Only update FORM if field is EMPTY

[tomm098]

Hey All. I have a FORM that updates records in my database. It has three fields. User, Scene and Time. I want it so users can only edit scenes that are empty. So that when someone enters a Scene, that entry is then locked out. And only the user who added it can update it.

 

So basically. The Scene is initially empty. Then someone adds a Scene, there User is attached to the entry. Then Only that user can edit the scene again.

 

Heres the 3 rows:

 

<p>
<input name="Time" type="text" id="Time" value="<?php echo $row_MusicBody['Time']; ?>" />
</p>
<p>
<textarea name="Scene" id="Scene" cols="23" rows="3"><?php echo $row_MusicBody['Scene Description']; ?></textarea>
<p>
<input name="User" type="hidden" id="User" value="<?php echo $_SESSION['MM_Username']; ?>" readonly="readonly" />
</p>

[MadTechie]

What part are you stuck on ?

also can you post the code you currently have for updating the database, HTML is pretty but not a great help (unless your in the HTML/CSS section)

[PFMaBiSmAd]

Your form processing code is the part that is responsible for inserting or updating information in your database. It must validate and enforce any conditions that you specify, such as only allowing empty scenes to be updated by any user and to enforce the requirement that only the user that put the contents in a scene can update it.

 

The code for your form must also enforce the requirements that you have stated by only allowing a specific matching user to select records where he was the one that first put the contents in the scene column and allowing all users to select records that are still have empty scene columns.

 

So, what is your code that displays the available records and allows record to be picked and/or allows a completely new record to be inserted (assuming you are permitting the later)? That would be the place to start defining and designing code. You would then only output the form if a record was picked where the logic permitted the current user to either put a value into an empty scene or he is the user that first put the scene in that record.

[tomm098]

Hey, sorry about that. This is the code that updates the form. There are 7 fields there but you can ignore the other 4 of them.

 

$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
  $editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}

if ((isset($_POST["MM_update"])) && ($_POST["MM_update"] == "form5")) {
  $updateSQL = sprintf("UPDATE Music SET Title=%s, Artist=%s, Movie=%s, `Time`=%s, `Scene Description`=%s, `User`=%s WHERE ID=%s",
                       GetSQLValueString($_POST['Title'], "text"),
                       GetSQLValueString($_POST['Artist2'], "text"),
                       GetSQLValueString($_POST['Movie'], "text"),
                       GetSQLValueString($_POST['Time'], "text"),
                       GetSQLValueString($_POST['Scene'], "text"),
                       GetSQLValueString($_POST['User'], "text"),
                       GetSQLValueString($_POST['ID'], "int"));

  mysql_select_db($database_test, $test);
  $Result1 = mysql_query($updateSQL, $test) or die(mysql_error());
}

 

[MadTechie]

If you just want to stop updates from other members then you could move the user field from the update to the where

Also

ID=%s

should be

ID=%d

 

ie change

$updateSQL = sprintf("UPDATE Music SET Title=%s, Artist=%s, Movie=%s, `Time`=%s, `Scene Description`=%s, `User`=%s WHERE ID=%s",

to

$updateSQL = sprintf("UPDATE Music SET Title=%s, Artist=%s, Movie=%s, `Time`=%s, `Scene Description`=%s WHERE `User`=%s AND ID=%d",

 

However.. I it looks like $_POST['User'] is pulled from a posted session "$_SESSION['MM_Username']", if that's the case you should use the session instead of posting it

so

 GetSQLValueString($_POST['User'], "text"),

 GetSQLValueString($_SESSION['MM_Username'], "text"),

and remove

<input name="User" type="hidden" id="User" value="<?php echo $_SESSION['MM_Username']; ?>" readonly="readonly" />