0
<?php //update has an error!
?>

<?php
include("lock.php");// contains session details
$connect=mysql_connect("localhost","root","");
mysql_select_db("login",$connect);


if(isset($_POST[""])){
	
	$dept_name=$_POST["dept_name"];
	$year=$_POST["year"];
	$current_sem=$_POST["current_sem"];
	$total_students=$_POST["total_students"];
	$regulation=$_POST["regulation"];
}

//------------------------------------------------------------------------------------------------------------------
if(isset($_POST["insert"])){
	if($_POST["insert"]=="yes"){
	
	$dept_name=$_POST["dept_name"];
	$year=$_POST["year"];
	$current_sem=$_POST["current_sem"];
	$total_students=$_POST["total_students"];
	$regulation=$_POST["regulation"];

$query="insert into classprofile(dept_name,year,current_sem,total_students,regulation) values('$dept_name','$year','$current_sem','$total_students','$regulation')";
if(mysql_query($query))
echo "<center>Record Inserted!</center><br>";
	}
	else{
		echo"not inserted, try again";
	}
}
//-------------------------------------------------------------------------------------------------------------------
if(isset($_POST["update"])){
	if($_POST["update"]=="yes"){
		
		$dept_name=$_POST["dept_name"];
	$year=$_POST["year"];
	$current_sem=$_POST["current_sem"];
	$total_students=$_POST["total_students"];
	$regulation=$_POST["regulation"];

$query="update classprofile set dept_name='$dept_name' ,year='$year',current_sem='$current_sem',total_students='$total_students','regulation='$regulation' where id=".$_POST['id'];
if(mysql_query($query))
echo "<center>Record Updated</center><br>";
	}else { echo"no yes"; }
} 
//---------------------------------------------------------------------------------------------------------------------
if(isset($_GET['operation'])){
if($_GET['operation']=="delete"){
$query="delete from classprofile where id=".$_GET['id'];	
if(mysql_query($query))
echo "<center>Record Deleted!</center><br>";
}
}
//---------------------------------------------------------------------------------------------------------------------
?>
<html>
<body>
<a href="logout.php">logout</a>
<form method="post" action="classcrud.php">
<table align="center" border="0">
<tr>
<td>Id:</td>
<td><input type="text" name="id" /></td>
</tr>
<tr>
<td>Department Name:</td>
<td><input type="text" name="dept_name" /></td>
</tr>
<tr>
<td>Year of Study:</td>
<td><input type="text" name="year" /></td>
</tr>
<tr>
<td>Current Sem:</td>
<td><input type="text" name="current_sem" /></td>
</tr>
<tr>
<td>Total Students:</td>
<td><input type="text" name="total_students" /></td>
</tr>
<tr>
<td>Regulation:</td>
<td><input type="text" name="regulation" /></td>
</tr>


<tr>
<td>&nbsp;</td>
<td align="right">
<input type="hidden" name="insert" value="yes" />
<input type="submit" value="Insert Record"/>
</td>
</tr>
</table>
</form>
<?php

if(isset($_GET['operation'])){
if($_GET['operation']=="edit"){
?>
<form method="post" action="classcrud.php">
<table align="center" border="0">

<tr>
<td>Id:</td>
<td><input type="text" name="id" value="<?php echo $_GET['id']; ?>" /></td>
</tr><tr>
<td>Department Name:</td>
<td><input type="text" name="dept_name" value="<?php echo $_GET['dept_name']; ?>" /></td>
</tr>
<tr>
<td>Year of Study:</td>
<td><input type="text" name="year" value="<?php echo $_GET['year']; ?>"/></td>
</tr>
<tr>
<tr>
<td>Current Sem:</td>
<td><input type="text" name="current_sem" value="<?php echo $_GET['current_sem']; ?>" /></td>
</tr>
<tr>
<td>Total Students:</td>
<td><input type="text" name="total_students" value="<?php echo $_GET['total_students']; ?>" /></td>
</tr>
<tr>
<td>Regulation:</td>
<td><input type="text" name="regulation" value="<?php echo $_GET['regulation']; ?>" /></td>
</tr>

<td>&nbsp;</td>
<td align="right">
<input type="hidden" name="id" value="<?php echo $_GET['id'] ?>" />
<input type="hidden" name="update" value="yes" />
<input type="submit" value="update Record"/>
</td>
</tr>
</table>
</form>
<?php
}}
?>

<?php
$query="select * from classprofile";
$result=mysql_query($query);
if(mysql_num_rows($result)>0){
	echo "<table align='center' border='1'>";
	echo "<tr>";
	echo "<th>Id</th>";
	echo "<th>Department Name</th>";
	echo "<th>Year of Study</th>";
	echo "<th>Current Sem</th>";
	echo "<th>Total Students</th>";
	echo "<th>Regulation</th>";
	echo "</tr>";
	while($row=mysql_fetch_array($result)){
	echo "<tr>";
	echo "<td>".$row['id']."</td>";
	echo "<td>".$row['dept_name']."</td>";
	echo "<td>".$row['year']."</td>";
	echo "<td>".$row['current_sem']."</td>";	
	echo "<td>".$row['total_students']."</td>";	
	echo "<td>".$row['regulation']."</td>";
	echo "<td><a href='classcrud.php?operation=edit&dept_name=".$row['dept_name'],"&id=".$row['id']."&year=".$row['year']."&current_sem=".$row['current_sem']."&total_students=".$row['total_students']."&regulation=".$row['regulation']."'>edit</a></td>";
	echo "<td><a href='classcrud.php?operation=delete&id=".$row['id']."&dept_name=".$row['dept_name']."'>delete</a></td>";	
	echo "</tr>";
	}
	echo "</table>";
}
else{
echo "<center>No Records Found!</center>";	
}

?>
</body>
</html>
3
Contributors
2
Replies
3
Views
5 Years
Discussion Span
Last Post by GliderPilot
0

You must be getting some error message somewhere. What does it say?

It is a good idea to check for existence of all $_POST array elements before using them since some of them might not exist which breaks your query. Something like:

if(isset($_POST["dept_name"])) {

    $dept_name=$_POST["dept_name"];

} else {

   echo 'You did not enter department name!';
}

// etc ...

Also you can echo your update query to see what it look like and copy it into phpmyadmin or mysql client to check wheter it works OK. Put this after line 47:

die($query);

My practice is that I first check for existence of all required POST (or GET...) values, clean them and asign them to variables before they can go into a query. otherwise you are begging for trouble (errors in queries, security holes etc).

// a flag to check wheter there were errors
$data_complete = true;

if(isset($_POST["dept_name"])) {

    $dept_name = mysql_real_escape_string(trim($_POST["dept_name"]));

} else {

    $data_complete = false;
}

if(isset($_POST["year"])) {

    $year = (int) $_POST["year"];

} else {

    $data_complete = false;
}

// etc...

// see http://php.net/manual/en/function.mysql-real-escape-string.php

// if submitted data was complete (no errors) run the query else display an error
if($data_complete) {

    // run the query

} else {

    // display error message
}

And also do not use GET method for deleting records. It is dangerous since it is visible in the URL and somebody can intentionally or unintentionally delete too many rows. POST is a bit safer.

Edited by broj1: n/a

0

I would suggest indenting your if statements. Your not opening and closing all your statements and it is going to cause the script to fail

Lines 30, 48, 56 your IF statements are missing opening {

Lines 36 and 51 are missing an extra } you have more opened IF statements than closed

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.