atrueresistance 0 Light Poster

Now, knowing I'm fairly new on this whole PHP, MySQL, and HTML project. I'm working as an intern and my boss has run out of things for me to do so I'm creating a data driven website for him. I'm having a hard time with getting to work right. Here is the code I have so far.

This is my index.php file

<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title></title>
    </head>
    <body>
     <!--Magic Quotes-->
<?php
if (get_magic_quotes_gpc())
{
 function stripslashes_deep($value)
 {
   $value = is_array($value) ?
       array_map('stripslashes_deep', $value) :
       stripslashes($value);

   return $value;
 }

 $_POST = array_map('stripslashes_deep', $_POST);
 $_GET = array_map('stripslashes_deep', $_GET);
 $_COOKIE = array_map('stripslashes_deep', $_COOKIE);
 $_REQUEST = array_map('stripslashes_deep', $_REQUEST);
}
 //if addjoke link is clicked
if (isset($_GET['addtool']))
{
 include 'addform.html.php';
 exit();
}

//connect to server
$link = mysqli_connect('location','user','pass);
if (!$link)
{
 $error = 'Unable to connect to the database server.';
 include 'error.html.php';
 exit();
}

//set database encoding
if (!mysqli_set_charset($link, 'utf8'))
{
 $output = 'Unable to set database connection encoding.';
 include 'output.html.php';
 exit();
}

//select database
if (!mysqli_select_db($link, 'tools'))
{
 $error = 'Unable to locate the tools database.';
 include 'error.html.php';
 exit();
}

//add tool button actions
if (isset($_POST['addtool']))
{
 $serialnumber = mysqli_real_escape_string($link, $_POST
         ['serialnumber']);
 $sql = "insert into tools (serialnumber)
    Values('$serialnumber')";

 if (!mysqli_query($link, $sql))
 {
   $error = 'Error adding submitted tool: ' . mysqli_error($link);
   include 'error.html.php';
   exit();
 }

 header('Location: .');
 exit();
}

//edit tool button actions
if (isset($_GET['edittool']))
{
 $id = mysqli_real_escape_string($link, $_POST['id' . 'editserialnumber']);
 $sql = "Update tools set serialnumber='$editserialnumber' where id='$id'";
 if (!mysqli_query($link, $sql))
 {
   $error = 'Error deleting tool: ' . mysqli_error($link);
   include 'error.html.php';
   exit();
 }

 header('Location: .');
 exit();
}
//delete tool button actions
if (isset($_GET['deletetool']))
{
 $id = mysqli_real_escape_string($link, $_POST['id']);
 $sql = "DELETE FROM tools WHERE id='$id'";
 if (!mysqli_query($link, $sql))
 {
   $error = 'Error deleting tool: ' . mysqli_error($link);
   include 'error.html.php';
   exit();
 }

 header('Location: .');
 exit();
}

//query SQL database
$result = mysqli_query($link, 'SELECT id, serialnumber, description, checkedoutby, email, checkoutdate FROM tools order by description');
if (!$result)
{
 $error = 'Error fetching tool: ' . mysqli_error($link);
 include 'error.html.php';
 exit();
}

//array
while ($row = mysqli_fetch_array($result))
{
 $tools[] = array('id' => $row['id'], 'serialnumber' => $row['serialnumber'],
     'description' => $row['description'],'checkedoutby' => $row['checkedoutby'],
     'email' => $row['email'], 'checkoutdate' => $row['checkoutdate']);
}

include 'jokes.html.php';
?>
    </body>
</html>

This is my addform.html.php file

<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>Add Tool</title>
        <style type="text/css">textarea {display: block;width: 100%;}
   </style>
    </head>
    <body>
        <p align="center">Add your tool to the database:</p>
        <form action="?" method="post">
     <div>
         <p>Serial Number:</p>
       <label for="serialnumber"></label>
       <textarea id="serialnumber" name="serialnumber" rows="1" cols="40"></textarea>
     </div> 
     <div>
        <p>Description:</p>
       <label for="description"></label>
       <textarea id="description" name="description" rows="1" cols="40"></textarea>
     </div>
            <p>Checked out by:</p>
      <div >
    <select name="checkedoutby" id="checkedoutby">
        <option value="Frank Wiebenga">Frank Wiebenga</option>
        <option value="Tim Chance">Tim Chance</option>
        <option value="Todd Nelson">Todd Nelson</option>
    </select>
    </div>
    <div>
       <p>Email:</p>
       <label for="checkedoutby"></label>
       <textarea id="email" name="description" rows="1" cols="40"></textarea>
    </div>
     <div><input name="addtool"type="submit" value="Add"/></div>
   </form>  
    </body>
</html>

This is the jokes.html.php file

<!--
To change this template, choose Tools | Templates
and open the template in the editor.
-->
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
    <head>
        <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
        <title>List of Jokes</title>
    </head>
    <body>
  <form action="?addtool" method="post"
        <input type="submit" value="Add"/>
  </form>
        <p>Here are all the tools in the database:</p>
  
<?php foreach ($tools as $tools): ?>
    <table>
   <tr><td width="150">Serial Number: </td>
       <td width="150">Description:</td>
       <td width="150">Checked Out By:</td>
       <td width="150">Email:</td>
       <td width="150">Check Out Date:</tr>
       <tr><td><?php  echo htmlspecialchars($tools['serialnumber'], ENT_QUOTES,
           'UTF-8');?> <div>
            <label for="editserialnumber"></label>
            <textarea id="editserialnumber" name="editserialnumber" rows="1" cols="20"></textarea>
     </div></td>
           <td><?php echo htmlspecialchars($tools['description'], ENT_QUOTES, 'UTF-8');?>
             </td>
       <td><?php echo htmlspecialchars($tools['checkedoutby'], ENT_QUOTES, 'UTF-8'); ?> </td>
       <td><?php echo htmlspecialchars($tools['email'], ENT_QUOTES, 'UTF-8'); ?> </td>
       <td><?php echo htmlspecialchars($tools['checkoutdate'], ENT_QUOTES, 'UTF-8'); ?> </td>
       </table>
      <form action="?edittool" method="post"
       <input type="hidden" name="id" value="<?php
       echo $tools['id']; ?>"/>
       <input type="submit" value="Edit"/></form>
 <form action="?deletetool" method="post">
     <input type="hidden" name="id" value="<?php
       echo $tools['id']; ?>"/>
       <input type="submit" value="Delete"/>
 </form>
<?php endforeach; ?>

    </body>
</html>

I don't know if I'm going about it the right way. The goal is to be able to edit the description and other stuff right on the page. Also when I try to add more then one field it adds as a blank string.
An example of that would be:

//add tool button actions
if (isset($_POST['addtool']))
{
 $serialnumber = mysqli_real_escape_string($link, $_POST
         ['serialnumber' . 'description']);
 $sql = "insert into tools (serialnumber, description)
    Values('$serialnumber','$description')";

 if (!mysqli_query($link, $sql))
 {
   $error = 'Error adding submitted tool: ' . mysqli_error($link);
   include 'error.html.php';
   exit();
 }

 header('Location: .');
 exit();
}

And yes I realize with the code I've provided I wouldn't be able to connect to my server :-)

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.