SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Evangelist
    Join Date
    Aug 2005
    Posts
    573
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Need help persisting data for an edit form

    I was exposed to using PHP to process a form a couple of years ago but haven't used it since so I'm very rusty. I have my "add" page working but don't remember how to get the data to carry over so it displays in the "edit" form. Here's how "add" starts:

    HTML Code:
    <form action="addClientDemo-process.php" method="post" name="addClient">
    
    <fieldset>
    <legend><span class="bluePopupLabels">Personal Info</span></legend>
    <table border="0" cellpadding="0" cellspacing="0" class="">
    		<tr class="brownLabels">
    			<td><span class="requiredAlwaysStar">*</span></td>
    			<td><label for="firstName">First name: <?php if(isset($f_addClientDemo["firstName"]) && empty($f_addClientDemo["firstName"])) echo "<span class='redTextBold'> X</span>"; ?></label></td>
    			<td><input type="text" id="firstName" tabindex="1" name="f_addClientDemo[firstName]" value='<?php if(isset($f_addClientDemo["firstName"])) echo $f_addClientDemo["firstName"];?>' /></td>
    
    etc.
    Here's addClientDemo-process.php:

    PHP Code:
    <?php

        
    include_once "local.cfg.php";
        include_once 
    INCLUDE_DIR."common.php";

        
    //get data from form
        
    $f_addClientDemo g_getVar("f_addClientDemo");
        
    $f_addClientDemo["birthday"] = g_getVar("birthday");
        
    $clientid client_addDemo($f_addClientDemo);
        if(
    $clientid) {
            
    //success, redirect to edit page
            
    g_goto("popups.php?popupContent=editClient&clientid=".$clientid);
        } else {
            
    //put info we got from form in a session
            
    $_SESSION["f_addClientDemo"] = $f_addClientDemo;
            
            
    //redirect to form page
            
    g_goto("popups.php?popupContent=addClient");
        }
    ?>
    Here are the common functions that are used in addClientDemo-process.php:

    PHP Code:
    <?php

    //get config
    include_once "config.php";


    include_once 
    FUNCTION_DIR."client.fnc.php";
    include_once 
    FUNCTION_DIR."libraries.fnc.php";
    include_once 
    FUNCTION_DIR."providers.fnc.php";

    session_start();

    //connect to the database
    if(DBNAME != "") {
        
    //connect to the base
        
    if(!($db = @mysql_pconnect(DBHOSTDBUSERDBPASS)))        //connect to base host
            
    die("Cannot connect to the base server.");
        if(!@
    mysql_select_db(DBNAME$db)) //select base
            
    die("Database doesn't exist!!!");
    }


    function 
    g_getVar($name$default null$restrict "spcg") {
        
        if(isset(
    $_SESSION[$name]) && strstr($restrict"s"))
            return 
    $_SESSION[$name];
        elseif(isset(
    $_POST[$name]) && strstr($restrict"p"))
            return 
    $_POST[$name];
        elseif(isset(
    $_COOKIE[$name]) && strstr($restrict"c"))
            return 
    $_COOKIE[$name];
        elseif(isset(
    $_GET[$name]) && strstr($restrict"g"))
            return 
    $_GET[$name];
        else
            return 
    $default;
    }
    //g_getVar


    function g_goto($page) {
        if(
    $_COOKIE[session_name()]) {
            
    $tmp "Location: $page";
        } else {
            if(
    strstr($page"?"))
                
    $tmp "Location: $page&".session_name()."=".session_id();
            else
                
    $tmp "Location: $page?".session_name()."=".session_id();
        }

        
    Header($tmp);

        
    //do the exit to make sure that header location is enforced immediately
        
    exit;
    }
    //g_goto


    function set_error($msg$success false) {
        if(
    $success){
            
    $error = array();
            
    $error["Message"] = $msg;
            
    $error["Success"] = "Success";
            
    $_SESSION["error"] = $error;
        } else
            
    $_SESSION["error"] = $msg;
        return 
    true;
    }
    //set_error


    function get_error($display false) {
                if(isset(
    $_SESSION["error"])) {
                     
    $tmp_error $_SESSION["error"];
                     unset(
    $_SESSION["error"]);
                     if(
    $display !== false)
                     echo 
    $tmp_error;
                } else {
                     
    $tmp_error null;
                }
                return 
    $tmp_error;
    }
    //get_error


    function my_query($sql) {

        GLOBAL 
    $_SERVER;
        GLOBAL 
    $db;

        if((
    $result = @mysql_query($sql,$db)) == 0)  {    //Execute SQL query
        
            
    echo "\n<hr />Database error: <strong>".mysql_error()."</strong><br /><br />\n";
            die(
    "Query was (<strong>$sql</strong>) in file <strong>".$_SERVER['PHP_SELF']."</strong>");
        }
        else
            return 
    $result;
    }
    //my_query

    ?>
    And the SQL statements:

    PHP Code:
    <?php

    define
    ("CLIENT_ERROR_ADD_NOFIRSTNAME""Please enter the client's first name.");
    define("CLIENT_ERROR_ADD_NOLASTNAME""Please enter the client's last name.");


    function 
    client_addDemo($data) {
        
    $error = array();
        
        if(
    $data["firstName"] == "") {
            
    $error[] = CLIENT_ERROR_ADD_NOFIRSTNAME;
        }
        
        if(
    $data["lastName"] == "")    {
            
    $error[] = (CLIENT_ERROR_ADD_NOLASTNAME);
        }    
            
        if(!empty(
    $error)) {
            
    set_error($error);
            return 
    false;
        } 

        
    $sql "INSERT INTO ".TABLE_CLIENT." SET";
        
    $sql .= " firstName = '".$data["firstName"]."'";
        
    $sql .= ", middleName = '".$data["middleName"]."'";
        
    $sql .= ", lastName = '".$data["lastName"]."'";
        
    $sql .= ", address1 = '".$data["address1"]."'";
        
    $sql .= ", address2 = '".$data["address2"]."'";
        
    $sql .= ", city = '".$data["city"]."'";
        
    $sql .= ", state = '".$data["state"]."'";
        
    $sql .= ", zip = '".$data["zip"]."'";
        
    $sql .= ", birthday = '".$data["birthday"]."'";
        
    $sql .= ", ssn = '".$data["ssn"]."'";
        if(
    $data["sex"] != "")
            
    $sql .= ", sex = '".$data["sex"]."'";
        
    $sql .= ", phoneCell = '".$data["phoneCell"]."'";
        
    $sql .= ", phoneHome = '".$data["phoneHome"]."'";
        
    $sql .= ", phoneWork = '".$data["phoneWork"]."'";
        
    $sql .= ", phoneOther = '".$data["phoneOther"]."'";
        
    $sql .= ", fax = '".$data["fax"]."'";
        
    $sql .= ", email1 = '".$data["email1"]."'";
        
    $sql .= ", email2 = '".$data["email2"]."'";
        
    $sql .= ", emergFirstName = '".$data["emergFirstName"]."'";
        
    $sql .= ", emergLastName = '".$data["emergLastName"]."'";
        
    $sql .= ", emergPhone1 = '".$data["emergPhone1"]."'";
        
    $sql .= ", emergPhone2 = '".$data["emergPhone2"]."'";
        
    $sql .= ", emergRelationship = '".$data["emergRelationship"]."'";
        
    $sql .= ", notes = '".$data["notes"]."'";
        
    $sql .= ", status = '1'";

        
    my_query($sql);
        
        
    $sql "SELECT LAST_INSERT_ID() as ClientID";
        
        
    $result my_query($sql);
        
        
    $id mysql_fetch_assoc($result);
        
        if(
    $id["ClientID"] != "")
        {
            for(
    $i 0$i count($data["ProviderID"]); $i++)
            {
                
    $sql "INSERT INTO ".TABLE_CLIENT_2_PROVIDER." SET";
                
    $sql .= " ClientID = '".$id["ClientID"]."'";
                
    $sql .= ", ProviderID = '".$data["ProviderID"][$i]."'";
                
                
    my_query($sql);
            }        
        }

        return 
    $id["ClientID"];
    }
    //client_addDemo

    ?>
    When the add form is submitted, it goes to the edit page, which starts like this:

    PHP Code:
    <form action="editClientDemo-process.php" method="post" name="editClient">

    <fieldset>
    <legend><span class="bluePopupLabels">Personal Info</span></legend>

    <?php echo "clientid= " $clientid;?>
    <?php 
    echo "<br />Hello! f_addClientDemo = " $f_addClientDemo "sql is: " $sql?>
    <table border="0" cellpadding="0" cellspacing="0" class="">
            <tr class="brownLabels">
                <td><span class="requiredAlwaysStar">*</span></td>
                <td><label for="firstName">First name: <?php if(isset($f_addClientDemo["firstName"]) && empty($f_addClientDemo["firstName"])) echo "<span class='redTextBold'> X</span>"?></label></td>
                <td><input type="text" id="firstName" tabindex="1" name="f_addClientDemo[firstName]" value='<?php if(isset($f_addClientDemo["firstName"])) echo $f_addClientDemo["firstName"];?>' /></td>
    etc.
    The value of $clientid echos but nothing else does. What do I need to do to get, for example, the value of $f_addClientDemo["firstName"] to carry over to this page?

  2. #2
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Not sure what you mean by it goes to the edit page when submitted? But I assume the $clientid comes from user request. In which case you have to read the $clientid related data from database and display it in form.
    Saul

  3. #3
    SitePoint Evangelist
    Join Date
    Aug 2005
    Posts
    573
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    If there are no errors, it gets directed to the edit page here:

    PHP Code:
    if($clientid) {
            
    g_goto("popups.php?popupContent=editClient&clientid=".$clientid);

    popups.php has some switch statements that direct it to a page just like the add page except that the values are supposed to be populated. How do I grab the $clientid related data? I thought it would be in $f_addClientDemo but when I echo that, it's empty - not carrying over.

  4. #4
    SitePoint Wizard Young Twig's Avatar
    Join Date
    Dec 2003
    Location
    Albany, New York
    Posts
    1,355
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Clientid is "transferred over" because it's in the query string ($_GET).

    The things you submitted in your form ($_POST) get lost when you redirect using header('Location: ...').

  5. #5
    SitePoint Evangelist
    Join Date
    Aug 2005
    Posts
    573
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, so it sounds like I need a session variable? Like maybe in my "success" condition:

    PHP Code:
        if($clientid) {
            
    $_SESSION["f_addClientDemo"] = $f_addClientDemo;
            
    g_goto("popups.php?popupContent=editClient&clientid=".$clientid);
        } 
    I also added this to the edit page:

    PHP Code:
    if($clientid){
        echo 
    "Ok so far";
        
    $sql "SELECT * FROM ".TABLE_CLIENT." WHERE clientID = $clientid";
        
    my_query($sql);
        
        
    $result my_query($sql);
        echo 
    $result;
        } 
    The value of $result is something like "Resource id #52". I'm not sure what to do with that. I had someone helping me write the add part and I'm trying to take what she wrote and figure out how to write the edit section on my own and I'm having trouble. Even with the above, I can't seem to come up with anything that will give me the value for $_SESSION["f_addClientDemo"]["firstName"]. Help?

  6. #6
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Code php:
    if($clientid){
            echo "Ok so far";
            $clientid=(int)$_GET['clientid'];
            $sql = "SELECT * FROM ".TABLE_CLIENT." WHERE clientID = $clientid";
     
            $result = mysql_query($sql);
            $row=mysql_fetch_array($result);
     
            print_r($row);
    }
    Saul

  7. #7
    SitePoint Evangelist
    Join Date
    Aug 2005
    Posts
    573
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yes. Works. Thanks so much. Couldn't figure out that last piece.

  8. #8
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Just on a side note, I encourage you to use mysql_real_escape_string or data type forcing (as per my snippet) on all user input, to protect yourself from exploit attempts.
    Saul

  9. #9
    SitePoint Evangelist
    Join Date
    Aug 2005
    Posts
    573
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the tip. To be honest, I haven't done the research on security issues yet. Eventually the whole site will be password protected and on an SSL. Is the mysql_real_escape_string still a good idea?

  10. #10
    ✯✯✯ silver trophybronze trophy php_daemon's Avatar
    Join Date
    Mar 2006
    Posts
    5,284
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Definitely, yes. SSL will not be much of help for that, it's more to protect your users, not you. Leaving the validation out will only get you into trouble.
    Saul

  11. #11
    SitePoint Evangelist
    Join Date
    Aug 2005
    Posts
    573
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Ok, thanks.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •