Jump to content

Recommended Posts

So I have a page that displays a table from my database and now I have to create a link that edits the information and saves it back to the database from a page. I have 2 pages: student_man.php which displays the table info and provides the edit link, and then editstudent.php which displays the form etc where you edit the info and submit it. I think my first page is fine, or rather doesn't display any errors. I'm struggling with my second page however, receiving errors and my data that is already in the fields aren't displaying rather the fields are just empty. First time I attempt this just want to know if I am on the right path and what I might doing wrong.

 

Here is my code

 

First page:<?php

<html>

<head>

<head>

<title>Courses</title>
<style type="text/css">


#apDiv2 {
position:absolute;
left:0px;
top:0px;
width:1024px;
height:180px;
z-index:2;
}


</style>
</head>

<body bgcolor="white">
<?php

?>
<div id="apDiv1">
<div id="apDiv2"><img src="Images/Banner.gif" 
width="1024" height="180" /></div>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<br>
<center><p><a href="student_reg.php"> Register a student</a> --  
<a href="course_man.php">  Manage courses </a> -- <a href="student_man.php">  
Manage student  </a> --<a href="list.php">   view registrations </a> </p></center>
</div>
<br>
<br>
<p><a href="selectdelstudent.php"> Delete </a> 
<a href="student_reg.php"> Add </a>  
</p>



<!-- Table for course -->
<div id="apdiv3">
<table border=1px noshade="no">
<tr>

<td><b> Course Name</b></td> 
<td><b> Surname</b></td> 
<td><b> Initials</b></td>
<td><b> Full First Name</b></td>
<td><b> Title</b></td>
<td><b> Maiden or previous surname</b></td>
<td><b> Date of birth</b></td>
<td><b> Gender</b></td>
<td><b> Language of correspondence</b></td>
<td><b> Identity number</b></td>
<td><b> Cell Phone Number</b></td>
<td><b> Fax Code + Number</b></td>
<td><b> E-mail Address</b></td>
<td><b> Postal address of student</b></td>

</tr> 
</table>
</div>

<!-- Start of php code for retrieving student information -->

<?php


include 'includes/config.php';



	//connect to database
$link=mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);



	//error check
if (!$link)
{
die('could not connect: ' . mysql_error());
}

$db_selected=mysql_select_db(DB_NAME, $link);



	// error check
if (!$db_selected)
{
die('can\t use ' . DB_NAME . ': ' . mysql_error());
}

//query database
$query=mysql_query("SELECT * FROM student ");


//fetch results and convert to table

while ($rows = mysql_fetch_array($query)):
echo "<a href=\"editstudent.php?id=" . $rows['sno'] ."\" > edit </a>";
$cname=$rows['cname'];
$sname=$rows['sname'];
$init=$rows['init'];
$fname=$rows['fname'];
$title=$rows['title'];
$msname=$rows['msname'];
$dob=$rows['dob'];
$sex=$rows['sex'];
$lang=$rows['lang'];
$idno=$rows['idno'];
$telh=$rows['telh'];
$telw=$rows['telw'];
$cell=$rows['cel'];
$fax=$rows['fax'];
$email=$rows['email'];
$address=$rows['address'];

echo 
" 
<table border=1px> 
<tr>
<td>$cname</td>
<td>$sname</td>
<td>$init</td>
<td>$fname</td>
<td>$title</td>
<td>$msname</td>
<td>$dob</td>
<td>$sex</td>
<td>$idno</td>
<td>$telh</td>
<td>$telw</td>
<td>$cell</td>
<td>$fax</td>
<td>$email</td>
<td>$address</td>
</tr>
</table>" ;

endwhile;
?>	


</body>
</html>

?>

 

Here is my second page where you edit the info:

<?php

<?php

include 'includes/config.php';

//connect to database
$link=mysql_connect(DB_HOST, DB_USER, DB_PASSWORD);

	//error check
if (!$link)
{
die('could not connect: ' . mysql_error());
}

$db_selected=mysql_select_db(DB_NAME, $link);



	// error check
if (!$db_selected)
{
die('can\t use ' . DB_NAME . ': ' . mysql_error());
}
	// connected to database

if (!isset($_POST['submit'])) 
{
$q = "SELECT * FROM student WHERE ID = $_GET[sno]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}

?>

<h1> You are editing a student </h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">




<p>Course name:</p>
<INPUT TYPE = "text"  name="input1"value="<?php echo $person['cname']; ?>" /> 
<br>

<p>Surname:</p>
<INPUT TYPE = "text"  name="input2"value="<?php echo $person['sname']; ?>" /> 
<br>
<p>Initials:</p>
<INPUT TYPE = "text"  name="input3"value="<?php echo $person['init']; ?>" /> 
<br>
<p>Full First Name:</p>
<INPUT TYPE = "text"  name="input4"value="<?php echo $person['fname']; ?>" /> 
<br>
<p>Title:</p>
<INPUT TYPE = "text"  name="input5"value="<?php echo $person['title']; ?>" /> 
<br>
<p>Maiden or previous surname:</p>
<INPUT TYPE = "text"  name="input6"value="<?php echo $person['msname']; ?>" /> 
<br>
<p>Date of Birth:</p>
<INPUT TYPE = "text"  name="input7"value="<?php echo $person['dob']; ?>" /> 
<br>
<p>Gender:</p>
<INPUT TYPE = "text"  name="input8"value="<?php echo $person['sex']; ?>" /> 
<br>
<p>Language for correspondence:</p>
<INPUT TYPE = "text"  name="input9"value="<?php echo $person['lang']; ?>" /> 
<br>
<p>Identity Number:</p>
<INPUT TYPE = "text"  name="input10"value="<?php echo $person['id']; ?>" /> 
<br>
<p>Home Telephone Code + Number:</p>
<INPUT TYPE = "text"  name="input11"value="<?php echo $person['telh']; ?>" /> 
<br>
<p>Work Telephone Code + Number:</p>
<INPUT TYPE = "text"  name="input12"value="<?php echo $person['telw']; ?>" /> 
<br>
<p>Cell Phone Number:</p>
<INPUT TYPE = "text"  name="input13"value="<?php echo $person['cel']; ?>" /> 
<br>
<p>Fax Code + Number:</p>
<INPUT TYPE = "text"  name="input14"value="<?php echo $person['fax']; ?>" /> 
<br>
<p>E-mail Address:</p>
<INPUT TYPE = "text"  name="input15"value="<?php echo $person['email']; ?>" /> 
<br>
<p>Postal Address of student:</p>
<INPUT TYPE = "text"  name="input16"value="<?php echo $person['address']; ?>" /> 
<br>
<INPUT TYPE = "Submit" name="submit" VALUE = "Submit"/>


<input type="hidden" name="sno" value="<?php echo $_GET['sno']; ?>" />
</form>

<?php

if(isset($_POST['submit']))

{

$u = "UPDATE student SET 
`cname` = '$_POST[input1]' 
`sname` = '$_POST[input2]' 
`init` = '$_POST[input3]' 
`fname` = '$_POST[input4]' 
`title` = '$_POST[input5]' 
`msname` = '$_POST[input6]' 
`dob` = '$_POST[input7]' 
`sex` = '$_POST[input8]' 
`lang` = '$_POST[input9]' 
`idno` ='$_POST[input10]' 
`telh` = '$_POST[input11]' 
`telw` = '$_POST[input12]' 
`cel` = '$_POST[input13]' 
`fax` = '$_POST[input14]' 
`email` = '$_POST[input15]' 
`address` = '$_POST[input16]' 

WHERE ID = $_POST(sno)";
mysql_query($u) or die(mysql_error());

echo "User has been modified!";
header("Location: index.php");

}
?>


?>

 

On my second page I am receiving the following errors after typing random letters as info into the fields and submitting it:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`sname` = 'sds' `init` = 'gfg' `fname` = 'rtr' `title` = '' `msname`' at line 3  :confused::shrug::confused:

Link to comment
https://forums.phpfreaks.com/topic/234529-editing-table-from-page-struggles/
Share on other sites

also looking at your code and error it might well be that you have characters in your form inputs that might be breaking the SQL statement, such as ' or ` etc.

 

it is very bad practice to put form data directly into an sql statement, thats how sql injection is done. at very least put a mysql_real_escape_string() around every $_POST[]

Hehe alright with give it a look and see what I can find. Yeah as for the sql injection I didn't think about that but thanks for pointing it out. For now I am just trying to get it working and then after that add the security that I am able to. Still very new to php :D

Well I added a , after each set statement and saw that my input name was incorrect in my form fields, so also corrected that which solved all the undefined index errors.

 

Still struggling though. When selecting to edit a user the fields are still empty whereas the previous values that we're entered should be displayed. And when submitting the newly entered info it doesn't update.. errors I'm getting when opening the edit php file is:

 

Notice: Undefined index: sno in C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php on line 27

 

Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php on line 29

 

and when i submit the newly entered info I get:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '

Notice: Undefined index: sno in C:\Program Files\EasyPHP-5.3.' at line 19

 

 

My code for editing the information (editstudent.php) is:

<?php

<?php
if (!isset($_POST['submit'])) 
{
$q = "SELECT * FROM student WHERE ID = $_GET[sno]";
$result = mysql_query($q);
$person = mysql_fetch_array($result);
}

?>

<h1> You are editing a student </h1>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">




<p>Course name:</p>
<INPUT TYPE = "text"  name="cname"value="<?php echo $person['cname']; ?>" /> 
<br>

<p>Surname:</p>
<INPUT TYPE = "text"  name="sname"value="<?php echo $person['sname']; ?>" /> 
<br>
<p>Initials:</p>
<INPUT TYPE = "text"  name="init"value="<?php echo $person['init']; ?>" /> 
<br>
<p>Full First Name:</p>
<INPUT TYPE = "text"  name="fname"value="<?php echo $person['fname']; ?>" /> 
<br>
<p>Title:</p>
<INPUT TYPE = "text"  name="title"value="<?php echo $person['title']; ?>" /> 
<br>
<p>Maiden or previous surname:</p>
<INPUT TYPE = "text"  name="msname"value="<?php echo $person['msname']; ?>" /> 
<br>
<p>Date of Birth:</p>
<INPUT TYPE = "text"  name="dob"value="<?php echo $person['dob']; ?>" /> 
<br>
<p>Gender:</p>
<INPUT TYPE = "text"  name="sex"value="<?php echo $person['sex']; ?>" /> 
<br>
<p>Language for correspondence:</p>
<INPUT TYPE = "text"  name="lang"value="<?php echo $person['lang']; ?>" /> 
<br>
<p>Identity Number:</p>
<INPUT TYPE = "text"  name="idno"value="<?php echo $person['id']; ?>" /> 
<br>
<p>Home Telephone Code + Number:</p>
<INPUT TYPE = "text"  name="telh"value="<?php echo $person['telh']; ?>" /> 
<br>
<p>Work Telephone Code + Number:</p>
<INPUT TYPE = "text"  name="telw"value="<?php echo $person['telw']; ?>" /> 
<br>
<p>Cell Phone Number:</p>
<INPUT TYPE = "text"  name="cel"value="<?php echo $person['cel']; ?>" /> 
<br>
<p>Fax Code + Number:</p>
<INPUT TYPE = "text"  name="fax"value="<?php echo $person['fax']; ?>" /> 
<br>
<p>E-mail Address:</p>
<INPUT TYPE = "text"  name="email"value="<?php echo $person['email']; ?>" /> 
<br>
<p>Postal Address of student:</p>
<INPUT TYPE = "text"  name="address"value="<?php echo $person['address']; ?>" /> 
<br>


<input type="hidden" name="sno" value="<?php echo $_GET['sno']; ?>" />
<INPUT TYPE = "Submit" name="submit" VALUE = "Update"/>
</form>

<?php

if(isset($_POST['submit']))
{





$u = "UPDATE student SET 
`cname` = '$_POST[cname]', 
`sname` = '$_POST[sname]', 
`init` = '$_POST[init]',
`fname` = '$_POST[fname]', 
`title` = '$_POST[title]',
`msname` = '$_POST[msname]', 
`dob` = '$_POST[dob]', 
`sex` = '$_POST[sex]',
`lang` = '$_POST[lang]', 
`idno` ='$_POST[idno]', 
`telh` = '$_POST[telh]', 
`telw` = '$_POST[telw]',
`cel` = '$_POST[cel]', 
`fax` = '$_POST[fax]',
`email` = '$_POST[email]',
`address` = '$_POST[address]' 

WHERE ID = $_POST[sno]";
mysql_query($u) or die(mysql_error());

echo "User has been modified!";
header("Location: index.php");

}
?>

?>

 

 

 

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.