Solved

Fields not Updateing, Probably something stupid

Posted on 2004-08-28
10
221 Views
Last Modified: 2008-07-03


This is a clip from my code.  I can't figure out why it isnt updateing the SET I use the same code with different variables in another script and it works fine.  Its probably something simple but ive been looking at for too long.  Any help would be great.      

 if (isset($_POST['submit']))

        {

        $clientid = $_POST['clientid'];
        $rate = $_POST['rate'];
        $hours = $_POST['hours'];
        $hardware = $_POST['hardware'];
        $hardwaretext = $_POST['hardwaretext'];
        $comment = $_POST['comment'];
        $tax = "1.075";
            $total = (($rate * $hours) + ($hardware * $tax));




            mysql_query("UPDATE invoice SET clientid = '$_POST[clientid]', rate = '$_POST[rate]', hours = '$_POST[hours]', hardware = '$_POST[hardware]', hardwaretext = '$_POST[hardwaretext]', comment = '$_POST[comment]', tax = '$_POST[comment]', total = '$total'   WHERE id = $_POST[submit] ");



            echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";

        }



        $result = mysql_query("SELECT * FROM invoice WHERE id = $_GET[edit]");

        $row = mysql_fetch_assoc($result);



        echo "

        <form action=invoice.php?edit=$_GET[edit] method=post>



        <b>Edit Submission</b><p>


        <table border=0 cellpadding=0 cellspacing=2>

         <tr>

          <td width=250>Client Id:</td>

          <td width=360>{$row['clientid']}
         </td>

         </tr>

         <tr>

          <td width=250>Rate:</td>

          <td width=360><input type=\"text\" name=\"rate\" size=\"60\" maxlength=\"100\" value=\"{$row['rate']}\">

         </td>

         </tr>

         <tr>


          <td width=250>Hours:</td>

          <td width=360><input type=\"text\" name=\"hours\" size=\"60\" maxlength=\"100\" value=\"{$row['hours']}\">

         </td>

         </tr>

         <tr>


          <td width=250>Hardware Cost:</td>

          <td width=360><input type=\"text\" name=\"hardware\" size=\"60\" maxlength=\"100\" value=\"{$row['hardware']}\">

         </td>

         </tr>

         <tr>


          <td width=250>Hardware Comments:</td>

          <td width=360><textarea name=\"hardwaretext\" rows=\"5\" cols=\"45\">{$row['hardwaretext']}</textarea>

         </td>

         </tr>

             <tr valign=top>

          <td width=250>Comments:</td>

          <td width=360><textarea name=\"comment\" rows=\"5\" cols=\"45\">{$row['comment']}</textarea></td>

         </td>

         </tr>
             <tr valign=top>

          <td width=250>Total:</td>

          <td width=360>{$row['total']} - If you changed the values above this will change </td>

         </td>

         </tr>

        </table>

        <table border=0 cellpadding=0 cellspacing=2>

         <tr valign=top>

          <td width=532 align=right><input type='submit' name='submit' value='EDIT INVOICE'></td>

           

         </tr>

        </table>

        <p>

           

        </form> ";



    }
0
Comment
Question by:livegirllove
10 Comments
 
LVL 27

Expert Comment

by:Diablo84
ID: 11923694
in your query

WHERE id = $_POST[submit] ");

$_POST[submit] should be within single quotes

and also are you sure you want to compare the id to submit? I would have though you would be comparring it to $clientid... but of course could be wrong

0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11923704
your post references should also be within single quotes in the query, so you would have to do some concatenating in the query however seeing as you have converted the post globals to local variables just prior to the query it would be easier to reference and single quote them, eg.


            mysql_query("UPDATE invoice SET clientid = '$clientid', rate = '$rate', hours = '$hours', hardware = '$hardware', hardwaretext = '$hardwaretext', comment = '$comment', tax = '$tax', total = '$total'   WHERE id = '".$_POST['submit']."' ");
0
 
LVL 27

Expert Comment

by:Diablo84
ID: 11923707
This query will probably need ammending too

$result = mysql_query("SELECT * FROM invoice WHERE id = $_GET[edit]");

to

$result = mysql_query("SELECT * FROM invoice WHERE id = '".$_GET['edit']."'");
0
 
LVL 1

Author Comment

by:livegirllove
ID: 11924062
Fixed those problems but it still isnt updateing.  Heres the whole code, sorry its kind of messy.
It creates the invoice perfectly.  DOes the correct math and inserts the data fine.  Its when I edit an invoice that it wont update.  As soon as I click submit its just changes back to what was in the field beofre.

thanks

<html>

<head>

<title>Invoice Input</title>

</head>



<body bgcolor="white" text="black" link="black" vlink="black" alink="black">
         <font face="TAHOMA" size="1" color="#000000">

<a href="sales.php">[New Client]</a> -

<a href="invoice.php?view=list">[List Invoices]</a> -

<a href="invoice.php?action=new">[New Invoice]</a>

<?php



     include("db.php"); // setup connection to mysql

       $sql = "SELECT id, name FROM results";
     $res_cat = mysql_query($sql); // handle to category set


if(isset($_GET['del'])) {
            
            echo "<center>Are you sure you want to delete that entry ?
            <BR>
            <a href=\"invoice.php?delete=yes&del=" . $_GET['del'] . "\">Yes</a><BR>
            <a href=\"invoice.php?delete=no\">No</a>
            </center>";
            
            if ($delete == "yes"){
            mysql_query("DELETE FROM invoice WHERE id = '" . $_GET['del'] . "'");
            echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";
            }
            elseif ($delete == "no") {echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";}
      }




       

    if (($_GET['action'] == "new") || ($_POST['action'] == "new"))

    {

        ?>

        <form action="invoice.php" method="post"> <input type="hidden" name="action" value="new">

                                         

       
                                          <p>



        <table border=0 cellpadding=0 cellspacing=2>
     <tr><td><select name="clientid">
       <option value="">-</option>
     <?php while ($row = mysql_fetch_assoc($res_cat)) { ?>        
          <option value='<?php echo $row['id']; ?>'><?php echo $row['name']; ?></option>              
     <?php } ?>
     </select></td></tr>
         <tr>

          <td width=250>Rate:</td>

          <td width=360><input type=text name=rate size=60 maxlength=100>

         </td>

         </tr>
         <tr>

          <td width=250 bgcolor="#CCCCCC">Hours:</td>

          <td width=360 bgcolor="#CCCCCC"><input type=text name=hours size=60 maxlength=100>

         </td>

         </tr>
         <tr>

          <td width=250>Hardware Cost:</td>

          <td width=360><input type=text name=hardware size=60 maxlength=100>

         </td>

         </tr>

         <tr>

          <td width=250 bgcolor="#CCCCCC">Hardware Comments:</td>

          <td width=360 bgcolor="#CCCCCC"><textarea name=hardwaretext rows=5 cols=45></textarea>

         </td>

         </tr>

             <tr valign=top>

          <td width=250>Comments:</td>

          <td width=360><textarea name=comment rows=5 cols=45></textarea></td>

         </td>

         </tr>

        </table>

        <table border=0 cellpadding=0 cellspacing=2>

         <tr valign=top>

          <td width=532 align=right><input type="submit" name="submit" value="Create Invoice"></td>

           

         </tr>

        </table>

        <p>

           

        </form> <?php


if (isset($_POST['submit']))
    {
        echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";
            $clientid = ($_POST['clientid']);

            $rate = ($_POST['rate']);

            $hours = ($_POST['hours']);
               
            $hardware = ($_POST['hardware']);

            $hardwaretext = ($_POST['hardwaretext']);

            $comment = ($_POST['comment']);

            $tax = "1.075";

                  $total = (($rate * $hours) + ($hardware * $tax));
                        
           
                  mysql_query("INSERT INTO invoice (clientid, rate, hours, hardware, hardwaretext, comment, tax, total, date) VALUES ('$clientid', '$rate', '$hours', '$hardware', '$hardwaretext', '$comment', '$tax', '$total', now()) ");        }


    }



    elseif ($_GET['view'] == "list")

    {



        echo "

        <p><b>Current Listings</b></p><p>

        <table border=0 cellpadding=0 cellspacing=2>";





        $result = mysql_query("SELECT * FROM invoice ORDER BY id DESC");

        while ($row = mysql_fetch_assoc($result))

        {

            $details = nl2br($row['details']);



            echo "

            <tr>

            <td width=250>Client ID:</td>

            <td width=360>{$row['clientid']}</td>

            </tr>
                                                <tr>

            <td width=250>Invoice Number:</td>

            <td width=360>{$row['id']}</td>

            </tr>

                              <tr>

            <td width=250>Invoice Date:</td>

            <td width=360>{$row['date']}</td>

            </tr>

            <tr>

            <td width=250>Rate</td>

            <td width=360>{$row['rate']}</td>

            </tr>
            <tr>

            <td width=250>Hours:</td>

            <td width=360>{$row['hours']}</td>

            </tr>
            <tr>

            <td width=250>Hardware Cost:</td>

            <td width=360>{$row['hardware']}</td>

            </tr>
            <tr>

            <td width=250>Hardware Comments:</td>

            <td width=360>{$row['hardwaretext']}</td>

            </tr>

            <tr>

            <td width=250>Comments:</td>

            <td width=360>{$row['comment']}</td>

            </tr>
            <tr>

            <td width=250>Total:</td>

            <td width=360>{$row['total']}</td>

            </tr>


            <tr>

            <td width=250></td>

            <td width=360><a href=\"invoice.php?edit={$row[id]}\"> Edit </a> - <a href=\"invoice.php?del={$row[id]}\"> Delete </a></td>

            </tr>

            <tr>

            <td width=250>&nbsp;</td>

            <td width=360>&nbsp;</td>

            </tr>";

        }



        echo "</table>";

    }





    elseif (isset($_GET['edit']))

    {



        if (isset($_POST['submit']))

        {

        $clientid = $_POST['clientid'];
        $rate = $_POST['rate'];
        $hours = $_POST['hours'];
        $hardware = $_POST['hardware'];
        $hardwaretext = $_POST['hardwaretext'];
        $comment = $_POST['comment'];
        $tax = "1.075";
            $total = (($rate * $hours) + ($hardware * $tax));




mysql_query("UPDATE invoice SET clientid = '$clientid', rate = '$rate', hours = '$hours', hardware = '$hardware', hardwaretext = '$hardwaretext', comment = '$comment', tax = '$tax', total = '$total'   WHERE id = '".$_POST['submit']."' ");


            echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";

        }



$result = mysql_query("SELECT * FROM invoice WHERE id = '".$_GET['edit']."'");
        $row = mysql_fetch_assoc($result);



        echo "

        <form action=invoice.php?edit=$_GET[edit] method=post>



        <b>Edit Submission</b><p>


        <table border=0 cellpadding=0 cellspacing=2>

         <tr>

          <td width=250>Client Id:</td>

          <td width=360>{$row['clientid']}
         </td>

         </tr>

         <tr>

          <td width=250>Rate:</td>

          <td width=360><input type=\"text\" name=\"rate\" size=\"60\" maxlength=\"100\" value=\"{$row['rate']}\">

         </td>

         </tr>

         <tr>


          <td width=250>Hours:</td>

          <td width=360><input type=\"text\" name=\"hours\" size=\"60\" maxlength=\"100\" value=\"{$row['hours']}\">

         </td>

         </tr>

         <tr>


          <td width=250>Hardware Cost:</td>

          <td width=360><input type=\"text\" name=\"hardware\" size=\"60\" maxlength=\"100\" value=\"{$row['hardware']}\">

         </td>

         </tr>

         <tr>


          <td width=250>Hardware Comments:</td>

          <td width=360><textarea name=\"hardwaretext\" rows=\"5\" cols=\"45\">{$row['hardwaretext']}</textarea>

         </td>

         </tr>

             <tr valign=top>

          <td width=250>Comments:</td>

          <td width=360><textarea name=\"comment\" rows=\"5\" cols=\"45\">{$row['comment']}</textarea></td>

         </td>

         </tr>
             <tr valign=top>

          <td width=250>Total:</td>

          <td width=360>{$row['total']} - If you changed the values above this will change </td>

         </td>

         </tr>

        </table>

        <table border=0 cellpadding=0 cellspacing=2>

         <tr valign=top>

          <td width=532 align=right><input type='submit' name='submit' value='EDIT INVOICE'></td>

           

         </tr>

        </table>

        <p>

           

        </form> ";



    }







?>
                  </font>

            </body>

        </html>

0
 
LVL 27

Accepted Solution

by:
Diablo84 earned 125 total points
ID: 11924116
i'm afraid im too tired to have a proper look at your code, its late here and i don't think my eyes are up to it, i will have another look in the morning if the question is still open.

Just a couple of points that you can check before i go:

1) im still not sure about the query, where check here:

WHERE id = '".$_POST['submit']."' ");

The value of submit is EDIT INVOICE and you are checking this against a field called id, ie might be correct but i would be expecting id to be an integer value.

2) Make sure your select query is run after the update otherwise un-updated record will be selected.

0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 7

Assisted Solution

by:aib_42
aib_42 earned 125 total points
ID: 11924317
Reminder when dealing with MySQL queries:

Two good way of debugging queries are:
1) Copying the whole first parameter to mysql_query() to a line just above the call, adding an "echo " in front, ";" at the end, and "\n" at the end of the string.
2) Creating a "my_mysql_query()" function which will call mysql_query() with the parameters it is given, but not before echo'ing or logging the query somewhere.

ie:
mysql_query("SELECT * FROM table"); becomes
1)

echo "SELECT * FROM table\n";
mysql_query("SELECT * FROM table");

or 2)

my_mysql_query("SELECT * FROM table");
function my_mysql_query($qry)
{
    echo $qry.";\n";
    mysql_query($qry);
}
0
 
LVL 25

Assisted Solution

by:Squinky
Squinky earned 125 total points
ID: 11924908
Your whole form and processing is very confused - I'm not surprised D84's feeling tired!

you have structures like this:

  elseif (isset($_GET['edit']))
    {
        if (isset($_POST['submit']))


that's just not going to work - you will never, ever have GET and POST vars set at the same time. You need to sort out your form and command submission mechanisms, and possibly use $_REQUEST everywhere instead. I get the feeling that if you do get this working by continuing to tweak it, it will be down to luck rather than skill, which means it's likely to break easily and will not form a basis for code you might want to write later.

I'd suggest you use different names for your save and update submit buttons - you're checking for $_POST['submit'] in both cases.

You are still missing some quotes on array indices. You're being inconsistent in your quoting methods in general; this is messy and unnecessary:

$result = mysql_query("SELECT * FROM invoice WHERE id = '".$_GET['edit']."'");

do this:

$result = mysql_query("SELECT * FROM invoice WHERE id = '{$_GET['edit']}");

incidentally, that line is also asking for an SQL injection attack.

You've also neglected to quote nearly all your HTML attributes, and in some cases have used single quotes. Running your page through the w3c validator will flag lots of HTML errors.

You've stumbled into a good demonstration of exactly why you should stick to consistent coding standards (even if they're your own), and in this case the lessons are:

Always quote string array indices
Do your quoting right
Write valid HTML
It's probably a good idea to have at least a vague strategy for implementing a script - whatever it is, stick to it.
0
 
LVL 1

Author Comment

by:livegirllove
ID: 11927910
Squinky, thats for that tip.  Idid some search on SQL injection attack.  Right now Im the only one that uses the script, but Ill definately start to clean up the code.  I didnt write this code.  Just edited it and add a lot to it.  Thing is I am using the same script (posted below) and it works perfectly.  

HTML, I just looked at it and your right.  That is bad coding.  I was in a cut and paste fever and wasnt looking at that stuff.

Working code:
<html>

<head>

<title>Sales</title>

</head>



<body bgcolor="white" text="black" link="black" vlink="black" alink="black">
         <font face="TAHOMA" size="1" color="#000000">
<a href="sales.php?view=list">[List Clients]</a> -

<a href="sales.php?action=new">[New Client]</a> -
<a href="invoice.php">[Create Invoice]</a>        


<?php



     include("db.php"); // setup connection to mysql

       $sql = "SELECT id, firstname, lastname FROM results ORDER BY lastname ASC";
     $res_cat = mysql_query($sql); // handle to category set


if(isset($_GET['del'])) {
            
            echo "<center>Are you sure you want to delete that entry ?
            <BR>
            <a href=\"sales.php?delete=yes&del=" . $_GET['del'] . "\">Yes</a><BR>
            <a href=\"sales.php?delete=no\">No</a>
            </center>";
            
            if ($delete == "yes"){
            mysql_query("DELETE FROM results WHERE id = '" . $_GET['del'] . "'");
            echo "<meta HTTP-EQUIV=refresh content=0;url=sales.php?view=list>";
            }
            elseif ($delete == "no") {echo "<meta HTTP-EQUIV=refresh content=0;url=sales.php?view=list>";}
      }




       

    if (($_GET['action'] == "new") || ($_POST['action'] == "new"))

    {

        ?>
<form action="sales.php" method="post"> <input type="hidden" name="action" value="new">

                                         

        <b>Personal Information</b><p>



        <table border=0 cellpadding=0 cellspacing=2>
         <tr>
           <td>Company:</td>
           <td><input type=text name=company size=60 maxlength=100> </td>
         </tr>

         <tr>
           <td>Title:</td>
           <td><select name="title">
       <option value="" selected>-</option>
       <option value="Mr.">Mr.</option>
       <option value="Mrs.">Mrs.</option>
       <option value="Dr.">Dr.</option>
       <option value="Ms.">Ms.</option>
       <option value="Miss">Miss</option>
          </select> </td>
         </tr>
         <tr>

          <td width=150>First Name:</td>

          <td width=360><input type=text name=firstname size=60 maxlength=100>

         </td>

         </tr>
         <tr>
          <td width=150>Last Name:</td>

          <td width=360><input type=text name=lastname size=60 maxlength=100>
         </tr>
         <tr>

          <td width=150>Address:</td>

          <td width=360><input type=text name=address size=60 maxlength=100>

         </td>

         </tr>
         <tr>

          <td width=150>City:</td>

          <td width=360><input type=text name=city size=60 maxlength=100>

         </td>

         </tr>
         <tr>

          <td width=150>State:</td>

          <td width=360><input type=text name=state size=60 maxlength=100>

         </td>

         </tr>
         <tr>

          <td width=150>Zip Code:</td>

          <td width=360><input type=text name=zip size=60 maxlength=100>

         </td>

         </tr>

         <tr>

          <td width=150>Email:</td>

          <td width=360><input type=text name=email size=60 maxlength=100>

         </td>

         </tr>

         <tr>
           <td>Phone Number: </td>
           <td><input type=text name=phone size=60 maxlength=100> </td>
         </tr>
         <tr>
           <td>Fax Number: </td>
           <td><input type=text name=fax size=60 maxlength=100> </td>
         </tr>
         <tr>
           <td>Cell Phone: </td>
           <td><input type=text name=cell size=60 maxlength=100> </td>
         </tr>
         <tr>

          <td width=150>AIM:</td>

          <td width=360><input type=text name=aim size=60 maxlength=100>

          </td>

         </tr>

         <tr>

          <td width=150>MSN:</td>

          <td width=360><input type=text name=msn size=60 maxlength=100>

         </td>

         </tr>

          <tr>

          <td width=150>YAHOO:</td>

          <td width=360><input type=text name=yahoo size=60 maxlegnth 100>

         </td>

         </tr>

          <tr>

          <td width=150>IRC:</td>

          <td width=360><input type=text name=irc size=60 maxlegnth 100>

         </td>

         </tr>

          <tr>

          <td width=150>IRC Alias:</td>

          <td width=360><input type=text name=ircalias size=60 maxlegnth 100>

         </td>

         </tr>

             <tr valign=top>

          <td width=150>Comments:</td>

          <td width=360><textarea name=comment rows=5 cols=45></textarea></td>

         </td>

         </tr>
         <tr>

          <td width=150>Refered By:</td>

          <td width=360><select name="clientid">
       <option value="" selected>-</option>
     <?php while ($row = mysql_fetch_assoc($res_cat)) { ?>        
          <option value='<?php echo $row['id']; ?>'><?php echo $row['lastname']; ?> - <?php echo $row['firstname']; ?></option>              
     <?php } ?>
          </select>

         </td>

         </tr>

        </table>

        <table border=0 cellpadding=0 cellspacing=2>

         <tr valign=top>

          <td width=532 align=right><input type="submit" name="submit" value="ADD CLIENT TO DATABASE"></td>

           

         </tr>

        </table>

        <p>

           

        </form> <?php


        if (isset($_POST['submit']))

        {
                  echo "<meta HTTP-EQUIV=refresh content=0;url=sales.php?view=list>";

           
                  $title = ($_POST['title']);
                  
                  $company = ($_POST['company']);
                  
                  $firstname = ($_POST['firstname']);

            $lastname = ($_POST['lastname']);


            $address = ($_POST['address']);

            $city = ($_POST['city']);

            $state = ($_POST['state']);

            $zip = ($_POST['zip']);

            $email = ($_POST['email']);
                  
                   $phone = ($_POST['phone']);
                  
                    $fax = ($_POST['fax']);
                    
                     $cell = ($_POST['cell']);

            $aim = ($_POST['aim']);

            $msn = ($_POST['msn']);

            $yahoo = ($_POST['yahoo']);

            $irc = ($_POST['irc']);

            $ircalias = ($_POST['ircalias']);

            $referedby = ($_POST['clientid']);

            $comment = ($_POST['comment']);

               

            mysql_query("INSERT INTO results (company, title, phone, cell, fax, firstname, lastname, address, city, state, zip, email, aim, msn, yahoo, irc, ircalias, referedby, comment) VALUES ('$company', '$title', '$phone', '$cell', '$fax', '$firstname', '$lastname','$address', '$city', '$state', '$zip', '$email', '$aim', '$msn', '$yahoo', '$irc', '$ircalias',  '$referedby', '$comment') ");      
      
            
        }



    }



    elseif ($_GET['view'] == "list")

    {



        echo "

        <p><b>Current Listings</b></p><p>

        <table border=0 cellpadding=0 cellspacing=2>";





        $result = mysql_query("SELECT * FROM results ORDER BY lastname ASC");

        while ($row = mysql_fetch_assoc($result))

        {

            $details = nl2br($row['details']);



            echo "

                             <tr>

            <td width=150>Last Name:</td>

            <td width=360>{$row['lastname']}</td>

            </tr>
            <tr>

            <td width=150>First Name:</td>

            <td width=360>{$row['firstname']}</td>

            </tr>
                              <tr>

            <td width=150>Title:</td>

            <td width=360>{$row['title']}</td>

            </tr>
                              <tr>

            <td width=150>Company Name:</td>

            <td width=360>{$row['company']}</td>

            </tr>
            <tr>

            <tr>

            <td width=150>Address:</td>

            <td width=360>{$row['address']}</td>

            </tr>
            <tr>

            <td width=150>City:</td>

            <td width=360>{$row['city']}</td>

            </tr>
            <tr>

            <td width=150>State:</td>

            <td width=360>{$row['state']}</td>

            </tr>
            <tr>

            <td width=150>Zip Code:</td>

            <td width=360>{$row['zip']}</td>

            </tr>

            <tr>

            <td width=150>Phone:</td>

            <td width=360>{$row['phone']}</td>

            </tr>
            <tr>

            <td width=150>Cell:</td>

            <td width=360>{$row['cell']}</td>

            </tr>
            <tr>

            <td width=150>Fax:</td>

            <td width=360>{$row['fax']}</td>

            </tr>

            <tr>

            <td width=150>Email:</td>

            <td width=360>{$row['email']}</td>

            </tr>

            <tr>

            <td width=150>AIM:</td>

            <td width=360>{$row['aim']}</td>

            </tr>

            <tr>

            <td width=150>MSN:</td>

            <td width=360>{$row['msn']}</td>

            </tr>

            <tr>

            <td width=150>YAHOO:</td>

            <td width=360>{$row['yahoo']}</td>

            </tr>

            <tr>

            <td width=150>IRC:</td>

            <td width=360>{$row['irc']}</td>

            </tr>

            <tr>

            <td width=150>IRC Alias:</td>

            <td width=360>{$row['ircalias']}</td>

            </tr>

            <tr>

            <td width=150>Comments:</td>

            <td width=360>{$row['comment']}</td>

            </tr>

            <tr>

            <tr>

            <td width=150>Refered By:</td>

            <td width=360>{$row['referedby']}</td>

            </tr>


            <td width=150></td>

            <td width=360><a href=\"sales.php?edit={$row[id]}\"> Edit </a> - <a href=\"sales.php?del={$row[id]}\"> Delete </a></td>

            </tr>

            <tr>

            <td width=150><hr></td>

            <td width=360><hr></td>

            </tr>" ;

        }



        echo "</table>";

    }





    elseif (isset($_GET['edit']))

    {



        if (isset($_POST['submit']))

        {

            $firstname = strip_tags($_POST['firstname']);
            $company = strip_tags($_POST['company']);

            $lastname = strip_tags($_POST['lastname']);
                  $title = strip_tags($_POST['title']);

            $address = strip_tags($_POST['address']);

            $city = strip_tags($_POST['city']);

            $state = strip_tags($_POST['state']);

            $zip = strip_tags($_POST['zip']);

                  $phone = strip_tags($_POST['phone']);
           
                  $cell = strip_tags($_POST['cell']);
                  
                  $fax = strip_tags($_POST['fax']);
                  
                  $email = strip_tags($_POST['email']);

            $aim = strip_tags($_POST['aim']);

            $msn = strip_tags($_POST['msn']);

            $yahoo = strip_tags($_POST['yahoo']);

            $irc = strip_tags($_POST['irc']);

            $ircalias = strip_tags($_POST['ircalias']);

            $referedby = strip_tags($_POST['clientid']);

            $comment = strip_tags($_POST['comment']);



            mysql_query("UPDATE results SET company = '$_POST[company]', title = '$_POST[title]', firstname = '$_POST[firstname]', lastname = '$_POST[lastname]',phone = '$_POST[phone]', fax = '$_POST[fax]', cell = '$_POST[cell]', address = '$_POST[address]', city = '$_POST[city]', state = '$_POST[state]', zip = '$_POST[zip]', email = '$_POST[email]', aim = '$_POST[aim]', msn = '$_POST[msn]', yahoo = '$_POST[yahoo]', irc = '$_POST[irc]', ircalias = '$_POST[ircalias]', referedby = '$_POST[clientid]', comment = '$_POST[comment]'  WHERE id = $_GET[edit] ");



            echo "<meta HTTP-EQUIV=refresh content=0;url=sales.php?view=list>";

        }

       $sql = "SELECT id, lastname, firstname FROM results ORDER BY lastname ASC";
     $res_cat = mysql_query($sql); // handle to category set


        $result = mysql_query("SELECT * FROM results WHERE id = $_GET[edit]");

        $row = mysql_fetch_assoc($result);

        echo "

        <form action=sales.php?edit=$_GET[edit] method=post>



        <b>Edit Submission</b><p>


        <table border=0 cellpadding=0 cellspacing=2>
         <tr>
           <td>Title:</td>
           <td><select name=\"title\">
       <option value=\"\" selected>-</option>
       <option value=\"Mr.\">Mr.</option>
       <option value=\"Mrs.\">Mrs.</option>
       <option value=\"Dr.\">Dr.</option>
       <option value=\"Ms.\">Ms.</option>
       <option value=\"Miss\" selected>Miss</option>
          </select> </td>
         </tr>

         <tr>

          <td width=150>First Name:</td>

          <td width=360><input type=\"text\" name=\"firstname\" size=\"60\" maxlength=\"100\" value=\"{$row['firstname']}\">

         </td>

         </tr>
         <tr>

          <td width=150>Last Name:</td>

          <td width=360><input type=\"text\" name=\"lastname\" size=\"60\" maxlength=\"100\" value=\"{$row['lastname']}\">

         </td>

         </tr>
                      <tr>

          <td width=150>Company Name:</td>

          <td width=360><input type=\"text\" name=\"company\" size=\"60\" maxlength=\"100\" value=\"{$row['company']}\">

         </td>

         </tr>

         <tr>

          <td width=150>Address:</td>

          <td width=360><input type=\"text\" name=\"address\" size=\"60\" maxlength=\"100\" value=\"{$row['address']}\">

         </td>

         </tr>

         <tr>


          <td width=150>City:</td>

          <td width=360><input type=\"text\" name=\"city\" size=\"60\" maxlength=\"100\" value=\"{$row['city']}\">

         </td>

         </tr>

         <tr>


          <td width=150>State:</td>

          <td width=360><input type=\"text\" name=\"state\" size=\"60\" maxlength=\"100\" value=\"{$row['state']}\">

         </td>

         </tr>

         <tr>


          <td width=150>Zip Code:</td>

          <td width=360><input type=\"text\" name=\"zip\" size=\"60\" maxlength=\"100\" value=\"{$row['zip']}\">

         </td>

         </tr>

         <tr>


          <td width=150>Phone</td>

          <td width=360><input type=\"text\" name=\"phone\" size=\"60\" maxlength=\"100\" value=\"{$row['phone']}\">

         </td>

         </tr>
         <tr>


          <td width=150>Cell</td>

          <td width=360><input type=\"text\" name=\"cell\" size=\"60\" maxlength=\"100\" value=\"{$row['cell']}\">

         </td>

         </tr>
         <tr>


          <td width=150>Fax</td>

          <td width=360><input type=\"text\" name=\"fax\" size=\"60\" maxlength=\"100\" value=\"{$row['fax']}\">

         </td>

         </tr>
         <tr>


          <td width=150>Email</td>

          <td width=360><input type=\"text\" name=\"email\" size=\"60\" maxlength=\"100\" value=\"{$row['email']}\">

         </td>

         </tr>

         <tr>

          <td width=150>AIM:</td>

          <td width=360><input type=\"text\" name=\"aim\" size=\"60\" maxlength=\"100\" value=\"{$row['aim']}\">

          </td>

         </tr>

         <tr>

          <td width=150>MSN:</td>

          <td width=360><input type=\"text\" name=\"msn\" size=\"60\" maxlength=\"100\" value=\"{$row['msn']}\">

         </td>

         </tr>

          <tr>

          <td width=150>YAHOO:</td>

          <td width=360><input type=\"text\" name=\"yahoo\" size=\"60\" maxlength=\"100\" value=\"{$row['yahoo']}\">

         </td>

         </tr>

          <tr>

          <td width=150>IRC:</td>

          <td width=360><input type=\"tex\"t name=\"irc\" size=\"60\" maxlength=\"100\" value=\"{$row['irc']}\">

         </td>

         </tr>

          <tr>

          <td width=150>IRC Alias:</td>

          <td width=360><input type=\"text\" name=\"ircalias\" size=\"60\" maxlength=\"100\" value=\"{$row['ircalias']}\">

         </td>

         </tr>
 


             <tr valign=top>

          <td width=150>Comments:</td>

          <td width=360><textarea name=\"comment\" rows=\"5\" cols=\"45\">{$row['comment']}</textarea></td>

         </td>

         </tr>
         <tr>

          <td width=150>Refered By:</td>

          <td width=360>" ?>
              <select name="clientid">
       <option value="">-</option>
     <?php while ($row = mysql_fetch_assoc($res_cat)) { ?>        
          <option value='<?php echo $row['id']; ?>'><?php echo $row['lastname']; ?> - <?php echo $row['firstname']; ?></option>              
     <?php } ?>
     </select>
<?php echo "
         </td>

         </tr>

        </table>

        <table border=0 cellpadding=0 cellspacing=2>

         <tr valign=top>

          <td width=532 align=right><input type='submit' name='submit' value='EDIT CLIENT INFORMATION'></td>

           

         </tr>

        </table>

        <p>

           

        </form> ";



    }







?>
</font>

</body>

        </html>

0
 
LVL 1

Assisted Solution

by:waan
waan earned 125 total points
ID: 11928067
I am sorry, I have come on thescene late.

I think all the people who have commented so far have made most valid points.

I took the original post and had a little play with it. The first thing that stood out as odd was the SQL statement.....

mysql_query("UPDATE invoice SET clientid = '$_POST[clientid]', rate = '$_POST[rate]', hours = '$_POST[hours]', hardware = '$_POST[hardware]', hardwaretext = '$_POST[hardwaretext]', comment = '$_POST[comment]', tax = '$_POST[comment]', total = '$total'   WHERE id = $_POST[submit] ");

As I read the code the WHERE clause should end up  with something like ... "WHERE id = EDIT INVOICE" following the original post.

Now, I admit I do not know the data structure you have set up, but tis strikes me as a little odd.

I find it helps me to debug the SQL if I break up and structure the php query statement, something like....

$sql = UPDATE invoice SET clientid = '$_POST[clientid]', rate = '$_POST[rate]', hours = '$_POST[hours]', hardware = '$_POST[hardware]', hardwaretext = '$_POST[hardwaretext]', comment = '$_POST[comment]', tax = '$_POST[comment]', total = '$total'   WHERE id = $_POST[submit] ";

$result = mysql_query ($sql) or die("insert appropriate error here allowing you to locate this section of code<P>$sql<P>" . mysql_error());


This will halt the script when there is a SQL error and display the error for you...

I hope this helps, even a little....



0
 
LVL 1

Author Comment

by:livegirllove
ID: 11928625
Heres the code, for anybody that sees this later.  It works perfectly.  Im going to open a new topic on the security issue and on cleaning up the code in general.

thanks for the help.


<html>

<head>

<title>invoice</title>

</head>



<body bgcolor="white" text="black" link="black" vlink="black" alink="black">
         <font face="TAHOMA" size="1" color="#000000">
<a href="invoice.php?view=list">[List Invoices]</a> -

<a href="invoice.php?action=new">[New Invoice]</a> -
<a href="sales.php">[New Client]</a>        


<?php



     include("db.php"); // setup connection to mysql

       $sql = "SELECT id, firstname, lastname FROM results ORDER BY lastname DESC";
     $res_cat = mysql_query($sql); // handle to category set


if(isset($_GET['del'])) {
            
            echo "<center>Are you sure you want to delete that entry ?
            <BR>
            <a href=\"invoice.php?delete=yes&del=" . $_GET['del'] . "\">Yes</a><BR>
            <a href=\"invoice.php?delete=no\">No</a>
            </center>";
            
            if ($delete == "yes"){
            mysql_query("DELETE FROM invoice WHERE id = '" . $_GET['del'] . "'");
            echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";
            }
            elseif ($delete == "no") {echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";}
      }




       

    if (($_GET['action'] == "new") || ($_POST['action'] == "new"))

    {

        ?>
        <form action="invoice.php" method="post"> <input type="hidden" name="action" value="new">

                                         

       
                                          <p>



        <table border="0" cellpadding="0" cellspacing="2">
     <tr><td><select name="clientid">
       <option value="">-</option>
     <?php while ($row = mysql_fetch_assoc($res_cat)) { ?>        
          <option value="<?php echo $row['id']; ?>"><?php echo $row['lastname']; ?> - <?php echo $row['firstname']; ?></option>              
     <?php } ?>
     </select></td></tr>
         <tr>

          <td width="250">Rate:</td>

          <td width="360"><input type="text" name="rate" size="5" maxlength="10">

         </td>

         </tr>
         <tr>

          <td width="250" bgcolor="#CCCCCC">Hours:</td>

          <td width="360" bgcolor="#CCCCCC"><input type="text" name="hours" size="5" maxlength="10">

         </td>

         </tr>
         <tr>

          <td width="250">Hardware Cost:</td>

          <td width="360"><input type="text" name="hardware" size="60" maxlength="100">

         </td>

         </tr>

         <tr>

          <td width="250" bgcolor="#CCCCCC">Hardware Comments:</td>

          <td width="360" bgcolor="#CCCCCC"><textarea name="hardwaretext" rows="5" cols="45"></textarea>

         </td>

         </tr>

             <tr valign="top">

          <td width="250">Comments:</td>

          <td width="360"><textarea name="comment" rows="5" cols="45"></textarea></td>

         

         </tr>

        </table>

        <table border="0" cellpadding="0" cellspacing="2">

         <tr valign="top">

          <td width="532" align="right"><input type="submit" name="submit" value="Create Invoice"></td>

           

         </tr>

        </table>

        <p>

           

        </form> <?php


        if (isset($_POST['submit']))

        {
                  echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";
            $clientid = ($_POST['clientid']);

            $rate = ($_POST['rate']);

            $hours = ($_POST['hours']);
               
            $hardware = ($_POST['hardware']);

            $hardwaretext = ($_POST['hardwaretext']);

            $comment = ($_POST['comment']);

            $tax = "1.075";

                  $total = (($rate * $hours) + ($hardware * $tax));
                        
           
                  mysql_query("INSERT INTO invoice (clientid, rate, hours, hardware, hardwaretext, comment, tax, total, date) VALUES ('$clientid', '$rate', '$hours', '$hardware', '$hardwaretext', '$comment', '$tax', '$total', now()) ");        
      
            
        }



    }



    elseif ($_GET['view'] == "list")

    {



        echo "

        <p><b>Current Listings</b></p><p>

        <table border=\"0\" cellpadding=\"0\" cellspacing=\"2\">";





        $result = mysql_query("SELECT * FROM invoice ORDER BY id DESC");

        while ($row = mysql_fetch_assoc($result))

        {

            $details = nl2br($row['details']);



            echo "

            <tr>

            <td width=\"250\">Client ID:</td>

            <td width=\"360\">{$row['clientid']}</td>

            </tr>
                                                <tr>

            <td width=\"250\">Invoice Number:</td>

            <td width=\"360\">{$row['id']}</td>

            </tr>

                              <tr>

            <td width=\"250\">Invoice Date:</td>

            <td width=\"360\">{$row['date']}</td>

            </tr>

            <tr>

            <td width=\"250\">Rate</td>

            <td width=\"360\">{$row['rate']}</td>

            </tr>
            <tr>

            <td width=\"250\">Hours:</td>

            <td width=\"360\">{$row['hours']}</td>

            </tr>
            <tr>

            <td width=\"250\">Hardware Cost:</td>

            <td width=\"360\">{$row['hardware']}</td>

            </tr>
            <tr>

            <td width=\"250\">Hardware Comments:</td>

            <td width=\"360\">{$row['hardwaretext']}</td>

            </tr>

            <tr>

            <td width=\"250\">Comments:</td>

            <td width=\"360\">{$row['comment']}</td>

            </tr>
            <tr>

            <td width=\"250\">Total:</td>

            <td width=\"360\">{$row['total']}</td>

            </tr>


            <tr>

            <td width=\"250\"></td>

            <td width=\"360\"><a href=\"invoice.php?edit={$row[id]}\"> Edit </a> - <a href=\"invoice.php?del={$row[id]}\"> Delete </a></td>

            </tr>

            <tr>

            <td width=\"250\">&nbsp;</td>

            <td width=\"360\">&nbsp;</td>

            </tr>";

        }



        echo "</table>";

    }





    elseif (isset($_GET['edit']))

    {



        if (isset($_POST['submit']))

        {

            $clientid = ($_POST['clientid']);

            $rate = ($_POST['rate']);

            $hours = ($_POST['hours']);
               
            $hardware = ($_POST['hardware']);

            $hardwaretext = ($_POST['hardwaretext']);

            $comment = ($_POST['comment']);

            $tax = "1.075";

                  $total = (($rate * $hours) + ($hardware * $tax));



            mysql_query("UPDATE invoice SET rate = '$_POST[rate]', hours = '$_POST[hours]', hardware = '$_POST[hardware]', hardwaretext = '$_POST[hardwaretext]', comment = '$_POST[comment]', tax = $tax, total = $total WHERE id = $_GET[edit] ");



            echo "<meta HTTP-EQUIV=refresh content=0;url=invoice.php?view=list>";

        }

       $sql = "SELECT id, lastname, firstname FROM results ORDER BY lastname DESC";
     $res_cat = mysql_query($sql); // handle to category set


        $result = mysql_query("SELECT * FROM invoice WHERE id = $_GET[edit]");

        $row = mysql_fetch_assoc($result);

        echo "

        <form action=\"invoice.php?edit=$_GET[edit]\" method=\"post\">

        <b>Edit Submission</b><p>


        <table border=\"0\" cellpadding=\"0\" cellspacing=\"2\">

         <tr>

          <td width=\"250\">Client Id:</td>

          <td width=\"360\">{$row['clientid']}
         </td>

         </tr>

         <tr>

          <td width=\"250\">Rate:</td>

          <td width=\"360\"><input type=\"text\" name=\"rate\" size=\"60\" maxlength=\"100\" value=\"{$row['rate']}\">

         </td>

         </tr>

         <tr>


          <td width=\"250\">Hours:</td>

          <td width=\"360\"><input type=\"text\" name=\"hours\" size=\"60\" maxlength=\"100\" value=\"{$row['hours']}\">

         </td>

         </tr>

         <tr>


          <td width=\"250\">Hardware Cost:</td>

          <td width=\"360\"><input type=\"text\" name=\"hardware\" size=\"60\" maxlength=\"100\" value=\"{$row['hardware']}\">

         </td>

         </tr>

         <tr>


          <td width=\"250\">Hardware Comments:</td>

          <td width=\"360\"><textarea name=\"hardwaretext\" rows=\"5\" cols=\"45\">{$row['hardwaretext']}</textarea>

         </td>

         </tr>

             <tr valign=top>

          <td width=\"250\">Comments:</td>

          <td width=\"360\"><textarea name=\"comment\" rows=\"5\" cols=\"45\">{$row['comment']}</textarea></td>

         </td>

         </tr>
             <tr valign=top>

          <td width=\"250\">Total:</td>

          <td width=\"360\">{$row['total']} - If you changed the values above this will change </td>

         </td>

         </tr>

        </table>

        <table border=\"0\" cellpadding=\"0\" cellspacing=\"2\">

         <tr valign=\"top\">

          <td width=\"532\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"EDIT INVOICE\"></td>

           

         </tr>

        </table>

        <p>

           

        </form>";


    }







?>
</font>

</body>

        </html>

0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Generating table dynamically is the most common issue faced by php developers.... So it seems there is a need of an article that explains the basic concept of generating tables dynamically. It just requires a basic knowledge of html and little maths…
This article discusses four methods for overlaying images in a container on a web page
The viewer will learn how to dynamically set the form action using jQuery.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

8 Experts available now in Live!

Get 1:1 Help Now