Johnnyboy123 Posted April 23, 2011 Share Posted April 23, 2011 So I have a page that displays a table from my database and now I have to create a link that edits the information and saves it back to the database from a page. I have 2 pages: student_man.php which displays the table info and provides the edit link, and then editstudent.php which displays the form etc where you edit the info and submit it. I think my first page is fine, or rather doesn't display any errors. I'm struggling with my second page however, receiving errors and my data that is already in the fields aren't displaying rather the fields are just empty. First time I attempt this just want to know if I am on the right path and what I might doing wrong. Here is my code First page:<?php <html> <head> <head> <title>Courses</title> <style type="text/css"> #apDiv2 { position:absolute; left:0px; top:0px; width:1024px; height:180px; z-index:2; } </style> </head> <body bgcolor="white"> <?php ?> <div id="apDiv1"> <div id="apDiv2"><img src="Images/Banner.gif" width="1024" height="180" /></div> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <br> <center><p><a href="student_reg.php"> Register a student</a> -- <a href="course_man.php"> Manage courses </a> -- <a href="student_man.php"> Manage student </a> --<a href="list.php"> view registrations </a> </p></center> </div> <br> <br> <p><a href="selectdelstudent.php"> Delete </a> <a href="student_reg.php"> Add </a> </p> <!-- Table for course --> <div id="apdiv3"> <table border=1px noshade="no"> <tr> <td><b> Course Name</b></td> <td><b> Surname</b></td> <td><b> Initials</b></td> <td><b> Full First Name</b></td> <td><b> Title</b></td> <td><b> Maiden or previous surname</b></td> <td><b> Date of birth</b></td> <td><b> Gender</b></td> <td><b> Language of correspondence</b></td> <td><b> Identity number</b></td> <td><b> Cell Phone Number</b></td> <td><b> Fax Code + Number</b></td> <td><b> E-mail Address</b></td> <td><b> Postal address of student</b></td> </tr> </table> </div> <!-- Start of php code for retrieving student information --> <?php include 'includes/config.php'; //connect to database $link=mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); //error check if (!$link) { die('could not connect: ' . mysql_error()); } $db_selected=mysql_select_db(DB_NAME, $link); // error check if (!$db_selected) { die('can\t use ' . DB_NAME . ': ' . mysql_error()); } //query database $query=mysql_query("SELECT * FROM student "); //fetch results and convert to table while ($rows = mysql_fetch_array($query)): echo "<a href=\"editstudent.php?id=" . $rows['sno'] ."\" > edit </a>"; $cname=$rows['cname']; $sname=$rows['sname']; $init=$rows['init']; $fname=$rows['fname']; $title=$rows['title']; $msname=$rows['msname']; $dob=$rows['dob']; $sex=$rows['sex']; $lang=$rows['lang']; $idno=$rows['idno']; $telh=$rows['telh']; $telw=$rows['telw']; $cell=$rows['cel']; $fax=$rows['fax']; $email=$rows['email']; $address=$rows['address']; echo " <table border=1px> <tr> <td>$cname</td> <td>$sname</td> <td>$init</td> <td>$fname</td> <td>$title</td> <td>$msname</td> <td>$dob</td> <td>$sex</td> <td>$idno</td> <td>$telh</td> <td>$telw</td> <td>$cell</td> <td>$fax</td> <td>$email</td> <td>$address</td> </tr> </table>" ; endwhile; ?> </body> </html> ?> Here is my second page where you edit the info: <?php <?php include 'includes/config.php'; //connect to database $link=mysql_connect(DB_HOST, DB_USER, DB_PASSWORD); //error check if (!$link) { die('could not connect: ' . mysql_error()); } $db_selected=mysql_select_db(DB_NAME, $link); // error check if (!$db_selected) { die('can\t use ' . DB_NAME . ': ' . mysql_error()); } // connected to database if (!isset($_POST['submit'])) { $q = "SELECT * FROM student WHERE ID = $_GET[sno]"; $result = mysql_query($q); $person = mysql_fetch_array($result); } ?> <h1> You are editing a student </h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p>Course name:</p> <INPUT TYPE = "text" name="input1"value="<?php echo $person['cname']; ?>" /> <br> <p>Surname:</p> <INPUT TYPE = "text" name="input2"value="<?php echo $person['sname']; ?>" /> <br> <p>Initials:</p> <INPUT TYPE = "text" name="input3"value="<?php echo $person['init']; ?>" /> <br> <p>Full First Name:</p> <INPUT TYPE = "text" name="input4"value="<?php echo $person['fname']; ?>" /> <br> <p>Title:</p> <INPUT TYPE = "text" name="input5"value="<?php echo $person['title']; ?>" /> <br> <p>Maiden or previous surname:</p> <INPUT TYPE = "text" name="input6"value="<?php echo $person['msname']; ?>" /> <br> <p>Date of Birth:</p> <INPUT TYPE = "text" name="input7"value="<?php echo $person['dob']; ?>" /> <br> <p>Gender:</p> <INPUT TYPE = "text" name="input8"value="<?php echo $person['sex']; ?>" /> <br> <p>Language for correspondence:</p> <INPUT TYPE = "text" name="input9"value="<?php echo $person['lang']; ?>" /> <br> <p>Identity Number:</p> <INPUT TYPE = "text" name="input10"value="<?php echo $person['id']; ?>" /> <br> <p>Home Telephone Code + Number:</p> <INPUT TYPE = "text" name="input11"value="<?php echo $person['telh']; ?>" /> <br> <p>Work Telephone Code + Number:</p> <INPUT TYPE = "text" name="input12"value="<?php echo $person['telw']; ?>" /> <br> <p>Cell Phone Number:</p> <INPUT TYPE = "text" name="input13"value="<?php echo $person['cel']; ?>" /> <br> <p>Fax Code + Number:</p> <INPUT TYPE = "text" name="input14"value="<?php echo $person['fax']; ?>" /> <br> <p>E-mail Address:</p> <INPUT TYPE = "text" name="input15"value="<?php echo $person['email']; ?>" /> <br> <p>Postal Address of student:</p> <INPUT TYPE = "text" name="input16"value="<?php echo $person['address']; ?>" /> <br> <INPUT TYPE = "Submit" name="submit" VALUE = "Submit"/> <input type="hidden" name="sno" value="<?php echo $_GET['sno']; ?>" /> </form> <?php if(isset($_POST['submit'])) { $u = "UPDATE student SET `cname` = '$_POST[input1]' `sname` = '$_POST[input2]' `init` = '$_POST[input3]' `fname` = '$_POST[input4]' `title` = '$_POST[input5]' `msname` = '$_POST[input6]' `dob` = '$_POST[input7]' `sex` = '$_POST[input8]' `lang` = '$_POST[input9]' `idno` ='$_POST[input10]' `telh` = '$_POST[input11]' `telw` = '$_POST[input12]' `cel` = '$_POST[input13]' `fax` = '$_POST[input14]' `email` = '$_POST[input15]' `address` = '$_POST[input16]' WHERE ID = $_POST(sno)"; mysql_query($u) or die(mysql_error()); echo "User has been modified!"; header("Location: index.php"); } ?> ?> On my second page I am receiving the following errors after typing random letters as info into the fields and submitting it: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '`sname` = 'sds' `init` = 'gfg' `fname` = 'rtr' `title` = '' `msname`' at line 3 Quote Link to comment Share on other sites More sharing options...
gevensen Posted April 23, 2011 Share Posted April 23, 2011 on myphpadmin try updating a file manually and copy the sql statement to see the mistake you made place them side by side in notepad and compare them its going to be in your sql query Quote Link to comment Share on other sites More sharing options...
spiderwell Posted April 23, 2011 Share Posted April 23, 2011 also looking at your code and error it might well be that you have characters in your form inputs that might be breaking the SQL statement, such as ' or ` etc. it is very bad practice to put form data directly into an sql statement, thats how sql injection is done. at very least put a mysql_real_escape_string() around every $_POST[] Quote Link to comment Share on other sites More sharing options...
Johnnyboy123 Posted April 23, 2011 Author Share Posted April 23, 2011 Hehe alright with give it a look and see what I can find. Yeah as for the sql injection I didn't think about that but thanks for pointing it out. For now I am just trying to get it working and then after that add the security that I am able to. Still very new to php Quote Link to comment Share on other sites More sharing options...
spiderwell Posted April 23, 2011 Share Posted April 23, 2011 dont sweat it, we all start somewhere. as stated echo out the statement to see what it actually is is also a great debugging help Quote Link to comment Share on other sites More sharing options...
Johnnyboy123 Posted April 24, 2011 Author Share Posted April 24, 2011 But apart from the errors and the lack of security would you say I am on the right path with this and I'm doing it right? Cause I kinda lost track of the code. I used an online tutorial and edited it up a bit. Quote Link to comment Share on other sites More sharing options...
spiderwell Posted April 24, 2011 Share Posted April 24, 2011 its all ok really, only thing i would change myself is name the form fields differently rather than just input7,input8 etc Quote Link to comment Share on other sites More sharing options...
herghost Posted April 24, 2011 Share Posted April 24, 2011 Try putting a , after each set statement, eg $u = "UPDATE student SET `cname` = '$_POST[input1]', `sname` = '$_POST[input2]', `init` = '$_POST[input3]', But not on the last one! Quote Link to comment Share on other sites More sharing options...
Johnnyboy123 Posted April 27, 2011 Author Share Posted April 27, 2011 Well I added a , after each set statement and saw that my input name was incorrect in my form fields, so also corrected that which solved all the undefined index errors. Still struggling though. When selecting to edit a user the fields are still empty whereas the previous values that we're entered should be displayed. And when submitting the newly entered info it doesn't update.. errors I'm getting when opening the edit php file is: Notice: Undefined index: sno in C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php on line 27 Warning: mysql_fetch_array() expects parameter 1 to be resource, boolean given in C:\Program Files\EasyPHP-5.3.3\www\Project\editstudent.php on line 29 and when i submit the newly entered info I get: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ' Notice: Undefined index: sno in C:\Program Files\EasyPHP-5.3.' at line 19 My code for editing the information (editstudent.php) is: <?php <?php if (!isset($_POST['submit'])) { $q = "SELECT * FROM student WHERE ID = $_GET[sno]"; $result = mysql_query($q); $person = mysql_fetch_array($result); } ?> <h1> You are editing a student </h1> <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post"> <p>Course name:</p> <INPUT TYPE = "text" name="cname"value="<?php echo $person['cname']; ?>" /> <br> <p>Surname:</p> <INPUT TYPE = "text" name="sname"value="<?php echo $person['sname']; ?>" /> <br> <p>Initials:</p> <INPUT TYPE = "text" name="init"value="<?php echo $person['init']; ?>" /> <br> <p>Full First Name:</p> <INPUT TYPE = "text" name="fname"value="<?php echo $person['fname']; ?>" /> <br> <p>Title:</p> <INPUT TYPE = "text" name="title"value="<?php echo $person['title']; ?>" /> <br> <p>Maiden or previous surname:</p> <INPUT TYPE = "text" name="msname"value="<?php echo $person['msname']; ?>" /> <br> <p>Date of Birth:</p> <INPUT TYPE = "text" name="dob"value="<?php echo $person['dob']; ?>" /> <br> <p>Gender:</p> <INPUT TYPE = "text" name="sex"value="<?php echo $person['sex']; ?>" /> <br> <p>Language for correspondence:</p> <INPUT TYPE = "text" name="lang"value="<?php echo $person['lang']; ?>" /> <br> <p>Identity Number:</p> <INPUT TYPE = "text" name="idno"value="<?php echo $person['id']; ?>" /> <br> <p>Home Telephone Code + Number:</p> <INPUT TYPE = "text" name="telh"value="<?php echo $person['telh']; ?>" /> <br> <p>Work Telephone Code + Number:</p> <INPUT TYPE = "text" name="telw"value="<?php echo $person['telw']; ?>" /> <br> <p>Cell Phone Number:</p> <INPUT TYPE = "text" name="cel"value="<?php echo $person['cel']; ?>" /> <br> <p>Fax Code + Number:</p> <INPUT TYPE = "text" name="fax"value="<?php echo $person['fax']; ?>" /> <br> <p>E-mail Address:</p> <INPUT TYPE = "text" name="email"value="<?php echo $person['email']; ?>" /> <br> <p>Postal Address of student:</p> <INPUT TYPE = "text" name="address"value="<?php echo $person['address']; ?>" /> <br> <input type="hidden" name="sno" value="<?php echo $_GET['sno']; ?>" /> <INPUT TYPE = "Submit" name="submit" VALUE = "Update"/> </form> <?php if(isset($_POST['submit'])) { $u = "UPDATE student SET `cname` = '$_POST[cname]', `sname` = '$_POST[sname]', `init` = '$_POST[init]', `fname` = '$_POST[fname]', `title` = '$_POST[title]', `msname` = '$_POST[msname]', `dob` = '$_POST[dob]', `sex` = '$_POST[sex]', `lang` = '$_POST[lang]', `idno` ='$_POST[idno]', `telh` = '$_POST[telh]', `telw` = '$_POST[telw]', `cel` = '$_POST[cel]', `fax` = '$_POST[fax]', `email` = '$_POST[email]', `address` = '$_POST[address]' WHERE ID = $_POST[sno]"; mysql_query($u) or die(mysql_error()); echo "User has been modified!"; header("Location: index.php"); } ?> ?> Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.