0

Hi,tried to update the improvement_plan table with the records below but unable to do so, as the records are not updated. When i click submit button, no records are saved. Please advise? Thanks.

<?php
error_reporting(E_ALL ^ E_NOTICE);
mysql_connect("localhost","user","");
mysql_select_db("p1");
$table="improvement_plan";


    if(isset($_POST['submit'])){


  //  echo $_SESSION['Picid'];  
   echo $_SESSION['Progressid'];    


       foreach($_POST['Ipid'] as $value) {



        $Item2 = $_POST['Item2' . $value];
        $Business2 = $_POST['Business2' . $value];
        $Rootcause2 = $_POST['Rootcause2' . $value];
        $Progressid = $_SESSION['Progressid'. $value];      

        mysql_query("UPDATE $table SET Item2='$Item2', Business2='$Business2', Rootcause2='$Rootcause2',Progressid = '$Progressid' where Progressid='".$_SESSION["Progressid"]."'");

        echo "Record ".$value." successfully updated.<br />";
    } 


     } 


 echo "<form action='#' method='post'>


           <table border='1'>


        <tr>
<th>Ipid</th>;
<th>Item</th>;
<th>Business Enablers/ISO Clause</th>;
<th>Root Cause</th>;


            </tr>";



    $Ipid=0;
    if (isset($_GET['Ipid'])) {
    $_SESSION['Ipid']=$_GET['Ipid'];    
    $Ipid=$_SESSION['Ipid'];  
    echo $Ipid;
    }
$sql = "SELECT * FROM $table where Ipid='$Ipid'";
$results = mysql_query($sql);
while($row = mysql_fetch_assoc($results))


    {



        $Ipid = $row["Ipid"];
        $Item2 = $row["Item2"];
        $Business2 = $row["Business2"];
        $Rootcause2 = $row["Rootcause2"];
        $Progressid = $_SESSION["Progressid"];
echo "<tr>


             <td><input type='text' name='Ipid' value='$Ipid' readonly></td>


         <td><input type='text' name='Item2' value='$Item2'></td>
         <td><input type='text' name='Business2' value='$Business2'></td>
         <td><input type='text' name='Rootcause2' value='$Rootcause2'></td>    
         <td><input type='text' name='Progressid' value='$Progressid' readonly></td>   
      </tr>";


     }


echo "</table><input type='submit' name='submit' value='Update'></form>";
?>

Edited by diafol: reformatted code

2
Contributors
6
Replies
61
Views
2 Years
Discussion Span
Last Post by Sophia_1
0

Any reason why you're using defunct code (mysql_*)?

0

Hi, have change the update statement as below but still unable to update the records. Please advise. Thanks.

<?php
error_reporting(E_ALL ^ E_NOTICE);
mysql_connect("localhost","user","");
mysql_select_db("p1");
$table="improvement_plan";


        if(isset($_POST['submit'])){


  //  echo $_SESSION['Picid'];  


       echo $_SESSION['Progressid'];    


       foreach($_POST['Ipid'] as $value) {
mysql_query("UPDATE improvement_plan set Item2='" . $_POST["Item2"] . "', Business2='" . $_POST["Business2"] . "', 
Rootcause2='" . $_POST["Rootcause2"] . "',
Progressid='" . $_POST["Progressid"] . "' WHERE Progressid='" . $_POST["Progressid"] . "'");
$message = "Record Modified Successfully";


        } 


     } 
 echo "<form action='#' method='post'>


               <table border='1'>


        <tr>
<th>Ipid</th>;
<th>Item</th>;
<th>Business Enablers/ISO Clause</th>;
<th>Root Cause</th>;


                </tr>";


    $Ipid=0;
    if (isset($_GET['Ipid'])) {
    $_SESSION['Ipid']=$_GET['Ipid'];    
    $Ipid=$_SESSION['Ipid'];  
    echo $Ipid;
    }
$sql = "SELECT * FROM $table where Ipid='$Ipid'";
$results = mysql_query($sql);
while($row = mysql_fetch_assoc($results))


        {


        $Ipid = $row["Ipid"];
        $Item2 = $row["Item2"];
        $Business2 = $row["Business2"];
        $Rootcause2 = $row["Rootcause2"];
        $Progressid = $_SESSION["Progressid"];
echo "<tr>


                 <td><input type='text' name='Ipid' value='$Ipid' readonly></td>


         <td><input type='text' name='Item2' value='$Item2'></td>
         <td><input type='text' name='Business2' value='$Business2'></td>
         <td><input type='text' name='Rootcause2' value='$Rootcause2'></td>    
         <td><input type='text' name='Progressid' value='$Progressid' readonly></td>   
      </tr>";
     }
echo "</table><input type='submit' name='submit' value='Update'></form>";
?>

Edited by diafol: reformatted code - please use the code button on the editor

0

OK a few things.

1) You are using deprecated code: mysql_* functions instead of PDO or mysqli. I believe I mentioned this in my first post.

2) You are inserting POST data directly into your query - this is very dangerous thing to do as you are open to SQL injection. If you don't know what that is, I suggest that you read up on it, as this is a major security hole. Using PDO or mysqli perpared statements and binding parameters/values can obviate this issue. If you insist on using deprecated code - please don't - but if you do, at least use mysql_real_escape_string() as a bare minimum.

3) Avoid mixing up your code and markup. Separate them as much as possible. You can keep php code in separate files and use include/require or at a bare minimum place all php above the doctype declaration. Then only use trivial php in the markup, like echo, for/while, if etc. Mixing everything up makes code maintenance a nightmare and also confuses contributors.

4) Ipid - difficult to know what's going on with all this looping.

An example of a safer method of using mysql here:

$queryTemplate = "UPDATE improvement_plan SET Item2='%s', Business2='%s', Rootcause2='%s' WHERE Progressid='%s'";

foreach($_POST['Ipid'] as $value) {

    $i2 = mysql_real_escape_string($_POST["Item2"]);
    $b2 = mysql_real_escape_string($_POST["Business2"]);
    $r2 = mysql_real_escape_string($_POST["Rootcause2"]);
    $id = mysql_real_escape_string($_POST["Progressid"]);

    mysql_query(sprintf($queryTemplate, $i2, $b2, $r2, $id));
    //check for success before you tell everybody that it was successful!!
    $message = "Record Modified Successfully";
} 
0

Hi, thanks for your reply. Have tried to use the coding above but still can't update the records. Please kindly advise. Thanks a lot.

<?php
error_reporting(E_ALL ^ E_NOTICE);
mysql_connect("localhost","user","");
mysql_select_db("p1");
$table="improvement_plan";

    if(isset($_POST['submit'])){
    echo $_SESSION['Progressid'];    
  $queryTemplate = "UPDATE improvement_plan SET Item2='%s', Business2='%s', Rootcause2='%s' WHERE Progressid='%s'";


foreach($_POST['Ipid'] as $value) {


$i2 = mysql_real_escape_string($_POST["Item2"]);
$b2 = mysql_real_escape_string($_POST["Business2"]);
$r2 = mysql_real_escape_string($_POST["Rootcause2"]);
$id = mysql_real_escape_string($_POST["Progressid"]);

mysql_query(sprintf($queryTemplate, $i2, $b2, $r2, $id));
//check for success before you tell everybody that it was successful!!
$message = "Record Modified Successfully";


} 


 } 

echo "<form action='#' method='post'>

       <table border='1'>


    <tr>

<th>Ipid</th>;
<th>Item</th>;
<th>Business Enablers/ISO Clause</th>;
<th>Root Cause</th>;
</tr>";

    $ip=0;


if (isset($_GET['Ipid'])) {
$_SESSION['Ipid']=$_GET['Ipid'];    
$ip=$_SESSION['Ipid'];  
echo $ip;
}

$sql = "SELECT * FROM $table where Ipid='$ip'";
$results = mysql_query($sql);
while($row = mysql_fetch_assoc($results))

        {


    $ip = $row["Ipid"];
    $i2 = $row["Item2"];
    $b2 = $row["Business2"];
    $r2 = $row["Rootcause2"];
    $id = $_SESSION["Progressid"];

echo "<tr>

                 <td><input type='text' name='Ipid' value='$ip' readonly></td>


     <td><input type='text' name='Item2' value='$i2'></td>
     <td><input type='text' name='Business2' value='$b2'></td>
     <td><input type='text' name='Rootcause2' value='$r2'></td>    
     <td><input type='text' name='Progressid' value='$id' readonly></td>   
  </tr>";
 }

echo "</table><input type='submit' name='submit' value='Update'></form>";
?>

1

Look at the mysql_* functions in the php manual and apply error checking.

Example:

$result = mysql_query('SELECT * WHERE 1=1');
if (!$result) {
    die('Invalid query: ' . mysql_error());
}
0

Hi, have tried to apply error checking but still can't update the improvement plan table. Appreciate for your advise. Thanks alot.

$sql = "SELECT * FROM $table where Ipid='$ip'";
$results = mysql_query($sql);

if (!$results) {


die('Invalid query: ' . mysql_error());


} 
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.