Start New Discussion within our Web Development Community

Hey guys,

got a system here which I'l try and explain in lame mans terms.

Search > Customer page > Edit Customer.

The problem I am having is that it is not letting me carry that ID over.
E.g, I put John smith in, I get the customer Page which echo's all his information, I click update and it doesn't seem to send the information.

http://rhino.minepress.co.uk/Selectcustomer.php
Try typing in John for a test then scroll down to update at the bottom

in Customer.php:

<?PHP
    $customer_id = $_GET['id'];

        $query = "SELECT id,
                customer_name,
                customer_name_letterhead,
                customer_notes,
                systype,
                status,
                signaltype,
                address,
                postcode,
                telephone,
                mobile,
                mobiletwo,
                email,
                mainarea,
                installation,
                Contract,
                expiration,
                SPA,
                nservice,
                maintenance,
                monitoring,
                MS,
                certdate 
                FROM Customers 
                       WHERE id = {$id}";

        $result = mysql_query($query) or die('<p>' . $query . '</p><div>' . 
                               mysql_error() . '</div>');

        $customer = mysql_fetch_assoc($result);  

?>

           <form action="Update.php" method="post">
                <input type="hidden" name="customer_id" class="customer_id" value="">
                <input type="submit" value="Update">
            </form>  

The method in the form is POST while you are reading $_GET. Change it to $_POST.

$customer_id = $_POST['id'];

And for security reasons validate and/or escape it.

if(!isset($_POST['id']) || !is_numeric($_POST['id'])) {
    header('location:logout.php');
}

$customer_id = mysql_real_escape_string($_POST['id']);

Hey broj,

This is a private script so it will be directory connected etc so we don't have a logout.php etc.

It is pretty much for storing details into a mysql db.

As for the $_POST change.

Would that be in Update.php or in Customer.php?

I've done it in both as I know I shouldn't be using _GET anyway (Different method and all).

So Update now has:

<?php

        $customer_id = $_POST['id'];

        $query = "SELECT id,
                customer_name,
                customer_name_letterhead,
                customer_notes,
                systype,
                status,
                signaltype,
                verification,
                address,
                postcode,
                telephone,
                mobile,
                mobiletwo,
                email,
                mainarea,
                installation,
                Contract,
                expiration,
                SPA,
                nservice,
                maintenance,
                monitoring,
                MS,
               certdate 
        FROM Customers 
                       WHERE id = {$customer_id}";?>

When I click Update, I get this error:

SELECT id, customer_name, customer_name_letterhead, customer_notes, systype, status, signaltype, verification, address, postcode, telephone, mobile, mobiletwo, email, mainarea, installation, Contract, expiration, SPA, nservice, maintenance, monitoring, MS, certdate FROM Customers WHERE id =

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 26

Well, the trouble is there is no id in your query. This is why this code:

if(!isset($_POST['id']) || !is_numeric($_POST['id'])) {
    // handle the error here
    ...
}

Redirecting to logout was just my guess. The thing is if there is no value in $_POST['id'] then you have to do something about it (warn the user, provide a default value...).

Why is there no $_POST['id'] is another question. How does the user pprovide the ID? If it is a form then the method of the form has to be post. If it is a link, it is usually get, but if updating, try to use post. Can you show the code for update.php?

Hey Broj,

Thanks for your quick response. I will add the if once I get this sorted I think :P

Update.php:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
input, textarea {  
    padding: 9px;  
    border: solid 1px #E5E5E5;  
    outline: 0;  
    font: normal 13px/100% Verdana, Tahoma, sans-serif;  
    width: 200px;  
    background: #FFFFFF;  
    }  
textarea {  
    width: 400px;  
    max-width: 400px;  
    height: 150px;  
    line-height: 150%;  
    }  
input:hover, textarea:hover,  
input:focus, textarea:focus {  
    border-color: #C9C9C9;  
    }  
.form label {  
    margin-left: 10px;  
    color: #999999;  
    }  
.submit input {  
    width: auto;  
    padding: 9px 15px;  
    background: #617798;  
    border: 0;  
    font-size: 14px;  
    color: #FFFFFF;  
    }  
</style>
<?php require 'header.php'; ?> 

        <div class="clear">
        </div>
        <div class="grid_12">
            <div class="box round first fullpage">
<?php

            $customer_id = $_POST['id'];

            $query = "SELECT id,
                    customer_name,
                    customer_name_letterhead,
                    customer_notes,
                    systype,
                    status,
                    signaltype,
                    verification,
                    address,
                    postcode,
                    telephone,
                    mobile,
                    mobiletwo,
                    email,
                    mainarea,
                    installation,
                    Contract,
                    expiration,
                    SPA,
                    nservice,
                    maintenance,
                    monitoring,
                    MS,
                   certdate 
            FROM Customers 
                           WHERE id = {$customer_id'}";

            $result = mysql_query($query) or die('<p>' . $query . '</p><div>' . 
                                   mysql_error() . '</div>');

            $customer = mysql_fetch_assoc($result);  

?>
 <h2>Updating <?php echo $customer['customer_name'] ?></h2>
                <div class="block ">
                    <table class="form">
                       <form name="Form" action="updateSQL.php" method="post">
<!--Intro-->
<h3>Introduction</h3>
<p class="field">  
Client/Company Name: <input type="text" name="customer_name" value="<?Php echo $customer['customer_name']?>"><br></p>
Contact / Letter name: <input type="text" name="customer_name_letterhead" value="<?Php echo $customer['customer_name_letterhead']?>"><br>
Notes: <textarea rows="5" cols="30" name="customer_notes" <?Php echo $customer['customer_notes']?>>
Notes go here
</textarea><br>

System Type
<?php $typearray= array(type1, type2, type3, type4, None); ?>

<select name="systype">
        <?php foreach($typearray as $typechoice){
                if($typechoice== $customer['systype'])
                        echo "<option selected value=\"$typechoice\">$typechoice</option>";
                else
                        echo "<option value=\"$typechoice\">$typechoice</option>";
        } ?>
</select>

<br>
Status
<?php $statusarray= array(Alive, Dead, Stop); ?>

<select name="status">
        <?php foreach($statusarray as $statuschoice){
                if($statuschoice== $customer['status'])
                        echo "<option selected value=\"$statuschoice\">$statuschoice</option>";
                else
                        echo "<option value=\"$statuschoice\">$statuschoice</option>";
        } ?>
</select><br>




Verification Method
<?php $verificationarray= array(verify1, verify2, verify3); ?>

<select name="verification">
        <?php foreach($verificationarray as $verificationchoice){
                if($verificationchoice== $customer['verification'])
                        echo "<option selected value=\"$verifychoice\">$verificationchoice</option>";
                else
                        echo "<option value=\"$verificationchoice\">$verificationchoice</option>";
        } ?>
</select><br>


<!--Start of Address etc-->
Address: <textarea rows="5" cols="30" name="address"><?Php echo $customer['address']?></textarea><br>
Postcode: <input type="text" name="postcode" value="<?Php echo $customer['postcode']?>"><br>
Telephone: <input type="text" name="telephone" value="<?Php echo $customer['telephone']?>"><br>
Mobile: <input type="text" name="mobile" value="<?Php echo $customer['mobile']?>"><br>
Mobile2: <input type="text" name="mobiletwo" value="<?Php echo $customer['mobiletwo']?>"><br>
Email: <input type="text" name="email" value="<?Php echo $customer['email']?>"><br>
Main Area: <input type="text" name="mainarea" value="<?Php echo $customer['mainarea']?>"><br>
<!--End of Address-->

<!--Start of Dates-->
Installation Date: <input type="date" name="installation" value="<?Php echo $customer['installation']?>"><br>
Contract Type: <input type="text" name="Contract" value="<?Php echo $customer['Contract']?>"><br>
Expiration date: <input type="date" name="expiration" value="<?Php echo $customer['expiration']?>"><br>

Services Per Annum:
<?php $verificationarray= array(0, 1, 2, None); ?>

<select name="SPA">
        <?php foreach($SPAarray as $SPAchoice){
                if($SPAchoice== $customer['SPA'])
                        echo "<option selected value=\"$SPAchoice\">$SPAchoice</option>";
                else
                        echo "<option value=\"$SPAchoice\">$SPAchoice</option>";
        } ?>
</select><br>

Next Service: <input type="date" name="nservice" value="<?Php echo $customer['nservice']?>"><br>
Appointment Req: 

<!--End of Dates-->

<!--Start of Financial Details-->

Invoice Run: ??<br>

Invoice Code:??<br>

<!--End of Financial Details-->

<!--Start of Charges-->

Maintenance: <input type="number" name="maintenance" value="<?Php echo $customer['maintenance']?>"><br> 
Monitoring: <input type="number" name="monitoring" value="<?Php echo $customer['monitoring']?>"><br>

<!--End of Charges-->

<!--Start of Monitored System-->

Y/N:
<?php $MSarray = array(Yes, No); ?>

<select name="MS">
        <?php foreach($MSarray as $MSchoice){
                if($MSchoice== $customer['MS'])
                        echo "<option selected value=\"$MSchoice\">$MSchoice</option>";
                else
                        echo "<option value=\"$MSchoice\">$MSchoice</option>";
        } ?>
</select><br>

<!--End of Monitored System-->
<!--Start of Certificate details-->
Date: <input type="date" name="certdate" value="<?Php echo $customer['certdate']?>"><br>
Certificate: ??
<!--End of Certificate details-->
<p>

<input type="submit" value="Submit">
</form> 
                    </table>
                </div>
            </div>
        </div>
        <div class="clear">
        </div>
    </div>
    <div class="clear">
    </div>
    <div id="site_info">
        <p>
            Copyright <a href="#">Rhino Admin</a>. All Rights Reserved.
        </p>
    </div>
</body>
</html>

OK, I see. TThe problem is that the ID is not comming to the update.php page from previous page. Can you post that page code too?

Heres the path:

Selectcustomer.php > Customer.php > Update.php

and this is Customer.php:

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<style>
input, textarea {  
    padding: 9px;  
    border: solid 1px #E5E5E5;  
    outline: 0;  
    font: normal 13px/100% Verdana, Tahoma, sans-serif;  
    width: 200px;  
    background: #FFFFFF;  
    }  
textarea {  
    width: 400px;  
    max-width: 400px;  
    height: 150px;  
    line-height: 150%;  
    }  
input:hover, textarea:hover,  
input:focus, textarea:focus {  
    border-color: #C9C9C9;  
    }  
.form label {  
    margin-left: 10px;  
    color: #999999;  
    }  
.submit input {  
    width: auto;  
    padding: 9px 15px;  
    background: #617798;  
    border: 0;  
    font-size: 14px;  
    color: #FFFFFF;  
    }

.Update {

   font-size: 20px;


}
</style>
<?php require 'header.php'; ?> 

        <div class="clear">
        </div>
        <div class="grid_12">
            <div class="box round first fullpage">
<?PHP
        $customer_id = $_POST['id'];

            $query = "SELECT id,
                    customer_name,
                    customer_name_letterhead,
                    customer_notes,
                    systype,
                    status,
                    signaltype,
                    address,
                    postcode,
                    telephone,
                    mobile,
                    mobiletwo,
                    email,
                    mainarea,
                    installation,
                    Contract,
                    expiration,
                    SPA,
                    nservice,
                    maintenance,
                    monitoring,
                    MS,
                    certdate 
            FROM Customers 
                           WHERE id = {$customer_id}";

            $result = mysql_query($query) or die('<p>' . $query . '</p><div>' . 
                                   mysql_error() . '</div>');

            $customer = mysql_fetch_assoc($result);  

?>
 <h2><?php echo $customer['customer_name'] ?></h2>
                <div class="block ">

                <?PHP 
               echo "<h4> Letter Name:</h4>" . "<br>"; 
               echo $customer['customer_name_letterhead'] . "<p>";
               echo "<h4> Notes:</h4>" . "<br>";
               echo $customer['customer_notes'] . "<p>";
               echo "<h4> System Type:</h4>" . "<br>";
               echo $customer['systype']. "<p>";
               echo "<h4> Customer Status:</h4>" . "<br>";
               echo $customer['status']. "<p>";
               echo "<h4> Signal Type:</h4>" . "<br>";
               echo $customer['signaltype']. "<p>";
               echo "<h4> Address:</h4>" . "<br>";
               echo $customer['address']. "<p>";
               echo "<h4> Postcode:</h4>" . "<br>";
               echo $customer['postcode']. "<p>";
               echo "<h4> Telephone:</h4>" . "<br>";
               echo $customer['telephone']. "<p>";
               echo "<h4> Mobile:</h4>" . "<br>";
               echo $customer['mobile']. "<p>";
               echo "<h4> Second mobile:</h4>" . "<br>";
               echo $customer['mobiletwo']. "<p>";
               echo "<h4> Email:</h4>" . "<br>";
               echo $customer['email']. "<p>";
               echo "<h4> Mainarea:</h4>" . "<br>";
               echo $customer['mainarea']. "<p>";
               echo "<h4> Installation:</h4>" . "<br>";
               echo $customer['installation']. "<p>";
               echo "<h4> Contract:</h4>" . "<br>";
               echo $customer['Contract']. "<p>";
               echo "<h4> Expiration:</h4>" . "<br>";
               echo $customer['expiration']. "<p>";
               echo "<h4> S.P.A:</h4>" . "<br>";
               echo $customer['SPA']. "<p>";
               echo "<h4> Next Service:</h4>" . "<br>";
               echo $customer['nservice']. "<p>";
               echo "<h4> Maintenance:</h4>" . "<br>";
               echo $customer['maintenance']. "<p>";
               echo "<h4>Monitoring:</h4>" . "<br>";
               echo $customer['monitoring']. "<p>";
               echo "<h4> MS:</h4>" . "<br>";
               echo $customer['MS']. "<p>";
               echo "<h4> Certdate:</h4>" . "<br>";
               echo $customer['certdate']. "<p>";

                ?>
                <form action="Update.php" method="post">

                    <input type="hidden" name="customer_id" class="customer_id" value="">
                    <input type="submit" value="Update">
                </form>  
                </div>

            </div>
        </div>
        <div class="clear">
        </div>
    </div>
    <div class="clear">
    </div>
    <div id="site_info">
        <p>
            Copyright <a href="#">Rhino Admin</a>. All Rights Reserved.
        </p>
    </div>
</body>
</html>

I am guessing but I think customer ID should be in the value of hidden input on line 34. This is the current code:

<input type="hidden" name="customer_id" class="customer_id" value="">

Shouldn't it be:

<input type="hidden" name="customer_id" class="customer_id" value="<?php echo $customer['customer_id']; ?>">

Parse error: syntax error, unexpected T_CONSTANT_ENCAPSED_STRING, expecting '}' in /home/xtrapsp/public_html/Rhino/Update.php on line 73

:(

OK, we are getting there. This could be due to stray single quote in the query:

WHERE id = {$customer_id'}";

Either remove it or change it to:

WHERE id = '{$customer_id}'";

It's still going to the wrong page

What page does it go to? It should go to the Update.php.

Can you put this debugging code into Update.php on the very beginning:

<?php
    die(print_r($_POST, 1));
?>

This will print the contents of the $_POST array and stop the script. Please post the output.

it does go to update.php but it's the wrong one.

E.G

In customer select I choose John Smith. It goes to his customer page fine, then when I click update it goes to the update page for Smith Johnson...(The person first in the db)

Array ( [customer_id] => )

OK, try this in Update.php:

<input type="hidden" name="customer_id" class="customer_id" value="<?php echo $customer_id; ?>">

$customer_id actualy holds your customer ID (and not $customer['customer_id'] as in my previous post). My mistake, sory, it's a lot of code and sometimes hard to follow.

Weel, it's time to check the UPDATE sql statement which I guess might be in update.php. Can you post it please.

BTW: I'll probably won't be able to reply sooner than tomorrow morning.

This question has already been answered. Start a new discussion instead.