homepage Welcome to WebmasterWorld Guest from 23.20.61.85
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
php mysql help with form
allenflame



 
Msg#: 4443378 posted 1:25 pm on Apr 20, 2012 (gmt 0)

I've just started playing around with php and mysql. I'm trying to code a sort of inventory website for our school district. I've got pretty much everything working, such as pulling records by asset tag numbers, adding new records, pulling a report of serial numbers and the computer name, doing a checkin (basically putting an X in the checkin field). The only problem I'm having is on my update page.


<?php
include("dbinfo.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$term = $_POST['term'];
$sql = mysql_query("select * from Inventory where assettag = '$term' ");

while ($row = mysql_fetch_array($sql)){
echo '<br/> SerialNumber: '.$row['SerialNumber'];
echo '<br/> ComputerName: '.$row['ComputerName'];
echo '<br/><br/>';
}
?>


<form id="FormName" action="updated.php" method="post" name="FormName">
<table width="448" border="0" cellspacing="2" cellpadding="0">

<tr>
<td width="150" align="right"><label for="ComputerName">Computer Name</label></td>
<td><input name="ComputerNamenew" maxlength="" type="text" value="<?php echo $ComputerName ?>"></td>
</tr>

<tr>
<td width="150" align="right"><label for="SerialNumber">Serial Number</label></td>
<td><input name="SerialNumbernew" maxlength="" type="text" value="<?php echo $SerialNumber ?>"></td>
</tr>

<tr>
<td colspan="2" align="center"><input name="" type="submit" value="Update"></td>
</tr>

</table>
</form>


The first part works, and pulls the information I want. The part with the form doesn't work at all. I really don't even need the top part (the echoing part) if I could figure out the text boxes and have the mysql data show up in the boxes. Thanks for any help anyone can provide.

 

rowtc2

5+ Year Member



 
Msg#: 4443378 posted 1:59 pm on Apr 20, 2012 (gmt 0)

I do not understand exactly what you want to do, but you must "read" outside the <form> the data filled in <form>, using POST


$my_variable_ComputerName = $_POST['ComputerName'];
$my_variable_SerialNumber = $_POST['SerialNumber'];

cffrost2

5+ Year Member



 
Msg#: 4443378 posted 2:19 pm on Apr 20, 2012 (gmt 0)

rowtc2 is right. I don't see any $_POST vars.

The only problem I'm having is on my update page.

I don't see any UPDATE code.

if I could figure out the text boxes and have the mysql data show up in the boxes.

If you want the database data to show up in the fields, echo the data inside the value attribute.

<td><input name="ComputerNamenew" maxlength="" type="text" value="<?php echo trim($row['ComputerName']) ?>"></td>
</tr>

<tr>
<td width="150" align="right"><label for="SerialNumber">Serial Number</label></td>
<td><input name="SerialNumbernew" maxlength="" type="text" value="<?php echo trim($row['SerialNumber']) ?>"></td>

or change the echo's you don't need, to the variables you already have in the value attributes

$SerialNumber= trim($row['SerialNumber']);
$ComputerName = trim($row['ComputerName']);

Then you can leave the form the way it is as long as you set the vars before hand.
Hope this helps.

allenflame



 
Msg#: 4443378 posted 3:07 pm on Apr 20, 2012 (gmt 0)

here is my code from updated.php

I want the code from the first post just to pull in the information from the existing record. Then I can change it on the update page, and when I hit submit, the updated.php should write the new data in the boxes back to the database.



<?php
include("dbinfo.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$term = $_POST['term'];

$ComputerNamenew = ($_POST["ComputerName"]));
$SerialNumbernew = ($_POST["SerialNumber"]));

$updated="UPDATE Inventory SET ComputerName = '$ComputerNamenew', WHERE ID = '$term'";

if($updated){
echo("<br>Input data is succeed");
} else{
echo("<br>Input data is fail");
}

//if($rsUpdate) { echo "Successfully updated"; } else { die('Invalid query: '.mysql_error()); }

?>

allenflame



 
Msg#: 4443378 posted 3:17 pm on Apr 20, 2012 (gmt 0)

do I need two different php files to do this? Could the display and the edit be done in one file?

allenflame



 
Msg#: 4443378 posted 3:33 pm on Apr 20, 2012 (gmt 0)

ok, got this page working like I wanted. Here's what I did.

<?php
include("dbinfo.inc.php");
mysql_connect(localhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$term = $_POST['term'];
$sql = mysql_query("select * from Inventory where assettag = '$term' ");

while ($row = mysql_fetch_array($sql)){

$ComputerName = $row['ComputerName'];
$SerialNumber = $row['SerialNumber'];
}

?>



<form id="FormName" action="updated.php" method="post" name="FormName">
<table width="448" border="0" cellspacing="2" cellpadding="0">

<tr>
<td width="150" align="right"><label for="ComputerName">Computer Name</label></td>
<td><input name="ComputerNamenew" maxlength="" type="text" value="<?php echo $ComputerName ?>"></td>
</tr>

<tr>
<td width="150" align="right"><label for="SerialNumber">Serial Number</label></td>
<td><input name="SerialNumbernew" maxlength="" type="text" value="<?php echo $SerialNumber ?>"></td>
</tr>

<tr>
<td width="150" align="right"><label for="AssetTag">Asset Tag</label></td>
<td><input name="AssetTagnew" maxlength="" type="text" value="<?php echo $AssetTag ?>"></td>
</tr>

<tr>
<td colspan="2" align="center"><input name="" type="submit" value="Update"></td>
</tr>

</table>
</form>

rocknbil

WebmasterWorld Senior Member rocknbil us a WebmasterWorld Top Contributor of All Time 10+ Year Member



 
Msg#: 4443378 posted 3:46 pm on Apr 20, 2012 (gmt 0)

(Simul-post - this refers to the update script)

No, you're just not executing the query. But there's some serious problems here, I'll help sort the update problem if you address them :-) After creating your select statement, add the execution of the query, like

$updated="UPDATE Inventory SET ComputerName = '$ComputerNamenew', WHERE ID = '$term'";
$result = mysql_query($updated) or die("Cannot execute update: " . mysql_error());

if($result){
echo("<br>Input data is succeed");
} else{
echo("<br>Input data is fail");
}

Now for the serious problems. The first is you absolutely, positively MUST check for the existence of a value before using it. The second is the complete lack of error checking, which is not that difficult and will actually help you when things go wrong. Add these bits like so.

$term = (isset($_POST['term']) and ! empty($_POST['term']))?$_POST['term']:null;
$ComputerNamenew = (isset($_POST['term']) and ! empty($_POST['term']))?$_POST['term']:null;
$SerialNumbernew = (isset($_POST["SerialNumber"]) and ! empty($_POST["SerialNumber"]))?$_POST["SerialNumber"]:null;

// So they'll be set or NULL, error check!
if (! ($term and $ComputerNamenew and $SerialNumbernew)) { die("Required variables not present"); }

The argument against: "Well, when I get it working there's no need to do that. All I want to do is get it working and not worry about it." As your programs grow you will really wish you hadn't fallen into the bad habit of not checking input and error trapping. It also leads to security issues, which is #3.

You are using raw form input in your program. This can lead to SQL injection, cross site scripting, hard to debug errors, and all kinds of nasty stuff. This is a rather large and deep topic, but you can get started by using the PHP functions for making database insertions "safe." Modifying the above,

$term = (isset($_POST['term']) and ! empty($_POST['term']))?mysql_real_escape_string($_POST['term']):null;
$ComputerNamenew = (isset($_POST['term']) and ! empty($_POST['term']))?mysql_real_escape_string($_POST['term']):null;
$SerialNumbernew = (isset($_POST["SerialNumber"]) and ! empty($_POST["SerialNumber"]))?mysql_real_escape_string($_POST["SerialNumber"]):null;

This in itself is not complete, but it's a start. The argument that I know is already forming in your mind: "This will be used by school staff and non of them are going to be doing any hacking and we don't have to worry about any of that."

It's not the ordinary users you have to worry about. Considering the gravity of the environment - this is a system being built for a school - there's a responsibility to insure it's at least safe to use and somewhat protected from those who would hack it up "just because they can."

"Hackers aren't going to know the location of these scripts so we're cool." If it has a domain name and on a server, it can be found and hacked.

Adopt the good habits now while you're still learning. :-)

Lastly, none of this is copy and paste code. It's all typed on the fly, use it to improve your skills but don't rely on it to just "work as is."

allenflame



 
Msg#: 4443378 posted 3:56 pm on Apr 20, 2012 (gmt 0)

wow, thanks for all that info. I 'was' planning on the error checking, and have some in one of the other forms, but like you said, it will make it easier.

This will be an internal only server, no plans on making it published. But I understand what you're saying. I'm gonna go back through these two queries, and try the new code.

I really appreciate everyone's help on this. I've been playing around with this off and on, adding a new page here and there, have sort of an admin page also, where I get all 25 fields from each data record, and the one that updates all the fields for checkin. The update field has been the one I've just kept putting off. But schools out in a month and a half, so I thought it's time to jump on it. Thanks again for your help.

allenflame



 
Msg#: 4443378 posted 6:30 pm on Apr 20, 2012 (gmt 0)

stuck on something. Computernamenew doesn't seem to post between update.php and updated.php. Serialnumber works fine. Computername shows up right in the label box. I added this on the updated.php just to see if everything was Posting right

$term = $_POST['term'];
$ComputerNamenew1 = $_POST['ComputerNamenew'];
$SerialNumbernew1 = $_POST['SerialNumbernew'];
$AssetTagnew1 = $_POST['AssetTagnew'];

//if (! ($ComputerNamenew1 and $SerialNumbernew1)) { die("Required variables not present"); }

//echo $Computernamenew;
//echo <br/>;
//echo $SerialNumbernew;
//echo <br/>;
echo "$Computernamenew1";
echo '<br/>';
echo "$SerialNumbernew1";
echo '<br/>';
echo "$AssetTagnew1";

allenflame



 
Msg#: 4443378 posted 6:41 pm on Apr 20, 2012 (gmt 0)

stupid echo "$Computernamenew1"; name needs a mushroom to become Name.

allenflame



 
Msg#: 4443378 posted 7:12 pm on Apr 20, 2012 (gmt 0)

ok, it's all working now. I've added the suggestions you made for error checking and it still works. about to try the part for php functions.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved