Jump to content

[SOLVED] help in updating a record in db

ROCKINDANO

By ROCKINDANO
in PHP Coding Help

Recommended Posts

ROCKINDANO Member

ROCKINDANO

Posted
Posted

hello, i am working on a project where i have a page that list all records in a db and in this page i have a delete link to delete the record(s) and a edit to edit a record.

 

Now the problem i am having is editing. when i click on the edit link it takes me to the edit page with all the record's info. when i make the change and click submit the record doesn't get update. nothing happens whats so ever. can someone help me with this?

 

Many many many thanks in advance.

 

below is the code for my pages.

 

lists all records: 

     <?php
	if(!isset($_SESSION["user_id"]) || !isset($_SESSION["ip_addr"]))
		 die("Invalid operation!!!<br />Please login first<br /><a href=\"login.php\">Login</a>");

			$user_id=$_SESSION["user_id"];
		$ip_addr=$_SESSION["ip_addr"];
		if($ip_addr != $_SERVER["REMOTE_ADDR"])
			 die("invalid operation!!!<br /> please login first");

			if(!($db = @ mysql_connect('localhost', 'username', 'password')))
			{
				echo 'Error: Could not connect to our database sorry for any inconvience.<br /> Please try at a later time.';
				exit;
			}
			//select which database you want to edit
			mysql_select_db("job_site"); 

			$job_id = $_GET["job_id"];

			if(!isset($job_id))
			{
				print "<p>Go back to <a href=\"hrupdatefull.php\">Update form</a><br /><a href=\"logout.php\">Log out!</a></p>";

				$query = "SELECT * FROM fulltime ORDER BY job_id DESC";
				$result = mysql_query($query);

				print "<table width=\"100%\" border=\"0\" cellspacing=\"0\" cellpadding=\"0\">";
  					print "<tr align=\"left\" style=\"background:url(images/eprtabbg.png) repeat-x #000000; color:#FFFFFF\">";
                	print "<td width=\"48%\">Title & Department</td>";
                print "<td width=\"13%\">Pay</td>";
    	            print "<td width=\"15%\">Job#</td>";
				print "<td width=\"13%\">Closing Date</td>";
        	        print "<td width=\"22%\" align=\"center\"> Delete</td>";
  					print "</tr>";
					print "<tr>";
  					print "<td width=\"50%\" colspan=\"5\">";
    					print "<table width=\"100%\" border=\"1\" cellspacing=\"0\" cellpadding=\"2\">";
						//goes through all records in database and retrieves the need ones.
				while($r=mysql_fetch_array($result))
				{	
				  //the format is $variable = $r["nameofmysqlcolumn"];
				  //modify these to match your mysql table columns
					$job_id=$r["job_id"];
					$department=$r["department"];

					//displays all info only first three
					print "<tr><td width=\"42%\" style=\"font-weight:bold; padding-left: 5px\">".$department."</td>";
					print "<td width=\"11%\">".$pay=$r["pay"]."</td>";
					print "<td width=\"12%\">".$jobnum=$r["jobnum"]."</td>";
					print "<td width=\"11%\">".$closedate=$r["dataclose"]."</td>";
					print "<td width=\"10%\" align=\"center\"><a href='fulltimelistings.php?job_id=$job_id'>Delete</a></td></tr>";
					print "<td><a href='editjobs.php?job_id=$job_id'>Edit</a></td>";
				}//end while loop
					print "</table>";
					print "</td>";
   						print "</tr>";
					print "</table>";
		  }//end if
			else{
				print "</table>";
				$job_id = $_GET['job_id'];

				$query="delete FROM fulltime WHERE fulltime.job_id = $job_id";
				$result = mysql_query($query);

				print "That job posting has been deleted.";
				print "<ul>";
				print "<li><a href=\"../partime.php\">View a updated Part-Time Job Postings</a></li>";
				print "<li><a href=\"hrupdatefull.php\">Add another position</a></li>";
				print "</ul>";

			}//end else  statment
?>

 

this page displays the selected job to be edited: 

    <?php
$job_id = $_GET["job_id"];

//	$department = mysql_real_escape_string($_GET["department"]);
//	$pay = mysql_real_escape_string($_GET["pay"]);
//	$jobnum = mysql_real_escape_string($_GET["jobnum"]);
//	$dateclose = mysql_real_escape_string($_GET["dateclose"]);
//	$summary = mysql_real_escape_string($_GET["summary"]);
//	$description = mysql_real_escape_string($_GET["description"]);
//	$conditions = mysql_real_escape_string($_GET["conditions"]);
//	$ex = mysql_real_escape_string($_GET["ex"]);
//	$ed = mysql_real_escape_string($_GET["ed"]);

	$query = "SELECT * FROM fulltime WHERE job_id ='$job_id'";
	$result = mysql_query($query);

		while($r=mysql_fetch_array($result))
		{	
		  //the format is $variable = $r["nameofmysqlcolumn"];
		  //modify these to match your mysql table columns
			$department=$r["department"];
			$pay=$r["pay"];
			$jobnum=$r["jobnum"];
			$closedate=$r["dataclose"];
			$summary=$r["summary"];
			$description=$r["description"];
			$conditions=$r["conditions"];
			$ex=$r["ex"];
			$ed=$r["ed"];
		}//end while loop
?>
    <form method="post" action="editupdate.php">
    <table width="80%" border="0" cellspacing="5" cellpadding="0">
  <tr><td colspan="2">Title & Department:<br /> <input name="department" type="text" value="<?php print "".$department."";?>"  size="50" maxlength="100" /></td></tr>
  <tr><td>Pay Rate:<br /> <input name="pay" type="text" value="<?php print "".$pay. "";?>" size="10" maxlength="15"  /></td></tr>
  <tr><td colspan="2">Job #:<br /> <input name="jobnum" type="text" value="<?php print"".$jobnum."";?>" size="10" maxlength="10" /></td></tr>
  <tr><td colspan="2">Closing Date:<br /> <input name="dateclose" type="text" value="<?php print "".$closedate."";?>" size="15" maxlength="15" /></td></tr>
  <tr><td colspan="2">Job Summary:</td></tr>
  <tr><td colspan="2"><textarea name="summary" cols="100" rows="10"><?php print "".$summary."";?></textarea></td></tr>
  <tr><td colspan="2">Equipment and Materials: </td></tr>
  <tr><td colspan="2"><textarea name="description" cols="100" rows="10"><?php print "".$description."";?></textarea></td></tr>
  <tr><td colspan="2">Conditions:</td></tr>
  <tr><td colspan="2"><textarea name="conditions" cols="100" rows="10"><?php print "".$conditions."";?></textarea></td></tr>
  <tr><td colspan="2">Example of work:</td></tr>
  <tr><td colspan="2"><textarea name="ex" cols="100" rows="10"><?php print "".$ex."";?></textarea></td></tr>
  <tr><td colspan="2">Education:</td></tr>
  <tr><td colspan="2"><textarea name="ed" cols="100" rows="10"><?php print "".$ed."";?></textarea></td></tr>
  <tr><td><input name="submit" type="submit" value="submit" /><?php //print "<a href='editupdate.php?job_id=$job_id'>update</a>"; ?></td></tr>
</table>
</form>

 

this page is where i do the actual updating the record onto the db: 

			<?php
	if(!($db = @ mysql_connect('localhost', 'user', 'password')))
	{
		print "Error: Could not connect to our database sorry for any inconvience.<br /> Please try at a later time.";
	}						
		 //select which database you want to edit
		mysql_select_db("job_site"); 
		$job_id=$_GET["job_id"];

		$department = mysql_real_escape_string($_POST["department"]);
		$pay = mysql_real_escape_string($_POST["pay"]);
		$jobnum = mysql_real_escape_string($_POST["jobnum"]);
		$dateclose = mysql_real_escape_string($_POST["dateclose"]);
		$job_id = mysql_real_escape_string($_POST["job_id"]);
		$summary = mysql_real_escape_string($_POST["summary"]);
		$description = mysql_real_escape_string($_POST["description"]);
		$conditions = mysql_real_escape_string($_POST["conditions"]);
		$ex = mysql_real_escape_string($_POST["ex"]);
		$ed = mysql_real_escape_string($_POST["ed"]);

		$query= "UPDATE fulltime SET department = '{$department}',  pay = '$pay', jobnum = '{$jobnum}', dataclose = '$dateclose', job_id = '$job_id', summary = '$summary', description = '$description', conditions = '$conditions', ex = '$ex', ed = '$ed' WHERE job_id = '$job_id'";
		$result = mysql_query($query)or die(mysql_error());

		print "department here: " .$department. "<br />";
		print "" .$job_id. "<br /><a href=\"fulltimelistings.php\">go to list</a>";			
	?>

 

can someone help me with this. i can't seem to find whats wrong.

Link to comment
https://forums.phpfreaks.com/topic/178507-solved-help-in-updating-a-record-in-db/
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

Your 2nd piece of code is not putting ?job_id=$job_id on the end of the URL so that information is not available in the 3rd piece of code as $_GET["job_id"]

 

You should validate ALL external data to insure it contains what you expect. For example, if your 3rd piece of code had tested what was in $_GET["job_id"] and found that it did not contain a positive number greater-than zero, you could have output a user error message stating that the job_id was not supplied.

 

You also need to test $_SESSION["user_id"]/$_SESSION["ip_addr"] in all three pieces of code. You do test it in the 1st piece of code. That would only stop someone from accessing the edit links. You need to test it in the 2nd piece of code because anyone can make up a link to the 2nd page and enter it in their browser. You also need to test it in the 3rd piece of code because anyone can submit form data by either making their own form or using a script that submits data directly to your form processing page.

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.