...

View Full Version : Update Query Help



focus310
06-06-2007, 09:31 PM
Hello:

I have a form which I would like to update. I want the form to display the current values in the table. Then, the person can change (type over) the existing values with new values. And then update the table with the new values.

When I run my script, I'm able to select the record I want to display. The form displays the current values of the record. When I try to change a value and click Submit, the old value keeps re-appearing. The new value is disregarded.

Can someone help me figure out what I'm doing wrong?

The first step of this process is selecting the record. This is the code for record selection. This script is named app_admission_update.php.


<?php
include('header_admin.html');
require_once('mysql_connect.php');

?>
<fieldset><legend>Please select a client</legend>
<form action="app_admission_update_pg1.php" method="post">
<p><label for="client_id">Client Name:</label>
<select name="client_id">
<option value="">- Please Select -</option>
<?php
$query="SELECT * FROM client";
$result = @mysql_query ($query) or die (mysql_error());

while($row=@mysql_fetch_array($result, MYSQL_ASSOC))
{

$client_id = $row['client_id'];
$client_name = $row['client_name'];



print '<option value="' . $client_id . "\" >" . $client_name . "</option>\n";
}
?>
</select>
</p>

<p><label for="blank">&nbsp;</label><input type="submit" name="btnSubmit" id="btnSubmit" value="Submit" class="btn" /></p>
<input type="hidden" name="submitted" value="TRUE" />
</fieldset>
</form>


=======
The next step displays the current values for the selected record and should allow me to change the values. The name of this script is app_admission_update_pg1.php. The reason for _pg1 is that the form has 7 pages. I would like the person to go through the pages, make their changes, and in the end do one update. This is the code for displaying the current values.


<?php

session_start();

ob_start();
require_once ('mysql_connect.php');
$query="SELECT * FROM client WHERE client_id = $_POST[client_id]";

$result = @mysql_query ($query) or die (mysql_error());

if ($result) {

while($row=@mysql_fetch_array($result, MYSQL_ASSOC))
{
$_SESSION['client_id'] = $row['client_id'];
$_SESSION['today_date'] = $row['today_date'];
$_SESSION['app_complete_name'] = $row['app_complete_name'];
$_SESSION['app_date'] = $row['app_date'];
$_SESSION['relation'] = $row['relation'];
$_SESSION['phone'] = $row['phone'];
$_SESSION['email'] = $row['email'];
}
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title></title>
<link href="output_style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="container">
<div id="header">
<table class="toptable">
<tr><td class="a"><a href="index.html"><img src="images/logo.jpg" width="125" height="127" border="0"></a></td>
<td class="b">2260 Sam Nelson Road Canton, Georgia 30114&nbsp;&nbsp;&nbsp;&nbsp;Phone: 770-479-9555&nbsp;&nbsp;&nbsp;&nbsp;Fax: 770-479-2295<br><br>
Susan Worsley, M.S., Director&nbsp;&nbsp;&nbsp;Cindy Williams, Program Coordinator&nbsp;&nbsp;&nbsp;Leah Frankel, Human Services Provider<br><br></td></tr></table>
</div>
<div id="content">
<p class="center">Application for Admission Update</span></p>

<form action="app_admission_update_process.php" method="post">

<table class="apptable">
<tr><td class="a"><b>Application Completed by:</b></td><td class="b"><input type="text" name="app_complete_name" size="25" value="<?php echo $_SESSION['app_complete_name']; ?>"></td></tr>
<tr><td class="a"><b>Date <span class="boldred">(MM/DD/YYYY)</span>:</b></td><td class="b"><input type="text" name="app_date" size="25" value="<?php echo $_SESSION['app_date']; ?>"></td></tr>
<tr><td class="a"><b>Relationship to Client:</b></td><td class="b"><input type="text" name="relation" size="25" value="<?php echo $_SESSION['relation']; ?>"></td></tr>
<tr><td class="a"><b>Phone:</b></td><td class="b"><input type="text" name="phone" size="25" value="<?php echo $_SESSION['phone']; ?>"></td></tr>
<tr><td class="a"><b>Email Address:</b></td><td class="b"><input type="text" name="email" size="50" value="<?php echo $_SESSION['email']; ?>"></td></tr>
</table>

<br><br>
<input type="submit" name="btnSubmit" id="btnSubmit" value="Submit >>" class="btn" >
<input type="hidden" name="submitted" value="TRUE" />

</form>


======
The final script is the actual update query. After clicking Submit, the following script should be run: app_admission_output_process.php.


<?php

session_start();

ob_start();
require_once ('mysql_connect.php');

$query = "UPDATE client SET
today_date=CURRENT_DATE, app_complete_name='$_SESSION[app_complete_name]', app_date='$_SESSION[app_date]',
relation='$_SESSION[relation]', phone='$_SESSION[phone]', email='$_SESSION[email]'

WHERE client_id='$_SESSION[client_id]'";

$result = mysql_query ($query) or die (mysql_error());

?>


========
I know my problem is in the second script which displays the values. For some reason the script is not retaining the new values. I have a session started at the beginning of each script.

I hope someone can help me out. Thank you in advance.

mr e
06-06-2007, 09:43 PM
Well, my first suggestion would be to stop suppressing errors with @, even if your code works fine now, you'll have a hell of a time debugging in the future without errors ;)

Aside from that, are you getting any errors? Have you checked the database to see if it's updating properly?

PappaJohn
06-06-2007, 10:55 PM
In app_admission_pg1.php, you set these values from the db:


while($row=@mysql_fetch_array($result, MYSQL_ASSOC))
{
$_SESSION['client_id'] = $row['client_id'];
$_SESSION['today_date'] = $row['today_date'];
$_SESSION['app_complete_name'] = $row['app_complete_name'];
$_SESSION['app_date'] = $row['app_date'];
$_SESSION['relation'] = $row['relation'];
$_SESSION['phone'] = $row['phone'];
$_SESSION['email'] = $row['email'];
}


Then in app_admission_output_process.php, you insert them back into the db"


$query = "UPDATE client SET
today_date=CURRENT_DATE, app_complete_name='$_SESSION[app_complete_name]', app_date='$_SESSION[app_date]',
relation='$_SESSION[relation]', phone='$_SESSION[phone]', email='$_SESSION[email]'

WHERE client_id='$_SESSION[client_id]'";

$result = mysql_query ($query) or die (mysql_error());

In app_admission_output_process.php, you need to gather the values from the input fields:


$app_complete_name = $_POST['app_complete_name']
// and so on for the rest of the fields

and then use these variables in your UPDATE SQL.

Be sure to take the necessary security precautions with user inputted data before inserting into your db

focus310
06-07-2007, 02:47 AM
Thank you for the reply. I see what happened. Thanks for the help. Do you have any recommendations on securing the data before inserting into the DB?

mr e
06-07-2007, 02:54 AM
Aside from the one I gave you, just make sure if it's supposed to be a number it is a number, if it's not supposed to contain any whatever, strip those out, etc

You could also try google, http://www.google.com/search?hl=en&rls=GGGL%2CGGGL%3A2006-20%2CGGGL%3Aen&q=php+sql+injection+prevention&btnG=Search

PappaJohn
06-07-2007, 03:54 AM
Also take a look at mysql_real_escape_string (http://www.php.net/manual/en/function.mysql-real-escape-string.php)



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum