I cant seem to edit or add records

slannesh

I've tried to make a simple database. So far I've been successful in having the records show and delete records from on a web page. The problem is I cant seem to get the add and edit part done.

When I try to add records the Add button seems to be messed up and it wont add. I just get redirected to a blank version of my index page. The same thing goes for editing records except the edit button looks like "edit$id=X" where X is the ID number of the page.

I'm not getting any errors from any of my pages. 😕

coding for php commit

<?php
// COMMIT ADD AND EDITS
$link = mysql_connect("localhost", "root", "jsq716")
	or die("Could not connect: " . mysql_error());
mysql_select_db('moviesite', $link)
	or die ( mysql_error());
switch ($_GET['action']) {
	case "edit":
		switch ($_GET['type']) {
		case "movie":
			$sql = "UPDATE movie SET
				movie_name = '" . $_POST['movie_name'] . "',
				movie_year = '" . $_POST['movie_year'] . "',
				movie_type = '" . $_POST['movie_type'] . "',
				movie_leadactor = '" . $_POST['movie_leadactor'] . "',
				movie_director = '" . $_POST['movie_director'] . "'
				WHERE movie_id = '" . $_GET['id'] . "'";
			break;
		}
		break;
	case "add":
		switch ($_GET['type']) {
		case "movie":
			$sql = "INSERT INTO movie
				(movie_name,
				movie_year,
				movie_type,
				movie_leadactor,
				movie_director)
				VALUES
				('" . $_POST['movie_name'] . "',
				'" . $_POST['movie_year'] . "',
				'" . $_POST['movie_type'] . "',
				'" . $_POST['movie_leadactor'] . "',
				'" . $_POST['movie_director'] . "')";
			break;
		}
		break;
	}
if (isset($sql) && !empty($sql)) {
	echo "<!--" . $sql . "-->";
	$result = mysql_query($sql)
		or die("Invalid query: " . mysql_error());
?>
	<p align="center" style="color:#FF0000">
		Done. <a href="index.php">Index</a>
	</p>
<?php
}
?>

coding for php movie


<?php
$link = mysql_connect("localhost", "root", "jsq716")
	or die("Could not connect: " . mysql_error());
mysql_select_db('moviesite', $link)
	or die( mysql_error());
$peoplesql = "SELECT * FROM people";

$result = mysql_query($peoplesql)
	or die("Invalid query: " . mysql_error());
while ($row = mysql_fetch_array($result)) {
	$people[$row['people_id']] = $row['people_fullname'];
}

switch ($_GET['action']) {
	case "edit":
	$moviesql = "SELECT * FROM movie
			WHERE movie_id = '" . $_GET['id'] . "'";
	$result = mysql_query($moviesql)
		or die("Invalid query: " . mysql_error());
	$row = mysql_fetch_array($result);
	$movie_name = $row['movie_name'];
	$movie_type = $row['movie_type'];
	$movie_year = $row['movie_year'];
	$movie_leadactor = $row['movie_leadactor'];
	$movie_director = $row['movie_director'];
	break;

default:
$movie_name = "";
$movie_type = "";
$movie_year = "";
$movie_leadactor = "";
$movie_director = "";
break;
}
?>
<html>
<head>
<title><?php echo $_GET['action']; ?> movie</title>
<style type="text/css">
TD{color:#353535;font-family:verdana}
TH{color:#FFFFFF;font-famlit:verdana;background-color:#336699}
</style>
</head>
<body>

<form action="commit.php?action=<?php
	echo $_GET['action']; ?>&type=movie&id=<?php
	echo $_GET['id']; ?>" method="post">
<table border="0" width="750" cellspacing="1" cellpadding="3"
		bgcolor="#353535" align="center">
	<tr>
		<td bgcolor="#FFFFFF" width="30%">Movie Name</td>
		<td bgcolor="#FFFFFF" width="70%">
			<input type="text" name="movie_name"
			value="<?php echo $movie_name; ?>">
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">Movie Type</td>
		<td bgcolor="#FFFFFF">
			<select id="game" name="movie_type" style="width:150px">
<?php
$sql = "SELECT movietype_id, movietype_label " .
       "FROM movietype ORDER BY movietype_label";
$result = mysql_query($sql)
	or die("<font color=\"#FF0000\">Query Error</font>" .
	mysql_error());
while ($row = mysql_fetch_array($result)) {
	if ($row['movietype_id'] == $movie_type) {
		$selected = " selected";
	} else {
		$selected = "";
	}
	echo '<option value="' . $row['movietype_id'] . '"' .
		$selected.'>' . $row['movietype_label'] . '</option>' .
		"\r\n";
	}
?>
		</select>		
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">Movie Year</td>
		<td bgcolor="#FFFFFF">
			<select name="movie_year">
				<option value="" selected>Select a year...</option>
<?php
	for ($year = date("Y"); $year >= 1970; $year--) {
		if ($year == $movie_year) {
			$selected = " selected";
		} else {
			$selected = "";
		}
?>
			<option value="<?php echo $year; ?>"<?php
			echo $selected; ?>><?php echo $year; ?></option>
<?php
	}
?>
		</select>
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">Lead Actor</td>
		<td bgcolor="#FFFFFF">
			<select name="movie_leadactor">
				<option value="" selected>Select an actor...</option>
<?php
	foreach ($people as $people_id => $people_fullname) {
		if ($people_id == $movie_leadactor) {
			$selected = " selected";
		} else {
			$selected = "";
		}
?>
				<option value="<?php echo $people_id; ?>"<?php
				echo $selected; ?>><?php echo $people_fullname; ?></option>
<?php
	}
?>
		</select>
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF">Director</td>
		<td bgcolor="#FFFFFF">
			<select name="movie_director">
				<option value="" selected>Select a director...</option>
<?php
	foreach ($people as $people_id => $people_fullname) {
		if ($people_id == $movie_director) {
			$selected = " selected";
		} else {
			$selected = "";
		}
?>
		<option value="<?php echo $people_id; ?>"<?php
		echo $selected; ?>><?php echo $people_fullname; ?></option>
<?php
	}
?>
		</select>
		</td>
	</tr>
	<tr>
		<td bgcolor="#FFFFFF" colspan="2" align="center">
			<input type="submit" name="SUBMIT" value="<?php
			echo $_GET['action']; ?>">
		</td>
	</tr>
</table>
</form>
</body>
</html>

coding for index


<?php
// establishes database connection
	$link = mysql_connect("localhost", "root", "jsq716")
		or die("Could not connect: " . mysql_errot());
	mysql_select_db('moviesite', $link)
		or die (mysql_error());
?>
<html>
<head>
<title>Movie Database</title>
<style type="text/css">
TD{color:#353535;font-family:verdana}
TH{color:#FFFFFF;font-family:verdana;background-color:#336699}
</style>
</head>
<body>

<table border="0" width="600" cellspacing="1" cellpading="3"
	bgcolor="#353535" align="center">
	<tr>
		<td bgcolor="#FFFFFF" colspan="2" align="center">
			Movies<a href="movie.php?add&id=">[ADD]</a>
		</td>
	</tr>

<?php
$moviesql = "SELECT * FROM movie";
$result = mysql_query($moviesql)
	or die("Invalid query: " . mysql_error());

while ($row = mysql_fetch_array($result)) {
?>
	<tr>
		<td bgcolor="#FFFFFF" width="50%">
			<?php echo $row['movie_name']; ?>
		</td>
		<td bgcolor="#FFFFFF" width="50%" align="right">
			<a href="movie.php?action=edit$id=<?php
				echo $row['movie_id']; ?>">[EDIT]</a>
			<a href="delete.php?type=movie&id=<?php
				echo $row['movie_id']?>">[DELETE]</a>
		</td>
	</tr>
<?php
	}
?>
	<tr>
		<td bgcolor="#FFFFFF" colspan="2" align="center">
			People <a href="people.php?action=add&id=">[ADD]</a>
		</td>
	</tr>
<?php
$moviesql = "SELECT * FROM people";
$result = mysql_query($moviesql)
	or die("Invalid query: " . mysql_error());
while ($row = mysql_fetch_array($result)) {
?>
	<tr>
		<td bgcolor="#FFFFFF" width="50%">
			<?php echo $row['people_fullname']; ?>
		</td>
		<td bgcolor="#FFFFFF" width="50%" align="right">
			<a href="people.php?action=edit&id=<?php
			echo $row['people_id']; ?>">[EDIT]</a>
			<a href="delete.php?type=people&id=<?php
			echo $row['people_id']; ?>">[DELETE]</a>
		</td>
	</tr>
<?php
	}
?>
</table>
</body>
</html>

Any help would be appreciated. Thanks. 😃

mykg4orce

Didn't really have time to read your code fully but two things you should consider:
1) you are directly passing $POST & $GET to your database without validating anything
2) You are letting everyone know your MySQL username and password

slannesh

Thanks. I figured out the problem. got mixed up with $ and & on the add button.

I changed my password. I was half asleep when i pasted it. My bad ><