JessicaC Posted November 19, 2016 Share Posted November 19, 2016 For my class lab assignment, I need to be able to edit a customer record customerlist.php <!DOCTYPE html> <html lang="EN"> <head> <!-- View customer list --> <title>Customer list</title> </head> <body> <?php /* CUSTOMERLIST.PHP Displays all data from 'users' table */ // connect to the database include('script/login.php'); // get results from database $result = mysql_query("SELECT * FROM users") or die(mysql_error()); // display data in table echo "<table border='1' cellpadding='10'>"; echo "<tr> <th>ID</th> <th>First Name</th> <th>Last Name</th> <th></th> <th></th></tr>"; // loop through results of database query, displaying them in the table while($row = mysql_fetch_array( $result )) { // echo out the contents of each row into a table echo "<tr>"; echo '<td>' . $row['User_id'] . '</td>'; echo '<td>' . $row['first_name'] . '</td>'; echo '<td>' . $row['last_name'] . '</td>'; echo '<td><a href="edit.php?id=' . $row['User_id'] . '">Edit</a></td>'; echo "</tr>"; } // close table> echo "</table>"; ?> <p><a href="content.php">Add a new customer</a></p> </body> </html> edit.php <?php /* EDIT.PHP Allows user to edit specific entry in database */ // creates the edit customer form function renderForm($User_id, $Fname, $Lname, $error) { ?> <!DOCTYPE html> <html lang="EN"> <html> <head> <title>Edit Customer details</title> </head> <body> <?php // if there are any errors, display them if ($error != '') { echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>'; } ?> <form action="" method="post"> <input type="hidden" name="User_id" value="<?php echo $User_id; ?>"/> <div> <p><strong>ID:</strong> <?php echo $User_id; ?></p> <strong>First Name: *</strong> <input type="text" name="first_name" value="<?php echo $Fname; ?>"/><br/> <strong>Last Name: *</strong> <input type="text" name="last_name" value="<?php echo $Lname; ?>"/><br/> <p>* Required</p> <input type="submit" name="submit" value="Submit"> </div> </form> </body> </html> <?php } // connect to the database include('script/login.php'); // check if the form has been submitted. If it has, process the form and save it to the database if (isset($_POST['submit'])) { // confirm that the 'id' value is a valid integer before getting the form data if (is_numeric($_POST['User_id'])) { // get form data, making sure it is valid $id = $_POST['User_id']; $Fname = mysql_real_escape_string(htmlspecialchars($_POST['first_name'])); $Lname = mysql_real_escape_string(htmlspecialchars($_POST['last_name'])); // check that firstname/lastname fields are both filled in if ($Fname == '' || $Lname == '') { // generate error message $error = 'ERROR: Please fill in all required fields!'; //error, display form renderForm($User_id, $Fname, $Lname, $error); } else { // save the data to the database mysql_query("UPDATE users SET first_name='$Fname', last_name='$Lname' WHERE User_id='$User_id'") or die(mysql_error()); // once saved, redirect back to the view page header("Location: customerlist.php"); } } else { // if the 'id' isn't valid, display an error echo 'Error!'; } } else // if the form hasn't been submitted, get the data from the db and display the form { if (isset($_GET['User_id']) && is_numeric($_GET['User_id']) && $_GET['User_id'] > 0) { // query db $id = $_GET['id']; $result = mysql_query("SELECT * FROM users WHERE User_id=$User_id") or die(mysql_error()); $row = mysql_fetch_array($result); // check that the 'id' matches up with a row in the database if($row) { // get data from db $Fname = $row['first_name']; $Lname = $row['last_name']; // show form renderForm($User_id, $Fname, $Lname, ''); } else // if no match, display result { echo "No results!"; } } else // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error { echo 'Error!'; } } ?> Whenever I click the Edit link I don't get the edit form but the error generated by my code. I cannot figure out how to fix this, when the user ID for each customer is correct Quote Link to comment https://forums.phpfreaks.com/topic/302564-edit-a-customer-record/ Share on other sites More sharing options...
benanamen Posted November 19, 2016 Share Posted November 19, 2016 You're seriously wasting your time with this obsolete insecure code. Quote Link to comment https://forums.phpfreaks.com/topic/302564-edit-a-customer-record/#findComment-1539448 Share on other sites More sharing options...
JessicaC Posted November 19, 2016 Author Share Posted November 19, 2016 I don't care if it's obsolete and insecure. I am trying to finishing up an assignment and want it working. Quote Link to comment https://forums.phpfreaks.com/topic/302564-edit-a-customer-record/#findComment-1539450 Share on other sites More sharing options...
kicken Posted November 19, 2016 Share Posted November 19, 2016 In your code you are attempting to use the variable $User_id but no such variable exists (you named it $id). Quote Link to comment https://forums.phpfreaks.com/topic/302564-edit-a-customer-record/#findComment-1539452 Share on other sites More sharing options...
JessicaC Posted November 19, 2016 Author Share Posted November 19, 2016 (edited) Fixed that, but I am still getting "Error" <?php /* EDIT.PHP Allows user to edit specific entry in database */ // creates the edit customer form function renderForm($User_id, $Fname, $Lname, $error) { ?> <!DOCTYPE html> <html lang="EN"> <html> <head> <title>Edit Customer details</title> </head> <body> <?php // if there are any errors, display them if ($error != '') { echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>'; } ?> <form action="" method="post"> <input type="hidden" name="User_id" value="<?php echo $User_id; ?>"/> <div> <p><strong>User_id:</strong> <?php echo $User_id; ?></p> <strong>First Name: *</strong> <input type="text" name="first_name" value="<?php echo $Fname; ?>"/><br/> <strong>Last Name: *</strong> <input type="text" name="last_name" value="<?php echo $Lname; ?>"/><br/> <p>* Required</p> <input type="submit" name="submit" value="Submit"> </div> </form> </body> </html> <?php } // connect to the database include('script/login.php'); // check if the form has been submitted. If it has, process the form and save it to the database if (isset($_POST['submit'])) { // confirm that the 'id' value is a valid integer before getting the form data if (is_numeric($_POST['User_id'])) { // get form data, making sure it is valid $User_id = $_POST['User_id']; $Fname = mysql_real_escape_string(htmlspecialchars($_POST['first_name'])); $Lname = mysql_real_escape_string(htmlspecialchars($_POST['last_name'])); // check that firstname/lastname fields are both filled in if ($Fname == '' || $Lname == '') { // generate error message $error = 'ERROR: Please fill in all required fields!'; //error, display form renderForm($User_id, $Fname, $Lname, $error); } else { // save the data to the database mysql_query("UPDATE users SET first_name='$Fname', last_name='$Lname' WHERE User_id='$User_id'") or die(mysql_error()); // once saved, redirect back to the view page header("Location: customerlist.php"); } } else { // if the 'id' isn't valid, display an error echo 'Error!'; } } else // if the form hasn't been submitted, get the data from the db and display the form { if (isset($_GET['User_id']) && is_numeric($_GET['User_id']) && $_GET['User_id'] > 0) { // query db $User_id = $_GET['User_id']; $result = mysql_query("SELECT * FROM users WHERE User_id=$User_id") or die(mysql_error()); $row = mysql_fetch_array($result); // check that the 'id' matches up with a row in the database if($row) { // get data from db $Fname = $row['first_name']; $Lname = $row['last_name']; // show form renderForm($User_id, $Fname, $Lname, ''); } else // if no match, display result { echo "No results!"; } } else // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error { echo 'Error!'; } } ?> other files: content.php <!DOCTYPE html> <html lang="EN"> <head> <!-- Jessica Chen, CS334, Fall 2016, Lab 10 --> <title>Customers</title> </head> <body> <a href="contentphp.txt">content.php text file</a></br> <a href="sql_code.txt">SQL codes</a></br></br> <div id="wrapper"><!-- BEGIN MAIN WRAPPER --> <section id="top_area"> <article class="box-right"> <form action="script/data.php" method="post"> <fieldset> <legend>Enter customer information</legend> <p> <label>First Name:</label> <input name="first_name" required="required" placeholder="John" type="text"> </p> <p> <label>Last Name:</label> <input name="last_name" required="required" placeholder="Doe" type="text"> </p> <p> <label>Gender:</label> <input type="radio" name="sex" value="male" checked="checked" /><label>male</label> <input type="radio" name="sex" value="female" /> <label>female</label> </p> <p> <label> Your email:</label> <input name="email" required="required" placeholder="random@mail.com" type="email"> </p> <p> <label>password:</label> <input name="password" required="required" placeholder="eg. X8df!90EO" type="password"> </p> <p> <input value="Submit" type="submit"> </p> <a href="customerlist.php">View and edit customer list</a></br> </fieldset> </form> </article> </section> </div><!-- END MAIN WRAPPER --> </br></br> <form action="" method="post"> <fieldset> <legend>Search Contacts Details</legend> <p>You may search either by first or last name</p> <input name="search" type="search" autofocus><input type="submit" name="button"> </form> <table> <tr><td><b>First Name</td><td></td><td><b>Last Name</td></tr> <?php $con=mysql_connect('localhost', 'jesschen_jzc22', ''); $db=mysql_select_db('jesschen_jess-ascraeus'); if(isset($_POST['button'])){ //trigger button click $search=$_POST['search']; $query=mysql_query("select * from users where first_name like '%{$search}%' || last_name like '%{$search}%' "); if (mysql_num_rows($query) > 0) { while ($row = mysql_fetch_array($query)) { echo "<tr><td>".$row['first_name']."</td><td></td><td>".$row['last_name']."</td></tr>"; } }else{ echo "No customer Found<br><br>"; } }else{ //while not in use of search returns all the values $query=mysql_query("select * from users"); } mysql_close(); ?> </fieldset> </body> </html> script/data.php <?php //data.php require_once 'login.php'; //Get values from form $Fname = $_POST['first_name']; $Lname = $_POST['last_name']; $sex = $_POST['sex']; $email = $_POST['email']; $password = $_POST['password']; //insert data into mysql $sql = "INSERT INTO users(first_name, last_name, sex, email, password, registration_date) VALUES ('$User_id','$Fname','$Lname','$sex','$email', SHA1('$password'), NOW())"; $result=mysql_query($sql); //if successfully insert data into database, displays message "successful". if($result) { header('Location: ../thankyou.php'); } else { echo "ERROR"; } //close mysql mysql_close(); ?> .. Edited November 19, 2016 by JessicaC Quote Link to comment https://forums.phpfreaks.com/topic/302564-edit-a-customer-record/#findComment-1539453 Share on other sites More sharing options...
Barand Posted November 19, 2016 Share Posted November 19, 2016 You are inserting seven values into six columns. Don't insert the user_id, let the auto_increment take care of that. Quote Link to comment https://forums.phpfreaks.com/topic/302564-edit-a-customer-record/#findComment-1539454 Share on other sites More sharing options...
mac_gyver Posted November 19, 2016 Share Posted November 19, 2016 Fixed that, but I am still getting "Error" wouldn't that mean exactly what your comment in the code states - // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error where is the 'id' in the URL coming from? wouldn't the edit link that you are producing on one page and code using a value from that link on another page need to use the same name for the GET parameter? after you get (pun not intended) the names to match, is there actually an id value in the link? and this is the problem with you just wanting the code to work and wanting someone else to tell you why it doesn't, you are not involved with, looking at, following, and getting what the relationship is between the different pieces of code in the process. Quote Link to comment https://forums.phpfreaks.com/topic/302564-edit-a-customer-record/#findComment-1539458 Share on other sites More sharing options...
benanamen Posted November 19, 2016 Share Posted November 19, 2016 OP already stated in another thread that she doesn't care about programming or if it's right as long as it works. Fellow experts are just wasting your time with this. Quote Link to comment https://forums.phpfreaks.com/topic/302564-edit-a-customer-record/#findComment-1539465 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.