1

So i have managed to get rid of all the undefined errors and lined things up but when i go from my database page to my edit page so it posts the ID no data comes up and then even with posting to edit nothing happens in the database. I checked the php error log and mysql log and nothing there also tried some php debugging but got no data from there either, i am running out of ideas without some sort of error code to look at.

<?php
/* 
 EDIT.PHP
 Allows user to edit specific entry in database
 Status: Not working at all
*/

 // creates the edit record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($id, $date, $user, $model, $serial, $issue)
 {
 ?>
 <!DOCTYPE HTML>
 <html>
 <head>
 <meta content="text/html;charset=utf-8" http-equiv="Content-Type">
<meta content="utf-8" http-equiv="encoding">
 <title>Edit Record</title>
 </head>
 <body>
 <?php 
 // if there are any errors, display them
 //if ($error != '')
 //{
 //echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
 //}
 ?> 

 <form action="" method="post">
 <input type="hidden" name="id" value="<?php echo $id; ?>"/>
 <div>
 <p><strong>ID:</strong> <?php echo $id; ?></p>
 <strong>Date: *</strong> <input type="text" name="date" value="<?php echo $date; ?>"/><br/>
 <strong>User: *</strong> <input type="text" name="user" value="<?php echo $user; ?>"/><br/>
 <strong>Model: *</strong> <input type="text" name="model" value="<?php echo $model; ?>"/><br/>
 <strong>Serial: *</strong> <input type="text" name="serial" value="<?php echo $serial; ?>"/><br/>
 <strong>Issue: *</strong> <input type="text" name="issue" value="<?php echo $issue; ?>"/><br/>
 <p>* Required</p>

 <input type="submit" name="submit" value="Submit">
 </div>
 </form> 
 </body>
 </html> 
 <?php
 }



 // connect to the database
 include('conn.php');

 // check if the form has been submitted. If it has, process the form and save it to the database
 if (isset($_POST['submit']))
 { 
 // confirm that the 'id' value is a valid integer before getting the form data
 if (is_numeric($_POST['id']))
 {
// get form data, making sure it is valid
$id = isset($_POST['id']) ? $_POST['id'] : '';
$date = isset($_POST['date']) ? $_POST['date'] : '';
$user = isset($_POST['user']) ? $_POST['user'] : '';
$model = isset($_POST['model']) ? $_POST['model'] : '';
$serial = isset($_POST['serial']) ? $_POST['serial'] : '';
$issue = isset($_POST['issue']) ? $_POST['issue'] : '';

 // check that firstname/lastname fields are both filled in
 if ($user == '' || $model == '' || $serial == '' || $issue == '')
 {
// generate error message
 $error = 'ERROR: Please fill in all required fields!';

 //error, display form
 renderForm($id, $date, $user, $model, $serial, $issue);
 }
 else
 {
 // save the data to the database
 mysql_query("UPDATE screen SET id='$id', date='$date', model='$model', serial='$serial', user='$user', issue='$issue'")
 or die(mysql_error()); 

 // once saved, redirect back to the view page
 header("Location: pview_screen.php"); 
 }
 }
 else
 {
 // if the 'id' isn't valid, display an error
 echo 'Error!';
 }
 }
 else
 // if the form hasn't been submitted, get the data from the db and display the form
 {

 // get the 'id' value from the URL (if it exists), making sure that it is valid (checing that it is numeric/larger than 0)
 if (isset($_GET['id']) && is_numeric($_GET['id']) && $_GET['id'] > 0)
 {
 // query db
 $id = $_GET['id'];
 $result = mysql_query("SELECT * FROM screen WHERE id=$id")
 or die(mysql_error()); 
 $row = mysql_fetch_array($result);

 // check that the 'id' matches up with a row in the databse
 if($row)
 {
 // get data from db
$id = isset($_GET['id']) ? $_GET['id'] : '';
$date = isset($_GET['date']) ? $_GET['date'] : '';
$user = isset($_GET['user']) ? $_GET['user'] : '';
$model = isset($_GET['model']) ? $_GET['model'] : '';
$serial = isset($_GET['serial']) ? $_GET['serial'] : '';
$issue = isset($_GET['issue']) ? $_GET['issue'] : '';

 // show form
 renderForm($id, $date, $model, $serial, $user, $issue);
 }
 else
 // if no match, display result
 {
 echo "No results!";
 }
 }
 else
 // if the 'id' in the URL isn't valid, or if there is no 'id' value, display an error
 {
 echo 'Error!';
 }
 }
?>
Glenn Zealous
  • 72
  • 1
  • 7
  • [Little Bobby](http://bobby-tables.com/) says [your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! – Jay Blanchard Apr 21 '16 at 12:29
  • Please [stop using `mysql_*` functions](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php). [These extensions](http://php.net/manual/en/migration70.removed-exts-sapis.php) have been removed in PHP 7. Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [PDO](http://php.net/manual/en/pdo.prepared-statements.php) and [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and consider using PDO, [it's really pretty easy](http://jayblanchard.net/demystifying_php_pdo.html). – Jay Blanchard Apr 21 '16 at 12:29
  • where is this function defined `renderForm` also in one place you are using `$_POST['id`]` and one place `$_GET['id']`, please check it – Nehal Apr 21 '16 at 12:35

0 Answers0