Leaderboard

the reason the date isn't being used in the first type='date' field is because that's already a php string. don't use <?= ?> tags around the variable, just use the $newdate variable - <input type='date' name='date' value='$newdate' > next, nested forms are invalid. the date search form needs to be closed with a </form> tag, before you start the next form. several of the form fields have the same name, so, only the value from the last one will be used. the post method form processing code should be on the same page as the form. this will simplify all the code and allow you to repopulate the field values if there is a user/validation error in the form processing code. all those lines of code copying one variable to another is a waste of your time typing. just use the original variables. why on earth are you using the PDO database extension to get the existing data to be edited, then using the mysqli database extension in the post method form processing code? just use the much simpler PDO extension everywhere. also, use a prepared query for the UPDATE query and the UPDATE query needs a WHERE clause so that you are updating the correct row. lastly, if there can be more than one row per date, you need to loop to fetch and produce the edit form(s) with either one total form or one form per row and you would need to use an id (autoincrement primary index) to determine which row to update.

I should also mention that you'll want to exercise caution when using anything provided by the user in the name of the file (e.g. doctor's name). That information could be used for filesystem attacks. https://www.php.net/manual/en/security.filesystem.php

It's been a while since I've dealt with file uploads. However, you should be able to use whatever file name you want in the second argument for move_uploaded_file(). For example, $pro is currently set to use the original file name provided by the user. Instead, you could move that definition before the call to move_uploaded_file(). Then set $pro to the doctor's name and the insert ID from the query. More information about getting the insert ID can be found here: https://www.php.net/manual/en/mysqli.insert-id.php In case you're not aware, move_uploaded_file() will overwrite files that already exist in the destination folders. More information about the function can be found here: https://www.php.net/manual/en/function.move-uploaded-file.php To potentially avoid this issue, you can use the following: https://www.php.net/manual/en/function.file-exists.php Also, if you haven't already, you'll want to look into prepared queries. That way you don't need to worry about your query above breaking when someone with a last name like O'Brien completes the form. Prepared queries will also protect your database from SQL Injection attacks. More information can be found here: https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php

Try using uniqid() in your path name. Mine looks like this - $path = $folder . uniqid().$image ;