PHP SQL Edit Form

johneva's picture

They have: 15 posts

Joined: Jan 2008

Hi

could someone take a look over this for me and see where I have gone wrong I carnt spot what I have done wrong I am new at this an its driving me mad now.

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<link href="cp_css/loginmodule.css" rel="stylesheet" type="text/css" />
</head>
 
  <body>
   <h1>Edit Form</h1>
   <p><a href="http://localhost/dual_control_cars/control_panel">Control Panel</a></p>

<ul>
<?php
//connect to mysql
//change user and password to your mySQL name and password
mysql_connect("localhost", "johnmev_user1", "Pass1");
   
//select which database you want to edit
mysql_select_db("cp");

//If cmd has not been initialized
if(!isset($cmd))
{
  
//display all the cars
  
$result = mysql_query("select * from data order by id");
  
  
//run the while loop that grabs all the cars
  
while($r=mysql_fetch_array($result))
   {
     
//grab the model and the ID
     
$make=$r["make"];//take out the model    
     
$model=$r["model"];//take out the model
     
$id=$r["id"];//take out the id
    
     //show the make and model a link in a list
     
echo "<li>";
      echo
"<a href='edit.php?cmd=edit&id=$id'>Edit - $make $model</a>";
      echo
"</li>";
    }
}
?>

   </ul>

<?php
if($_GET["cmd"]=="edit" || $_POST["cmd"]=="edit")
{
   if (!isset(
$_POST["submit"]))
   {
     
$id = $_GET["id"];
     
$sql = "SELECT * FROM data WHERE id=$id";
     
$result = mysql_query($sql);       
     
$myrow = mysql_fetch_array($result);
?>


      <form action="edit.php" method="post">
      <input type=hidden name="id" value="<?php echo $myrow["id"] ?>">
  
      Make:<input type="text" name="make" value="<?php echo $myrow["make"] ?>" size=30 /><br />
      Model:<input type="text" name="model" value="<?php echo $myrow["model"] ?>" size=30 /><br />
      Spec:<input type="text" NAME="spec" value="<?php echo $myrow["spec"] ?>" size=30 /><br />
      7 Month Rental:<input type="text" NAME="seven" value="<?php echo $myrow["seven"] ?>" size=30 /><br />
      12 Month Rental:<input type="text" NAME="twelve" value="<?php echo $myrow["twelve"] ?>" size=30 /><br />
      18 Month Rental:<input type="text" NAME="eighteen" value="<?php echo $myrow["eighteen"] ?>" size=30 /><br />
  
      <input type="hidden" name="cmd" value="edit" />
  
      <input type="submit" name="submit" value="submit" />
  
      </form>

     <?php }
    
   if (
$_POST["$submit"])
   {
     
$make = $_POST["make"];
     
$model = $_POST["model"];
     
$spec = $_POST["spec"];
     
$seven = $_POST["seven"];
     
$twelve = $_POST["twelve"];
     
$eighteen = $_POST["eighteen"];


     
$sql = "UPDATE data SET make='$make',model='$model',spec='$spec',seven='$seven',twelve='$twelve',eighteen='$eighteen' WHERE id=$id";

     
$result = mysql_query($sql);
      echo
"Thank you! Information updated.";
   }
}
?>


</body>
</html>

pr0gr4mm3r's picture

He has: 1,502 posts

Joined: Sep 2006

So...what's the problem?

He has: 131 posts

Joined: Jun 2008

I think I see a minor problem in your inline php
ex:

Make:<input type="text" name="make" value="<?php echo $myrow["make"] ?>" size=30 /><br />

you need a semi colon after the echo $myrow["make"]
ex:
Make:<input type="text" name="make" value="<?php echo $myrow["make"]; ?>" size=30 /><br />

Hope that helps

He has: 53 posts

Joined: Jun 2010

Hi Johneva,
I corrcet your code, You Just try with them,

Edit Form
Control Panel

    <?php
    if(isset($_POST['cmd']) == "edit")
    {
    //connect to mysql
    //change user and password to your mySQL name and password
    $connection=mysql_connect("localhost", "johnmev_user1", "Pass1");
      
    //select which database you want to edit
    mysql_select_db("cp",$connection);

    //If cmd has not been initialized

       //display all the cars
      
    $result = mysql_query("select * from data order by id",$connection);
     
      
    //run the while loop that grabs all the cars
      
    while($r=mysql_fetch_array($result))
       {
         
    //grab the model and the ID
         
    $make=$r["make"];//take out the model   
         
    $model=$r["model"];//take out the model
         
    $id=$r["id"];//take out the id
       
         //show the make and model a link in a list
         
    echo "<li>";
          echo
    "<a href='edit.php?cmd=edit&id=$id'>Edit - $make $model</a>";
          echo
    "</li>";
        }
    }
    ?>

<?php
if(isset($_POST['cmd']) == "edit")
{
  
     
$id = $_GET["id"];
     
$sql = " SELECT * FROM data WHERE id = '$id' ";
     
$result = mysql_query($sql);      
     
$myrow = mysql_fetch_array($result);
?>

Make:
Model:
Spec:
7 Month Rental:
12 Month Rental:
18 Month Rental:

<?php
}
   
   if (
$_POST["$submit"])
   {
     
$make = $_POST["make"];
     
$model = $_POST["model"];
     
$spec = $_POST["spec"];
     
$seven = $_POST["seven"];
     
$twelve = $_POST["twelve"];
     
$eighteen = $_POST["eighteen"];


     
$sql = ("UPDATE data SET                        
                              make='
$make',
                              model='
$model',
                              spec='
$spec',
                              seven='
$seven',
                              twelve='
$twelve',
                              eighteen='
$eighteen'
                              WHERE id='
$id' ", $connection );

     
$result = mysql_query($sql);
      echo
"Thank you! Information updated.";
   }
}
?>

and still you face problem then, you mention here. & I'll try to solve them, now Enjoy with that code. ):

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

One important note that is before this were to go into production (intended for public use), you need to validate/cleanse the data coming into $_POST.

(think what would happen if I entered the following for MAKE:

hello'; drop table data;

Now when it submits, the code as is will delete your entire table.

-Greg

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.