I finally got the error checks figured out. One character blew me out. syntax is killing me, thanks so much for your efforts. Now I'm stumbling over else statements. I am googling and checking others but could use some suggestions. The "else" code I'm having trouble with ? ================================================================= <input type='submit' name='update' value='Update Record' /> else{echo "No listing for apartment $unit.<br />Please select another.<br />";} } if(!empty($_POST["update"])) { $sql = "UPDATE payments SET PHP: ==================================================================
That snippet of code is way to incomplete to comment on. <input type='submit' name='update' value='Update Record' /> //there is no break from PHP to output the <input>, and it's not echo'd. else{ echo "No listing for apartment $unit.<br />Please select another.<br />"; } } if(!empty($_POST["update"])){ $sql = "UPDATE payments SET // where does this end? PHP:
<?php //Open a new connection to the MySQL server require_once "prerentdb-connect.php"; //MySqli Select Query /* ---------------------------------------- */ $results = $mysqli->query("SELECT * FROM payments"); if (! $results) { echo $mysqli->error; } /* ---------------------------------------- */ ?> <html><body><center><b>Miscellaneous Charges Update</b><br> <form method="post" action="#"><br /> <input type="text" name="unit"/> <p> <input type="submit" name="submit" value="select apartment"/> <table border='1' cellpadding="4"> <thead> <tr> <TH>Dep#</TH> <TH>Tenant</TH> <TH>unit</TH> <TH>Damage Chgs</TH> <TH>Court Costs</TH> <TH>N.S.F.</TH> <TH>Late Chgs</TH> <TH>Sec Deposit</TH> </tr> </thead> <tbody> <?php /* --------------------------------------- */ while($row = mysqli_fetch_array($results)) { if (! $results) { echo $mysqli->error; } /* ---------------------------------------- */ echo "<tr> <td>{$row['dep']}</td> <td>{$row['tenant']}</td> <td>{$row['unit']}</td> <td>{$row['damage']}</td> <td>{$row['month']}</td> <td>{$row['courtcost']}</td> <td>{$row['nsf']}</td> <td>{$row['latechg']}</td> <td>{$row['secdep']}</td> </tr>"; } echo "</table> <input type='submit' name='update' value='Update Record' /> else{echo "No listing for apartment $unit.<br />Please select another.<br />";} } if(!empty($_POST["update"])) { $sql = "UPDATE payments SET tenant = '$tenant', unit = '$unit',damage = '$damage', month = '$month', courtcost = '$courtcost',nsf = '$nsf',latechg = '$latechg',secdep = '$secdep WHERE id='".$_POST['id']."'"; mysql_query($sql) or die(mysql_error()); } echo "Record for unit ".$_POST["unit"]." has been updated"; ?> </form> </center></body></html> PHP:
Here's my version: <?php //Open a new connection to the MySQL server require_once "prerentdb-connect.php"; $flash = []; $update = filter_input(INPUT_POST, 'update'); $post_id = filter_input(INPUT_POST, 'id'); $post_unit = filter_input(INPUT_POST, 'unit'); if(!empty($update)) { $sql = "UPDATE payments SET tenant = '{$tenant}', unit = '{$unit}', damage = '{$damage}', month = '{$month}', courtcost = '{$courtcost}', nsf = '{$nsf}', latechg = '{$latechg}', secdep = '$secdep' WHERE id='{$post_id}'"; //why is this mysql_query and not mysqli_query? mysql_query($sql) or die(mysql_error()); } $flash[] = "Record for unit {$post_unit} has been updated"; //MySqli Select Query /* ---------------------------------------- */ $results = $mysqli->query("SELECT * FROM payments"); if (! $results) { //$flash[] = $mysqli->error; $flash[] = "No listing for apartment {$post_unit}. Please select another."; } /* ---------------------------------------- */ ?> <html> <body> <h1>Miscellaneous Charges Update</h1> <?php if (count($flash)){ foreach($flash as $msg){ echo "<div class='flash'>{$msg}</div>"; } } if (mysqli_num_rows ($result)){ ?> <form method="post" action="#"> <input type="text" name="unit"/> <input type="submit" name="submit" value="select apartment"/> <table border='1' cellpadding="4"> <thead> <tr> <TH>Dep#</TH> <TH>Tenant</TH> <TH>unit</TH> <TH>Damage Chgs</TH> <TH>Court Costs</TH> <TH>N.S.F.</TH> <TH>Late Chgs</TH> <TH>Sec Deposit</TH> </tr> </thead> <tbody> <?php /* --------------------------------------- */ while($row = mysqli_fetch_array($results)) { /* ---------------------------------------- */ echo "<tr> <td>{$row['dep']}</td> <td>{$row['tenant']}</td> <td>{$row['unit']}</td> <td>{$row['damage']}</td> <td>{$row['month']}</td> <td>{$row['courtcost']}</td> <td>{$row['nsf']}</td> <td>{$row['latechg']}</td> <td>{$row['secdep']}</td> </tr>"; } ?> </tbody> </table> // why have you got two submit buttons? <input type='submit' name='update' value='Update Record' /> </form> <?php } </body> </html> PHP: I've moved the update logic to the very top, no point in showing data that is out of date. I've used filter input so that you lower the risk of SQL injection I've put feedback into a variable I've called $flash that gets echo'd out once we start doing the presentation work. It's an array so you can add as much feedback as necessary. Use your stylesheet to make it look fancy
You should be using some IDE software. You won't have any problems with syntax errors and if/else brackets. I am using NetBeans.
You've got a mish-mash of broken markup and 15 year out of date PHP, along with insecure outmoded practices like slopping variables into your query strings. It's called prepare/execute, USE IT! I mean <center>, what is this 1997? Where's your fieldsets? Where's your label so people know what the "unit" input even is? Where's your scope on your TH? Why the willy-nilly case like you're still writing HTML 3.2? Is this like a 20 year old codebase that's been sloppily and hastily converted to use mysqli? Because it really reeks of it. I mean seriously this? $sql = "UPDATE payments SET tenant = '$tenant', unit = '$unit',damage = '$damage', month = '$month', courtcost = '$courtcost',nsf = '$nsf',latechg = '$latechg',secdep = '$secdep WHERE id='".$_POST['id']."'"; Code (markup): NO. OH HELLS NO! Since it reeks of "security? what's that then?!?" NEVER dump client side data blindly into a query string! $stmt = $db->prepare(' UPDATE payments SET tenant = ?, unit = ?, damage = ?, month = ?, courtcost = ?, nsf = ?, latechg = ?, secdep = ? WHERE id = ? '); $stmt->execute([ $tenant, $unit, $damage, $month, $courtcost, $nsf, $latechg, $secdep, $_POST['id'] ]); Code (markup): If one were using PDO like a good little doobie, that's what it should look like. Prepare/execute escaping and sanitizing the data for you. mysqli can do it to, but really it's such a inconsistent shit-show I really don't recommend using it. Especially since it too might be on the chopping block for future PHP versions. One can only hope! The logic of it makes no sense either, as if half of it is still missing in terms of handling things like that entire "update" when there's no inputs to get an "update" from. Likewise you're referring to variables that aren't even set anywhere?!?