Jump to content

[SOLVED] Form to Update Database


savagenoob

Recommended Posts

OK, I am a noob so go easy. The page displays as I want it to, it displays that the client was updated and redirects back to clientshow.php, but the database is not updated. Anyone?

 

Only Apache error that shows is:

[sat Dec 20 10:47:22 2008] [error] [client 127.0.0.1] PHP Notice:  Undefined variable: PHP_SELF in C:\....edit.php on line 82, referer: http://localhost/PHP-Login/clientshow.php

 

But it still displays table data in the fields so I think it still is POST'ing.

 

<? 
mysql_connect("localhost","root","xxxxxxxx"); 

//select which database you want to edit
mysql_select_db("xxxxxx"); 

     if(isset($_POST['submit']))

  {



      // Set global variables to easier names

     // and prevent sql injection and apostrophe to break the db.

      $PolicyNumber = mysql_escape_string($_POST['PolicyNumber']);

      $First_Name = mysql_escape_string($_POST['First_Name']);

      $Last_Name = mysql_escape_string($_POST['Last_Name']);







         $result = mysql_query("UPDATE clients SET PolicyNumber='$PolicyNumber', First_Name='$First_Name', Last_Name='$Last_Name' WHERE ID='$ID'");



          echo "<b>Thank you! Client updated Successfully!<br>You'll be redirected to Client Page after (4) Seconds";

          echo "<meta http-equiv=Refresh content=4;url=clientshow.php>";

}

elseif(isset($_GET['ID']))

{



        $result = mysql_query("SELECT * FROM clients WHERE ID='$_GET[iD]' ");

        while($myrow = mysql_fetch_assoc($result))

             {

                $PolicyNumber = $myrow["PolicyNumber"];

                $First_Name = $myrow["First_Name"];

                $Last_Name= $myrow["Last_Name"];

?>

<br>

<h3>::Edit Client</h3>



<form method="post" action="<?php echo $PHP_SELF ?>">

<input type="hidden" name="ID" value="<? echo $myrow['ID']?>">



Policy Number: <input name="PolicyNumber" size="40" maxlength="255" value="<? echo $PolicyNumber; ?>"/>

<br>

First Name: <input name="First_Name"  size="40" maxlength="255" value="<? echo $First_Name; ?>" />

<br>

Last Name: <input name="Last_Name" size="40" maxlength="255" value="<? echo $Last_Name; ?>" />

<br>

<input type="submit" name="submit" value="Update Client">

</form>

<?

              }//end of while loop



  }//end else

?>

Link to comment
https://forums.phpfreaks.com/topic/137839-solved-form-to-update-database/
Share on other sites

<?php 
mysql_connect("localhost","root","xxxxxxxx"); 
//select which database you want to edit
mysql_select_db("xxxxxx"); 

     # USER SUBMITTED THE FORM, UPDATING DATA
     if(isset($_POST['submit'])) {
      // Set global variables to easier names
     // and prevent sql injection and apostrophe to break the db.
      $PolicyNumber = mysql_escape_string($_POST['PolicyNumber']);
      $First_Name = mysql_escape_string($_POST['First_Name']);
      $Last_Name = mysql_escape_string($_POST['Last_Name']);
      $ID = $_POST['ID']; # <-- YOU NEED TO ASSIGN $ID TO THE POSTED VALUE, OR REPLACE $ID IN YOUR UPDATE TO REFLECT $_POST['ID']

      $result = mysql_query("UPDATE clients SET PolicyNumber='$PolicyNumber', First_Name='$First_Name', Last_Name='$Last_Name' WHERE ID='$ID'");

          echo "<b>Thank you! Client updated Successfully!<br>You'll be redirected to Client Page after (4) Seconds";
          echo "<meta http-equiv=Refresh content=4;url=clientshow.php>";
}
# USER IS NOT UPDATING FORM, JUST SHOW DETAILS
elseif(isset($_GET['ID'])) {
        #CHECK THE ID, IF YOUR ID'S CONTAIN LETTERS THEN JUST USE mysql_escape_string
        if(!is_numeric($_GET['ID'])) {
           # USER DID NOT SUBMIT A CLEAN ID
        }
        $result = mysql_query("SELECT * FROM clients WHERE ID='$_GET[iD]' ");
        while($myrow = mysql_fetch_assoc($result))
             {
                $PolicyNumber = $myrow["PolicyNumber"];
                $First_Name = $myrow["First_Name"];
                $Last_Name= $myrow["Last_Name"];
?>
<br>
<h3>::Edit Client</h3>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="hidden" name="ID" value="<?php echo $myrow['ID']?>">
Policy Number: <input name="PolicyNumber" size="40" maxlength="255" value="<?php echo $PolicyNumber; ?>"/>
<br>
First Name: <input name="First_Name"  size="40" maxlength="255" value="<?php echo $First_Name; ?>" />
<br>
Last Name: <input name="Last_Name" size="40" maxlength="255" value="<?php echo $Last_Name; ?>" />
<br>
<input type="submit" name="submit" value="Update Client">
</form>
<?php
              }//end of while loop
  }//end else
?>

 

Ok, I put in several comments in there explaining stuff, look for the comments that begin with an #

 

It looks like you forgot to assign $ID. $ID = $_POST['ID'] Should take care of that.

 

Also take a look at the elseif, you need to make sure the $_GET['ID'] is a # or valid, or else I could do yourpage.php?id=DROP TABLE clients

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.