[Ben]

Yes, adding a confirmation function is usually a good idea. Something like that can either be done by redirecting the visitor to a new page to confirm, or using a Javascript based confirm function (http://www.tizag.com...riptconfirm.php is one example.)

[Ben]

Zaas, on 09 December 2010 - 12:31 PM, said:

Great post Ben. I've just done a version of this which detects and displays all the tables in your database, so you can add/edit/delete from any table in there.

Interesting. So you provide it with MySQL host/username/password/database name, and it automatically finds all of your tables/columns?

[Dominique]

I've been working with this script and although I'm a PHP newbee I'm almost there. I only have one issue with the NEW.PHP. When I submit data I get an error. Can anyone please get me in the right direction?

Script:
<?php
/*
NEW.PHP
Allows user to create a new entry in the database
*/

// creates the new record form
// since this form is used multiple times in this file, I have made it a function that is easily reusable
function renderForm($order, $discrjob, $item, $status, $daytimereq, $contact, $error)
{
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<title>New Record</title>
</head>
<body>
<?php
// if there are any errors, display them
if ($error != '')
{
echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';
}
?>

<form action="" method="post">
<div>
<strong>Order: *</strong> <input type="text" name="order" value="<?php echo $order; ?>" /><br/>
<strong>Discrete job: *</strong> <input type="text" name="discrjob" value="<?php echo $discrjob; ?>" /><br/>
<strong>Item: *</strong> <input type="text" name="item" value="<?php echo $item; ?>" /><br/>
<strong>Status: *</strong> <input type="text" name="status" value="<?php echo $status; ?>" /><br/>
<strong>Day&time request: *</strong> <input type="text" name="daytimereq" value="<?php echo $daytimereq; ?>" /><br/>
<strong>Contact: *</strong> <input type="text" name="contact" value="<?php echo $contact; ?>" /><br/>
<p>* required</p>
<input type="submit" name="submit" value="Submit">
</div>
</form>
</body>
</html>
<?php
}




// connect to the database
include('connect-db.php');

// check if the form has been submitted. If it has, start to process the form and save it to the database
if (isset($_POST['submit']))
{
// get form data, making sure it is valid
$order = mysql_real_escape_string(htmlspecialchars($_POST['order']));
$discrjob = mysql_real_escape_string(htmlspecialchars($_POST['discrjob']));
$item = mysql_real_escape_string(htmlspecialchars($_POST['item']));
$status = mysql_real_escape_string(htmlspecialchars($_POST['status']));
$daytimereq = mysql_real_escape_string(htmlspecialchars($_POST['daytimereq']));
$contact = mysql_real_escape_string(htmlspecialchars($_POST['contact']));

// check to make sure both fields are entered
if ($order == '' || $discrjob == '' || $item == '' || $status == '' || $daytimereq == '' || $contact == '')
{
// generate error message
$error = 'ERROR: Please fill in all required fields!';

// if either field is blank, display the form again
renderForm($order, $discrjob, $item, $status, $daytimereq, $contact, $error);
}
else
{
// save the data to the database
mysql_query("INSERT qcdata SET order='$order', discrjob='$discrjob', item='$item', status='$status', daytimereq='$daytimereq', contact='$contact'")
or die(mysql_error());

// once saved, redirect back to the view page
header("Location: view.php");
}
}
else
// if the form hasn't been submitted, display the form
{
renderForm('','','','','','','');
}
?>


ERROR:
You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order='order1', discrjob='discrjob1', item='item1', status='status1', daytimereq' at line 1

[Ben]

@Dominique
I believe that "order" is a reserved word within MySQL (it's used in "ORDER BY"), which can lead to issues if you try to use it as a column name. I would change that column name to something other than "order" ("sort" or "sortOrder"?) and update your mysql query. My guess is that will fix it, since I'm not seeing anything else wrong with the query at first glance.

[Dominique]

Ben, on 05 May 2011 - 02:19 PM, said:

@Dominique
I believe that "order" is a reserved word within MySQL (it's used in "ORDER BY"), which can lead to issues if you try to use it as a column name. I would change that column name to something other than "order" ("sort" or "sortOrder"?) and update your mysql query. My guess is that will fix it, since I'm not seeing anything else wrong with the query at first glance.

You're totally right Ben... this did the trick. Thanks very much!

[Dominique]

Is there a possibility to use drop down boxes in the edit.php and new.php instead of the normal text fields? I have a "status" column where the user would like to choose from some options.

[Ben]

Sorry for the delay in answering this message...

If you check the documentation for mysqli_real_escape_string (http://php.net/manua...ape-string.php), you'll notice that it is expecting two arguments: a link to the mysqli connection, and the string you want escaped:

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

In your code above, you call this function like this:

$df=mysqli_real_escape_string($dbc, trim($_POST['direccion_fisica']));

but just a couple lines above, you have set $dbc to NULL:

$dbc=NULL;
//Verifica que los encasillado en la pgina de editar esten llenos

Why are you setting the variable to null? The error message indicates that it is expecting the first variable to be a link to the mysqli connection, but you are providing it with null instead.

[Henry Layla]

Hi,
Thanks for the great tips i always love to learn new things. I have little bit knowledge about programming languages. I hope i will learn a lot from here as This is the time to learn some PHP.

[Coreinsanity]

Nice tutorial, though I do have a question.

This may be beyond the scope of the tutorial, but I have seen it done a lot in tutorials a friend of mine looks at to learn PHP:

$db = mysql_connect('localhost','wronguser','or_wrongpass') or die (mysql_error());

Now, with my wamp configuration (Pretty much default) and my hosting configuration (through a2 hosting) I get (as expected) the MySQL error printed out twice:

> Once for the actual PHP error (due to what the error level is set to
> And again for the or die (mysql_error());, except this time it's just the error reported from mysql.

As such I have always done

$db = @mysql_connect('localhost','wronguser','or_wrongpass') or die ('Could not connect to the DB');

Utilizing the @ error control operator to ignore the PHP error for this statement and then removing the mysql_error (I don't want my database user printed out).

I am not sure if this is best practice or not, since (to my understanding) @ simply disables error reporting then executes the statement, and returns it to normal.

http://us3.php.net/m...rrorcontrol.php
If anyone wants to read up more on it, and doesn't already know about it.


So my question, is there any real reason people don't use the @ error control operator (Sparingly, of course) for stuff like this?

[Ben]

You get this error twice because you most likely have error messages turned on within your hosting. You can disable this with this line:

ini_set( "display_errors", 0);

or by manually updating your php.ini file (which probably isn't possible on a shared host, though perhaps the host could handle that for you. As a general rule, I've heard that it's best to disable display_errors on a live site, so you don't accidentally give away database/server details that might expose security holes. You can learn a bit more about this here: http://php.net/manua...r-reporting.php

In regards to using "@" for error suppression, my impression is that is generally frowned upon, and it should be used as minimally as possible. To summarize others, it seems like the main reasons are:

-- the "@" causes performance issues
-- Parts of the application may fail silently, and using the "@" means it is harder to tell what is going on
-- If you have users that are using the application and something goes wrong, giving them a "white screen of death" when something fails silently is infinitely more frustrating than at least providing an error message they can pass on to support.

For more info, see:
http://php.net/manua...rrorcontrol.php
http://stackoverflow...operator-in-php

Searching for "php error suppression" will probably give you some other results as well. I'm not saying errors shouldn't be suppressed -- they should, to avoid security issues -- but you then need to provide an interface that gives the user an idea of what is failing and what is going on without showing database/server details.

[Coreinsanity]

Ben, on 26 June 2011 - 04:00 PM, said:

You get this error twice because you most likely have error messages turned on within your hosting. You can disable this with this line:

Yeah, that's what I was saying (or intended to, anyway). Most tutorials don't go over (or ever say) to look into that. Thus, most people who I talked to who learned PHP from them simply think it's normal.

Ben, on 26 June 2011 - 04:00 PM, said:

ini_set( "display_errors", 0);

or by manually updating your php.ini file (which probably isn't possible on a shared host, though perhaps the host could handle that for you. As a general rule, I've heard that it's best to disable display_errors on a live site, so you don't accidentally give away database/server details that might expose security holes. You can learn a bit more about this here: http://php.net/manua...r-reporting.php

For this reason, I generally handle my own errors.

Ben, on 26 June 2011 - 04:00 PM, said:

In regards to using "@" for error suppression, my impression is that is generally frowned upon, and it should be used as minimally as possible.

I would agree. I was mostly wondering what the reasoning behind not using it here was. (Thanks for answering, btw).

Ben, on 26 June 2011 - 04:00 PM, said:

To summarize others, it seems like the main reasons are:
-- the "@" causes performance issues

That is one reason. It's like I said in my post, disables error reporting - runs the code - sets error reporting to what it was:

error_reporting(E_NONE);
mysql_connect() ...
error_reporting(whatever it was before);

since this essentially turns one statement into 3, I can see how it would effect performance if used widely.

Ben, on 26 June 2011 - 04:00 PM, said:

-- Parts of the application may fail silently, and using the "@" means it is harder to tell what is going on

True. With display_errors you can enable/disable them globally as you please, depending on if you're in the development environment or live.

Ben, on 26 June 2011 - 04:00 PM, said:

-- If you have users that are using the application and something goes wrong, giving them a "white screen of death" when something fails silently is infinitely more frustrating than at least providing an error message they can pass on to support.

Never would actually plan on doing that (Though, that is why in my example I said 'Could not connect to DB')

Generally, I have a nice error page setup for displaying them so that it's build into the template.

Ben, on 26 June 2011 - 04:00 PM, said:

For more info, see:
http://php.net/manua...rrorcontrol.php
http://stackoverflow...operator-in-php

Searching for "php error suppression" will probably give you some other results as well. I'm not saying errors shouldn't be suppressed -- they should, to avoid security issues -- but you then need to provide an interface that gives the user an idea of what is failing and what is going on without showing database/server details.

Yeah, leaving the errors displaying enabled by default is bad for a non-development environment. Though I always recommend logging errors (displayed or not) with some environment conditions (variables, etc, if available), and providing a way for users to report them. This way you can go back and see what happened, when it happened, and some environment stuff durring the time.


Anyway, thanks again for your reply

[hyze]

Hi Ben,

Thanks for the very nice tutorial! But I guess I need your idea to enlighten me as I'm still new in PHP

Here is my what I did so far

- my form(name, email, address, picture)
- before send to database, user can preview the form and edit it.
- I'm using($_POST instead of session) on the preview page and "onClick='history.go(-1)'" to edit the page.
- User able to see(name, email, address) and edit at textfield but for image, it missing( I dont know how to call the image that already upload and show it at Edit form). I want to let use delete or reattach new image on it.

Sorry for my english and I hope you understand my problem.
Thanks

[Ben]

I'm not completely sure I understand what issue you're having. However, you probably want to look at some tutorials on image manipulation:

http://net.tutsplus....f-a-photo-site/

I imagine you can find other tutorials by searching for "upload display image php."

[hyze]

Hi Ben,

Apologize me for the confusing. let me rephrase and hope you get my question

I have total of 3 page let say register.php, preview.php and submit.php

1. First, user fill at register form(name,email,address, profile picture) and click submit
2. It then go to preview.php page will the information name, email, address and picture --> all the information is not yet store at database.
3. Let say user want to edit it address hence it click button EDIT and it redirect to page register.php with all previous data at text field.
4. Here is the problem. all data for name, email, address are there at text field but not picture.

Question
1. How to call the picture and display it at register.php once user click edit at preview page?
2. I would like also to allow user to delete the picture at edit(register.php).

Hope that make sense. Thanks

[Ben]

If you aren't storing this information (name/email/address/picture) in the database immediately, you do need to store it somewhere. If I understand you correctly, you are relying on the browser to save and display this information for you (using the "back" button functionality) whereas I would suggest storing it in the session so you can be sure that it is saved properly.

In regards to the image, once the image has been uploaded on the first page, I would store the path to the uploaded image file in a session variable. Then you can display the image easily:

<img src="<?php echo $your_image_path; ?>" alt="" />

If you need to delete the image, you can have a link that when clicked, checks the session variable for the image path and deletes the specified file. You could even potentially use jquery/AJAX, so that the user never has to leave the page they are currently on. Javascript would be used to call the PHP file that deletes the image, and then based on the result from that PHP file (if it was able to successfully delete the image) you can use Javascript to remove the image from the page and alert the user that the file has been updated.

[toin]

Hello All,
congratulation for the tutorial but I have a problem with the edit,insert page because when i push the submit button the browser doesn't redirect me to the page that I want but it gives to me: Error loading page and there aren't any new record or edit record.
Thanks and sorry if english isn't perfect

[Ben]

toin, on 24 July 2011 - 07:53 AM, said:

Hello All,
congratulation for the tutorial but I have a problem with the edit,insert page because when i push the submit button the browser doesn't redirect me to the page that I want but it gives to me: Error loading page and there aren't any new record or edit record.
Thanks and sorry if english isn't perfect

Make sure the path to the file is correct. You may have a misspelling in the file name.

[toin]

Ben, on 24 July 2011 - 10:23 AM, said:

Make sure the path to the file is correct. You may have a misspelling in the file name.

I try to do the same table,php page and page name but I have always that problem...

[Ben]

toin, on 24 July 2011 - 08:34 AM, said:

I try to do the same table,php page and page name but I have always that problem...

Can you start a new topic here in the PHP forum, and include the code you are using? Hopefully this is something I can help you figure out.

[toin]

Can you start a new topic here in the PHP forum, and include the code you are using? Hopefully this is something I can help you figure out.

But are the same on the first page of the topic, it's a copy and paste
new topic:My link

[daba daba]

I am very new to php and mysql and have been playing with your sample code. I am having a problem with the edit and delete links in view.php. When I click on the edit link it take me to http://www.website.com/edit.php8 instead of http://www.website.com/edit.php?id=8. If I type http://www.website.com/edit.php?id=8 in the url it will display the page and allow me to edit. Also, I had to add <? ob_start(); ?> to the top and <? ob_flush(); ?> to the bottom of edit.php. Any suggestions?

[Ben]

daba daba, on 26 July 2011 - 02:36 PM, said:

I am very new to php and mysql and have been playing with your sample code. I am having a problem with the edit and delete links in view.php. When I click on the edit link it take me to http://www.website.com/edit.php8 instead of http://www.website.com/edit.php?id=8. If I type http://www.website.com/edit.php?id=8 in the url it will display the page and allow me to edit. Also, I had to add <? ob_start(); ?> to the top and <? ob_flush(); ?> to the bottom of edit.php. Any suggestions?

The first place I would check would be the line that creates that link within view.php. Make sure it includes "?id=":

echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';

If you've double checked that and are still having problems, start a new topic in the PHP forum, post your code and I'll take a look.

[daba daba]

Ben, on 26 July 2011 - 04:55 PM, said:

The first place I would check would be the line that creates that link within view.php. Make sure it includes "?id=":

echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';

If you've double checked that and are still having problems, start a new topic in the PHP forum, post your code and I'll take a look.

Thanks for the sample link. That worked! I was a little off on the formatting.

[Ben]

You can use ORDER BY to choose how to sort the results: http://www.tizag.com...ysqlorderby.php

Using a flat array rather than database is a bit outside the scope of the tutorial, since the entire point of this tutorial was how to work with a database. I'm not sure if an array makes sense, since you'll have to recreate the array every time the page loads -- it won't stay consistent across different pages. You can add/remove/edit items from an array, but those changes won't stay when you visit a different page, or even refresh the page.

[sak]

hi admin..
i used the script you provided for editing.. first of all thanks for the lovely script..
i created a table with id,firstname and lastname fields..as u told and it went perfect with no error... but i tried it for another table and fields 'signum' in place of 'id'.. and it gave me error because signum is varchar type... and id is int... if i keep signum as int then it works fine but gives error for varchar.... there's a line in edit.php which checks that input is_numeric... what to write inplace of that... please provide me with that script...i urgently need it.... THANKS IN ADVANCE...