-1

Still working on a simple web app, but am running into an issue where $_POST variables aren't pulling over.

edit.php:

<html>
 <head>
  <link rel="stylesheet" type="text/css" href="includes/styles.css" media="screen" />
  <title>Inventory</title>
 </head>
 <body>
<?php
include 'includes/dbconnect.php';

$inven_id = $_GET['id'];
$query = "SELECT
            * 
          FROM 
            inventory 
          INNER JOIN 
            products 
          ON 
            inventory.sku=products.sku 
          WHERE 
            inventory.id = '$inven_id'"; 


$result = mysqli_query($con,$query) or die(mysqli_error($con));
$row = mysqli_fetch_array($result);
mysqli_close($con);
?>

<form method="POST" action="submitchanges.php" />

<table>

<tr>
<td><input type="hidden" name="id" value="<?php echo $inven_id ?>" /></td>
</tr>

<tr>
<td><b>Species:</b></td>
<td><input type="text" name="species" value="<?php echo $row['name']; ?>" readonly="readonly" size="35" /></td>
</tr>

<tr>
<td><b>SKU:</b></td>
<td><input type="text" name="sku" value="<?php echo $row['sku']; ?>" readonly="readonly" size="35" /></td>
</tr>

<tr>
<td><b>Category:</b></td>
<td><input type="text" name="category" value="<?php echo $row['category']; ?>" readonly="readonly" size="35" /></td>
</tr>

<tr>
<td><b>Fry Count:</b></td>
<td><input type="text" name="frycount" value="<?php echo $row['quantityfry']; ?>" size="35" maxlength="4" /></td>
</tr>

<tr>
<td><b>Juvie Count:</b></td>
<td><input type="text" name="juviecount" value="<?php echo $row['quantityjuv']; ?>" size="35" maxlength="4" /></td>
</tr>

<tr>
<td><b>Adult Count:</b></td>
<td><input type="text" name="adultcount" value="<?php echo $row['quantityadult']; ?>" size="35" maxlength="4" /></td>
</tr>

<tr>
<td><b>Notes:</b></td>
<td><input type="text" name="notes" value="<?php echo $row['notes']; ?>" size="35" maxlength="255" /></td>
</tr>

<tr>
<td><b>Location:</b></td>
<td><input type="text" name="location" value="<?php echo $row['location']; ?>" size="35" /></td>
</tr>

<tr>
<td><b>Owner:</b></td>
<td><input type="text" name="owner" value="<?php echo $row['owner']; ?>" size="35" /></td>
</tr>

</table>

<input type="submit" name="submit" value="submit">

</form>

submitchanges.php:

<html>
 <head>
  <link rel="stylesheet" type="text/css" href="includes/styles.css" media="screen" />
  <title>Inventory</title>
 </head>
 <body>
<?php
include 'includes/dbconnect.php';

$id = $_POST['id'];
$quantityfry = $_POST['frycount'];
$quantityjuv = $_POST['juviecount'];
$quantityadult = $_POST['adultcount'];
$notes = $_POST['notes'];
$location = $_POST['location'];
$owner = $_POST['owner'];

$query="UPDATE
          inventory
        SET
          quantityfry = '$quantityfry',
          quantityjuv = '$quantityjuv',
          quantityadult = '$quantityadult',
          notes = '$notes',
          location = '$location',
          owner = '$owner'
        WHERE
          id='$id'";

$result = mysqli_query($con,$query) or die(mysqli_error($con));

if ($result)
{
  echo "Successful!";
  echo "<BR>";
  echo "<a href='index.php'>View result</a>";
}

else

{
  echo "ERROR!";
}

mysqli_close($con);
?>

It seems some variables (the three quantity*) aren't pulling over properly. When I add this into my submitchanges.php, it doesn't display any output:

echo $_POST['quantityfry'];
echo $_POST['quantityjuv'];
echo $_POST['quantityadult'];

However, this does provide the expected output:

echo $_POST['notes'];
echo $_POST['location'];
echo $_POST['owner'];

What am I missing?

EDIT: PHP files updated to reflect discussed changes, and now they work as I want.

tycoonbob
  • 3
  • 1
  • 5
  • 4
    You need to make sure that the form input names are right - you're using ``, so that's the field you need to look for in `$_POST` – andrewsi Dec 24 '13 at 14:21
  • Do you mean `$_GET["id"];` instead of `$_GET[id];` ? – Aycan Yaşıt Dec 24 '13 at 14:21
  • Welcome to Stack Overflow! [**Please, don't use `mysql_*` functions in new code**](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](http://j.mp/XqV7Lp). See the [**red box**](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). – ThiefMaster Dec 24 '13 at 14:22
  • While you don't have an element named `quantityfry` in your form, `$_POST['quantityfry']` won't display any output. So where is the problem? – Aycan Yaşıt Dec 24 '13 at 14:25
  • 1
    `var_dump($_POST);` to see what you have to work with instead of guessing. – Mike B Dec 24 '13 at 14:26
  • 1
    **POST variables cannot contain spaces, including form input names.** – Funk Forty Niner Dec 24 '13 at 14:26
  • the andrewsi answer is right. – dagfr Dec 24 '13 at 14:27
  • @andrewsi Thanks. I have updated both files, and the echo is now working. Now, however, MySQL isn't being updated when submitchanges.php runs. – tycoonbob Dec 24 '13 at 14:34
  • Did you reload everything? You might have something in your cache that's keep the old values. @tycoonbob Also check your `WHERE id='$id'";` if it's an integer, try and test it with an existing ID number, I.e.: `WHERE id=1";` – Funk Forty Niner Dec 24 '13 at 14:40
  • @Fred-ii- Looking directly at the Table Data, I can see that none of the values have been updated. – tycoonbob Dec 24 '13 at 14:41
  • None of the values will be updated, even if **ONE** value is incorrect. Did you try what I suggested? @tycoonbob I edited my comment above, so you may not have seen it. – Funk Forty Niner Dec 24 '13 at 14:42
  • @Fred-ii- I have not tried that yet, but I did add `echo $id;` to `submitchanges.php` and noticed that it returns a value of 36. That line in my table is actually 1 (I've only got two rows of data in this particular table). Where it's getting 36 from, I have no idea. When I set id='1'"; in my query, it works like it should. – tycoonbob Dec 24 '13 at 14:45
  • Then, I'm questioning this line `WHERE inventory.id = '$inven_id'";` why isn't it matching your UPDATE codes? @tycoonbob Something doesn't match. Did you do a `var_dump($_GET);` or `var_dump();` on all variables? – Funk Forty Niner Dec 24 '13 at 14:47
  • `36` may be pulling it from an ID number, do you have 36 ID's? – Funk Forty Niner Dec 24 '13 at 14:48
  • No, there are only 2 rows in that table. `echo $inven_id;` returned the correct row value, in edit.php. I'm guessing something is wrong with my first input field. – tycoonbob Dec 24 '13 at 14:50
  • *"I have not tried that yet, but I did add echo $id;"* Then try it, I'm guessing that's the problem. – Funk Forty Niner Dec 24 '13 at 14:50
  • I did try adding my row id directly into the update query, and it worked like it should. – tycoonbob Dec 24 '13 at 14:52
  • Then try `WHERE id=$id";` without the quotes around `$id` or `WHERE id='" . $id . "' ";` – Funk Forty Niner Dec 24 '13 at 14:52
  • The problem is with this: `` When I change the `type` to `type=text`, it shows a value of `36` instead of the expect value of `1`. – tycoonbob Dec 24 '13 at 14:55
  • I don't know man, I'm baffled. Those `GET`s can be a pain in the neck. The only thing I can suggest is to use GET instead of POST in this `$id = $_POST['id'];` to `$id = $_GET['id'];` see if that makes it kick in, but I doubt it very much. Or change `$inven_id = $_GET['id'];` to `$inven_id = $_POST['id'];` but again, a big doubt. – Funk Forty Niner Dec 24 '13 at 15:01
  • `` Setting it to this works. So I think I figured out what's going on though. This that input set to `echo $row['id'];`, it's working...just not as I wanted. The id that it's pulling (`36`, in this case) is the id (Primary Key) for a different table in my DB...the table that stores all the product information. Ergo, it was working -- just not like I wanted. What I have now works. – tycoonbob Dec 24 '13 at 15:06
  • Well, it's a solution nonetheless. – Funk Forty Niner Dec 24 '13 at 15:08
  • OP has been updated to reflect working PHP files. Now to make them more secure. Thanks for your help! – tycoonbob Dec 24 '13 at 15:08
  • Just for the heck of it, try this `WHERE id = $_GET[id]` – Funk Forty Niner Dec 24 '13 at 15:12
  • Plus, using [**sessions**](http://www.php.net/manual/en/book.session.php) could also be a solution to all this, and just assign your GET `id`, to a session variable. – Funk Forty Niner Dec 24 '13 at 15:14
  • `WHERE id = $_GET[id]` did not work. – tycoonbob Dec 24 '13 at 15:25
  • Try this. Put `session_start();` inside ALL your pages under your opening ` – Funk Forty Niner Dec 24 '13 at 15:33
  • @Fred-ii- I appreciate your continued effort in this, but what benefit would I have by using `session_start();` instead of what I have, since it works? I'll definitely give it a try and make the change if it's beneficial, but I have a few others items to get working on this form today (i.e., table drop down from db enum fields, login piece, etc). – tycoonbob Dec 24 '13 at 15:37
  • Or change your `value=""` to `` and you're welcome. Sessions are very powerful, and facilitate a lot of complicated tasks. – Funk Forty Niner Dec 24 '13 at 15:38
  • `$inven_id = $_GET['id'];` is already being run, which is why I would think `value=""` makes more sense, instead of running $_GET again. I'm new to WebDev, but in scripting (batch, PoSH, VB) it's usually best practice to set things to variables and reference those variables when needed. Is that not the case with PHP? – tycoonbob Dec 24 '13 at 15:43
  • I don't understand why you're using GET for a variable. GETs are populated when accessed from the browser, such as `submit.php?variable&other_var` is that what you're doing to access the ID? – Funk Forty Niner Dec 24 '13 at 15:46
  • Yes, that is exactly what's happening. `index.php` runs a query and populates a table, and to the right of each row is a link to edit that calls `./edit.php?id=x` where x is the id (PK) of one of my DB tables. – tycoonbob Dec 24 '13 at 16:02
  • Try this then: `inventory.id = '$_GET[inven_id]'";` or `inventory.id = '$_GET['inven_id']'";` – Funk Forty Niner Dec 24 '13 at 16:10
  • Actually, I meant `inventory.id = '$_GET[id]'";` or `inventory.id = '" . $_GET[id] . "'";` might have to put single quotes around `id` – Funk Forty Niner Dec 24 '13 at 16:16
  • Also have a look [**at this answer on SO**](http://stackoverflow.com/a/19551490/1415724) you probably could use `WHERE inventory.id = ?";` also, which may be the case. Heck, something is bound to give! [**Then on the same page**](http://stackoverflow.com/a/19552556/1415724) which could be an issue in your case. I.e.: `$inven_id = (int) $_GET['id'];` – Funk Forty Niner Dec 24 '13 at 16:25

3 Answers3

2

The name you use in the form does not match the name of the field you try to get from $_POST:

 name="fry count"

should be

name="quantityfry"
Jelle Ferwerda
  • 1,254
  • 1
  • 7
  • 13
  • Thanks. I didn't realize that $_POST was looking for "input name" data. It makes sense now, and the variables are pulling over correctly. The OP has been updated to reflect my changes. – tycoonbob Dec 24 '13 at 14:37
0

Your HTML inputs are broken, depending on the browser you are using, this might be the cause of the data not being posted correctly.

For example 

<input //... readonly="readonly" size="35"

Requires an closing HTML tag

<input //... readonly="readonly" size="35"/>

Also I believe that variables posted with a space will only be available in the $_POST superglobal with an underscore.

So fry count will be $_POST['fry_count']

It therefore makes sense to use that standard naming conventions for your input elements (which is to use underscores _ within the HTML directly)

<input type="text" name="fry_count"

Edit The PHP documentation states

Note: Dots and spaces in variable names are converted to underscores. For example becomes $_REQUEST["a_b"].

AlexP
  • 9,906
  • 1
  • 24
  • 43
0

you write this variable on submitchanges.php: file:

$quantityfry = $_POST['quantityfry'];
$quantityjuv = $_POST['quantityjuv'];
$quantityadult = $_POST['quantityadult'];

but in edit.php:

no field name with quantityfry,quantityjuv,quantityadult(in edit.php)

so change the one of the file variable and make it same in both pages.

I think you better change variable in submitchanges.php.

it may be like this:

$quantityfry = $_POST['frycount'];
$quantityjuv = $_POST['juviecount'];
$quantityadult = $_POST['adultcount'];
DS9
  • 2,995
  • 4
  • 52
  • 102
  • Thanks. I didn't realize that $_POST was looking for "input name" data. It makes sense now, and the variables are pulling over correctly. The OP has been updated to reflect my changes. – tycoonbob Dec 24 '13 at 14:37