Solved

PHP Code Not Working Properly

Posted on 2011-03-14
14
249 Views
Last Modified: 2012-05-11
The attached code pulls data from a mysql database & displays it in a form so I can edit it. After I make the change/edit it, I then click the submit button at the bottom & it is supposed to update the record that is displayed BUT it don't, it just adds the updated record as a new entry in my mysql database...Can someone take a look & let me know what is going on? Thanks
<?php # add.php

$page_title = 'Edit a Record';

$con = mysql_connect("localhost","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("psrflow", $con);

$result = mysql_query("SELECT * FROM psrinfo ");

// Check if the form has been submitted.

if (isset($_POST['submitted'])) {

	$errors = array(); // Initialize error array.
	
	if (empty($errors)) { // If everything's OK.
	
		// Make the query.
		$query = "UPDATE psrinfo SET pacts='$pacts', fname='$fname', lname='$lname', status='$status', employee='$employee', location='$location', assgn_date='$assgn_date', interv_date='$interv_date' sent_date='$sent_date', due_rev='$due_rev', due_suspo='$due_suspo', due_clerk='$due_clerk', due_super='$due_super', due_owner='$due_owner' WHERE id=$id";
		$result = @mysql_query ($query); // Run the query.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) == '/') OR (substr($url, -1) == '//')) {
$url = substr ($url, 0, -1);
}
$url .='/view_ts.php';
header("Location: $url");
exit();

		
	} else { // Report the errors.
	
		echo '<h1 id="mainhead">Error!</h1>
		<p class="error">The following error(s) occurred:<br />';
		foreach ($errors as $msg) { // Print each error.
			echo " - $msg<br />\n";
		}
		echo '</p><p>Please try again.</p><p><br /></p>';
		
	} // End of if (empty($errors)) IF.

} // End of submit conditional.

// Retrieve the user's information.
$query = "SELECT pacts, fname, lname, status, employee, location, assgn_date, interv_date, sent_date, due_rev, due_suspo, due_clerk, due_super, due_owner FROM psrinfo WHERE id = " . $_REQUEST['id'];
$result = @mysql_query ($query); // Run the query.

list($pacts, $fname, $lname, $status, $employee, $location, $assgn_date, $interv_date, $sent_date, $due_rev, $due_suspo, $due_clerk, $due_super, $due_owner) = mysql_fetch_array($result, MYSQL_NUM);

?>	

<script type="text/javascript">
var valid;

function d2(v) { return (v<10)?("0"+v):v; }

function dcheck(form) {
var a = form.assgn_date.value;
var s = form.sent_date.value;
var i = form.interv_date.value;
var dr = form.due_rev.value
var su = form.due_suspo
var clk = form.due_clerk
var att = form.due_super
var jdg = form.due_owner
var assn  = new Date(a);
var sent = new Date(s);
var intv = new Date(i);
var due_rev = new Date(dr);
var due_suspo = new Date(su);
var due_clerk = new Date(clk);
var due_super = new Date(sup);
var due_owner = new Date(own);


if (isNaN(intv)) {
intv = new Date(assn.getFullYear(),assn.getMonth(),assn.getDate()+0);
}
if (isNaN(assn)) {
assn = new Date(assn.getFullYear(),assn.getMonth(),assn.getDate()+0);
}
if (isNaN(due_rev)) {
due_rev = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-42);
}
if (isNaN(due_suspo)) {
due_suspo = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-40);
}
if (isNaN(due_clerk)) {
due_clerk = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-38);
}
if (isNaN(due_super)) {
due_super = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-36);
}
if (isNaN(due_owner)) {
due_owner = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-7);
}


switch(due_rev.getDay()){
  case 0: due_rev.setDate(due_rev.getDate() - 1); // take one for Sunday
  case 6: due_rev.setDate(due_rev.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_suspo.getDay()){
  case 0: due_suspo.setDate(due_suspo.getDate() - 1); // take one for Sunday
  case 6: due_suspo.setDate(due_suspo.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_clerk.getDay()){
  case 0: due_clerk.setDate(due_clerk.getDate() - 1); // take one for Sunday
  case 6: due_clerk.setDate(due_clerk.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_super.getDay()){
  case 0: due_super.setDate(due_super.getDate() - 1); // take one for Sunday
  case 6: due_super.setDate(due_super.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_owner.getDay()){
  case 0: due_owner.setDate(due_owner.getDate() - 1); // take one for Sunday
  case 6: due_owner.setDate(due_owner.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_rev.getDay()){
  case 0: due_rev.setDate(due_rev.getDate() - 1); // take one for Sunday
  case 6: due_rev.setDate(due_rev.getDate() - 1); // take two for Sunday or one for Saturday
}

form.assgn_date.value = (assn.getFullYear()+0) + "-" + d2(assn.getMonth()+1) + "-" + d2(assn.getDate());
form.interv_date.value = (intv.getFullYear()+0) + "-" + d2(intv.getMonth()+1) + "-" + d2(intv.getDate());
form.sent_date.value = (sent.getFullYear()+0) + "-" + d2(sent.getMonth()+1) + "-" + d2(sent.getDate());
form.due_rev.value = (due_rev.getFullYear()+0) + "-" + d2(due_rev.getMonth()+1) + "-" + d2(due_rev.getDate());
form.due_suspo.value = (due_suspo.getFullYear()+0) + "-" + d2(due_suspo.getMonth()+1) + "-" + d2(due_suspo.getDate());
form.due_clerk.value = (due_clerk.getFullYear()+0) + "-" + d2(due_clerk.getMonth()+1) + "-" + d2(due_clerk.getDate());
form.due_super.value = (due_super.getFullYear()+0) + "-" + d2(due_super.getMonth()+1) + "-" + d2(due_super.getDate());
form.due_owner.value = (due_owner.getFullYear()+0) + "-" + d2(due_owner.getMonth()+1) + "-" + d2(due_owner.getDate());
return true;
}

</script>

<form action="add.php" method="post">
<fieldset><legend><h1> You are editing a record!</h1></legend>

<b>PACTS No:</b> <br><input type="text" name="pacts" size="15" maxlength="30" value="<?php echo $pacts; ?>" /><br>
<b>First Name:</b> <br><input type="text" name="fname" size="15" maxlength="30" value="<?php echo $fname; ?>" /><br />
<b>Last Name:</b> <br><input type="text" name="lname" size="15" maxlength="30" value="<?php echo $lname; ?>" /><br />
<b>Status: </b><br><input type="text" name="status" size="15" maxlength="30" value="<?php echo $status; ?>" /> <br>
<b>Location: </b><br><input type="text" name="location" size="15" maxlength="30" value="<?php echo $location; ?>" /><br>
<b>Employee: </b><br><input type="text" name="employee" size="15" maxlength="30" value="<?php echo $employee; ?>" /> <br>
<b>Assign Date: MM/DD/YYYY </b><br><input type="text" name="assgn_date" size="15" maxlength="30" value="<?php echo $assgn_date; ?>" /> <br>
<b>Interview Date: MM/DD/YYYY </b><br><input type="text" name="interv_date" size="15" maxlength="30" value="<?php echo $interv_date; ?>" /> <br>
<b>Sent Date: MM/DD/YYYY </b><br><input type="text" name="sent_date" size="15" maxlength="30" value="<?php echo $sent_date; ?>" /> <br>

<p><input type="button" value="Calculate" onclick="return dcheck(this.form);">	<b> DO NOT enter anything below this line. Click the "Calculate" Button.</b></p>

<b>-----------------------------------------------------------</b> <br />

<b>Due to Reviewer:</b><br><input type="text" name="due_rev" size="15" maxlength="30" value="<?php echo $due_rev; ?>" /> <br>
<b>Due to SUSPO:</b><br><input type="text" name="due_suspo" size="15" maxlength="30" value="<?php echo $due_suspo; ?>" /> <br>
<b>Due to Clerk:</b><br><input type="text" name="due_clerk" size="15" maxlength="30" value="<?php echo $due_clerk; ?>" /> <br>
<b>Due to Supervisor:</b><br><input type="text" name="due_super" size="15" maxlength="30" value="<?php echo $due_super; ?>" /> <br>
<b>Due to Owner:</b><br><input type="text" name="due_owner" size="15" maxlength="30" value="<?php echo $due_owner; ?>" /> <br>
<br>

</fieldset>
<input type="hidden" name="submitted" value="TRUE" />

<div align="left"><input type="submit" name="submit" value="Submit" /></div>

</form>
<?php
mysql_close(); // Close the database connection.

?>

Open in new window

0
Comment
Question by:wantabe2
  • 5
  • 4
  • 3
  • +1
14 Comments
 
LVL 2

Expert Comment

by:MarkXIII
ID: 35131058
Hi wantabe2,
I don't have a web server with php installed handy so I can test it but it looks like the $id variable in the UPDATE might not be properly initialized.
Maybe you should pass it has a hidden field?
0
 
LVL 5

Expert Comment

by:Kendor
ID: 35131216
are the variables set if you run the update query (i.e. $pacts, $fname etc...)? i see them to be set after that?
furthermore $id is not set either?
0
 
LVL 5

Expert Comment

by:Kendor
ID: 35131265
furthermore to prevent (or reduce) damage by sql injection you might want to use stripslashes and mysql_real_escape_string.

like:
$str = stripslashes($_POST['str']);
$str = mysql_real_escape_string($str);

and then do your query:
$query = "UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname=.... WHERE id=".$id;

(you can also use {$id} instead)


0
 
LVL 15

Author Comment

by:wantabe2
ID: 35131435
okay, I'm a little confused...I'm new to programming...everything is working great up to this point. If I click on the "edit" link next to each of my records, it pulls that record up in a browser & I can edit the fields. Then when I click the submit button at the bottom, do I just need to have the pass to a SQL UPDATE page such as something named update_record.php with some code similair to the below?
<?php # update_record.php 

$page_title = 'Edit a Record'; 

$con = mysql_connect("localhost","uname","password"); 
if (!$con) 
  { 
  die('Could not connect: ' . mysql_error()); 
  } 

mysql_select_db("psrflow", $con); 

$result = mysql_query("SELECT * FROM psrinfo "); 

// Check if the form has been submitted. 

if (isset($_POST['submitted'])) { 

    $errors = array(); // Initialize error array. 
     
    if (empty($errors)) { // If everything's OK. 
     
        // Make the query. 
        $query = "UPDATE psrinfo SET pacts='$pacts', fname='$fname', lname='$lname', status='$status', employee='$employee', location='$location'  WHERE id = " . $_REQUEST['id']; 
        $result = @mysql_query ($query); // Run the query. 
         
        ?>

Open in new window

0
 
LVL 5

Expert Comment

by:Kendor
ID: 35131580
thats correct. but: you have to really set those variables $pacts $fname somehow. otherwise you will empty the values.

before you run the query you have to set
$pacts = $_REQUEST['pacts']
$fname = $_REQUEST['fname']
etc.

if you want to do it somehow safer then you should use:
$pacts = stripslashes($_POST['pacts']);
$pacts = mysql_real_escape_string($pacts);

and then i would write
"UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname=.... WHERE id=".$id

hint:
you can use print or echo to output the $query for debugging too..  then you should see the values that are entered in the query and whether it is correct.
0
 
LVL 15

Author Comment

by:wantabe2
ID: 35131832
Okay,
I think I may have it but have come across a new issue. I created a file & named it update_record.php. This is the file that actually does the updating. Now when I edit the record & click submit I get the following error attached as an image. I've also attached the code.
<?php
$con = mysql_connect("localhost","uname","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("psrflow", $con);

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$offender_lname."' WHERE id=".$id


mysql_close($con);
?>

Open in new window

crapp.JPG
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35132062
Put ; at the end of the line
mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$offender_lname."' WHERE id=".$id;
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 15

Author Comment

by:wantabe2
ID: 35132067
okay, I'm almost there.....can someone tell me why I'm getting this error:

"Parse error: syntax error, unexpected $end in C:\wamp\www\flow\officer_query\update_record.php on line 14"
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."';)  


mysql_close($con); 
?>

Open in new window

0
 
LVL 2

Expert Comment

by:MarkXIII
ID: 35132099
Your ; must be outside the parenthesis.

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."');
0
 
LVL 27

Expert Comment

by:Lukasz Chmielewski
ID: 35132117
Missing " before ;
mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."'";)
0
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 500 total points
ID: 35132122
I mean after ;
0
 
LVL 15

Author Comment

by:wantabe2
ID: 35132128
Still getting same error...
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."');  


mysql_close($con); 
?>

Open in new window

0
 
LVL 15

Author Comment

by:wantabe2
ID: 35132144
I figured it out. I was forgetting the double quote at the end! SEE I am learning a little bit :)

Thanks for your help
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."'");  


mysql_close($con); 
?>

Open in new window

0
 
LVL 5

Expert Comment

by:Kendor
ID: 35132234
thank you anyways for assigning no points to me at all :/
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Does the idea of dealing with bits scare or confuse you? Does it seem like a waste of time in an age where we all have terabytes of storage? If so, you're missing out on one of the core tools in every professional programmer's toolbox. Learn how to …
In this tutorial viewers will learn how to position overlapping items using z-index in CSS. They will also learn the restrictions on the z-index property.  Create a new HTML document with an internal stylesheet.: Create a div in CSS and name it Red.…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now