[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 269
  • Last Modified:

PHP Code Not Working Properly

The attached code pulls data from a mysql database & displays it in a form so I can edit it. After I make the change/edit it, I then click the submit button at the bottom & it is supposed to update the record that is displayed BUT it don't, it just adds the updated record as a new entry in my mysql database...Can someone take a look & let me know what is going on? Thanks
<?php # add.php

$page_title = 'Edit a Record';

$con = mysql_connect("localhost","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("psrflow", $con);

$result = mysql_query("SELECT * FROM psrinfo ");

// Check if the form has been submitted.

if (isset($_POST['submitted'])) {

	$errors = array(); // Initialize error array.
	
	if (empty($errors)) { // If everything's OK.
	
		// Make the query.
		$query = "UPDATE psrinfo SET pacts='$pacts', fname='$fname', lname='$lname', status='$status', employee='$employee', location='$location', assgn_date='$assgn_date', interv_date='$interv_date' sent_date='$sent_date', due_rev='$due_rev', due_suspo='$due_suspo', due_clerk='$due_clerk', due_super='$due_super', due_owner='$due_owner' WHERE id=$id";
		$result = @mysql_query ($query); // Run the query.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) == '/') OR (substr($url, -1) == '//')) {
$url = substr ($url, 0, -1);
}
$url .='/view_ts.php';
header("Location: $url");
exit();

		
	} else { // Report the errors.
	
		echo '<h1 id="mainhead">Error!</h1>
		<p class="error">The following error(s) occurred:<br />';
		foreach ($errors as $msg) { // Print each error.
			echo " - $msg<br />\n";
		}
		echo '</p><p>Please try again.</p><p><br /></p>';
		
	} // End of if (empty($errors)) IF.

} // End of submit conditional.

// Retrieve the user's information.
$query = "SELECT pacts, fname, lname, status, employee, location, assgn_date, interv_date, sent_date, due_rev, due_suspo, due_clerk, due_super, due_owner FROM psrinfo WHERE id = " . $_REQUEST['id'];
$result = @mysql_query ($query); // Run the query.

list($pacts, $fname, $lname, $status, $employee, $location, $assgn_date, $interv_date, $sent_date, $due_rev, $due_suspo, $due_clerk, $due_super, $due_owner) = mysql_fetch_array($result, MYSQL_NUM);

?>	

<script type="text/javascript">
var valid;

function d2(v) { return (v<10)?("0"+v):v; }

function dcheck(form) {
var a = form.assgn_date.value;
var s = form.sent_date.value;
var i = form.interv_date.value;
var dr = form.due_rev.value
var su = form.due_suspo
var clk = form.due_clerk
var att = form.due_super
var jdg = form.due_owner
var assn  = new Date(a);
var sent = new Date(s);
var intv = new Date(i);
var due_rev = new Date(dr);
var due_suspo = new Date(su);
var due_clerk = new Date(clk);
var due_super = new Date(sup);
var due_owner = new Date(own);


if (isNaN(intv)) {
intv = new Date(assn.getFullYear(),assn.getMonth(),assn.getDate()+0);
}
if (isNaN(assn)) {
assn = new Date(assn.getFullYear(),assn.getMonth(),assn.getDate()+0);
}
if (isNaN(due_rev)) {
due_rev = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-42);
}
if (isNaN(due_suspo)) {
due_suspo = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-40);
}
if (isNaN(due_clerk)) {
due_clerk = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-38);
}
if (isNaN(due_super)) {
due_super = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-36);
}
if (isNaN(due_owner)) {
due_owner = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-7);
}


switch(due_rev.getDay()){
  case 0: due_rev.setDate(due_rev.getDate() - 1); // take one for Sunday
  case 6: due_rev.setDate(due_rev.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_suspo.getDay()){
  case 0: due_suspo.setDate(due_suspo.getDate() - 1); // take one for Sunday
  case 6: due_suspo.setDate(due_suspo.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_clerk.getDay()){
  case 0: due_clerk.setDate(due_clerk.getDate() - 1); // take one for Sunday
  case 6: due_clerk.setDate(due_clerk.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_super.getDay()){
  case 0: due_super.setDate(due_super.getDate() - 1); // take one for Sunday
  case 6: due_super.setDate(due_super.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_owner.getDay()){
  case 0: due_owner.setDate(due_owner.getDate() - 1); // take one for Sunday
  case 6: due_owner.setDate(due_owner.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_rev.getDay()){
  case 0: due_rev.setDate(due_rev.getDate() - 1); // take one for Sunday
  case 6: due_rev.setDate(due_rev.getDate() - 1); // take two for Sunday or one for Saturday
}

form.assgn_date.value = (assn.getFullYear()+0) + "-" + d2(assn.getMonth()+1) + "-" + d2(assn.getDate());
form.interv_date.value = (intv.getFullYear()+0) + "-" + d2(intv.getMonth()+1) + "-" + d2(intv.getDate());
form.sent_date.value = (sent.getFullYear()+0) + "-" + d2(sent.getMonth()+1) + "-" + d2(sent.getDate());
form.due_rev.value = (due_rev.getFullYear()+0) + "-" + d2(due_rev.getMonth()+1) + "-" + d2(due_rev.getDate());
form.due_suspo.value = (due_suspo.getFullYear()+0) + "-" + d2(due_suspo.getMonth()+1) + "-" + d2(due_suspo.getDate());
form.due_clerk.value = (due_clerk.getFullYear()+0) + "-" + d2(due_clerk.getMonth()+1) + "-" + d2(due_clerk.getDate());
form.due_super.value = (due_super.getFullYear()+0) + "-" + d2(due_super.getMonth()+1) + "-" + d2(due_super.getDate());
form.due_owner.value = (due_owner.getFullYear()+0) + "-" + d2(due_owner.getMonth()+1) + "-" + d2(due_owner.getDate());
return true;
}

</script>

<form action="add.php" method="post">
<fieldset><legend><h1> You are editing a record!</h1></legend>

<b>PACTS No:</b> <br><input type="text" name="pacts" size="15" maxlength="30" value="<?php echo $pacts; ?>" /><br>
<b>First Name:</b> <br><input type="text" name="fname" size="15" maxlength="30" value="<?php echo $fname; ?>" /><br />
<b>Last Name:</b> <br><input type="text" name="lname" size="15" maxlength="30" value="<?php echo $lname; ?>" /><br />
<b>Status: </b><br><input type="text" name="status" size="15" maxlength="30" value="<?php echo $status; ?>" /> <br>
<b>Location: </b><br><input type="text" name="location" size="15" maxlength="30" value="<?php echo $location; ?>" /><br>
<b>Employee: </b><br><input type="text" name="employee" size="15" maxlength="30" value="<?php echo $employee; ?>" /> <br>
<b>Assign Date: MM/DD/YYYY </b><br><input type="text" name="assgn_date" size="15" maxlength="30" value="<?php echo $assgn_date; ?>" /> <br>
<b>Interview Date: MM/DD/YYYY </b><br><input type="text" name="interv_date" size="15" maxlength="30" value="<?php echo $interv_date; ?>" /> <br>
<b>Sent Date: MM/DD/YYYY </b><br><input type="text" name="sent_date" size="15" maxlength="30" value="<?php echo $sent_date; ?>" /> <br>

<p><input type="button" value="Calculate" onclick="return dcheck(this.form);">	<b> DO NOT enter anything below this line. Click the "Calculate" Button.</b></p>

<b>-----------------------------------------------------------</b> <br />

<b>Due to Reviewer:</b><br><input type="text" name="due_rev" size="15" maxlength="30" value="<?php echo $due_rev; ?>" /> <br>
<b>Due to SUSPO:</b><br><input type="text" name="due_suspo" size="15" maxlength="30" value="<?php echo $due_suspo; ?>" /> <br>
<b>Due to Clerk:</b><br><input type="text" name="due_clerk" size="15" maxlength="30" value="<?php echo $due_clerk; ?>" /> <br>
<b>Due to Supervisor:</b><br><input type="text" name="due_super" size="15" maxlength="30" value="<?php echo $due_super; ?>" /> <br>
<b>Due to Owner:</b><br><input type="text" name="due_owner" size="15" maxlength="30" value="<?php echo $due_owner; ?>" /> <br>
<br>

</fieldset>
<input type="hidden" name="submitted" value="TRUE" />

<div align="left"><input type="submit" name="submit" value="Submit" /></div>

</form>
<?php
mysql_close(); // Close the database connection.

?>

Open in new window

0
wantabe2
Asked:
wantabe2
  • 5
  • 4
  • 3
  • +1
1 Solution
 
MarkXIIICommented:
Hi wantabe2,
I don't have a web server with php installed handy so I can test it but it looks like the $id variable in the UPDATE might not be properly initialized.
Maybe you should pass it has a hidden field?
0
 
KendorCommented:
are the variables set if you run the update query (i.e. $pacts, $fname etc...)? i see them to be set after that?
furthermore $id is not set either?
0
 
KendorCommented:
furthermore to prevent (or reduce) damage by sql injection you might want to use stripslashes and mysql_real_escape_string.

like:
$str = stripslashes($_POST['str']);
$str = mysql_real_escape_string($str);

and then do your query:
$query = "UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname=.... WHERE id=".$id;

(you can also use {$id} instead)


0
Veeam Disaster Recovery in Microsoft Azure

Veeam PN for Microsoft Azure is a FREE solution designed to simplify and automate the setup of a DR site in Microsoft Azure using lightweight software-defined networking. It reduces the complexity of VPN deployments and is designed for businesses of ALL sizes.

 
wantabe2Author Commented:
okay, I'm a little confused...I'm new to programming...everything is working great up to this point. If I click on the "edit" link next to each of my records, it pulls that record up in a browser & I can edit the fields. Then when I click the submit button at the bottom, do I just need to have the pass to a SQL UPDATE page such as something named update_record.php with some code similair to the below?
<?php # update_record.php 

$page_title = 'Edit a Record'; 

$con = mysql_connect("localhost","uname","password"); 
if (!$con) 
  { 
  die('Could not connect: ' . mysql_error()); 
  } 

mysql_select_db("psrflow", $con); 

$result = mysql_query("SELECT * FROM psrinfo "); 

// Check if the form has been submitted. 

if (isset($_POST['submitted'])) { 

    $errors = array(); // Initialize error array. 
     
    if (empty($errors)) { // If everything's OK. 
     
        // Make the query. 
        $query = "UPDATE psrinfo SET pacts='$pacts', fname='$fname', lname='$lname', status='$status', employee='$employee', location='$location'  WHERE id = " . $_REQUEST['id']; 
        $result = @mysql_query ($query); // Run the query. 
         
        ?>

Open in new window

0
 
KendorCommented:
thats correct. but: you have to really set those variables $pacts $fname somehow. otherwise you will empty the values.

before you run the query you have to set
$pacts = $_REQUEST['pacts']
$fname = $_REQUEST['fname']
etc.

if you want to do it somehow safer then you should use:
$pacts = stripslashes($_POST['pacts']);
$pacts = mysql_real_escape_string($pacts);

and then i would write
"UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname=.... WHERE id=".$id

hint:
you can use print or echo to output the $query for debugging too..  then you should see the values that are entered in the query and whether it is correct.
0
 
wantabe2Author Commented:
Okay,
I think I may have it but have come across a new issue. I created a file & named it update_record.php. This is the file that actually does the updating. Now when I edit the record & click submit I get the following error attached as an image. I've also attached the code.
<?php
$con = mysql_connect("localhost","uname","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("psrflow", $con);

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$offender_lname."' WHERE id=".$id


mysql_close($con);
?>

Open in new window

crapp.JPG
0
 
Lukasz ChmielewskiCommented:
Put ; at the end of the line
mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$offender_lname."' WHERE id=".$id;
0
 
wantabe2Author Commented:
okay, I'm almost there.....can someone tell me why I'm getting this error:

"Parse error: syntax error, unexpected $end in C:\wamp\www\flow\officer_query\update_record.php on line 14"
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."';)  


mysql_close($con); 
?>

Open in new window

0
 
MarkXIIICommented:
Your ; must be outside the parenthesis.

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."');
0
 
Lukasz ChmielewskiCommented:
Missing " before ;
mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."'";)
0
 
Lukasz ChmielewskiCommented:
I mean after ;
0
 
wantabe2Author Commented:
Still getting same error...
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."');  


mysql_close($con); 
?>

Open in new window

0
 
wantabe2Author Commented:
I figured it out. I was forgetting the double quote at the end! SEE I am learning a little bit :)

Thanks for your help
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."'");  


mysql_close($con); 
?>

Open in new window

0
 
KendorCommented:
thank you anyways for assigning no points to me at all :/
0

Featured Post

How to Use the Help Bell

Need to boost the visibility of your question for solutions? Use the Experts Exchange Help Bell to confirm priority levels and contact subject-matter experts for question attention.  Check out this how-to article for more information.

  • 5
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now