0
Hi, i have 2 tabs in one form. After inserting records in tabs-1 for quarter 1 progress, user then updates records in tabs-2 for quarter 2 progress, which is of the same row in the progress table. However when i click submit button or update button, no records are being saved or updated. Below are the codes. Please advise. Thanks.

<!doctype html>
<html lang="en">
<head>
<link rel="stylesheet" type="text/css" href="style.css"/>
<style>
div.savestatus{ /* Style for the "Saving Form Contents" DIV that is shown at the top of the form */
width:200px;
padding:2px 5px;
border:1px solid gray;
background:#fff6e5;
-webkit-box-shadow: 0 0 8px #818181;
box-shadow: 0 0 8px #818181;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:5px;
color:red;
position:absolute;
top:-10px;
}
form#feedbackform div{ /*CSS used by demo form*/
margin-bottom:9px;
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
<script src="autosaveform.js">
/***********************************************
* Auto Save Form script (c) Dynamic Drive (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit http://www.dynamicdrive.com/ for this script and 100s more.
***********************************************/

</script>
<script>
var formsave1=new autosaveform({
    formid: 'ipdprogress',
    pause: 1000 //<--no comma following last option!
})
</script>
  <meta charset="utf-8">
  <title>Institutional Performance Data System Database</title>
  <link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css">
  <script src="//code.jquery.com/jquery-1.10.2.js"></script>
  <script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
  <link rel="stylesheet" href="/resources/demos/style.css">
<script>
  $(function() {
    $( "#tabs" ).tabs();
  });
</script>
</head>
<body>
<div id="header" > 
<h1><b>SECTION II: Progress</b></h1>
<?php 
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
    $_SESSION['Userid']; // it will print the userid value
    $_SESSION['Username']; // it will print the userid value
    $_SESSION['Email'];

$connection = mysql_connect("localhost","user","") or die("Database connection failed!<br>");
$result=mysql_select_db("p") or die("Database could not be selected!");
    $Picid=0;
    if (isset($_GET['Picid'])) {
    $_SESSION['Picid']=$_GET['Picid'];  
    $Picid=$_SESSION['Picid'];  

$query="Select Userid,Picid from general_ipd where Userid='".$_SESSION['Userid']."' and Picid= '".$Picid."'";
$result=mysql_query($query)or die(mysql_error());
if($row=mysql_fetch_array($result))
{
echo "<input type='hidden' name='hidden' value='".$row['Userid']."'><br>";
echo "<input type='hidden' name='hidden' value='".$Picid."'><br>";
}
}
?> 
</div>
<div id="tabs">
  <ul>
    <li><a href="#tabs-1">Quarter 1</a></li>
    <li><a href="#tabs-2">Quarter 2</a></li>
  </ul>

<?php
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
$con = mysql_connect("localhost","user","");
if (!$con){
die("Can not connect: " . mysql_error());
}
mysql_select_db("p",$con);
if(isset($_POST['submit'])){
mysql_query("INSERT INTO progress (Quanprogress1, Qualprogress1,Picid) VALUES ('" . $_POST["Quanprogress1"] . "','" . $_POST["Qualprogress1"] . "','" . $Picid . "')"); 
$Progressid = mysql_insert_id();
$_SESSION['Progressid']=$Progressid;
if(!empty($Progressid)) {   
$message = "New progress added successfully"; 
}
} 
?>
<form id="ipdprogress" method="post" action="">

<div id="tabs-1">  
<p><b>1.Target</b></p>
<Table> 
<tr>
<td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
<td><input type="text" name="Quanprogress1" class="txtField" value="<?php echo $row['Quanprogress1']; ?>"></td>
<td><font size=2>a.ii.Qualitative Progress: </font></td>
<td><input type="text" name="Qualprogress1" class="txtField" value="<?php echo $row['Qualprogress1']; ?>"></td>
</tr>
</table>   
<input type="hidden" name="Picid"> 
<input type="hidden" name="Progressid">    
</div>
<div id="tabs-2">
<?php
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
$conn = mysql_connect("localhost","user","");
mysql_select_db("p",$conn);
if(isset($_POST['update'])){
mysql_query("UPDATE progress set Quanprogress2='" . $_POST["Quanprogress2"] . "', Qualprogress2='" . $_POST["Qualprogress2"] . "' WHERE Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$message = "Record Modified Successfully";
}
$result = mysql_query("SELECT * FROM progress WHERE  Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$row= mysql_fetch_array($result);
?> 
<p><b>1.Target</b></p>
<table>
<tr><td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
<input type="hidden" name="Picid"> 
<input type="hidden" name="Progressid" class="txtField" value="<?php echo $row['Progressid']; ?>">
<td><input type="text" name="Quanprogress2" class="txtField" value="<?php echo $row['Quanprogress2']; ?>"></td>
<td><font size=2>a.ii.Qualitative Progress:</font></td>
<td><input type="text" name="Qualprogress2" class="txtField" value="<?php echo $row['Qualprogress2']; ?>"></td>
</tr>
</table>
<input type="hidden" name="Picid" > 
?>
</div>  
</div>
</div> 
</body>
<br>
<td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td>
<td colspan="2"><input type="submit" name="update" value="Update" class="btnSubmit"></td>
</form></html>
2
Contributors
3
Replies
29
Views
2 Years
Discussion Span
Last Post by diafol
0

Urgh. Have you heard of indenting? That is nigh on impossible for me to read.

I did notice that your PHP and markup seem to comme from last century. mysql_* functions, font tags?? More html after the end body tag.

You're also wide open to SQL injection as you do not sanitize anything before stuffing it into your SQL statement.

0

Hi, have indented the code below. But am not sure how to sanitize the code. Please kindly advise. Thanks.

<!doctype html>
<html lang="en">
<head>
<link rel="stylesheet" type="text/css" href="style.css"/>
<style>
div.savestatus{ /* Style for the "Saving Form Contents" DIV that is shown at the top of the form */
width:200px;
padding:2px 5px;
border:1px solid gray;
background:#fff6e5;
-webkit-box-shadow: 0 0 8px #818181;
box-shadow: 0 0 8px #818181;
-moz-border-radius: 5px;
-webkit-border-radius: 5px;
border-radius:5px;
color:red;
position:absolute;
top:-10px;
}
form#feedbackform div{ /*CSS used by demo form*/
margin-bottom:9px;
}
</style>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.6.2/jquery.min.js"></script>
<script src="autosaveform.js">
/***********************************************
* Auto Save Form script (c) Dynamic Drive (www.dynamicdrive.com)
* This notice MUST stay intact for legal use
* Visit http://www.dynamicdrive.com/ for this script and 100s more.
***********************************************/
</script>
<script>
var formsave1=new autosaveform({
    formid: 'ipdprogress',
    pause: 1000 //<--no comma following last option!
})
</script>
  <meta charset="utf-8">
  <title>Institutional Performance Data System Database</title>
  <link rel="stylesheet" href="//code.jquery.com/ui/1.11.2/themes/smoothness/jquery-ui.css">
  <script src="//code.jquery.com/jquery-1.10.2.js"></script>
  <script src="//code.jquery.com/ui/1.11.2/jquery-ui.js"></script>
  <link rel="stylesheet" href="/resources/demos/style.css">
<script>
  $(function() {
    $( "#tabs" ).tabs();
  });
</script>
</head>
<body>
<div id="header" > 
<h1><b>SECTION II: Progress</b></h1>
<?php 
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
    $_SESSION['Userid']; // it will print the userid value
    $_SESSION['Username']; // it will print the userid value
    $_SESSION['Email'];
$connection = mysql_connect("localhost","user","") or die("Database connection failed!<br>");
$result=mysql_select_db("p") or die("Database could not be selected!");
    $Picid=0;
    if (isset($_GET['Picid'])) {
        $_SESSION['Picid']=$_GET['Picid'];  
        $Picid=$_SESSION['Picid'];  
        $query="Select Userid,Picid from general_ipd where       Userid='".$_SESSION['Userid']."' and Picid= '".$Picid."'";
        $result=mysql_query($query)or die(mysql_error());
            if($row=mysql_fetch_array($result)){
                   echo "<input type='hidden' name='hidden' value='".$row['Userid']."'><br>";
                   echo "<input type='hidden' name='hidden' value='".$Picid."'><br>";
            }
    }
?> 
</div>
<div id="tabs">
  <ul>
    <li><a href="#tabs-1">Quarter 1</a></li>
    <li><a href="#tabs-2">Quarter 2</a></li>
  </ul>
<?php
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
$con = mysql_connect("localhost","user","");
    if (!$con){
    die("Can not connect: " . mysql_error());
    }
    mysql_select_db("p",$con);
        if(isset($_POST['submit'])){
        mysql_query("INSERT INTO progress (Quanprogress1, Qualprogress1,Picid) VALUES ('" . $_POST["Quanprogress1"] . "','" . $_POST["Qualprogress1"] . "','" . $Picid . "')"); 
        $Progressid = mysql_insert_id();
        $_SESSION['Progressid']=$Progressid;
            if(!empty($Progressid)) {   
                $message = "New progress added successfully"; 
            }
        } 
?>
<form id="ipdprogress" method="post" action="">
<div id="tabs-1">  
    <p><b>1.Target</b></p>
    <Table> 
        <tr>
           <td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
           <td><input type="text" name="Quanprogress1" class="txtField" value="<?php echo $row['Quanprogress1']; ?>"></td>
            <td><font size=2>a.ii.Qualitative Progress: </font></td>
             <td><input type="text" name="Qualprogress1" class="txtField" value="<?php echo $row['Qualprogress1']; ?>"></td>
        </tr>
    </table>   
    <input type="hidden" name="Picid"> 
    <input type="hidden" name="Progressid">    
</div>
<div id="tabs-2">
<?php
session_start(); 
error_reporting(E_ALL ^ E_NOTICE);
$conn = mysql_connect("localhost","user","");
mysql_select_db("p",$conn);
    if(isset($_POST['update'])){
        mysql_query("UPDATE progress set Quanprogress2='" . $_POST["Quanprogress2"] . "', Qualprogress2='" . $_POST["Qualprogress2"] . "' WHERE Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
        $message = "Record Modified Successfully";
    }
    $result = mysql_query("SELECT * FROM progress WHERE  Picid='" . $Picid . "' and Progressid='" . $Progressid . "'");
$row= mysql_fetch_array($result);
?> 
<p><b>1.Target</b></p>
    <table>
       <tr><td><font size=2>a.i.Quantitative Progress (e.g. average,numerical,%,sum):</font></td>
        <input type="hidden" name="Picid"> 
        <input type="hidden" name="Progressid" class="txtField" value="<?php echo $row['Progressid']; ?>">
            <td><input type="text" name="Quanprogress2" class="txtField" value="<?php echo $row['Quanprogress2']; ?>"></td>
            <td><font size=2>a.ii.Qualitative Progress:</font></td>
            <td><input type="text" name="Qualprogress2" class="txtField" value="<?php echo $row['Qualprogress2']; ?>"></td>
        </tr>
    </table>
<input type="hidden" name="Picid" > 
?>
</div>  
</div>
</div> 
</body>
<br>
            <td colspan="2"><input type="submit" name="submit" value="Submit" class="btnSubmit"></td>
            <td colspan="2"><input type="submit" name="update" value="Update" class="btnSubmit"></td>
</form></html>
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.