Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 10 of 10
  1. #1
    Regular Coder
    Join Date
    Apr 2012
    Posts
    295
    Thanks
    0
    Thanked 0 Times in 0 Posts

    insert multiple checkbox values into one db table column

    I am trying to add multiple checkbox values into one database table column separated by commas but I can't seem to get it adding to the DB, I have added php error reporting on the site but is not showing any errors after clicking the submit button. My coding is below

    Code:
    <?php
    
    	/*
    		Allows the user to both create new records and edit existing records
    	*/
    
    	
    
    	// creates the new/edit record form
     	// since this form is used multiple times in this file, I have made it a function that is easily reusable
    	function renderForm($customer_name = '', $customer_email = '', $customer_phone = '', $items_booked_in = '', $computer_make = '', $computer_model = '', $technician = '', $status = '', $exrdate = '', $exrtime = '', $exstdate = '', $exstime = '', $deltype = '', $comments = '', $job_cost = '', $part_cost = '', $profit = '', $error = '', $id = '', $send_sms = '', $username = '', $password = '')
    	{ ?>
    
    <!-- Page wrapper  -->
            <div class="page-wrapper">
                <!-- Bread crumb -->
                <div class="row page-titles">
                    <div class="col-md-5 align-self-center">
                        <h3 class="text-primary">Add/Edit Repair</h3> </div>
                    <div class="col-md-7 align-self-center">
                        <ol class="breadcrumb">
                            <li class="breadcrumb-item"><a href="../dashboard.php">Dashboard</a></li>
                            <li class="breadcrumb-item active">Add/Edit Repair</li>
                        </ol>
                    </div>
                </div>
                <!-- End Bread crumb -->
                <!-- Container fluid  -->
                <div class="container-fluid">
                    <!-- Start Page Content -->
                    <div class="row">
                        <div class="col-12">
                            <div class="card">
                                <div class="card-body">
               
    				<h1><?php if ($id != '') { echo "Edit Repair"; } else { echo "New Repair"; } ?></h1>
    				<?php if ($error != '') {
    					echo "<div style='padding:4px; border:1px solid red; color:red'>" . $error
    						. "</div>";
    				} ?>
                    
    				<form action="" method="post" class="form-valide">
                        
                        <div class="form-group row">
                        <label class="col-lg-4 col-form-label">Items Booked In</label>
                        <div class="col-lg-6">
                        <label>Laptop<input type="checkbox" class="form-control" name="items_booked_in[]" value="Laptop"/></label>
                        &nbsp;
                        <label>Charger<input type="checkbox" class="form-control" name="items_booked_in[]" value="Charger"/></label>
                        &nbsp;
                        <label>Laptop Bag<input type="checkbox" class="form-control" name="items_booked_in[]" value="Laptop Bag"/></label>
                        </div>
                        </div>
    
    		
    	<?php }
    
            /*
    
               EDIT RECORD
    
            */
    	// if the 'id' variable is set in the URL, we know that we need to edit a record
    	if (isset($_GET['id']))
    	{
    		// if the form's submit button is clicked, we need to process the form
    		if (isset($_POST['submit']))
    		{
    			// make sure the 'id' in the URL is valid
    			if (is_numeric($_POST['id']))
    			{
    				// get variables from the URL/form
    				$id = $_POST['id'];
    				$customer_name = htmlentities($_POST['customer_name'], ENT_QUOTES);
    				$customer_email = htmlentities($_POST['customer_email'], ENT_QUOTES);
    				$customer_phone = htmlentities($_POST['customer_phone'], ENT_QUOTES);
    				$items_booked_in = htmlentities($_POST['items_booked_in'], ENT_QUOTES);
    				$computer_make = htmlentities($_POST['computer_make'], ENT_QUOTES);
    				$computer_model = htmlentities($_POST['computer_model'], ENT_QUOTES);
    				$technician = htmlentities($_POST['technician'], ENT_QUOTES);
    				$status = htmlentities($_POST['status'], ENT_QUOTES);
    				$exrdate = htmlentities($_POST['exrdate'], ENT_QUOTES);
    				$exrtime = htmlentities($_POST['exrtime'], ENT_QUOTES);
    				$exstdate = htmlentities($_POST['exstdate'], ENT_QUOTES);
    				$exstime = htmlentities($_POST['exstime'], ENT_QUOTES);
    				$deltype = htmlentities($_POST['deltype'], ENT_QUOTES);
    				$comments = htmlentities($_POST['comments'], ENT_QUOTES);
    				$job_cost = htmlentities($_POST['job_cost'], ENT_QUOTES);
    				$part_cost = htmlentities($_POST['part_cost'], ENT_QUOTES);
    				$profit = htmlentities($_POST['profit'], ENT_QUOTES);
    				
    				// check that firstname and lastname are both not empty
    				if ($customer_name == '' || $customer_phone == '' || $computer_make == '' || $computer_model == '' || $comments == '')
    				{
    					// if they are empty, show an error message and display the form
    					$error = 'ERROR: Please fill in all required fields!';
    renderForm($customer_name, $customer_phone, $computer_make, $computer_model, $comments, $error, $id);
    				}
    				else
    				{
    					// if everything is fine, update the record in the database
    	if ($stmt = $mysqli->prepare("UPDATE repairs SET customer_name = ?, customer_email = ?, customer_phone = ?, items_booked_in = ?, computer_make = ?, computer_model = ?, technician = ?, status = ?, exrdate = ?, exrtime = ?, exstdate = ?, exstime = ?, deltype = ?, comments = ?, job_cost = ?, part_cost = ?, profit = ?
    						WHERE id=?"))
    					{
    	$stmt->bind_param("sssssssssssssssssi", $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $id);
    						$stmt->execute();
    						$stmt->close();
    					}
    					// show an error message if the query has an error
    					else
    					{
    						echo "ERROR: could not prepare SQL statement.";
    					}
    					
    					// redirect the user once the form is updated
    					header("Location: view-all-repairs-tracking.php");
    				}
    			}
    			// if the 'id' variable is not valid, show an error message
    			else
    			{
    				echo "Error!";
    			}
    		}
    		// if the form hasn't been submitted yet, get the info from the database and show the form
    		else
    		{
    			// make sure the 'id' value is valid
    			if (is_numeric($_GET['id']) && $_GET['id'] > 0)
    			{
    				// get 'id' from URL
    				$id = $_GET['id'];
    				
    				// get the recod from the database
    				if($stmt = $mysqli->prepare("SELECT id, customer_name, customer_email, customer_phone, items_booked_in, computer_make, computer_model, technician, status, exrdate, exrtime, exstdate, exstime, deltype, comments, job_cost, part_cost, profit, send_sms FROM repairs WHERE id=?"))
    				{
    					$stmt->bind_param("i", $id);
    					$stmt->execute();
    					
    					$stmt->bind_result($id, $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $send_sms);
    					$stmt->fetch();
    					
    					// show the form
    					renderForm($customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, NULL, $id, $send_sms);
    					
    					$stmt->close();
    				}
    				// show an error if the query has an error
    				else
    				{
    					echo "Error: could not prepare SQL statement";
    				}
    			}
    			// if the 'id' value is not valid, redirect the user back to the view.php page
    			else
    			{
    				header("Location: view-all-repairs-tracking.php");
    			}
    		}
    	}
    	
            /*
    
               NEW RECORD
    
            */
    		
    	// if the 'id' variable is not set in the URL, we must be creating a new record
    	else
    	{
    		// if the form's submit button is clicked, we need to process the form
    		if (isset($_POST['submit']))
    		{
    			
    			$country_code = '44';
    			
    			// get the form data
    			$customer_name = htmlentities($_POST['customer_name'], ENT_QUOTES);
    			$customer_email = htmlentities($_POST['customer_email'], ENT_QUOTES);
    			$customer_phone = htmlentities($_POST['customer_phone'], ENT_QUOTES); 
    			$items_booked_in = htmlentities($_POST['items_booked_in'], ENT_QUOTES);
    			$computer_make = htmlentities($_POST['computer_make'], ENT_QUOTES);
    			$computer_model = htmlentities($_POST['computer_model'], ENT_QUOTES);
    			$technician = htmlentities($_POST['technician'], ENT_QUOTES);
    			$status = htmlentities($_POST['status'], ENT_QUOTES);
    			$exrdate = htmlentities($_POST['exrdate'], ENT_QUOTES);
    			$exrtime = htmlentities($_POST['exrtime'], ENT_QUOTES);
    			$exstdate = htmlentities($_POST['exstdate'], ENT_QUOTES);
    			$exstime = htmlentities($_POST['exstime'], ENT_QUOTES);
    			$deltype = htmlentities($_POST['deltype'], ENT_QUOTES);
    			$comments = htmlentities($_POST['comments'], ENT_QUOTES);
    			$job_cost = htmlentities($_POST['job_cost'], ENT_QUOTES);
    			$part_cost = htmlentities($_POST['part_cost'], ENT_QUOTES);
    			$profit = htmlentities($_POST['profit'], ENT_QUOTES);
    			$username = htmlentities($_POST['user_name'], ENT_QUOTES);
    			$password = htmlentities($_POST['user_pass'], ENT_QUOTES);
    			
    			// check that firstname and lastname are both not empty
    			if ($customer_name == '' || $computer_make == '' || $computer_model == '' || $comments == '' )
    			{
    				// if they are empty, show an error message and display the form
    				$error = 'ERROR: Please fill in all required fields!';
    	renderForm($customer_name, $computer_make, $computer_model, $comments, $username, $password, $error);
    			}
    			else
    			{
    				// insert the new record into the database
    
    
    				//hash the password
    		$hashed_password = password_hash($password, PASSWORD_DEFAULT);
    				
    				if ($stmt = $mysqli->prepare("INSERT repairs (customer_name, customer_email, customer_phone, items_booked_in, computer_make, computer_model, technician, status, exrdate, exrtime, exstdate, exstime, deltype, comments, job_cost, part_cost, profit, user_name, user_pass) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))
    				
    				{
    					$stmt->bind_param("sssssssssssssssssss", $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $username, $password);
    					$stmt->execute();
    				$repair_id = $mysqli->insert_id;
    				//check for existing user
    			$check_user = $mysqli->prepare("SELECT customer_email,customer_phone from users where customer_email=?");
    			$check_user->bind_param("s", $customer_email);
    						$check_user->execute();
    						$check_user->bind_result($customer_email, $customer_phone);
    
    						if(!$check_user->fetch()){
    			if ($stmt = $mysqli->prepare("INSERT users (user_name, user_pass, customer_name, customer_email, customer_phone) VALUES (?, ?, ?, ?, ?)"))
    					
    					{
    						$stmt->bind_param("sssss", $username, $hashed_password, $customer_name, $customer_email, $customer_phone);
    						$stmt->execute();
    						$userid=$stmt->insert_id;
    					$stmt->close();
    					
    					$stmt = $mysqli->prepare("UPDATE repairs SET userid = $userid WHERE id=$repair_id");
    						$stmt->execute();
    						$stmt->close();
    					
    					
    				}
    						
    				// show an error if the query has an error
    				else
    				{
    					echo "ERROR: Could not prepare SQL statement.";
    				}
    				}
    				if(isset($_POST['send_sms'])):
    					
    					
    					
    					
    						$SMS = "Hello ".$customer_name.". Your repair has been booked in with IT Done Right. Your Repair ID is ".$repair_id.". To track your repair, please visit https://www.it-doneright.co.uk/track-my-repair
    FROM IT Done Right";
    
    
    						function sendSMS($username, $password, $customer_phone, $message, $originator) {
        $URL = 'https://api.textmarketer.co.uk/gateway/'."?username=$username&password=$password&option=xml";
        $URL .= "&to=$customer_phone&message=".urlencode($message).'&orig='.urlencode($originator);
        $fp = fopen($URL, 'r');
        
    	return fread($fp, 1024);
    }
    
    					$from = '447852886269';
    					$response = sendSMS('****', '*****', $customer_phone, $SMS, $from);
    
    
    
    
    
    						if ($stmt = $mysqli->prepare("UPDATE repairs SET send_sms = 1 WHERE id=$repair_id"))
    					{
    	
    						$stmt->execute();
    						$stmt->close();
    					}
    					// show an error message if the query has an error
    					else
    					{
    						echo "ERROR: could not prepare SQL statement.";
    					}
    					
    					
    					
    					
    					
    					endif;
    				}
    // redirec the user
    				header("Location: view-all-repairs-tracking.php");
    			}
    			
    		}
    		
    		// if the form hasn't been submitted yet, show the form
    		else
    		{
    			renderForm();
    		}
    	}
    	// close the mysqli connection
    	$mysqli->close();
    ?>
    Thank you in advance
    Last edited by firepages; Jun 13th, 2018 at 03:12 PM.

  2. #2
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,237
    Thanks
    12
    Thanked 117 Times in 115 Posts
    PHP Code:
        $items_booked_in htmlentities($_POST['items_booked_in'], ENT_QUOTES); 
    $_POST['items_booked_in'] is going to be an array, so you would need to turn it into a string for storage...

    PHP Code:
    $items=NULL;
    foreach(
    $_POST['items_booked_in'] as $k){
      
    $items[]=htmlentities($kENT_QUOTES);
    }
    $items=implode(',',$items); 
    .. and if you decide to refill in the form form you would need to explode() that back into an array.
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)

  3. #3
    Regular Coder
    Join Date
    Apr 2012
    Posts
    295
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Thank you firepages, I tried the coding below on the new record section but is not adding to the db, below is the updated coding

    Code:
    <?php }
    
            /*
    
               EDIT RECORD
    
            */
    	// if the 'id' variable is set in the URL, we know that we need to edit a record
    	if (isset($_GET['id']))
    	{
    		// if the form's submit button is clicked, we need to process the form
    		if (isset($_POST['submit']))
    		{
    			// make sure the 'id' in the URL is valid
    			if (is_numeric($_POST['id']))
    			{
    				// get variables from the URL/form
    				$id = $_POST['id'];
    				$customer_name = htmlentities($_POST['customer_name'], ENT_QUOTES);
    				$customer_email = htmlentities($_POST['customer_email'], ENT_QUOTES);
    				$customer_phone = htmlentities($_POST['customer_phone'], ENT_QUOTES);
    				$items_booked_in = htmlentities($_POST['items_booked_in'], ENT_QUOTES);
    				$computer_make = htmlentities($_POST['computer_make'], ENT_QUOTES);
    				$computer_model = htmlentities($_POST['computer_model'], ENT_QUOTES);
    				$technician = htmlentities($_POST['technician'], ENT_QUOTES);
    				$status = htmlentities($_POST['status'], ENT_QUOTES);
    				$exrdate = htmlentities($_POST['exrdate'], ENT_QUOTES);
    				$exrtime = htmlentities($_POST['exrtime'], ENT_QUOTES);
    				$exstdate = htmlentities($_POST['exstdate'], ENT_QUOTES);
    				$exstime = htmlentities($_POST['exstime'], ENT_QUOTES);
    				$deltype = htmlentities($_POST['deltype'], ENT_QUOTES);
    				$comments = htmlentities($_POST['comments'], ENT_QUOTES);
    				$job_cost = htmlentities($_POST['job_cost'], ENT_QUOTES);
    				$part_cost = htmlentities($_POST['part_cost'], ENT_QUOTES);
    				$profit = htmlentities($_POST['profit'], ENT_QUOTES);
    				
    				// check that firstname and lastname are both not empty
    				if ($customer_name == '' || $customer_phone == '' || $computer_make == '' || $computer_model == '' || $comments == '')
    				{
    					// if they are empty, show an error message and display the form
    					$error = 'ERROR: Please fill in all required fields!';
    renderForm($customer_name, $customer_phone, $computer_make, $computer_model, $comments, $error, $id);
    				}
    				else
    				{
    					// if everything is fine, update the record in the database
    	if ($stmt = $mysqli->prepare("UPDATE repairs SET customer_name = ?, customer_email = ?, customer_phone = ?, items_booked_in = ?, computer_make = ?, computer_model = ?, technician = ?, status = ?, exrdate = ?, exrtime = ?, exstdate = ?, exstime = ?, deltype = ?, comments = ?, job_cost = ?, part_cost = ?, profit = ?
    						WHERE id=?"))
    					{
    	$stmt->bind_param("sssssssssssssssssi", $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $id);
    						$stmt->execute();
    						$stmt->close();
    					}
    					// show an error message if the query has an error
    					else
    					{
    						echo "ERROR: could not prepare SQL statement.";
    					}
    					
    					// redirect the user once the form is updated
    					header("Location: view-all-repairs-tracking.php");
    				}
    			}
    			// if the 'id' variable is not valid, show an error message
    			else
    			{
    				echo "Error!";
    			}
    		}
    		// if the form hasn't been submitted yet, get the info from the database and show the form
    		else
    		{
    			// make sure the 'id' value is valid
    			if (is_numeric($_GET['id']) && $_GET['id'] > 0)
    			{
    				// get 'id' from URL
    				$id = $_GET['id'];
    				
    				// get the recod from the database
    				if($stmt = $mysqli->prepare("SELECT id, customer_name, customer_email, customer_phone, items_booked_in, computer_make, computer_model, technician, status, exrdate, exrtime, exstdate, exstime, deltype, comments, job_cost, part_cost, profit, send_sms FROM repairs WHERE id=?"))
    				{
    					$stmt->bind_param("i", $id);
    					$stmt->execute();
    					
    					$stmt->bind_result($id, $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $send_sms);
    					$stmt->fetch();
    					
    					// show the form
    					renderForm($customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, NULL, $id, $send_sms);
    					
    					$stmt->close();
    				}
    				// show an error if the query has an error
    				else
    				{
    					echo "Error: could not prepare SQL statement";
    				}
    			}
    			// if the 'id' value is not valid, redirect the user back to the view.php page
    			else
    			{
    				header("Location: view-all-repairs-tracking.php");
    			}
    		}
    	}
    	
            /*
    
               NEW RECORD
    
            */
    		
    	// if the 'id' variable is not set in the URL, we must be creating a new record
    	else
    	{
    		// if the form's submit button is clicked, we need to process the form
    		if (isset($_POST['submit']))
    		{
    			
    			$country_code = '44';
    			
    			// get the form data
    			$customer_name = htmlentities($_POST['customer_name'], ENT_QUOTES);
    			$customer_email = htmlentities($_POST['customer_email'], ENT_QUOTES);
    			$customer_phone = htmlentities($_POST['customer_phone'], ENT_QUOTES); 			
    			$items=NULL;
    foreach($_POST['items_booked_in'] as $k){
      $items[]=htmlentities($k, ENT_QUOTES);
    }
    $items=implode(',',$items);
    			$computer_make = htmlentities($_POST['computer_make'], ENT_QUOTES);
    			$computer_model = htmlentities($_POST['computer_model'], ENT_QUOTES);
    			$technician = htmlentities($_POST['technician'], ENT_QUOTES);
    			$status = htmlentities($_POST['status'], ENT_QUOTES);
    			$exrdate = htmlentities($_POST['exrdate'], ENT_QUOTES);
    			$exrtime = htmlentities($_POST['exrtime'], ENT_QUOTES);
    			$exstdate = htmlentities($_POST['exstdate'], ENT_QUOTES);
    			$exstime = htmlentities($_POST['exstime'], ENT_QUOTES);
    			$deltype = htmlentities($_POST['deltype'], ENT_QUOTES);
    			$comments = htmlentities($_POST['comments'], ENT_QUOTES);
    			$job_cost = htmlentities($_POST['job_cost'], ENT_QUOTES);
    			$part_cost = htmlentities($_POST['part_cost'], ENT_QUOTES);
    			$profit = htmlentities($_POST['profit'], ENT_QUOTES);
    			$username = htmlentities($_POST['user_name'], ENT_QUOTES);
    			$password = htmlentities($_POST['user_pass'], ENT_QUOTES);
    			
    			// check that firstname and lastname are both not empty
    			if ($customer_name == '' || $computer_make == '' || $computer_model == '' || $comments == '' )
    			{
    				// if they are empty, show an error message and display the form
    				$error = 'ERROR: Please fill in all required fields!';
    	renderForm($customer_name, $computer_make, $computer_model, $comments, $username, $password, $error);
    			}
    			else
    			{
    				// insert the new record into the database
    
    
    				//hash the password
    		$hashed_password = password_hash($password, PASSWORD_DEFAULT);
    				
    				if ($stmt = $mysqli->prepare("INSERT repairs (customer_name, customer_email, customer_phone, items_booked_in, computer_make, computer_model, technician, status, exrdate, exrtime, exstdate, exstime, deltype, comments, job_cost, part_cost, profit, user_name, user_pass) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)"))				
    				
    				{
    					$stmt->bind_param("sssssssssssssssssss", $customer_name, $customer_email, $customer_phone, $items_booked_in, $computer_make, $computer_model, $technician, $status, $exrdate, $exrtime, $exstdate, $exstime, $deltype, $comments, $job_cost, $part_cost, $profit, $username, $password);
    					$stmt->execute();
    				$repair_id = $mysqli->insert_id;
    				//check for existing user
    			$check_user = $mysqli->prepare("SELECT customer_email,customer_phone from users where customer_email=?");
    			$check_user->bind_param("s", $customer_email);
    						$check_user->execute();
    						$check_user->bind_result($customer_email, $customer_phone);
    
    						if(!$check_user->fetch()){
    			if ($stmt = $mysqli->prepare("INSERT users (user_name, user_pass, customer_name, customer_email, customer_phone) VALUES (?, ?, ?, ?, ?)"))
    					
    					{
    						$stmt->bind_param("sssss", $username, $hashed_password, $customer_name, $customer_email, $customer_phone);
    						$stmt->execute();
    						$userid=$stmt->insert_id;
    					$stmt->close();
    					
    					$stmt = $mysqli->prepare("UPDATE repairs SET userid = $userid WHERE id=$repair_id");
    						$stmt->execute();
    						$stmt->close();
    					
    					
    				}
    						
    				// show an error if the query has an error
    				else
    				{
    					echo "ERROR: Could not prepare SQL statement.";
    				}
    				}
    				if(isset($_POST['send_sms'])):
    					
    					
    					
    					
    						$SMS = "Hello ".$customer_name.". Your repair has been booked in with IT Done Right. Your Repair ID is ".$repair_id.". To track your repair, please visit https://www.it-doneright.co.uk/track-my-repair
    FROM IT Done Right";
    
    
    						function sendSMS($username, $password, $customer_phone, $message, $originator) {
        $URL = 'https://api.textmarketer.co.uk/gateway/'."?username=$username&password=$password&option=xml";
        $URL .= "&to=$customer_phone&message=".urlencode($message).'&orig='.urlencode($originator);
        $fp = fopen($URL, 'r');
        
    	return fread($fp, 1024);
    }
    
    					$from = '';
    					$response = sendSMS('', '', $customer_phone, $SMS, $from);
    
    
    
    
    
    						if ($stmt = $mysqli->prepare("UPDATE repairs SET send_sms = 1 WHERE id=$repair_id"))
    					{
    	
    						$stmt->execute();
    						$stmt->close();
    					}
    					// show an error message if the query has an error
    					else
    					{
    						echo "ERROR: could not prepare SQL statement.";
    					}
    					
    					
    					
    					
    					
    					endif;
    				}
    	
    				// redirec the user
    				header("Location: view-all-repairs-tracking.php");
    			}
    			
    		}
    		
    		// if the form hasn't been submitted yet, show the form
    		else
    		{
    			renderForm();
    		}
    	}
    	// close the mysqli connection
    	$mysqli->close();
    ?>
    Last edited by ianhaney; Jun 13th, 2018 at 04:56 PM.

  4. #4
    Master Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    5,764
    Thanks
    26
    Thanked 596 Times in 589 Posts
    It still contains the mentioned problems here https://www.dreamincode.net/forums/t...n-one-db-table
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  5. #5
    Regular Coder
    Join Date
    Apr 2012
    Posts
    295
    Thanks
    0
    Thanked 0 Times in 0 Posts
    To be honest, I am unsure how to solve the issues as I got the script online and just trying to add to it

  6. #6
    Master Coder Dormilich's Avatar
    Join Date
    Jan 2010
    Location
    Behind the Wall
    Posts
    5,764
    Thanks
    26
    Thanked 596 Times in 589 Posts
    Anything you add will only delay and increase problems. The root issue is that the database design is insufficient. You have a single table that is doing the job that you normally (pun intended) would spread over several tables (at least customers, invoices, items, staff, and work progress, optionally tables for constraints like types, models, status, etc.).
    The computer is always right. The computer is always right. The computer is always right. Take it from someone who has programmed for over ten years: not once has the computational mechanism of the machine malfunctioned.
    André Behrens, NY Times Software Developer

  7. #7
    Regular Coder
    Join Date
    Apr 2012
    Posts
    295
    Thanks
    0
    Thanked 0 Times in 0 Posts
    ok think I will admit defeat on this one as I'm no php developer

  8. #8
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    4,223
    Thanks
    3
    Thanked 550 Times in 535 Posts
    I'm going to guess that no row is being inserted/updated at all, because your form doesn't have any form field named 'submit' and this code is skipping over all the processing logic when the form is submitted OR if you have edited out a large amount of the form when posting it here, the items_booked_in column doesn't have anything in it because you never used the correct variable name in the database code, which would be producing a php undefined variable error if you have php's error_reporting, display_errors, and output_buffering setup correctly to display all php errors on your development system and to not redirect when output has already been sent to the browser (which may be why you are not seeing any errors now.)

    A few threads back, I tried to goad you into actually doing some of the things that are being suggested in the replies in your threads. Making use of the programming practices that are being suggested will simplify your code and result in code that either works or it will tell you when, where, and why it isn't working. As it is, you have far too much unnecessary and repetitive code, that no one, including you, can even determine what it is doing (are you aware that you are inserting the plain-text password into the repairs table?).

    In just the code in this thread -

    1) htmlentities() is an OUTPUT function. You use it when you output data to the browser. You do NOT use it on data being supplied to an sql query.

    2) The renderForm() function shouldn't exist at all. First of all, it's not doing what its name states. It contains more then just the form. Next, functions should not contain a part of your application code, that you must edit every time you make a change to your application or create a different application. If there was a good reason for this function, the field data should be passed as a single array parameter, so that you don't have to both edit the list of parameters in the function definition and in each function call every time you make a change to the form.

    What you should do is just have the html document at the end of your code. The php code leading up to the html document will get/produce the data needed in the html document. The php logic in the html document will just take the data that has been gotten/produced and will have simple php statements to output the data in the appropriate place. This will eliminate a lot of the php conditional logic you have now in the code. htmlentities() would be used in this code, when you produce the html document, not in the code for the insert/update queries.

    3) You need to properly store the unique/one-time user information in the users table and store the unique/one-time repair information in the repairs table, related back to the user through the user id (auto-increment column in the users table.) You should not duplicate user information between the two tables and you should certainly not store the plain-text password in the repairs table. If you make the user registration a separate process from the repair submission, it will simplify the logic. Editing the user information or editing the repair information would also be separate processes.

    Separating these processes will then make it possible to apply user permissions to each of these. Inserting the initial user and the unique/one-time repair information is likely by the user. Updating repair information or inserting repair status information is done by an employee. You should insert new rows for each status change, related back to the repairs record through the repair id (auto-increment column in the repairs table) so that you can track the who, what, when, where, and why information for each repair.

    4) Any error messages your code produces should be unique and descriptive and if you use exceptions, as has already been suggested, to handle the database statement errors, you can simplify the code by removing any database error handling logic you have now. This only requires one line of code to set the error mode to exceptions for the database extension you are using.

    5) If you use the php PDO extension, all the database code will be simplified. You can eliminate the messy bind_param() and bind_result() statements, where you have had to list out dozens variables.

    6) As has already been written, you need exit; statements after each header() redirect.

    7) Your data needs to be normalize. You should NOT try to insert multiple items in a single column. If the subject of this thread is to store a list of items that were received for a repair, after you store the unique/one-time repair information, which will produce a repair id, you would have a different database table to store the items booked in, one row per item, related back to the corresponding repair through the repair id.

    8) If you are doing this as part of a learning process, you should learn using forms that have just a few form fields, so that you are spending your time learning the techniques you need to know, not spending your time beating on a keyboard with make-work typing. If you are doing this for real, once you have more than about three form fields, you should be dynamically processing the form data, rather than writing out blocks of code and variables for each different form field. You should be spending most of your time creating the program logic that accomplishes a task, rather than spending your time typing/copy-pasting repetitive code.

    I recommend that before you spend more time just trying to make your code work, that you sit down and figure out the 'work flow' needed for this task and what data you need to input and store for each different process and for each step within a process. What happens when someone sits down in front of a computer for the first time for a new user? For an existing user? For a new repair? For an existing repair? For each change in the status of a repair? By creating this definition first, you can then concentrate on designing, writing, and testing the code for each step, one step at a time, and you won't have any crazy things going on like inserting plain-text passwords in the repairs table.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  9. #9
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    4,223
    Thanks
    3
    Thanked 550 Times in 535 Posts
    Quote Originally Posted by ianhaney View Post
    ok think I will admit defeat on this one as I'm no php developer
    See the last paragraph in my reply above. Defining what you are trying to accomplish is paramount to writing code that accomplishing something. Without a clear definition, you have nothing to guide you and you just waste a huge amount of time going around in circles.
    Finding out HOW to do something is called research, i.e. keep searching until you find the answer. After you attempt to do something and cannot solve a problem with it yourself, would be when you ask others for help.

  10. #10
    Super Moderator
    Join Date
    May 2002
    Location
    Perth Australia
    Posts
    4,237
    Thanks
    12
    Thanked 117 Times in 115 Posts
    Just change to...
    PHP Code:
    foreach($_POST['items_booked_in'] as $k){
      
    $items[]=htmlentities($kENT_QUOTES);
    }
    $items_booked_in=implode(',',$items); 
    resistance is...

    MVC is the current buzz in web application architectures. It comes from event-driven desktop application design and doesn't fit into web application design very well. But luckily nobody really knows what MVC means, so we can call our presentation layer separation mechanism MVC and move on. (Rasmus Lerdorf)


 

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •