Jon C
asked on
Search mySQL Database, view result, and resubmit back to database with hidden fields
Hi All
I am trying to write a small script to search a small database, view the result on screen, then have a button to say "Checked", which submits the data back to the database, along with some hidden fields:
The database structure is:
Table: main_stock
Fields:
id
curr_timestamp
mastercategory
category
product_desc
newown
barcode
serial
stockcode
status
So first the user goes to a simple search page with one input box that searches the barcode field (each barcode is unique, so there will only be one result)
The following fields are then displayed on the page:
product_desc
mastercategory
category
barcode
serial
I have all the above working no problem, what i want to do then is have a button that says "Checked" which submits the info back into the database, along with the following hidden fields:
What I have tried so far is the following but it doesnt find data from the array:
As there is only one result, and the fields pulled from the database dont change, I presume that i only need to submit the hidden fields back to the database, to the item in the search result, but am unsure on how to do this
Any help is greatly appreciated
Thanks J
I am trying to write a small script to search a small database, view the result on screen, then have a button to say "Checked", which submits the data back to the database, along with some hidden fields:
The database structure is:
Table: main_stock
Fields:
id
curr_timestamp
mastercategory
category
product_desc
newown
barcode
serial
stockcode
status
So first the user goes to a simple search page with one input box that searches the barcode field (each barcode is unique, so there will only be one result)
The following fields are then displayed on the page:
product_desc
mastercategory
category
barcode
serial
I have all the above working no problem, what i want to do then is have a button that says "Checked" which submits the info back into the database, along with the following hidden fields:
$curr_timestamp = strtotime("now");
$status = "CheckedOK";
What I have tried so far is the following but it doesnt find data from the array:
<?php
if(isset($_POST['submit']))
{
$url = 'http://172.16.0.250/stocktest/search.php'; // Where to redirect after form is processed.
$curr_timestamp = strtotime("now");
$status = "CheckedOK";
$sql = "INSERT INTO main_stock WHERE id = $id (
`id`, `curr_timestamp`, `mastercategory`, `category`, `product_desc`, `newown`, `barcode`, `serial`, `stockcode`, `status`
) VALUES (
'{$id}', '{$curr_timestamp}', '{$mastercategory}', '{$category}', '{$product_desc}', '{$newown}', '{$barcode}', '{$serial}', '{$stockcode}', '{$status}'
)";
echo '<META HTTP-EQUIV=Refresh CONTENT="0; URL='.$url.'">';
}
?>
<form method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">
<input type="submit" name="submit" value="Checked OK"><br>
</form>
As there is only one result, and the fields pulled from the database dont change, I presume that i only need to submit the hidden fields back to the database, to the item in the search result, but am unsure on how to do this
Any help is greatly appreciated
Thanks J
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can mark some HTML form fields "readonly" but the only truly safe solution is to simply avoid updating the data base with any data items that are not things you want to change. A hacker can (and eventually will) bypass your HTML form and post toxic information directly into your script. So make sure that your script abides by the mantra, "Accept only known good values."
ASKER
Just one last thing, once the search is done and the HTML form is populated, I wouldn't want to give the client access to edit the fields, how could I display the result that wasn't editable but that would able me to submit it with the hidden field?
Thanks again