Member Avatar for CarterLangley

Me again,

I have the following which should generate a form and populate that form.

<?php 
session_start();
include("db_connect.php");
if(($_SESSION['user_id']) && ($_SESSION['access_level'] == 1 ))
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<head>
    <title>Teaching Int Limited - Home</title>
    <meta name="title" content="Teaching Int Limited">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta name="description" content="Providing Quality English Teachers to Schools and Organisations">
    <meta name="Abstract" content="Providing Quality English Teachers to Schools and Organisations">
    <meta name="keywords" content="TEFL,english,teacher">
    <meta name="Robots" content="index, follow">
    <meta name="Distribution" content="Global">
    <meta name="Revisit-After" content="30 days">
    <meta name="Rating" content="General">
    <meta name="Reply-to" content="info@teaching-int.com">
    <meta name="Owner" content="Teaching Int Limited">
    <meta name="Author" content="Carter Langley">
    <meta name="copyright" content="Teaching Int Limited - 2013">
    <link rel="shortcut icon" href="images/favicon.ico">
    <link href='http://fonts.googleapis.com/css?family=Great+Vibes' rel='stylesheet' type='text/css'>
    <link rel="stylesheet" type="text/css" href="form.css">
    <link rel="stylesheet" type="text/css" href="header.css">
    <link rel="stylesheet" type="text/css" href="site.css">
</head>
<body>
<?php include("header_loggedin.php"); ?>
<?php
if(isset($_POST['add']))
{
$category_id = protect($_POST['category_id']);
$title = protect($_POST['title']);
$first_name = protect($_POST['first_name']);
$middle_name = protect($_POST['middle_name']);
$last_name = protect($_POST['last_name']);
$suffix = protect($_POST['suffix']);
$dob = protect($_POST['dob']);
$home_street = protect($_POST['home_street']);
$home_city = protect($_POST['home_city']);
$home_province = protect($_POST['home_province']);
$home_postalcode = protect($_POST['home_postalcode']);
$home_country = protect($_POST['home_country']);
$home_tel = protect($_POST['home_tel']);
$home_cell = protect($_POST['home_cell']);
$home_email = protect($_POST['home_email']);
$skype = protect($_POST['skype']);

$columns = array("category_id", "title", "first_name", "middle_name","last_name","suffix","dob","home_street","home_province","home_postalcode","home_country","home_tel","home_cell","home_email","skype");
$set = array();
foreach ($columns as $col) {
    if (isset($_GET[$col])) {
      $set[] = "$col = '" . protect($_GET[$col]) . "'";
    }
}
$sql = "UPDATE person ";
if ($set) {
    $sql .= "SET " . implode(",", $set);
}
$sql .= " WHERE person_id = " . $_POST['person_id'];
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not update data: ' . mysql_error());
}
echo "Entered data successfully. Redirecting in 2 seconds.\n";
mysql_close($conn);
header('Refresh: 2; URL=admin.php');
}
else
{
?>
<form class="semantic" method="post" action="">
<fieldset>
<legend>Viewing</legend>
<?php
$ops = '';
$sql_select = "select * from category";
$retval_selectcategory = mysql_query( $sql_select, $conn );
if(! $retval_selectcategory ) { die('Could not select data: ' . mysql_error()); }
while($row = mysql_fetch_assoc($retval_selectcategory)) {
    $ops .=  "<option value='{$row['category_id']}'>{$row['category']}</option>";
}
$result = "SELECT * FROM person WHERE ";
$result .= " person_id = " . $POST['person_id'];
$row = mysql_fetch_row($result);
?>
<div>
<label for="category_id">Category</label>
<select name="category_id" id="category_id">
<option value="">--- Select a Category ---</option>
<?php echo $ops;?>
</select>
</div>
<div>
<label for="title">Title</label>
<input name="title" type="text" id="title" value="<?php $row['title'] ?>">
</div>
<div>
<label for="first_name">First Name</label>
<input name="first_name" type="text" id="first_name" value="<?php $row['first_name'] ?>">
</div>
<div>
<label for="middle_name">Middle Name</label>
<input name="middle_name" type="text" id="middle_name" value="<?php $row['middle_name'] ?>">
</div>
<div>
<label for="last_name">Last Name</label>
<input name="last_name" type="text" id="last_name" value="<?php $row['last_name'] ?>">
</div>
<div>
<label for="suffix">Suffix</label>
<input name="suffix" type="text" id="suffix" value="<?php $row['suffix'] ?>">
</div>
<div>
<label for="dob">Date of Birth (yyyy-mm-dd)</label>
<input name="dob" type="text" id="dob" value="<?php $row['dob'] ?>">
</div>
<div>
<label for="home_street">Home Street Address</label>
<input name="home_street" type="text" id="home_street" value="<?php $row['home_street'] ?>">
</div>
<div>
<label for="home_city">City/Town</label>
<input name="home_city" type="text" id="home_city" value="<?php $row['home_city'] ?>">
</div>
<div>
<label for="home_province">Province</label>
<input name="home_province" type="text" id="home_province" value="<?php $row['home_province'] ?>">
</div>
<div>
<label for="home_postalcode">Postal Code</label>
<input name="home_postalcode" type="text" id="home_postalcode" value="<?php $row['home_postalcode'] ?>">
</div>
<div>
<label for="home_country">Country</label>
<input name="home_country" type="text" id="home_country" value="<?php $row['home_country'] ?>">
</div>
<div>
<label for="home_tel">Home Telephone</label>
<input name="home_tel" type="text" id="home_tel" value="<?php $row['home_tel'] ?>">
</div>
<div>
<label for="home_cell">Home Cellular/Mobile</label>
<input name="home_cell" type="text" id="home_cell" value="<?php $row['home_cell'] ?>">
</div>
<div>
<label for="home_email">Personal Email Address</label>
<input name="home_email" type="text" id="home_email" value="<?php $row['home_email'] ?>">
</div>
<div>
<label for="skype">Skype</label>
<input name="skype" type="text" id="skype" value="<?php $row['skype'] ?>">
</div>
<div class="button-row">
<input name="add" type="submit" id="add" value="Update Person">
</div>
</fieldset>
</form>
</body>
</html>
<?php
}
}
else
{
    echo "<script type=\"text/javascript\">
    alert(\"You don't belong here!\");
    window.location=\"index.php\"</script>";
}

I am getting the following error.
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE person_id = 3' at line 1

What I am trying to do is populate a form from the database based on a choice made on another page. I should then be able to update the information on this form if necessary and update the corresponding record in the database.

  • 4 Contributors
  • 6 Replies
  • 301 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by CarterLangley
Member Avatar for pzuurveen

is that from the query from line 88?
cant, there is no query at line 88, but there must be one.

Member Avatar for CarterLangley

I think it is the one from line 59?

Member Avatar for urtrivedi

add underscore after dollor sign on light 88

wrong $POST['person_id'];
right $_POST['person_id'];

Member Avatar for Zagga

Hi,

For the query on line 59, I don't see where you are getting the person-id value. It is not sent by the form? Or should this be $_SESSION['user_id']

As for line 87, combining the answers from pzuurveen and urtrivedi, replace lines 87 and 88 with the following.

$result_sql = "SELECT * FROM person WHERE person_id = " . $_POST['person_id'];
$result = mysql_query($result_sql, $con) or die('Error - Could not perform the query: ' . mysql_error());
Edited by Zagga
Member Avatar for pzuurveen

do var_dump($sql); to see if the query looks like you want it to.
(post the resulst)

also read this artical about mysql-php-sql-injection

Member Avatar for CarterLangley

It was a combination of things. I have managed to get the thing sorted now and learnt a few lessons to boot!

Thanks guys for pointing me in the right direction.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.