Clever Geek Handbook

Fetch data from Mysql database, display in form and allow users to update with PHP

I am VERY NEW to PHP. I have a page where I want the user to be able to enter a quote and that information is then passed to a php script that queries the database, returns the information on the form, and then allows the user to update any of the fields returned in that form.

I have three problems:

1) When data is returned, only the first word in the field is returned. Many fields contain multiple words.

2) When users change the data in this field, the database is not updated.

3) I don't seem to know how to get the form fields to display as well as to enter data.

Here is the code that asks for and returns data for the user to view and update as needed:

<?php  


mysql_connect("***************", "*********", "****") or die(mysql_error()); 
mysql_select_db("***********") or die(mysql_error()); 

$searchterm= $_POST['searchterm'];

$query = "SELECT Citation, Category, Overview, Facts, Decision, Keywords, Link     FROM     cases WHERE citation = '$searchterm'";

$result  = mysql_query($query);

while ($row = mysql_fetch_assoc($result))
{
    echo "<form action=".$_SERVER['PHP_SELF']." method=post>" .
         "Case Citation: <input type=text name=Citation value={$row['Citation'] }><br>" .
     "Category: <input type=text name=Category value={$row['Category'] }><br>" . 
     "Overview: <input type=text name=Overview value={$row['Overview'] }><br>" . 
     "Case Facts: <input type=text name=Facts value={$row['Facts'] }><br>" . 
     "Decision: <input type=text name=decision value={$row['Decision'] }><br>" . 
     "Keywords: <input type=text name=Keywords value={$row['Keywords'] }><br>" . 
     "Weblink: <input type=text name=Link value={$row['Link'] }><br>" . 
     "<input type=submit name=submit value=Update>" .
     "</form>";
} 

//when they click submit
if (isset($_POST['submit'])) { 

$Citation=$_POST['Citation'];
$Category=$_POST['Category'];
$Overview=$_POST['Overview'];
$Facts=$_POST['Facts'];
$Decision=$_POST['Decision'];
$Keywords=$_POST['Keywords'];
$Link=$_POST['Link'];

$update = "UPDATE IGNORE cases SET citation='$citation', category='$category', overview='$overview', facts='$facts', decision='$decision', keywords='$keywords', link='$link' WHERE citation = '%$searchterm%'";
$add = mysql_query($update);

} 
  ?>

Here's the form I'm using to add data:

<form action="process.php" method="post"> 
Case Citation: <input type="text" name="citation" size=128><br> 
Category: <input type="text" name = "category" size=56><br> 
Overview: <textarea class="textarea" cols="96" row="8" name = "overview"> </textarea><br> 
Case Facts:  <textarea class="textarea" cols="96" row="8" name = "facts"></textarea><br>
Decision:  <input type="text" name = "decision" size=56><br>
Keywords: <textarea class="textarea" cols="96" row="8" name = "keywords"></textarea><br>
Web Link: <input type="text" name = "link" size=128><br>
<input type="submit" value="Submit"> 
</form>

And this is the code that stores the information in the database:

<? 
  $citation=$_POST['citation']; 
  $category=$_POST['category']; 
  $overview=$_POST['overview']; 
  $facts=$_POST['facts']; 
  $decision=$_POST['decision']; 
  $keywords=$_POST['keywords']; 
  $link=$_POST['link']; 
  mysql_connect("*************", "************", "*********") or die(mysql_error()); 
  mysql_select_db("************") or die(mysql_error()); 
  mysql_query("INSERT INTO `cases` VALUES ('$citation', '$category', '$overview', '$facts', '$decision', '$keywords', '$link')"); 
  Print "Your information has been successfully added to the database.  Add case page will automatically reload."; 

?>
+3


source to share


2 answers


Your first (and probably the rest ...) problem is caused by the way you create the form:

echo "<form action=".$_SERVER['PHP_SELF']." method=post>" .
     "Case Citation: <input type=text name=Citation value={$row['Citation'] }><br>" .
 "Category: <input type=text name=Category value={$row['Category'] }><br>" . 
 "Overview: <input type=text name=Overview value={$row['Overview'] }><br>" . 
 "Case Facts: <input type=text name=Facts value={$row['Facts'] }><br>" . 
 "Decision: <input type=text name=decision value={$row['Decision'] }><br>" . 
 "Keywords: <input type=text name=Keywords value={$row['Keywords'] }><br>" . 
 "Weblink: <input type=text name=Link value={$row['Link'] }><br>" . 
 "<input type=submit name=submit value=Update>" .
 "</form>";

Please note that the values ​​of all attributes are not sorted, so in html one of your inputs might look like this:

Decision: <input type=text name=decision value=this is some text from that field><br>

and this is not valid html.



You have to quote all values ​​and prepare / exclude them for use in html:

 'Decision: <input type=text name=decision value="' . htmlspecialchars($row['Decision']) . '"><br>' . 
 etc.

Also, you have a SQL injection problem that you have to solve by switching to PDO (or mysqli) and prepared statements with bound variables.

Note that the SQL injection problem not only puts you at risk but also easily strips your sql code if one of your values ​​contains a character, for example '

.

0


source


In the loop test field while = {$ row ['Citation']}.

Your database name first letter name is capital?



Check the database field name again.

0


source






More articles:


All Articles