2

I have a small form for updating existing records.

enter image description here

I'm loading the Service IDs to the dropdown box using PHP. And when the user clicks the Load button, it is supposed to display the other details related to that ID in the textboxes below. Here is the code I have so far.

<html>
<head>
</head>
<body>

<?php
//Database initialization
require_once("db_handler.php");

$conn = iniCon();
$db = selectDB($conn);

$query = "SELECT * FROM taxi_services ORDER BY SID";
$result2 = mysql_query($query, $conn);

?>

<div id="upserv">
<b id="caption2">Update location</b>
<br/><br/>
    <form name="upServForm" action="<?php echo $PHP_SELF; ?>" method="post" >
        <?php
        $dropdown = "<select name='codes'>";
        while($row = mysql_fetch_assoc($result2)) 
        {
            $dropdown .= "\r\n<option value='{$row['SID']}'>{$row['SID']}</option>";
        }
        $dropdown .= "\r\n</select>";
    ?>
     Service ID  <?php echo $dropdown; ?> <input type="submit" value="Load" name="loadbtn">
        <table width="300" border="0">
          <tr>
            <td>Name</td>
            <td><input type="text" name="upName" style="text-align:right" value="<? echo $savedName; ?>" /></td>
          </tr>
          <tr>
            <td>Cost</td>
            <td><input type="text" name="upCost" style="text-align:right" value="<? echo $savedCost; ?>" /></td>
          </tr>
          <tr>
            <td>Active</td>
            <td><input type="checkbox" name="upActive" value="<? echo $savedActive; ?>" /></td>
          </tr>
        </table>
</div>
<br/>
<div id="buttons">
    <input type="reset" value="Clear" /> <input type="submit" value="Save" name="updatebtn" />
</div>
    </form>

<?php

if(isset($_POST["loadbtn"]))
{
    $id = $_POST["codes"];

    $query = "SELECT Name, Cost, Active FROM taxi_services WHERE SID = '$id' ";
    $result = mysql_query($query, $conn);
    $details = mysql_fetch_array($result);

    $savedName = $details["Name"];
    $savedCost = $details["Cost"];
    $savedActive = $details["Active"];
}

?>

</body>
</html>

The query gets executed just fine but the data doesn't get displayed in the textboxes. Can anyone please tell me what I am missing here?

Thank you.

Improve this question
3
  • can you show the db table structure too Commented Jun 30, 2012 at 10:07
  • 1
    I THINK your server doesn't support short tags. In other words, replace <? with <?php Commented Jun 30, 2012 at 10:08
  • @diEcho here it is. @Adnan I tried with <?php ?> too but to no avail. Commented Jun 30, 2012 at 10:13

1 Answer 1

Reset to default
3

Your query has to be before the output:

Also note the typecast (integer) of the id to secure against sql injections.

Also note the security issues with $PHP_SELF http://php.about.com/od/learnphp/qt/_SERVER_PHP.htm I changed the code to $_SERVER['SCRIPT_NAME']

ALso note to not use register_globals and disable it in the configuration if you can (use $_SERVER['SCRIPT_NAME'] instead of$SCRIPT_NAME`) : http://www.php.net/manual/en/security.globals.php

If you learn php from a book and this is based on sourcecode out of this book you should throw it away immediately.

<?php

//Database initialization
require_once("db_handler.php");

$conn = iniCon();
$db = selectDB($conn);

$query = "SELECT * FROM taxi_services ORDER BY SID";
$result2 = mysql_query($query, $conn);

if(isset($_POST["loadbtn"]))
{
    $id = (integer) $_POST["codes"];

    $query = "SELECT Name, Cost, Active FROM taxi_services WHERE SID = '$id' ";
    $result = mysql_query($query, $conn);
    $details = mysql_fetch_array($result);

    $savedName = $details["Name"];
    $savedCost = $details["Cost"];
    $savedActive = $details["Active"];
}

?>

<html>
<head>
</head>
<body>

<div id="upserv">
<b id="caption2">Update location</b>
<br/><br/>
    <form name="upServForm" action="<?php echo $_SERVER['SCRIPT_NAME']; ?>" method="post" >
        <?php
        $dropdown = "<select name='codes'>";
        while($row = mysql_fetch_assoc($result2)) 
        {
            $dropdown .= "\r\n<option value='{$row['SID']}'>{$row['SID']}</option>";
        }
        $dropdown .= "\r\n</select>";
    ?>
     Service ID  <?php echo $dropdown; ?> <input type="submit" value="Load" name="loadbtn">
        <table width="300" border="0">
          <tr>
            <td>Name</td>
            <td><input type="text" name="upName" style="text-align:right" value="<? echo $savedName; ?>" /></td>
          </tr>
          <tr>
            <td>Cost</td>
            <td><input type="text" name="upCost" style="text-align:right" value="<? echo $savedCost; ?>" /></td>
          </tr>
          <tr>
            <td>Active</td>
            <td><input type="checkbox" name="upActive" value="<? echo $savedActive; ?>" /></td>
          </tr>
        </table>
</div>
<br/>
<div id="buttons">
    <input type="reset" value="Clear" /> <input type="submit" value="Save" name="updatebtn" />
</div>
    </form>

</body>
</html>
Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

You're right! That was the case. And thank you for the tip on SQLi.
@nK0de SQLi is not the right term it refers to the "new" MySQL php Extension: de2.php.net/mysqli please don't forget to mark the question answered :-)
Right. Got it. I always do, just had to wait till the 15 minute time limit is up. :)
@nK0de $PHP_SELF is a bad idea. There are security issues with it: php.about.com/od/learnphp/qt/_SERVER_PHP.htm
@Thomas yes, I usually use external PHP files. This page is just a small front-end to a database that only I will be using. It will not be open to the public. So I'm not developing with security in mind too much. :)

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.