PHP MYSQL FORMS

Question

Hi,

I want to use a hyperlink on one page to load details into another form page, and then update a database table using the form field values.

I have 2 php pages. One returning the bet_id of the last 10 records of a MYSQL query and another returning all field values for a specific record into a form, giving the end user the opportunity to update the field values. I can link the two so that when I click on say row 3 (bet_id = 3) of the table in the first page it takes me to the second page using the bet_id '3' in the MYSQL query utilised by the second page, to prepopulate the form fields with the correct values.

What I am having problems with is updating the database with new values I have entered when I hit the 'Update bet' button in the form. The fields I am showing in the page 2 form are 'punter_id' and 'category_id'. Can anyone suggest what might be going wrong? I am not getting any errors when I hit the 'Update bet' button, but the form field values just revert back to what they were originally, and the database table does not get updated by the query declared in $query (see below).

Code included below:

<?php require_once('../Connections/punters_c.php'); ?>
<?php

mysql_select_db($database_punters_c, $punters_c);

$query_Recordset1 = "SELECT bet_id, punter_id,category_id FROM betslip where bet_id =".intval($_REQUEST['bet_id']);
$Recordset1 = mysql_query($query_Recordset1, $punters_c) or die(mysql_error());
$row_Recordset1         = mysql_fetch_assoc($Recordset1);
$totalRows_Recordset1     = mysql_num_rows($Recordset1);


function GetSQLValueString($theValue, $theType, $theDefinedValue = "", $theNotDefinedValue = "") 
{
$theValue = (!get_magic_quotes_gpc()) ? addslashes($theValue) : $theValue;

switch ($theType) {
case "text":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;    
case "long":
case "int":
  $theValue = ($theValue != "") ? intval($theValue) : "NULL";
  break;
case "double":
  $theValue = ($theValue != "") ? "'" . doubleval($theValue) . "'" : "NULL";
  break;
case "date":
  $theValue = ($theValue != "") ? "'" . $theValue . "'" : "NULL";
  break;
case "defined":
  $theValue = ($theValue != "") ? $theDefinedValue : $theNotDefinedValue;
  break;
}
return $theValue;
}
$editFormAction = $_SERVER['PHP_SELF'];
if (isset($_SERVER['QUERY_STRING'])) {
$editFormAction .= "?" . htmlentities($_SERVER['QUERY_STRING']);
}
?>
<?

if ((isset($_POST["apply"])) && ($_POST["apply"] == "update_betslip_detail")){

    $query = sprintf("UPDATE betslip SET category_id = '%d' WHERE bet_id = %d", mysql_real_escape($_POST['category_id']), mysql_real_escape($_POST['bet_id'])
                                                            );

mysql_select_db($database_punters_c, $punters_c);
$Result1 = mysql_query($query, $punters_c) or die('Connection error to MYSQL occurred: '.(mysql_error()));

    header("Location: /update_betslip_test.php");

}
else 
{
    echo "bet detail not updated";
}
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1" />
<title>Untitled Document</title>
</head>

<body>
<form action="<?php echo $editFormAction; ?>" method="POST" enctype="multipart/form-data" name="update_betslip_detail">

<input type="text" name="bet id" id = "bet_id" value="<?php echo  $row_Recordset1['bet_id']; ?>"/>
<input type="text" name="category_id" id = "category_id" value="<?php echo $row_Recordset1['category_id']; ?>"/>


<input type="hidden" name= "apply" value="update_betslip_detail"/>

<input type="submit" value="Update bet"/>
</form>

<p><a href="update_betslip_test.php">Back to Update page </a></p>
</body></html>
<?php
mysql_free_result($Recordset1);
?>

Answer 1

Your pages have a master-detail relationship, correct? In any case I think this line is the problem:

$query = sprintf("UPDATE betslip SET category_id = '%d' WHERE bet_id = %d", mysql_real_escape($_POST['category_id']), mysql_real_escape($_POST['bet_id']));

(1) you are putting quotation marks around numbers, (2) mysql_real_escape() returns a string. So essentially you are trying to put string values into numeric placeholders, which sprintf() will probably ignore. Hence your query probably looks like the following when it's actually executed:

UPDATE betslip SET category_id = '' WHERE bet_id = <number>;

Try changing your code to the following:

$query = sprintf("UPDATE betslip SET category_id = %d WHERE bet_id = %d", intval(mysql_real_escape($_POST['category_id'])), intval(mysql_real_escape($_POST['bet_id'])));

Answer 2

Try removing the following attribute from the form:

enctype="multipart/form-data"

Since you're not uploading any files at the same time you do not need it set. This is a wild guess but I can't see anything else wrong with your code. If the $_POST array is not being filled with keys then you'll never get to your UPDATE query.

The behavior suggest that you are not getting into this block:

if ((isset($_POST["apply"])) && ($_POST["apply"] == "update_betslip_detail")){

So you could also try putting this bit of code before it:

echo '<pre>';
print_r($_POST);
echo '</pre>';
die;

To make sure the array is filled with what you expect.