PHP and MySQL problem

Discussion in 'Web Design and Development' started by nick9191, Nov 29, 2010.

  1. nick9191 macrumors 68040

    Joined:
    Feb 17, 2008
    Location:
    Britain
    #1
    I have a piece of PHP code I'm writing for a Uni assignment, I'm hoping you can guess the functionality from the 2 attached screenshots. Basically, input an ID of a car, it searches the database, retrieves and displays the info. That bit is fine. The user should then be able to change the available field and update the database, I can't get that working.

    Excuse the mucky code, comments, bad web design. Obviously this is in development, I'll clean it up and break out the CSS later :)

    Any help is appreciated, thank you very much.

    Code:
    <html>
      <head>
        <title>Car checkout</title>
      </head>
      <body>
        <h1>Check in or check out a car</h1>
        <?php
          $link = mysql_connect ("localhost", "root", "root");
          mysql_select_db ("najah");
          
          print ("<form action=\"http://localhost:8888/final/check2.php\" method=\"get\">");
          print ("<table border='1'>");
          print ("<tr><th>ID</th></tr>");
          print ("<td><input type=\"text\" name=\"idCode\" size=20></td>");
          print ("<td colspan='2' align='center'>Search<input type=\"checkbox\" name=\"search\" value=\"on\"></td></tr>");
          printf ("<tr><td colspan='6' align='center'><input type=\"submit\" value=\"Search Database\"></td></tr></table></form>");
          
          $iGet = $_GET['idCode'];
          
          //$ids = $_GET['ids'];
          //$carnames = $_GET['carnames'];
          //$totals = $_GET['totals'];
          //$availables = $_GET['availables'];
          
          $search = $_GET['search'];
          
          if ($search == "on")
          {
          		echo "Selecting from car where ID = $iGet";
    			$query = "SELECT * from car WHERE ID='$iGet'";
          		$result = mysql_query ($query);
          }
          
          $modify = $_GET['modify'];
          
          if ($modify == "modify")
            {
              echo "working";
              //$query = "update xxyyppeople SET pe_CARNAME='$carnames[$i]', pe_FUELTYPE='$fueltypes[$i]', pe_TRANSMISSION='$transmissions[$i]', pe_ENGINESIZE='$enginesizes[$i]', pe_DOORS='$doors[$i]', pe_TOTAL='$totals[$i]', pe_AVAILABLE='$availables[$i]', pe_DATEADDED='$dateaddeds[$i]' where pe_ID = $id[$i]";
              $query = "UPDATE car SET AVAILABLE='$availables', WHERE ID='$iGet'";
              $result2 = mysql_query ($query);
            }
            
            //if ($modify [$i] == "modify")
            //{
              //mysql_query("UPDATE car SET AVAILABLE='$availables', WHERE ID='$iGet'";
            //}
          
          //$result = mysql_query("SELECT * FROM car WHERE ID=iGet");
          
    
          print ("<form action=\"http://localhost:8888/final/\" method=\"get\">");
          print "<table>";
          print "<tr>";
          print "<th>ID</th><th>Car Name</th><th>Fuel Type</th><th>Transmission</th><th>Engine Size</th><th>Doors</th><th>Total</th><th>Available</th><th>Date Added</th>";
          print "</tr>";
          for ($i = 0; $i < mysql_num_rows ($result); $i ++)
          {        
            $row = mysql_fetch_object ($result);
            $availables = $_GET['availables'];
            print "<tr>";
            print "<td>$row->ID</td>";
            print "<td>$row->CARNAME</td>";
            print "<td>$row->FUELTYPE</td>";
            print "<td>$row->TRANSMISSION</td>";
            print "<td>$row->ENGINESIZE</td>";
            print "<td>$row->DOORS</td>";
            print "<td>$row->TOTAL</td>";
            printf ("<td><input type='text' name='availables[$i]' value='%s' size='4'></td>", $row->AVAILABLE);
            print "<td>$row->DATEADDED</td>";
            printf ("<td>Modify <input type='checkbox' name='modify' value='modify'></td>");
            print "</tr>";
          }
          print "</table>";
          printf ("<tr><td colspan='6' align='center'><input type=\"submit\" value=\"Update Database\"></td></tr></table></form>");
          
          mysql_close ($link);
        ?>
      </body>
    </html>
     

    Attached Files:

  2. harpster macrumors regular

    Joined:
    Jan 26, 2010
    #2
    In the Update query I don't think you need the comma after $availables, try removing that.

    A few things you can/should do during development.

    1. In your query add the "or die (mysql_error()" as should below. That will usually output a message if the query if is failing.

    $result2 = mysql_query($query) or die (mysql_error());

    2. Double check your database fields AVAILABLE and ID in phpMyAdmin to make sure they are correct (spelling and data) and also echo out the variable $availables before the query to see if it contains the expected data.

    echo $availables; exit;
     
  3. harpster, Nov 29, 2010
    Last edited: Nov 29, 2010

    harpster macrumors regular

    Joined:
    Jan 26, 2010
    #3
    This is NOT the problem you mentioned but in your code for the form I see you are referencing the http://localhost:8888/. You really should do that because then the code is not transferable to another web server. You should be able to just do something like this.

    print '<form action= "final.php" method="get">';

    Assuming final.php is in the same directory as the running script. Or could be final/processForm.php - something like that.

    If you want to submit the form to itself (the running script) which is commonly done do this:

    ?>
    <!===== My Form ===============>
    <form action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
    <?php
     
  4. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #4
    In your for loop you have, $i ++. Don't put a space in there. To reduce the number of print statements, look into how to use the heredoc syntax. You make use of the variable, $availables, but you also have it commented out where it is declared. You might want to check out the PHP error log file to see if there are any messages that help you determine why your code is not working.

    I also hope your professor will teach you about SQL-injection vulnerabilities as your code has big holes that could easily compromise your database.
     

Share This Page