...

View Full Version : help with updating data from a form into mysql with php



Allens
02-02-2010, 04:38 AM
hey guys i've been at this for 2 days and i've just simply hit a wall here, i'm trying to use a php form to update data stored in mysql database, when i click the button from the other page to load this script it works fine all the information is there but as soon as i edit it to submit and change nothing happens, does say the database has been updated but the it hasn't and it clears the form loosing the ID number it had stored on the link


//stuff added by me allen

session_start();

// Connect to database
include_once "scripts/connect_to_mysql.php";

$id = $_GET['id'];
$firstname = "";
$middlename = "";
$lastname = "";
$country = "";
$state = "";
$city = "";
$bio_body = "";
$bio_body = "";
$website = "";
$youtube = "";
$user_pic = "";

$id = mysql_real_escape_string($id);
$id = eregi_replace("`", "", $id);
$sql = mysql_query("SELECT * FROM person_record WHERE id='$id'");

if ($_POST['parse_var'] == "location"){

$country = $_POST['country'];
$city = $_POST['city'];
$date_of_dearth =$_POST['date_of_dearth'];
$date_of_burial = $_POST['date_of_burial'];

// Error handling for missing data
if ((!$city)) {
$error_msg = '<font color="#FF0000">ERROR: Please do not make the field(s) blank in that section</font>';
} else {

$country = eregi_replace("'", "'", $country);
$country = eregi_replace("`", "'", $country);
$country = mysql_real_escape_string($country);
$city = eregi_replace("'", "'", $city);
$city = eregi_replace("`", "'", $city);
$city = mysql_real_escape_string($city);
$sqlUpdate = mysql_query("UPDATE person_record SET country='$country', city='$city', WHERE id='$id'");
if ($sqlUpdate){
$success_msg = '<font color="#009900">Your location data has been updated.</font>';
} else {
$error_msg = '<font color="#FF0000">ERROR: Problems connecting to server, please try again later.</font>';
}

}
}
// Parsing section for changing website URL... only runs if they attempt to change that
if ($_POST['parse_var'] == "website"){

$website = $_POST['website'];
$website = eregi_replace("http://", "", $website);
$website = eregi_replace("'", "'", $website);
$website = eregi_replace("`", "'", $website);
$website = mysql_real_escape_string($website);
$sqlUpdate = mysql_query("UPDATE person_record SET website='$website' WHERE id='$id'");
if ($sqlUpdate){
$success_msg = '<font color="#009900">Your website URL has been updated.</font>';
} else {
$error_msg = '<font color="#FF0000">ERROR: Problems connecting to server, please try again later.</font>';
}

}

// Final default sql query that will refresh the member data on page, and show most current
$sql_default = mysql_query("SELECT * FROM person_record WHERE id='$id'");

while($row = mysql_fetch_array($sql_default)){


$firstname = $row["firstname"];
$middlename = $row["middlename"];
$lastname = $row["lastname"];
$country = $row["country"];
$state = $row["state"];
$city = $row["city"];
$bio_body = $row["bio_body"];
$bio_body = str_replace("<br />", "", $bio_body);
$website = $row["website"];
$youtube = $row["youtube"];

$check_pic = "members/$id/image01.jpg";
$default_pic = "members/0/image01.jpg";
if (file_exists($check_pic)) {
$user_pic = "<img src=\"$check_pic\" width=\"100px\" />"; // forces picture to be 100px wide and no more
} else {
$user_pic = "<img src=\"$default_pic\" width=\"100px\" />"; // forces default picture to be 100px wide and no more
}
}



_____________
The form which is in my html body is like this at the moment


<?php include_once "header_template.php"; ?>
<table width="950" align="center">
<tr>
<td width="758" valign="top"><br />

<table width="90%" border="0" align="center">
<tr>
<td width="80%"><h3>Edit Your Profile Data Here <?php print "$firstname"; "$lastname"?></h3></td>
<td width="20%"><a href="edit_settings.php">Edit Account Settings</a></td>
</tr>
</table>

<?php print "$error_msg"; ?><?php print "$success_msg"; ?>
<hr align="center" width="680" />

<br />
<table width="90%" border="0" align="center">
<form action="edit_profile.php" enctype="multipart/form-data" method="post" name="pic1_form" id="pic1_form">
<tr>
<td width="16%"><?php print "$user_pic"; ?></td>
<td width="74%">
<input name="fileField" type="file" class="formFields" id="fileField" size="42" />
50 kb max
</td>
<td width="10%">
<input name="parse_var" type="hidden" value="pic" />
<input type="submit" name="button" id="button" value="Submit" />
</td>
</tr>
</form>
</table>

<hr align="center" width="680" />
<br />
<table width="90%" border="0" align="center">
<form action="edit_profile.php" enctype="multipart/form-data" method="post" name="locationForm" id="locationForm2">
<tr>
<td width="10%">country</td>
<td width="36%">&nbsp;</td>
<td width="17%">city</td>
<td width="2%">&nbsp;</td>
</tr>
</form>
</table>
<table width="90%" border="0" align="center">
<form action="edit_profile.php" enctype="multipart/form-data" method="post" name="locationForm" id="locationForm">
<tr>
<td width="16%">Location:</td>
<td width="31%"><select name="country" class="formFields">
<option value="<?php print "$country"; ?>"><?php print "$country"; ?></option>
<option value="United States of America">United States of America</option>
<option value="Afghanistan">Afghanistan</option>
<option value="Albania">Albania</option>
</select>
<td width="17%"><input name="city" type="text" class="formFields" id="city" value="<?php print "$city"; ?>" size="10" maxlength="32" /></td>
<input name="parse_var" type="hidden" value="location" />
<td width="10%"><input type="submit" name="button3" id="button3" value="Submit" /></td>
</tr>
</form>
</table>

<hr align="center" width="680" />

<br />
<table width="90%" border="0" align="center">
<form action="edit_profile.php" enctype="multipart/form-data" method="post" name="websiteForm" id="websiteForm">
<tr>
<td width="16%">Website:</td>
<td width="74%"><strong>http://</strong>
<input name="website" type="text" class="formFields" id="website" value="<?php print "$website"; ?>" size="36" maxlength="32" /></td>
<td width="10%">
<input name="parse_var" type="hidden" value="website" />
<input type="submit" name="button4" id="button4" value="Submit" /></td>
</tr>
</form>
</table>

<hr align="center" width="680" />

<br />
<table width="90%" border="0" align="center">
<form action="edit_profile.php" enctype="multipart/form-data" method="post" name="youtubeForm" id="youtubeForm">
<tr>
<td width="16%">Youtube Channel:</td>
<td width="74%"><strong>http://www.youtube.com/user/</strong>
<input name="youtube" type="text" class="formFields" id="youtube" value="<?php print "$youtube"; ?>" size="20" maxlength="40" /></td>
<td width="10%">
<input name="parse_var" type="hidden" value="youtube" />
<input type="submit" name="button5" id="button5" value="Submit" /></td>
</tr>
</form>
</table>

<hr align="center" width="680" />

<br />
<table width="90%" border="0" align="center">
<form action="edit_profile.php" enctype="multipart/form-data" method="post" name="bioForm" id="bioForm">
<tr>
<td width="16%">About You:</td>
<td width="74%"><textarea name="bio_body" cols="" rows="5" class="formFields" style="width:94%;"><?php print "$bio_body"; ?></textarea></td>
<td width="10%">
<input name="parse_var" type="hidden" value="bio_body" />
<input type="submit" name="button6" id="button6" value="Submit" /></td>
</tr>
</form>



----------------

sorry if this is a bit long but i'm kinda stumped and gotta ask someone

bdl
02-02-2010, 04:45 AM
There is WAY too much going on there. Please post a relevant section of code that pertains to the specific problem you're having, and use the PHP code tags.

Step through each line of code and be specific as to what it's doing.

Allens
02-02-2010, 04:51 AM
cool will do that just now... forgot to say what it actually does on the HTML depending on the field that is changed when the submit button is pressed it runs the php to connect to the database then updates it with the new entries either deleted or added onto... well thats what its supposed to do, but instead it clears the hole screen and with the full code earlier says the database has been updated though nothing happened or changed

bdl
02-02-2010, 04:25 PM
Hey nicely done. Thanks for taking the time to do that, it helps.

This is your UPDATE statement:


UPDATE person_record SET country='$country', city='$city', WHERE id='$id'


See anything wrong there?

BTW, is $id a numerical value? You don't need to go to all this trouble:


$id = mysql_real_escape_string($id);
$id = eregi_replace("`", "", $id);
$sql = mysql_query("SELECT * FROM person_record WHERE id='$id'");


Just do this:


if ( isset($_GET['id']) && is_numeric($_GET['id']) ) {
$id= (int) $_GET['id'];
}


You're checking to ensure it's set, then if it's a numeric value, then cast to an INT. From there you don't even need to wrap it in quotes in your SQL statement. You certainly don't need to use mysql_real_escape_string() or all the hocus pocus with eregi() you've got going on. Alternatively you could use ctype_digit() (http://us3.php.net/ctype_digit).

Speaking of which, you validate the $_GET['id'] value to death, then you do this:


$country = $_POST['country'];
$city = $_POST['city'];
$date_of_dearth =$_POST['date_of_dearth'];
$date_of_burial = $_POST['date_of_burial'];


Yes, I see where you're passing those variable values through some process of altering the quotes, but you don't perform any initial checks here. This is where your validation should be, and where the mysql_real_escape_string() calls should be.

Allens
02-02-2010, 09:28 PM
thanks...well this wat happens if you look at a code for too long miss some stuff, def give this a go



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum