www.webdeveloper.com
Results 1 to 2 of 2

Thread: I'm just not seeing it...

  1. #1
    Join Date
    Jul 2011
    Posts
    1

    I'm just not seeing it...

    Hi guys, I'm pretty new at writing PHP scripts, so I hope this isn't a completely idiotic problem...

    Basically, I'm working on the administrative end of a webstore catalog. I have it set up so that every existing catalog item is listed with links to either edit or delete that particular entry. I've got the delete function working properly, but I can't seem to figure out what I'm doing wrong with the edit page.

    I've got it so that the product's ID number is passed on to the edit page via the URL, and then the ID is used to populate the existing values for each text input area.

    Here is what I have so far:


    editItem.php:
    Code:
    <?php
    //DB connection		
    	$username="******";
    	$password="******";
    	$database="Catalog";
    
    	mysql_connect("mysql",$username,$password);
    	@mysql_select_db($database) or die( "Unable to select database");
    
    //Get Product ID number passed on from the URL	
    $id=$_GET['id'];
    
    
    $sql="SELECT * FROM item WHERE id='$id'";
    $result=mysql_query("$sql");
    $rows=mysql_fetch_array($result);
    ?>
    
    
    <html>
    	<head>
    		<title>Edit Catalog Entry</title>
    	</head>
    	
    <body>
    <form name="form1" method="post" action="_edit.php">
    	<table>
    		<tr>
    			<td>Product ID:</td>
    			<td>
    			<? echo $rows['id']; ?>
    			</td>
    		</tr>
    		<tr>
    			<td>Product Name:</td>
    			<td>
    			<input name="productName" type="text" id="productName" value="<? echo $rows['productName']; ?>">
    			</td>
    		</tr>
    		<tr>
    			<td>Product Description:</td>
    			<td>
    			<textarea name="productDescription" cols="40" rows="15"><?php echo $rows['productDescription']; ?></textarea>
    			</td>
    		</tr>
    		<tr>
    			<td>Image URL:</td>
    			<td><input name="imgURL" type="text" id="imgURL" value="<? echo $rows['imgURL']; ?>"></td>
    		</tr>
    		<tr>
    			<td>Price:</td>
    			<td><input name="productCost" type="text" id="productCost" value="<? echo $rows['productCost']; ?>"></td>
    		</tr>
    		<tr>
    			<td>Category:</td>
    			<td><input name="productCategory" type="text" id="productCategory" value="<? echo $rows['productCategory']; ?>"></td>
    		</tr>
    
    		<tr>
    			<td><input type="hidden" id="id" value="<?echo $rows['id']; ?>"></td>
    			<td>
    			<input type="submit" name="Submit" value="Submit">
    			</td>
    		</tr>
    	</table>
    </form>
    </body>
    
    <? //close connection 
    mysql_close();
    ?>
    
    </html>

    _edit.php:
    Code:
    <?php
    $id=$_GET['id'];
    
    $username="******";
    $password="******";
    $database="Catalog";
    
    $productName=$_POST['productName'];
    $imgURL=$_POST['imgURL']; 
    $productDescription=$_POST['productDescription']; 
    $productCost=$_POST['productCost']; 
    $productCategory=$_POST['productCategory'];
    
    mysql_connect("mysql",$username,$password);
    @mysql_select_db($database) or die( "Unable to select database");
    
    $query = "UPDATE item SET productName='$productName', imgURL='$imgURL', productDescription='$productDescription', productCost='$productCost', productCategory='$productCategory' WHERE id='$id'";
    if(mysql_query($query)){
    	echo "Your information has been successfully added to the database.<BR>
    		<a href=/update>GO BACK</a>";}	
    else{
    	echo "Failed. <br/> <a href=/update>GO BACK</a>";}
     ?>

    As of now, the edit form opens just fine, the existing values show up just as they should, and when I press the submit button, I receive the Success message, but the values do not get updated in the database. Any suggestions?

  2. #2
    Join Date
    Aug 2010
    Location
    Ohio
    Posts
    136
    In your form: <input type="hidden" id="id" value="<?echo $rows['id']; ?>">
    In your processor: $id=$_GET['id'];

    You are no longer passing $id via url query string, it is now in $_POST data with the rest of your form elements. change from get to post and give that a shot. Also this update page is very susseptible (sp?) to query injection.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles