Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    New to the CF scene
    Join Date
    Feb 2010
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts

    help with updating data from a form into mysql with php

    hey guys i've been at this for 2 days and i've just simply hit a wall here, i'm trying to use a php form to update data stored in mysql database, when i click the button from the other page to load this script it works fine all the information is there but as soon as i edit it to submit and change nothing happens, does say the database has been updated but the it hasn't and it clears the form loosing the ID number it had stored on the link

    PHP Code:
    //stuff added by me allen

    session_start(); 

    // Connect to database
    include_once "scripts/connect_to_mysql.php";

    $id $_GET['id'];
    $firstname "";
    $middlename "";
    $lastname "";
    $country "";    
    $state "";
    $city "";
    $bio_body "";
    $bio_body "";
    $website "";
    $youtube "";
    $user_pic "";

    $id mysql_real_escape_string($id);
    $id eregi_replace("`"""$id);
    $sql mysql_query("SELECT * FROM person_record WHERE id='$id'");

    if (
    $_POST['parse_var'] == "location"){

            
    $country $_POST['country'];
            
    $city $_POST['city'];
            
    $date_of_dearth =$_POST['date_of_dearth'];
            
    $date_of_burial $_POST['date_of_burial'];
                    
            
    // Error handling for missing data
            
    if ((!$city)) { 
            
    $error_msg '<font color="#FF0000">ERROR: Please do not make the field(s) blank in that section</font>';
            } else {
            
                    
    $country eregi_replace("'""'"$country);
                    
    $country eregi_replace("`""'"$country);
                    
    $country mysql_real_escape_string($country);
                    
    $city eregi_replace("'""'"$city);
                    
    $city eregi_replace("`""'"$city);
                    
    $city mysql_real_escape_string($city);
                    
    $sqlUpdate mysql_query("UPDATE person_record SET country='$country', city='$city',  WHERE id='$id'");
                       if (
    $sqlUpdate){
                             
    $success_msg '<font color="#009900">Your location data has been updated.</font>';
                       } else {
                          
    $error_msg '<font color="#FF0000">ERROR: Problems connecting to server, please try again later.</font>';
                    }

            }
    }
    // Parsing section for changing website URL... only runs if they attempt to change that
    if ($_POST['parse_var'] == "website"){

            
    $website $_POST['website'];
            
    $website eregi_replace("http://"""$website);
            
    $website eregi_replace("'""'"$website);
            
    $website eregi_replace("`""'"$website);
            
    $website mysql_real_escape_string($website);
            
    $sqlUpdate mysql_query("UPDATE person_record SET website='$website' WHERE id='$id'");
            if (
    $sqlUpdate){
                
    $success_msg '<font color="#009900">Your website URL has been updated.</font>';
            } else {
                
    $error_msg '<font color="#FF0000">ERROR: Problems connecting to server, please try again later.</font>';
            }

    }

    // Final default sql query that will refresh the member data on page, and show most current
    $sql_default mysql_query("SELECT * FROM person_record WHERE id='$id'");

    while(
    $row mysql_fetch_array($sql_default)){ 
        
        
        
    $firstname $row["firstname"];
        
    $middlename $row["middlename"];
        
    $lastname $row["lastname"];
        
    $country $row["country"];    
        
    $state $row["state"];
        
    $city $row["city"];
        
    $bio_body $row["bio_body"];
        
    $bio_body str_replace("<br />"""$bio_body);
        
    $website $row["website"];
        
    $youtube $row["youtube"];

        
    $check_pic "members/$id/image01.jpg";
        
    $default_pic "members/0/image01.jpg";
        if (
    file_exists($check_pic)) {
        
    $user_pic "<img src=\"$check_pic\" width=\"100px\" />"// forces picture to be 100px wide and no more
        
    } else {
        
    $user_pic "<img src=\"$default_pic\" width=\"100px\" />"// forces default picture to be 100px wide and no more
        
    }



    _____________
    The form which is in my html body is like this at the moment

    PHP Code:
    <?php include_once "header_template.php"?>
    <table width="950" align="center">
      <tr>
        <td width="758" valign="top"><br />
        
          <table width="90%" border="0" align="center">   
              <tr>
                <td width="80%"><h3>Edit Your Profile Data Here <?php print "$firstname""$lastname"?></h3></td>
                <td width="20%"><a href="edit_settings.php">Edit Account Settings</a></td>
              </tr>
          </table>
          
          <?php print "$error_msg"?><?php print "$success_msg"?>
          <hr align="center" width="680" />
          
          <br />
          <table width="90%" border="0" align="center">
            <form action="edit_profile.php" enctype="multipart/form-data" method="post" name="pic1_form" id="pic1_form">
          <tr>
            <td width="16%"><?php print "$user_pic"?></td>
            <td width="74%">
              <input name="fileField" type="file" class="formFields" id="fileField" size="42" />
              50 kb max
           </td>
            <td width="10%">
              <input name="parse_var" type="hidden" value="pic" />
              <input type="submit" name="button" id="button" value="Submit" />
            </td>
            </tr>
          </form>   
          </table>
          
          <hr align="center" width="680" />
          <br />
          <table width="90%" border="0" align="center">
            <form action="edit_profile.php" enctype="multipart/form-data" method="post" name="locationForm" id="locationForm2">
              <tr>
                <td width="10%">country</td>
                <td width="36%">&nbsp;</td>
                <td width="17%">city</td>
                <td width="2%">&nbsp;</td>
              </tr>
            </form>
          </table>
          <table width="90%" border="0" align="center">
            <form action="edit_profile.php" enctype="multipart/form-data" method="post" name="locationForm" id="locationForm">
              <tr>
                <td width="16%">Location:</td>
                <td width="31%"><select name="country" class="formFields">
                  <option value="<?php print "$country"?>"><?php print "$country"?></option>
                  <option value="United States of America">United States of America</option>
                  <option value="Afghanistan">Afghanistan</option>
                  <option value="Albania">Albania</option>
                  </select>
                <td width="17%"><input name="city" type="text" class="formFields" id="city" value="<?php print "$city"?>" size="10" maxlength="32" /></td>
                <input name="parse_var" type="hidden" value="location" />
                <td width="10%"><input type="submit" name="button3" id="button3" value="Submit" /></td>
              </tr>
            </form>
          </table>
          
          <hr align="center" width="680" />
          
          <br />
          <table width="90%" border="0" align="center">
            <form action="edit_profile.php" enctype="multipart/form-data" method="post" name="websiteForm" id="websiteForm">
              <tr>
                <td width="16%">Website:</td>
                <td width="74%"><strong>http://</strong>
                <input name="website" type="text" class="formFields" id="website" value="<?php print "$website"?>" size="36" maxlength="32" /></td>
                <td width="10%">
                <input name="parse_var" type="hidden" value="website" />
                <input type="submit" name="button4" id="button4" value="Submit" /></td>
              </tr>
            </form>
          </table>
          
          <hr align="center" width="680" />
          
          <br />
          <table width="90%" border="0" align="center">
            <form action="edit_profile.php" enctype="multipart/form-data" method="post" name="youtubeForm" id="youtubeForm">
              <tr>
                <td width="16%">Youtube Channel:</td>
                <td width="74%"><strong>http://www.youtube.com/user/</strong>
                <input name="youtube" type="text" class="formFields" id="youtube" value="<?php print "$youtube"?>" size="20" maxlength="40" /></td>
                <td width="10%">
                <input name="parse_var" type="hidden" value="youtube" />
                <input type="submit" name="button5" id="button5" value="Submit" /></td>
              </tr>
            </form>
          </table>
          
          <hr align="center" width="680" />
          
          <br />
          <table width="90%" border="0" align="center">
            <form action="edit_profile.php" enctype="multipart/form-data" method="post" name="bioForm" id="bioForm">
              <tr>
                <td width="16%">About You:</td>
                <td width="74%"><textarea name="bio_body" cols="" rows="5" class="formFields" style="width:94%;"><?php print "$bio_body"?></textarea></td>
                <td width="10%">
                <input name="parse_var" type="hidden" value="bio_body" />
                <input type="submit" name="button6" id="button6" value="Submit" /></td>
              </tr>
            </form>


    ----------------

    sorry if this is a bit long but i'm kinda stumped and gotta ask someone
    Last edited by Allens; 02-02-2010 at 04:15 AM. Reason: shorten script

  • #2
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    There is WAY too much going on there. Please post a relevant section of code that pertains to the specific problem you're having, and use the PHP code tags.

    Step through each line of code and be specific as to what it's doing.

  • #3
    New to the CF scene
    Join Date
    Feb 2010
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    cool will do that just now... forgot to say what it actually does on the HTML depending on the field that is changed when the submit button is pressed it runs the php to connect to the database then updates it with the new entries either deleted or added onto... well thats what its supposed to do, but instead it clears the hole screen and with the full code earlier says the database has been updated though nothing happened or changed
    Last edited by Allens; 02-02-2010 at 04:20 AM. Reason: addition

  • #4
    bdl
    bdl is offline
    Regular Coder
    Join Date
    Apr 2007
    Location
    Camarillo, CA US
    Posts
    590
    Thanks
    4
    Thanked 83 Times in 82 Posts
    Hey nicely done. Thanks for taking the time to do that, it helps.

    This is your UPDATE statement:
    Code:
    UPDATE person_record SET country='$country', city='$city',  WHERE id='$id'
    See anything wrong there?

    BTW, is $id a numerical value? You don't need to go to all this trouble:
    PHP Code:
    $id mysql_real_escape_string($id);
    $id eregi_replace("`"""$id);
    $sql mysql_query("SELECT * FROM person_record WHERE id='$id'"); 
    Just do this:
    PHP Code:
    if ( isset($_GET['id']) && is_numeric($_GET['id']) ) {
      
    $id= (int) $_GET['id'];

    You're checking to ensure it's set, then if it's a numeric value, then cast to an INT. From there you don't even need to wrap it in quotes in your SQL statement. You certainly don't need to use mysql_real_escape_string() or all the hocus pocus with eregi() you've got going on. Alternatively you could use ctype_digit().

    Speaking of which, you validate the $_GET['id'] value to death, then you do this:
    PHP Code:
            $country $_POST['country'];
            
    $city $_POST['city'];
            
    $date_of_dearth =$_POST['date_of_dearth'];
            
    $date_of_burial $_POST['date_of_burial']; 
    Yes, I see where you're passing those variable values through some process of altering the quotes, but you don't perform any initial checks here. This is where your validation should be, and where the mysql_real_escape_string() calls should be.

  • #5
    New to the CF scene
    Join Date
    Feb 2010
    Posts
    7
    Thanks
    1
    Thanked 0 Times in 0 Posts
    thanks...well this wat happens if you look at a code for too long miss some stuff, def give this a go


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •