Jump to content

Edit details fetches data from database, but unable to change the values

sk2learnphp

By sk2learnphp
in PHP Coding Help

 Share

Recommended Posts

sk2learnphp Newbie

sk2learnphp

Posted
Posted

I am trying to develop an PHP MySQL database application where edit details is not working.I am new to PHP and doing this with the help of various web resources such as youtube videos, tutorials, similar programs etc .I am able to fetch the data from the database, but when it comes to edit, the data remains the same even after changing.Can anyone suggest the solution of this problem. 

manage-profile.php
    <?php
    session_start();
    require('connection.php');
    
    //If your session isn't valid, it returns you to the login screen for protection
    if(empty($_SESSION['sl_no'])){
     header("location:access-denied.php");
    }
    //retrive student details from the student table
    $result=mysqli_query($con, "SELECT * FROM student WHERE sl_no = '$_SESSION[sl_no]'");
    if (mysqli_num_rows($result)<1){
        $result = null;
    }
    $row = mysqli_fetch_array($result);
    if($row)
     {
     // get data from db
     $stdId = $row['sl_no'];
     $stdRoll = $row['roll_no'];   
     $stdName = $row['name'];
     $stdClass = $row['class'];
     $stdSex= $row['sex'];
     }
    ?>
    <?php
    // updating sql query
    if (isset($_POST['update'])){
    $myId = addslashes( $_GET[$id]);
    $myRoll = addslashes( $_POST['roll_no'] );  
    $myName = addslashes( $_POST['name'] );
    $myClass = addslashes( $_POST['class'] );
    $myGender = $_POST['sex'];  
        
    $sql = mysqli_query($con,"UPDATE student SET roll_no='$myRoll', name='$myName', class='$myClass', sex='$myGender' WHERE sl_no = '$myId'" );
       
    // redirect back to profile
     header("Location: manage-profile.php");
    }
    ?> 
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Student Profile Management</title>
    <link href="css/student_styles.css" rel="stylesheet" type="text/css" />
    <script language="JavaScript" src="js/user.js">
    </script>
    </head>
    <body bgcolor="#e6e6e6">
         
    <center><b><font color = "black" size="6">Online Voting System</font></b></center><br><br>
    <div id="page">
    <div id="header">
      <h2>Manage Profile</h2>
      <a href="student.php">Home</a> | <a href="vote.php">Current Polls</a> | <a href="manage-profile.php">Manage My Profile</a> | <a href="changepassword.php">Change Password</a>| <a href="logout.php">Logout</a>
    </div>
    <div id="container">
    <table border="0" width="620" align="center">
    <CAPTION><h3>Update Profile</h3></CAPTION>
    <form action="manage-profile.php?$id=<?php echo $_SESSION['sl_no']; ?>" method="post" onsubmit="return updateProfile(this)">
    <table align="center">
    <tr><td>Roll Number:</td><td><input type="text" style="background-color:#e8daef; font-weight:regular;" name="roll_no" maxlength="50" value="<?php echo $row["roll_no"]; ?>"></td></tr>
    <tr><td>Name:</td><td><input type="text" style="background-color:#e8daef; font-weight:regular;" name="Name" maxlength="30" value="<?php echo $row["name"]; ?>"></td></tr>
    <tr><td>Class:</td><td><select name='sclass' style='background-color:#e8daef; font-weight:regular;' maxlength='10' id='class' required='true'>
        <option value='HS-1st Year'
        <?php
        if($row["class"]=='HS-1st Year')
        {
           echo "selected";
        }
        ?>
        >HS-1st Year</option>
        <option value='HS-2nd Year'
        <?php
        if($row["class"]=='HS-2nd Year')
        {
            echo "selected";
        }
        ?>    
        >HS-2nd Year</option>
        <option value='BA-1st Sem'
        <?php
        if($row["class"]=='BA-1st Sem')
        {
            echo "selected";
        }
        ?>    
        >BA-1st Sem</option>
        <option value='BA-3rd Sem'
        <?php
        if($row["class"]=='BA-3rd Sem')
        {
            echo "selected";
        }
        ?>
        >BA-3rd Sem</option>
        <option value='BA-5th Sem'
        <?php
        if($row["class"]=='BA-5th Sem')
        {
            echo "selected";
        }
        ?>
        >BA-5th Sem</option>
        <option value='BCom-1st Sem'
        <?php
        if($row["class"]=='BCom-1st Sem')
        {
            echo "selected";
        }
        ?>
        >BCom-1st Sem</option>
        <option value='BCom-3rd Sem'
        <?php
        if($row["class"]=='BCom-3rd Sem')
        {
            echo "selected";
        }
        ?>
        >BCom-3rd Sem</option>
        <option value='BCom-5th Sem'
        <?php
        if($row["class"]=='BCom-5th Sem')
        {
            echo "selected";
        }
        ?>
        >BCom-5th Sem</option>        
      </select>
      </td></tr>
    <tr><td>Sex:</td><td>
    <input type='radio' style='background-color:#e8daef; font-weight:regular;' name='gender' id='male'  value='Male'
    <?php
        if($row["sex"]=='Male')
        {
            echo "checked";
        }
      ?>
      >Male<br>
    <input type='radio' style='background-color:#e8daef; font-weight:regular;' name='gender' id='female'  value='Female'
    <?php
    if($row["sex"]=='Female')
    {
         echo "checked";
    }
    ?>
    >Female<br></td></tr>
    <tr><td>&nbsp;</td></tr><tr><td><input type="submit" name="update" value="Update Profile"></td></tr>
    </table>
    </form>
    </div>
    <div id="footer">
      <div class="bottom_addr">Student Union Election,Anonymous College</div>
    </div>
    </body>
    </html>


     

Link to comment
Share on other sites
Barand Prolific Member

Barand

Posted
Posted

Check the names of the input in your form. These POST fields don't exist 

    $myName = addslashes( $_POST['name'] );
    $myClass = addslashes( $_POST['class'] );
    $myGender = $_POST['sex'];

PS

Find some recent tutorials - your HTML markup code is a decade or two out of date and deprecated.

Use prepared statements instead of embedding user-provided data in your SQL.

Link to comment
Share on other sites
mac_gyver Prolific Member

mac_gyver

Posted
Posted (edited)

the session variable is being used to determine which row of data to query for and use to populate the form field values with. you should also use the session variable to determine which row to update. your current method, of trying to use a get parameter in the form's action attribute (which contains a programming mistake anyways), will allow anyone to update anyone else's profile, since this value can be set to anything anyone wants, not just what you have attempted to set it to in the code. all external data submitted to your web pages can come from anywhere, can be set to anything, and cannot be trusted.

also, your form processing code MUST trim, then validate all inputs before using them. had you done so, with the current  attempted method of passing the id through the form's action attribute, your code would be producing an error for the user alerting them that there's no input id, and it would also be producing errors for the mismatch in form field names that @Barandhas pointed out, helping you to debug the mistakes in the code.

here's an additional list of issues with the code -

  1. require isn't a function. the () around the filename are unnecessary clutter and should be removed.
  2. every redirect needs an exit/die statement after it to stop php code execution. a header() does not stop php code execution. all the code on that page is being executed every time the page gets requested.
  3. the code to retrieve the exiting data should come after the post method form processing code, should only be executed if the form has never been submitted, should keep the fetched data as an array, and should fetch the data into the same named variable that the post method form processing code is using (which should also be an array), so that after the form has been submitted, the form data will repopulate the form field values, so that the user doesn't need to keep reentering the changes over and over upon an error. 
  4. if the query to get the existing data doesn't match a row, that's error and you should setup and display a message for the user alerting them to this problem, rather than to display a blank edit form.
  5. don't copy variables to other variables for nothing. this is just a waste of your time typing. the only time you should copy variables to other variables is when the meaning of the data in the variable has been altered, e.g. when trimming data, ...
  6. don't attempt to detect if the submit button is set. there are cases where it won't be. instead, detect if a post method form was submitted. if there can be more than one form processing code on a page, use a hidden field with a different value for each form, then use those values in the form processing code to control which code to execute.
  7. keep the form data as a set, in an array variable, then operate on elements in this array variable throughout the rest of the code.
  8. trim all the input data at once. since you will be keeping it in an array variable, you can do this will one single statement.
  9. validate all inputs, storing validation errors in an array, using the field name as the array index.
  10. after the end of the validation logic, if the array holding the user/validation errors is empty, use the submitted form data.
  11. because the update query can result in duplicate data (any column that must be unique should be defined as a unique index in the database table), you need error handling for that query that will test if a duplicate index error number has occurred, then setup a message for the user telling them what was wrong with the data that they submitted, so that they can correct the problem and resubmit the form.
  12. if there are errors at item #10, the code would continue on to display the html document, where you would test the array holding the errors and display its contents if there are, and redisplay the form, populating the form field values with the submitted form data.
  13. to get the form to submit to the same page it is on, simply leave the entire action='...' attribute out of the form tag.
  14. apply htmlentities() to any value you output on a web page to help prevent cross site scripting.
  15. don't write out code for every possible value. for the select/option choices and the radio buttons, define the choices in arrays, than loop over these defining arrays to produce the markup. you can also use these defining arrays in the validation logic to insure that only a permitted choice was made.
  16. the first select/option choice is usually an empty value with text that serves as a prompt to select one of the actual choices. this is actually need for the 'required' attribute to work, should the existing data being edited be empty or not match one of the permitted choices. this also results in an easily detected value for the server-side validation logic to test for.
  17. when you switch to use prepared queries, you would also want to switch to the much simpler PDO database extension.

 

Edited by mac_gyver
Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.