Hello:

I have a form which I would like to update. I want the form to display the current values in the table. Then, the person can change (type over) the existing values with new values. And then update the table with the new values.

When I run my script, I'm able to select the record I want to display. The form displays the current values of the record. When I try to change a value and click Submit, the old value keeps re-appearing. The new value is disregarded.

Can someone help me figure out what I'm doing wrong?

The first step of this process is selecting the record. This is the code for record selection. This script is named app_admission_update.php.

<?php
include('header_admin.html');
require_once('mysql_connect.php');

?>  

<fieldset><legend>Please select a client</legend>
<form action="app_admission_update_pg1.php" method="post">        

<p><label for="client_id">Client Name:</label>
  <select name="client_id">
   <option value="">- Please Select -</option>
	<?php
          $query="SELECT * FROM client";
	  $result = @mysql_query ($query) or die (mysql_error());

         while($row=@mysql_fetch_array($result, MYSQL_ASSOC))
           {

             $client_id = $row['client_id'];
             $client_name = $row['client_name'];



                 print '<option value="' . $client_id . "\"  >" . $client_name . "</option>\n";
	}
?>
  </select>
</p>

  <p><label for="blank">&nbsp;</label><input type="submit" name="btnSubmit" id="btnSubmit" value="Submit" class="btn" /></p>
<input type="hidden" name="submitted" value="TRUE" />
</fieldset>
</form>

=======
The next step displays the current values for the selected record and should allow me to change the values. The name of this script is app_admission_update_pg1.php. The reason for _pg1 is that the form has 7 pages. I would like the person to go through the pages, make their changes, and in the end do one update. This is the code for displaying the current values.

<?php 

session_start();

ob_start();
require_once ('mysql_connect.php');
    $query="SELECT * FROM client WHERE client_id = $_POST[client_id]";

$result = @mysql_query ($query) or die (mysql_error()); 

if ($result) {

while($row=@mysql_fetch_array($result, MYSQL_ASSOC))
{
                 $_SESSION['client_id'] = $row['client_id'];
                 $_SESSION['today_date'] = $row['today_date'];
                 $_SESSION['app_complete_name'] = $row['app_complete_name'];
                 $_SESSION['app_date'] = $row['app_date'];
                 $_SESSION['relation'] = $row['relation'];
                 $_SESSION['phone'] = $row['phone'];
                 $_SESSION['email'] = $row['email']; 
}
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title></title>
<link href="output_style.css" rel="stylesheet" type="text/css">
</head>
<body>
<div id="container">
<div id="header">
<table class="toptable">
<tr><td class="a"><a href="index.html"><img src="images/logo.jpg" width="125" height="127" border="0"></a></td>
<td class="b">2260 Sam Nelson Road Canton, Georgia 30114&nbsp;&nbsp;&nbsp;&nbsp;Phone: 770-479-9555&nbsp;&nbsp;&nbsp;&nbsp;Fax: 770-479-2295<br><br>
Susan Worsley, M.S., Director&nbsp;&nbsp;&nbsp;Cindy Williams, Program Coordinator&nbsp;&nbsp;&nbsp;Leah Frankel, Human Services Provider<br><br></td></tr></table>
</div>
<div id="content">
<p class="center">Application for Admission Update</span></p>

<form action="app_admission_update_process.php" method="post">

<table class="apptable">
<tr><td class="a"><b>Application Completed by:</b></td><td class="b"><input type="text" name="app_complete_name" size="25" value="<?php echo $_SESSION['app_complete_name']; ?>"></td></tr>
<tr><td class="a"><b>Date <span class="boldred">(MM/DD/YYYY)</span>:</b></td><td class="b"><input type="text" name="app_date" size="25" value="<?php echo $_SESSION['app_date']; ?>"></td></tr>
<tr><td class="a"><b>Relationship to Client:</b></td><td class="b"><input type="text" name="relation" size="25" value="<?php echo $_SESSION['relation']; ?>"></td></tr>
<tr><td class="a"><b>Phone:</b></td><td class="b"><input type="text" name="phone" size="25" value="<?php echo $_SESSION['phone']; ?>"></td></tr>
<tr><td class="a"><b>Email Address:</b></td><td class="b"><input type="text" name="email" size="50" value="<?php echo $_SESSION['email']; ?>"></td></tr>
</table>

<br><br>
<input type="submit" name="btnSubmit" id="btnSubmit" value="Submit >>" class="btn" >
<input type="hidden" name="submitted" value="TRUE" />

</form>

======
The final script is the actual update query. After clicking Submit, the following script should be run: app_admission_output_process.php.

<?php

session_start();

ob_start();
require_once ('mysql_connect.php');

$query = "UPDATE client SET
                 today_date=CURRENT_DATE, app_complete_name='$_SESSION[app_complete_name]', app_date='$_SESSION[app_date]',
                 relation='$_SESSION[relation]', phone='$_SESSION[phone]', email='$_SESSION[email]'

     WHERE client_id='$_SESSION[client_id]'";

     $result = mysql_query ($query) or die (mysql_error());

?>

========
I know my problem is in the second script which displays the values. For some reason the script is not retaining the new values. I have a session started at the beginning of each script.

I hope someone can help me out. Thank you in advance.

    you should be using the $_POST global array not the session so

    $query = "UPDATE client SET
    today_date=CURRENT_DATE, app_complete_name='$SESSION[app_complete_name]', app_date='$SESSION[app_date]',
    relation='$SESSION[relation]', phone='$SESSION[phone]', email='$_SESSION[email]'

         WHERE client_id='$_SESSION[client_id]'";

    will become

    $query = "UPDATE client SET
                 today_date=CURRENT_DATE, app_complete_name='$_POST[app_complete_name]', app_date='$_POST[app_date]',
                 relation='$_POST[relation]', phone='$_POST[phone]', email='$_POST[email]'

     WHERE client_id='$_POST[client_id]'";

    you should also validate and clean it all before putting it in the db

      Hi,

      Thank you for the reply. Changing to POST did the trick. Though, in the WHERE clause it didn't like the POST[client_id]. I got a message of an undefined index. I changed it back to SESSION and that took care of it. I ran a test and the table was properly updated.

      Where can I get information on cleaning, validating, and making sure that the data going into the DB is good?

      Also, do you happen to know how I can prevent people from hacking into a form specifically in a textarea box where a person can write a message or a comment? How can I check to make sure that what is entered into the message/comment box is good?

      Thanks again.

        focus310 wrote:

        Where can I get information on cleaning, validating, and making sure that the data going into the DB is good?

        Also, do you happen to know how I can prevent people from hacking into a form specifically in a textarea box where a person can write a message or a comment? How can I check to make sure that what is entered into the message/comment box is good?

        look at mysql_real_escape_string() in the manual, and have a google around

          I will look into it. Thanks again for the help.

            Write a Reply...