Page 1 of 1

edit don't work

Posted: Thu Jun 23, 2011 2:19 pm
by IvRa
Hello everyone! I wrote code that does not work, and not know what went wrong! :banghead: If anyone knows what the problem, help is welcome! Its function should be a modification of the data entered into the database! Thanks in advance!

Code: Select all

<?php
error_reporting(E_ALL);
ini_set('display_errors', '1');
$prostorija="";
$kolona="";
$red="";
include "connect_to_mysql.php";
if(!isset($_POST['submit'])){
	$qlr = "SELECT * FROM knjige WHERE ID = $_GET[id]";
	$rezultat = mysql_query($qlr);
	$redovi = mysql_fetch_array($rezultat);

}
?>
<html>
<title>Promena podataka</title>
<body>
<div align="center" id="mainWrapper">
  <?php include_once("../baner.php");?>
  <div id="pageContent"><br />
    <div align="right" style="margin-right:32px;"><a href="pokusaj.php#inventoryForm">+ Dodaj novu knjigu</a></div>
<div align="left" style="margin-left:24px;">
      <h2>Lista knjiga</h2>
      
    </div>
    <hr />
    <a name="inventoryForm" id="inventoryForm"></a>
    <h3>
    &darr; Promena podataka o knjizi &darr;
    </h3>
    <form action="pokusaj_edit.php" enctype="multipart/form-data" name="myForm" id="myform" method="post"> <p><strong>Unesite podatke knjige za unos u biblioteku:</strong></p>
  <p><em><strong>Ime knjige: 
        <input name="nazivdela" type="text" value-"<?php echo $redovi['nazivdela'];?>"/>
  </strong></em></p>
  <p><em><strong>
    Prezime autora: 
          <input name="prezimeautora" type="text" value-"<?php echo $redovi['prezimeautora'];?>" />
  </strong></em></p>
  <p><em><strong>Ime autora:
        <input name="imeautora" type="text" value-"<?php echo $redovi['imeautora'];?>"/>
  </strong></em></p>
  <p><em><strong>Izdavac:
        <input name="izdavac" type="text" value-"<?php echo $redovi['izdavac'];?>"/>
  </strong></em></p>
  <p>
  <p><em><strong>Godina izdavanja:
        <input name="godinaizdavanja" type="text"value-"<?php echo $redovi['godinaizdavanja'];?>" />
  </strong></em></p>
  <p>
  <p><em><strong>ISBN broj:
        <input name="ISBNbroj" type="text" value-"<?php echo $redovi['ISBNbroj'];?>"/>
  </strong></em></p>
  <p>
  <p><em><strong>Mesto izdavanja:
        <input name="mestoizdavanja" type="text" value-"<?php echo $redovi['mestoizdavanja'];?>"/>
  </strong></em></p>
  <p>
  <p><em><strong>Oblst:
        <input name="oblast" type="text" value-"<?php echo $redovi['oblast'];?>"/>
  </strong></em></p>
  <p><em><strong>Podoblast:
        <input name="podoblast" type="text" value-"<?php echo $redovi['podoblast'];?>"/>
  </strong></em></p>
  <p>
  <p><em><strong>Prostorija:<label>
      <select name="prostorija"id="prostorija">
        <option value="prostorija"><?php echo $prostorija; ?></option>
      <option value="Prva prostorija">Prva prostorija</option>
      <option value="Druga prostorija">Druga prostorija</option>
      <option value="Treca prostorija">Treca prostorija</option>
      <option value="Cetvrta prostorija">Cetvrta prostorija</option>
      </select>
      </label>
  </strong></em></p>
  <p><em><strong>Kolona:<label>
      <select name="kolona"id="kolona">
        <option value="kolona"><?php echo $kolona; ?></option>
      <option value="Prva kolona">Prva kolona</option>
      <option value="Druga kolona">Druga kolona</option>
      <option value="Treca kolona">Treca kolona</option>
      <option value="Cetvrta kolona">Cetvrta kolona</option>
      </select>
      </label>
  </strong></em></p>
  <p>
<p><em><strong>Red:<label>
      <select name="red"id="red">
        <option value="red"><?php echo $red; ?></option>
      <option value="Prvi red">Prvi red</option>
      <option value="Drugi red">Drugi red</option>
      <option value="Treci red">Treci red</option>
      <option value="Cetvrti red">Cetvrti red</option>
      </select>
      <option value="Treci red">Peti red</option></select>
      <option value="Cetvrti red">Sesti red</option></select>
      </label>
  </strong></em></p>
  <input type="hidden"name="id"value="<?php $_GET['id']; ?>"/>
    <input type="submit" name="submit" type="promeni"/>
</form>
<?php
if(isset($_POST['submit'])){
	$unos = "UPDATE knjige SET nazivdela='$_POST[nazivdela]',prezimeautora='$_POST[prezimeautora] , imeautora='$_POST[imeautora], izdavac='$_POST[izdavac], ISBNbroj='$_POST[ISBNbroj], godinaizdavanja='$_POST[godinaizdavanja], mestoizdavanja='$_POST[mestoizdavanja], oblast='$_POST[obalst], podoblast='$_POST[podoblast], pozicija='$_POST[pozicija], prostorija='$_POST[prostorija], kolona='$_POST[kolona], red='$_POST[red] WHERE ID = $_POST[id]";
mysql_query($unos) or die(mysql_error());
echo "Promenjeni su podaci knjige!";

header("Location: pokusaj.php");
}
?>
    <br />
  <br />
  </div>
</div>
</body>
</html>

Re: edit don't work

Posted: Fri Jun 24, 2011 12:42 am
by social_experiment
The SQL queries created in the script are missing some single quotation marks

Code: Select all

$qlr = "SELECT * FROM knjige WHERE ID = $_GET[id]";
// should be
$qlr = "SELECT * FROM knjige WHERE ID = '" . $_GET['id'] . "' ";
The same problem is evident within the update query. Look at using an escape function to check the data that you enter into the database.

Lastly, what type of error message (if any) are you receiving, it is noteable to see you using error reporting but it would help if you gave any errors that might appear when using the script :)

Re: edit don't work

Posted: Fri Jun 24, 2011 2:48 am
by Idri
Prepared a reply last night but couldn´t post it due to a forum glitch. So here it is again.

Well, looking at things you should have at least some error messages (or at least notices) presented to you.

Anyway, I´d suggest you start looking at where you assign values to the input fields. There´s a '-', where there should be a '=' and it repeats throughout your code.

Code: Select all

        <input name="nazivdela" type="text" value-"<?php echo $redovi['nazivdela'];?>"/>
Also, your hidden field doesn't get its value assigned because you forgot to add the echo.

Code: Select all

<input type="hidden"name="id"value="<?php $_GET['id']; ?>"/>
Secondly, there's an issue with one of your dropdown menus. If you'd apply indentation to your code you'd be able to spot it straight away.

Code: Select all

<select name="red"id="red">
	<option value="red"><?php echo $red; ?></option>
	<option value="Prvi red">Prvi red</option>
	<option value="Drugi red">Drugi red</option>
	<option value="Treci red">Treci red</option>
	<option value="Cetvrti red">Cetvrti red</option>
</select>
<option value="Treci red">Peti red</option></select>
<option value="Cetvrti red">Sesti red</option></select>
Notice anything out of the ordinary?

Also, keep in mind that the current way you're using the header function will not work unless you use an output buffer. (PHP.net - ob_start)
Though I'd suggest you relocate your update logic to the top of the script before you output anything to the screen. You could add an else clause to your existing if statement

Code: Select all

if(!isset($_POST['submit'])){ 
	// your code here 
} else { 
	// update logic goes here 
}
I also noticed that you're using this in your query

Code: Select all

$_POST['prostorija']
. There is no input field present with the specified name, thus you'll get a notice that it's an undefined index.

Last off is a mere piece of advice, your current way of updating is vulnerable to SQL injection, it can also be tricky to debug.
You could use the sprintf function (PHP.net - Sprintf) to clear things up and use the mysql_real_escape_string function (PHP.net - Mysql Real Escape String) to filter your input.
After applying both the code for your update query would look something along the lines of

Code: Select all

$unos = sprintf("UPDATE knjige SET nazivdela= '%s',prezimeautora='%s' , imeautora='%s', WHERE ID = '%s'",
	mysql_real_escape_string($_POST['nazivdela']),
	mysql_real_escape_string($_POST['prezimeautora']),
	mysql_real_escape_string($_POST['imeautora']),
	mysql_real_escape_string($_POST['id'])
	);

Re: edit don't work

Posted: Fri Jun 24, 2011 3:49 am
by IvRa
I have written in a hurry, and it turned out that there are too many errors. With that I almost started to deal with PHP, and it can be seen. :)
I corrected the mistakes that you noticed, but I still had problems. In the end I decided to write new code that works and look like this:

Code: Select all

<?php 
include ("connect_to_mysql.php");
// Script Error Reporting
$listaknjiga="";
$nazivdela = "";
			 $prezimeautora = "";
			 $imeautora = "";
			 $ISBNbroj = "";
			 $oblast = "";
			 $podoblast = "";
			 $prostorija = "";
			 $pozicija = "";
			 $godinaizdavanja = "";
			 $mestoizdavanja = "";
			 $kolona = "";
			 $red = "";
			 $izdavac="";
			 $godinaizdavanja="";
			 $targetID="";
			
error_reporting(E_ALL);
ini_set('display_errors', '1');
?>
<?php 
// Parse the form data and add inventory item to the system
if (isset($_POST['nazivknjige'])) {
	
	$id = mysql_real_escape_string($_POST['id']);
    $nazivdela= mysql_real_escape_string($_POST['nazivdela']);
	$prezimeautora = mysql_real_escape_string($_POST['prezimeautora']);
	$imeautora= mysql_real_escape_string($_POST['imeautora']);
	$ISBNbroj = mysql_real_escape_string($_POST['ISBNbroj']);
	$izdavac = mysql_real_escape_string($_POST['izdavac']);
	$oblast = mysql_real_escape_string($_POST['oblast']);
	$podoblast = mysql_real_escape_string($_POST['podoblast']);
	$prostorija = mysql_real_escape_string($_POST['prostorija']);
	$pozicija = mysql_real_escape_string($_POST['pozicija']);
	$godinaizdavanja = mysql_real_escape_string($_POST['godinaizdavanja']);
	$red = mysql_real_escape_string($_POST['red']);
	$kolona = mysql_real_escape_string($_POST['kolona']);
	$mestoizdavanja = mysql_real_escape_string($_POST['mestoizdavanja']);
	$pozicija="$kolona, $red";
	// See if that product name is an identical match to another product in the system
	$sql = mysql_query("UPDATE products SET nazivdela='$nazivdela', prezimeautora='$prezimeautora', imeautora='$imeautora', ISBNbroj='$ISBNbroj', izdavac='$izdavac', godinaizdavanja='$godinaizdavanja', mestoizdavanja='$mestoizdavanja', oblast='$oblast',podoblast='$podoblast', prostorija='$prostorija',red='$red', kolona='$kolona', pozicija='$pozicija' WHERE id='$id'");
	if ($_FILES['fileField']['tmp_name'] != "") {
	    // Place image in the folder 
	    $newname = "$pid.jpg";
	    move_uploaded_file($_FILES['fileField']['tmp_name'], "../inventory_images/$newname");
	}
	header("location: pokusaj.php"); 
    exit();
}
?>
<?php 
// Gather this product's full information for inserting automatically into the edit form below on page
if (isset($_GET['pid'])) {
	$targetID = $_GET['pid'];
    $sql = mysql_query("SELECT * FROM knjige WHERE id='$targetID' LIMIT 1");
	$productCount = mysql_num_rows($sql); // count the output amount
    if ($productCount > 0) {
	    while($row = mysql_fetch_array($sql)){ 
             
		     $nazivdela = $row['nazivdela'];
			 $prezimeautora = $row['prezimeautora'];
			 $imeautora = $row['imeautora'];
			 $ISBNbroj = $row["ISBNbroj"];
			 $oblast = $row["oblast"];
			 $izdavac = $row["izdavac"];
			 $podoblast = $row["podoblast"];
			 $prostorija = $row["prostorija"];
			 $pozicija = $row["pozicija"];
			 $godinaizdavanja = $row["godinaizdavanja"];
			 $mestoizdavanja = $row["mestoizdavanja"];
			 $kolona = $row["kolona"];
			 $red = $row["red"];
        }
    } else {
	    echo "Ne postoji knjiga sa ovim nazivom.";
		exit();}
}
?>

<html>
<head>
<title>Lista knjiga</title>
<link rel="stylesheet" href="../style/style.css" type="text/css" media="screen" />
</head>

<body>
<div align="center" id="mainWrapper">
  <?php include_once("../baner.php");?>
  <div id="pageContent"><br />
    <div align="right" style="margin-right:32px;"><a href="pokusaj.php#inventoryForm">+ Dodaj novu knjigu</a></div>
<div align="left" style="margin-left:24px;">
      <h2>Lista knjiga</h2>
      <?php echo $listaknjiga; ?>
    </div>
    <hr />
    <a name="listaknjiga" id="listaknjiga"></a>
    <h3>
    &darr; Promena podataka: &darr;
    </h3>
    <form action="pokusaj.php" enctype="multipart/form-data" name="myForm" id="myform" method="post">
    <table width="90%" border="0" cellspacing="0" cellpadding="6">
      <tr>
        <td width="20%" align="right">Naziv dela:</td>
        <td width="80%"><label>
          <input name="nazivdela" type="text" id="nazivdela" size="64" value="<?php echo $nazivdela; ?>" />
        </label></td>
      </tr>
      <tr>
        <td width="20%" align="right">Prezime autora:</td>
        <td width="80%"><label>
          <input name="prezimeautora" type="text" id="prezimeautora" size="64" value="<?php echo $prezimeautora; ?>" />
        </label></td>
      </tr>
      <tr>
        <td width="20%" align="right">Ime autora:</td>
        <td width="80%"><label>
          <input name="imeautora" type="text" id="imeautora" size="64" value="<?php echo $imeautora; ?>" />
        </label></td>
      </tr>
      <tr>
        <td width="20%" align="right">Izdavac:</td>
        <td width="80%"><label>
          <input name="izdavac" type="text" id="izdavac" size="64" value="<?php echo $izdavac; ?>" />
        </label></td>
      </tr>
      <tr>
        <td width="20%" align="right">ISBN broj:</td>
        <td width="80%"><label>
          <input name="ISBNbroj" type="text" id="ISBNbroj" size="64" value="<?php echo $ISBNbroj; ?>" />
        </label></td>
      </tr>
      <tr>
        <td width="20%" align="right">Oblast</td>
        <td width="80%"><label>
          <input name="oblast" type="text" id="oblast" size="64" value="<?php echo $oblast; ?>" />
        </label></td>
      </tr>
      <tr>
        <td width="20%" align="right">Podoblast:</td>
        <td width="80%"><label>
          <input name="podoblast" type="text" id="podoblast" size="64" value="<?php echo $podoblast; ?>" />
        </label></td>
      </tr>
      <tr>
        <td width="20%" align="right">Godina izdavanja</td>
        <td width="80%"><label>
          <input name="godinaizdavanja" type="text" id="godinaizdavanja" size="64" value="<?php echo $godinaizdavanja; ?>" />
        </label></td>
      </tr>
      <tr>
        <td width="20%" align="right">Mesto izdavanja:</td>
        <td width="80%"><label>
          <input name="mestoizdavanja" type="text" id="mestoizdavanja" size="64" value="<?php echo $mestoizdavanja; ?>" />
        </label></td>
      </tr>
      <tr>
        <td align="right">Prostorija:</td>
        <td><select name="prostorija" id="prostorija">
          <option value="<?php echo $prostorija; ?>"><?php echo $prostorija; ?></option>
          <option value="Prva soba">Prva soba</option>
          <option value="Druga soba">Druga soba</option>
          <option value="Treca soba">Treca soba</option>
          </select></td>
      </tr>
      <tr>
        <td align="right">Kolona:</td>
        <td><select name="kolona" id="kolona">
          <option value="<?php echo $kolona; ?>"><?php echo $kolona; ?></option>
          <option value="Prva kolona">Prva kolona</option>
          <option value="Druga kolona">Druga kolona</option>
          <option value="Treca kolona">Treca kolona</option>
          <option value="Cetvrta kolona">Cetvrta kolona</option>
          </select></td>
      </tr>
      <tr>
        <td align="right">Red:</td>
        <td><select name="red" id="red">
          <option value="<?php echo $red; ?>"><?php echo $red; ?></option>
          <option value="Prvi red">Prvi red</option>
          <option value="Drugi red">Drugi red</option>
          <option value="Treci red">Treci red</option>
          <option value="Cetvrti red">Cetvrti red</option>
          </select></td>
      </tr>
      <tr>
        <td>&nbsp;</td>
        <td><label>
          <input name="id" type="hidden" value="<?php echo $targetID; ?>" />
          <input type="submit" name="button" id="button" value="Izvrsi promene" />
        </label></td>
      </tr>
    </table>
    </form>
    <br />
  <br />
</body>
</html>
Thank you all for your effort, you really helped me learn a lot.

Re: edit don't work

Posted: Fri Jun 24, 2011 10:08 am
by IvRa
Now I need a code that will search the whole database (each field in the database) and if it finds a given word, writes an entire row in which the word is located. I wrote something like this, but we reported the following error:

Code: Select all

 <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Rezultat pretrazivanja</title>
</head>
<div align="right" style="margin-right:32px;"><a href="pokusaj.php#listaknjiga">+ Dodaj novu knjigu</a></div>
<body>

<h2>Unesite ime knjige:</h2>
<form action="./pretrazivac.php"metod="get">
<input type="text" name="k" size="50"value="<?php echo $_GET['k'] ?>"/>
<input type="submit" value="Search" />
</form>
<hr/>
<?php 
error_reporting(E_ALL);
ini_set('display_errors', '1');

$k = $_GET['k'];
$tearms="";
$tearms = explode(" ", $k);
$query = "SELECT * FROM knjige";
$i="";
if (count($tearms)>0) {
   $query .= ' WHERE ';

   foreach ($tearms as $each){
       $i++;
       if($i == 1)
          $query .= "nazivdela LIKE '%$each%'  OR prezimeautora LIKE '%$each%' OR imeautora LIKE '%$each%'  OR ISBNbroj LIKE '%$each%' OR izdavac LIKE '%$each%' OR godinaizdavanja LIKE '%$each%' OR mestoizdavanja '%$each%' OR oblast LIKE '%$each%' OR podoblast LIKE '%$each%' OR pozicija LIKE '%$each%' OR prostorija LIKE '%$each%' OR kolona LIKE '%$each%' OR red LIKE '%$each%'";  // i tako za svako polje
       else
          $query .= "OR nazivdela LIKE '%$each%'  OR prezimeautora LIKE '%$each%' OR imeautora LIKE '%$each%'  OR ISBNbroj LIKE '%$each%' OR izdavac LIKE '%$each%' OR godinaizdavanja LIKE '%$each%' OR mestoizdavanja LIKE '%$each%' OR oblast LIKE '%$each%' OR podoblast LIKE '%$each%' OR pozicija LIKE '%$each%' OR prostorija LIKE '%$each%' OR kolona LIKE '%$each%' OR red LIKE '%$each%'";
   }
}


include ("connect_to_mysql.php");
$query = mysql_query($query);
$numrows = mysql_num_rows($query);
if($numrows > 0){
	while($row = mysql_fetch_array($query)){
		 $id = $row["id"];
			 $nazivdela = $row['nazivdela'];
			 $prezimeautora = $row['prezimeautora'];
			 $imeautora = $row['imeautora'];
			 $ISBNbroj = $row["ISBNbroj"];
			 $izdavac = $row["izdavac"];
			 $oblast = $row["oblast"];
			 $podoblast = $row["podoblast"];
			 $prostorija = $row["prostorija"];
			 $pozicija = $row["pozicija"];
			 $godinaizdavanja = $row["godinaizdavanja"];
			 $mestoizdavanja = $row["mestoizdavanja"];
			 $kolona = $row["kolona"];
			 $red = $row["red"];
			 echo "<h2>$nazivdela</h2>
			 -$prezimeautora<br/><br/>-$imeautora
			 <br/><br/>-$prezimeautora<br/><br/>-$izdavac<br/><br/>-$oblast<br/><br/>-$ISBNbroj<br/><br/>-$podoblast<br/><br/>-$pozicija<br/><br/>-$godinaizdavanja<br/><br/>-$mestoizdavanja";
			 }

}
else{
echo "Nije pronadjena!";}
mysql_close();


?>
</body>
</html>
Error msg:

Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Rad\Pokusaj\pretrazivac.php on line 40.

Pls hellp again!

Re: edit don't work

Posted: Fri Jun 24, 2011 10:15 am
by social_experiment
Before you pass $query to the mysql_query function do this : print_r($query); or echo $query and paste the result here. My guess : The query syntax isn't correct.

As per the previous code you pasted, if you move a file after it has been uploaded it is adviseable to use is_uploaded_file() to see if the file has indeed been uploaded via http.

Re: edit don't work

Posted: Fri Jun 24, 2011 10:31 am
by IvRa
I hope you are referring to this:

Code: Select all

include ("connect_to_mysql.php");
print_r($query);
$query = mysql_query($query);
$numrows = mysql_num_rows($query);...
And i get this information:

SELECT * FROM knjige WHERE nazivdela LIKE '%%' OR prezimeautora LIKE '%%' OR imeautora LIKE '%%' OR ISBNbroj LIKE '%%' OR izdavac LIKE '%%' OR godinaizdavanja LIKE '%%' OR mestoizdavanja '%%' OR oblast LIKE '%%' OR podoblast LIKE '%%' OR pozicija LIKE '%%' OR prostorija LIKE '%%' OR kolona LIKE '%%' OR red LIKE '%%'
Warning: mysql_num_rows() expects parameter 1 to be resource, boolean given in C:\xampp\htdocs\Rad\Pokusaj\pretrazivac.php on line 42

Re: edit don't work

Posted: Fri Jun 24, 2011 10:38 am
by social_experiment
IvRa wrote:SELECT * FROM knjige WHERE nazivdela LIKE '%%' OR prezimeautora LIKE '%%' OR imeautora LIKE '%%' OR ISBNbroj LIKE '%%' OR izdavac LIKE '%%' OR godinaizdavanja LIKE '%%' OR mestoizdavanja '%%' OR oblast LIKE '%%' OR podoblast LIKE '%%' OR pozicija LIKE '%%' OR prostorija LIKE '%%' OR kolona LIKE '%%' OR red LIKE '%%'
It looks like the value of $each doesn't get passed along in the query

Re: edit don't work

Posted: Fri Jun 24, 2011 10:44 am
by IvRa
:(
Do you know maybe, how to solve?

Re: edit don't work

Posted: Fri Jun 24, 2011 3:14 pm
by Idri
Just for reference, did you check it having added ?k=something to your URL? I'm assuming you didn't seeing as there's a flaw in your code's logic.

You'll have to keep in mind that explode will always return at least 1 element, albeit an empty one.
You're checking whether or not $tearms contains more than 0 elements, which it always will.

Also, the reason as to why you're getting the MYSQL error is probably because of an error in your query syntax. In order to debug this you'll have to retrieve the error from your database. You can do this by using mysql_error.

Change the line where you execute your query to

Code: Select all

$query = mysql_query($query) or die(mysql_error());
This will output the error with an explanation as to why it doesn't work. Assuming there is one to begin with.

Re: edit don't work

Posted: Fri Jun 24, 2011 9:53 pm
by McInfo
social_experiment wrote:As per the previous code you pasted, if you move a file after it has been uploaded it is adviseable to use is_uploaded_file() to see if the file has indeed been uploaded via http.
PHP Manual: [url=http://www.php.net/manual/en/function.move-uploaded-file.php]move_uploaded_file()[/url] wrote:[move_uploaded_file()] checks to ensure that the file designated by filename is a valid upload file (meaning that it was uploaded via PHP's HTTP POST upload mechanism).

Re: edit don't work

Posted: Sat Jun 25, 2011 10:48 am
by IvRa
I have corrected everything now works all right. Thanks to everyone for their efforts and time invested. Tnx a lot.