Hi, i have 2 tabs in one form. After inserting records in tabs-1 for quarter 1 progress, user then updates records in tabs-2 for quarter 2 progress, which is of the same row in the progress table. However when i click submit button or update button, no records are being saved or updated. Below are the codes. Please advise. Thanks.
<!doctype html>
<html lang="en">
<head>
<link rel="stylesheet" type="text/css" href="style.css"/>
<style>
div.savestatus{ /* Style for the "Saving Form Contents" DIV that is shown at the top of the form */
width:200px;
padding:2px 5px;
border:1px solid gray;
background:#fff6e5;
-webkit-box-shadow: 0 0 8px #818181;
box-shadow: 0 0 8px #818181;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:5px;
color:red;
position:absolute;
top:-10px;
}
form#feedbackform div{ /*CSS used by demo form*/
margin-bottom:9px;
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
<script src="autosaveform.js">
/***********************************************
* Auto Save Form script (c) Dynamic Drive (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit http://www.dynamicdrive.com/ for this script and 100s more.
***********************************************/
</script>
<script>
var formsave1=new autosaveform({
formid: 'ipdprogress',
pause: 1000 //<--no comma following last option!
})
</script>
<meta charset="utf-8">
<title>Institutional Performance Data System Database</title>
<link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css">
<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
<link rel="stylesheet" href="/resources/demos/style.css">
<script>
$(function() {
$( "#tabs" ).tabs();
});
</script>
</head>
<body>
<div id="header" >
<h1><b>SECTION II: Progress</b></h1>
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
$_SESSION['Userid']; // it will print the userid value
$_SESSION['Username']; // it will print the userid value
$_SESSION['Email'];
$connection = mysql_connect("localhost","user","") or die("Database connection failed!<br>");
$result=mysql_select_db("p") or die("Database could not be selected!");
$Picid=0;
if (isset($_GET['Picid'])) {
$_SESSION['Picid']=$_GET['Picid'];
$Picid=$_SESSION['Picid'];
$query="Select Userid,Picid from general_ipd where Userid='".$_SESSION['Userid']."' and Picid= '".$Picid."'";
$result=mysql_query($query)or die(mysql_error());
if($row=mysql_fetch_array($result))
{
echo "<input type='hidden' name='hidden' value='".$row['Userid']."'><br>";
echo "<input type='hidden' name='hidden' value='".$Picid."'><br>";
}
}
?>
</div>
<div id="tabs">
<ul>
<li><a href="#tabs-1">Quarter 1</a></li>
<li><a href="#tabs-2">Quarter 2</a></li>
</ul>
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
$con = mysql_connect("localhost","user","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("p",$con);
if(isset($_POST['submit'])){
mysql_query("INSERT INTO progress (Quanprogress1, Qualprogress1,Picid) VALUES ('" . $_POST["Quanprogress1"] . "','" . $_POST["Qualprogress1"] . "','" . $Picid . "')");
$Progressid = mysql_insert_id();
$_SESSION['Progressid']=$Progressid;
if(!empty($Progressid)) {
$message = "New progress added successfully";
}
}
?>
<form id="ipdprogress" method="post" action="">
<div id="tabs-1">
<p><b>1.Target</b></p>
<Table>
<tr>
<td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
<td><input type="text" name="Quanprogress1" class="txtField" value="<?php echo $row['Quanprogress1']; ?>"></td>
<td><font size=2>a.ii.Qualitative Progress: </font></td>
<td><input type="text" name="Qualprogress1" class="txtField" value="<?php echo $row['Qualprogress1']; ?>"></td>
</tr>
</table>
<input type="hidden" name="Picid">
<input type="hidden" name="Progressid">
</div>
<div id="tabs-2">
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
$conn = mysql_connect("localhost","user","");
mysql_select_db("p",$conn);
if(isset($_POST['update'])){
mysql_query("UPDATE progress set Quanprogress2='" . $_POST["Quanprogress2"] . "', Qualprogress2='" . $_POST["Qualprogress2"] . "' WHERE Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$message = "Record Modified Successfully";
}
$result = mysql_query("SELECT * FROM progress WHERE Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$row= mysql_fetch_array($result);
?>
<p><b>1.Target</b></p>
<table>
<tr><td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
<input type="hidden" name="Picid">
<input type="hidden" name="Progressid" class="txtField" value="<?php echo $row['Progressid']; ?>">
<td><input type="text" name="Quanprogress2" class="txtField" value="<?php echo $row['Quanprogress2']; ?>"></td>
<td><font size=2>a.ii.Qualitative Progress:</font></td>
<td><input type="text" name="Qualprogress2" class="txtField" value="<?php echo $row['Qualprogress2']; ?>"></td>
</tr>
</table>
<input type="hidden" name="Picid" >
?>
</div>
</div>
</div>
</body>
<br>
<td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td>
<td colspan="2"><input type="submit" name="update" value="Update" class="btnSubmit"></td>
</form></html>
diafol
Urgh. Have you heard of indenting? That is nigh on impossible for me to read.
I did notice that your PHP and markup seem to comme from last century. mysql_* functions, font tags?? More html after the end body tag.
You're also wide open to SQL injection as you do not sanitize anything before stuffing it into your SQL statement.
Sophia_1 0 Junior Poster in Training
Hi, have indented the code below. But am not sure how to sanitize the code. Please kindly advise. Thanks.
<!doctype html>
<html lang="en">
<head>
<link rel="stylesheet" type="text/css" href="style.css"/>
<style>
div.savestatus{ /* Style for the "Saving Form Contents" DIV that is shown at the top of the form */
width:200px;
padding:2px 5px;
border:1px solid gray;
background:#fff6e5;
-webkit-box-shadow: 0 0 8px #818181;
box-shadow: 0 0 8px #818181;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:5px;
color:red;
position:absolute;
top:-10px;
}
form#feedbackform div{ /*CSS used by demo form*/
margin-bottom:9px;
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
<script src="autosaveform.js">
/***********************************************
* Auto Save Form script (c) Dynamic Drive (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit http://www.dynamicdrive.com/ for this script and 100s more.
***********************************************/
</script>
<script>
var formsave1=new autosaveform({
formid: 'ipdprogress',
pause: 1000 //<--no comma following last option!
})
</script>
<meta charset="utf-8">
<title>Institutional Performance Data System Database</title>
<link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css">
<script src="//code.jquery.com/jquery-1.10.2.js"></script>
<script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
<link rel="stylesheet" href="/resources/demos/style.css">
<script>
$(function() {
$( "#tabs" ).tabs();
});
</script>
</head>
<body>
<div id="header" >
<h1><b>SECTION II: Progress</b></h1>
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
$_SESSION['Userid']; // it will print the userid value
$_SESSION['Username']; // it will print the userid value
$_SESSION['Email'];
$connection = mysql_connect("localhost","user","") or die("Database connection failed!<br>");
$result=mysql_select_db("p") or die("Database could not be selected!");
$Picid=0;
if (isset($_GET['Picid'])) {
$_SESSION['Picid']=$_GET['Picid'];
$Picid=$_SESSION['Picid'];
$query="Select Userid,Picid from general_ipd where Userid='".$_SESSION['Userid']."' and Picid= '".$Picid."'";
$result=mysql_query($query)or die(mysql_error());
if($row=mysql_fetch_array($result)){
echo "<input type='hidden' name='hidden' value='".$row['Userid']."'><br>";
echo "<input type='hidden' name='hidden' value='".$Picid."'><br>";
}
}
?>
</div>
<div id="tabs">
<ul>
<li><a href="#tabs-1">Quarter 1</a></li>
<li><a href="#tabs-2">Quarter 2</a></li>
</ul>
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
$con = mysql_connect("localhost","user","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("p",$con);
if(isset($_POST['submit'])){
mysql_query("INSERT INTO progress (Quanprogress1, Qualprogress1,Picid) VALUES ('" . $_POST["Quanprogress1"] . "','" . $_POST["Qualprogress1"] . "','" . $Picid . "')");
$Progressid = mysql_insert_id();
$_SESSION['Progressid']=$Progressid;
if(!empty($Progressid)) {
$message = "New progress added successfully";
}
}
?>
<form id="ipdprogress" method="post" action="">
<div id="tabs-1">
<p><b>1.Target</b></p>
<Table>
<tr>
<td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
<td><input type="text" name="Quanprogress1" class="txtField" value="<?php echo $row['Quanprogress1']; ?>"></td>
<td><font size=2>a.ii.Qualitative Progress: </font></td>
<td><input type="text" name="Qualprogress1" class="txtField" value="<?php echo $row['Qualprogress1']; ?>"></td>
</tr>
</table>
<input type="hidden" name="Picid">
<input type="hidden" name="Progressid">
</div>
<div id="tabs-2">
<?php
session_start();
error_reporting(E_ALL ^ E_NOTICE);
$conn = mysql_connect("localhost","user","");
mysql_select_db("p",$conn);
if(isset($_POST['update'])){
mysql_query("UPDATE progress set Quanprogress2='" . $_POST["Quanprogress2"] . "', Qualprogress2='" . $_POST["Qualprogress2"] . "' WHERE Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$message = "Record Modified Successfully";
}
$result = mysql_query("SELECT * FROM progress WHERE Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$row= mysql_fetch_array($result);
?>
<p><b>1.Target</b></p>
<table>
<tr><td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
<input type="hidden" name="Picid">
<input type="hidden" name="Progressid" class="txtField" value="<?php echo $row['Progressid']; ?>">
<td><input type="text" name="Quanprogress2" class="txtField" value="<?php echo $row['Quanprogress2']; ?>"></td>
<td><font size=2>a.ii.Qualitative Progress:</font></td>
<td><input type="text" name="Qualprogress2" class="txtField" value="<?php echo $row['Qualprogress2']; ?>"></td>
</tr>
</table>
<input type="hidden" name="Picid" >
?>
</div>
</div>
</div>
</body>
<br>
<td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td>
<td colspan="2"><input type="submit" name="update" value="Update" class="btnSubmit"></td>
</form></html>
diafol
Go to the php manual and search sanitize. Or search sanitize MySQL php in Google. Easy
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.