-2

I'm relatively new to php and mysql. What I'm trying to do in this section of code is update 2 columns of information in a database based on the inputs of 2 text boxes. Whenever I try and update the values in the database they update to 0. I placed echo statements after I declared the $ variables and the values of both variables was the same as what I had typed into the boxes. But when I run the sql_query the new values in the database are 0 rather than the values of the 2 $ variables. Any help would be much appreciated! Thanks in advance!

<?php

    $result = mysql_query("SELECT * from place_order ORDER BY item_name;");

    echo "<form action='' method='POST'>Select an item:<select name='selection'><option>Select...</option>";

    while ($row = mysql_fetch_assoc($result)) 
        {
            $item_name = $row["item_name"];

            echo "<option>$item_name</option>";

        }

    echo "</select>
    <input type='submit' value='Select Item' style='float:right;'/>";

    $selection = $_POST['selection'];

    echo "<br><br>Type the updated information into the text fields<br><br>";
    echo "
    <table width='300'>
    <tr>
        <td align='left'>Item Cost(&#8364;): </td>
        <td align='left'><input type='text' name='cost'></td>
    </tr>
    <tr>
        <td align='left'>Item Quantity: </td>
        <td align='left'><input type='text' name='quantity'></td>
    </tr>
    <tr>
        <td align='left'></td>
        <td align='left'><input type='submit' name='button' value='Submit'></td>
    </tr>   
    </table>
    ";

    $cost = $_POST['cost'];
    $quantity = $_POST['quantity'];
    $selection = $_POST['selection'];

    $sql = "UPDATE place_order SET item_cost='$cost', quantity='$quantity' WHERE item_name='$selection' ORDER BY item_name;;";

    $query_update = mysql_query($sql);

    if($query_update)
    {
        echo "Table updated! Click View Stock in the menu to view the updated table";
    }

    echo"</form>";
?>
Funk Forty Niner
  • 74,450
  • 15
  • 68
  • 141
bbb
  • 1,479
  • 2
  • 15
  • 28
  • 3
    Simple: `$select` is undefined. – Funk Forty Niner Apr 20 '14 at 12:24
  • What is the `datatype` on the columns? And what are the values of $_POST elements? – ek9 Apr 20 '14 at 12:24
  • 4
    Your code is vulnerable to [SQL injection](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) – Lkopo Apr 20 '14 at 12:26
  • @fred-ii- Here's the start of the php script where I defined $select: $result = mysql_query("SELECT * from place_order;"); echo "
    Select an item:
    "; $select = $_POST['select'];     – bbb Apr 20 '14 at 12:33
  • @edvinas.me the datatype for item_cost is decimal(6,2) and the quantity column is an int. The value of the $_POST elements depends on what goes in the text boxes. When the info is submitted the 2 values echo normally but when entered into the database they are changed to 0 for some reason – bbb Apr 20 '14 at 12:36
  • You need to add/use `$select=$_POST['select'];` however the word "select" is an MySQL reserved word, so be careful when using such a word, or use another (selection for example). You've assigned the other two variables, but not `$select` – Funk Forty Niner Apr 20 '14 at 12:36
  • Are you sure? I think my script is recognising the $select variable because the 2 columns that get changed to 0 are in the row that starts with item_name = $select – bbb Apr 20 '14 at 12:40
  • Pretty sure. Try it out and see. If you get a successful entry, you'll know why; because it hasn't been "assigned". – Funk Forty Niner Apr 20 '14 at 12:40
  • I already had that code in script if you'll note my comment above. I tried changing $select to $selection and I still had no luck – bbb Apr 20 '14 at 12:43
  • @Briscoooe is the selection box posted in your comment in the same file as the input form? if no, you need to store the selected boxes value somewhere (`$_SESSION` is a good place ...) – Axel Amthor Apr 20 '14 at 12:57
  • Is `$select = $_POST['select'];` located above `$cost = $_POST['cost'];`? It's hard to say from your question and what you posted in a comment. I need you to post your actual working code in your question as an edit the way you're using it. Someone edited your question with it, but I need to know if that is in fact the way you're using it. – Funk Forty Niner Apr 20 '14 at 12:58
  • @fred-ii-i I have updated my original post to contain the entire php script – bbb Apr 20 '14 at 13:07
  • From what I gather, your query is based on a conditional statement `if($selection)` and since `$selection = $_POST['selection'];` is not inside that conditional statement along with your other variables, is probably not being recognized. I suggest also that you use `if(isset($_POST['selection']))` instead of `if($selection)` and place `$selection = $_POST['selection'];` where you have the other two. – Funk Forty Niner Apr 20 '14 at 13:11
  • But $selection is the one variable which is being stored properly. When I echo $selection it prints out as normal and when I run the query the row with the $selction variable as the item_name is the ont that gets updated! The problem isn't with the row that's being selected in the database but rather the values that are going into the row – bbb Apr 20 '14 at 13:14
  • See Axel's answer below; it makes sense. – Funk Forty Niner Apr 20 '14 at 13:21
  • No I did what Axel suggested and still no luck! – bbb Apr 20 '14 at 13:30
  • See my answer below. I made a DB and tested to the best I could using all column types to VARCHAR, but you can use what you have now. The functionality may be slightly different than what you're using now, but it updated successfully. – Funk Forty Niner Apr 20 '14 at 13:46
  • I deleted my answer which worked. I don't know why I went through all this trouble for nothing. Next time someone who gives you an answer that works, accept it. That's how the SO system works. – Funk Forty Niner Apr 20 '14 at 16:10
  • @fred-ii- Apologies Fred I ended up working on my code for about half an hour without checking here and by the time I checked this post again I had fixed my code. Thanks for the input! – bbb Apr 21 '14 at 15:11

1 Answers1

0

There are two forms in this script:

  1. one with the select box
  2. another with the input boxes

each of these forms post individually.

Let's have some kind of state transition table:

  1. forms are showing first time initially, all values are either empty or default.
  2. you select an item name and submit the first form.
  3. option list is posted and $_POST['select'] has a value which then is properly populated in the second form
  4. the script runs til the end and immediately inserts an empty row to your database with the selected item name
  5. you make your inputs in the second form and submit it
  6. this has two input variables: cost and quantity which get posted
  7. due to the fact that the option list is in the other form, it will not be posted and $select is empty at that state
  8. the update statement will run but with no result since there is no empty item_name in the db - useless update.

simple solution: make just one form out of that and you're done (except error handling which is missing entirely ...)

second solution: if only $_POST['select'] is set, put the value of $select in a hidden field and exit the script after echo-ing the second form.

Axel Amthor
  • 10,980
  • 1
  • 25
  • 44
  • Thanks for your input! I edited my script so that all variables are contained within one form but nothing has changed – bbb Apr 20 '14 at 13:23