Code posts correctly, but when updating it doesn't. Can someone help solve this?

[wolfcry]

As for sanitizing, yes, it appears correct to me.

 

 if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }

 

perform a var_dump to see if that query is actually populating the $id variable, if it is, perform another var_dump after submission to see if it's still populated by an integer. If either are empty (or NULL), then you need to debug and find out where it's not being populated. If you have an IDE with a debugger, it will make your life sooo much easier to do this.

 

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = '"$id"'";

 

Try removing the double quotes around $id and see if that helps if both var_dumps return the $id value.

[Matt Ridge]

As for sanitizing, yes, it appears correct to me.

 

 if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }

 

perform a var_dump to see if that query is actually populating the $id variable, if it is, perform another var_dump after submission to see if it's still populated by an integer. If either are empty (or NULL), then you need to debug and find out where it's not being populated. If you have an IDE with a debugger, it will make your life sooo much easier to do this.

 

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = '"$id"'";

 

Try removing the double quotes around $id and see if that helps if both var_dumps return the $id value.

 

I just tried entering the code:

 

 

// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
  
// and at least use a basic mechanism to trap possibles errors
       mysqli_query($dbc, $query)  or die('Query Error : ' . mysqli_error($dbc));

 

It pulls out no data.  Am I missing something?

 

[Matt Ridge]

Ok, I've re-written the code and I am now getting an error:

 

 

Query is : SELECT * FROM ncmr WHERE id = '1'

 

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, null given in /home/pawz/public_html/kaboomlabs.com/PDI/@dm!n/edit.php on line 105

 

http://www.kaboomlabs.com/testbed/edit.php?id=1

 

Here is the new code, not much different, but it's a start.

 

<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>PDI NCMR - Edit</title>
  <link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
   <div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>

<?php
  if (isset($_POST['submit'])) {
// Connect to the database
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

// Enter data into the database
$id = mysqli_real_escape_string($dbc, trim($_GET['id']));
$id = mysqli_real_escape_string($dbc, trim($_POST['id']));
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));

$query = "UPDATE ncmr SET '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = $id";

// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
  
// and at least use a basic mechanism to trap possibles errors
       mysqli_query($dbc, $query)  or die('Query Error : ' . mysqli_error($dbc));

// Clear the data to clear the form
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";			
// Confirm success with the user
	echo '<p>If you wish to edit more NCMRs, please <a href="list.php">go to the admin page!</a></p>';

		mysqli_close($dbc);
		}

  else {	

// Connect to the database
  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
  if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }
// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
  
// and at least use a basic mechanism to trap possibles errors
       mysqli_query($dbc, $query)  or die('Query Error : ' . mysqli_error($dbc));

  if (mysqli_num_rows($data) == 1) { 
// The user row was found so display the user data
    $row = mysqli_fetch_array($data);
    echo'<div id="title"><h3 id="NCMR2">Non-Conforming Materials Report (NCMR:  ' . $row['rma'] . ')</h3></div>';
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';

	echo '<div id="box1">';
		if (empty($row['ab'])) $row['ab'] = "Empty";
		if (empty($row['date'])) $row['date'] = "Empty";
		if (empty($row['part'])) $row['part'] = "Empty";
		if (empty($row['rev'])) $row['rev'] = "Empty";
		if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
		if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
		echo '<div id="ab"><span class="b">Added By:  </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
		echo '<div id="date"><span class="b">Date Filed:  </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
		echo '<div id="part"><span class="b">Part Number:  </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
		echo '<div id="rev"><span class="b">Part Revision:  </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
		echo '<div id="partdesc"><span class="b">Part Description:  </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
		echo '<div id="ncmrqty"><span class="b">NCMR Qty:  </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
	echo '</div>';

//Company, Customer NCMR, Internal RMA, and Job Number
	echo '<div id="box2">';
		if (empty($row['comp'])) $row['comp'] = "Empty";
		if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
		if (empty($row['rma'])) $row['rma'] = "Empty";
		if (empty($row['jno'])) $row['jno'] = "Empty";
			echo '<div id="comp"><span class="b">Company:  </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
				echo '<div id="ncmrid"><span class="b">Customer NCMR ID:  </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
				echo '<div id="rma"><span class="b">Internal RMA #:  </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
				echo '<div id="jno"><span class="b">Job #:  </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
	echo '</div>';

//Type of Failure and Class of Failure
	echo '<div id="box3">';
		echo '<h2>Failure</h2>';
			echo '<div id="cof"><span class="b">Class of Failure:  </span><input type="text" name="cof"  size="15" value="' . $row['cof'] . '" /></div>';
			echo '<div id="fdt"><span class="b">Failure Due To:  </span><input type="text" name="fdt"  size="15" value="' . $row['fdt'] . '" /></div>';
	echo '</div>';

//Fabricators
	echo '<div id="box4">';
		echo '<h2>Fabricators</h2>';
if ($row['fab1']="--None--")
{
    echo'<div id="fab1">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo'<div id="fab1">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}


if ($row['fab2']="--None--")
{
    echo'<div id="fab2">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab2'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1"  size="20" value="' . $row['fab1'] . '" /></div>';
    echo '</div>';
}
if ($row['fab3']="--None--")
{
    echo'<div id="fab3">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab3'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1"  size="20" value="' . $row['fab1'] . '" /></div>';
    echo '</div>';
}		echo '</div>';

//Nonconformity, Disposition, Comments and Comments & Additional Details
	echo '<div id="box5">';
		if (empty($row['non'])) $row['non'] = "Empty";
		if (empty($row['dis'])) $row['dis'] = "Empty";
		if (empty($row['comm'])) $row['comm'] = "Empty";
		if (empty($row['caad'])) $row['caad'] = "Empty";

		echo '<div id="non"><span class="b">Nonconformity:  </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
		echo '<div id="dis"><span class="b">Disposition:  </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
		echo '<div id="comm"><span class="b">Comments:  </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
		echo '<div id="caad"><span class="b">Comments and/or Additional Details:  </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';

			echo '<div id="podr">';
					if (empty($row['po'])) $row['po'] ="Empty";
					if (empty($row['pod'])) $row['pod'] ="Empty";
					if (empty($row['dir'])) $row['dri'] ="Empty";

				echo '<div id="po"><span class="b">PO:  </span><input type="text" name="po"  size="7" value="' . $row['po'] . '" /></div>';
				echo '<div id="pod"><span class="b">PO Date:  </span><input type="text" name="pod"  size="7" value="' . $row['pod'] . '" /></div>';
				echo '<div id="dri"><span class="b">Date Received:  </span><input type="text" name="dri"  size="7" value="' . $row['dri'] . '" /></div>';
			echo '</div>';
		echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
	echo '</div>';
echo '</fieldset>';
echo '</form>';
	}
}

echo '</div>';

?>
</body>
</html>

[litebearer]

in passing...

 

1. When you echo the query make sure it contains what you expect it to contain (you did NOT identify the field for '$ab')

2. You are setting $id twice. The second time overwrites the first - use one or the other

[Matt Ridge]

in passing...

 

1. When you echo the query make sure it contains what you expect it to contain (you did NOT identify the field for '$ab')

2. You are setting $id twice. The second time overwrites the first - use one or the other

 

Dang it! Ok, now I get an error at 104....

 

Query is : SELECT * FROM ncmr WHERE id = '1'

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, string given in /home/pawz/public_html/kaboomlabs.com/testbed/edit.php on line 104

 

  if (mysqli_num_rows($data) == 1) { 

  This is the line, the interesting thigh I noticed is that $data is never defined, so I changed it to $id, and the error still shows up.

 

So it looks like to me that for some reason it's not pulling the number at all. I have spent so much time staring at this code I don't know what to do any more.

 

 

[wolfcry]

Hey Matt,

 

You wouldn't mind PM'n me all of your code would you? As in your connection variables (just change the sensitive stuff like password and username), your DB schema and what not.

 

What I will do is create a dummy test DB on my server, duplicating your structure exactly, and see if I can track down your bug.

[mikosiko]

.... I have spent so much time staring at this code I don't know what to do any more.

 

don't just copy/paste without try to understand what you are doing... that will minimize your staring time .... look

this is a portion of the code that you have in your very first post:

// Grab the profile data from the database
  if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }
  $data = mysqli_query($dbc, $query);

 

and this is what you have now:

// Grab the profile data from the database
  if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }
// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
  
// and at least use a basic mechanism to trap possibles errors
       mysqli_query($dbc, $query)  or die('Query Error : ' . mysqli_error($dbc));

 

can you spot the difference?... $data is defined in your first one... the last one is not

 

[wolfcry]

You beat me to the punch Mikosiko lol.

 

You need to define $data and populate it with the mysqli_query then use that variable inside your mysqli_num_rows function.

[Matt Ridge]

.... I have spent so much time staring at this code I don't know what to do any more.

 

don't just copy/paste without try to understand what you are doing... that will minimize your staring time .... look

this is a portion of the code that you have in your very first post:

// Grab the profile data from the database
  if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }
  $data = mysqli_query($dbc, $query);

 

and this is what you have now:

// Grab the profile data from the database
  if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }
// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
  
// and at least use a basic mechanism to trap possibles errors
       mysqli_query($dbc, $query)  or die('Query Error : ' . mysqli_error($dbc));

 

can you spot the difference?... $data is defined in your first one... the last one is not

 

Actually yes it is, after the full script I posted.

 

// Connect to the database
  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
  if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }
  $data = mysqli_query($dbc, $query);

 

Lines 94 to 102.

[mikosiko]

 

Actually yes it is, after the full script I posted.

 

NO, it is not...

seems that you don't even know what are you posting....  your last post with your code was post #27, and later you posted that you were getting this error:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, string given in /home/pawz/public_html/kaboomlabs.com/testbed/edit.php on line 104

 

which is totally coincident with the missing "$data" , and my reply was related to that post.. so go back and read what you posted there and check for yourself. 

[KevinM1]

Not to mention that you're still blindly using $_GET['id'] in your queries, even after being told to validate and sanitize it.  You need to do something to it - is_numeric, ctype_digit, test it against a regular expression, pass it through a sanitize filter - to ensure that:

 

A. It's safe

B. It's the kind of data you expect

[Matt Ridge]

 

Actually yes it is, after the full script I posted.

 

NO, it is not...

seems that you don't even know what are you posting....  your last post with your code was post #27, and later you posted that you were getting this error:

Warning: mysqli_num_rows() expects parameter 1 to be mysqli_result, string given in /home/pawz/public_html/kaboomlabs.com/testbed/edit.php on line 104

 

which is totally coincident with the missing "$data" , and my reply was related to that post.. so go back and read what you posted there and check for yourself.

 

So then why is it pulling the data from the table without an issue?

[litebearer]

old man perspective...

 

It is easier to re-post ALL the code (sans password etc); than to debate "I did - You didn't"

[mikosiko]

It is easier to re-post ALL the code (sans password etc); than to debate "I did - You didn't"

 

agree... but that doesn't change at all the facts clearly depicted in the aforementioned thread sequence starting in post#27 ... done for me.

[Matt Ridge]

Ok, I've added in a few lines of code, so far I am getting an error still, I've added in the variants of POST and GET, as well as a hidden script.

 

Can anyone see why this isn't working now, I've done an exact duplicate of these codes with a script I know that works, and for some reason this one doesn't.  And I don't know why...

 

<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>PDI NCMR - Edit</title>
  <link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
   <div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>

<?php

      $id=0;
      if(isset($_GET['id']))
         $id= mysqli_real_escape_string($dbc, trim($_GET['id']));
    
      if (isset($_POST['submit'])) {
            $id= mysqli_real_escape_string($dbc, trim($_POST["id"]));
// Connect to the database
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

// Enter data into the database
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = $id";

// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
  
// and at least use a basic mechanism to trap possibles errors
       mysqli_query($dbc, $query)  or die('Query Error : ' . mysqli_error($dbc));
   

// Confirm success with the user
	echo '<p>If you wish to edit more NCMRs, please <a href="list.php">go to the admin page!</a></p>';

	// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
		mysqli_close($dbc);
		}

  else {	

// Connect to the database
  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }

  $data = mysqli_query($dbc, $query);

  if (mysqli_num_rows($data) == 1) { 
// The user row was found so display the user data
    $row = mysqli_fetch_array($data);
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';

	echo '<div id="box1">';
		if (empty($row['ab'])) $row['ab'] = "Empty";
		if (empty($row['date'])) $row['date'] = "Empty";
		if (empty($row['part'])) $row['part'] = "Empty";
		if (empty($row['rev'])) $row['rev'] = "Empty";
		if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
		if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
		echo '<div id="ab"><span class="b">Added By:  </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
		echo '<div id="date"><span class="b">Date Filed:  </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
		echo '<div id="part"><span class="b">Part Number:  </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
		echo '<div id="rev"><span class="b">Part Revision:  </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
		echo '<div id="partdesc"><span class="b">Part Description:  </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
		echo '<div id="ncmrqty"><span class="b">NCMR Qty:  </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
	echo '</div>';

//Company, Customer NCMR, Internal RMA, and Job Number
	echo '<div id="box2">';
		if (empty($row['comp'])) $row['comp'] = "Empty";
		if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
		if (empty($row['rma'])) $row['rma'] = "Empty";
		if (empty($row['jno'])) $row['jno'] = "Empty";
			echo '<div id="comp"><span class="b">Company:  </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
				echo '<div id="ncmrid"><span class="b">Customer NCMR ID:  </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
				echo '<div id="rma"><span class="b">Internal RMA #:  </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
				echo '<div id="jno"><span class="b">Job #:  </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
	echo '</div>';

//Type of Failure and Class of Failure
	echo '<div id="box3">';
		echo '<h2>Failure</h2>';
			echo '<div id="cof"><span class="b">Class of Failure:  </span><input type="text" name="cof"  size="15" value="' . $row['cof'] . '" /></div>';
			echo '<div id="fdt"><span class="b">Failure Due To:  </span><input type="text" name="fdt"  size="15" value="' . $row['fdt'] . '" /></div>';

		echo '</div>';

//Fabricators
	echo '<div id="box4">';
		echo '<h2>Fabricators</h2>';
if ($row['fab1']="--None--")
{
    echo'<div id="fab1">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo'<div id="fab1">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}


if ($row['fab2']="--None--")
{
    echo'<div id="fab2">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab2'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1"  size="20" value="' . $row['fab1'] . '" /></div>';
    echo '</div>';
}
if ($row['fab3']="--None--")
{
    echo'<div id="fab3">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab3'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1"  size="20" value="' . $row['fab1'] . '" /></div>';
    echo '</div>';
}		echo '</div>';

//Nonconformity, Disposition, Comments and Comments & Additional Details
	echo '<div id="box5">';
		if (empty($row['non'])) $row['non'] = "Empty";
		if (empty($row['dis'])) $row['dis'] = "Empty";
		if (empty($row['comm'])) $row['comm'] = "Empty";
		if (empty($row['caad'])) $row['caad'] = "Empty";

		echo '<div id="non"><span class="b">Nonconformity:  </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
		echo '<div id="dis"><span class="b">Disposition:  </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
		echo '<div id="comm"><span class="b">Comments:  </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
		echo '<div id="caad"><span class="b">Comments and/or Additional Details:  </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';

			echo '<div id="podr">';
					if (empty($row['po'])) $row['po'] ="Empty";
					if (empty($row['pod'])) $row['pod'] ="Empty";
					if (empty($row['dir'])) $row['dri'] ="Empty";

				echo '<div id="po"><span class="b">PO:  </span><input type="text" name="po"  size="7" value="' . $row['po'] . '" /></div>';
				echo '<div id="pod"><span class="b">PO Date:  </span><input type="text" name="pod"  size="7" value="' . $row['pod'] . '" /></div>';
				echo '<div id="dri"><span class="b">Date Received:  </span><input type="text" name="dri"  size="7" value="' . $row['dri'] . '" /></div>';
			echo '</div>';
		echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>"; 

	echo '</div>';
echo '</fieldset>';
echo '</form>';
	}
}

echo '</div>';

?>
</body>
</html>

[wolfcry]

Is this the same code you sent me? And What error are you receiving?

 

Also, as a security precaution, you shouldn't use $_SERVER['PHP_SELF']; without some form of validation / sanitization because it's exploitable to XSS attacks. I usually just reference the actual page I want to post back to.

 

Here's a pretty good read about it: http://seancoates.com/blogs/xss-woes

[litebearer]

Some observations...

 

1. You are still using

      if(isset($_GET['id']))
         $id= mysqli_real_escape_string($dbc, trim($_GET['id']));
    
      if (isset($_POST['submit'])) {
            $id= mysqli_real_escape_string($dbc, trim($_POST["id"]));

Since YOU have control, choose one or the other - IMHO use the $_POST

 

2. I may be mistaken; however;

mysqli_real_escape_string

needs to be done AFTER you connect to the db.

 

3. This is missing the closing single quote at the very end of the query.

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = $id"; /* MISSING AFTER the $id */

 

Will check more when I can

[KevinM1]

Some observations...

 

1. You are still using

      if(isset($_GET['id']))
         $id= mysqli_real_escape_string($dbc, trim($_GET['id']));
    
      if (isset($_POST['submit'])) {
            $id= mysqli_real_escape_string($dbc, trim($_POST["id"]));

Since YOU have control, choose one or the other - IMHO use the $_POST

 

Actually, the way he has it makes sense.  The page is obviously first accessed via URL, which means GET.  Since it can post to itself, the rest is handled by POST.  It's a bit sloppy in execution, but the idea is semantically correct and RESTful.  It's a fairly common pattern in MVC.  An action method accessed via GET to show a page, and an action method with the same name to handle the postback.

[Matt Ridge]

Is this the same code you sent me? And What error are you receiving?

 

Also, as a security precaution, you shouldn't use $_SERVER['PHP_SELF']; without some form of validation / sanitization because it's exploitable to XSS attacks. I usually just reference the actual page I want to post back to.

 

Here's a pretty good read about it: http://seancoates.com/blogs/xss-woes

 

True, but right now I just want this to work, I'll tweak the final details later... Just because right now if I can get the rest working, I'll have something to use internally till I get it fixed for real world used... even if it is only used by me.

 

As for the code, no... it's not the same, but since I didn't hear back from you I decided to post the updated version.  If you want copy and paste the latest version into edit.php unless you've changed enough where you don't want to.

[wolfcry]

"no... it's not the same, but since I didn't hear back from you I decided to post the updated version."

 

Wow, I sense a bit of bitter impatience there. Considering I didn't even get the code I requested until nearly 7 hours after the fact around 8pm my time and when I'm trying to spend time with my family...

 

Anyways, since I'm getting the gloomy feeling that our help is more expected rather than appreciated, good luck with your script, I hope you fix the issue.

[Matt Ridge]

"no... it's not the same, but since I didn't hear back from you I decided to post the updated version."

 

Wow, I sense a bit of bitter impatience there. Considering I didn't even get the code I requested until nearly 7 hours after the fact around 8pm my time and when I'm trying to spend time with my family...

 

Anyways, since I'm getting the gloomy feeling that our help is more expected rather than appreciated, good luck with your script, I hope you fix the issue.

 

Actually I'm not the impatient one, I am trying to get this working for a company I work for, they are the ones hounding me. I am feeling the pressure on my end to do something I've really never done before. So sorry you feel that way, but I like my job, and I really don't want to loose it over something as "simple" as people here is making it out to be. When to me it's not.

 

Honestly I learned how to code XHTML with PHP and SQL in a little over 2.5 months, what you see here is a culmination of everything I've learned from two books, no classes, and a lot of pressure on me to do so because this economy has made it where it is the employer is always right, and if you can't do it they will hire someone else who can, and my skillset has a flood of people out there that are unemployed, so yes I am in a way impatient because I don't want to loose my job... can you blame me?

 

I am a graphic designer and a computer tech by trade, I never made a website or cracked open a coding book till two months ago, and now I am stuck on this, asking for help, and people here are telling me that x part is wrong, and I'm not sanitizing anything, etc... I've said in the past that I am new at this, this is the first site I registered to, to get help, now I am being pressured at work to do something I have a fleeting grasp of doing, and people here are telling me that I should know what I am doing, and that instead of telling me what is wrong by showing me, they are saying you aren't doing X... when I have no clue what they are saying... and I keep on telling people that as well... but people here don't seem to understand that when I say I don't understand and I keep asking over and over again the same thing, it means I am not understanding what you are saying.

[litebearer]

We understand your frustration; however, did you make these two changes yet?

2. I may be mistaken; however;

Code: [select]

 

mysqli_real_escape_string

 

needs to be done AFTER you connect to the db.

 

3. This is missing the closing single quote at the very end of the query.

Code: [select]

 

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = $id"; /* MISSING AFTER the $id */

 

 

 

Will check more when I can

[Matt Ridge]

We understand your frustration; however, did you make these two changes yet?

2. I may be mistaken; however;

Code: [select]

 

mysqli_real_escape_string

 

needs to be done AFTER you connect to the db.

 

3. This is missing the closing single quote at the very end of the query.

Code: [select]

 

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = $id"; /* MISSING AFTER the $id */

 

 

 

Will check more when I can

 

Yes, here is the code:

 

<?php
require_once('connectvars.php');
// Connect to the database
    $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

echo '<div id="postwrap">'
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>PDI NCMR - Edit</title>
  <link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
   <div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>

<?php

      $id=0;
      if(isset($_GET['id']))
         $id= mysqli_real_escape_string($dbc, trim($_GET['id']));
    
      if (isset($_POST['submit'])) {
            $id= mysqli_real_escape_string($dbc, trim($_POST["id"]));	
// Enter data into the database
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));

$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = '$id'";

// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
  
// and at least use a basic mechanism to trap possibles errors
       mysqli_query($dbc, $query)  or die('Query Error : ' . mysqli_error($dbc));
   

// Confirm success with the user
	echo '<p>If you wish to edit more NCMRs, please <a href="list.php">go to the admin page!</a></p>';

	// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
		mysqli_close($dbc);
		}

  else {	

// Connect to the database
  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }

  $data = mysqli_query($dbc, $query);

  if (mysqli_num_rows($data) == 1) { 
// The user row was found so display the user data
    $row = mysqli_fetch_array($data);
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';

	echo '<div id="box1">';
		if (empty($row['ab'])) $row['ab'] = "Empty";
		if (empty($row['date'])) $row['date'] = "Empty";
		if (empty($row['part'])) $row['part'] = "Empty";
		if (empty($row['rev'])) $row['rev'] = "Empty";
		if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
		if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
		echo '<div id="ab"><span class="b">Added By:  </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
		echo '<div id="date"><span class="b">Date Filed:  </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
		echo '<div id="part"><span class="b">Part Number:  </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
		echo '<div id="rev"><span class="b">Part Revision:  </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
		echo '<div id="partdesc"><span class="b">Part Description:  </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
		echo '<div id="ncmrqty"><span class="b">NCMR Qty:  </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
	echo '</div>';

//Company, Customer NCMR, Internal RMA, and Job Number
	echo '<div id="box2">';
		if (empty($row['comp'])) $row['comp'] = "Empty";
		if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
		if (empty($row['rma'])) $row['rma'] = "Empty";
		if (empty($row['jno'])) $row['jno'] = "Empty";
			echo '<div id="comp"><span class="b">Company:  </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
				echo '<div id="ncmrid"><span class="b">Customer NCMR ID:  </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
				echo '<div id="rma"><span class="b">Internal RMA #:  </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
				echo '<div id="jno"><span class="b">Job #:  </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
	echo '</div>';

//Type of Failure and Class of Failure
	echo '<div id="box3">';
		echo '<h2>Failure</h2>';
			echo '<div id="cof"><span class="b">Class of Failure:  </span><input type="text" name="cof"  size="15" value="' . $row['cof'] . '" /></div>';
			echo '<div id="fdt"><span class="b">Failure Due To:  </span><input type="text" name="fdt"  size="15" value="' . $row['fdt'] . '" /></div>';

		echo '</div>';

//Fabricators
	echo '<div id="box4">';
		echo '<h2>Fabricators</h2>';
if ($row['fab1']="--None--")
{
    echo'<div id="fab1">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo'<div id="fab1">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab1'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}


if ($row['fab2']="--None--")
{
    echo'<div id="fab2">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab2'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1"  size="20" value="' . $row['fab1'] . '" /></div>';
    echo '</div>';
}
if ($row['fab3']="--None--")
{
    echo'<div id="fab3">';
    $mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME); 
    $mysqli->select_db('user');
    $result = $mysqli->query("SELECT * FROM user"); 
    echo "<SELECT name='fab3'>\n";
    while($row = $result->fetch_assoc())
    {
        echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
    }
    echo "</select>\n";
    echo '</div>';
}
else
{
    echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1"  size="20" value="' . $row['fab1'] . '" /></div>';
    echo '</div>';
}		echo '</div>';

//Nonconformity, Disposition, Comments and Comments & Additional Details
	echo '<div id="box5">';
		if (empty($row['non'])) $row['non'] = "Empty";
		if (empty($row['dis'])) $row['dis'] = "Empty";
		if (empty($row['comm'])) $row['comm'] = "Empty";
		if (empty($row['caad'])) $row['caad'] = "Empty";

		echo '<div id="non"><span class="b">Nonconformity:  </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
		echo '<div id="dis"><span class="b">Disposition:  </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
		echo '<div id="comm"><span class="b">Comments:  </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
		echo '<div id="caad"><span class="b">Comments and/or Additional Details:  </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';

			echo '<div id="podr">';
					if (empty($row['po'])) $row['po'] ="Empty";
					if (empty($row['pod'])) $row['pod'] ="Empty";
					if (empty($row['dir'])) $row['dri'] ="Empty";

				echo '<div id="po"><span class="b">PO:  </span><input type="text" name="po"  size="7" value="' . $row['po'] . '" /></div>';
				echo '<div id="pod"><span class="b">PO Date:  </span><input type="text" name="pod"  size="7" value="' . $row['pod'] . '" /></div>';
				echo '<div id="dri"><span class="b">Date Received:  </span><input type="text" name="dri"  size="7" value="' . $row['dri'] . '" /></div>';
			echo '</div>';
		echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>"; 

	echo '</div>';
echo '</fieldset>';
echo '</form>';
	}
}

echo '</div>';

?>
</body>
</html>

[litebearer]

Does this...

 

	$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri'  WHERE id = '$id'";

// echo your raw query and look for obvious errors
     echo "Query is : " . $query . "<br />";

 

show what you expect it to show? (please post a copy of the echo here)

[KevinM1]

"no... it's not the same, but since I didn't hear back from you I decided to post the updated version."

 

Wow, I sense a bit of bitter impatience there. Considering I didn't even get the code I requested until nearly 7 hours after the fact around 8pm my time and when I'm trying to spend time with my family...

 

Anyways, since I'm getting the gloomy feeling that our help is more expected rather than appreciated, good luck with your script, I hope you fix the issue.

 

Actually I'm not the impatient one, I am trying to get this working for a company I work for, they are the ones hounding me. I am feeling the pressure on my end to do something I've really never done before. So sorry you feel that way, but I like my job, and I really don't want to loose it over something as "simple" as people here is making it out to be. When to me it's not.

 

Honestly I learned how to code XHTML with PHP and SQL in a little over 2.5 months, what you see here is a culmination of everything I've learned from two books, no classes, and a lot of pressure on me to do so because this economy has made it where it is the employer is always right, and if you can't do it they will hire someone else who can, and my skillset has a flood of people out there that are unemployed, so yes I am in a way impatient because I don't want to loose my job... can you blame me?

 

I am a graphic designer and a computer tech by trade, I never made a website or cracked open a coding book till two months ago, and now I am stuck on this, asking for help, and people here are telling me that x part is wrong, and I'm not sanitizing anything, etc... I've said in the past that I am new at this, this is the first site I registered to, to get help, now I am being pressured at work to do something I have a fleeting grasp of doing, and people here are telling me that I should know what I am doing, and that instead of telling me what is wrong by showing me, they are saying you aren't doing X... when I have no clue what they are saying... and I keep on telling people that as well... but people here don't seem to understand that when I say I don't understand and I keep asking over and over again the same thing, it means I am not understanding what you are saying.

 

Matt, we're not here to be your tutors.  We are here to help, but trying to teach any member PHP from nothing is beyond the scope of what we do.

 

Part of the problem is that you don't read.  There's a reason why people keep repeating themselves to you (your words).  There's a reason why this thread is now on page 4, and the sanitizing thread went 6 pages.  There are only so many ways for us to explain things, and often you have the gall to imply that we're wrong (see: sanitizing thread), or that you did things right (see: your HTML header/footer issue, where your HTML is a bonafide mess).

 

I don't know if you know this, but we're all volunteers.  Even the people with titles and badges.  None of us see one red cent from being here.  We try to help the best we can because we were all newbies once and we want to pay the community back.  That said, we're doing this while also dealing with work, family, health issues, etc.  What this means is that while we may be sympathetic to your plight, you're not entitled to specialized treatment beyond what other members get.  Getting frustrated and pissy at the people offering you free professional help is only going to decrease the chances of anyone answering one of your questions in the future.

 

So, here's what you do:

 

Leave your preconceptions at the door.  You're not at the point where you can even consider how things ought to work, so what's the point of being frustrated with how it does work? 

 

Leave your ego at the door, too.  20+ years IT, several years as a cook... who gives a crap?  Programming is significantly different than both.  Leave that all behind and embrace the differences. 

 

Finally, take the time to read and decipher what we're saying.  We're not going to stop and explain every piece of basic jargon we say.  That would be asinine, especially given how rudimentary and universal it is (even in Objective-C and Java, which I thought you were leaving us for...).  Reading comprehension and the ability to follow instructions are probably the two most critical skills a programmer can have.