Help passing variables

Keaner

Hey guys and gals,

I'm having a problem passing some variables around. Well, not really but you'll see what I mean. Here's the basic layout of the page:

1) searchForm.php - This form has the search criteria the user wants to search by. Eg, serial Number, Asset Number, Location. When the user clicks on search they are brought to search.php

2) search.php - This page takes the search criteria and spits out records depending on the search criteria. It also displays an edit link next to each record. When you click on this link it brings you to update.php

3) update.php - This form displays the individual fields of the record chosen from search.php in text boxes and a list box. The user can then chenge any details and either update the record or delete the record. Either way the user should be sent back to search.php with the same search criteria as before. Here's where my problem is.

The variables are passing around fine but when search.php gets displayed again, the only thing that comes up is the main title. This probably means that theres something wrong with the search criteria. Any help on this would be greatly appreciated and thanks in advance.

SEARCH.PHP

<?
include("header.inc");
include("menu.inc");
include("details.inc");

$searching=$_POST['searching'];

if (isset($_POST['btnUpdate'])) {
  $searching=$_GET['searching'];
}

if ($searching == "serNum") {
   $search=$_POST['serial'];
}
elseif ($searching == "assNum") {
   $search=$_POST['asset'];
}
elseif ($searching == "locate") {
   $search=$_POST['location'];
}
?>

<TR ALIGN="CENTER">
   <TD><H2><CENTER>Display results: <?printf($search);?></CENTER></H2><P>
   </TD>
</TR>

<TR ALIGN="CENTER">
   <TD>

<form name="frmCheck" action="<?php echo $PHP_SELF; ?>" method="post">

<?
if (isset($_POST['btnSearch'])) {
   //Check if the user checked a search criteria
   if($searching == "") {
     printf("Please select a search criteria");
   }
   //Check if the user did select a search criteria
   elseif ($searching != "") {
      include("title.inc");
      //Check if the selected search criteria is by serial number
      if ($searching == "serNum") {
         $query="SELECT * FROM assets WHERE serialNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by asset number
      elseif ($searching == "assNum") {
         $query="SELECT * FROM assets WHERE assetNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by location
      elseif ($searching == "locate") {
         $query="SELECT * FROM assets WHERE location='" . $search . "'";
         $result=mysql_query($query);
         //Check if the user choose to display all
         if ($search=="Display All") {
            $query="SELECT * FROM assets ORDER BY location ASC";
            $result=mysql_query($query);
         }
      }

//Fetch the info from the database into an array and display the records with an edit link beside them
While ($rs = mysql_fetch_array($result)) {

   print ("<TR ALIGN=CENTER><TD><A HREF=update.php?id=".$rs['id']."&searching=".$searching."&search=".$search.">Edit</A></TD><TD>" . $rs['itemName'] . "</TD><TD>" . $rs['serialNum'] . "</TD><TD>" . $rs['assetNum'] . "</TD><TD>" . $rs['location'] . "</TD><TD>" . $rs['po'] . "</TD><TD>" . $rs['entryDate'] . "</TD><TD>" . $rs['warranty'] . "</TD></TR>");}
   }
}
?>

   </TABLE>
   </TD>
</TR>

<?
include("footer.inc");
?>

UPDATE.PHP

<?
include("details.inc");

//post values into the variables from the search.php form
$asset = stripslashes(addslashes($_POST['asset']));
$name = stripslashes(addslashes($_POST['name']));
$location = stripslashes(addslashes($_POST['location']));
$po = stripslashes(addslashes($_POST['po']));
$warranty = stripslashes(addslashes($_POST['warranty']));
$serial = stripslashes(addslashes($_POST['serial']));

//get id num into the $id variable, else post
if(isset($_GET['id'])){
$id=$_GET['id'];
}else{
$id = $_POST['id'];
}

$searching=$_GET['searching'];
$search=$_GET['search'];

$query="SELECT * FROM assets WHERE id=".$id;
$result=mysql_query($query);
$rs= mysql_fetch_array($result);

//if the delete button is clicked, delete the current record and display to the user that it was deleted
if(isset($_POST['btnDelete'])) {
$query="DELETE FROM assets WHERE id=".$id;
mysql_query($query) or die (mysql_error());
header("Location: search.php?id=".$rs['id']."&searching=".$searching."&search=".$search);
}

//if the update button is clicked, update the current record and display to the user that it was updated
if(isset($_POST['btnUpdate'])) {
$query = "UPDATE assets SET serialNum = '".$serial."', assetNum = '".$asset."', itemName = '".$name."',location = '".$location."', po = '".$po."',warranty = '".$warranty."' WHERE id = ".$id;
mysql_query($query) or die (mysql_error());
header("Location: search.php?id=".$rs['id']."&searching=".$searching."&search=".$search);
}

include("header.inc");
include("menu.inc");
?>

<TR ALIGN="CENTER">
   <TD><CENTER><H2>Update Database</H2></CENTER><P></TD>
</TR>

<form method="post" action="<?php echo $PHP_SELF;?>">

<TR ALIGN="CENTER">
   <TD>
      <TABLE BORDER=1 WIDTH=40% ALIGN="CENTER">
      <TR ALIGN=CENTER>
        <TD><B>Item Name</B></TD>
        <TD><Input type="text" name="name" size="20" value="<? echo $rs['itemName'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Serial Number</B></TD>
         <TD><Input type="text" name="serial" size="20" value="<? echo $rs['serialNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Asset Number</B></TD>
         <TD><Input type="text" name="asset" size="20" value="<? echo $rs['assetNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Location</B></TD><TD>
   <?

   //selection array to place the locations into the select box and determine which one is selected

   $location_array = array("Baie Verte", "Botwood", "Bishop Falls", "Buchans", "Carmanville", "Centreville", "Change Islands", "Fogo Island", "Gambo", "Gander", "Gaultois", "Glenwood", "Glovertown", "Grand Falls", "Greenspond", "HarbourBreton", "Hare Bay", "Harry's Harbour", "Hermitage", "King's Point", "LaScie", "Lewisporte", "Lumsden", "Musgrave Harbour", "Norris Arm", "Point Leamington", "Robert's Arm", "Seal Cove", "Springdale", "St. Alban's", "Summerford", "Twillingate", "Wesleyville");
    echo "<SELECT NAME=location>";
    foreach($location_array as $value){
    echo "<OPTION VALUE=".urlencode($value);
    if($rs['location'] == $value)
       echo " SELECTED";
       echo ">".$value."</OPTION>";
    }
    echo "</SELECT>";
   ?>
         </TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>P.O. #</B></TD>
         <TD><Input type="text" name="po" size="20" value="<? echo $rs['po'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Warranty</B></TD>
         <TD><Input type="text" name="warranty" size="20" value="<? echo $rs['warranty'] ?>"></TD>
      </TR>
      </TABLE>
      <BR><CENTER>
      <input type="Submit" name="btnUpdate" Value="Update Record">
       <input type="Submit" name="btnDelete" Value="Delete Record">
      </FORM></CENTER>
   </TD>
</TR>

<?
include("footer.inc");
?>

Keaner

Can anybody help?

kevinc

Firstly, line breaks are good! I don't like having to scroll miles across!

Secondly, why are you bothering with $GET and $POST variables between scripts? Sessions are MUCH easier, and work better. -- I'd suggest, once you've received the users' input from your form, you register sessions of whatever form elements you have. ($SESSION['name'] = "Kevin") , then if you have a "name" field, it would be <input type="name" value="'.$SESSION['name'].'"> -- This way, you can change whatever you want, wherever, and unless those $_SESSION variables change, become unset, or the user closes their browser, the values will be there.

Thirdly, what on earth is this!?! :

$asset = stripslashes(addslashes($_POST['asset']));

Okay, saying stripslashes(addslashes( is like saying +2-2 ... you're adding something, then immediately taking it away.
If you're inserting it into a database, you only want to addslashes. You stripslashes when you're retrieving the information. A little tip, instead of having to run through every variable, and manually writing addslashes( to it, you can use the following code:

foreach($_POST as $key=>$value) {
         $$key = addslashes($value);
}

The above code will run through ALL of the $_POST variables, and add the needed slashes to it. This dramatically cuts down your coding when receiving form posts.

I hope this helps you.

Kevin.

m3rajk

Originally posted by kevinc
Firstly, line breaks are good! I don't like having to scroll miles across!

Secondly, why are you bothering with $GET and $POST variables between scripts? Sessions are MUCH easier, and work better. -- I'd suggest, once you've received the users' input from your form, you register sessions of whatever form elements you have. ($SESSION['name'] = "Kevin") , then if you have a "name" field, it would be <input type="name" value="'.$SESSION['name'].'"> -- This way, you can change whatever you want, wherever, and unless those $_SESSION variables change, become unset, or the user closes their browser, the values will be there.

Thirdly, what on earth is this!?! :
$asset = stripslashes(addslashes($_POST['asset'])); 
Okay, saying stripslashes(addslashes( is like saying +2-2 ... you're adding something, then immediately taking it away.
If you're inserting it into a database, you only want to addslashes. You stripslashes when you're retrieving the information. A little tip, instead of having to run through every variable, and manually writing addslashes( to it, you can use the following code:
foreach($_POST as $key=>$value) {
         $$key = addslashes($value);
}
The above code will run through ALL of the $_POST variables, and add the needed slashes to it. This dramatically cuts down your coding when receiving form posts.

I hope this helps you.

Kevin. [/B]

funny thing about sessione. they use get, post or cookies, which means even though you didn't realize it, you've been using get and post. he's just better about it since he makes sure that people don't need cookies enabled.

it's just as easy. so that's not the issue. the issue here is likely the fact there's no expiration, so it goes to look for the page and there's somthing outdated so it doesn't display the cache but doen't check the server. i've seen that elsewhere.

add an expiration header, but if you wanna be thurogh, also use pragma and chaching tricks witht he headers. more information is readily available in any book, or online at http://www.php.net and search for headers() (or is it header() ?)