Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0

    Using forms to display and update data in a database


    Hi,

    I'm very new to PHP and MySql. I'm trying to create a form to display and edit values in a database.

    displayform.html
    Code:
    <html>
    <form method="post" name="display" action="display.php" >
    Enter the name you like to display the data from MySQL:<br>
    <input type="text" name="user" />
    <input type="submit" name="Submit" value="display" />
    </form>
    </html>
    display.php
    PHP Code:
    <html>
    <?php
    mysql_connect
    ("localhost""root""") or die("Connection Failed");
    mysql_select_db("testforms")or die("Connection Failed");
    $user $_POST['user'];
    $query "select * from phpsuperblog where name = '$user'";
    $result mysql_query($query);
    while (
    $line mysql_fetch_array($resultMYSQL_ASSOC)) {
    echo 
    $line['name'];
    echo 
    $line['age'];
    echo 
    "<br>\n";
    }
    ?>
    <form method="post" name="update" action="update.php">
    <input type="text" name="user" value="<?php print $line['name']; ?>" />
    <input type="text" name="userAge" value="<?php print $line['age']; ?>" />
    <input type="submit" name="Submit" value="update" />
    </form>
    </html>
    update.php
    PHP Code:
    <?php
    mysql_connect
    ("localhost""root""") or die("Connection Failed");
    mysql_select_db("testforms")or die("Connection Failed");
    $user $_POST['user'];
    $age $_POST['userAge'];
    $query "UPDATE phpsuperblog SET age = '$age' WHERE name = '$user'";
    if(
    mysql_query($query)){
    echo 
    "updated";}
    else{
    echo 
    "fail";}
    ?>
    My problems:
    #1 display.php does not show the data in the form fields (eventhough it shows fine in the echo statement above)

    #2 in the update.php if I enter a name that is not in the database, the record wont get updated.. but since it passes the last if statement it shows 'updated'.. how do I rectify this?

    Please help.. thanks in advance..
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,011
    Rep Power
    534
    #1 Check your HTML source. Does it show then name in the value?

    #2 Your code is very insecure and subject to SQL injection. To fix, you need to escape your inputs. Also, your version of PHP SQL functions are depreciated. Recommend changing to PHP's PDO. If you stay with what you have, give http://php.net/manual/en/function.my...ected-rows.php a try. Also, consider SQL solutions such as INSERT... ON DUPLICATE... This will first try to insert a new record, and if it already exists, update that one.
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    when I check the source of display.php , there isnt anything in the value field. But in the code I have included
    PHP Code:
    value="<?php print $line['name']; ?>
    . Why it isnt working?

    And I understand that my code is insecure :-/
    I've used E Oreo's code to design the login system. I tried playing with it to include additional fields. But it doesn't seem to work. Would help a lot if you can point me in the right direction
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,011
    Rep Power
    534
    Do you have errors turned on?

    Try getting rid of your while loop.
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    119
    Rep Power
    33
    1. Change 'print' to 'echo' in your form field values

    2. Change your query to

    PHP Code:
    mysql_query("UPDATE phpsuperblog SET age = '$age' WHERE name = '$user')"
    if(
    mysql_affected_rows 0){ 
    echo 
    "updated";} 
    else{ 
    echo 
    "fail";} 
    As mysql functions are now deprecated I would recommend looking into updating your code to using mysqli or PDO before you go much further
  10. #6
  11. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    changed print to echo. Forms still wont display the value

    and changed the query as you told. Got the following error.
    ( ! ) Parse error: syntax error, unexpected ';' in F:\wamp\www\test forms\phpsuperblog\update.php on line 6

    tried removing the semicolon in line 6.. led to further errors..

    and yeah I started reading about PDO just now.. on webdevrefinery.com.. please do suggest if you know about any other reliable site that offers tutorials for beginners.. thanks
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,011
    Rep Power
    534
    Right before when you output your form, add something like echo(print_r($line,1)); Do you have any values? If not, why? Go back into your while loop and check it out.

    As far as your update query, change $user')"; to $user'"); Note this has nothing to do with your display problems.

    As far as PDO, just start off really easy using prepared statements for everything. I typically don't do any of the binding thing, but just either use ? or :myVar in my query, and then add the data array to the execute method.
  14. #8
  15. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    Originally Posted by NotionCommotion
    Right before when you output your form, add something like echo(print_r($line,1)); Do you have any values? If not, why? Go back into your while loop and check it out.

    As far as your update query, change $user')"; to $user'"); Note this has nothing to do with your display problems.

    As far as PDO, just start off really easy using prepared statements for everything. I typically don't do any of the binding thing, but just either use ? or :myVar in my query, and then add the data array to the execute method.
    echo(print_r($line,1)); didnt add anything. I dont get it. There's just a single record in my table as of now.) The echo statements in the while loop works fine.

    changed to $user'" .. new error
    ( ! ) Notice: Use of undefined constant mysql_affected_rows - assumed 'mysql_affected_rows' in F:\wamp\www\test forms\phpsuperblog\update.php on line 7
    and the if statement evaluates to fail
    but still the record gets updated

    and thanks for the info on PDO
  16. #9
  17. No Profile Picture
    Lost in code
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 2004
    Posts
    8,317
    Rep Power
    7170
    mysql_affected_rows is a function, but you forgot the () needed to call it (actually simplypixie forgot it in the previous post).
    Last edited by E-Oreo; January 27th, 2013 at 02:16 PM.
    PHP FAQ

    Originally Posted by Spad
    Ah USB, the only rectangular connector where you have to make 3 attempts before you get it the right way around
  18. #10
  19. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Aug 2012
    Posts
    119
    Rep Power
    33
    Sorry about the missing () - whoops

    I think I can now see your issue with regard to the echo of values in your form - you are not assigning the results in your while loop to variables, try this instead

    PHP Code:
    while ($line = mysql_fetch_array($result)) { 
    $name = $line['name']; 
    $age =  $line['age']; 


    ?> 
    <form method="post" name="update" action="update.php"> 
    <input type="text" name="user" value="<?php echo $name?>" /> 
    <input type="text" name="userAge" value="<?php echo $age?>" /> 
    <input type="submit" name="Submit" value="update" /> 
    </form> 
    </html>
    Then to correct my code regarding the mysql_affected_rows, try

    PHP Code:
    mysql_query("UPDATE phpsuperblog SET age = '$age' WHERE name = '$user')";  
    if(
    mysql_affected_rows() > 0){  
    echo 
    "updated";}  
    else{  
    echo 
    "fail";} 
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    thanks a lot everyone.. the form works now..


    Originally Posted by simplypixie
    PHP Code:
    mysql_query("UPDATE phpsuperblog SET age = '$age' WHERE name = '$user')"
    close parenthesis comes after the double quotes right? Works that way
  22. #12
  23. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    following e oreo's login code

    edit_profile.php
    PHP Code:
    <?php 
        
    session_start
    ();
        require(
    "common.php");
        
        if(!empty(
    $_POST)) 
        {
        
             
            
    $query 
                UPDATE users 
                SET 
                    firstname = :firstname 
                    , lastname = :lastname 
                    , age = :age
                    , address = :address
                    , phonenumber = :phonenumber
                WHERE 
                    id = :user_id 
            "

            
            
    $query_params = array( 
                
    ':firstname' => $_POST['firstname'], 
                
    ':lastname' => $_POST['lastname'],
                
    ':age' => $_POST['age'],
                
    ':address' => $_POST['address'],
                
    ':phonenumber' => $_POST['phonenumber'],
                
    ':user_id' => $_SESSION['user']['id'], 
            ); 
             
            try 
            { 
                
    $stmt $db->prepare($query); 
                
    $result $stmt->execute($query_params); 
            } 
            catch(
    PDOException $ex
            { 
                die(
    "Failed to run query: " $ex->getMessage()); 
            } 
            
            
            
    header("Location: private.php"); 
             
            die(
    "Redirecting to private.php"); 
        } 
         
        
    ?>
    the html part of it
    PHP Code:

    <form action="edit_profile.php" method="post"> 
                        <h3>Username:</h3> 
                        <p><b><?php echo htmlentities($_SESSION['user']['username'], ENT_QUOTES'UTF-8'); ?></b></p>
                        <h3>First Name:</h3>
                        <input type="text" name="firstname" value="<?php echo htmlentities($_SESSION['user']['firstname'], ENT_QUOTES'UTF-8'); ?>" /> 
                        <br /><br /> 
                        <h3>Last Name:</h3>
                        <input type="text" name="lastname" value="<?php echo htmlentities($_SESSION['user']['lastname'], ENT_QUOTES'UTF-8'); ?>" /> 
                        <br /><br /> 
                        <h3>Age</h3>
                        <input type="password" name="age" value="<?php echo htmlentities($_SESSION['user']['age'], ENT_QUOTES'UTF-8'); ?>" /> 
                        <br /><br />
                        <h3>Address:</h3>
                        <input type="text" name="address" value="<?php echo htmlentities($_SESSION['user']['address'], ENT_QUOTES'UTF-8'); ?>" /> 
                        <br /><br />
                        <h3>Phone Number:</h3>
                        <input type="text" name="phonenumber" value="<?php echo htmlentities($_SESSION['user']['phonenumber'], ENT_QUOTES'UTF-8'); ?>" /> 
                        <br /><br />
                        
                        <input type="submit" value="Update Profile" style="margin:0px 0px 0px 45px; padding :7px 20px 7px 20px"/> 
                        <br><br><br>
                    </form>
    I have merely modified the code of edit_account.php

    But sadly it won't work. Without session_start() I get 'undefined index' for all my fields ('firstname','lastname' etc)

    With session_start(); I get an error saying " a session has already been started'

    Please help..thanks
  24. #13
  25. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    what does the 'user' stand for in $SESSION['user]? Is it predefined?

    Also I'm using the same table ('users') that contains id, username and password to create my additional fields.. Is it alright to do so?
  26. #14
  27. No Profile Picture
    Contributing User
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Sep 2006
    Posts
    2,011
    Rep Power
    534
    With session_start(); I get an error saying " a session has already been started'
    Then you are already starting one. Find out where.

    what does the 'user' stand for in $SESSION['user]? Is it predefined?
    No. Somewhere you are including $_SESSION['user']=whatever

    Also I'm using the same table ('users') that contains id, username and password to create my additional fields.. Is it alright to do so?
    Shouldn't store password in your session.
  28. #15
  29. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2013
    Posts
    9
    Rep Power
    0
    yeah session_start(); is already in common.php.. so yeah.. I have removed it from edit_profile.php

    $_SESSIO['user'] is neither defined in edit_profile.php nor in common.php. It is only defined in login.php.. how does it get transferred to edit_account but not to edit_profile? :-/

    and no.. the password is not stored as such.. It has been hashed..
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo