Member Avatar for garwil

hI all.

I have a similar problem to another thread in this forum which did help somewhat but in my case all my records are updating and I cannot get it fixed despite searching around the web... I have searched and tried different things but am not getting anywhere. Maybe someone here can help me out...

I have a page with records. There is an option for a user to edit each row individualy when they click "Edit". The 'record_id' is passed in a url to an 'editrates.php' page. Once I have clicked 'SUBMIT' there is a function "opener.location.reload(true)" which refreshes the parent page but all my records are updated...!

I only want to allow certain columns to be updated and have the necessary form fields in place (only those that I allow to be edited) and they are populated with the data that is already in the database. I have checked in a few locations on my 'editrates.php' page (by way of an echo) to check that the 'record_id' is correct and not being lost along the way. Idid this due to the fact that my UPDATE QUERY was originally not updating anything at all. That part is solved but I am now sitting in a spot where when I run the UPDATE query, all my records are updated.. I have checked the web and found that there is referenece to the WHERE clause being a sources of this type of problem so I have focused on that which brought me here.

My code is as follows and I am really hoping someone can help me here as now three solid days trying to learn php and fix this code at the same time...

<?php
    include '../dbfunctions.php';
     
    session_start();
     
    $link = dbConnect();
     
    checkVenueLogin();
     
    if( isset($_GET['id']) )
    $edit_id = $_GET['id'];
    else $edit_id = "";
    echo $edit_id;
    if( isset($_POST['Submit']) ) {
     
    $query = "UPDATE rates SET `datefrom` = '".$_POST['datefrom']."', `dateto` = '".$_POST['dateto']."', `ratename` = '".$_POST['ratename']."', `single` = '".$_POST['single']."', `double` = '".$_POST['double']."', `child` = '".$_POST['child']."', `infant` = '".$_POST['infant']."', `base` = '".$_POST['base']."' where '".$rateid."' = '".$edit_id."'";
    $result = mysql_query($query) or die ("ERROR: " . MYSQL_ERROR() );
    }
     
    $rates = "SELECT * FROM rates WHERE id = '".$edit_id."' limit 1";
    $rate = mysql_query($rates) or die (mysql_error());
    $rate = mysql_fetch_array($rate);
    echo ("id: " . $rate[0] . " ");
     
    //$rate = mysql_fetch_array($rates, MYSQL_ASSOC);
    //$rateid = $rate['id'];
     
    $venues = dbGetRows("venues", "id = '".$_SESSION['venueid']."'");
    $venue = mysql_fetch_array($venues, MYSQL_ASSOC);
     
     
     
     
    ?>
     
    <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
    <html>
    <head>
    <title>Modify Rate NO. <?PHP echo $rateid; ?></title>
    <link href="../bb.css" rel="stylesheet" type="text/css">
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
    <script language="JavaScript" src="../calendar/calendar.js"></script>
    <script language="JavaScript" src="../calendar/wcalendar.js"></script>
    <script language="JavaScript" src="../calendar/calendar-en.js"></script>
    </head>
     
    <body bgcolor="#FFF4DC"
    <?php if(isset($_POST['Submit']) && $result) echo "onLoad=\"window.close(); opener.location.reload(true);\""; ?>>
     
     
    <table width="100%" border="0" cellspacing="0" cellpadding="0" align="center">
    <tr>
    <td width="32"><img src="images/admin_03.gif"></td>
    <td width="0*" bgcolor="#FFFFFF" background="images/admin_04.gif" style="background-repeat: repeat-x;">&nbsp;</td>
    <td width="35"><img src="images/admin_07.gif" width="32" height="33"></td>
    </tr>
    <tr>
    <td bgcolor="#FFFFFF" background="images/admin_15.gif" style="background-repeat: repeat-y;"></td>
    <td bgcolor="#FFFFFF"><table width="100%" border="0" cellspacing="0" cellpadding="0" style="margin-left: 10px; margin-right: 10px;">
    <tr>
    <td>
    <font size="3"><b><?php echo $venue['venuename']; ?> - MODIFY RATE</b></font><br>
    <br>
     
    <form name="form1" method="post" action="editrates.php">
    <table width="449" border="0" cellspacing="0" cellpadding="2">
    <tr>
     
    <td width="104"><b>Rate Name</b></td>
    <td width="235" valign="top"><input type="text" name="ratename" value="<?php echo $rate['ratename']; ?>">
    <input type="text" name="id" value="<?php echo $rate[0]; ?>"> </td>
    </tr>
    <tr>
    <td valign="top">&nbsp;</td>
    <td valign="top">&nbsp;</td>
    </tr>
    <tr>
    <td><strong>From Date</strong></td>
    <td><input type="text" name="datefrom" id="datefrom" size="10" readonly="true" value="<?php echo $rate['datefrom']; ?>">
    &nbsp;<img src="images/calendar01.gif" class="mxw_cld" onClick="return showCalendar('datefrom', 'yyyy-mm-dd', 'false');" style="cursor:pointer;"></td>
    </tr>
    <tr>
    <td><strong>To Date</strong></td>
    <td><input type="text" name="dateto" id="dateto" size="10" readonly="true" value="<?php echo $rate['dateto']; ?>">
    &nbsp; <img src="images/calendar01.gif" class="mxw_cld" onClick="return showCalendar('dateto', 'yyyy-mm-dd', 'false');" style="cursor:pointer;"></td>
    </tr>
    <tr>
    <td>&nbsp;</td>
    <td>&nbsp;</td>
    </tr>
    <tr>
    <td><b> Adults - Single</b></td>
    <td><label>
    <input type="text" name="single" value="<?php echo $rate['single']; ?>">
    </label></td>
    </tr>
    <tr>
    <td><strong>Adults - Double</strong></td>
    <td><label>
    <input type="text" name="double" value="<?php echo $rate['double']; ?>">
    </label></td>
    </tr>
    <tr>
    <td><strong>Child</strong></td>
    <td><label>
    <input type="text" name="child" value="<?php echo $rate['child']; ?>">
    </label></td>
    </tr>
    <tr>
    <td><b>Infant</b></td>
    <td><label>
    <input type="text" name="infant" value="<?php echo $rate['infant']; ?>">
    </label></td>
    </tr>
     
    <td><strong>Base Rate</strong></td>
    <td><label></label>
    <label>
    <input type="text" name="base" value="<?php echo $rate['base']; ?>">
    </label></td>
    </tr>
    <tr>
    <td colspan="2"><input type="Submit" name="Submit" id="button" value="Submit">
    .
    <input type="button" name="Cancel" value="Close Window" onClick="window.close();"></td>
    </tr>
    </table>
    </form>
    </table></td>
    <td bgcolor="#FFFFFF" align="right" background="images/admin_14.gif" style="background-position: right; background-repeat: repeat-y;"></td>
    </tr>
    <tr>
    <td><img src="images/admin_21.gif" width="32" height="33"></td>
    <td bgcolor="#FFFFFF" background="images/admin_23.gif" style="background-position: bottom; background-repeat: repeat-x;"></td>
    <td><img src="images/admin_20.gif" width="32" height="33"></td>
    </tr>
    </table>
     
    </body>
    </html>
  • 3 Contributors
  • 5 Replies
  • 158 Views
  • 7 Hours Discussion Span
  • Latest Post Latest Post by almostbob
Member Avatar for svilla

I am not sure what is in the variable $rateid that you are using in your Query variable, but I think you are constructing the SQL UPDATE command. it looks like the variable $rateid holds the current rate variable and so does $edit_id.

So, for example if the rate ID was 1 your where clause would be " WHERE 1=1" and since that is always true, all of your records are being updated.

The WHERE clause you have:
... where '".$rateid."' = '".$edit_id."'";

should probably be:
... where rateid = " . $edit_id ."'";

You can easily check this out by echoing your $query variable.

Edited by svilla because: n/a
Member Avatar for garwil

Hi svilla and thanks so much for the reply.

You are correct in saying the two variabls are holding the same values. Being a bit new to php I have to do things by trial and error and that was the closest I got to getting any repsonse from the query.

I did as you suggested and put 'rateid' in the "WHERE rateid = "and the MysQl error returned an "unknown Column rateid". I tried this before and then realised the column holding the record id was simply that,it is called id, so I changed 'rateid' to 'id' and implemented a var_dump and the return was NULL. This surprised me becasue if I 'echo id' then the correct record is echoed...I am truly stumped :)

Member Avatar for garwil

sorry...was a typo in my var-dump... it is now returning this below which appears to me that the id values are not being captured or are being lost somehwere

"UPDATE rates SET `datefrom` = '2011-06-15', `dateto` = '2011-06-16', `ratename` = 'gee', `single` = '96', `double` = '444', `child` = '333', `infant` = '222', `base` = '111' where '' = ''" id:
Member Avatar for svilla

I was assuming that the rateid was the name of the field in your rates table. Just substitute the field (column) name that holds the rate id in you rates table. The field names are Case sensitive.

Member Avatar for almostbob

error, mixture of get and post

$_get is blank when the form is posted, so the querey expands to

$query = "UPDATE rates SET `datefrom` = '".$_POST['datefrom']."', `dateto` = '".$_POST['dateto']."', `ratename` = '".$_POST['ratename']."', `single` = '".$_POST['single']."', `double` = '".$_POST['double']."', `child` = '".$_POST['child']."', `infant` = '".$_POST['infant']."', `base` = '".$_POST['base']."' 
where 'nonexistent name' = 'nul'

where nonexistent = nul updates every record

as svilla wrote, correct that line,
and correct the script so that post variables are used when the form is posted
if you both post and get this file, use $_REQUEST[] for the variabless that have to be readable under both submission types

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.