Why is this saving wrong Data into the database?

Keaner

Hey guys and gals,

I'm having two small problems with my page and I'm having lots of trouble figuring out what's wrong. Here are the problems along with what the page should do:

All records (or specified ones) will be displayed in a table (in search.php) with an edit link next to them. When you click this link you will be sent to update.php where it will get the record from the database and display it for you in text/list boxes. You can then update or delete the record from there. For some reason when I click on update it cuts any multiple words in the location down to one word. For example "Fogo Island" becomes "Fogo". Also, any item names that have a double quote in them will screw up. For example, "Gateway 17" Monitor" becomes "Gateway 17". I know what the problem is there but the only way I can figure around it is to use 2 single quotes instead. But there has to be a better way.

PS, addslashes isn't helping either of the above problems.

My second problem occured when I tried to have the page automatically refresh to search.php after clicking the update or delete buttons. Basically I want to start with the search page, click on edit which brings you to update.php. Then get brought back to search.php. But when you go to search.php again this error pops up "You have an error in your SQL syntax near '' at line 1".

If you guys have any questions about how my pages works Just ask. Here is my code to date for these two pages:

SEARCH.PHP

<?
include("header.inc");
include("menu.inc");
include("details.inc");
?>

<TR ALIGN="CENTER">
   <TD><H2><CENTER>Display results</CENTER></H2><P>
   </TD>
</TR>

<TR ALIGN="CENTER">
   <TD>

<?
$searching=$_POST['searching'];

?>
<form name="frmCheck" action="<?php echo $PHP_SELF; ?>" method="post">

<?
if (isset($_POST['btnSearch'])) {
   //Check if the user checked a search criteria
   if($searching == "") {
     printf("Please select a search criteria");
   }
   //Check if the user did select a search criteria
   elseif ($searching != "") {
      include("title.inc");
      //Check if the selected search criteria is by serial number
      if ($searching == "serNum") {
         $search=$_POST['serial'];
         $query="SELECT * FROM assets WHERE serialNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by asset number
      elseif ($searching == "assNum") {
         $search=$_POST['asset'];
         $query="SELECT * FROM assets WHERE assetNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by location
      elseif ($searching == "locate") {
         $search=$_POST['location'];
         $query="SELECT * FROM assets WHERE location='" . $search . "'";
         $result=mysql_query($query);
         //Check if the user choose to display all
         if ($search == "Display All") {
            $query="SELECT * FROM assets ORDER BY location ASC";
            $result=mysql_query($query);
         }
      }

//Fetch the info from the database into an array and display the records with an edit link beside them
While ($rs = mysql_fetch_array($result)) {

print ("<TR ALIGN=CENTER><TD><A HREF=update.php?id=".$rs['id'].">Edit</A></TD><TD>" . $rs['itemName'] . "</TD><TD>" . $rs['serialNum'] . "</TD><TD>" . $rs['assetNum'] . "</TD><TD>" . $rs['location'] . "</TD><TD>" . $rs['description'] . "</TD><TD>" . $rs['entryDate'] . "</TD><TD>" . $rs['warranty'] . "</TD></TR>");}
   }
}
?>

</TABLE>
</TD>
</TR>

<?
include("footer.inc");
?>

UPDATE.PHP

<?
include("details.inc");

//post values into the variables from the search.php form
$asset = stripslashes(addslashes($_POST['asset']));
$name = stripslashes(addslashes($_POST['name']));
$location = stripslashes(addslashes($_POST['location']));
$description = stripslashes(addslashes($_POST['description']));
$warranty = stripslashes(addslashes($_POST['warranty']));
$serial = stripslashes(addslashes($_POST['serial']));

//get id num into the $id variable, else post
if(isset($_GET['id'])){
$id=$_GET['id'];
}else{
$id = $_POST['id'];
}

$query="SELECT * FROM assets WHERE id=".$id;
$result=mysql_query($query);
$rs= mysql_fetch_array($result);

//if the delete button is clicked, delete the current record and display to the user that it was deleted
if(isset($_POST['btnDelete'])) {
$query="DELETE FROM assets WHERE id=".$id;
mysql_query($query) or die (mysql_error());
header("Location: search.php");
}

//if the update button is clicked, update the current record and display to the user that it was updated
if(isset($_POST['btnUpdate'])) {
$query = "UPDATE assets SET serialNum = '".$serial."', assetNum = '".$asset."', itemName = '".$name."',location = '".$location."', description = '".$description."',warranty = '".$warranty."' WHERE id = ".$id;
mysql_query($query) or die (mysql_error());
header("Location: search.php");
}

$rs['location']=addslashes($rs['location']);

include("header.inc");
include("menu.inc");
?>

<TR ALIGN="CENTER">
   <TD><CENTER><H2>Update Database</H2></CENTER><P></TD>
</TR>

<form method="post" action="<?php echo $PHP_SELF;?>">

<TR ALIGN="CENTER">
   <TD>
      <TABLE BORDER=1 WIDTH=40% ALIGN="CENTER">
      <TR ALIGN=CENTER>
        <TD><B>Item Name</B></TD>
        <TD><Input type="text" name="name" size="20" value="<? echo $rs['itemName'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Serial Number</B></TD>
         <TD><Input type="text" name="serial" size="20" value="<? echo $rs['serialNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Asset Number</B></TD>
         <TD><Input type="text" name="asset" size="20" value="<? echo $rs['assetNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Location</B></TD><TD>
   <?
//selection array to place the locations into the select box and determine which one is selected

$location_array = array("Baie Verte", "Botwood", "Bishop Falls", "Buchans", "Carmanville", "Centreville", "Change Islands", "Fogo Island", "Gambo", "Gander", "Gaultois", "Glenwood", "Glovertown", "Grand Falls", "Greenspond", "HarbourBreton", "Hare Bay", "Harry's Harbour", "Hermitage", "King's Point", "LaScie", "Lewisporte", "Lumsden", "Musgrave Harbour", "Norris Arm", "Point Leamington", "Robert's Arm", "Seal Cove", "Springdale", "St. Alban's", "Summerford", "Twillingate", "Wesleyville");
echo "<SELECT NAME=location>";
foreach($location_array as $value){
echo "<OPTION VALUE=".$value;
if($rs['location'] == $value)
   echo " SELECTED";
   echo ">".$value."</OPTION>";
}
echo "</SELECT>";
   ?>
         </TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Description</B></TD>
         <TD><Input type="text" name="description" size="20" value="<? echo $rs['description'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Warranty</B></TD>
         <TD><Input type="text" name="warranty" size="20" value="<? echo $rs['warranty'] ?>"></TD>
      </TR>
      </TABLE>
      <BR><CENTER>
      <input type="Submit" name="btnUpdate" Value="Update Record">
       <input type="Submit" name="btnDelete" Value="Delete Record">
      </FORM></CENTER>
   </TD>
</TR>

<?
include("footer.inc");
?>

Any help is greatly appreciated and thanks in advance.
Rod

kevinsequeira

http://www.phpbuilder.com/board/showthread.php?postid=10377166#post10377166

Keaner

Sorry, just didn't know which forum to put it in so I did both. Won't happen again.

kevinsequeira

ok,
1. well the reason why the search gives u an invalid SQL is cause after you update you aren't passing the search condition back to the search form, so it doesnt know what criteria to search on.
so when u pass the id in the Edit link u also need to pass the search criteria and then pass this as hidden values in the update form and finally after updating append the values to the header location

so the first bit

print ("<TR ALIGN=CENTER><TD><A HREF=update.php?id=".$rs['id'].">Edit</A></TD><TD>" . $rs['itemName'] . "</TD><TD>" . $rs['serialNum'] . "</TD><TD>" . $rs['assetNum'] . "</TD><TD>" . $rs['location'] . "</TD><TD>" . $rs['description'] . "</TD><TD>" . $rs['entryDate'] . "</TD><TD>" . $rs['warranty'] . "</TD></TR>");

becomes

print ("<TR ALIGN=CENTER><TD><A HREF=update.php?id=".$rs['id']."&searching=".$searching."&search=".$search.">Edit</A></TD><TD>" . $rs['itemName'] . "</TD><TD>" . $rs['serialNum'] . "</TD><TD>" . $rs['assetNum'] . "</TD><TD>" . $rs['location'] . "</TD><TD>" . $rs['description'] . "</TD><TD>" . $rs['entryDate'] . "</TD><TD>" . $rs['warranty'] . "</TD></TR>");

get $searching and $search in the form and then have header("location:search.php?searching=".$searching."&search=".$search);
2. as for Fogo Island becoming Fogo try using urlencode / urldecode

echo "<OPTION VALUE=".urlencode($value);

is there a link to this page or is it on your local machine ??

reg
kevin

Keaner

Ok, Two questions. I have to put somthing like this in update.php or search.php?

$search=$GET['search'];
$searching=$GET['searching'];

As for the second part I'm pretty confused. Like where does this code go and what should be in place of $value?:

echo "<OPTION VALUE=".urlencode($value);

I'd love to have you check out the page but I was given strick instructions from my boss not to let anybody into it. Sorry.

Keaner

Ok, I put this in:

echo "<SELECT NAME=location>";
    foreach($location_array as $value){
    echo "<OPTION VALUE=".urlencode($value);
    if($rs['location'] == $value)
       echo " SELECTED";
       echo ">".$value."</OPTION>";
    }
echo "</SELECT>";

and when I update it now comes out as "Fogo+Island". It's working but not exactly right.

Keaner

How how I can get rid of + between Fogo and Island using urldecode?

As for the second part. I have the $searching and $search variables in update.php (I printed the out to make sure). But when I click on update or delete, search.php comes up with only the header and titles. I understand why this isn't working now but I have no idea how to fix it.