I am trying to build a cms that allows the user to manage staff member details.
My update script works fine as is, however I would like to add in some validation
if say the form loads a staff members details then the user clears say the firstname field then
submits the form without adding an edited or replacement value. In other words I
need to check for empty fields!
I do know how to validate, the issue is with how to stop the form redirecting and
displaying an error message in the case of empty form fields.
<?php
$OK = false;
$done = false;
// initialize statement
$stmt = $mysqli->stmt_init();
// get details of selected record
if (isset($_GET['id']) && !$_POST) {
// prepare SQL query
$sql = 'SELECT id, firstname, lastname, title, description FROM staff WHERE id = ?';
if ($stmt->prepare($sql)) {
// bind the query parameter
$stmt->bind_param('i', $_GET['id']);
// bind the results to variables
$stmt->bind_result($id, $firstname, $lastname, $title, $description);
// execute the query, and fetch the result
$OK = $stmt->execute();
$stmt->fetch();
}
}
// if form has been submitted, update record
if (isset($_POST ['update'])) {
// prepare update query
$sql = 'UPDATE staff SET firstname = ?, lastname = ?, title = ?, description = ?
WHERE id = ?';
if ($stmt->prepare($sql)) { // no need to re-initialize the statement as this has been done previously
$stmt->bind_param("ssssi", $_POST['firstname'], $_POST['lastname'], $_POST['title'], $_POST['description'], $_POST['id']);
$done = $stmt->execute();
}
}
// redirect if $_GET['article_id'] not defined
if ($done || !isset($_GET['id'])) {
header('Location: all_staff.php');
exit;
}
// store error message if query fails
if (isset($stmt) && !$OK && !$done) {
$error = $stmt->error;
}
?>
<!DOCTYPE HTML>
<html>
<head>
<meta charset="utf-8">
<title>Update Blog Entry</title>
</head>
<link href="../styles/admin_main.css" rel="stylesheet" type="text/css" media="screen">
<div class="login_form">
<div class="loginheading">Update Staff Member</div>
<?php
if (isset($error)) {
echo '<font color="red"><p>'. $error . '</p></font>';
}
if($id == 0) { // if no record exist hide the form ?>
<p>Invalid request: record does not exist.</p>
<?php } else { // show the form if a record does exist ?>
<form id="form1" method="post" action="update_staff.php">
<label for="firstname" class="form_label">First Name:</label> <p class="textfields">
<input name="firstname" id="firstname" type="text" class="formbox" value="<?php echo htmlentities($firstname, ENT_COMPAT, 'utf-8'); ?>">
</p>
<label for="lastname" class="form_label">Last Name:</label><p class="textfields">
<input name="lastname" id="lastname" type="text" class="formbox" value="<?php echo htmlentities($lastname, ENT_COMPAT, 'utf-8'); ?>">
</p>
<label for="title" class="form_label">Title:</label><p class="textfields">
<input name="title" id="title" type="text" class="formbox" value="<?php echo htmlspecialchars($title, ENT_COMPAT, 'utf-8'); ?>">
</p>
<label for="description" class="form_label">Description:</label>
<textarea name="description" class="textfields2" id="description"><?php echo htmlspecialchars($description, ENT_COMPAT, 'utf-8'); ?></textarea>
<p class="submit_btn"> <input type="submit" name="update" id="btnAddAction3" value="Update Entry"></p><br>
<input name="id" type="hidden" value="<?php echo $id; ?>">
</form>
</div>
<?php } ?>
</body>
</html>
