "Empty";
if (empty($row['caad'])) $row['caad'] = "Empty";
echo '<div id="non"><span class="b">Nonconformity: </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
echo '<div id="dis"><span class="b">Disposition: </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
echo '<div id="comm"><span class="b">Comments: </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
echo '<div id="caad"><span class="b">Comments and/or Additional Details: </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';
echo '<div id="podr">';
if (empty($row['po'])) $row['po'] ="Empty";
if (empty($row['pod'])) $row['pod'] ="Empty";
if (empty($row['dir'])) $row['dri'] ="Empty";
echo '<div id="po"><span class="b">PO: </span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>';
echo '<div id="pod"><span class="b">PO Date: </span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>';
echo '<div id="dri"><span class="b">Date Received: </span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>';
echo '</div>';
echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>";
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
echo '</div>';
?>
</body>
</html>
As far as I can tell these parts are dealing with the code in question.
The part to sanitize the script:
$partdesc = cleanPostVar($dbc,'partdesc');
The part to update the script.
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '$id'";
The part to show the description of said field, if none is there enter Empty into the field till otherwise entered by person.
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
And that's it. Each one has one form or another mind you correctly as partdesc. Now also mind you this is also being edited in Notepad ++ and is encoded in UTF +8 without BOM, so there are no descrepencies as far as I can tell with the code in question.
Is there something I am missing or is this just something because all the other code is posting, and it looks identical.
Your textarea has no name attribute. Since the key in $_POST is based on the name, this means that text is not stored where you think it is.
A good way to debug a problem like this is to print out the value of $_POST at the start of the php file so that you can make sure it actually contains the data you expect. If you think a particular SQL query is failing, a good debugging strategy is to print out the query so that you can try making it by hand and see if SQL objects.

Update "posting" in PHP, but when checking database, the database shows NULL

I am working on this code, and I am at wits end right now. For some reason my I can't update my database.
The code below is updated, the code no longer works, the update command seems to stall the PHP and causes and error. If anyone can resolve this it would be greatly appreciated.
<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PDI NCMR - Edit</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
<div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>
<?php
if (isset($_POST['submit'])) {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Enter data into the database
$id = mysqli_real_escape_string($dbc, trim($_POST['id']));
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = "$_GET['id']"";
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// and at least use a basic mechanism to trap possibles errors
mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc));
// Confirm success with the user
echo '<p>If you wish to edit more NCMRs, please go to the admin page!</p>';
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
mysqli_close($dbc);
}
else {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['id'])) {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
else {
$query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo '<form action="edit.php?id=<?php echo $id;?>" method="POST">'
echo '<fieldset>';
echo '<div id="box1">';
if (empty($row['ab'])) $row['ab'] = "Empty";
if (empty($row['date'])) $row['date'] = "Empty";
if (empty($row['part'])) $row['part'] = "Empty";
if (empty($row['rev'])) $row['rev'] = "Empty";
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
echo '<div id="ab"><span class="b">Added By: </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
echo '<div id="date"><span class="b">Date Filed: </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
echo '<div id="part"><span class="b">Part Number: </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
echo '<div id="rev"><span class="b">Part Revision: </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
echo '<div id="ncmrqty"><span class="b">NCMR Qty: </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
echo '</div>';
//Company, Customer NCMR, Internal RMA, and Job Number
echo '<div id="box2">';
if (empty($row['comp'])) $row['comp'] = "Empty";
if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
if (empty($row['rma'])) $row['rma'] = "Empty";
if (empty($row['jno'])) $row['jno'] = "Empty";
echo '<div id="comp"><span class="b">Company: </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
echo '<div id="ncmrid"><span class="b">Customer NCMR ID: </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
echo '<div id="rma"><span class="b">Internal RMA #: </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
echo '<div id="jno"><span class="b">Job #: </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
echo '</div>';
//Type of Failure and Class of Failure
echo '<div id="box3">';
echo '<h2>Failure</h2>';
echo '<div id="cof"><span class="b">Class of Failure: </span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>';
echo '<div id="fdt"><span class="b">Failure Due To: </span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>';
echo '</div>';
//Fabricators
echo '<div id="box4">';
echo '<h2>Fabricators</h2>';
if ($row['fab1']="--None--")
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
if ($row['fab2']="--None--")
{
echo'<div id="fab2">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab2'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
}
if ($row['fab3']="--None--")
{
echo'<div id="fab3">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab3'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
} echo '</div>';
//Nonconformity, Disposition, Comments and Comments & Additional Details
echo '<div id="box5">';
if (empty($row['non'])) $row['non'] = "Empty";
if (empty($row['dis'])) $row['dis'] = "Empty";
if (empty($row['comm'])) $row['comm'] = "Empty";
if (empty($row['caad'])) $row['caad'] = "Empty";
echo '<div id="non"><span class="b">Nonconformity: </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
echo '<div id="dis"><span class="b">Disposition: </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
echo '<div id="comm"><span class="b">Comments: </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
echo '<div id="caad"><span class="b">Comments and/or Additional Details: </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';
echo '<div id="podr">';
if (empty($row['po'])) $row['po'] ="Empty";
if (empty($row['pod'])) $row['pod'] ="Empty";
if (empty($row['dir'])) $row['dri'] ="Empty";
echo '<div id="po"><span class="b">PO: </span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>';
echo '<div id="pod"><span class="b">PO Date: </span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>';
echo '<div id="dri"><span class="b">Date Received: </span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>';
echo '</div>';
echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
echo '</div>';
?>
</body>
</html>
Your form method is POST so you need to add hidden field to embed/save the ID (value from $_GET) so when you submit this form you will get value from textarea as well as correct ID value using $_POST['id'].
I've removed some unrelated statement.
.....
.....
<?php
$id=0;
if(isset($_GET['id']))
$id=$_GET['id'];
if (isset($_POST['submit'])) {
$id=$_POST["id"];
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$ncmrsr = mysqli_real_escape_string($dbc, trim($_POST['ncmrsr']));
$ncmrsc = mysqli_real_escape_string($dbc, trim($_POST['ncmrsc']));
$query = "UPDATE ncmr SET ncmrsr = '$ncmrsr', ncmrsc = '$ncmrsc' WHERE id = $id";
$result=mysqli_query($dbc, $query);
if($result)
echo '<p>Your comments have been successfully entered. Please return to the admin page to view the final report!</p>';
mysqli_close($dbc);
}
else
{
if(!isset($_GET['id']))
{
header("Location: list.php");
exit();
}
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$query = "SELECT * FROM ncmr WHERE id = $id";
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo'<div id="title"><h3 id="NCMR2">Non-Conforming Materials Report (NCMR: ' . $row['rma'] . ')</h3></div>';
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';
echo '<div id="box6">';
// We know both $ncmrsr AND $ncmrsc are blank
if (empty($row['ncmrsr']) && empty($row['ncmrsc'])) {
// add comment.
echo '<div id="ncmrsr"><span class="b">NCMR Supplier Response:<br /></span><textarea name="ncmrsr" rows="6" cols="105" ></textarea></div>';
echo '<div id="ncmrsc"><span class="b">NCMR Supplier Comment:<br /></span><textarea name="ncmrsc" rows="6" cols="105" ></textarea></div>';
echo '<div id="button2"><input type="submit" name="submit" value="Add Comment" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>";
}
else {
// echo the two fields.
if (empty($row['ncmrsr'])) $row['ncmrsr'] ="Empty";
if (empty($row['ncmrsc'])) $row['ncmrsc'] ="Empty";
echo '<div id="ncmrsr"><span class="b">NCMR Supplier Response:</span><br />' . $row['ncmrsr'] . '</div>';
echo '<div id="ncmrsc"><span class="b">NCMR Supplier Comment:</span><br />' . $row['ncmrsc'] . '</div>';
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
// End of check for a single row of user results
else {
echo '<p class="error">Please contact the web administrator, there seems to be an error!</p>';
}
mysqli_close($dbc);
}
echo '</div>';
?>
</body>
</html>
You need to cleanse any and all input from the user. If $GET or $POST exist on the same line as a query string, you need to escape it like this one:
$query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
Better yet, you're already using mysqli, so use a prepared statement instead.
If you're using mysqli, you may be using InnoDB, and it maybe that transactions are implicitly on, and auto-commit for the connection is off, so you may not be committing the transaction, at least if one is in effect. Try adding mysqli_commit() before the close, and see if it helps.
In general, in development mode, you might wanna check your php.ini for error reporting, and check error_log on your web server to see if errors are reported there. If the query fails, it may not show up on the page output, but it may show up in the error log.
I'll suggest you test if mysqli_query($dbc, $query) was successful
if (mysqli_query($dbc, $query)) {
echo '<p>Your comments have been successfully entered. Please return to the admin page to view the final report!</p>';
} else {
echo mysqli_error($dbc);
}

PHP Update Script not working, ID not pushing when it should be.

I have a script that seems to not work, it it meant to update an SQL database. The code looks fine, but it seems to me that when I submit the ID in where the data is meant to be entered into doesn't work.
I can't seem to find the cause. Can anyone here help me?
The script is below.
When I use the error check code, the only thing I get out of it is this:
Query is : UPDATE ncmr SET ab = 'Matt Ridge', date = '2012-01-09',
part = 'K17212191', rev = '01' , partdesc = '' , ncmrqty = '2' , comp
= 'Nexx Systems Inc.' , ncmrid = '1243' , rma = 'Empty' , jno = 'Empty' , fdt = 'none' , cof = 'none' , fab1 = 'Andy Kahl' , fab2 =
'--None--' , fab3 = '--None--' , non = '' , dis = '' , comm = '' ,
caad = '' , po = 'Empty' , pod = '1969-12-31' , dri = '1969-12-31'
WHERE id = ''
There are no errors, but I notice that the ID is not showing upon posting. Is there a reason why this is happening?
I will post a link if required.
<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PDI NCMR - Edit</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
<div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>
<?php
if (isset($_POST['submit'])) {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Enter data into the database
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '" . $_GET['id'] . "'";
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// and at least use a basic mechanism to trap possibles errors
mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc));
// Clear the form data
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
// Confirm success with the user
echo '<p>If you wish to edit more NCMRs, please go to the admin page!</p>';
mysqli_close($dbc);
}
else {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['id'])) {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
else {
$query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo'<div id="title"><h3 id="NCMR2">Non-Conforming Materials Report (NCMR: ' . $row['rma'] . ')</h3></div>';
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';
echo '<div id="box1">';
if (empty($row['ab'])) $row['ab'] = "Empty";
if (empty($row['date'])) $row['date'] = "Empty";
if (empty($row['part'])) $row['part'] = "Empty";
if (empty($row['rev'])) $row['rev'] = "Empty";
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
echo '<div id="ab"><span class="b">Added By: </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
echo '<div id="date"><span class="b">Date Filed: </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
echo '<div id="part"><span class="b">Part Number: </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
echo '<div id="rev"><span class="b">Part Revision: </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
echo '<div id="ncmrqty"><span class="b">NCMR Qty: </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
echo '</div>';
//Company, Customer NCMR, Internal RMA, and Job Number
echo '<div id="box2">';
if (empty($row['comp'])) $row['comp'] = "Empty";
if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
if (empty($row['rma'])) $row['rma'] = "Empty";
if (empty($row['jno'])) $row['jno'] = "Empty";
echo '<div id="comp"><span class="b">Company: </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
echo '<div id="ncmrid"><span class="b">Customer NCMR ID: </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
echo '<div id="rma"><span class="b">Internal RMA #: </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
echo '<div id="jno"><span class="b">Job #: </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
echo '</div>';
//Type of Failure and Class of Failure
echo '<div id="box3">';
echo '<h2>Failure</h2>';
echo '<div id="cof"><span class="b">Class of Failure: </span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>';
echo '<div id="fdt"><span class="b">Failure Due To: </span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>';
echo '</div>';
//Fabricators
echo '<div id="box4">';
echo '<h2>Fabricators</h2>';
if ($row['fab1']="--None--")
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
if ($row['fab2']="--None--")
{
echo'<div id="fab2">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab2'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
}
if ($row['fab3']="--None--")
{
echo'<div id="fab3">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab3'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
} echo '</div>';
//Nonconformity, Disposition, Comments and Comments & Additional Details
echo '<div id="box5">';
if (empty($row['non'])) $row['non'] = "Empty";
if (empty($row['dis'])) $row['dis'] = "Empty";
if (empty($row['comm'])) $row['comm'] = "Empty";
if (empty($row['caad'])) $row['caad'] = "Empty";
echo '<div id="non"><span class="b">Nonconformity: </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
echo '<div id="dis"><span class="b">Disposition: </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
echo '<div id="comm"><span class="b">Comments: </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
echo '<div id="caad"><span class="b">Comments and/or Additional Details: </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';
echo '<div id="podr">';
if (empty($row['po'])) $row['po'] ="Empty";
if (empty($row['pod'])) $row['pod'] ="Empty";
if (empty($row['dir'])) $row['dri'] ="Empty";
echo '<div id="po"><span class="b">PO: </span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>';
echo '<div id="pod"><span class="b">PO Date: </span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>';
echo '<div id="dri"><span class="b">Date Received: </span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>';
echo '</div>';
echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
echo '</div>';
?>
</body>
</html>
You are using $_GET to retrieve the id but $_POST for everything else. Try changing it to $_POST...and there will be a host of warnings from everyone on SO about why this is dangerous. Look up SQL injection on google.
Use $_SERVER['REQUEST_URI'] in form action instead of $_SERVER['PHP_SELF'] - PHP_SELF won't include query string (and your id).
Also, when there is no id provided in GET you're using
$query = "SELECT * FROM ncmr WHERE id = '$id'";
but there is no $id defined anywhere else in the script.

Categories