need codeing help

ckdoublenecks

I'm trying to improve this program that I've written & that works. I can enter all the boxes & it updates but I would like to be able to accomplish the 2nd & 3rd comment lines. I'm still learning PHP and could use some help. ?

<?php
//* select apt for Rent payment/update, insert amtpaid & hudpay if any,
//*  calculating tentpay = amtpaid - hudpay & inserting the 
//* system date mm/dd/yyyy 
//* 
mysql_connect(localhost,root,"");
mysql_select_db(prerentdb) or die( "Unable to select database");
if(!empty($_POST["submit"]))
{
 $apt = $_POST['apt'];
 $query="SELECT * FROM payments Where apt='$apt'";
 $result=mysql_query($query);
 if(mysql_num_rows($result))
 {
  echo "<form action='#' method='post'><b>Prerent Update/Rent Payment :<br /><br />
         <table cellspacing=0 cellpadding=0 border=1>
          <tr>
          <th>dep</th>
          <th>tenant</th>
          <th>apt</th>
          <th>paid</th>
          <th>due</th>
          <th>prev</th>
          <th>misc</th>
          <th>hud</th>
          <th>tent</th>
          <th>date</th>
           <th>late</th>
          <th>comments</th>
          </tr>";
  while($row = mysql_fetch_assoc($result))
  {
   echo "<tr>
          <td><input type='text' size=5 name='dep' value='" . $row['dep'] . "'></td>
          <td><input type='text' size=25 name='name' value='" . $row['name'] . "'></td>
          <td><input type='text' size=2 name='apt' value='" . $row['apt'] . "' ></td>
          <td><input type='text' size=4 name='amtpaid' value='" . $row['amtpaid'] . "'></td>
          <td><input type='text' size=4 name='rentdue' value='" . $row['rentdue'] . "'></td>
          <td><input type='text' size=4 name='prevbal' value='" . $row['prevbal'] . "'></td>
          <td><input type='text' size=4 name='misc' value='" . $row['misc'] . "'></td>
          <td><input type='text' size=4 name='hudpay' value='" . $row['hudpay'] . "'></td>
         <td><input type='text' size=4 name='tentpay' value='" . $row['tentpay'] . "'></td>
          <td><input type='text' size=10 name='datepaid' value='" . $row['datepaid'] . "'></td> 
          <td><input type='text' size=1 name='late' value='" . $row['late'] . "'></td> 
          <td><input type='text' size=25 name='comments' value='" . $row['comments'] . "'></td>        

          </tr>";
   }
echo "</table>
<input type='submit' name='update' value='Update Record' />
</form>";
}  

 else{echo "No listing for appartment $apt.<br />Please select another.<br />";}
}
if(!empty($_POST["update"]))
{
$sql = "UPDATE payments SET
 dep = '" . mysql_real_escape_string($_POST['dep']) . "',
 name = '" . mysql_real_escape_string($_POST['name']) . "',
 amtpaid = '" . mysql_real_escape_string($_POST['amtpaid']) . "',
 rentdue = '" . mysql_real_escape_string($_POST['rentdue']) . "',
 prevbal = '" . mysql_real_escape_string($_POST['prevbal']) . "',
 misc = '" . mysql_real_escape_string($_POST['misc']) . "',
 hudpay = '" . mysql_real_escape_string($_POST['hudpay']) . "',
 tentpay = '" . mysql_real_escape_string($_POST['tentpay']) . "',
datepaid = '" . mysql_real_escape_string($_POST['datepaid']) . "',
 late = '" . mysql_real_escape_string($_POST['late']) . "',
 comments = '" . mysql_real_escape_string($_POST['comments']) . "'
WHERE apt='".$_POST["apt"]."'";
 mysql_query($sql) or die("Update query failed.");
 echo "Record for appartment ".$_POST["apt"]." has been updated";
 }
?>
<form method="post" action="#">
 <br />
 <input type="text" name="apt"/> <p>
<input type="submit" name="submit" value="select apartment"/>
</form>

Kudose

First, you are not validating $_POST['apt'] before using it in your mysql query.

$apt = $_POST['apt'];
$query="SELECT * FROM payments Where apt='$apt'";

Always validate data, even if it is coming from an admin panel.

Second, separate your output and your business logic to make things easier to maintain.

i.e.

if(!empty($_POST)){
  // process POSTed data
  if(empty$_POST['name']))
    $error = 'Name cannot be empty.';
  // set success or error message to display
  if(!isset($error)){
    // run mysql query
    // if success
    $success = 'Success';
  }
}

if(empty($_POST) || isset($error)){
  if(!empty($error))
    echo $error;
  // show form
}  else {
  // show the message from the above outcome
  echo $success;
}

Obviously this is a very trimmed down example and is just my opinion.

After you separate things out a bit, you should see a good spot do to what you are asking. If not, re-post.