Hi, i have 2 tabs in one form. After inserting records in tabs-1 for quarter 1 progress, user then updates records in tabs-2 for quarter 2 progress, which is of the same row in the progress table. However when i click submit button or update button, no records are being saved or updated. Below are the codes. Please advise. Thanks.

<!doctype html>
<html lang="en">
<head>
<link rel="stylesheet" type="text/css" href="style.css"/>
<style>
div.savestatus{ /* Style for the "Saving Form Contents" DIV that is shown at the top of the form */
width:200px;
padding:2px 5px;
border:1px solid gray;
background:#fff6e5;
-webkit-box-shadow: 0 0 8px #818181;
box-shadow: 0 0 8px #818181;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:5px;
color:red;
position:absolute;
top:-10px;
}
form#feedbackform div{ /*CSS used by demo form*/
margin-bottom:9px;
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
<script src="autosaveform.js">
/***********************************************
* Auto Save Form script (c) Dynamic Drive (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit http://www.dynamicdrive.com/ for this script and 100s more.
***********************************************/

</script>
<script>
var formsave1=new autosaveform({
    formid: 'ipdprogress',
    pause: 1000 //<--no comma following last option!
})
</script>
  <meta charset="utf-8">
  <title>Institutional Performance Data System Database</title>
  <link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css">
  <script src="//code.jquery.com/jquery-1.10.2.js"></script>
  <script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
  <link rel="stylesheet" href="/resources/demos/style.css">
<script>
  $(function() {
    $( "#tabs" ).tabs();
  });
</script>
</head>
<body>
<div id="header" > 
<h1><b>SECTION II: Progress</b></h1>
<?php 
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
    $_SESSION['Userid']; // it will print the userid value
    $_SESSION['Username']; // it will print the userid value
    $_SESSION['Email'];

$connection = mysql_connect("localhost","user","") or die("Database connection failed!<br>");
$result=mysql_select_db("p") or die("Database could not be selected!");
    $Picid=0;
    if (isset($_GET['Picid'])) {
    $_SESSION['Picid']=$_GET['Picid'];  
    $Picid=$_SESSION['Picid'];  

$query="Select Userid,Picid from general_ipd where Userid='".$_SESSION['Userid']."' and Picid= '".$Picid."'";
$result=mysql_query($query)or die(mysql_error());
if($row=mysql_fetch_array($result))
{
echo "<input type='hidden' name='hidden' value='".$row['Userid']."'><br>";
echo "<input type='hidden' name='hidden' value='".$Picid."'><br>";
}
}
?> 
</div>
<div id="tabs">
  <ul>
    <li><a href="#tabs-1">Quarter 1</a></li>
    <li><a href="#tabs-2">Quarter 2</a></li>
  </ul>

<?php
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
$con = mysql_connect("localhost","user","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("p",$con);
if(isset($_POST['submit'])){
mysql_query("INSERT INTO progress (Quanprogress1, Qualprogress1,Picid) VALUES ('" . $_POST["Quanprogress1"] . "','" . $_POST["Qualprogress1"] . "','" . $Picid . "')"); 
$Progressid = mysql_insert_id();
$_SESSION['Progressid']=$Progressid;
if(!empty($Progressid)) {   
$message = "New progress added successfully"; 
}
} 
?>
<form id="ipdprogress" method="post" action="">

<div id="tabs-1">  
<p><b>1.Target</b></p>
<Table> 
<tr>
<td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
<td><input type="text" name="Quanprogress1" class="txtField" value="<?php echo $row['Quanprogress1']; ?>"></td>
<td><font size=2>a.ii.Qualitative Progress: </font></td>
<td><input type="text" name="Qualprogress1" class="txtField" value="<?php echo $row['Qualprogress1']; ?>"></td>
</tr>
</table>   
<input type="hidden" name="Picid"> 
<input type="hidden" name="Progressid">    
</div>
<div id="tabs-2">
<?php
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
$conn = mysql_connect("localhost","user","");
mysql_select_db("p",$conn);
if(isset($_POST['update'])){
mysql_query("UPDATE progress set Quanprogress2='" . $_POST["Quanprogress2"] . "', Qualprogress2='" . $_POST["Qualprogress2"] . "' WHERE Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$message = "Record Modified Successfully";
}
$result = mysql_query("SELECT * FROM progress WHERE  Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$row= mysql_fetch_array($result);
?> 
<p><b>1.Target</b></p>
<table>
<tr><td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
<input type="hidden" name="Picid"> 
<input type="hidden" name="Progressid" class="txtField" value="<?php echo $row['Progressid']; ?>">
<td><input type="text" name="Quanprogress2" class="txtField" value="<?php echo $row['Quanprogress2']; ?>"></td>
<td><font size=2>a.ii.Qualitative Progress:</font></td>
<td><input type="text" name="Qualprogress2" class="txtField" value="<?php echo $row['Qualprogress2']; ?>"></td>
</tr>
</table>
<input type="hidden" name="Picid" > 
?>
</div>  
</div>
</div> 
</body>
<br>
<td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td>
<td colspan="2"><input type="submit" name="update" value="Update" class="btnSubmit"></td>
</form></html>

Recommended Answers

All 3 Replies

Member Avatar for diafol

Urgh. Have you heard of indenting? That is nigh on impossible for me to read.

I did notice that your PHP and markup seem to comme from last century. mysql_* functions, font tags?? More html after the end body tag.

You're also wide open to SQL injection as you do not sanitize anything before stuffing it into your SQL statement.

Hi, have indented the code below. But am not sure how to sanitize the code. Please kindly advise. Thanks.

<!doctype html>
<html lang="en">
<head>
<link rel="stylesheet" type="text/css" href="style.css"/>
<style>
div.savestatus{ /* Style for the "Saving Form Contents" DIV that is shown at the top of the form */
width:200px;
padding:2px 5px;
border:1px solid gray;
background:#fff6e5;
-webkit-box-shadow: 0 0 8px #818181;
box-shadow: 0 0 8px #818181;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:5px;
color:red;
position:absolute;
top:-10px;
}
form#feedbackform div{ /*CSS used by demo form*/
margin-bottom:9px;
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
<script src="autosaveform.js">
/***********************************************
* Auto Save Form script (c) Dynamic Drive (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit http://www.dynamicdrive.com/ for this script and 100s more.
***********************************************/
</script>
<script>
var formsave1=new autosaveform({
    formid: 'ipdprogress',
    pause: 1000 //<--no comma following last option!
})
</script>
  <meta charset="utf-8">
  <title>Institutional Performance Data System Database</title>
  <link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css">
  <script src="//code.jquery.com/jquery-1.10.2.js"></script>
  <script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
  <link rel="stylesheet" href="/resources/demos/style.css">
<script>
  $(function() {
    $( "#tabs" ).tabs();
  });
</script>
</head>
<body>
<div id="header" > 
<h1><b>SECTION II: Progress</b></h1>
<?php 
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
    $_SESSION['Userid']; // it will print the userid value
    $_SESSION['Username']; // it will print the userid value
    $_SESSION['Email'];
$connection = mysql_connect("localhost","user","") or die("Database connection failed!<br>");
$result=mysql_select_db("p") or die("Database could not be selected!");
    $Picid=0;
    if (isset($_GET['Picid'])) {
        $_SESSION['Picid']=$_GET['Picid'];  
        $Picid=$_SESSION['Picid'];  
        $query="Select Userid,Picid from general_ipd where       Userid='".$_SESSION['Userid']."' and Picid= '".$Picid."'";
        $result=mysql_query($query)or die(mysql_error());
            if($row=mysql_fetch_array($result)){
                   echo "<input type='hidden' name='hidden' value='".$row['Userid']."'><br>";
                   echo "<input type='hidden' name='hidden' value='".$Picid."'><br>";
            }
    }
?> 
</div>
<div id="tabs">
  <ul>
    <li><a href="#tabs-1">Quarter 1</a></li>
    <li><a href="#tabs-2">Quarter 2</a></li>
  </ul>
<?php
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
$con = mysql_connect("localhost","user","");
    if (!$con){
    die("Can not connect: " . mysql_error());
    }
    mysql_select_db("p",$con);
        if(isset($_POST['submit'])){
        mysql_query("INSERT INTO progress (Quanprogress1, Qualprogress1,Picid) VALUES ('" . $_POST["Quanprogress1"] . "','" . $_POST["Qualprogress1"] . "','" . $Picid . "')"); 
        $Progressid = mysql_insert_id();
        $_SESSION['Progressid']=$Progressid;
            if(!empty($Progressid)) {   
                $message = "New progress added successfully"; 
            }
        } 
?>
<form id="ipdprogress" method="post" action="">
<div id="tabs-1">  
    <p><b>1.Target</b></p>
    <Table> 
        <tr>
           <td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
           <td><input type="text" name="Quanprogress1" class="txtField" value="<?php echo $row['Quanprogress1']; ?>"></td>
            <td><font size=2>a.ii.Qualitative Progress: </font></td>
             <td><input type="text" name="Qualprogress1" class="txtField" value="<?php echo $row['Qualprogress1']; ?>"></td>
        </tr>
    </table>   
    <input type="hidden" name="Picid"> 
    <input type="hidden" name="Progressid">    
</div>
<div id="tabs-2">
<?php
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
$conn = mysql_connect("localhost","user","");
mysql_select_db("p",$conn);
    if(isset($_POST['update'])){
        mysql_query("UPDATE progress set Quanprogress2='" . $_POST["Quanprogress2"] . "', Qualprogress2='" . $_POST["Qualprogress2"] . "' WHERE Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
        $message = "Record Modified Successfully";
    }
    $result = mysql_query("SELECT * FROM progress WHERE  Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$row= mysql_fetch_array($result);
?> 
<p><b>1.Target</b></p>
    <table>
       <tr><td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
        <input type="hidden" name="Picid"> 
        <input type="hidden" name="Progressid" class="txtField" value="<?php echo $row['Progressid']; ?>">
            <td><input type="text" name="Quanprogress2" class="txtField" value="<?php echo $row['Quanprogress2']; ?>"></td>
            <td><font size=2>a.ii.Qualitative Progress:</font></td>
            <td><input type="text" name="Qualprogress2" class="txtField" value="<?php echo $row['Qualprogress2']; ?>"></td>
        </tr>
    </table>
<input type="hidden" name="Picid" > 
?>
</div>  
</div>
</div> 
</body>
<br>
            <td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td>
            <td colspan="2"><input type="submit" name="update" value="Update" class="btnSubmit"></td>
</form></html>
Member Avatar for diafol

Go to the php manual and search sanitize. Or search sanitize MySQL php in Google. Easy

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.