Member Avatar for kevinyu

Hello guys, I need help about this, I have a PHP page, which searches for records, based on their first and last names, if sql finds the data then the second form comes out, which has lots of textboxes, to update the 'searched'information. And when I click the submit button of the second form , it does nothing, and even if I have syntax or whatever errors I have put on condition if(isset($_POST['submit'])), they end up being disregarded (no error messages will come up), after clicking the submit button, it just goes back to the page's original state. What exactly is the mistake on this part?

class.php

<?php

$months = array('January', 'February', 'March', 'April', 'May', 'June', 'July', 'August', 'September', 'October', 'November', 'December');

class EmployeeProfile
{


public function openConnection()
{
$conn = mysqli_connect("localhost", "root", "", "db_employee");

if(mysqli_connect_errno())
{
echo "Failed to connect to database server";
}


return $conn;

}

public function insert($query)
{

if(mysqli_query($this->openConnection(), $query) == 1)
{
echo "Profile successfully registered!";
}

else
{
echo "Register failed";
}

}

public function display($query)
{

$result = mysqli_query($this->openConnection(), $query);
echo "<br><br>";
if($result->num_rows == 1)
{
while($row = $result-> fetch_assoc())
{
echo "<table>";
echo"<tr><td><b>First Name</b>: ".$row["firstname"]."</td></tr>";
echo"<tr><td><b>Middle Name</b>: ".$row["middlename"]."</td></tr>";
echo"<tr><td><b>Last Name: </b>".$row["lastname"]."</td></tr>";
echo"<tr><td><b>Date of Birth: </b>".$row["dateofbirth"]."</td></tr>";
echo"<tr><td><b>Age: </b>".$row["age"]."</td></tr>";
echo"<tr><td><b>School: </b>".$row["school"]."</td></tr>";
echo"<tr><td><b>Highest Educational Attainment: </b>".$row["educ"]."</td></tr>";
echo"<tr><td><b>Year Last Attended: </b>".$row["yearattended"]."</td></tr>";
echo"<tr><td><b>Skills: </b>".$row["skills"]."</td></tr>";
echo"<tr><td><b>Previous Company: </b>".$row["prevcompany"]."</td></tr>";
echo"<tr><td><b>Position: </b>".$row["position"]."</td></tr>";
echo"<tr><td><b>Date of Employment:</b> ".$row["dateofemployment"]."</td></tr>";
echo"</table>";
}
}

else

{

echo "Profile not found";
}

}

public function edit($query)
{

$result = mysqli_query($this->openConnection(), $query);

}

}

?>

edit.php

<html>
<title> Edit Profile</title>
<body>

<form method="post" action="?" name="searchform">
<center>
<table>
<tr><td>Enter first or last name</td><td><input type = "text" name="search"><td><td><input type = "submit" value="Search" name="search2"></td></tr>
</form>
</table>

<?php
include("class.php");
if(isset($_POST['search2'])):

$status = "hidden";
$query = "select * from employee WHERE firstname='".$_POST['search']."' OR lastname='".$_POST['search']."' ";
$emp = new EmployeeProfile();
$emp->openConnection();

$result = mysqli_query($emp->openConnection(), $query);


if($result->num_rows == 1):




?>

<form method="post" action="?" enctype="multipart/form-data" name="updateform">
<table>
<tr></tr>
<tr><td></td><td>Edit your profile:</td></tr>
<tr></tr>
<tr><td>*Enter first name:</td><td><input type="text" name="firstname"></td></tr>
<tr><td>Enter middle name:</td><td><input type="text" name="middlename"></td></tr>
<tr><td>*Enter last name:</td><td><input type="text" name="lastname"></td></tr>
<tr>
<td>*Date of Birth:</td><td><select name="month"><?php for($i = 0; $i < count($months); $i++) { echo "<option value=".$months[$i]." >".$months[$i]."</option>" ; }?></select></td>
<td><select  name="days"><?php for($i = 1; $i <= 31; $i++) { echo "<option value"."=".$i.">".$i."</option>";  } ?> </select></td>
<td><select  name="year"><?php for($i = 1950; $i <= 2014; $i++) { echo "<option value"."=".$i.">".$i."</option>";  } ?> </select></td>
</tr>
<tr><td>*Age:</td><td><input type="text" name="age"></td></tr>
<tr><td>*School:</td><td><input type="text" name="school"></td></tr>
<tr><td>*Highest Educational Attainment:</td><td><input type="text" name="educ"></td></tr>
<tr><td>*Year Last Attended:</td><td><input type="text" name="yearattended"></td></tr>
<tr><td>*Skill(s):</td><td><input type="text" name="skills"></td></tr>
<tr><td>Previous Company:</td><td><input type="text" name="prevcompany"></td></tr>
<tr><td>Position:</td><td><input type="text" name="position"></td></tr>
<tr><td>*Date of Employment:</td><td><select name="empmonth"><?php for($i = 0; $i < count($months); $i++) { echo "<option value=".$months[$i]." >".$months[$i]."</option>" ; }?></select></td>
<td><select  name="empyear"><?php for($i = 1950; $i <= 2014; $i++) { echo "<option value"."=".$i.">".$i."</option>";  } ?> </select></td>
</tr>
<tr><td></td><td><input type="submit" value="Register" name="submit"></td></tr>
<tr><td>* - Required</td></tr>
</form>

<?php


if(isset($_POST['submit'])):
$firstname = $_POST['firstname'];
$middlename = $_POST['middlename'];
$lastname = $_POST['lastname'];
$dateofbirth = $_POST['month']. " ".$_POST['days']. ", ".$_POST['year'];
$age = $_POST['age'];
$school = $_POST['school'];
$educ = $_POST['educ'];
$yearattended = $_POST['yearattended'];
$skills = $_POST['skills'];
$prevcompany = $_POST['prevcompany'];
$position = $_POST['position'];
$dateofemployment = $_POST['empmonth']. " ".$_POST['empyear'];

$row = $result->fetch_assoc();
$usr = $row["firstname"];


$query2 = "UPDATE employee SET firstname='$firstname', middlename='$middlename', lastname='$lastname', dateofbirth='$dateofbirth', age='$age', school='$school',
educ='$educ', yearattended='$yearattended', skills='$skills', prevcompany='$prevcompany', position='$position', dateofemployment='$dateofemployment',
 WHERE firstname='$usr'";

 mysqli_query($emp->openConnection(), $query2);

endif;





else:
echo "Profile not found";
endif;
endif;


?>

</table>
</center>
</body>
</html>
  • 3 Contributors
  • 4 Replies
  • 235 Views
  • 1 Day Discussion Span
  • Latest Post Latest Post by ryantroop
Member Avatar for diafol

This is difficult to follow. Your php and html are all mashed up and you haven't indented your code or markup. Also you have unsanitized input variables, which you've placed directly into your SQL statement - leaving you exposed to SQL injections. You're using mysqli, so take advantage of prepared statements and bind parameters accordingly.
Sending form data to itself isn't always the best option as the form resubmits on page reload/refresh. Usually we send data to a separate file to be processed, the result of which then decides on where we redirect, usually using header("Location:...").

Also you've used... enctype="multipart/form-data", but I don't see a file field. Perhaps I missed it - as I said, your markup is difficult to follow.

Apart from that have a look at the current attitudes to using html tables for layouts and note that the <center> tag has been deprecated.

Sorry, that seems like harsh criticism, but if you sort some of those out, then your markup/code may be more legible.

Member Avatar for kevinyu

I'm not still familiar with HTML5, I just gotta get this working before changing anything else. I cannot edit my original(1st) post anymore.

the condition seems to be completely ignored

if(isset($_POST['submit'])):
$firstname = $_POST['firstname'];
$middlename = $_POST['middlename'];
$lastname = $_POST['lastname'];
$dateofbirth = $_POST['month']. " ".$_POST['days']. ", ".$_POST['year'];
$age = $_POST['age'];
$school = $_POST['school'];
$educ = $_POST['educ'];
$yearattended = $_POST['yearattended'];
$skills = $_POST['skills'];
$prevcompany = $_POST['prevcompany'];
$position = $_POST['position'];
$dateofemployment = $_POST['empmonth']. " ".$_POST['empyear'];
$row = $result->fetch_assoc();
$usr = $row["firstname"];
Edited by kevinyu because: added a few notes
Member Avatar for diafol

I cannot edit my original(1st) post anymore.

Ok. Just thought you'd have a better chance of getting some help.

Member Avatar for ryantroop

On line 61 of edit.php you are looking for $_POST["submit"], and I don't think that exists. Try changing it to $_POST["search2"] or just drop the name of the submit button...

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.