Member Avatar for CarterLangley

Me again,

I have the following which should generate a form and populate that form.

<?php 
session_start();
include("db_connect.php");
if(($_SESSION['user_id']) && ($_SESSION['access_level'] == 1 ))
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
   "http://www.w3.org/TR/html4/loose.dtd">
<head>
    <title>Teaching Int Limited - Home</title>
    <meta name="title" content="Teaching Int Limited">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
    <meta name="description" content="Providing Quality English Teachers to Schools and Organisations">
    <meta name="Abstract" content="Providing Quality English Teachers to Schools and Organisations">
    <meta name="keywords" content="TEFL,english,teacher">
    <meta name="Robots" content="index, follow">
    <meta name="Distribution" content="Global">
    <meta name="Revisit-After" content="30 days">
    <meta name="Rating" content="General">
    <meta name="Reply-to" content="info@teaching-int.com">
    <meta name="Owner" content="Teaching Int Limited">
    <meta name="Author" content="Carter Langley">
    <meta name="copyright" content="Teaching Int Limited - 2013">
    <link rel="shortcut icon" href="images/favicon.ico">
    <link href='http://fonts.googleapis.com/css?family=Great+Vibes' rel='stylesheet' type='text/css'>
    <link rel="stylesheet" type="text/css" href="form.css">
    <link rel="stylesheet" type="text/css" href="header.css">
    <link rel="stylesheet" type="text/css" href="site.css">
</head>
<body>
<?php include("header_loggedin.php"); ?>
<?php
if(isset($_POST['add']))
{
$category_id = protect($_POST['category_id']);
$title = protect($_POST['title']);
$first_name = protect($_POST['first_name']);
$middle_name = protect($_POST['middle_name']);
$last_name = protect($_POST['last_name']);
$suffix = protect($_POST['suffix']);
$dob = protect($_POST['dob']);
$home_street = protect($_POST['home_street']);
$home_city = protect($_POST['home_city']);
$home_province = protect($_POST['home_province']);
$home_postalcode = protect($_POST['home_postalcode']);
$home_country = protect($_POST['home_country']);
$home_tel = protect($_POST['home_tel']);
$home_cell = protect($_POST['home_cell']);
$home_email = protect($_POST['home_email']);
$skype = protect($_POST['skype']);

$columns = array("category_id", "title", "first_name", "middle_name","last_name","suffix","dob","home_street","home_province","home_postalcode","home_country","home_tel","home_cell","home_email","skype");
$set = array();
foreach ($columns as $col) {
    if (isset($_GET[$col])) {
      $set[] = "$col = '" . protect($_GET[$col]) . "'";
    }
}
$sql = "UPDATE person ";
if ($set) {
    $sql .= "SET " . implode(",", $set);
}
$sql .= " WHERE person_id = " . $_POST['person_id'];
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
  die('Could not update data: ' . mysql_error());
}
echo "Entered data successfully. Redirecting in 2 seconds.\n";
mysql_close($conn);
header('Refresh: 2; URL=admin.php');
}
else
{
?>
<form class="semantic" method="post" action="">
<fieldset>
<legend>Viewing</legend>
<?php
$ops = '';
$sql_select = "select * from category";
$retval_selectcategory = mysql_query( $sql_select, $conn );
if(! $retval_selectcategory ) { die('Could not select data: ' . mysql_error()); }
while($row = mysql_fetch_assoc($retval_selectcategory)) {
    $ops .=  "<option value='{$row['category_id']}'>{$row['category']}</option>";
}
$result = "SELECT * FROM person WHERE ";
$result .= " person_id = " . $POST['person_id'];
$row = mysql_fetch_row($result);
?>
<div>
<label for="category_id">Category</label>
<select name="category_id" id="category_id">
<option value="">--- Select a Category ---</option>
<?php echo $ops;?>
</select>
</div>
<div>
<label for="title">Title</label>
<input name="title" type="text" id="title" value="<?php $row['title'] ?>">
</div>
<div>
<label for="first_name">First Name</label>
<input name="first_name" type="text" id="first_name" value="<?php $row['first_name'] ?>">
</div>
<div>
<label for="middle_name">Middle Name</label>
<input name="middle_name" type="text" id="middle_name" value="<?php $row['middle_name'] ?>">
</div>
<div>
<label for="last_name">Last Name</label>
<input name="last_name" type="text" id="last_name" value="<?php $row['last_name'] ?>">
</div>
<div>
<label for="suffix">Suffix</label>
<input name="suffix" type="text" id="suffix" value="<?php $row['suffix'] ?>">
</div>
<div>
<label for="dob">Date of Birth (yyyy-mm-dd)</label>
<input name="dob" type="text" id="dob" value="<?php $row['dob'] ?>">
</div>
<div>
<label for="home_street">Home Street Address</label>
<input name="home_street" type="text" id="home_street" value="<?php $row['home_street'] ?>">
</div>
<div>
<label for="home_city">City/Town</label>
<input name="home_city" type="text" id="home_city" value="<?php $row['home_city'] ?>">
</div>
<div>
<label for="home_province">Province</label>
<input name="home_province" type="text" id="home_province" value="<?php $row['home_province'] ?>">
</div>
<div>
<label for="home_postalcode">Postal Code</label>
<input name="home_postalcode" type="text" id="home_postalcode" value="<?php $row['home_postalcode'] ?>">
</div>
<div>
<label for="home_country">Country</label>
<input name="home_country" type="text" id="home_country" value="<?php $row['home_country'] ?>">
</div>
<div>
<label for="home_tel">Home Telephone</label>
<input name="home_tel" type="text" id="home_tel" value="<?php $row['home_tel'] ?>">
</div>
<div>
<label for="home_cell">Home Cellular/Mobile</label>
<input name="home_cell" type="text" id="home_cell" value="<?php $row['home_cell'] ?>">
</div>
<div>
<label for="home_email">Personal Email Address</label>
<input name="home_email" type="text" id="home_email" value="<?php $row['home_email'] ?>">
</div>
<div>
<label for="skype">Skype</label>
<input name="skype" type="text" id="skype" value="<?php $row['skype'] ?>">
</div>
<div class="button-row">
<input name="add" type="submit" id="add" value="Update Person">
</div>
</fieldset>
</form>
</body>
</html>
<?php
}
}
else
{
    echo "<script type=\"text/javascript\">
    alert(\"You don't belong here!\");
    window.location=\"index.php\"</script>";
}

I am getting the following error.
Could not update data: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'WHERE person_id = 3' at line 1

What I am trying to do is populate a form from the database based on a choice made on another page. I should then be able to update the information on this form if necessary and update the corresponding record in the database.

  • 4 Contributors
  • 6 Replies
  • 300 Views
  • 2 Days Discussion Span
  • Latest Post Latest Post by CarterLangley

Recommended Answers

All 6 Replies

Member Avatar for pzuurveen

is that from the query from line 88?
cant, there is no query at line 88, but there must be one.

Member Avatar for CarterLangley

I think it is the one from line 59?

Member Avatar for urtrivedi

add underscore after dollor sign on light 88

wrong $POST['person_id'];
right $_POST['person_id'];

Member Avatar for Zagga

Hi,

For the query on line 59, I don't see where you are getting the person-id value. It is not sent by the form? Or should this be $_SESSION['user_id']

As for line 87, combining the answers from pzuurveen and urtrivedi, replace lines 87 and 88 with the following.

$result_sql = "SELECT * FROM person WHERE person_id = " . $_POST['person_id'];
$result = mysql_query($result_sql, $con) or die('Error - Could not perform the query: ' . mysql_error());
Edited by Zagga
Member Avatar for pzuurveen

do var_dump($sql); to see if the query looks like you want it to.
(post the resulst)

also read this artical about mysql-php-sql-injection

Member Avatar for CarterLangley

It was a combination of things. I have managed to get the thing sorted now and learnt a few lessons to boot!

Thanks guys for pointing me in the right direction.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.