PHP and MySQL problem

nick9191 · Nov 29, 2010

I have a piece of PHP code I'm writing for a Uni assignment, I'm hoping you can guess the functionality from the 2 attached screenshots. Basically, input an ID of a car, it searches the database, retrieves and displays the info. That bit is fine. The user should then be able to change the available field and update the database, I can't get that working.

Excuse the mucky code, comments, bad web design. Obviously this is in development, I'll clean it up and break out the CSS later

Any help is appreciated, thank you very much.

Code:

<html>
  <head>
    <title>Car checkout</title>
  </head>
  <body>
    <h1>Check in or check out a car</h1>
    <?php
      $link = mysql_connect ("localhost", "root", "root");
      mysql_select_db ("najah");
      
      print ("<form action=\"http://localhost:8888/final/check2.php\" method=\"get\">");
      print ("<table border='1'>");
      print ("<tr><th>ID</th></tr>");
      print ("<td><input type=\"text\" name=\"idCode\" size=20></td>");
      print ("<td colspan='2' align='center'>Search<input type=\"checkbox\" name=\"search\" value=\"on\"></td></tr>");
      printf ("<tr><td colspan='6' align='center'><input type=\"submit\" value=\"Search Database\"></td></tr></table></form>");
      
      $iGet = $_GET['idCode'];
      
      //$ids = $_GET['ids'];
      //$carnames = $_GET['carnames'];
      //$totals = $_GET['totals'];
      //$availables = $_GET['availables'];
      
      $search = $_GET['search'];
      
      if ($search == "on")
      {
      		echo "Selecting from car where ID = $iGet";
			$query = "SELECT * from car WHERE ID='$iGet'";
      		$result = mysql_query ($query);
      }
      
      $modify = $_GET['modify'];
      
      if ($modify == "modify")
        {
          echo "working";
          //$query = "update xxyyppeople SET pe_CARNAME='$carnames[$i]', pe_FUELTYPE='$fueltypes[$i]', pe_TRANSMISSION='$transmissions[$i]', pe_ENGINESIZE='$enginesizes[$i]', pe_DOORS='$doors[$i]', pe_TOTAL='$totals[$i]', pe_AVAILABLE='$availables[$i]', pe_DATEADDED='$dateaddeds[$i]' where pe_ID = $id[$i]";
          $query = "UPDATE car SET AVAILABLE='$availables', WHERE ID='$iGet'";
          $result2 = mysql_query ($query);
        }
        
        //if ($modify [$i] == "modify")
        //{
          //mysql_query("UPDATE car SET AVAILABLE='$availables', WHERE ID='$iGet'";
        //}
      
      //$result = mysql_query("SELECT * FROM car WHERE ID=iGet");
      

      print ("<form action=\"http://localhost:8888/final/\" method=\"get\">");
      print "<table>";
      print "<tr>";
      print "<th>ID</th><th>Car Name</th><th>Fuel Type</th><th>Transmission</th><th>Engine Size</th><th>Doors</th><th>Total</th><th>Available</th><th>Date Added</th>";
      print "</tr>";
      for ($i = 0; $i < mysql_num_rows ($result); $i ++)
      {        
        $row = mysql_fetch_object ($result);
        $availables = $_GET['availables'];
        print "<tr>";
        print "<td>$row->ID</td>";
        print "<td>$row->CARNAME</td>";
        print "<td>$row->FUELTYPE</td>";
        print "<td>$row->TRANSMISSION</td>";
        print "<td>$row->ENGINESIZE</td>";
        print "<td>$row->DOORS</td>";
        print "<td>$row->TOTAL</td>";
        printf ("<td><input type='text' name='availables[$i]' value='%s' size='4'></td>", $row->AVAILABLE);
        print "<td>$row->DATEADDED</td>";
        printf ("<td>Modify <input type='checkbox' name='modify' value='modify'></td>");
        print "</tr>";
      }
      print "</table>";
      printf ("<tr><td colspan='6' align='center'><input type=\"submit\" value=\"Update Database\"></td></tr></table></form>");
      
      mysql_close ($link);
    ?>
  </body>
</html>

harpster · Nov 29, 2010

In the Update query I don't think you need the comma after $availables, try removing that.

A few things you can/should do during development.

1. In your query add the "or die (mysql_error()" as should below. That will usually output a message if the query if is failing.

$result2 = mysql_query($query) or die (mysql_error());

2. Double check your database fields AVAILABLE and ID in phpMyAdmin to make sure they are correct (spelling and data) and also echo out the variable $availables before the query to see if it contains the expected data.

echo $availables; exit;

harpster · Nov 29, 2010

This is NOT the problem you mentioned but in your code for the form I see you are referencing the http://localhost:8888/. You really should do that because then the code is not transferable to another web server. You should be able to just do something like this.

print '<form action= "final.php" method="get">';

Assuming final.php is in the same directory as the running script. Or could be final/processForm.php - something like that.

If you want to submit the form to itself (the running script) which is commonly done do this:

?>
<!===== My Form ===============>
<form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<?php

angelwatt · Nov 29, 2010

In your for loop you have, $i ++. Don't put a space in there. To reduce the number of print statements, look into how to use the heredoc syntax. You make use of the variable, $availables, but you also have it commented out where it is declared. You might want to check out the PHP error log file to see if there are any messages that help you determine why your code is not working.

I also hope your professor will teach you about SQL-injection vulnerabilities as your code has big holes that could easily compromise your database.

PHP and MySQL problem

nick9191 macrumors 68040

Attached Files:

pic1.png

pic2.png

harpster macrumors regular

harpster macrumors regular

angelwatt Moderator emeritus

Share This Page

Touch Arcade

YouTube

Useful Searches

PHP and MySQL problem

nick9191 macrumors 68040

Attached Files:

pic1.png

pic2.png

harpster macrumors regular

harpster macrumors regular

angelwatt Moderator emeritus

Share This Page