I have searched the forums here and while there are similar problems going around, mine is different from what I've seen.

First, I will say that I have yet to do sessions OR injection protection. This is a project for school so those things will come last; the most important thing is that the code works and things work right.

I'm doing a CMS sort of deal with a client listing. The admin can INSERT, DELETE, and UPDATE rows in the database. I'm not sure where I'm going wrong, but this is what I have.

Also I will mention that my teacher is coding things differently than I've seen anywhere else (even different than the book we're using in class is telling us to -- so it's very confusing for me).

Here is the FORM.php code:

<?php
	/*session_start();
	if ($_POST && !empty($_POST['username'])) {
		$_SESSION['username'] = $_POST['username'];
	}*/
	
	// Connecting to the database...
	include("dbconn.inc.php");
	$conn = dbConnect();

	$cid = ""; // place holder for product id information
	if (isset($_GET['cid'])) { // note that the spelling 'pid' is based on the query string variable name
		// product id available, validate the information, then compose a query accordingly to retrieve information.
		$cid = $_GET['cid']; 
		// validate the product id -- check to see if it is a number
			if (is_numeric($cid)){
				//compose a select query
				$sql = "SELECT * FROM tcClient WHERE CID = '$cid'"; // note that the spelling "PID" is based on the field name in my product table.
				$rs = mysql_query($sql) or die ("select query failed");
				// proceed only if a match is found
				if (mysql_num_rows($rs) == 1){
					$row = mysql_fetch_array($rs, MYSQL_ASSOC); //since there is only one row being returned, no while loop is necessary
					//set up the values to be insert into the form fields
					$Last = $row['LName'];
					$First = $row['FName'];
					$Company = $row['CoName'];
					$Address = $row['Address'];
					$City = $row['City'];
					$State = $row['State'];
					$Zip = $row['Zip'];
					$Email = $row['Email'];
					$Phone = $row['Phone'];
				} else {
					$errMsg = "<p><b>!</b> Information on the record you requested is not available. If it is an error, please contact the webmaster. Thank you.</p>";
					$cid = ""; // reset $pid
				}
			} else {
				// reset $pid
				$cid = "";
				// compose an error message
				$errMsg = "<p><b>!</b> If you are expecting to edit an exiting item, an error has occured in the process. Please contact the webmaster. Thank you.</p>";
			}
		}

?>

<?php include('../header.php'); ?>
<div id="content">
    <? include('include/menu.php'); ?>
	<div id="text">
    	<h1>Client List</h1>
		<?= $errMsg ?>
		<p>
        <div align="center" border="1">
            <form action="clients-edit.php" method="POST">
                <input type="hidden" name="cid" value=<?=$cid?>>
                <table>
                    <tr><td><strong>Last Name:</strong></td><td><input type="text" name="lname" size="25" value="<?= $Last ?>" /></td></tr>
                    <tr><td><strong>First Name:</strong></td><td><input type="text" name="fname" size="25" value="<?= $First ?>" /></td></tr>
                    <tr><td><strong>Company Name:</strong></td><td><input type="text" name="company" size="25" value="<?= $Company ?>" /></td></tr>
                    <tr><td><strong>Address:</strong></td><td><input type="text" name="address" size="25" value="<?= $Address ?>" /></td></tr>
                    <tr><td><strong>City:</strong></td><td><input type="text" name="city" size="25" value="<?= $City ?>" /></td></tr>
                    <tr><td><strong>State:</strong></td><td><input type="text" name="state" size="2" value="<?= $State ?>" /></td></tr>
                    <tr><td><strong>Zip Code:</strong></td><td><input type="text" name="zip" size="5" value="<?= $Zip ?>" /></td></tr>
                    <tr><td><strong>Email:</strong></td><td><input type="text" name="email" size="25" value="<?= $Email ?>" /></td></tr>
                    <tr><td><strong>Phone Number:</strong></td><td><input type="text" name="phone" size="13" value="<?= $Phone ?>" /></td></tr>
                    <tr><td colspan="2" align="center"><input type="submit" name="submit" value="Submit"></td></tr>
                </table>
            </form>
        </div>
    	</p>
	</div>
	<div class="clear"></div>
</div>
<?php include('../footer.php'); ?>

Here is the EDIT.php code:

<?php
	// Connecting to the database...
	include("dbconn.inc.php");
	$conn = dbConnect();
	
	$output = "";
	if (isset($_POST['submit'])) {
		$required = array("lname", "fname", "company", "address", "city", "state", "zip", "phone");
		$expected = array("lname", "fname", "company", "address", "city", "state", "zip", "email", "phone");
		$missing = array();
		foreach ($expected as $field) {
			if (in_array($field, $required) && (!isset($_POST[$field]) || empty($_POST[$field]))) {
				array_push ($missing, $field);
			} else {
				if (!isset($_POST[$field])) {
					${$field} = "";
				} else {
					${$field} = $_POST[$field];
				}
			}
		}
		if (empty($missing)){
			if (isset($_POST['cid']) && $_POST['cid'] != "") {
				$sql = "UPDATE tcClient SET LName = '$lname', FName = '$fname', CoName = '$company', Address = '$address', City = '$city', State = '$state', Zip = '$zip', Email = '$email', Phone = '$phone' WHERE CID = '$cid'";
			} else {
				$sql = "INSERT tcClient (FName, LName, CoName, Address, City, State, Zip, Email, Phone) VALUES ('$fname', '$lname', '$company', '$address', '$city', '$state', '$zip', '$email', '$phone')";
			}
			$rs = mysql_query($sql) or die ("insert/update query failed");
			if ($rs) {
				$output = "<p>The following information has been saved in the database:<br><br>";
				foreach($_POST as $key=>$value){
					$output .= "<b>$key</b>: $value <br>";
				}
				$output .= "<p>Back to the <a href='clients.php'>client list</a></p>";
			} else {
				$output = "<p>Database operation failed. Please contact the webmaster.";
			}
		} else {
			$output = "<p>The following required fields are missing in your form submission. Please check your form again and fill them out. <br>Thank you.<br>\n<ul>";
			foreach($missing as $m){
				$output .= "<li>$m";
			}
			$output .= "</ul>";
		}
	}
?>

<?php include('../header.php'); ?>
<div id="content">
    <? include('include/menu.php'); ?>
  	<div id="text">
    	<h1>Edit Client</h1>
    	<p><?= $output ?></p>
	</div>
<div class="clear"></div>
</div>
<?php include('../footer.php'); ?>

What Works:
The INSERT string works fine. And when you edit a client's information, it says it works, but nothing actually changes in the information when it loads. I don't get any SQL errors or anything. So I'm completely confused about this.

I don't think it has anything to do with the SQL query I'm using.

Oh, I should mention we had an assignment earlier this semester doing the same thing, but everything on that worked fine. So this code is copied from that assignment, so some of the comments say 'product' instead of client, but it's the same thing.

Thanks in advance for any help! :)

Might I add that I have used the current UPDATE script in phpMyAdmin with the changes I'm trying to make in the form and it updated just fine, with no errors or anything. So I'm even more confused now!

Well, I checked your script and it is fine. I don't see any errors. Apart from saying 'It works', does it say anything else ? Could you be more specific ?

I honestly can't be any more specific. I can post the address here and you can try it out yourself if you like? Here it is. Try editing one of the rows... it says it works and does EXACTLY what it's supposed to do... Except when you go back to the client list, everything's still the same.

Hmm.. I see what you are talking about. Did you try printing the query and executing it in phpmyadmin or mysql console ?
Your script looks good though :S

Yeah, I did... This is what I entered:
UPDATE tcClient SET LName = 'Cudmore',
FName = 'Jen',
CoName = 'Jencee Designs',
Address = '1908 Ridgebrook Dr.',
City = 'Arlington',
State = 'TX',
Zip = '76015',
Email = 'jen.cudmore@sbcglobal.net',
Phone = '817-709-3479' WHERE CID = '2'

And it worked!

But still not working in the php file...

That's really strange. :S Sorry, It seems like I have reached the dead end and can't think of one good reason why it's failing to update the record.

:-( That sucks. LoL, but thanks for trying. I've emailed my professor and asked him as well. So if I get the answer, I'll post it in here so you can see what the problem is.

This really does blow my mind. I was HOPING it'd be something small. But it makes me feel good knowing my code is good. :-) So thanks for trying.

If it is *really* something small, then maybe its time for me to get a new pair of eyes. :D
Anyways, Lets hope someone else here finds what's wrong.
Anyways, Good luck :).

Holy cow! I was about to call it a night (it was about 4:15am here -- class at 9:30am) when I noticed my professor emailed me back! I'll copy and paste what he said here!

When a mystery like this arises, this is how you test your query ...

(1) find out where the query is sent to the database -- it is line 28 on client-edit.php.
(2) insert a line right before line 28 to echo the query -- this will ensure you see the query that's been sent to the database. Remember to add a <br> at the end so this won't tangle with other output.
Ex.
echo "$sql<br>";
(3) inspect your query, often times you can find something wrong with it. The line below is the query client-edit.php sends to the database:
UPDATE tcClient SET LName = 'a', FName = 'b', CoName = 'c', Address = 'd', City = 'e', State = 'f', Zip = 'g', Email = 'h', Phone = 'i' WHERE CID = ''
(Take a moment to read the query and see if you can tell where is the problem.)

...................
...................
...................
...................
...................
...................
...................
...................

(OK, no pun intended, but WHERE (clause) is the problem)

(4) if you don't see anything wrong, then copy and paste the query to the myAdmin interface and test it that way.

Once you find the problem, often it is like this one you are having -- a value is missing, go back to the script and trace back to see where that variable is defined.
In this case, we are missing $cid and it is not defined anywhere. All other form input, like lname, fname, etc. are all defined inside the foreach loop (lines 11-21). That foreach loop goes through the expected array. Since cid is not one of the element in the expected array, it was not defined and caused you headache.

So I just added $cid = $row; to the form page and "cid" to expected fields. :-)

Wow. I KNEW it was something small! LoL

I told you about step 2 and step 4. But, I should have been more descriptive [since you are kinda new to php].
But, in the end it doesn't even matter :P Congrats on finding the solution!
Cheers,
Nav

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.