I created a database with user's first name, last name, email, and temp password. When a user logs in for the first time they are shown a profile with the information already in the database as well as some additional fields they must fill in. On clicking submit the form should then update their profile in the database but it doesn't. The database is called 'users'. Could someone please tell me what I'm doing wrong?
<?php
$testerID = preg_replace('#[^0-9]#i', '', $_SESSION["id"]); // filter everything but numbers and letters
$tester = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["tester"]); // filter everything but numbers and letters
$password = preg_replace('#[^A-Za-z0-9]#i', '', $_SESSION["password"]); // filter everything but numbers and letters
include "scripts/connect_to_mysql.php";
$sql = mysql_query("SELECT * FROM users WHERE id='$testerID' AND username='$tester' AND password='$password' LIMIT 1"); // query the person
$row = mysql_fetch_array($sql);
$fname = $row['fname'];
$lname = $row['lname'];
$email = $row['email'];
$existCount = mysql_num_rows($sql); // count the row nums
if ($existCount == 0) { // evaluate the count
echo "Your login session data is not on record in the database.";
exit();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Tester Home</title>
</head>
<body>
<table width="886">
<tr>
<td width="876"><h1>Welcome
<?php
echo $fname;
?>
to the Closed Beta</h1></td>
</tr>
</table>
<p> </p>
<div id="content">
<?php
$date = getdate();
// Parse the form data and add inventory item to the system
if (isset($_POST['$new_password'])) {
$new_email = mysql_real_escape_string($_POST['email']);
$new_password = mysql_real_escape_string($_POST['new_password']);
$phone_model = mysql_real_escape_string($_POST['phone_model']);
$carrier = mysql_real_escape_string($_POST['carrier']);
$sql_update = mysql_query("UPDATE users SET email='$new_email', password='$new_password', phone_model='$phone_model', carrier='$carrier' WHERE id='$testerID'");
}
if(is_null($test_start)){
echo "
<form action=\"index.php\" enctype=\"multipart/form-data\" name=\"myForm\" id=\"myform\" method=\"post\">
<table width=\"90%\" border=\"0\" cellspacing=\"0\" cellpadding=\"6\">
<tr>
<td width=\"20%\" align=\"right\">ID: </td>
<td width=\"80%\"><label>
$testerID
</label></td>
</tr>
<tr>
<td align=\"right\">Username: </td>
<td><label>
$tester
</label></td>
</tr>
<tr>
<td align=\"right\">First Name: </td>
<td><label>
$fname
</label></td>
</tr>
<tr>
<td align=\"right\">Last Name: </td>
<td><label>
$lname
</label></td>
</tr>
<tr>
<td align=\"right\">Email Address: </td>
<td><label>
<input type=\"text\" name=\"email\" id=\"email\" value=\"\"/>
</label></td>
</tr>
<tr>
<td align=\"right\">Old password: (the one you were assigned)</td>
<td><label>
<input type=\"text\" name=\"old_password\" id=\"old_password\" value=\"$password\"/>
</label></td>
</tr>
<tr>
<td align=\"right\">New Password: </td>
<td><label>
<input type=\"text\" name=\"new_password\" id=\"newPassField\" />
</label></td>
</tr>
<tr>
<td align=\"right\">Confirm New Password: </td>
<td><label>
<input type=\"text\" name=\"confirm_password\" id=\"newPassField\" />
</label></td>
</tr>
<tr>
<td align=\"right\">Phone Model: </td>
<td><label>
<input type=\"text\" name=\"phone_model\" id=\"phone_model\" value=\"$phone_model\"/> (a 4 digit number)
</label></td>
</tr>
<tr>
<td align=\"right\">Carrier: </td>
<td><label>
<input type=\"text\" name=\"carrier\" id=\"carrier\" cols=\"64\" rows=\"5\" value=\"$carrier\"/>
</label></td>
</tr>
<input type=\"submit\" name=\"button\" id=\"button\" value=\"Update\" />
</table>
</form>";
}else{
}
?>
</div>
<p> </p>
</body>
</html>
You have isset($_POST['$new_password']) instead of isset($_POST['new_password']). Notice the added $
if there is an error in your sql then the best way to find out what it is, is to add in error checking code
or die(mysql_error());
i have added it to the end of your query here
$sql_update = mysql_query("UPDATE users SET email='$new_email', password='$new_password', phone_model='$phone_model', carrier='$carrier' WHERE id='$testerID'") or die(mysql_error());
Where have you defined your mysql_select_db for the DB selection?
Also, I'm not quite used to apply for UPDATE selections, but you could use INSERT with a DUPLICATE value, if you know the ids or a similar column that is fixed for each user. Something like:
$query = "INSERT INTO users (_columns_) VALUES (_$columns_) ON DUPLICATE KEY UPDATE _column_='_$column_'";
Changing your columns and the posted values from the form with a post method, of course. Add there a WHERE clause if needed, even thought that would be something to look for on the db.
Related
I almost have it but I am missing something. The form is being sent and the row is being created but there is not data. It is blank (both the email and the database). I know it is something simple I am missing but I cannot figure it out.
There is no errors, the form disappears like it is supposed to. I am getting an email but there is no userdata in it. It creates a row in the database, but again there is no data being put in the row.
If anyone can look at my code below and tell me what I am missing to make the inputed info be seen, I would sure appreciate it.
I have searched and searched and tried different things but I cannot get it to send the info.
AJAX_Quote.php
<?php
include_once('class/class_email.php');
$connect = mysqli_connect("localhost","admin","password","database");
$FName = $_POST['Form_FName'];
$LName = $_POST['Form_LName'];
$Email = $_POST['Form_Email'];
$Company = $_POST['Form_Company'];
$Number = $_POST['Form_Number'];
$Comments = $_POST['Form_Comments'];
$EID = $_POST['eid'];
//$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `id`='$EID' LIMIT 1;";
//$R_GetEquipment = mysql_query($SQL_GetEquipment, $Link);
//$row = mysql_fetch_assoc($R_GetEquipment);
$SQL_GetEquipment = "SELECT * FROM `new_equip` WHERE `id`='$EID' LIMIT 1;";
$result = mysqli_query($connect,$SQL_GetEquipment);
$row = mysqli_fetch_assoc($result);
$EmailBody = "$FName $LName has requested a quote from NAPE on Item $EID\n
Information on quote request: \n
Name: $FName $LName \n
Email: $Email \n
Company: $Company \n
Number: $Number \n
Comments: $Comments \n
\n
Information Requested for: {$row['itemname']}\n
The URL to {$row['itemname']} is: http://www.domain.com/new-product.php?Item=$EID
\n
Click to send a quote now:\n
http://www.domain.com/Admin/send-quote.php?id=$EID ";
$e = new email();
//First value is the URL of your server, the second the port number
$e->set_server( 'mail.domain.com', 26);
//First value is your username, then your password
$e->set_auth('noreply#domain.com', 'nape112233');
//Set the "From" setting for your e-mail. The Name will be base64 encoded
$e->set_sender( 'Quote Requested', 'noreply#domain.com' );
//for one recipient
$send_to = array('email#gmail.com');
//you may also specify multiple recipients by creating an array like this:
//$send_to = array('foo1#localhost.local', 'foo2#localhost.local', 'foo3#localhost.local');
$subject = 'Quote Request from NAPE';
$body = "$EmailBody";
if( $e->mail($send_to, $subject, $body, $headers) == true )
{
//message was received by the smtp server
//['last'] tends to contain the queue id so I like to save that string in the database
echo 'last: '.htmlspecialchars($e->srv_ret['last']).'';
}else{
//something went wrong
echo 'all: '.nl2br(htmlspecialchars($e->srv_ret['all'])).'';
echo 'full:'.nl2br(htmlspecialchars($e->srv_ret['full'])).'';
}
mysqli_query($connect,"INSERT INTO users (`fname`,`lname`,`email`,`company`,`number`)
VALUES ('$FName','$LName','$Email','$Company','$Number')");
?>
My form code
<form id="contact" name="contact" action="#" method="post" style="width:600px">
<br />
<table width="80%">
<tr>
<td width="36%">*First Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_FName" name="Form_FName" />
</td>
</tr>
<tr>
<td width="36%">*Last Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_LName" name="Form_LName" />
</td>
</tr>
<tr>
<td width="36%">Company Name:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_Company" name="Form_Company" />
</td>
</tr>
<tr>
<td>*Your E-Mail:</td>
<td> </td>
<td>
<input type="text" id="Form_Email" name="Form_Email" />
</td>
</tr>
<tr>
<td width="36%">*Phone Number:</td>
<td width="3%"> </td>
<td width="61%">
<input type="text" id="Form_Number" name="Form_Number" />
</td>
</tr>
<tr>
<td width="36%" h>Comments:</td>
<td width="3%"> </td>
<td width="61%">
<textarea id="Form_Comments" name="Form_Comments" cols="25" rows="3"></textarea>
</td>
</tr>
<tr>
<td colspan="3"> </td>
</tr>
<tr>
<td width="36%" align="center" colspan="3">
<button id="send">Request Quote</button>
</td>
</tr>
<tr>
<td colspan="5"> </td>
</tr>
<tr>
<td width="100%" colospan="3">
<b><?php echo $itemname; ?></b>
<br />
<br /> Manufacturer: <?php echo $manufactuer;?>
<br /> Model: <?php echo $model;?>
<br /> Category: <?php echo $category;?>
<br />
</td>
</tr>
</table>
</form>
</div>
<!-- basic fancybox setup -->
<script type="text/javascript">
$(document)
.ready(function () {
$(".modalbox").fancybox();
$("#contact").submit(function () {
return false;
});
$("#send").on("click", function () {
{
// if both validate we attempt to send the e-mail
// first we hide the submit btn so the user doesnt click twice
$("#send").replaceWith("<em>Your request has been sent...</em>");
$.ajax({
type: "POST",
url: "AJAX_Quote.php",
data: $("#idForm").serialize(),
success: setTimeout(function () { parent.$.fancybox.close(); }, 2000)
});
}
});
});
</script>
The name of your form inputs is of the format name="Form_FName" but in your PHP you refer to them as $FName = $_POST['fname'];. The correct PHP would be $FName = $_POST['Form_FName'];
Also I suggest escaping your input fields to avoid SQL injection. Check out mysqli_real_escape_string.
http://php.net/manual/en/mysqli.real-escape-string.php
i edited my code as below but the issue is that each time i click on the edit link, all of the products are being displayed instead of only the one beside which i clicked the edit link.
note: Sorry for posting another question relating to my other one. I could not add any more comments.
<?php
include_once("db_connect.php");
if(isset($_POST['update']))
{
$prod_id = $_POST['prod_id'];
$prod_name=$_POST['prod_name'];
$prod_brand=$_POST['prod_brand'];
$prod_price=$_POST['prod_price'];
// checking empty field
if(empty($prod_price))
{
//if name field is empty
if(empty($prod_price))
{
echo "<font color='red'>Price field is empty.</font><br/>";
}
}
else
{
//updating the table
//$result=mysql_query("UPDATE tblretprod SET prod_price='$prod_price' WHERE prod_id=$prod_id");
$result=mysql_query("UPDATE tblretprod SET prod_price='".$prod_price."' WHERE prod_id='".$prod_id."';");
//redirectig to the display page. In our case, it is index.php
header("Location: update.php");
}
}
?>
<?php
$prod_id = $_GET['prod_id'];
$result=mysql_query("SELECT a.prod_name, a.prod_brand, b.prod_price FROM tblproduct a, tblretprod b where a.prod_id = b.prod_id") or die(mysql_error());
?>
<html>
<title>Edit Product</title>
<body>
Home
<br/><br/>
<form name="edit" method="post" action="updprod.php">
<table border="0">
<?php
while($res=mysql_fetch_array($result))
{
$prod_name = $res['prod_name'];
$prod_brand = $res['prod_brand'];
$prod_price = $res['prod_price'];
?>
<tr>
<td>Product Name</td>
<td>
<input type="text" disabled="disabled" name="prod_name" value = "<?php echo $prod_name;?>"> </td>
</tr>
<tr>
<td>Brand</td>
<td>
<input type="text" disabled="disabled" name="prod_brand" value = "<?php echo $prod_brand;?>"> </td>
</tr>
<tr>
<td>Product Price</td>
<td>
<input type="text" name="prod_price" value = "<?php echo $prod_price;?>">
<input type="hidden" name="prod_id" value = "<?php echo $_GET['prod_id'];?>">
</td>
</tr>
<?php } ?>
<tr>
<td><input type="submit" name="update" value="Update"></td>
</tr>
</table>
</form>
</body>
</html>
Add in your select query in WHERE clause:
AND a.prod_id = ".$prod_id."
query:
"SELECT
a.prod_name,
a.prod_brand,
b.prod_price
FROM
tblproduct a, tblretprod b
where
a.prod_id = b.prod_id
AND a.prod_id = ".intval($prod_id).""
To make the query safer against SQL Injection i've added intval function like Kickstart well pointed out.
I am working on a web based contact list for a friend. I have the html portion all done and working on the PHP scripts and such. I have the main page as a table in a while loop enclosed in form tags. I need two things to happen but not sure how to get this accomplished.
First, each row has to have two submit buttons, which one goes to edit and the other to details, and carries over the values in the global $_POST.
Second, the list will be about 300 rows, so i am using a while loop to create the table.
I have the form working and passing the data but it is always passing the last row of the table. Here is my main page with the table:
<?php
if
(!isset ($_SESSION['username']))
{
session_start();
}
?>
<html>
<head>
<title>Client Contact List</title>
</head>
<?php
$user1 = implode(',',$_SESSION);
//DB information
require_once('/includes/db.php');
//Declaring edit and details
$edit = "<INPUT type='image' src='/addressbook/images/edit.png' onclick='\addressbook\edit.php'>";
$details = "<INPUT type='image' src='/addressbook/images/contact.gif' name='details' onclick='f1.action='\addressbook\contact_details.php'>";
//Table declarations and such
mysql_connect("$host", "$username", "$password") or die(mysql_error());
mysql_select_db("$db_name")or die("cannot select DB");
$result = mysql_query("SELECT * FROM contacts") or die(mysql_error());
$num=mysql_numrows($result);
$user1 = implode(',',$_SESSION);
$userresults = "SELECT first FROM i_user where userid IN $user1";
$user = mysql_query($userresults);
// print_r ($_SESSION);
// print_r ($_POST);
?>
<body style="background-image: url('Images/background_login.jpg');">
<br><br><br><br><br><br>
<table>
<br><br>
<tr><td width="500">Welcome Back, <?php echo $user; ?></td><td width="500"></td><td width="300"><form name="search" method="post" id="searchform" action="<?php echo $_SERVER['PHP_SELF'];?>"><label for="searchtext">Search: </label><input type="text" name="name" /> <input type="submit" name="submit" value="Search" /></form>
</td></tr>
</table>
<br>
<form name="f1" method="post" action="/addressbook/edit.php">
<table border="1">
<tr>
<?php
echo "<table border='1'>";
echo "<tr>
<th>First</th>
<th>Last</th>
<th>Company</th>
<th>Primary Email</th>
<th>Secondary Email</th>
<th>Primary Phone</th>
<th>Second Phone</th>
<th>Action</th>
</tr>";
$i=0;
while ($i<$num) {
$id = mysql_result($result,$i,"id");
$first = mysql_result($result, $i, "first");
$last = mysql_result($result,$i, "last");
$company = mysql_result($result, $i, "company");
$email1 = mysql_result($result,$i, "email1");
$email2 = mysql_result($result,$i, "email2");
$phone = mysql_result($result,$i, "phone");
$mobile = mysql_result($result,$i, "mobile");
// Print out the contents of each row into a table
echo "<tr><td width = '100'><center><input type='hidden' value='$first' name='first'>";
echo $first;
echo "</center></td><td width = '100'><center><input type='hidden' value='$last' name='last'>";
echo $last;
echo "</center></td><td width = '100'><center><input type='hidden' value='$company' name='company'>";
echo $company;
echo "</center></td><td width = '100'><center><input type='hidden' value='$email1' name='email1'>";
echo $email1;
echo "</center></td><td width = '100'><center><input type='hidden' value='$email2' name='email2'>";
echo $email2;
echo "</center></td><td width = '100'><center><input type='hidden' value='$phone' name='phone'>";
echo $phone;
echo "</center></td><td width = '100'><center><input type='hidden' value='$mobile name='mobile'>";
echo $mobile;
echo "</center></td><td width = '100'><center>";
echo $edit;
echo "    ";
echo $details;
echo "</td></center></tr>";
echo "<input type='hidden' value='$id name='id'></td>";
$i++;
}
?>
</tr>
</table>
</form>
</body>
</html>
This get directed to either the details or edit page. Below is the edit page....
<?php
if
(!isset ($_SESSION['username']))
{
session_start();
}
?>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit Contact Information</title>
</head>
<?php
//DB information
require_once('/includes/db.php');
mysql_connect("$host", "$username", "$password") or die(mysql_error());
mysql_select_db("$db_name")or die("cannot select DB");
$id = $_POST['id'];
$first = $_POST['first'];
$last = $_POST['last'];
$company = $_POST['company'];
$email1 = $_POST['email1'];
$email2 = $_POST['email2'];
$phone = $_POST['phone'];
$mobile = $_POST['mobile'];
//pulling the record id from the main login page.
$first=$_POST['first'];
$query="SELECT * FROM contacts where last=$last";
$result=mysql_query($query);
print_r($_POST);
?>
<html xmlns="http://www.w3.org/1999/xhtml">
<body style="background-image: url('Images/background_login.jpg');">
<br><br><br><br><br>
<!-- First Table with the back and search option but disabled for now -->
<table>
<br>
<tr>
<td width="500">
<input type='button' value='Back' onClick='history.go(-1)'>
</td>
<td width="500"></td>
<td width="300">
<!-- <form name="search" method="post" id="searchform" action="<?php echo $_SERVER['PHP_SELF'];?>">
<label for="searchtext">Search: </label>
<input type="text" name="name" /> <input type="submit" name="submit" value="Search" />
</form> -->
</td>
</tr>
</table>
<br><br>
<center>
<!-- Second Table with form data pulled out for Identify -->
<table>
<tr>
<th>
<table>
<tr>
<td bgcolor="silver" colspan="4"><center>Identify</center></td>
</tr>
<tr>
<td width="100"><center><b>Title</b></center></td>
<td width="100"></td>
<td width="150"><center><b>Company Name</b></center></td>
</tr>
<tr>
<td width="100"><input value="Title"></td>
<td width="100"></td>
<td width="100"><? echo $company ?></td>
</tr>
<tr><td colspan="4"></td></tr>
<tr>
<td width="100"><center><b>First Name</b></center></td>
<td width="100"></td>
<td width="100"><center><b>Last Name</b></center></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
</table>
</th> <!-- Space between the contact info and Indenty -->
<td width="100">
</td>
<th>
<td> <!-- Third Table with form data pulled out -->
<table>
<tr>
<td bgcolor="silver" colspan="4"><center>Contact Information</center></td>
</tr>
<tr>
<td width="100"><center><b>Office Phone</b></center></td>
<td width="100"></td>
<td width="150"><center><b>Mobile Name</b></center></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
<tr>
<td colspan="4"></td>
</tr>
<tr>
<td width="100"><b>Primary Email</b></td>
<td width="100"></td>
<td width="150"><b>Secondary Email</b></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
</table>
</td>
</th>
<tr height="100"> <td colspan="9"></td> </tr>
<th class="style2">
<table>
<tr width="400"></tr>
<tr>
<td bgcolor="silver" colspan="4"><center>Applications Used</center></td>
</tr>
<tr>
<td width="100"></td>
</tr>
<tr>
<td colspan="4"></td>
</tr>
<tr>
<td width="100"></td>
</tr>
<tr>
<td width="100"></td>
<td width="100"></td>
<td width="100"></td>
<td width="100"></td>
</tr>
</table>
</th>
<td width="200"></td>
<td>
<th class="style2">
<table>
<tr>
<td bgcolor="silver" colspan="4"><center>Internal Information</center></td>
</tr>
<tr>
<td width="100"><center><b>Account Mgr</b></center></td>
<td width="100"></td>
<td width="150"><center><b>Client Relations</b></center></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
<tr><td colspan="4"></td></tr>
<tr>
<td width="200"><center><b>Acct Development</b></center></td>
<td width="100"></td>
<td width="100"><center><b>Project Mgr</b></center></td>
</tr>
<tr>
<td width="100"><input value="Test"></td>
<td width="100"></td>
<td width="100"><input value="Test"></td>
</tr>
</table>
</th>
</td>
</table>
</center>
</body>
</html>
Any thoughts on how to get this done?
Put the form tag inside the loop. And place the submit button inside the form tag.
It sounds like you need a lot of form, instead of a form with a lot of field.
Yet another suggestion.. jqgrid may be a good thing to use here. look it up if you got a chance.
The problem is you are creating a ton of elements that have the same name... Every row has a input by the name of email1, email2, phone, mobile, etc.
when you submit the form it just takes the value of the last html element with the given name. So it will alwyas give you the last row.
What you can do is only have 1 hidden input for each attribute. Then when you select a row, you can set the values for the hidden inputs using javascript.
HOWEVER, to make it more simple... You are already storing all of the users data in a database so you don't need to pass it all to the next page. Just pass the id to the next page, then when you get to the next page perform a select query to get all of that user's data.
This way you can have 1 hidden input for the id. When the user selects the row they want to edit use Javascript to set the value of that input.
Each button should look something like this:
echo "<input type=\"button\" onclick=\"document.form.id=$id\">";
The input should look something like this:
echo "<input type=\"hidden\" name=\"id\"/>";
Then on the edit page use :
$id = $_POST['id'];
$query = "SELECT id, first, last, company, email1, email2, phone, mobile
FROM contacts WHERE ID=$id"
$result = mysql_query($query) or die(mysql_error());
$row = mysql_fetch_array($result);
$id = $row['id'];
$first = $row['first'];
etc...
hey guys im having trouble with an array. all i need is for the query to update 2 columns on the table based on the records id
The table has a column called OffID and it looks for any record that has not yet been authorised. to mark it authorised the user will select a check box for either authorise or deny and then press the submit button. however at the moment i have 9 records which show in the table each with there own unique id but when submit is selected it will only update one. any help in showing where ive gone wrong would be grateful and cheers in advance :)
ok i edited the code but it is only now setting the first record. so if there are 8 records and i choose accept for the first record and deny for the second record both the accept and deny are set to the first record in the database my new code is below
<?php
$path = $_SERVER['DOCUMENT_ROOT'];
$path .= "/Apollo/dbc.php";
include_once($path);
$rs_results = mysql_query("SELECT * FROM off WHERE IsItAuthorised='0' and isitsick='0' ORDER BY DayOff");
?>
<html>
<head>
<title>Administration Main Page</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
<?php
if (isset($_POST['submit'])) {
//Assign each array to a variable
$id = $_POST['id'];
$approve = $_POST['approve'];
$deny = $_POST['deny'];
$limit = count($rs_results);
$values = array(); // initialize an empty array to hold the values
for($k=0;$k<$limit;$k++){
$msg[] = "$limit New KPI's Added";
$query = "UPDATE off SET Authorised = '$approve[$k]', Deny = '$deny[$k]' WHERE OffID = '$id[$k]'";
}
$Event = "INSERT INTO events (UserName, Event ) VALUES ('$_SESSION[user_name]', 'Entered New KPI' )";
echo $query;
if (!mysql_query($query,$link)){
die('Error: ' . mysql_error());
} else {
mysql_query($Event);
echo "<div class=\"msg\">" . $msg[0] . "</div>";
}
}
?>
</head>
<body>
<table width="100%" border="0" cellspacing="0" cellpadding="0">
<tr>
<td width="14%" valign="top"><?php
?>
</td>
<td width="74%" valign="top" style="padding: 10px;">
<p><?php
if(!empty($msg)) {
echo $msg[0];
}
?></p>
<p>
<?php
$cond = '';
$sql = "select * from off ";
$rs_total = mysql_query($sql) or die(mysql_error());
$total = mysql_num_rows($rs_total);
?>
<p>
<form name "searchform" action="/Apollo/Admin/HolidayRequests.php" method="post">
<table width="100%" border="0" align="center" cellpadding="2" cellspacing="0">
<tr class="mytables">
<td width="4%"><font color="white"><strong>ID</font></strong></td>
<td width="4%"> <font color="white"><strong>Staff Member</font></strong></td>
<td width="10%"><font color="white"><strong>Day Off</font></strong></div></td>
<td width="10%"><font color="white"><strong>Is It Authorized</font></strong></div></td>
<td width="15%"> </td>
</tr>
<tr>
<td> </td>
<td width="10%"> </td>
<td width="17%"><div align="center"></div></td>
<td> </td>
</tr>
<?php while ($rrows = mysql_fetch_array($rs_results)) {?>
<tr>
<td><input name="id[]" id="id[]" size="4" value="<?php echo $rrows['OffID'];?>" /></td>
<td><?php echo $rrows['StaffMember']; ?></td>
<td><?php echo date('d/m/Y', strtotime($rrows['DayOff']));?></div></td>
<td> <span id="approve<?php echo $rrows['id']; ?>">
<?php if(!$rrows['IsItAuthorised']) { echo "Pending"; } else {echo "Authorized"; }?>
</span> </td>
<td>
<input type="checkbox" name="approve[]" id="approve[]" value="1"> Approve
<input type="checkbox" name="deny[]" id="deny[]" value="1"> Deny
</td>
</tr>
<?php } ?>
</table>
<input name="submit" type="submit" id="submit" value="Submit">
</form>
</p>
<?php
?>
<p> </p>
<p> </p>
<p> </p>
<p> </p></td>
<td width="12%"> </td>
</tr>
</table>
</body>
</html>
isn't it because your $id etc isn't passes an array:
$id = $_POST['id'];
$approve = $_POST['approve'];
$deny = $_POST['deny'];
You're using $_POST['id'] but nowhere in your <form/> do I see any <input name="id[]"/> which could provide the data
G'Day
I have a php page that I want to edit an entry but for the life of me I can not figure out why it is coming up with this erro.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '= po_postcode = '4060', email ='-', phone = '732997688', fax = '' WHERE id='1'' at line 1
HELP I am desperate and going insane. (Similar Code works on another page but not this one)....
Can someone PLEASE HELP.
{
<?php
/*
EDIT.PHP
Allows user to edit specific entry in database
*/
// creates the edit record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>Edit Record</title>
</head>
<body>
<table width="347" border="0" align="center">
<tr valign="baseline">
<td align="right" nowrap="nowrap"><p align="center"><img src="hartwell_banner.JPG" width="624" height="134" /></p>
</tr>
</table>
<table align="center">
<tr valign="baseline">
<td width="290" align="right" nowrap="nowrap"><div align="left"><h2 align="left"><p align="left">Enter a New Contact</p></h2></div></td>
<td width="290" align="center" nowrap="nowrap"><div align="left"><h2 align="center"><p align="center">Return to Index</p>
</h2>
</div></td>
</tr>
</table>
<form action="" method="post">
<input type="hidden" name="id" value="<?php echo $id; ?>"/>
<table align="center">
<tr valign="baseline">
<td width="98" align="right" nowrap="nowrap"><div align="left">ID:</div></td>
<td width="329"><input type="text" name="id" value="<?php echo $id; ?>" size="40" readonly = "readonly" /> * </td>
</tr>
<tr valign="baseline">
<td width="98" align="right" nowrap="nowrap"><div align="left">Name:</div></td>
<td width="329"><input type="text" name="name" value="<?php echo $name; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Street </div></td>
<td><input type="text" name="po_street" value="<?php echo $po_street; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Suburb</div></td>
<td><Input type ="text" name="po_suburb" value="<?php echo $po_suburb; ?> " size="30" maxlength="50" >*</td>
<tr valign="baseline">
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">State</div></td>
<td><Input type ="text" name="po_state" value="<?php echo $po_state; ?>" size="5" maxlength="3" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Postal Postcode</div></td>
<td><Input type ="text" name="po_postcode" value="<?php echo $po_postcode; ?>" size="5" maxlength="4"/> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Email:</div></td>
<td><input type="text" name="email" value="<?php echo $email; ?>" size="40" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Phone:</div></td>
<td><input name="phone" type="text" value="<?php echo $phone; ?>" size="12" maxlength="10" /> * </td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"><div align="left">Fax:</div></td>
<td><input name="fax" type="text" value="<?php echo $fax; ?>" size="12" maxlength="10" /></td>
</tr>
<tr valign="baseline">
<td nowrap="nowrap" align="right"> </td>
<td> <input type="submit" name="submit" value="Submit"> * Denotes Required Field<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?> </td>
</tr>
<tr valign="baseline">
<td colspan="2" align="right" nowrap="nowrap"><div align="center"><img src="hartwell_costs.JPG" alt="" width="340" height="147" /></div></td>
</tr>
</table>
</form>
</body>
</html>
<?php
}
// check if the form has been submitted. If it has, process the form and save it to the database
if (isset($_POST['submit']))
{
// confirm that the 'id' value is a valid integer before getting the form data
if (isset($_POST['id']))
{
// get form data, making sure it is valid
$id = mysql_real_escape_string(htmlspecialchars($_POST['id']));
$name = mysql_real_escape_string(htmlspecialchars($_POST['name']));
$po_street = mysql_real_escape_string(htmlspecialchars($_POST['po_street']));
$po_suburb = mysql_real_escape_string(htmlspecialchars($_POST['po_suburb']));
$po_state = mysql_real_escape_string(htmlspecialchars($_POST['po_state']));
$po_postcode = mysql_real_escape_string(htmlspecialchars($_POST['po_postcode']));
$email = mysql_real_escape_string(htmlspecialchars($_POST['email']));
$phone = mysql_real_escape_string(htmlspecialchars($_POST['phone']));
// check that firstname/lastname fields are both filled in
if ($id == '' || $name == '' || $po_street == '' || $po_suburb == ''|| $po_state == '' || $po_postcode == ''|| $email == '' || $phone == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';
//error, display form
renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax, $error);
}
else
{
// save the data to the database
mysql_select_db($database_hartwell, $hartwell);
mysql_query("UPDATE contact SET id= '$id', name='$name', po_street ='$po_street', po_suburb = '$po_suburb', po_state = '$po_state', = po_postcode = '$po_postcode', email ='$email', phone = '$phone', fax = '$fax' WHERE id='$id'")
or die(mysql_error());
// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
{
//if the 'id' isn't valid, display an error
echo 'ID Not Valid!';
}
}
else
// if the form hasn't been submitted, get the data from the db and display the form
{
// get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
{
// query db
$id = $_GET['id'];
mysql_select_db($database_hartwell, $hartwell);
$result = mysql_query("SELECT * FROM contact WHERE id=$id")
or die(mysql_error());
$row = mysql_fetch_array($result);
// check that the 'id' matches up with a row in the databse
if($row)
{
// get data from db
$id = $row['id'];
$name = $row['name'];
$po_street = $row['po_street'];
$po_suburb = $row['po_suburb'];
$po_state = $row['po_state'];
$po_postcode = $row['po_postcode'];
$email = $row['email'];
$phone = $row['phone'];
$fax = $row['fax'];
// show form
renderForm($id, $name, $po_street, $po_suburb, $po_state, $po_postcode, $email, $phone, $fax,'');
}
else
// if no match, display result
{
echo "No results!";
}
}
else
// if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
{
echo 'No ID Value!';
}
}
?>
The error is right there in your query, just like the error message says:
, = po_postcode = '$po_postcode',
^
|
+ this doesn't belong here
remove the equal sign here:
'$po_state', = po_postcode
mysql_query("UPDATE contact SET id= '$id', name='$name', po_street ='$po_street', po_suburb = '$po_suburb', po_state = '$po_state', po_postcode = '$po_postcode', email ='$email', phone = '$phone', fax = '$fax' WHERE id='$id'")
So the problem is here = po_postcode = '$po_postcode',