homepage Welcome to WebmasterWorld Guest from 54.226.0.225
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Help with Editable form for updating Mysql
ksklos




msg:4607863
 4:17 pm on Sep 6, 2013 (gmt 0)

I created an update form for my database. I have a form which shows all the members with an edit link at the end of each row. The edit link calls an editable form with just the member's information. Once the appropriate information has been changed the form is submitted and php code changes the data in MYSQL and returns the user to the original form. These are basic forms and code because I wanted to be sure it worked before I did anything else. The research I have done seems to indicate I need to do more to the forms to make them more secure.
Here is the code for the three pages:
Edit.php

//Shows a list of members with the edit link
<html>

<head>

<title>Edit Test Get Data</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>

<body>
<table>
<tr>
<td align="center">Click Edit at the end of the row to edit that member's data</td>
</tr>
<tr>
<td>
<table border="1">
<tr>
<td>Mbr Nbr</td>
<td>First Name</td>
<td>Last Name</td>
<td>Address</td>
<td>Address2</td>
<td>City</td>
<td>State</td>
<td>Zip</td>
<td>Phone</td>
<td>E-Mail</td>
<td>Church</td>
<td>Chapter</td>
<td>Chptr #</td>
<td>Member Notes</td>
<td>&nbsp;</td>
<?

//Connect to the database
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");

$order = "SELECT * FROM Member";
$result = mysql_query($order);

while ($row=mysql_fetch_array($result)){

echo ("<tr><td>$row[MemberNumber]</td>");
echo ("<td>$row[FName]</td>");
echo ("<td>$row[LName]</td>");
echo ("<td>$row[Address]</td>");
echo ("<td>$row[Address2]</td>");
echo ("<td>$row[City]</td>");
echo ("<td>$row[State]</td>");
echo ("<td>$row[Zip]</td>");
echo ("<td>$row[Phone]</td>");
echo ("<td>$row[email]</td>");
echo ("<td>$row[Church]</td>");
echo ("<td>$row[Chapter]</td>");
echo ("<td>$row[ChapterNumber]</td>");
echo ("<td>$row[MemberNotes]</td>");
echo ("<td><a href=\"Edit_Form.php?id=$row[MemberNumber]\">Edit</a></td></tr>");

}

?>

</table>
</td>
</tr>
</table>

</body>

</html>

Edit_Form.php
//The editing gets done here
<html>

<head>

<title>Form To Edit Membership Data</title>

</head>



<body>

<table border=1>
<tr>
<td align=center>Edit only the data that changed</td>
</tr>
<tr>
<td>
<table>

<?

//Connect to the database
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");

//$id = $_GET['id'];

$order = "SELECT * FROM Member where MemberNumber='$id'";

$result = mysql_query($order);
$row = mysql_fetch_array($result);

?>

<form method="post" action="Edit_Data.php">

<tr>
<td>Member Number</td>
<td>
<input type="text" name="id" value="<? echo "$row[MemberNumber]"?>">
</td>
<tr>
<td>First Name</td>
<td>
<input type="text" name="FName" size="20" value="<? echo "$row[FName]"?>">
</td>
</tr>
<tr>
<td>Last Name</td>
<td>
<input type="text" name="LName" size="20" value="<? echo "$row[LName]"?>">
</td>
</tr>
<tr>
<td>Street Address</td>
<td>
<input type="text" name="Address" size="20" value="<? echo "$row[Address]"?>">
</td>
</tr>
<tr>
<td>Additional Address Notation</td>
<td>
<input type="text" name="Address2" size="20" value="<? echo "$row[Address2]"?>">
</td>
</tr>
<tr>
<td>City</td>
<td>
<input type="text" name="City" size="20" value="<? echo "$row[City]"?>">
</td>
</tr>
<tr>
<td>State</td>
<td>
<input type="text" name="State" size="20" value="<? echo "$row[State]"?>">
</td>
</tr>
<tr>
<td>Zip Code</td>
<td>
<input type="text" name="Zip" size="20" value="<? echo "$row[Zip]"?>">
</td>
</tr>
<tr>
<td>Phone (###-###-####)</td>
<td>
<input type="text" name="Phone" size="20" value="<? echo "$row[Phone]"?>">
</td>
</tr>
<tr>
<td>E-Mail</td>
<td>
<input type="text" name="email" size="20" value="<? echo "$row[email]"?>">
</td>
</tr>
<tr>
<td>Member's Church</td>
<td>
<input type="text" name="Church" size="20" value="<? echo "$row[Church]"?>">
</td>
</tr>
<tr>
<td>Chapter</td>
<td>
<input type="text" name="Chapter" size="20" value="<? echo "$row[Chapter]"?>">
</td>
</tr>
<tr>
<td>Chapter Number</td>
<td>
<input type="text" name="ChapterNumber" size="20" value="<? echo "$row[ChapterNumber]"?>">
</td>
</tr>
<tr>
<td>Member Notes</td>
<td>
<input type="text" name="MemberNotes" size="20" value="<? echo "$row[MemberNotes]"?>">
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit value" value="Edit">
</td>
</tr>

</form>

</table>
</td>
</tr>
</table>

</body>

</html>

Edit_Data.php
//This code updates the MYSQL table and returns user to Edit.php
<?

//edit_data.php

//Connect to the database
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");



$order = "UPDATE Member
SET Fname='$FName',LName='$LName',Address='$Address',Address2='$Address2',City='$City',State='$State',Zip='$Zip',
Phone='$Phone',email='$email',Church='$Church',Chapter='$Chapter',ChapterNumber='$ChapterNumber',MemberNotes='$MemberNotes'
WHERE MemberNumber='$id'";

mysql_query($order);

header("location:Edit.php");

?>


Any suggestions you can make to improve my code are welcome. Thanks in advance.
Sue

 

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved