Jump to content

Basic Php System: View/edit/delete/add Records


falkencreative

Recommended Posts

  • 5 weeks later...
  • 4 months later...

I've been working with this script and although I'm a PHP newbee I'm almost there. I only have one issue with the NEW.PHP. When I submit data I get an error. Can anyone please get me in the right direction?

 

Script:

<?php

/*

NEW.PHP

Allows user to create a new entry in the database

*/

 

// creates the new record form

// since this form is used multiple times in this file, I have made it a function that is easily reusable

function renderForm($order, $discrjob, $item, $status, $daytimereq, $contact, $error)

{

?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">

<html>

<head>

<title>New Record</title>

</head>

<body>

<?php

// if there are any errors, display them

if ($error != '')

{

echo '<div style="padding:4px; border:1px solid red; color:red;">'.$error.'</div>';

}

?>

 

<form action="" method="post">

<div>

<strong>Order: *</strong> <input type="text" name="order" value="<?php echo $order; ?>" /><br/>

<strong>Discrete job: *</strong> <input type="text" name="discrjob" value="<?php echo $discrjob; ?>" /><br/>

<strong>Item: *</strong> <input type="text" name="item" value="<?php echo $item; ?>" /><br/>

<strong>Status: *</strong> <input type="text" name="status" value="<?php echo $status; ?>" /><br/>

<strong>Day&time request: *</strong> <input type="text" name="daytimereq" value="<?php echo $daytimereq; ?>" /><br/>

<strong>Contact: *</strong> <input type="text" name="contact" value="<?php echo $contact; ?>" /><br/>

<p>* required</p>

<input type="submit" name="submit" value="Submit">

</div>

</form>

</body>

</html>

<?php

}

 

 

 

 

// connect to the database

include('connect-db.php');

 

// check if the form has been submitted. If it has, start to process the form and save it to the database

if (isset($_POST['submit']))

{

// get form data, making sure it is valid

$order = mysql_real_escape_string(htmlspecialchars($_POST['order']));

$discrjob = mysql_real_escape_string(htmlspecialchars($_POST['discrjob']));

$item = mysql_real_escape_string(htmlspecialchars($_POST['item']));

$status = mysql_real_escape_string(htmlspecialchars($_POST['status']));

$daytimereq = mysql_real_escape_string(htmlspecialchars($_POST['daytimereq']));

$contact = mysql_real_escape_string(htmlspecialchars($_POST['contact']));

 

// check to make sure both fields are entered

if ($order == '' || $discrjob == '' || $item == '' || $status == '' || $daytimereq == '' || $contact == '')

{

// generate error message

$error = 'ERROR: Please fill in all required fields!';

 

// if either field is blank, display the form again

renderForm($order, $discrjob, $item, $status, $daytimereq, $contact, $error);

}

else

{

// save the data to the database

mysql_query("INSERT qcdata SET order='$order', discrjob='$discrjob', item='$item', status='$status', daytimereq='$daytimereq', contact='$contact'")

or die(mysql_error());

 

// once saved, redirect back to the view page

header("Location: view.php");

}

}

else

// if the form hasn't been submitted, display the form

{

renderForm('','','','','','','');

}

?>

 

 

ERROR:

You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'order='order1', discrjob='discrjob1', item='item1', status='status1', daytimereq' at line 1

Link to comment
Share on other sites

@Dominique

I believe that "order" is a reserved word within MySQL (it's used in "ORDER BY"), which can lead to issues if you try to use it as a column name. I would change that column name to something other than "order" ("sort" or "sortOrder"?) and update your mysql query. My guess is that will fix it, since I'm not seeing anything else wrong with the query at first glance.

Link to comment
Share on other sites

@Dominique

I believe that "order" is a reserved word within MySQL (it's used in "ORDER BY"), which can lead to issues if you try to use it as a column name. I would change that column name to something other than "order" ("sort" or "sortOrder"?) and update your mysql query. My guess is that will fix it, since I'm not seeing anything else wrong with the query at first glance.

 

You're totally right Ben... this did the trick. Thanks very much!

Link to comment
Share on other sites

Guest rrrnew

CodeIgniter is a PHP framework and from what I've seen, it is pretty good.

 

I decided to back the Zend Framework thought because I figured it would become the predominant PHP framework over time - as it has.

 

Stefan

Hi im new to php in im having problem editing a db. I wrote down a code but it doesn't update the db. This is the code that i wrote:

<?php

include('mysql_connection.php');

include('../includes/header.php');

mysql_select_db($database_connection) or die ("unable to connect to the database");

$id=$_POST['id'];

?>

<?php

 

$dbc=NULL;

//Verifica que los encasillado en la pgina de editar esten llenos

if (empty($_POST['direccion_fisica'])) {

$errors[]='No entrastes la direccion fisica.';

}else{

$df=mysqli_real_escape_string($dbc, trim($_POST['direccion_fisica']));

}

if (empty($_POST['zip'])) {

$errors[]='No entrastes el codigo postal.';

}else{

$zp=mysqli_real_escape_string($dbc, trim($_POST['zip']));

}

 

if (empty($_POST['direccion_postal'])) {

$errors[]='No entrastes la dirección postal.';

}else{

$dp=mysqli_real_escape_string($dbc, trim($_POST['direccion_postal']));

}

 

if (empty($_POST['zip_ps'])) {

$errors[]='No entrastes el codigo postal.';

}else{

$zp_ps=mysqli_real_escape_string($dbc, trim($_POST['zip_ps']));

}

 

if (empty($_POST['telefono_1'])) {

$errors[]='No entrastes el telefono.';

}else{

$tl_1=mysqli_real_escape_string($dbc, trim($_POST['telefono_1']));

}

 

if (empty($_POST['telefono_2'])) {

$errors[]='No entrastes el telefono.';

}else{

$tl_2=mysqli_real_escape_string($dbc, trim($_POST['telefono_2']));

}

 

if (empty($_POST['fax'])) {

$errors[]='No entrastes el fax.';

}else{

$fx=mysqli_real_escape_string($dbc, trim($_POST['fax']));

}

if (empty($_POST['web_page'])) {

$errors[]='No entrastes tu pagina de internet.';

}else{

$wb=mysqli_real_escape_string($dbc, trim($_POST['web_page']));

}

if (empty($_POST['nombre'])) {

$errors[]='No entrastes el nombre del contacto.';

}else{

$fn=mysqli_real_escape_string($dbc, trim($_POST['nombre']));

}

if (empty($_POST['apellido'])) {

$errors[]='No entrastes el apellido del contacto.';

}else{

$ln=mysqli_real_escape_string($dbc, trim($_POST['apellido']));

}

if (empty($_POST['nombre_cs'])) {

$errors[]='No entrastes el nombre del contacto secundario.';

}else{

$fn_2=mysqli_real_escape_string($dbc, trim($_POST['nombre_cs']));

}

if (empty($_POST['apellido_cs'])) {

$errors[]='No entrastes el apellido del contacto secundario.';

}else{

$ln_2=mysqli_real_escape_string($dbc, trim($_POST['apellido_cs']));

}

if (empty($_POST['email'])) {

$errors[]='No entrastes el correo electronico.';

}else{

$em=mysqli_real_escape_string($dbc, trim($_POST['email']));

}

if (empty($_POST['email_sec'])) {

$errors[]='No entrastes el correo electronico del contacto secundario.';

}else{

$em_2=mysqli_real_escape_string($dbc, trim($_POST['email_sec']));

}

if (empty($_POST['telefono'])) {

$errors[]='No entrastes el telefono del contacto.';

}else{

$tl_3=mysqli_real_escape_string($dbc, trim($_POST['telefono']));

}

if (empty($_POST['phone_sec'])) {

$errors[]='No entrastes el telefono del contacto secundario.';

}else{

$tl_4=mysqli_real_escape_string($dbc, trim($_POST['phone_sec']));

}

 

if (empty($errors)) { //Si todo esta bien

 

 

 

$q="UPDATE perfil_negocio_agricola SET direccion_fisica='$fn', zip='$zp', direccion_postal='$dp', zip_ps='$zp_ps', telefono_1='$tl_1', telefono_2='$tl_2', fax='$fx', web_page='$wb', nombre='$fn', apellido='$ln', nombre_cs='$fn_2', apellido_cs='$ln_2', email='$em', email_sec='$em_2', telefono='$tl_3', phone_sec='$tl_4', WHERE id='$id' ";

 

$r=@mysqli_query($dbc, $q);

if(mysqli_affected_rows($dbc) ==0)

{//Si corrio OK

echo'<p> Su perfil a sido editado.</p>';

}else{

echo'<p> class="error">Su perfil no pudo ser editado. Disculpenos por cualquier inconveniento que esto pueda causar.</p>';

echo '<p>' . mysqli_error($dbc) . '<br />Query: ' . $q . '</p>'; //Debuggin MSG

}

 

}else{ //Reportar errores

echo'<p class="error">A ocurrido los siguientes errores:<br/>';

foreach($errors as $msg) {

echo "- $msg<br/>\n";

}

echo'</p><p>Intente de nuevo.</p>';

} //Finaliza sino hay errores

 

mysqli_close($dbc);

?>

 

 

I get this error mysqli_real_escape_string() expects parameter 1 to be mysqli, null given , i have look the code again to see if wrote something wrong but i dont found it. Since i start like 2 weeks ago with PHP if someone can help me it would be great.

Link to comment
Share on other sites

Sorry for the delay in answering this message...

 

If you check the documentation for mysqli_real_escape_string (http://php.net/manual/en/mysqli.real-escape-string.php), you'll notice that it is expecting two arguments: a link to the mysqli connection, and the string you want escaped:

 

string mysqli_real_escape_string ( mysqli $link , string $escapestr )

In your code above, you call this function like this:

 

$df=mysqli_real_escape_string($dbc, trim($_POST['direccion_fisica']));

but just a couple lines above, you have set $dbc to NULL:

 

$dbc=NULL;
//Verifica que los encasillado en la pgina de editar esten llenos

Why are you setting the variable to null? The error message indicates that it is expecting the first variable to be a link to the mysqli connection, but you are providing it with null instead.

Link to comment
Share on other sites

  • 2 weeks later...
Guest udai

i want to view all data with shorting and with search. link i want to sort by first name, last name, id (increase or decrease)

 

some one help me..........

Link to comment
Share on other sites

  • 1 month later...

Nice tutorial, though I do have a question.

 

This may be beyond the scope of the tutorial, but I have seen it done a lot in tutorials a friend of mine looks at to learn PHP:

 

$db = mysql_connect('localhost','wronguser','or_wrongpass') or die (mysql_error());

 

Now, with my wamp configuration (Pretty much default) and my hosting configuration (through a2 hosting) I get (as expected) the MySQL error printed out twice:

 

> Once for the actual PHP error (due to what the error level is set to

> And again for the or die (mysql_error());, except this time it's just the error reported from mysql.

 

As such I have always done

$db = @mysql_connect('localhost','wronguser','or_wrongpass') or die ('Could not connect to the DB');

 

Utilizing the @ error control operator to ignore the PHP error for this statement and then removing the mysql_error (I don't want my database user printed out).

 

I am not sure if this is best practice or not, since (to my understanding) @ simply disables error reporting then executes the statement, and returns it to normal.

 

http://us3.php.net/manual/en/language.operators.errorcontrol.php

If anyone wants to read up more on it, and doesn't already know about it.

 

 

So my question, is there any real reason people don't use the @ error control operator (Sparingly, of course) for stuff like this?

Link to comment
Share on other sites

You get this error twice because you most likely have error messages turned on within your hosting. You can disable this with this line:

 

ini_set( "display_errors", 0);

 

or by manually updating your php.ini file (which probably isn't possible on a shared host, though perhaps the host could handle that for you. As a general rule, I've heard that it's best to disable display_errors on a live site, so you don't accidentally give away database/server details that might expose security holes. You can learn a bit more about this here: http://php.net/manual/en/function.error-reporting.php

 

In regards to using "@" for error suppression, my impression is that is generally frowned upon, and it should be used as minimally as possible. To summarize others, it seems like the main reasons are:

 

-- the "@" causes performance issues

-- Parts of the application may fail silently, and using the "@" means it is harder to tell what is going on

-- If you have users that are using the application and something goes wrong, giving them a "white screen of death" when something fails silently is infinitely more frustrating than at least providing an error message they can pass on to support.

 

For more info, see:

http://php.net/manual/en/language.operators.errorcontrol.php

http://stackoverflow.com/questions/136899/suppress-error-with-operator-in-php

 

Searching for "php error suppression" will probably give you some other results as well. I'm not saying errors shouldn't be suppressed -- they should, to avoid security issues -- but you then need to provide an interface that gives the user an idea of what is failing and what is going on without showing database/server details.

Link to comment
Share on other sites

You get this error twice because you most likely have error messages turned on within your hosting. You can disable this with this line:

 

Yeah, that's what I was saying (or intended to, anyway). Most tutorials don't go over (or ever say) to look into that. Thus, most people who I talked to who learned PHP from them simply think it's normal.

 

ini_set( "display_errors", 0);

 

or by manually updating your php.ini file (which probably isn't possible on a shared host, though perhaps the host could handle that for you. As a general rule, I've heard that it's best to disable display_errors on a live site, so you don't accidentally give away database/server details that might expose security holes. You can learn a bit more about this here: http://php.net/manual/en/function.error-reporting.php

 

For this reason, I generally handle my own errors.

 

 

In regards to using "@" for error suppression, my impression is that is generally frowned upon, and it should be used as minimally as possible.

 

I would agree. I was mostly wondering what the reasoning behind not using it here was. (Thanks for answering, btw).

 

To summarize others, it seems like the main reasons are:

-- the "@" causes performance issues

 

That is one reason. It's like I said in my post, disables error reporting - runs the code - sets error reporting to what it was:

 

error_reporting(E_NONE);
mysql_connect() ...
error_reporting(whatever it was before);

 

since this essentially turns one statement into 3, I can see how it would effect performance if used widely.

 

-- Parts of the application may fail silently, and using the "@" means it is harder to tell what is going on

 

True. With display_errors you can enable/disable them globally as you please, depending on if you're in the development environment or live.

 

-- If you have users that are using the application and something goes wrong, giving them a "white screen of death" when something fails silently is infinitely more frustrating than at least providing an error message they can pass on to support.

 

Never would actually plan on doing that (Though, that is why in my example I said 'Could not connect to DB')

 

Generally, I have a nice error page setup for displaying them so that it's build into the template.

 

 

 

For more info, see:

http://php.net/manual/en/language.operators.errorcontrol.php

http://stackoverflow.com/questions/136899/suppress-error-with-operator-in-php

 

Searching for "php error suppression" will probably give you some other results as well. I'm not saying errors shouldn't be suppressed -- they should, to avoid security issues -- but you then need to provide an interface that gives the user an idea of what is failing and what is going on without showing database/server details.

 

Yeah, leaving the errors displaying enabled by default is bad for a non-development environment. Though I always recommend logging errors (displayed or not) with some environment conditions (variables, etc, if available), and providing a way for users to report them. This way you can go back and see what happened, when it happened, and some environment stuff durring the time.

 

 

Anyway, thanks again for your reply :)

Link to comment
Share on other sites

Hi Ben,

 

Thanks for the very nice tutorial! But I guess I need your idea to enlighten me as I'm still new in PHP

 

Here is my what I did so far

 

- my form(name, email, address, picture)

- before send to database, user can preview the form and edit it.

- I'm using($_POST instead of session) on the preview page and "onClick='history.go(-1)'" to edit the page.

- User able to see(name, email, address) and edit at textfield but for image, it missing( I dont know how to call the image that already upload and show it at Edit form). I want to let use delete or reattach new image on it.

 

Sorry for my english and I hope you understand my problem.

Thanks

Link to comment
Share on other sites

Hi Ben,

 

Apologize me for the confusing. let me rephrase and hope you get my question :)

 

I have total of 3 page let say register.php, preview.php and submit.php

 

1. First, user fill at register form(name,email,address, profile picture) and click submit

2. It then go to preview.php page will the information name, email, address and picture --> all the information is not yet store at database.

3. Let say user want to edit it address hence it click button EDIT and it redirect to page register.php with all previous data at text field.

4. Here is the problem. all data for name, email, address are there at text field but not picture.

 

Question

1. How to call the picture and display it at register.php once user click edit at preview page?

2. I would like also to allow user to delete the picture at edit(register.php).

 

Hope that make sense. Thanks

Link to comment
Share on other sites

If you aren't storing this information (name/email/address/picture) in the database immediately, you do need to store it somewhere. If I understand you correctly, you are relying on the browser to save and display this information for you (using the "back" button functionality) whereas I would suggest storing it in the session so you can be sure that it is saved properly.

 

In regards to the image, once the image has been uploaded on the first page, I would store the path to the uploaded image file in a session variable. Then you can display the image easily:

 

<img src="<?php echo $your_image_path; ?>" alt="" />

 

If you need to delete the image, you can have a link that when clicked, checks the session variable for the image path and deletes the specified file. You could even potentially use jquery/AJAX, so that the user never has to leave the page they are currently on. Javascript would be used to call the PHP file that deletes the image, and then based on the result from that PHP file (if it was able to successfully delete the image) you can use Javascript to remove the image from the page and alert the user that the file has been updated.

Link to comment
Share on other sites

  • 4 weeks later...

Hello All,

congratulation for the tutorial but I have a problem with the edit,insert page because when i push the submit button the browser doesn't redirect me to the page that I want but it gives to me: Error loading page and there aren't any new record or edit record.

Thanks and sorry if english isn't perfect

Link to comment
Share on other sites

Hello All,

congratulation for the tutorial but I have a problem with the edit,insert page because when i push the submit button the browser doesn't redirect me to the page that I want but it gives to me: Error loading page and there aren't any new record or edit record.

Thanks and sorry if english isn't perfect

Make sure the path to the file is correct. You may have a misspelling in the file name.

Link to comment
Share on other sites

I am very new to php and mysql and have been playing with your sample code. I am having a problem with the edit and delete links in view.php. When I click on the edit link it take me to http://www.website.com/edit.php8 instead of http://www.website.com/edit.php?id=8.'>http://www.website.com/edit.php?id=8. If I type http://www.website.com/edit.php?id=8 in the url it will display the page and allow me to edit. Also, I had to add <? ob_start(); ?> to the top and <? ob_flush(); ?> to the bottom of edit.php. Any suggestions?

Link to comment
Share on other sites

I am very new to php and mysql and have been playing with your sample code. I am having a problem with the edit and delete links in view.php. When I click on the edit link it take me to http://www.website.com/edit.php8 instead of http://www.website.com/edit.php?id=8.'>http://www.website.com/edit.php?id=8. If I type http://www.website.com/edit.php?id=8 in the url it will display the page and allow me to edit. Also, I had to add <? ob_start(); ?> to the top and <? ob_flush(); ?> to the bottom of edit.php. Any suggestions?

 

The first place I would check would be the line that creates that link within view.php. Make sure it includes "?id=":

 

echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';

 

If you've double checked that and are still having problems, start a new topic in the PHP forum, post your code and I'll take a look.

Link to comment
Share on other sites

The first place I would check would be the line that creates that link within view.php. Make sure it includes "?id=":

 

echo '<td><a href="edit.php?id=' . $row['id'] . '">Edit</a></td>';

 

If you've double checked that and are still having problems, start a new topic in the PHP forum, post your code and I'll take a look.

 

Thanks for the sample link. That worked! I was a little off on the formatting.

Link to comment
Share on other sites

  • 2 months later...

You can use ORDER BY to choose how to sort the results: http://www.tizag.com/mysqlTutorial/mysqlorderby.php

 

Using a flat array rather than database is a bit outside the scope of the tutorial, since the entire point of this tutorial was how to work with a database. I'm not sure if an array makes sense, since you'll have to recreate the array every time the page loads -- it won't stay consistent across different pages. You can add/remove/edit items from an array, but those changes won't stay when you visit a different page, or even refresh the page.

Link to comment
Share on other sites

hi admin..

i used the script you provided for editing.. first of all thanks for the lovely script..

i created a table with id,firstname and lastname fields..as u told and it went perfect with no error... but i tried it for another table and fields 'signum' in place of 'id'.. and it gave me error because signum is varchar type... and id is int... if i keep signum as int then it works fine but gives error for varchar.... there's a line in edit.php which checks that input is_numeric... what to write inplace of that... please provide me with that script...i urgently need it.... THANKS IN ADVANCE...

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...