PHP How can I display text in a text area that I just inserted to my database?

Question

I'm doing a website for my senior project class at my college based off of my job at a small local computer shop. I have most of the parts working at this point except for one. I have a page that lists all of the active repairs with an update button next to each one. When I click the update button, the repair page comes up with various attributes about the repair, and those attributes are already filled into their respected input fields.

The last thing I'm trying to accomplish is when I insert the "repairNotes" into the database (which I do have working), when I bring the page back with the rest of the details, I want the repair notes there as well so that technicians can continuously add to them.

Here's some example code for when I get fields from the database and populate the text fields:

    $query =   "SELECT date, make, model
        FROM repair
        JOIN customer on customer.custID = repair.customerID
        WHERE repairID = '$repairID'";
    $result = mysqli_query($mysqli, $query);
    if($result){
    list($datOfRepair, $make, $model) = mysqli_fetch_row($result);
    }

In my HTML I have

    <p align=\"left\"> Date: <input type=\"text\" name=\"date\" value = \"$datOfRepair\" size=\"6\" readonly = 'true'> </p> 
    <p align=\"left\">Make:  <input type=\"text\" name=\"make\" value = \"$make\" size=\"10\" readonly = 'true'></p>
    <p align=\"left\"> Model:  <input type=\"text\" name=\"model\" value = \"$model\" size=\"10\" readonly = 'true'></p>"

For adding the repair notes, I have

    $query = "UPDATE repair SET
    repairNotes = '$repairNotes'
    WHERE repairID = '$repairID'";
    $result = $mysqli->query($query);
    if ($result) {$msg = "Repair Notes added to database"; }

    <textarea name=\"repairNotes\" style=\"width:650px; height:200px;\">$repairNotes</textarea><br>

How can I get the repairNotes code to still input to the database, but when I load the repair page by clicking on the "update" button on the list of repairs act like the first part of my code? Do I need to have a variable that concatenates the the current repairNotes with the newly added repair notes?

Sorry for the long post, I had to explain everything.

You would need to **call** the database on page load, and check whether there are results in the database or not yet. If there are, you would output them to the page. — Obsidian Age, Dec 03 '17 at 22:10
`SELECT date, make, model, repairNotes FROM repair.....` add the columns you want from your `SELECT` statement and output this data in the same way you output the rest — Martin, Dec 03 '17 at 22:10
You could store each repair note in an array as a separate value and then use `serialize` to convert the array to a string for inserting in the database. Then when new notes are added you `unserialize` the existing notes, add the new one to the array and `serialize` again before saving to the database. This way the technicians can only add notes, there is no danger of them deleting previous ones — miknik, Dec 03 '17 at 22:15
Warning: You are using mysqli wrong! This leaves your application open to https://en.wikipedia.org/wiki/SQL_injection SQL Injections. Use prepared statements instead. — Gerrit Luimstra, Dec 03 '17 at 22:21

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

Answer:

Part 1:

when I insert the "repairNotes" into the database (which I do have working), when I bring the page back with the rest of the details, I want the repair notes there as well so that technicians can continuously add to them.

SELECT date, make, model, repairNotes FROM repair..... add the columns you want from your SELECT statement and output this data in the same way you output the rest.

SELECT <column>, <column2 ,> .... FROM .....

Part 2:

Do I need to have a variable that concatenates the the current repairNotes with the newly added repair notes?

Do not be scared to read the manual.

Yes. You can do this with editing your update not to replace but to Concatenate to it, using the CONCAT() MySQL function:

$query = "UPDATE repair SET repairNotes = 
                        CONCAT(repairNotes, ", ",'$repairNotes') WHERE...

You should make this more useful and more flexible by storing your repair notes as separate rows in a separate table, and referencing these back to the original parent table using a Foreign Key, but that is well out of your scope and I don't have the time to explain this in full here.

HOWEVER:
Rather than appending the new data with a simple , as illustrated above, you can append it with a datestamp so therefore making it much more useful when the full text is next called from the SELECT query:

$query = "UPDATE repair SET repairNotes = CONCAT(repairNotes, 
                        ' ', NOW(), ': ', ' $repairNotes') WHERE...

Some advice

Use Prepared Statements. You really, REALLY should be using these through all of your MySQL/PHP work. If your tutors are not telling you this they are dangerously out of date and are no teaching you the methods you need to know to work in this area.
<p align=\"left\"> Date: <input type=\"text\" name=\"date\" This looks horrific and ishard to read and hard to code and copy/paste. Instead simply flip your quotes so your string is encased in one quote type ", and your HTML in another '.

Example:
```
   $string =  "<p align='left'> Date: <input type='text' name='date'>";
```
style=\"width:650px; height:200px;\" Don't style in the document. Styles should be in classes and set in separate stylesheets (CSS files) and called by the HTML file upon load.
Using object orientated queries ($mysqli->query(...)) is good. Well done. Try and use these over static queries $result = mysqli_query($mysqli, $query); as much as possible.
Ensure you use the correct collations and character encodings in your PHP and your MySQL.

Thank you for your feedback on the quotes and the use of prepared statements. Because this will be on a local machine using local host for demonstration purposes, I'm not too worried about SQL injection. On another note, when I add repairNotes to the query and add it to the list, it does show up in the text area. But then when I add to those notes and click the submit button, the field does not get updated. — Michael Ziminski, Dec 03 '17 at 22:34
If you're not to worried about SQL injection, you're doing it wrong. Bad habits start early and bad habits start at home ***always** be worried about SQL injection* ***OR*** *be using Prepared Statements*. I have updated my answer, too. — Martin, Dec 03 '17 at 22:37

PHP How can I display text in a text area that I just inserted to my database?

1 Answers1

Answer:

Some advice