PHP Code Not Working Properly

The attached code pulls data from a mysql database & displays it in a form so I can edit it. After I make the change/edit it, I then click the submit button at the bottom & it is supposed to update the record that is displayed BUT it don't, it just adds the updated record as a new entry in my mysql database...Can someone take a look & let me know what is going on? Thanks
<?php # add.php

$page_title = 'Edit a Record';

$con = mysql_connect("localhost","username","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("psrflow", $con);

$result = mysql_query("SELECT * FROM psrinfo ");

// Check if the form has been submitted.

if (isset($_POST['submitted'])) {

	$errors = array(); // Initialize error array.
	
	if (empty($errors)) { // If everything's OK.
	
		// Make the query.
		$query = "UPDATE psrinfo SET pacts='$pacts', fname='$fname', lname='$lname', status='$status', employee='$employee', location='$location', assgn_date='$assgn_date', interv_date='$interv_date' sent_date='$sent_date', due_rev='$due_rev', due_suspo='$due_suspo', due_clerk='$due_clerk', due_super='$due_super', due_owner='$due_owner' WHERE id=$id";
		$result = @mysql_query ($query); // Run the query.

$url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);
if ((substr($url, -1) == '/') OR (substr($url, -1) == '//')) {
$url = substr ($url, 0, -1);
}
$url .='/view_ts.php';
header("Location: $url");
exit();

		
	} else { // Report the errors.
	
		echo '<h1 id="mainhead">Error!</h1>
		<p class="error">The following error(s) occurred:<br />';
		foreach ($errors as $msg) { // Print each error.
			echo " - $msg<br />\n";
		}
		echo '</p><p>Please try again.</p><p><br /></p>';
		
	} // End of if (empty($errors)) IF.

} // End of submit conditional.

// Retrieve the user's information.
$query = "SELECT pacts, fname, lname, status, employee, location, assgn_date, interv_date, sent_date, due_rev, due_suspo, due_clerk, due_super, due_owner FROM psrinfo WHERE id = " . $_REQUEST['id'];
$result = @mysql_query ($query); // Run the query.

list($pacts, $fname, $lname, $status, $employee, $location, $assgn_date, $interv_date, $sent_date, $due_rev, $due_suspo, $due_clerk, $due_super, $due_owner) = mysql_fetch_array($result, MYSQL_NUM);

?>	

<script type="text/javascript">
var valid;

function d2(v) { return (v<10)?("0"+v):v; }

function dcheck(form) {
var a = form.assgn_date.value;
var s = form.sent_date.value;
var i = form.interv_date.value;
var dr = form.due_rev.value
var su = form.due_suspo
var clk = form.due_clerk
var att = form.due_super
var jdg = form.due_owner
var assn  = new Date(a);
var sent = new Date(s);
var intv = new Date(i);
var due_rev = new Date(dr);
var due_suspo = new Date(su);
var due_clerk = new Date(clk);
var due_super = new Date(sup);
var due_owner = new Date(own);


if (isNaN(intv)) {
intv = new Date(assn.getFullYear(),assn.getMonth(),assn.getDate()+0);
}
if (isNaN(assn)) {
assn = new Date(assn.getFullYear(),assn.getMonth(),assn.getDate()+0);
}
if (isNaN(due_rev)) {
due_rev = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-42);
}
if (isNaN(due_suspo)) {
due_suspo = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-40);
}
if (isNaN(due_clerk)) {
due_clerk = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-38);
}
if (isNaN(due_super)) {
due_super = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-36);
}
if (isNaN(due_owner)) {
due_owner = new Date(sent.getFullYear(),sent.getMonth(),sent.getDate()-7);
}


switch(due_rev.getDay()){
  case 0: due_rev.setDate(due_rev.getDate() - 1); // take one for Sunday
  case 6: due_rev.setDate(due_rev.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_suspo.getDay()){
  case 0: due_suspo.setDate(due_suspo.getDate() - 1); // take one for Sunday
  case 6: due_suspo.setDate(due_suspo.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_clerk.getDay()){
  case 0: due_clerk.setDate(due_clerk.getDate() - 1); // take one for Sunday
  case 6: due_clerk.setDate(due_clerk.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_super.getDay()){
  case 0: due_super.setDate(due_super.getDate() - 1); // take one for Sunday
  case 6: due_super.setDate(due_super.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_owner.getDay()){
  case 0: due_owner.setDate(due_owner.getDate() - 1); // take one for Sunday
  case 6: due_owner.setDate(due_owner.getDate() - 1); // take two for Sunday or one for Saturday
}

switch(due_rev.getDay()){
  case 0: due_rev.setDate(due_rev.getDate() - 1); // take one for Sunday
  case 6: due_rev.setDate(due_rev.getDate() - 1); // take two for Sunday or one for Saturday
}

form.assgn_date.value = (assn.getFullYear()+0) + "-" + d2(assn.getMonth()+1) + "-" + d2(assn.getDate());
form.interv_date.value = (intv.getFullYear()+0) + "-" + d2(intv.getMonth()+1) + "-" + d2(intv.getDate());
form.sent_date.value = (sent.getFullYear()+0) + "-" + d2(sent.getMonth()+1) + "-" + d2(sent.getDate());
form.due_rev.value = (due_rev.getFullYear()+0) + "-" + d2(due_rev.getMonth()+1) + "-" + d2(due_rev.getDate());
form.due_suspo.value = (due_suspo.getFullYear()+0) + "-" + d2(due_suspo.getMonth()+1) + "-" + d2(due_suspo.getDate());
form.due_clerk.value = (due_clerk.getFullYear()+0) + "-" + d2(due_clerk.getMonth()+1) + "-" + d2(due_clerk.getDate());
form.due_super.value = (due_super.getFullYear()+0) + "-" + d2(due_super.getMonth()+1) + "-" + d2(due_super.getDate());
form.due_owner.value = (due_owner.getFullYear()+0) + "-" + d2(due_owner.getMonth()+1) + "-" + d2(due_owner.getDate());
return true;
}

</script>

<form action="add.php" method="post">
<fieldset><legend><h1> You are editing a record!</h1></legend>

<b>PACTS No:</b> <br><input type="text" name="pacts" size="15" maxlength="30" value="<?php echo $pacts; ?>" /><br>
<b>First Name:</b> <br><input type="text" name="fname" size="15" maxlength="30" value="<?php echo $fname; ?>" /><br />
<b>Last Name:</b> <br><input type="text" name="lname" size="15" maxlength="30" value="<?php echo $lname; ?>" /><br />
<b>Status: </b><br><input type="text" name="status" size="15" maxlength="30" value="<?php echo $status; ?>" /> <br>
<b>Location: </b><br><input type="text" name="location" size="15" maxlength="30" value="<?php echo $location; ?>" /><br>
<b>Employee: </b><br><input type="text" name="employee" size="15" maxlength="30" value="<?php echo $employee; ?>" /> <br>
<b>Assign Date: MM/DD/YYYY </b><br><input type="text" name="assgn_date" size="15" maxlength="30" value="<?php echo $assgn_date; ?>" /> <br>
<b>Interview Date: MM/DD/YYYY </b><br><input type="text" name="interv_date" size="15" maxlength="30" value="<?php echo $interv_date; ?>" /> <br>
<b>Sent Date: MM/DD/YYYY </b><br><input type="text" name="sent_date" size="15" maxlength="30" value="<?php echo $sent_date; ?>" /> <br>

<p><input type="button" value="Calculate" onclick="return dcheck(this.form);">	<b> DO NOT enter anything below this line. Click the "Calculate" Button.</b></p>

<b>-----------------------------------------------------------</b> <br />

<b>Due to Reviewer:</b><br><input type="text" name="due_rev" size="15" maxlength="30" value="<?php echo $due_rev; ?>" /> <br>
<b>Due to SUSPO:</b><br><input type="text" name="due_suspo" size="15" maxlength="30" value="<?php echo $due_suspo; ?>" /> <br>
<b>Due to Clerk:</b><br><input type="text" name="due_clerk" size="15" maxlength="30" value="<?php echo $due_clerk; ?>" /> <br>
<b>Due to Supervisor:</b><br><input type="text" name="due_super" size="15" maxlength="30" value="<?php echo $due_super; ?>" /> <br>
<b>Due to Owner:</b><br><input type="text" name="due_owner" size="15" maxlength="30" value="<?php echo $due_owner; ?>" /> <br>
<br>

</fieldset>
<input type="hidden" name="submitted" value="TRUE" />

<div align="left"><input type="submit" name="submit" value="Submit" /></div>

</form>
<?php
mysql_close(); // Close the database connection.

?>

Open in new window

LVL 15
wantabe2Asked:
Who is Participating?
 
Lukasz ChmielewskiConnect With a Mentor Commented:
I mean after ;
0
 
MarkXIIICommented:
Hi wantabe2,
I don't have a web server with php installed handy so I can test it but it looks like the $id variable in the UPDATE might not be properly initialized.
Maybe you should pass it has a hidden field?
0
 
KendorCommented:
are the variables set if you run the update query (i.e. $pacts, $fname etc...)? i see them to be set after that?
furthermore $id is not set either?
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
KendorCommented:
furthermore to prevent (or reduce) damage by sql injection you might want to use stripslashes and mysql_real_escape_string.

like:
$str = stripslashes($_POST['str']);
$str = mysql_real_escape_string($str);

and then do your query:
$query = "UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname=.... WHERE id=".$id;

(you can also use {$id} instead)


0
 
wantabe2Author Commented:
okay, I'm a little confused...I'm new to programming...everything is working great up to this point. If I click on the "edit" link next to each of my records, it pulls that record up in a browser & I can edit the fields. Then when I click the submit button at the bottom, do I just need to have the pass to a SQL UPDATE page such as something named update_record.php with some code similair to the below?
<?php # update_record.php 

$page_title = 'Edit a Record'; 

$con = mysql_connect("localhost","uname","password"); 
if (!$con) 
  { 
  die('Could not connect: ' . mysql_error()); 
  } 

mysql_select_db("psrflow", $con); 

$result = mysql_query("SELECT * FROM psrinfo "); 

// Check if the form has been submitted. 

if (isset($_POST['submitted'])) { 

    $errors = array(); // Initialize error array. 
     
    if (empty($errors)) { // If everything's OK. 
     
        // Make the query. 
        $query = "UPDATE psrinfo SET pacts='$pacts', fname='$fname', lname='$lname', status='$status', employee='$employee', location='$location'  WHERE id = " . $_REQUEST['id']; 
        $result = @mysql_query ($query); // Run the query. 
         
        ?>

Open in new window

0
 
KendorCommented:
thats correct. but: you have to really set those variables $pacts $fname somehow. otherwise you will empty the values.

before you run the query you have to set
$pacts = $_REQUEST['pacts']
$fname = $_REQUEST['fname']
etc.

if you want to do it somehow safer then you should use:
$pacts = stripslashes($_POST['pacts']);
$pacts = mysql_real_escape_string($pacts);

and then i would write
"UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname=.... WHERE id=".$id

hint:
you can use print or echo to output the $query for debugging too..  then you should see the values that are entered in the query and whether it is correct.
0
 
wantabe2Author Commented:
Okay,
I think I may have it but have come across a new issue. I created a file & named it update_record.php. This is the file that actually does the updating. Now when I edit the record & click submit I get the following error attached as an image. I've also attached the code.
<?php
$con = mysql_connect("localhost","uname","password");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("psrflow", $con);

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$offender_lname."' WHERE id=".$id


mysql_close($con);
?>

Open in new window

crapp.JPG
0
 
Lukasz ChmielewskiCommented:
Put ; at the end of the line
mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$offender_lname."' WHERE id=".$id;
0
 
wantabe2Author Commented:
okay, I'm almost there.....can someone tell me why I'm getting this error:

"Parse error: syntax error, unexpected $end in C:\wamp\www\flow\officer_query\update_record.php on line 14"
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."';)  


mysql_close($con); 
?>

Open in new window

0
 
MarkXIIICommented:
Your ; must be outside the parenthesis.

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."');
0
 
Lukasz ChmielewskiCommented:
Missing " before ;
mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."'";)
0
 
wantabe2Author Commented:
Still getting same error...
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."');  


mysql_close($con); 
?>

Open in new window

0
 
wantabe2Author Commented:
I figured it out. I was forgetting the double quote at the end! SEE I am learning a little bit :)

Thanks for your help
<?php  
$con = mysql_connect("localhost","uname","pword");  
if (!$con)  
  {  
  die('Could not connect: ' . mysql_error());  
  }  

mysql_select_db("psrflow", $con);  

mysql_query("UPDATE psrinfo SET pacts='".$pacts."', fname='".$fname."', lname='".$lname."' WHERE id=".$id."'");  


mysql_close($con); 
?>

Open in new window

0
 
KendorCommented:
thank you anyways for assigning no points to me at all :/
0
All Courses

From novice to tech pro — start learning today.