Welcome to WebmasterWorld Guest from 54.167.157.247

Forum Moderators: coopster & jatar k

Message Too Old, No Replies

Help with Editable form for updating Mysql

   
4:17 pm on Sep 6, 2013 (gmt 0)



I created an update form for my database. I have a form which shows all the members with an edit link at the end of each row. The edit link calls an editable form with just the member's information. Once the appropriate information has been changed the form is submitted and php code changes the data in MYSQL and returns the user to the original form. These are basic forms and code because I wanted to be sure it worked before I did anything else. The research I have done seems to indicate I need to do more to the forms to make them more secure.
Here is the code for the three pages:
Edit.php

//Shows a list of members with the edit link
<html>

<head>

<title>Edit Test Get Data</title>

<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">

</head>

<body>
<table>
<tr>
<td align="center">Click Edit at the end of the row to edit that member's data</td>
</tr>
<tr>
<td>
<table border="1">
<tr>
<td>Mbr Nbr</td>
<td>First Name</td>
<td>Last Name</td>
<td>Address</td>
<td>Address2</td>
<td>City</td>
<td>State</td>
<td>Zip</td>
<td>Phone</td>
<td>E-Mail</td>
<td>Church</td>
<td>Chapter</td>
<td>Chptr #</td>
<td>Member Notes</td>
<td>&nbsp;</td>
<?

//Connect to the database
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");

$order = "SELECT * FROM Member";
$result = mysql_query($order);

while ($row=mysql_fetch_array($result)){

echo ("<tr><td>$row[MemberNumber]</td>");
echo ("<td>$row[FName]</td>");
echo ("<td>$row[LName]</td>");
echo ("<td>$row[Address]</td>");
echo ("<td>$row[Address2]</td>");
echo ("<td>$row[City]</td>");
echo ("<td>$row[State]</td>");
echo ("<td>$row[Zip]</td>");
echo ("<td>$row[Phone]</td>");
echo ("<td>$row[email]</td>");
echo ("<td>$row[Church]</td>");
echo ("<td>$row[Chapter]</td>");
echo ("<td>$row[ChapterNumber]</td>");
echo ("<td>$row[MemberNotes]</td>");
echo ("<td><a href=\"Edit_Form.php?id=$row[MemberNumber]\">Edit</a></td></tr>");

}

?>

</table>
</td>
</tr>
</table>

</body>

</html>

Edit_Form.php
//The editing gets done here
<html>

<head>

<title>Form To Edit Membership Data</title>

</head>



<body>

<table border=1>
<tr>
<td align=center>Edit only the data that changed</td>
</tr>
<tr>
<td>
<table>

<?

//Connect to the database
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");

//$id = $_GET['id'];

$order = "SELECT * FROM Member where MemberNumber='$id'";

$result = mysql_query($order);
$row = mysql_fetch_array($result);

?>

<form method="post" action="Edit_Data.php">

<tr>
<td>Member Number</td>
<td>
<input type="text" name="id" value="<? echo "$row[MemberNumber]"?>">
</td>
<tr>
<td>First Name</td>
<td>
<input type="text" name="FName" size="20" value="<? echo "$row[FName]"?>">
</td>
</tr>
<tr>
<td>Last Name</td>
<td>
<input type="text" name="LName" size="20" value="<? echo "$row[LName]"?>">
</td>
</tr>
<tr>
<td>Street Address</td>
<td>
<input type="text" name="Address" size="20" value="<? echo "$row[Address]"?>">
</td>
</tr>
<tr>
<td>Additional Address Notation</td>
<td>
<input type="text" name="Address2" size="20" value="<? echo "$row[Address2]"?>">
</td>
</tr>
<tr>
<td>City</td>
<td>
<input type="text" name="City" size="20" value="<? echo "$row[City]"?>">
</td>
</tr>
<tr>
<td>State</td>
<td>
<input type="text" name="State" size="20" value="<? echo "$row[State]"?>">
</td>
</tr>
<tr>
<td>Zip Code</td>
<td>
<input type="text" name="Zip" size="20" value="<? echo "$row[Zip]"?>">
</td>
</tr>
<tr>
<td>Phone (###-###-####)</td>
<td>
<input type="text" name="Phone" size="20" value="<? echo "$row[Phone]"?>">
</td>
</tr>
<tr>
<td>E-Mail</td>
<td>
<input type="text" name="email" size="20" value="<? echo "$row[email]"?>">
</td>
</tr>
<tr>
<td>Member's Church</td>
<td>
<input type="text" name="Church" size="20" value="<? echo "$row[Church]"?>">
</td>
</tr>
<tr>
<td>Chapter</td>
<td>
<input type="text" name="Chapter" size="20" value="<? echo "$row[Chapter]"?>">
</td>
</tr>
<tr>
<td>Chapter Number</td>
<td>
<input type="text" name="ChapterNumber" size="20" value="<? echo "$row[ChapterNumber]"?>">
</td>
</tr>
<tr>
<td>Member Notes</td>
<td>
<input type="text" name="MemberNotes" size="20" value="<? echo "$row[MemberNotes]"?>">
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit value" value="Edit">
</td>
</tr>

</form>

</table>
</td>
</tr>
</table>

</body>

</html>

Edit_Data.php
//This code updates the MYSQL table and returns user to Edit.php
<?

//edit_data.php

//Connect to the database
$host=""; // Host name
$username=""; // Mysql username
$password=""; // Mysql password
$db_name=""; // Database name
$tbl_name=""; // Table name

mysql_connect("$host", "$username", "$password")or die("cannot connect to Server");
mysql_select_db("$db_name")or die("cannot select DB");



$order = "UPDATE Member
SET Fname='$FName',LName='$LName',Address='$Address',Address2='$Address2',City='$City',State='$State',Zip='$Zip',
Phone='$Phone',email='$email',Church='$Church',Chapter='$Chapter',ChapterNumber='$ChapterNumber',MemberNotes='$MemberNotes'
WHERE MemberNumber='$id'";

mysql_query($order);

header("location:Edit.php");

?>


Any suggestions you can make to improve my code are welcome. Thanks in advance.
Sue
 

Featured Threads

Hot Threads This Week

Hot Threads This Month