[RESOLVED] Updating DB record from a Form

painfull

Hi guys,

I'm back, with yet another stumbling block. I am trying to make a page that displays details of a DB record and has the ability to update that record. So far I have working code to pull a record from the DB and inject it into a form.

The part I can't get right is updating the record with the form data. My code seems to be ignoring the if (isset($_POST['submit'])) just before the Insert function.

Funny thing is, I also have a registration page, where I can create a record... this is just a copy of that with the extra code added which is required to pull the record from the DB, and an UPDATE function in the final query instead of INSERT.

Can anyone see why this would not work:

<?php
$check = mysql_query("SELECT * FROM users")
or die(mysql_error());

echo "<p align='center'>&nbsp;</p>";
echo "<p align='center'>&nbsp;</p>";
echo "<table border='1' align='center'>";
echo "<tr><th width='90' align='center'>Username</th>";
echo "<th width='120' align='center'>Name</th>";
echo "<th width='70' align='center'>Status</th></tr>";
while($users = mysql_fetch_array( $check )){
$username = $users['username'];

echo "<tr><td align='center'>";
echo "<a href='$username'>$username</a>";
echo "</td><td>";
echo $users['name_f'] . " " . $users['name_l'];
echo "</td><td>";
echo $users['status'];
echo "</td><td width='50' align='center'>";
echo "<a href='/edit_users.php?name=$username';>Edit</a>";
echo "</td></tr>";
}
echo "</table>";

if (!isset($_GET['name'])){
echo "<p align='center'><font face='Tahoma' size='6'>Please make a selection</font></p>";
die('No Selection');
}
else
{
$name=$_GET["name"];
$edit=mysql_query("SELECT * FROM users WHERE username = '$name'") or die(mysql_error());
while($user = mysql_fetch_array($edit)){
?>
<form action ="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<DIV ALIGN="center">
<table border="0" cellpadding="0" cellspacing="0" width="50%" id="AutoNumber1" height="185"><tr>
<td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Username: </font></b><input type="text" name="username" tabindex=1 maxlength="10" size="20" value="<?php echo $user["username"];?>"></td>
<td width="36%" align="left"  height="35"><input TYPE="radio" NAME="status" tabindex=8 CHECKED value="active"><b><font face="Tahoma" size="4">Active</b></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">First Name: </b><input type="text" name="name_f" tabindex=2 maxlength="15" size="20" value="<?php echo $user["name_f"];?>"></td>
<td width="36%" align="left"  height="35"><input TYPE="radio" NAME="status" value="admin"><font face="Tahoma" size="4"><b>Admin</b></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Last Name: </b><input type="text" name="name_l" tabindex=3 maxlength="15" size="20" value="<?php echo $user["name_l"];?>"></td>
<td width="36%" align="left"  height="35"><input TYPE="radio" NAME="status" value="inactive"><font face="Tahoma" size="4"><b>Inactive</b></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Address 1: </b><input type="text" name="address1" tabindex=4 maxlength="20" size="20" value="<?php echo $user["address1"];?>"></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Address 2: </b><input type="text" name="address2" tabindex=5 maxlength="20" size="20" value="<?php echo $user["address2"];?>"></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Home Phone: </b><input type="text" name="h_phone" tabindex=6 maxlength="10" size="20" value="<?php echo $user["h_phone"];?>"></td></tr>
<tr><td width="64%" align="right" height="35"><font face="Tahoma"><b><font size="4">Mobile Phone: </b><input type="text" name="m_phone" tabindex=7 maxlength="10" size="20" value="<?php echo $user["m_phone"];?>"></td>
<tr><td width="64%" align="right" height="50"></td>
<td width="36%" height="50"><font face="Tahoma"><input type="submit" name="submit" tabindex=9 value="Update"></td></tr>
</table>
</DIV>
</form>
<?php
}

if (isset($_POST['submit'])) { 
//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['name_f'] | !$_POST['name_l'] | !$_POST['address1'] | !$_POST['address2'] | !$_POST['h_phone'] | !$_POST['m_phone'] | !$_POST['status'] ) {
header("Location: required_fields.php");
die('fields');
exit;
}

$insert = "INSERT INTO users (username, password, status)
VALUES ('".$_POST['username']."', '".$_POST['pass']."','".$_POST['status']."')";
$add_member = mysql_query($insert);

// now we insert it into the database
$update = "UPDATE users SET (username, name_f, name_l, address1, address2, h_phone, m_phone, status WHERE user = $name)
VALUES ('".$_POST['username']."','".$_POST['name_f']."','".$_POST['name_l']."','".$_POST['address1']."','".$_POST['address2']."','".$_POST['h_phone']."','".$_POST['m_phone']."','".$_POST['status']."')";
$add_member = mysql_query($update);
echo "Submitted";
}
}
?>

I have dotted a couple of echos and die('with comment') in there just to see where my code is exiting, if at all.

Sorry for the amount of code, but I think it's necessary to understand where it all ties together.

Thank you.

jamesm87

Taken a brief look, try the following to debug:

1 - Change the form method to POST in caps
2 - Instead of isset($POST[submit]) why not do if($POST[submit]=='Update')
3 - Try removing your Field verification to see if that is the issue

James

HalfaBee

You most likely have sql errors.

use

mysql_query( $update ) or die( mysql_error. "<br>$query" );

to display errors.

painfull

Thanks James, took your advice on the POST caps, though the Registration page I mentioned works just fine with this formatting. Also changed if (!isset($POST['submit']) to if($POST[submit]=='Update'), but now I'm getting Undefined index: submit because of it.

So I guess I'll have to define that to rectify this Notice. I know it's not an error, I just like to know that all code is in order and nothing is being missed / ignored.

Is there another way to check that the form is being submitted?

This is the code on the Registration page, that I altered to make the Edit page:

//This code runs if the form has been submitted
if (isset($_POST['submit'])) { 

//This makes sure they did not leave any fields blank
if (!$_POST['username'] | !$_POST['pass'] | !$_POST['pass2'] ) {
header("Location: required_fields.php");
die();
exit;
}

// checks if the username is in use
if (!get_magic_quotes_gpc()) {
$_POST['username'] = addslashes($_POST['username']);
}
$usercheck = $_POST['username'];
$check = mysql_query("SELECT username FROM users WHERE username = '$usercheck'") 
or die(mysql_error());
$check2 = mysql_num_rows($check);

//if the name exists it gives an error
if ($check2 != 0) {
header("Location: name_used.php");
die();
exit;
}

// this makes sure both passwords entered match
if ($_POST['pass'] != $_POST['pass2']) {
header("Location: failed_pass.php");
die();
exit;
}

// here we encrypt the password and add slashes if needed
$_POST['pass'] = md5($_POST['pass']);
if (!get_magic_quotes_gpc()) {
$_POST['pass'] = addslashes($_POST['pass']);
$_POST['username'] = addslashes($_POST['username']);
}

// now we insert it into the database
$insert = "INSERT INTO users (username, password, status)
VALUES ('".$_POST['username']."', '".$_POST['pass']."','".$_POST['status']."')";
$add_member = mysql_query($insert);
?>

Obviously I don't need to check if the name already exists, and I don't need to have the password fields. So all I've done is take those parts out of this page and alter the final sql query to an UPDATE users WHERE username = $blah.

PS: I might just add that my <?php is broken several times by html for the purpose of displaying a table and a form. As this seems to work in the Registration form I figured it would also work here. I could be wrong. Please advise... 😐

Cheers

laserlight

Also changed if (!isset($POST['submit']) to if($POST[submit]=='Update'), but now I'm getting Undefined index: submit because of it.

Using isset to check is correct. Comparing with 'Update' before checking that the incoming variable exists is wrong, and since you are not particularly interested with what is the value of the submit button, you should not even compare with the 'Update' at all.

One thing that I suggest is to place the form processing before the part that prints out the page. Typically, if there is an error, you would like to continue displaying the page, but with an error message. If you only discover the form processing error midway through printing the script, the error message placement would look pretty odd (unless you play tricks with client side scripting, but that would be unnecessary anyway).