Retrieve data from Mysql database, display on a form, and allow user to update using PHP


Retrieve data from Mysql database, display on a form, and allow user to update using PHP



I am VERY NEW to PHP. I have a page where I want a user to be able to enter a citation and that information is then passed to a php script that queries against the database, returns the information in a form, and then allows the user to update any of the fields returned in that form.



I have three problems:



1) When data returns, is only returns the first word in the field. Many of the fields contains multiple words.



2) When the users changes data in the field, the database isn't updated.



3) I don't seem to know how to get the form fields to display like I do for data entry.



Here is the code that queries and returns the data for the user to review and update if necessary:


<?php


mysql_connect("***************", "*********", "****") or die(mysql_error());
mysql_select_db("***********") or die(mysql_error());

$searchterm= $_POST['searchterm'];

$query = "SELECT Citation, Category, Overview, Facts, Decision, Keywords, Link FROM cases WHERE citation = '$searchterm'";

$result = mysql_query($query);

while ($row = mysql_fetch_assoc($result))
{
echo "<form action=".$_SERVER['PHP_SELF']." method=post>" .
"Case Citation: <input type=text name=Citation value={$row['Citation'] }><br>" .
"Category: <input type=text name=Category value={$row['Category'] }><br>" .
"Overview: <input type=text name=Overview value={$row['Overview'] }><br>" .
"Case Facts: <input type=text name=Facts value={$row['Facts'] }><br>" .
"Decision: <input type=text name=decision value={$row['Decision'] }><br>" .
"Keywords: <input type=text name=Keywords value={$row['Keywords'] }><br>" .
"Weblink: <input type=text name=Link value={$row['Link'] }><br>" .
"<input type=submit name=submit value=Update>" .
"</form>";
}

//when they click submit
if (isset($_POST['submit'])) {

$Citation=$_POST['Citation'];
$Category=$_POST['Category'];
$Overview=$_POST['Overview'];
$Facts=$_POST['Facts'];
$Decision=$_POST['Decision'];
$Keywords=$_POST['Keywords'];
$Link=$_POST['Link'];

$update = "UPDATE IGNORE cases SET citation='$citation', category='$category', overview='$overview', facts='$facts', decision='$decision', keywords='$keywords', link='$link' WHERE citation = '%$searchterm%'";
$add = mysql_query($update);

}
?>



Here is the form I use to add data:


<form action="process.php" method="post">
Case Citation: <input type="text" name="citation" size=128><br>
Category: <input type="text" name = "category" size=56><br>
Overview: <textarea class="textarea" cols="96" row="8" name = "overview"> </textarea><br>
Case Facts: <textarea class="textarea" cols="96" row="8" name = "facts"></textarea><br>
Decision: <input type="text" name = "decision" size=56><br>
Keywords: <textarea class="textarea" cols="96" row="8" name = "keywords"></textarea><br>
Web Link: <input type="text" name = "link" size=128><br>
<input type="submit" value="Submit">
</form>



And this is the code that saves the information to the database:


<?
$citation=$_POST['citation'];
$category=$_POST['category'];
$overview=$_POST['overview'];
$facts=$_POST['facts'];
$decision=$_POST['decision'];
$keywords=$_POST['keywords'];
$link=$_POST['link'];
mysql_connect("*************", "************", "*********") or die(mysql_error());
mysql_select_db("************") or die(mysql_error());
mysql_query("INSERT INTO `cases` VALUES ('$citation', '$category', '$overview', '$facts', '$decision', '$keywords', '$link')");
Print "Your information has been successfully added to the database. Add case page will automatically reload.";

?>





Please, don't use mysql_* functions in new code. They are no longer maintained and are officially deprecated. See the red box? Learn about prepared statements instead, and use PDO or MySQLi - this article will help you decide which. If you choose PDO, here is a good tutorial.
– John Conde
Jan 22 '13 at 17:50


mysql_*





You have name=Facts and value={$row['Overview'] }. Attributes values must be enclosed with"
– Bogdan Burim
Jan 22 '13 at 17:52


name=Facts


value={$row['Overview'] }


"





You should do a $result = mysql_query($query) or die (mysql_error());
– samayo
Jan 22 '13 at 17:56


$result = mysql_query($query) or die (mysql_error());




2 Answers
2



Your first (and probably the rest...) problem is caused by how you are building your form:


echo "<form action=".$_SERVER['PHP_SELF']." method=post>" .
"Case Citation: <input type=text name=Citation value={$row['Citation'] }><br>" .
"Category: <input type=text name=Category value={$row['Category'] }><br>" .
"Overview: <input type=text name=Overview value={$row['Overview'] }><br>" .
"Case Facts: <input type=text name=Facts value={$row['Facts'] }><br>" .
"Decision: <input type=text name=decision value={$row['Decision'] }><br>" .
"Keywords: <input type=text name=Keywords value={$row['Keywords'] }><br>" .
"Weblink: <input type=text name=Link value={$row['Link'] }><br>" .
"<input type=submit name=submit value=Update>" .
"</form>";



Note that the values of all attributes are unquoted, so in html one of you inputs could look like:


Decision: <input type=text name=decision value=this is some text from that field><br>



and that is not valid html.



You should quote all values and prepare / escape them for use in html:


'Decision: <input type=text name=decision value="' . htmlspecialchars($row['Decision']) . '"><br>' .
etc.



Apart from that you have a sql injection problem that you should solve by switching to PDO (or mysqli) and prepared statements with bound variables.



Note that a sql injection problem not only puts you at risk but it also invalidates your sql easily if one of your values contains for example a ' character.


'





So I updated the respective rows to read: 'Case Citation: <input type=text name=Citation value="' . htmlspecialchars($row['Citation']) . '"><br>' . and now get Parse error: syntax error, unexpected 'Link' (T_STRING), expecting ',' or ';' in /home/u930515875/public_html/protected/vanducases.php on line 55
– Brian K Buttrey
Jan 22 '13 at 18:24






@Brian K Buttrey I used single and double quotes to make it easily readable, you should adapt the quotes to go with your code. You can escape double quotes in your double-quoted string like " if you want to.
– jeroen
Jan 22 '13 at 18:47


"



In the while loop check value={$row['Citation'] }.



Your database field name first letter is capital ?



Check database field name again.






By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.

Comments

Post a Comment

Popular posts from this blog

paramiko-expect timeout is happening after executing the command

paramiko-expect timeout is happening after executing the command Can someone help me why timeout is happening after executing the command .I am trying to SSH to a machine and execute a command.I want to store the result of the executed command . I have referred paramiko-timeout but i didn't get my expected result. import traceback try: import paramiko except ImportError: raise Exception("Please install paramiko , pip install paramiko") import pexpect from paramiko_expect import SSHClientInteraction def main(): HOSTNAME = "minion5.net" USERNAME = "root" PASSWORD = "help@432" PROMPT = "root@*:~$s+" try: client = paramiko.SSHClient() client.load_system_host_keys() client.set_missing_host_key_policy(paramiko.AutoAddPolicy()) client.connect(hostname=HOSTNAME, username=USERNAME, password=PASSWORD) with SSHClientInteraction(client, timeout=20, display=True) as interact:
Read more

how to run turtle graphics in Colaboratory

how to run turtle graphics in Colaboratory Given that we can do other types of drawing/visualization in Colaboratory, I would think running turtle graphics would be pretty simple (but not so simple I've figured it out!) I can import the turtle library, but I get the following error when any draw command occurs: TclError: no display name and no $DISPLAY environment variable Thanks in advance. 1 Answer 1 I think P5.js is your best bet. I test it in this notebook. https://colab.research.google.com/drive/1TqF6RObllyslad3KrO4SiAuegRjuJDCF By clicking "Post Your Answer", you acknowledge that you have read our updated terms of service, privacy policy and cookie policy, and that your continued use of the website is subject to these policies.
Read more

Export result set on Dbeaver to CSV

Export result set on Dbeaver to CSV Normally I use Dbeaver for windows and always export my result set like this: run my query --> select the result --> export the result set --> select export to clipboard --> done This step by step puts my result set in my clipboard and I can paste it wherever I want to work with it. The problem is that now I am using dbeaver for mac and this guide is not working. I can go on until the moment that I select my result set like in the image below: exporting data set But once I go further in the process, in the last step I get: no query Note that in "source" it was suppose to show the query that originated the result set, but instead it says just "select. As a result it does't select my result or anything (besides being "successful"). Normally my query would show up there automatically and I couldn't find any option that corrects this problem in the menus. Please help me! Thanks. Aft
Read more