urgent: am doing my first software development . my update function is not working.

Question

seemeamal 0 Newbie Poster

12 Years Ago

<?php //update has an error!
?>

<?php
include("lock.php");// contains session details
$connect=mysql_connect("localhost","root","");
mysql_select_db("login",$connect);


if(isset($_POST[""])){
	
	$dept_name=$_POST["dept_name"];
	$year=$_POST["year"];
	$current_sem=$_POST["current_sem"];
	$total_students=$_POST["total_students"];
	$regulation=$_POST["regulation"];
}

//------------------------------------------------------------------------------------------------------------------
if(isset($_POST["insert"])){
	if($_POST["insert"]=="yes"){
	
	$dept_name=$_POST["dept_name"];
	$year=$_POST["year"];
	$current_sem=$_POST["current_sem"];
	$total_students=$_POST["total_students"];
	$regulation=$_POST["regulation"];

$query="insert into classprofile(dept_name,year,current_sem,total_students,regulation) values('$dept_name','$year','$current_sem','$total_students','$regulation')";
if(mysql_query($query))
echo "<center>Record Inserted!</center><br>";
	}
	else{
		echo"not inserted, try again";
	}
}
//-------------------------------------------------------------------------------------------------------------------
if(isset($_POST["update"])){
	if($_POST["update"]=="yes"){
		
		$dept_name=$_POST["dept_name"];
	$year=$_POST["year"];
	$current_sem=$_POST["current_sem"];
	$total_students=$_POST["total_students"];
	$regulation=$_POST["regulation"];

$query="update classprofile set dept_name='$dept_name' ,year='$year',current_sem='$current_sem',total_students='$total_students','regulation='$regulation' where id=".$_POST['id'];
if(mysql_query($query))
echo "<center>Record Updated</center><br>";
	}else { echo"no yes"; }
} 
//---------------------------------------------------------------------------------------------------------------------
if(isset($_GET['operation'])){
if($_GET['operation']=="delete"){
$query="delete from classprofile where id=".$_GET['id'];	
if(mysql_query($query))
echo "<center>Record Deleted!</center><br>";
}
}
//---------------------------------------------------------------------------------------------------------------------
?>
<html>
<body>
<a href="logout.php">logout</a>
<form method="post" action="classcrud.php">
<table align="center" border="0">
<tr>
<td>Id:</td>
<td><input type="text" name="id" /></td>
</tr>
<tr>
<td>Department Name:</td>
<td><input type="text" name="dept_name" /></td>
</tr>
<tr>
<td>Year of Study:</td>
<td><input type="text" name="year" /></td>
</tr>
<tr>
<td>Current Sem:</td>
<td><input type="text" name="current_sem" /></td>
</tr>
<tr>
<td>Total Students:</td>
<td><input type="text" name="total_students" /></td>
</tr>
<tr>
<td>Regulation:</td>
<td><input type="text" name="regulation" /></td>
</tr>


<tr>
<td>&nbsp;</td>
<td align="right">
<input type="hidden" name="insert" value="yes" />
<input type="submit" value="Insert Record"/>
</td>
</tr>
</table>
</form>
<?php

if(isset($_GET['operation'])){
if($_GET['operation']=="edit"){
?>
<form method="post" action="classcrud.php">
<table align="center" border="0">

<tr>
<td>Id:</td>
<td><input type="text" name="id" value="<?php echo $_GET['id']; ?>" /></td>
</tr><tr>
<td>Department Name:</td>
<td><input type="text" name="dept_name" value="<?php echo $_GET['dept_name']; ?>" /></td>
</tr>
<tr>
<td>Year of Study:</td>
<td><input type="text" name="year" value="<?php echo $_GET['year']; ?>"/></td>
</tr>
<tr>
<tr>
<td>Current Sem:</td>
<td><input type="text" name="current_sem" value="<?php echo $_GET['current_sem']; ?>" /></td>
</tr>
<tr>
<td>Total Students:</td>
<td><input type="text" name="total_students" value="<?php echo $_GET['total_students']; ?>" /></td>
</tr>
<tr>
<td>Regulation:</td>
<td><input type="text" name="regulation" value="<?php echo $_GET['regulation']; ?>" /></td>
</tr>

<td>&nbsp;</td>
<td align="right">
<input type="hidden" name="id" value="<?php echo $_GET['id'] ?>" />
<input type="hidden" name="update" value="yes" />
<input type="submit" value="update Record"/>
</td>
</tr>
</table>
</form>
<?php
}}
?>

<?php
$query="select * from classprofile";
$result=mysql_query($query);
if(mysql_num_rows($result)>0){
	echo "<table align='center' border='1'>";
	echo "<tr>";
	echo "<th>Id</th>";
	echo "<th>Department Name</th>";
	echo "<th>Year of Study</th>";
	echo "<th>Current Sem</th>";
	echo "<th>Total Students</th>";
	echo "<th>Regulation</th>";
	echo "</tr>";
	while($row=mysql_fetch_array($result)){
	echo "<tr>";
	echo "<td>".$row['id']."</td>";
	echo "<td>".$row['dept_name']."</td>";
	echo "<td>".$row['year']."</td>";
	echo "<td>".$row['current_sem']."</td>";	
	echo "<td>".$row['total_students']."</td>";	
	echo "<td>".$row['regulation']."</td>";
	echo "<td><a href='classcrud.php?operation=edit&dept_name=".$row['dept_name'],"&id=".$row['id']."&year=".$row['year']."&current_sem=".$row['current_sem']."&total_students=".$row['total_students']."&regulation=".$row['regulation']."'>edit</a></td>";
	echo "<td><a href='classcrud.php?operation=delete&id=".$row['id']."&dept_name=".$row['dept_name']."'>delete</a></td>";	
	echo "</tr>";
	}
	echo "</table>";
}
else{
echo "<center>No Records Found!</center>";	
}

?>
</body>
</html>

php

3 Contributors
2 Replies
121 Views
6 Hours Discussion Span
Latest Post 12 Years Ago Latest Post by GliderPilot

broj1 356 Humble servant

12 Years Ago

You must be getting some error message somewhere. What does it say?

It is a good idea to check for existence of all $_POST array elements before using them since some of them might not exist which breaks your query. Something like:

if(isset($_POST["dept_name"])) {

    $dept_name=$_POST["dept_name"];

} else {

   echo 'You did not enter department name!';
}

// etc ...

Also you can echo your update query to see what it look like and copy it into phpmyadmin or mysql client to check wheter it works OK. Put this after line 47:

die($query);

My practice is that I first check for existence of all required POST (or GET...) values, clean them and asign them to variables before they can go into a query. otherwise you are begging for trouble (errors in queries, security holes etc).

// a flag to check wheter there were errors
$data_complete = true;

if(isset($_POST["dept_name"])) {

    $dept_name = mysql_real_escape_string(trim($_POST["dept_name"]));

} else {

    $data_complete = false;
}

if(isset($_POST["year"])) {

    $year = (int) $_POST["year"];

} else {

    $data_complete = false;
}

// etc...

// see http://php.net/manual/en/function.mysql-real-escape-string.php

// if submitted data was complete (no errors) run the query else display an error
if($data_complete) {

    // run the query

} else {

    // display error message
}

And also do not use GET method for deleting records. It is dangerous since it is visible in the URL and somebody can intentionally or unintentionally delete too many rows. POST is a bit safer.

Edited 12 Years Ago by broj1 because: n/a

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

GliderPilot 33 Posting Whiz · Answer 1 · 2012-03-09T02:59:33+00:00

I would suggest indenting your if statements. Your not opening and closing all your statements and it is going to cause the script to fail

Lines 30, 48, 56 your IF statements are missing opening {

Lines 36 and 51 are missing an extra } you have more opened IF statements than closed