0
<?php
$host="localhost"; // Host name 
$username="user"; // Mysql username 
$password=""; // Mysql password 
$db_name="pqa"; // Database name 
$tbl_name="improvement_plan"; // Table name

// Connect to server and select database.
mysql_connect("$host", "$username", "$password")or die("cannot connect"); 
mysql_select_db("$db_name")or die("cannot select DB");

// get value of id that sent from address bar
$Ipid=$_GET['Ipid'];

// Retrieve data from database 
$sql="SELECT * FROM $tbl_name WHERE Ipid='$Ipid'";
$result=mysql_query($sql);
$row=mysql_fetch_array($result);
?>

<table width="400" border="0" cellspacing="1" cellpadding="0">
<tr>
<form name="impplan" method="post" action="updateimpplan_ac.php">
<td>
<table width="100%" border="0" cellspacing="1" cellpadding="0">
<tr>
<td>&nbsp;</td>
<td colspan="3"><strong>Notify Responsible Person</strong> </td>
</tr>
<tr>
<td align="center">&nbsp;</td>
<td align="center">&nbsp;</td>
<td align="center">&nbsp;</td>
<td align="center">&nbsp;</td>
</tr>
<tr>
<td align="center">&nbsp;</td>
<td align="center"><strong>Item</strong></td>
<td align="center"><strong>Business Enablers/ISO Clause</strong></td>
<td align="center"><strong>Root Cause</strong></td>
</tr>
<tr>
<td>&nbsp;</td>
<td align="center">
<input name="Item2" type="text" id="Item2" value="<?php echo $row['Item2']; ?>" size="5">
</td>
<td>
<input name="Business2" type="text" id="Business2" value="<?php echo $row['Business2']; ?>" size="10">
</td>
<td align="center">
<input name="Rootcause2" type="text" id="Rootcause2" value="<?php echo $row['Rootcause2']; ?>">
</td>
</tr>

<tr>
<td>&nbsp;</td>
<td>
<input name="Ipid" type="hidden" id="Ipid" value="<?php echo $row['Ipid']; ?>">
</td>
<td>
<input name="Progressid" type="hidden" id="Progressid" value="<?php echo $row['Progressid']; ?>">
</td>
<td align="center">
<input type="submit" name="Submit" value="Submit">
</td>
<td>&nbsp;</td>
</tr>
</table>
</td>
</form>
</tr>
</table>

<?php
// close connection 
mysql_close();
?>

Edited by diafol: Pleazse use code tags - just highlight the code and press the tab key

5
Contributors
8
Replies
45
Views
2 Years
Discussion Span
Last Post by Taywin
0

Use Insert query for save data into your DB Table.

I couldn't find any insert query in your code.

I found a select query only. Select query is for to retrive data from DB table.

0

what error code you have now ??
try to put your sql like this maybe some error could have in this line

$sql = "SELECT * FROM ".$tbl_name." WHERE Ipid='$Ipid'";
0

Hi,sorry this is the update query7 but data is still not save in the improvement_plan table. Please advise. Thanks.

// update data in mysql database
$sql="UPDATE $tbl_name SET Item2='$Item2', Business2='$Business2', Rootcause2='$Rootcause2',

 WHERE Progressid='$Progressid' and Ipid='$Ipid'";          

$result=mysql_query($sql);

// if successfully updated.

if($result){

echo "Successful";
echo "<BR>";
echo "<a href='list_impplan.php'>View result</a>";

}





else {

echo "ERROR";

}
0

Hi, tried to use the following query as suggested but still cannot save record. Please help. Thanks.

$sql = "SELECT * FROM ".$tbl_name." WHERE Ipid='$Ipid'";

0

You should really consider abandoning the oudated mysql in favour of mysqli or PDO. If you make use of prepared statements you won't have to insert the parameters directly into the query, which is dangerous.

Regardless of that, where are you setting those $Business2 variables? The code you posted does not contain them.

And just to be clear, do you want to update the SQL table with data from the page or the HTML/PHP table with data from the database?

0

Hi thanks for your advise. I actually want to save data from the page ie save data from user input. Please advise. Thanks.

0

Well you should definitely use an UPDATE instead of a SELECT query then. Thing is, PHP runs on the server so you won't be able to fetch user input and deal with it on the same page. You're going to need a user part, with the form inputs and a PHP part that handles the variables and update the database accordingly. You could circumvent this by posting to the same page, but it will result in a "two page crammed into one" kind of file, which is harder to read and maintain.

I'd suggest to read a CRUD tutorial first and then post a more specific question should it arise. The reason for not changing the code you have now would be the mysql you're using, as it makes up the bulk of the logic. And the fact that you have no POST logic whatsoever yet.

Sometimes, how hard it may be, it's best to start over. Especially if it wouldn't take long to get back to where you are now, but using the right methods upon which you can expand.

0

There are a couple suggestions from me.

1)Please follow the naming convention. You should NOT start with capitalized for a variable. It is very confusing to maintain the script later on.

2)You must NOT directly use user input in your query. You need to sanitize it before hand. This is a serious security issue in both SQL injection and XSS vulnerabilities. Because PHP is an easy language to use with a DB, many (yes many) people who learn it by themselves tend to over look this issue. As a result, the language has a really bad image as an insecured language.

3)When you are going to add a new record, use INSERT. When you want to update certain record, use UPDATE. You cannot use UPDATE to add a new record, and you cannot use INSERT to update a record.

Now look at your latest update script, you have an extra comma right after '$Rootcause2' (which should be named as '$rootCause2'). There should be NO comma before WHERE clause.

Edited by Taywin

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.