[Resolved] passing hidden variables

Keaner

Hey guys and gals,

Here's the low down on what I want to do:

I have a page that searches for records in a database and brings you to search.php where the specific search criteria is displayed with an edit link next to each record.

When you click on the link it brings you to update.php where it displayes the contents of that specific record. You can then edit the record or delete it. This is where my problem is.

When the user clicks on the link I want the page to send them back to search.php with the original search criteria. For example, if I search for botwood, choose a record and delete it. It should bring me back to search with only botwood records showing and the deleted record gone.

I know I have to use a hidden variable to do this but I'm not sure exactly how to use it. Any help is greatly appreciated and thanks in advance. Here's the code:

SEARCH.PHP

<?
include("header.inc");
include("menu.inc");
include("details.inc");

//post values into the variables from the search.php form
$asset = stripslashes(addslashes($_POST['asset']));
$name = stripslashes(addslashes($_POST['name']));
$location = stripslashes(addslashes($_POST['location']));
$po = stripslashes(addslashes($_POST['po']));
$warranty = stripslashes(addslashes($_POST['warranty']));
$serial = stripslashes(addslashes($_POST['serial']));
$searching=$_POST['searching'];

if (isset($_POST['btnUpdate'])) {
  $searching=$_GET['searching'];
}

if ($searching == "serNum") {
   $search=$_POST['serial'];
}
elseif ($searching == "assNum") {
   $search=$_POST['asset'];
}
elseif ($searching == "locate") {
   $search=$_POST['location'];
}
?>

<TR ALIGN="CENTER">
   <TD><H2><CENTER>Display results: <? echo $search?></CENTER></H2><P>
   </TD>
</TR>

<TR ALIGN="CENTER">
   <TD>

<form name="frmCheck" action="<?php echo $PHP_SELF; ?>" method="post">

<?
//if the delete button is clicked, delete the current record and display to the user that it was deleted
if(isset($_POST['btnDelete'])) {
$query="DELETE FROM assets WHERE id=".$id;
mysql_query($query) or die (mysql_error());
}

//if the update button is clicked, update the current record and display to the user that it was updated
if(isset($_POST['btnUpdate'])) {
$query = "UPDATE assets SET serialNum = '".$serial."', assetNum = '".$asset."', itemName = '".$name."',location = '".$location."', po = '".$po."',warranty = '".$warranty."' WHERE id = ".$id;
mysql_query($query) or die (mysql_error());
}

if (isset($_POST['btnSearch'])) {
   //Check if the user checked a search criteria
   if($searching == "") {
     printf("Please select a search criteria");
   }
   //Check if the user did select a search criteria
   elseif ($searching != "") {
      include("title.inc");
      //Check if the selected search criteria is by serial number
      if ($searching == "serNum") {
         $query="SELECT * FROM assets WHERE serialNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by asset number
      elseif ($searching == "assNum") {
         $query="SELECT * FROM assets WHERE assetNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by location
      elseif ($searching == "locate") {
         $query="SELECT * FROM assets WHERE location='" . $search . "'";
         $result=mysql_query($query);
         //Check if the user choose to display all
         if ($search=="Display All") {
            $query="SELECT * FROM assets ORDER BY location ASC";
            $result=mysql_query($query);
         }
      }

//Fetch the info from the database into an array and display the records with an edit link beside them
While ($rs = mysql_fetch_array($result)) {

   print ("<TR ALIGN=CENTER><TD><A HREF=update.php?id=".$rs['id']."&searching=".$searching."&search=".$search.">Edit</A></TD><TD>" . $rs['itemName'] . "</TD><TD>" . $rs['serialNum'] . "</TD><TD>" . $rs['assetNum'] . "</TD><TD>" . $rs['location'] . "</TD><TD>" . $rs['po'] . "</TD><TD>" . $rs['entryDate'] . "</TD><TD>" . $rs['warranty'] . "</TD></TR>");}
   }
}
?>

   </TABLE>
   </TD>
</TR>

<?
include("footer.inc");
?>

UPDATE.PHP

<?
include("details.inc");

//post values into the variables from the search.php form
$asset = stripslashes(addslashes($_POST['asset']));
$name = stripslashes(addslashes($_POST['name']));
$location = stripslashes(addslashes($_POST['location']));
$po = stripslashes(addslashes($_POST['po']));
$warranty = stripslashes(addslashes($_POST['warranty']));
$serial = stripslashes(addslashes($_POST['serial']));

//get id num into the $id variable, else post
if(isset($_GET['id'])){
$id=$_GET['id'];
}else{
$id = $_POST['id'];
}

$query="SELECT * FROM assets WHERE id=".$id;
$result=mysql_query($query);
$rs=mysql_fetch_array($result);

include("header.inc");
include("menu.inc");
?>

<TR ALIGN="CENTER">
   <TD><CENTER><H2>Update Database</H2></CENTER><P></TD>
</TR>

<form method=post action=search.php>

<TR ALIGN=CENTER>
   <TD>
      <TABLE BORDER=1 WIDTH=40% ALIGN=CENTER>
      <TR ALIGN=CENTER>
        <TD><B>Item Name</B></TD>
        <TD><Input type="text" name="name" size="20" value="<? echo $rs['itemName'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Serial Number</B></TD>
         <TD><Input type="text" name="serial" size="20" value="<? echo $rs['serialNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Asset Number</B></TD>
         <TD><Input type="text" name="asset" size="20" value="<? echo $rs['assetNum'] ?>"></TD>
      </TR>
      <Input type=hidden>
      <TR ALIGN=CENTER>
         <TD><B>Location</B></TD><TD>
      <?
      $location_array = array("Baie Verte", "Botwood", "Bishop Falls", "Buchans", "Carmanville", "Centreville", "Change Islands", "Fogo Island", "Gambo", "Gander", "Gaultois", "Glenwood", "Glovertown", "Grand Falls", "Greenspond", "Harbour Breton", "Hare Bay", "Harry's Harbour", "Hermitage", "King's Point", "La Scie", "Lewisporte", "Lumsden", "Musgrave Harbour", "Norris Arm", "Point Leamington", "Robert's Arm", "Seal Cove", "Springdale", "St. Alban's", "Summerford", "Twillingate", "Wesleyville");
      echo "<SELECT NAME=location>";
      foreach($location_array as $value){
      echo "<OPTION VALUE=".urlencode($value);
      if($rs['location'] == $value)
         echo " SELECTED";
         echo ">".$value."</OPTION>";
      }
      echo "</SELECT>";
      ?>
      </TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>P.O. #</B></TD>
         <TD><Input type="text" name="po" size="20" value="<? echo $rs['po'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Warranty</B></TD>
         <TD><Input type="text" name="warranty" size="20" value="<? echo $rs['warranty'] ?>"></TD>
      </TR>
      </TABLE>
      <BR><CENTER>
      <input type="Submit" name="btnUpdate" Value="Update Record">
       <input type="Submit" name="btnDelete" Value="Delete Record">
      </FORM></CENTER>
   </TD>
</TR>

<?
include("footer.inc");
?>

tbach2

Ok, I'm not sure these are the variables you are looking for, but is this what you're looking for? (insert into the update.php form)

echo <<<END
<input type="hidden" name="search" value="$search">
<input type="hidden" name="searching" value="$searching">
END;

Keaner

ok, that was what I was looking for but now my page is spitting out errors that makes no sense to me. It keeps saying:

You have an error in your SQL syntax near '' at line 1

Now I only changed a few lines of code and the sql statement was not one of them. Can somebody tell me what is causing this? Here's my code:

SEARCH.PHP

<?
include("header.inc");
include("menu.inc");
include("details.inc");

//post values into the variables from the search.php form
$asset = stripslashes(addslashes($_POST['asset']));
$name = stripslashes(addslashes($_POST['name']));
$location = stripslashes(addslashes($_POST['location']));
$po = stripslashes(addslashes($_POST['po']));
$warranty = stripslashes(addslashes($_POST['warranty']));
$serial = stripslashes(addslashes($_POST['serial']));

$searching=$_POST['searching'];

if ($searching == "serNum") {
   $search=$_POST['serial'];
}
elseif ($searching == "assNum") {
   $search=$_POST['asset'];
}
elseif ($searching == "locate") {
   $search=$_POST['location'];
}
?>

<TR ALIGN="CENTER">
   <TD><H2><CENTER>Display results: <? echo $search?></CENTER></H2><P>
   </TD>
</TR>

<TR ALIGN="CENTER">
   <TD>

<form name="frmCheck" action="<?php echo $PHP_SELF; ?>" method="post">

<?
//if the delete button is clicked, delete the current record and display to the user that it was deleted
if(isset($_POST['btnDelete'])) {
$query="DELETE FROM assets WHERE id=".$id;
mysql_query($query) or die (mysql_error());
$searching=$_POST['searchings'];
$search=$_POST['searches'];
}

//if the update button is clicked, update the current record and display to the user that it was updated
if(isset($_POST['btnUpdate'])) {
$query = "UPDATE assets SET serialNum = '".$serial."', assetNum = '".$asset."', itemName = '".$name."',location = '".$location."', po = '".$po."',warranty = '".$warranty."' WHERE id = ".$id;
mysql_query($query) or die (mysql_error());
$searching=$_POST['searchings'];
$search=$_POST['searches'];
}

if (isset($_POST['btnSearch'])) {
   //Check if the user checked a search criteria
   if($searching == "") {
     printf("Please select a search criteria");
   }
   //Check if the user did select a search criteria
   elseif ($searching != "") {
      include("title.inc");
      //Check if the selected search criteria is by serial number
      if ($searching == "serNum") {
         $query="SELECT * FROM assets WHERE serialNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by asset number
      elseif ($searching == "assNum") {
         $query="SELECT * FROM assets WHERE assetNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by location
      elseif ($searching == "locate") {
         $query="SELECT * FROM assets WHERE location='" . $search . "'";
         $result=mysql_query($query);
         //Check if the user choose to display all
         if ($search=="Display All") {
            $query="SELECT * FROM assets ORDER BY location ASC";
            $result=mysql_query($query);
         }
      }

//Fetch the info from the database into an array and display the records with an edit link beside them
While ($rs = mysql_fetch_array($result)) {

   print ("<TR ALIGN=CENTER><TD><A HREF=update.php?id=".$rs['id']."&searching=".$searching."&search=".$search.">Edit</A></TD><TD>" . $rs['itemName'] . "</TD><TD>" . $rs['serialNum'] . "</TD><TD>" . $rs['assetNum'] . "</TD><TD>" . $rs['location'] . "</TD><TD>" . $rs['po'] . "</TD><TD>" . $rs['entryDate'] . "</TD><TD>" . $rs['warranty'] . "</TD></TR>");}
   }
}
?>

   </TABLE>
   </TD>
</TR>

<?
include("footer.inc");
?>

UPDATE.PHP

<?
include("details.inc");

//get id num into the $id variable, else post
if(isset($_GET['id'])){
$id=$_GET['id'];
}else{
$id = $_POST['id'];
}

$query="SELECT * FROM assets WHERE id=".$id;
$result=mysql_query($query);
$rs=mysql_fetch_array($result);

include("header.inc");
include("menu.inc");
?>

<TR ALIGN=CENTER>
   <TD><CENTER><H2>Update Database</H2></CENTER><P></TD>
</TR>

<form method="post" action=search.php>

<TR ALIGN=CENTER>
   <TD>
      <TABLE BORDER=1 WIDTH=40% ALIGN=CENTER>
      <Input type="hidden" name="searches" value="<? echo $search ?>">
      <Input type="hidden" name="searchings" value="<? echo $searching ?>">
      <TR ALIGN=CENTER>
        <TD><B>Item Name</B></TD>
        <TD><Input type="text" name="name" size="20" value="<? echo $rs['itemName'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Serial Number</B></TD>
         <TD><Input type="text" name="serial" size="20" value="<? echo $rs['serialNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Asset Number</B></TD>
         <TD><Input type="text" name="asset" size="20" value="<? echo $rs['assetNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Location</B></TD><TD>
      <?
      $location_array = array("Baie Verte", "Botwood", "Bishop Falls", "Buchans", "Carmanville", "Centreville", "Change Islands", "Fogo Island", "Gambo", "Gander", "Gaultois", "Glenwood", "Glovertown", "Grand Falls", "Greenspond", "Harbour Breton", "Hare Bay", "Harry's Harbour", "Hermitage", "King's Point", "La Scie", "Lewisporte", "Lumsden", "Musgrave Harbour", "Norris Arm", "Point Leamington", "Robert's Arm", "Seal Cove", "Springdale", "St. Alban's", "Summerford", "Twillingate", "Wesleyville");
      echo "<SELECT NAME=location>";
      foreach($location_array as $value){
      echo "<OPTION VALUE=".urlencode($value);
      if($rs['location'] == $value)
         echo " SELECTED";
         echo ">".$value."</OPTION>";
      }
      echo "</SELECT>";
      ?>
      </TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>P.O. #</B></TD>
         <TD><Input type="text" name="po" size="20" value="<? echo $rs['po'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Warranty</B></TD>
         <TD><Input type="text" name="warranty" size="20" value="<? echo $rs['warranty'] ?>"></TD>
      </TR>
      </TABLE>
      <BR><CENTER>
      <input type="Submit" name="btnUpdate" Value="Update Record">
       <input type="Submit" name="btnDelete" Value="Delete Record">
      </FORM></CENTER>
   </TD>
</TR>

<?
include("footer.inc");
?>

tbach2

You'll be able to find it easier than we can. Just print the query before you execute it. It'll probably slap you in the face (at least it always does to me...)

A couple of hints if you're willing to hear them 🙂

Whenever you are using a digit in the where clause, surround it with single quotes. That enhances the security of your query (tho I don't remember why)
IMHO, sprintf() makes long queries much easier to read and to debug

sprintf example:

$query = sprintf("UPDATE assets " . 
                 "SET serialNum = '%s', " . 
                     "assetNum = '%s', " . 
                     "itemName = '%s', " . 
                     "location = '%s', " . 
                     "po = '%s', " . 
                     "warranty = '%s', " . 
                 "WHERE id = '%d'",

             $serial,
             $asset,
             $name,
             $location,
             $po,
             $warranty,
             $id
             );

This lets you see the query without the variables getting in the way, and having to break in and out of the quotes 🙂 Also, if you need to addslashes() them, it's easy enough to do without really mucking up the readability.

Keaner

It won't spit anything out. Keeps telling me I have a "syntax error near " on line 1". But I never had that problem before I tried linking back to search.php.

tbach2

is it an sql error or a php error? if it's sql, just print $query; before you mysql_query($query).

For example, if in search.php you had this:

if(isset($_POST['btnDelete'])) {
$query="DELETE FROM assets WHERE id=".$id;

print "DEBUG! query=<br>$query<hr>";

mysql_query($query) or die (mysql_error());

I'm betting that it would output something like

DEBUG! query=

DELETE FROM assets WHERE id=

you have an error in your syntax near ''

...although I would think it would be a little more specific... so I could be all wet 🙁

Keaner

I think it's a sql error but I can't be sure. The header and logo image loads fine and then it says:

"You have an error in your SQL syntax near '' at line 1"

Thats' it.

tbach2

aaaeeeeyyyy thump thump thump

sigh

so have you tried printing out the query yet?

Keaner

Ok, sorry for the delay but I was on vacation. Her's what the debug is spitting out:

DEBUG! query=

UPDATE assets SET serialNum = 'P003237258', assetNum = '14347', itemName = 'Gateway 17\'\' Monitor',location = 'Baie+Verte', po = '-',warranty = '-' WHERE id =

You have an error in your SQL syntax near '' at line 1

tbach2

Do you see anything wrong with the query?

Keaner

Yeah, the id is missing. But how do I pass it? I've tried through a hidden variable and is hasn't worked.

tbach2

$id=$_GET['id'];

you have it in update but not in search

it's the little things that'll get ya...

Keaner

Hey, Once I noticed the id missing I put had already coded this in search.php:

if(isset($_GET['id'])){
$id=$_GET['id'];
}else{
$id = $_POST['id'];
}

It still isn't working. Same debug output. Here's my code so far:

SEARCH.PHP

<?
include("header.inc");
include("menu.inc");
include("details.inc");

//post values into the variables from the search.php form
$asset = stripslashes(addslashes($_POST['asset']));
$name = stripslashes(addslashes($_POST['name']));
$location = stripslashes(addslashes($_POST['location']));
$po = stripslashes(addslashes($_POST['po']));
$warranty = stripslashes(addslashes($_POST['warranty']));
$serial = stripslashes(addslashes($_POST['serial']));
$searching=$_POST['searching'];

$id=$_GET['id'];

if ($searching == "serNum") {
   $search=$_POST['serial'];
}
elseif ($searching == "assNum") {
   $search=$_POST['asset'];
}
elseif ($searching == "locate") {
   $search=$_POST['location'];
}
?>

<TR ALIGN="CENTER">
   <TD><H2><CENTER>Display results: <? echo $search?></CENTER></H2><P>
   </TD>
</TR>

<TR ALIGN="CENTER">
   <TD>

<form name="frmCheck" action="<?php echo $PHP_SELF; ?>" method="post">

<?
//if the delete button is clicked, delete the current record and display to the user that it was deleted
if(isset($_POST['btnDelete'])) {
$searching=$_POST['searchings'];
$search=$_POST['searches'];
$query="DELETE FROM assets WHERE id=".$id;
mysql_query($query) or die (mysql_error());
}

//if the update button is clicked, update the current record and display to the user that it was updated
if(isset($_POST['btnUpdate'])) {
$searching=$_POST['searchings'];
$search=$_POST['searches'];
$query = "UPDATE assets SET serialNum = '".$serial."', assetNum = '".$asset."', itemName = '".$name."',location = '".$location."', po = '".$po."',warranty = '".$warranty."' WHERE id = ".$id;

print "DEBUG! query=<br>$query<hr>";

mysql_query($query) or die (mysql_error());
}

if (isset($_POST['btnSearch'])) {
   //Check if the user checked a search criteria
   if($searching == "") {
     printf("Please select a search criteria");
   }
   //Check if the user did select a search criteria
   elseif ($searching != "") {
      include("title.inc");
      //Check if the selected search criteria is by serial number
      if ($searching == "serNum") {
         $query="SELECT * FROM assets WHERE serialNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by asset number
      elseif ($searching == "assNum") {
         $query="SELECT * FROM assets WHERE assetNum='" . $search . "'";
         $result=mysql_query($query);
      }
      //Check if the selected search criteria is by location
      elseif ($searching == "locate") {
         $query="SELECT * FROM assets WHERE location='" . $search . "'";
         $result=mysql_query($query);
         //Check if the user choose to display all
         if ($search=="Display All") {
            $query="SELECT * FROM assets ORDER BY location ASC";
            $result=mysql_query($query);
         }
      }

//Fetch the info from the database into an array and display the records with an edit link beside them
While ($rs = mysql_fetch_array($result)) {

   print ("<TR ALIGN=CENTER><TD><A HREF=update.php?id=".$rs['id']."&searching=".$searching."&search=".$search.">Edit</A></TD><TD>" . $rs['itemName'] . "</TD><TD>" . $rs['serialNum'] . "</TD><TD>" . $rs['assetNum'] . "</TD><TD>" . $rs['location'] . "</TD><TD>" . $rs['po'] . "</TD><TD>" . $rs['entryDate'] . "</TD><TD>" . $rs['warranty'] . "</TD></TR>");}
   }
}

$query = sprintf("UPDATE assets " .
                 "SET serialNum = '%s', " .
                     "assetNum = '%s', " .
                     "itemName = '%s', " .
                     "location = '%s', " .
                     "po = '%s', " .
                     "warranty = '%s', " .
                 "WHERE id = '%d'",

             $serial,
             $asset,
             $name,
             $location,
             $po,
             $warranty,
             $id
             );


?>

   </TABLE>
   </TD>
</TR>

<?
include("footer.inc");
?>

UPDATE.PHP

<?
include("details.inc");

//get id num into the $id variable, else post
if(isset($_GET['id'])){
$id=$_GET['id'];
}else{
$id = $_POST['id'];
}

$query="SELECT * FROM assets WHERE id=".$id;
$result=mysql_query($query);
$rs=mysql_fetch_array($result);

include("header.inc");
include("menu.inc");
?>

<TR ALIGN=CENTER>
   <TD><CENTER><H2>Update Database</H2></CENTER><P></TD>
</TR>

<form method="post" action=search.php>

<TR ALIGN=CENTER>
   <TD>
      <TABLE BORDER=1 WIDTH=40% ALIGN=CENTER>
      <Input type="hidden" name="id" value="<? echo $rs['id'] ?>">
      <Input type="hidden" name="searches" value="<? echo $search ?>">
      <Input type="hidden" name="searchings" value="<? echo $searching ?>">
      <TR ALIGN=CENTER>
        <TD><B>Item Name</B></TD>
        <TD><Input type="text" name="name" size="20" value="<? echo $rs['itemName'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Serial Number</B></TD>
         <TD><Input type="text" name="serial" size="20" value="<? echo $rs['serialNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Asset Number</B></TD>
         <TD><Input type="text" name="asset" size="20" value="<? echo $rs['assetNum'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Location</B></TD><TD>
      <?
      $location_array = array("Baie Verte", "Botwood", "Bishop Falls", "Buchans", "Carmanville", "Centreville", "Change Islands", "Fogo Island", "Gambo", "Gander", "Gaultois", "Glenwood", "Glovertown", "Grand Falls", "Greenspond", "Harbour Breton", "Hare Bay", "Harry's Harbour", "Hermitage", "King's Point", "La Scie", "Lewisporte", "Lumsden", "Musgrave Harbour", "Norris Arm", "Point Leamington", "Robert's Arm", "Seal Cove", "Springdale", "St. Alban's", "Summerford", "Twillingate", "Wesleyville");
      echo "<SELECT NAME=location>";
      foreach($location_array as $value){
      echo "<OPTION VALUE=".urlencode($value);
      if($rs['location'] == $value)
         echo " SELECTED";
         echo ">".$value."</OPTION>";
      }
      echo "</SELECT>";
      ?>
      </TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>P.O. #</B></TD>
         <TD><Input type="text" name="po" size="20" value="<? echo $rs['po'] ?>"></TD>
      </TR>
      <TR ALIGN=CENTER>
         <TD><B>Warranty</B></TD>
         <TD><Input type="text" name="warranty" size="20" value="<? echo $rs['warranty'] ?>"></TD>
      </TR>
      </TABLE>
      <BR><CENTER>
      <input type="Submit" name="btnUpdate" Value="Update Record">
       <input type="Submit" name="btnDelete" Value="Delete Record">
      </FORM></CENTER>
   </TD>
</TR>

<?
include("footer.inc");
?>

tbach2

I'll have to take your word that you are sending id back to search from update. I see hidden fields for searching, etc. but not for id.

If you want to know what variables your script is receiving, use

print_r($_REQUEST);

or $_GET or $_POST...

Keaner

I think this should pass the $id variable. I've tried passing $id as well but both don't work. But let me know if this is what you were looking for.

<Input type="hidden" name="id" value="<? echo $rs['id'] ?>"> 
<Input type="hidden" name="searches" value="<? echo $search ?>"> 
<Input type="hidden" name="searchings" value="<? echo $searching ?>">

and this is what is spit out after I put in what you said.

Array ( [id] => 21 [searches] => [searchings] => [name] => Gateway 17\'\' Monitor [serial] => P003237258 [asset] => 14347 [location] => Baie+Verte [po] => - [warranty] => - [btnUpdate] => Update Record ) DEBUG! query=

UPDATE assets SET serialNum = 'P003237258', assetNum = '14347', itemName = 'Gateway 17\'\' Monitor',location = 'Baie+Verte', po = '-',warranty = '-' WHERE id =

You have an error in your SQL syntax near '' at line 1

So it seems to be using id fine. But I'm not 100% sure what's going on.

tbach2

yes, it's getting there, no you're not grabbing it. is $id a get or post variable? It's a post variable. You're assigning it as a get variable in search.php. Hence, it has no value.

Keaner

Ok, I changed it and now I'm not getting a sql error. But none of the records are being displayed. Just the debug and request information.

tbach2

When you have a problem in your script, what is the first thing you should do?

Debug and trace program flow
Go to a forum and ask somebody else to do it for you
[/list=1]
Your script is performing just the way you told it to:
```
if (isset($_POST['btnSearch'])) { 
```
Please put a little effort into debugging before you ask questions. You'll never learn if you don't make the effort, and that's a waste of everybody's time

Keaner

Ok, I've done what you suggested and I've come up with a problem but no solution. Search and Searching are not being passed properly. I have looked at the code over and over and I can't find the problem. I have them in a hidden variable. I'm posting them and they are not there when I do a request.

jlpierce

$query="DELETE FROM assets WHERE id=".$id;

Your query above may have a problem with the variable $id.

I would have written the query as this,

$query = "DELETE FROM assets WHERE id='$id'";

php will expand a variable inside of a quoted string so there is no need to end the string. Besides, if you did not use a php mysql function to escpape that variable then that might also be some of the problem. I personally do not use that function, I just keep my variables inside of the quoted string, ensuring that they are in the proper form for the type of value i am looking for and then quoting them inside of the string.

Hope this helps