I'm just not seeing it...

**sntgsnwxd** · 07-05-2011, 09:56 PM

Hi guys, I'm pretty new at writing PHP scripts, so I hope this isn't a completely idiotic problem...

Basically, I'm working on the administrative end of a webstore catalog. I have it set up so that every existing catalog item is listed with links to either edit or delete that particular entry. I've got the delete function working properly, but I can't seem to figure out what I'm doing wrong with the edit page.

I've got it so that the product's ID number is passed on to the edit page via the URL, and then the ID is used to populate the existing values for each text input area.

Here is what I have so far:

editItem.php:

Code:

<?php
//DB connection		
	$username="******";
	$password="******";
	$database="Catalog";

	mysql_connect("mysql",$username,$password);
	@mysql_select_db($database) or die( "Unable to select database");

//Get Product ID number passed on from the URL	
$id=$_GET['id'];


$sql="SELECT * FROM item WHERE id='$id'";
$result=mysql_query("$sql");
$rows=mysql_fetch_array($result);
?>


<html>
	<head>
		<title>Edit Catalog Entry</title>
	</head>
	
<body>
<form name="form1" method="post" action="_edit.php">
	<table>
		<tr>
			<td>Product ID:</td>
			<td>
			<? echo $rows['id']; ?>
			</td>
		</tr>
		<tr>
			<td>Product Name:</td>
			<td>
			<input name="productName" type="text" id="productName" value="<? echo $rows['productName']; ?>">
			</td>
		</tr>
		<tr>
			<td>Product Description:</td>
			<td>
			<textarea name="productDescription" cols="40" rows="15"><?php echo $rows['productDescription']; ?></textarea>
			</td>
		</tr>
		<tr>
			<td>Image URL:</td>
			<td><input name="imgURL" type="text" id="imgURL" value="<? echo $rows['imgURL']; ?>"></td>
		</tr>
		<tr>
			<td>Price:</td>
			<td><input name="productCost" type="text" id="productCost" value="<? echo $rows['productCost']; ?>"></td>
		</tr>
		<tr>
			<td>Category:</td>
			<td><input name="productCategory" type="text" id="productCategory" value="<? echo $rows['productCategory']; ?>"></td>
		</tr>

		<tr>
			<td><input type="hidden" id="id" value="<?echo $rows['id']; ?>"></td>
			<td>
			<input type="submit" name="Submit" value="Submit">
			</td>
		</tr>
	</table>
</form>
</body>

<? //close connection 
mysql_close();
?>

</html>

_edit.php:

Code:

<?php
$id=$_GET['id'];

$username="******";
$password="******";
$database="Catalog";

$productName=$_POST['productName'];
$imgURL=$_POST['imgURL']; 
$productDescription=$_POST['productDescription']; 
$productCost=$_POST['productCost']; 
$productCategory=$_POST['productCategory'];

mysql_connect("mysql",$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$query = "UPDATE item SET productName='$productName', imgURL='$imgURL', productDescription='$productDescription', productCost='$productCost', productCategory='$productCategory' WHERE id='$id'";
if(mysql_query($query)){
	echo "Your information has been successfully added to the database.<BR>
		<a href=/update>GO BACK</a>";}	
else{
	echo "Failed. <br/> <a href=/update>GO BACK</a>";}
 ?>

As of now, the edit form opens just fine, the existing values show up just as they should, and when I press the submit button, I receive the Success message, but the values do not get updated in the database. Any suggestions?

**NoasIT** · 07-06-2011, 09:16 AM

In your form: <input type="hidden" id="id" value="<?echo $rows['id']; ?>">
In your processor: $id=$_GET['id'];

You are no longer passing $id via url query string, it is now in $_POST data with the rest of your form elements. change from get to post and give that a shot. Also this update page is very susseptible (sp?) to query injection.

Thread: I'm just not seeing it...

Thread Tools

Display

I'm just not seeing it...

Thread Information

Users Browsing this Thread

Bookmarks

Bookmarks

Posting Permissions