help needed with a php editing page

pumaf1

Hello every, I hope you caN HELP ME.

I will try and make it as clear as possible

I have a "reports system" on my website, where users can login, add a new report and the site should display it on the public side of the site.

The problem I am having is where if a report needs to be altered.

when the user logs in, goes into the reports system, and tries to edit the report, it selects the first record from the table, which is obivously wrong. I am really stuck as how to sort this fault out.

if you want to exactly what its doing, go to the site - www.pumaf1.org.uk go to the members area and use:

usr - dave
password - letmein

click reports system, -> view edit reports -> select the top report -> then at the bottom of the page is "edit report" click that and you will see what I am on about.

any advice greatly taken

Dave

Kudose

Post up the code that deals with the part your having problems with.

pumaf1

the code that i use to select the erecord to be edited (from the view report page) is:

<?php echo( "<a href='reporteditor.php?id=$id'> edit this report<br></a>" );?>

the page should use the unquie field ID to select the file, which is does perfectly to view the report, but to edit the report it just doesnt work.

I am a thinking the edit page itself is at fault, if needed I can post the entire code for that

Kudose

You should.

pumaf1

here is the code for the page that should display the record to be edited

<?php require_once('../../Connections/system.php'); ?>
<?php
function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "")
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;

case "long":
case "int":
$theValue = ($theValue != "") ? intval($theValue) : "NULL";
break;
case "double":
$theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
break;
case "date":
$theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
break;
case "defined":
$theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
break;
}
return $theValue;
}

$editFormAction = $HTTP_SERVER_VARS['PHP_SELF'];
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$editFormAction .= "?" . $HTTP_SERVER_VARS['QUERY_STRING'];
}

if ((isset($HTTP_POST_VARS["MM_update"])) && ($HTTP_POST_VARS["MM_update"] == "form2")) {
$updateSQL = sprintf("UPDATE reports SET description=%s, content=%s, member=%s, date=%s, checked=%s, status=%s WHERE id=%s",
GetSQLValueString($HTTP_POST_VARS['description'], "text"),
GetSQLValueString($HTTP_POST_VARS['content'], "text"),
GetSQLValueString($HTTP_POST_VARS['member'], "text"),
GetSQLValueString($HTTP_POST_VARS['date'], "text"),
GetSQLValueString($HTTP_POST_VARS['checked'], "text"),
GetSQLValueString($HTTP_POST_VARS['status'], "text"),
GetSQLValueString($HTTP_POST_VARS['id'], "int"));

mysql_select_db($database_hidden, $hidden);
$Result1 = mysql_query($updateSQL, $system) or die(mysql_error());

$updateGoTo = "success2.php";
if (isset($HTTP_SERVER_VARS['QUERY_STRING'])) {
$updateGoTo .= (strpos($updateGoTo, '?')) ? "&" : "?";
$updateGoTo .= $HTTP_SERVER_VARS['QUERY_STRING'];
}
header(sprintf("Location: %s", $updateGoTo));
}

mysql_select_db($database_hidden, $hidden);
$query_editor = "SELECT * FROM reports";
$editor = mysql_query($query_editor, $system) or die(mysql_error());
$row_editor = mysql_fetch_assoc($editor);
$totalRows_editor = mysql_num_rows($editor);
?>
<html>
<head>
<meta name="Author" content="">
<title> </title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"></head>
<body text="#000000" link="#000000" vlink="#000000" alink="#000000" leftmargin="0" topmargin="0" marginwidth="0" marginheight="0">

<table width="800" border="0" cellpadding="0" cellspacing="0">
<tr>
<td width="66" background="../../img/Image1_2x3.GIF"> </td>
<td width="734">
<?php
function nl1br($text) {
return "<p>" . str_replace("\n", "</p><p>", $text) . "</p>";
}
?>
<?
// connect to the server
mysql_connect( 'localhost', 'web16_hidden', 'hidden' )
or die( "Error! Could not connect to database: " . mysql_error() );

// select the database
mysql_select_db( 'web16_hidden' )
or die( "Error! Could not select the database: " . mysql_error() );

// get the id from the URL request
$id = $_REQUEST['id'];

// retrieve the row from the database
$query = "SELECT * FROM reports WHERE id='$id'";

$result = mysql_query( $query );

// print out the results
if( $result && $contact = mysql_fetch_object( $result ) )
{
// print out the info
$description = $contact -> description;
$member = $contact -> member;
$content = $contact -> content;
?><div align="center">
<p>
<form method="post" name="form2" action="<?php echo $editFormAction; ?>">
<table align="center">
<tr valign="baseline">
<td nowrap align="right">Id:</td>
<td><?php echo $row_editor['id']; ?></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Description:</td>
<td><input type="text" name="description" value="<?php echo $row_editor['description']; ?>" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Content:</td>
<td><input type="text" name="content" value="<?php echo $row_editor['content']; ?>" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Member:</td>
<td><input type="text" name="member" value="<?php echo $row_editor['member']; ?>" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Date:</td>
<td><input type="text" name="date" value="<?php echo $row_editor['date']; ?>" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Checked:</td>
<td><input type="text" name="checked" value="<?php echo $row_editor['checked']; ?>" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right">Status:</td>
<td><input type="text" name="status" value="<?php echo $row_editor['status']; ?>" size="32"></td>
</tr>
<tr valign="baseline">
<td nowrap align="right"> </td>
<td><input type="submit" value="Update Record"></td>
</tr>
</table>
<input type="hidden" name="MM_update" value="form2">
<input type="hidden" name="id" value="<?php echo $row_editor['id']; ?>">
</form>
<p> </p>
<form method="post" name="form1" action="<?php echo $editFormAction; ?>">
<input type="hidden" name="MM_update" value="form1">
<input type="hidden" name="id" value="<?php echo $row_updater['id']; ?>">
</form></p>
<?php
}
else
{
die( "Error: Could not get contact from database. ".mysql_error() );
}

?>
</td>
</tr>
<tr>
<td colspan="2"><div align="center"><font size="1"><a href="../../copyright.php">Puma
F1 is © Copyright 1999 - 2006 D.Cummings</a></font></div></td>
</tr>
</table>
<div align="left"><font size="1"></font>

</div>
<p>  </p>
</body>
</html>
<?php
mysql_free_result($editor);
?>

Kudose

$row_editor, which is what you are using to display your values, is wrong. The query associated with it selects everything from the database.

Replace $row_editor with $result

pumaf1

okay will try that now
thanks for the help so far

Blulagoon

This presumably is the query that selects the right article.

// get the id from the URL request
$id = $_REQUEST['id'];

// retrieve the row from the database
$query = "SELECT * FROM `reports` WHERE `id`='$id'";

Might I suggest that you add a temp debug line below this:
echo $query;

This will show you exactly what is being passed to the browser.

Rewriting it as below may help:

$query = "SELECT * FROM `reports` WHERE `id`=".$id;

Additionally, this line is horrid (IMHO)

<?php echo( "<a href='reporteditor.php?id=$id'> edit this report<br></a>" );?>

I would write it as:

<a href='reporteditor.php?id=<?PHP echo $id; ?>'> edit this report</a><br>

HTH - Blu