Good day!
I add code for htmlentities and mysql_real_escape_string because my boss told me.
But in my machine1.php when I add htmlentities() code I got some notice
Notice: Undefined variable: emp_id in C:\xampp\htdocs\machine_1\machine1.php on line 86
Notice: Undefined variable: lname in C:\xampp\htdocs\machine_1\machine1.php on line 87
Notice: Undefined variable: fname in C:\xampp\htdocs\machine_1\machine1.php on line 88
Notice: Undefined variable: bday in C:\xampp\htdocs\machine_1\machine1.php on line 89
here is my machine1.php
<?php
session_start();
if(empty($_SESSION['logged_in'])) {
header('Location:index.php');
die();
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>Untitled Document</title>
</head>
<body>
<form name="machine1" action="machine1.php" method="post">
<p>
<?php
$sort = "ASC";
$data_sort = "Emp_ID";
if(isset($_GET['sorting']))
{
if($_GET['sorting'] == 'ASC'){
$sort = "DESC";
}
else{
$sort = "ASC";
}
}
if (isset($_GET['field_name'])) {
if($_GET['field_name'] == 'Emp_ID'){
$data_sort = "Emp_ID";
}
elseif($_GET['field_name'] == 'Last_Name'){
$data_sort = "Last_Name";
}
elseif($_GET['field_name'] == 'First_Name'){
$data_sort = "First_Name";
}
elseif($_GET['field_name'] == 'Birthday'){
$data_sort = "Birthday";
}
}
?>
<a href="logout.php">Sign Out</a> </p>
<table border="1">
<tr>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Emp_ID">Emp ID</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Last_Name">Last Name</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=First_Name">First Name</a></td>
<td><a href="machine1.php?sorting=<?php echo $sort; ?>&field_name=Birthday">Birthday</a></td>
<td>Option</td>
</tr>
<?php
include 'connection.php';
if (isset($_GET['pageno'])) {
$pageno = $_GET['pageno'];
} else {
$pageno = 1;
}
$query = "SELECT count(*) FROM tbl_machine1";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);
$query_data = mysql_fetch_row($result);
$numrows = $query_data[0];
$rows_per_page = 5;
$lastpage = ceil($numrows/$rows_per_page);
$pageno = (int)$pageno;
if ($pageno > $lastpage) {
$pageno = $lastpage;
}
if ($pageno < 1) {
$pageno = 1;
}
$limit = 'LIMIT ' .($pageno - 1) * $rows_per_page .',' .$rows_per_page;
$emp_id = htmlentities($emp_id);
$lname = htmlentities($lname);
$fname = htmlentities($fname);
$bday = htmlentities($bday);
$query = "SELECT * FROM tbl_machine1 ORDER BY $data_sort $sort $limit";
$result = mysql_query($query) or trigger_error("SQL", E_USER_ERROR);
while($info = mysql_fetch_array( $result ))
{
$emp_id = $info['Emp_ID'];
$lname = $info['Last_Name'];
$fname = $info['First_Name'];
$bday = $info['Birthday'];
$date = date('d-m-Y', strtotime($bday));
?>
<tr>
<td><?php echo $emp_id;?> </td>
<td><?php echo $lname;?> </td>
<td><?php echo $fname;?> </td>
<td><?php echo $date;?> </td>
<td><a href = 'edit.php?id=<?php echo $emp_id; ?>'>Edit</a> <a href='delete.php?id=<?php echo $emp_id; ?>' onClick="return confirm('Are you sure you want to delete?')">Delete</a></td>
</tr>
<?php
}
?>
</table>
<A HREF="javascript:void(0)" onClick="window.open('add.php','welcome','width=300,height=200')">
<input type="button" name="add" value="ADD"> </A>
<?php
if(isset($_GET['sorting']))
{
if($_GET['sorting'] == 'ASC'){
$sort = "ASC";
}
else{
$sort = "DESC";
}
}
if ($pageno == 1) {
echo " FIRST PREV ";
} else {
?>
<a href="machine1.php?pageno=1&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">FIRST</a>
<?php
$prevpage = $pageno-1;
?>
<a href="machine1.php?pageno=<?php echo $prevpage;?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">PREV</a>
<?php
}
echo " ( Page $pageno of $lastpage ) ";
if ($pageno == $lastpage) {
echo " NEXT LAST ";
} else {
$nextpage = $pageno+1;
?>
<a href="machine1.php?pageno=<?php echo $nextpage; ?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">NEXT</a>
<a href="machine1.php?pageno=<?php echo $lastpage; ?>&field_name=<?php echo $data_sort; ?>&sorting=<?php echo $sort; ?>">LAST</a>
<?php
}
?>
</body>
</html>
then in my edit.php the htmlentities did not work and when I edit my data and I add " at the end of the lastname like for example Amy" and I click the update button the display is Amy" and when I tried to edit again the " did not appear. Also the date when I click edit button the date appear in textbox as YYYY-MM-DD that should be DD-MM-YYYY and when I edit the date the display data is DD-MM-YYYY which is correct my only problem in date is when it display in edit.
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<body>
<form method="post" action="" name="edit">
<?php
error_reporting(0);
include 'connection.php';
$id=$_GET['id'];
$lname = htmlentities($lname);
$fname = htmlentities($fname);
$bday = htmlentities($bday);
$data_p = mysql_query("SELECT * FROM tbl_machine1 WHERE Emp_ID = $id") or die(mysql_error());
while($info = mysql_fetch_array( $data_p ))
{
$emp_id = $info['Emp_ID'];
$lname = $info['Last_Name'];
$fname = $info['First_Name'];
$bday = $info['Birthday'];
$date = date('Y-m-d', strtotime($bday));
}
?>
Last Name: <input type="text" name="Last_Name" id="Last_Name" value="<?php echo $lname; ?>"><br/><br/>
First Name: <input type="text" name="First_Name" id="First_Name" value="<?php echo $fname; ?>"><br/><br/>
Birthday: <input type="text" name="date" id="date" value="<?php echo $date; ?>"><br/><br/>
<input type="submit" name="update" value="UPDATE">
</form>
</body>
</html>
<?php
mysql_connect("localhost", "root", "") or die(mysql_error());
mysql_select_db("db_machine1") or die(mysql_error());
//$timestamp = strtotime('%e/%m/%Y');
if(isset($_POST['update'])){
$id=$_GET['id'];
$Lname=$_POST['Last_Name'];
$Fname=$_POST['First_Name'];
$bday=$_POST['date'];
$date = date('Y-m-d', strtotime($bday));
$Lname = mysql_real_escape_string($Lname);
$Fname = mysql_real_escape_string($Fname);
$date = mysql_real_escape_string($date);
mysql_query("UPDATE tbl_machine1 SET Last_Name = '".$Lname."', First_Name = '".$Fname."', Birthday = '".$date."' WHERE Emp_ID = '".$id."' ");
header ('Location:machine1.php');
}
?>
Kindly help me to check my syntax
Thank you