0
<?php
include_once 'resources/init.php';
if (isset ($_GET[id])) {
    $q = "SELECT * FROM Client WHERE id = {$_GET[id]}";
    $result = mysql_query($q);
    $client = mysql_fetch_array($result);
    }
?>
    <a href="index.php">Back To List</a>
  
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
First Name: <input type="text" name="firstname" value="<?php echo $client['firstname']; ?>" />
Last Name: <input type="text" name="lastname" value="<?php echo $client['lastname']; ?>" />
<br>
<br>
Email: <input type="text" name="email" value="<?php echo $client['email']; ?>" />
<br>
<br>
Invoice #:<input type="text" name="invoice" maxlength="5" size="5" value="<?php echo $client['invoice']; ?>" />
<br>
<br>
<br>
<br>
Windows Key:<input type="text" name="wink" maxlength="24" size="24" value="<?php echo $client['wink']; ?>" />
Windows Type:<input type="text" name="wint" maxlength="24" size="24" value="<?php echo $client['wint']; ?>" />
<br>
<br>
<br>
<br>
VIPRE Type:<input type="text" name="vtype" maxlength="3" size="3" value="<?php echo $client['vtype']; ?>" />
User Count:<input type="text" name="usera" maxlength="3" size="3" value="<?php echo $client['usera']; ?>" />
Year Count:<input type="text" name="yeara" maxlength="3" size="3" value="<?php echo $client['yeara']; ?>" />
<br>
<br>
Start Date:<input type="text" name="sdate" maxlength="10" size="10" value="<?php echo $client['sdate']; ?>" />
Expire Date:<input type="text" name="edate" maxlength="10" size="10" value="<?php echo $client['edate']; ?>" />
<br>
<br>
VIPRE Key: <input type="text" name="viprek" maxlength="24" size="24" value="<?php echo $client['viprek']; ?>" />
<br>
<br>
<br>
<input type="submit" name="submit" Value="Modify" />
</form>
    
    <?php
if (isset($_POST["submit"])) {
        $u = "UPDATE Client SET `firstname`='$_POST[firstname]', `lastname`='$_POST[lastname]', `email`='$_POST[email]', `invoice`='$_POST[invoice]', `wink`='$_POST[wink]', `wint`='$_POST[wint]', `vtype`='$_POST[vtype]', `usera`='$_POST[usera]', `yeara`='$_POST[yeara]', `sdate`='$_POST[sdate]', `edate`='$_POST[edate]', `viprek`='$_POST[viprek]' WHERE id = $_POST[id]";
        
        mysql_query($u) or die (mysql_error());
        
            header("Location: index.php");
    }
    ?>
0

Echo the $u on line 49, perhaps one of your values messed it up. The query looks fine to me (apart from using the $_POST directly). If one of your values contains a single quote, the query will fail.

Edited by pritaeas: n/a

0

UPDATE Client SET `firstname`='2', `lastname`='1', `email`='1', `invoice`='1', `wink`='1', `wint`='1', `vtype`='1', `usera`='1', `yeara`='1', `sdate`='1', `edate`='1', `viprek`='1' WHERE id = You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

this is what it spits out everything looks fine.

0

Does it help to put the WHERE value in quotes: ... WHERE id='value' versus ... WHERE id = value?

0

Looks like POST[id] should be GET[id] (as on line 4).

<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">

I assume OP is using GET the first time only to fetch the data, then uses POST to update.

0

Still having issue. After suggested changes.
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

<?php
include_once 'resources/init.php';
if (isset ($_GET[id])) {
    $q = "SELECT * FROM Client WHERE id = {$_GET[id]}";
    $result = mysql_query($q);
    $client = mysql_fetch_array($result);
    }
?>
    <a href="index.php">Back To List</a>
  
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
First Name: <input type="text" name="firstname" value="<?php echo $client['firstname']; ?>" />
Last Name: <input type="text" name="lastname" value="<?php echo $client['lastname']; ?>" />
<br>
<br>
Email: <input type="text" name="email" value="<?php echo $client['email']; ?>" />
<br>
<br>
Invoice #:<input type="text" name="invoice" maxlength="5" size="5" value="<?php echo $client['invoice']; ?>" />
<br>
<br>
<br>
<br>
Windows Key:<input type="text" name="wink" maxlength="24" size="24" value="<?php echo $client['wink']; ?>" />
Windows Type:<input type="text" name="wint" maxlength="24" size="24" value="<?php echo $client['wint']; ?>" />
<br>
<br>
<br>
<br>
VIPRE Type:<input type="text" name="vtype" maxlength="3" size="3" value="<?php echo $client['vtype']; ?>" />
User Count:<input type="text" name="usera" maxlength="3" size="3" value="<?php echo $client['usera']; ?>" />
Year Count:<input type="text" name="yeara" maxlength="3" size="3" value="<?php echo $client['yeara']; ?>" />
<br>
<br>
Start Date:<input type="text" name="sdate" maxlength="10" size="10" value="<?php echo $client['sdate']; ?>" />
Expire Date:<input type="text" name="edate" maxlength="10" size="10" value="<?php echo $client['edate']; ?>" />
<br>
<br>
VIPRE Key: <input type="text" name="viprek" maxlength="24" size="24" value="<?php echo $client['viprek']; ?>" />
<br>
<br>
<br>
<input type="submit" name="submit" Value="Modify" />
</form>
    
    <?php
if (isset($_POST["submit"])) {
        $mdata = "UPDATE Client SET `firstname`='$_POST[firstname]', `lastname`='$_POST[lastname]', `email`='$_POST[email]', `invoice`='$_POST[invoice]', `wink`='$_POST[wink]', `wint`='$_POST[wint]', `vtype`='$_POST[vtype]', `usera`='$_POST[usera]', `yeara`='$_POST[yeara]', `sdate`='$_POST[sdate]', `edate`='$_POST[edate]', `viprek`='$_POST[viprek]' WHERE id = $_GET[id]";
        
        mysql_query($mdata) or die (mysql_error());
        
            header("Location: index.php");
    }
    ?>
0

Try changing line 48 to

$mdata = "
UPDATE Client
   SET `firstname`='$_POST[firstname]',
       `lastname`='$_POST[lastname]',
       `email`='$_POST[email]',
       `invoice`='$_POST[invoice]',
       `wink`='$_POST[wink]',
       `wint`='$_POST[wint]',
       `vtype`='$_POST[vtype]',
       `usera`='$_POST[usera]',
       `yeara`='$_POST[yeara]',
       `sdate`='$_POST[sdate]',
       `edate`='$_POST[edate]',
       `viprek`='$_POST[viprek]'
    WHERE id = '$_GET[id]'";

splitting it into separate lines (so that mysql will be a little more explicit as to where the error is) and adding the quotes around the WHERE value.

The WHERE value must use _POST because the FORM method is POST.

Change line 49 to echo "<pre style='color:red'>$mdata</pre>\n"; so you can see the *exact* SQL statement your program generated.

I believe that 'header' statement is invalid there because you've already emitted HTML.

0

You need to brace out your POST and GET variables like so:

`sdate`='{$_POST[sdate]}',
...
 WHERE id = '{$_GET[id]'}";

But as has been mentioned to you numerous times, you SHOULDN'T use raw input in an SQL statement.

0

Well this is my index page. Did I mess something up here?

<html>
    <head>
    <title>Vipre Database</title>
    <script src="sorttable.js"></script>
</head>
<body>
<a href="addclient.php">Add Client</a>
<?php

include_once 'resources/init.php';

$query="SELECT * FROM Client";
$result=mysql_query($query);

mysql_close();
?>

<?php
//Table starting tag and header cells
echo "<table class='sortable' border='1' cellspacing='5' cellpadding='5'><tr><th>First Name</th><th>Last Name</th><th>Email</th><th>Invoice #</th><th>Windows Key</th><th>Windows Type</th><th>VIPRE Type</th><th>User Count</th><th>Year Count</th><th>Start Date</th><th>Expire Date</th><th>Vipre Key</th><th>Edit Client</th><th>Delete Client</th></tr>";
    while($row = mysql_fetch_array($result)){
        //Display the results in differnt Cells
        echo "<tr><td>" . $row['firstname'] . "</th>
            <td>" . $row['lastname'] . "</td>
            <td>" . $row['email'] . "</td>
            <td>" . $row['invoice'] . "</td>
            <td>" . $row['wink'] . "</td>
            <td>" . $row['wint'] . "</td>
            <td>" . $row['vtype'] . "</td>
            <td>" . $row['usera'] . "</td>
            <td>" . $row['yeara'] . "</td>
            <td>" . $row['sdate'] . "</td>
            <td>" . $row['edate'] . "</td>
            <td>" . $row['viprek'] . "</td>
                                           
            <td><a href=\"modify.php?id=" . $row['id'] . "\">Edit</a>" . "</td>
            <td><a href=\"deleteclient.php?id=" . $row['id'] . "\">Delete</a>" . "</td></tr>";
    
}
echo "</table>";
?>

</body>
</html>
0

Looks OK. As I suspected, you are calling your other page using GET; using $_GET (near the top) is correct. Your form uses method POST, so using $_POST (near the bottom) is (was) correct.

As was already stated a time or two, you should put all PHP array references that are within strings inside {}. That is, "text $_POST verbage" doesn't always work. It is much more reliable to use "text {$_POST} verbage". If you look at your web server's log file, you'll probably find it complaining a lot.

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.