SitePoint Sponsor

User Tag List

Results 1 to 11 of 11

Thread: update to mysql

  1. #1
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    update to mysql

    A little gentle hand holding please.

    I have a page that displays details of an order. The user comes to this page by clicking on order_num from a list page. On this detail page I want the user to be able to update the od_carrier and od_tracking fields. The od_carrier will be either UPS or FEDEX chosen by a select. The od_tracking will be a text field. Can these be in one form with one submit that will update either or both fields? I then need the user to stay on this page.

    I am having trouble accomplishing and need some help:

    My form:
    <form name="carrier" method="post" action="carrier.php">
    <table width="550" border="0" align="center">
    <tr>
    <td width="148">Carrier</td>
    <td width="379"> <select name="carrier">
    <option value="UPS">UPS</option>
    <option value="FEDEX">FEDEX</option>
    </select> <input type="submit" name="Submit" value="Update Carrier"> </td>
    </tr>
    </table>
    </form>

    Which I currently have submitting to carrier.php:
    <?php
    $sql = "UPDATE orders
    SET od_carrier = "".$carrier.""
    WHERE order_num = $orderId";
    ?>

    This doesn't work and I also don't stay on or return to the display page.

    Please help

  2. #2
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You need to pass the orderId to carrier.php so it can use it in that query. Make it a hidden field in your form to carry it from the previous page. After performing your update query (which you need to actually perform, I assume there's more code than shown), redirect back to the view page

    PHP Code:
    header("Location: http://www.example.com/view.php?orderId=" $_POST['orderId']); 

  3. #3
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sorry, I am executing the sql with:
    $result = mysql_query($sql);

    and then I would do the header correct?

    Also, can you give me an example on the hidden for the form?

  4. #4
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Yes that's right

    PHP Code:
    <input type="hidden" name="orderId" value="<?php echo $_GET['orderId']; ?>">

  5. #5
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    I will go forth with a greater understanding now. Thanks

  6. #6
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Still didn't work. Database is not updated. Goes to carrier.php but doesn't return to display.php

    detail.php
    <form name="carrier" method="post" action="carrier.php">
    <input type="hidden" name="orderId" value="<?php echo $_GET['orderId']; ?>">
    <table width="550" border="0" align="center">
    <tr>
    <td width="148">Carrier</td>
    <td width="379"> <select name="carrier">
    <option value="UPS">UPS</option>
    <option value="FEDEX">FEDEX</option>
    </select> <input type="submit" name="Submit" value="Update Carrier"> </td>
    </tr>
    </table>
    </form>

    carrier.php
    <?
    session_start();
    include 'includes/configdb.php';
    include 'includes/opendb.php';

    // save order & get order id
    $sql = "UPDATE orders
    SET od_carrier = "".$carrier.""
    WHERE order_num = $orderId";
    $result = mysql_query($sql);
    header("Location: http://www.mysite.com/displaycart/admin/order/detail.php?orderId=" . $_POST['orderId']);

    ?>

  7. #7
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    carrier.php should error out on the $sql line due to the double double quotes. Once that's fixed, the query won't run because you need single quotes around the value for od_carrier as it's a string type column.

    PHP Code:
    $sql "UPDATE orders SET od_carrier = '" $_POST['carrier'] . "' WHERE order_num = " $_POST['orderId']; 
    It may be a good idea to handle errors rather than ignore them, at least while testing:
    PHP Code:
    $result mysql_query($sql) or die("$sql failed: " mysql_error()); 

  8. #8
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    All is working now except the header. Is there a way to simply return to the previous page with the form(detail.php)? Or maybe can I do the update on that page itself and just stay there?

  9. #9
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Yes, you can post the form to the same page it's on and do the update there.

  10. #10
    SitePoint Enthusiast
    Join Date
    Apr 2006
    Posts
    50
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Dan, I really appreciate the help you are giving. I am not sure on posting the form to the current page (detail.php) so I did a search, but didn't find anything to help. Can you give me some direction? I would guess that I would just say action = " " to use the existing page?

    Also the code I have on the carrier.php page, where does that go on the detail.php page? I guess I do't understand how to call my update query.

  11. #11
    Follow Me On Twitter: @djg gold trophysilver trophybronze trophy Dan Grossman's Avatar
    Join Date
    Aug 2000
    Location
    Philadephia, PA
    Posts
    20,580
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    You should always specify a form action. Either explicitly, with

    HTML Code:
    <form method="post" action="detail.php">
    or through PHP with

    PHP Code:
    <form method="post" action="<?php echo $PHP_SELF?>">
    which will insert the name of the currently running script... which should be identical to typing it yourself.

    As far as where to put the code... I'd place it somewhere before your code that pulls up the order details for display, so that the update occurs first, and the updated information is what is displayed after submitting the form.

    You would want to wrap it in a condition to check that a form has been posted so the UDPATE query only runs when there's something to update:

    PHP Code:
    if (isset($_POST['orderId'])) {
        
    $sql "UPDATE orders SET od_carrier = '" $_POST['carrier'] . "' WHERE order_num = " $_POST['orderId']; 
        
    $result mysql_query($sql) or die("$sql failed: " mysql_error());

    It's important that you use the $_POST and $_GET globals in your code rather than $carrier, $orderId as you were in some of the code you posted, as you need to differentiate between a form being posted and passing the orderId in the URL to the view page.

    One last note... without cleaning user input at all, you're susceptible to SQL injection attacks that could potentially compromise your data or system. mysql_real_escape_string() will protect against most of these potential holes.

    PHP Code:
    if (isset($_POST['orderId']) && is_numeric($_POST['orderId'])) {
        
    $sql "UPDATE orders SET od_carrier = '" mysql_real_escape_string($_POST['carrier']) . "' WHERE order_num = " $_POST['orderId']; 
        
    $result mysql_query($sql) or die("$sql failed: " mysql_error());



Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •