update database script stopped working

Hi,

I’ve have a crud system on the bootstrap theme and I am struggling with the update/view code for some reason. I had this working correctly the other day but for some reason its stopped - slightly annoying.

This is the end of my form;-
[php]

[/php]

And this is the script that is on the same page above the form;-
[php]<?php

include(’…/…/includes/mysqli_connect.php’);

if(isset($_GET[‘u’])):
if(isset($_POST[‘pro’])):
$stmt = $mysqli->prepare(“UPDATE fms_tbl_projects set date = ?,project = ?,client = ?,hot = ?,cold = ?, WHERE client_proj_no = ?”);
$stmt->bind_param(‘ssssss’, $date,$project,$client,$hot,$cold, $client_proj_no);

	$date 				= $_POST['date'];
	$project 			= $_POST['project'];
	$client 			= $_POST['client'];
	$hot				= $_POST['hot'];
	$cold				= $_POST['cold'];



      if($stmt->execute()):
           echo "<script>location.href='index.php'</script>";
      else:
           echo "<script>alert('".$stmt->error."')</script>";
      endif;
 endif;
 $res = $mysqli->query("SELECT * FROM fms_tbl_projects WHERE client_proj_no=".$_GET['u']);
 $row = $res->fetch_assoc();

endif;
include ‘…/…/includes/footer.php’;?>[/php]

I dont get a connection error it just stops loading the page around the php script - so I know its my code that is creating the error.

Are you sure that you are passing the “u” variable to your page? Your code checks for this first!
( if(isset($_GET[‘u’])): ) If it does not get this variable the rest of the code will not process.
Your code also does not really use the form correctly. It uses an anchor (link) to call the index.php page.
Normally, you use the submit button as a link may not pass your posted data correctly…

Hi ErnieAlex, I hope your well?

I’ve tried to check to see whether the information is passed using the following code;-
[php]<?php
if (!empty($_GET[‘u’])){
echo ‘not empty’;
}else{
echo ‘is not set or empty’;
}
?>[/php]

I placed this above the current code (that isnt working) and it correctly returned the statement “not empty”.

I’ve been trying to sort this all day (UK over here) to no avail. Any help is appreciated

Okay, debugging is usually a top-down process. I know your error, but, was trying to get you to step thru
the process to solve it yourself. The next step would be to make sure the ‘pro’ variable is not empty as it
is the next part of your process. But…

Let’s walk you thru your own code…
IF the variable ‘u’ is active, you continue on…
IF the variable ‘pro’ is active, you continue on…

Next, you build a prepared statement for an UPDATE call with six variables in place.
Next, you bind this statement to seven variables.

You then, load these variables with data from the posted form data.

Does this make sense to you? You need to load up the variables with the posted data BEFORE you bind
them to the prepared statement, otherwise I do not think the data will be passed correctly. Also, what is
the extra variable constant you are binding as the first one? The “ssssss”? This would be used as the
first binded item and would throw off the rest of them. Hope this helps…

I agree with all these points. A program should follow the Input, Procesing, Output flow.

With us being use to PDO, this is a bit strange. But, mysqli prepared statements want a reference type. The “ssssss” accounts for you passing 6 strings in. Strange, but how it handles it.

SORRY, Astonecipher, I forgot… Haven’t used prepared statements in a long time… Just don’t need them on
the few live servers I am working with as the sites are so simple… I still think it is just the order he is using
for acquiring the $_POST data… Thanks for the reminder of the reference-type thingy…

Hi ErnieAlex, yes your reply makes sense… I am still new to php and appreciate you going through it step by step.

I’ve added a check for the values before hand, I’ve pasted my full code as I was trying to shorten my post length but its getting complicated every time I update it;-
[php]

<?php include '../../includes/header.php';?>

<div id="wrapper">

    <!-- Navigation -->
	<?php include '../../includes/navigation.php';?>

    <div id="page-wrapper">
        <div class="row">
            <div class="col-lg-12">
                <h1 class="page-header">Projects</h1>

Back

            </div>



            <!-- /.col-lg-12 -->
        </div>
        <!-- /.row -->
        <div class="row">
            <div class="col-lg-12">
                <div class="panel panel-default">
                    <div class="panel-heading">
                        DataTables Advanced Tables
                    </div>
                    <!-- /.panel-heading -->
                    <div class="panel-body">

<?php if (!empty($_GET['u'])){ echo 'not empty'; }else{ echo 'is not set or empty'; } ?> <?php include('../../includes/mysqli_connect.php'); if ( isset( $_GET['u'] ) && !empty( $_GET['u'] ) ): if(isset($_POST['pro'])): if( $_POST['date'] !=null && $_POST['project'] !=null && $_POST['client'] !=null && $_POST['hot'] !=null && $_POST['cold'] !=null && $_POST['value'] !=null && $_POST['category'] !=null && $_POST['order_no'] !=null && $_POST['del'] !=null && $_POST['estimate'] !=null && $_POST['salesman'] !=null && $_POST['design'] !=null && $_POST['retention'] !=null && $_POST['payment'] !=null && $_POST['site_adr_1'] !=null && $_POST['site_contact']!=null && $_POST['execution'] !=null && $_POST['spec'] !=null && $_POST['cold_rolled'] !=null && $_POST['hd_bolts'] !=null && $_POST['site_fixings'] !=null && $_POST['bought_outs'] !=null && $_POST['mpi'] !=null && $_POST['butt'] !=null && $_POST['pressings'] !=null && $_POST['rollings'] !=null && $_POST['paint'] !=null && $_POST['treatment'] !=null && $_POST['identification'] !=null && $_POST['fi_steel'] !=null && $_POST['fi_fittings'] !=null && $_POST['notes'] !=null && $_POST['live'] !=null && $_POST['draughtsman'] !=null && $_POST['lifting_st'] !=null && $_POST['rwc_review'] !=null && $_POST['client_id'] !=null && $_POST['client_proj_no'] !=null && $_POST['dsn_codes'] !=null && $_POST['wps'] !=null ){ $stmt = $mysqli->prepare("UPDATE fms_tbl_projects set date = ?,project = ?,client = ?,hot = ?,cold = ?,value = ?,category = ?,order_no = ?,del = ?,estimate = ?,salesman = ?,design = ?,retention = ?,payment = ?,site_adr_1 = ?,site_Contact = ?,execution = ?,spec = ?,cold_rolled = ?,hd_bolts = ?,site_fixings = ?,bought_outs = ?,mpi = ?,butt = ?,pressings = ?,rollings = ?,paint = ?,treatment = ?,identification = ?,fi_steel = ?,fi_fittings = ?,notes = ?,live = ?,draughtsman = ?,lifting_st = ?,rwc_review = ?, client_id = ?, dsn_codes = ?, wps = ? WHERE client_proj_no = ?"); $stmt->bind_param('ssssssssssssssssssssssssssssssssssssssss', $date,$project,$client,$hot,$cold,$value,$category,$order_no,$del,$estimate,$salesman,$design,$retention,$payment,$site_adr_1,$site_Contact,$execution,$spec,$cold_rolled,$hd_bolts,$site_fixings,$bought_outs,$mpi,$butt,$pressings,$rollings,$paint,$treatment,$identification,$fi_steel,$fi_fittings,$notes,$live,$draughtsman,$lifting_st,$rwc_review, $client_id, $dsn_codes, $wps, $client_proj_no); $date = $_POST['date']; $project = $_POST['project']; $client = $_POST['client']; $hot = $_POST['hot']; $cold = $_POST['cold']; $value = $_POST['value']; $category = $_POST['category']; $order_no = $_POST['order_no']; $del = $_POST['del']; $estimate = $_POST['estimate']; $salesman = $_POST['salesman']; $design = $_POST['design']; $retention = $_POST['retention']; $payment = $_POST['payment']; $site_adr_1 = $_POST['site_adr_1']; $site_Contact = $_POST['site_contact']; $execution = $_POST['execution']; $spec = $_POST['spec']; $cold_rolled = $_POST['cold_rolled']; $hd_bolts = $_POST['hd_bolts']; $site_fixings = $_POST['site_fixings']; $bought_outs = $_POST['bought_outs']; $mpi = $_POST['mpi']; $butt = $_POST['butt']; $pressings = $_POST['pressings']; $rollings = $_POST['rollings']; $paint = $_POST['paint']; $treatment = $_POST['treatment']; $identification = $_POST['identification']; $fi_steel = $_POST['fi_steel']; $fi_fittings = $_POST['fi_fittings']; $notes = $_POST['notes']; $live = $_POST['live']; $draughtsman = $_POST['draughtsman']; $lifting_st = $_POST['lifting_st']; $rwc_review = $_POST['rwc_review']; $client_id = $_POST['client_id']; $client_proj_no = $_POST['client_proj_no']; $dsn_Codes = $_POST['dsn_codes']; $wps = $_POST['wps']; if($stmt->execute()): echo ""; else: echo ""; endif; endif; $res = $mysqli->query("SELECT * FROM fms_tbl_projects WHERE client_proj_no=".$_GET['u']); $row = $res->fetch_assoc(); ?> <?php else: ?> <?php endif; } else{ ?> <?php } endif; ?>

                    </div>
                    <!-- /.panel-body -->
                </div>
                <!-- /.panel -->
            </div>
            <!-- /.col-lg-12 -->
        </div>

    </div>
    <!-- /#page-wrapper -->

</div>
<!-- /#wrapper -->

<?php endif; include '../../includes/footer.php';?> [/php]

Well, Dan, the code is very messy and I was surprised that Astonechipher didn’t jump on it already.

Normally, when a page is posted you grab all of the posted data. Next step is to “validate” all of the data
that is posted. This is normally done something like this… BEFORE you even think about setting up your
query or binding the values to it, you verify that the data is safe and accurate. The steps involved are like
this:

Load all of the posted data into variables. (Some programmers skip this step to save code space and time.)
Set an error message to null.
Validate each and every posted data either variable or not to make sure they are valid and safe.
( If not valid or safe, an error message is added at the end of the current one. )

At this point, you have a “null” error message or something inside it. If null, you then handle the query
and run the update or insert or whatever… If message is not null, you display it…

Your code does not validate the data. This means that any beginner hacker could break your database.
(Actually with ease!) You need to learn about protecting the site from the data. But, that is a future
discussion which we have done before on this site and you can search for it or we can rehash it for you.

Now, back to your current code… If you look at line #99, you see you bind all of the data to the query’s
prepared statement. BUT, you do no thave the data at that point. The next lines, #101 to #141 then
loads the data (non-validated, raw data) into the variables that #99 uses. Therefore, you do NOT have
the data when you attached it to the prepared statement. You need to move line #99 down below the
line #141 so that the data is pulled BEFORE the data is used. Hope that makes sense.

Yes this makes sense, I would like to improve my code (and shorten if possible) so any advice on that matter would also be beneficial.

I’ve moved the two queries “$stms” below the posted data
[php]&& $_POST[‘client_id’] !=null
&& $_POST[‘client_proj_no’] !=null
&& $_POST[‘dsn_codes’] !=null
&& $_POST[‘wps’] !=null

){

	$date 				= $_POST['date'];
	$project 			= $_POST['project'];
	$client 			= $_POST['client'];
	$hot				= $_POST['hot'];
	$cold				= $_POST['cold'];
	$value				= $_POST['value'];
	$category			= $_POST['category'];
	$order_no			= $_POST['order_no'];
	$del				= $_POST['del'];
	$estimate			= $_POST['estimate'];
	$salesman			= $_POST['salesman'];
	$design				= $_POST['design'];
	$retention			= $_POST['retention'];
	$payment			= $_POST['payment'];
	$site_adr_1			= $_POST['site_adr_1'];
	$site_Contact			= $_POST['site_contact'];
	$execution			= $_POST['execution'];
	$spec				= $_POST['spec'];
	$cold_rolled			= $_POST['cold_rolled'];
	$hd_bolts			= $_POST['hd_bolts'];
	$site_fixings			= $_POST['site_fixings'];
	$bought_outs			= $_POST['bought_outs'];
	$mpi				= $_POST['mpi'];
	$butt				= $_POST['butt'];
	$pressings			= $_POST['pressings'];
	$rollings			= $_POST['rollings'];
	$paint				= $_POST['paint'];
	$treatment			= $_POST['treatment'];
	$identification			= $_POST['identification'];
	$fi_steel			= $_POST['fi_steel'];
	$fi_fittings			= $_POST['fi_fittings'];
	$notes				= $_POST['notes'];
	$live				= $_POST['live'];
	$draughtsman			= $_POST['draughtsman'];
	$lifting_st			= $_POST['lifting_st'];
	$rwc_review			= $_POST['rwc_review'];
	$client_id			= $_POST['client_id'];
	$client_proj_no 		= $_POST['client_proj_no'];
	$dsn_Codes			= $_POST['dsn_codes'];
	$wps				= $_POST['wps'];

$stmt = $mysqli->prepare(“UPDATE fms_tbl_projects set date = ?,project = ?,client = ?,hot = ?,cold = ?,value = ?,category = ?,order_no = ?,del = ?,estimate = ?,salesman = ?,design = ?,retention = ?,payment = ?,site_adr_1 = ?,site_Contact = ?,execution = ?,spec = ?,cold_rolled = ?,hd_bolts = ?,site_fixings = ?,bought_outs = ?,mpi = ?,butt = ?,pressings = ?,rollings = ?,paint = ?,treatment = ?,identification = ?,fi_steel = ?,fi_fittings = ?,notes = ?,live = ?,draughtsman = ?,lifting_st = ?,rwc_review = ?, client_id = ?, dsn_codes = ?, wps = ? WHERE client_proj_no = ?”);
$stmt->bind_param(‘ssssssssssssssssssssssssssssssssssssssss’, $date,$project,$client,$hot,$cold,$value,$category,$order_no,$del,$estimate,$salesman,$design,$retention,$payment,$site_adr_1,$site_Contact,$execution,$spec,$cold_rolled,$hd_bolts,$site_fixings,$bought_outs,$mpi,$butt,$pressings,$rollings,$paint,$treatment,$identification,$fi_steel,$fi_fittings,$notes,$live,$draughtsman,$lifting_st,$rwc_review, $client_id, $dsn_codes, $wps, $client_proj_no);

      if($stmt->execute()):
           echo "<script>location.href='index.php'</script>";
      else:
           echo "<script>alert('".$stmt->error."')</script>";
      endif;
 endif;
 $res = $mysqli->query("SELECT * FROM fms_tbl_projects WHERE client_proj_no=".$_GET['u']);
 $row = $res->fetch_assoc();[/php]

but I have ran my code on a checker and I have a ‘endif’ (T_ENDIF) in your code on line 154? - I’ve had to remove some of my code due to the code character lengths so it shuold be around here [php] echo “";
endif;[/php]

LOL, Dan, each time I help, the code seems to get messier and messier… Perhaps we should start over?
Let’s walk you thru what I would call a step-by-step system to grab, validate and display results in most
any forms…

First, you grab the data. Some programmers skip this stage and just use the posted data itself to save
time and code. It is very easy read if you have the data in variables first. This is my opinion, not everyone’s!

Next, you validate ALL of the data. You check for missing entries. You validate for spelling and valid chars.
You check for possible programming code inserted into the data to protect your database from hackers.
If the data is not valid, you create a message to send back to the user to tell them exactly what is wrong.

Lastly, once you have the data and it is validated without errors, you post the info to your database and
display whatever you want the user to see.

Here is a sample, stripped down to the basics for a register script that shows how to do this in the way that
I mentioned above. Note that it does not have anything to do with your code, but, shows how you can
handle it in a more logical manner. Hope it helps you to think how to fix up your code…
[php]
// Check if they posted their registration form. If so, validate and save their data if okay.
if (isset($_POST[“registernow”])) {
// Grab the data from the posted form…
$first_name = $_POST[‘first_name’];
$last_name = $_POST[‘last_name’];
$email = $_POST[‘email’];

  //  Validate all entries before saving to database and escape any invalid data like programming codes...
  $errormessage = "";
  if (empty($first_name)) $errormessage .= "<br />First name is missing!";
  if (!preg_match("/^[a-zA-Z]*$/", $first_name)) $errormessage .= "<br />First name must be only letters.";
  if (empty($last_name)) $errormessage .= "<br />Last name is missing!";
  if (!preg_match("/^[a-zA-Z]*$/", $last_name)) $errormessage .= "<br />Last name must be only letters.";
  if (empty($email)) $errormessage .= "<br />Email address is missing!";
  if (!preg_match("/([\w\-]+\@[\w\-]+\.[\w\-]+)/", $email)) $errormessage .= "<br />Email address is not a valid format.";

  //  Now name and email is loaded and validated.  If no errors process the data...
  if ($errormessage=="") {
     //  Here we know the data is safe and scrubbed of programming codes, now save it to the DB...
     //  Run your query here using $first_name, $last_name and $email...
  } else {
     // Display the error(s)...
     echo "You have errors in your input form:<br />" . $errormessage . "<br />";
  }

}
[/php]
Of course, Dan, this is just an example to show you one way to validate data and make the code a bit
more readable. It does make extra lines instead of using just the $_POST array, but, is easy to read. You
can also place the validation coding into a function and call it as needed. Since forms are not run over and
over in most cases, this is not really needed. Depends on how many forms you use at one time. Another
discussion for another thread.

So, thoughts for you to think about. If you want to fix up your current code and leave the validation inside
the q

Hi ErnieAlex,

Thanks - I am getting there… I’ve edited mine using your example (which makes sense), my page does now load and upon testing it does generate an error code if I live “project” blank… which is good.

My only struggle is that the code should also load the current values for this row as its an update page, my current and nearly working code might I add is:-
[php]<?php

include(’…/…/includes/mysqli_connect.php’);

if(isset($_GET[‘u’])):

// Check if they posted their registration form. If so, validate and save their data if okay.
if (isset($_POST[“pro”])) {
// Grab the data from the posted form…
$date = $_POST[‘date’];
$project = $_POST[‘project’];
$client = $_POST[‘client’];
$hot = $_POST[‘hot’];
$cold = $_POST[‘cold’];
$value = $_POST[‘value’];
$category = $_POST[‘category’];
$order_no = $_POST[‘order_no’];
$del = $_POST[‘del’];
$estimate = $_POST[‘estimate’];
$salesman = $_POST[‘salesman’];
$design = $_POST[‘design’];
$retention = $_POST[‘retention’];
$payment = $_POST[‘payment’];
$site_adr_1 = $_POST[‘site_adr_1’];
$site_Contact = $_POST[‘site_contact’];
$execution = $_POST[‘execution’];
$spec = $_POST[‘spec’];
$cold_rolled = $_POST[‘cold_rolled’];
$hd_bolts = $_POST[‘hd_bolts’];
$site_fixings = $_POST[‘site_fixings’];
$bought_outs = $_POST[‘bought_outs’];
$mpi = $_POST[‘mpi’];
$butt = $_POST[‘butt’];
$pressings = $_POST[‘pressings’];
$rollings = $_POST[‘rollings’];
$paint = $_POST[‘paint’];
$treatment = $_POST[‘treatment’];
$identification = $_POST[‘identification’];
$fi_steel = $_POST[‘fi_steel’];
$fi_fittings = $_POST[‘fi_fittings’];
$notes = $_POST[‘notes’];
$live = $_POST[‘live’];
$draughtsman = $_POST[‘draughtsman’];
$lifting_st = $_POST[‘lifting_st’];
$rwc_review = $_POST[‘rwc_review’];
$client_id = $_POST[‘client_id’];
$client_proj_no = $_POST[‘client_proj_no’];
$dsn_Codes = $_POST[‘dsn_codes’];
$wps = $_POST[‘wps’];

    //  Validate all entries before saving to database and escape any invalid data like programming codes...
   $errormessage = "";

   if (empty($project)) $errormessage .= "<br />Project name is missing!";

   //  Now name and email is loaded and validated.  If no errors process the data...
   if ($errormessage=="") {

$stmt = $mysqli->prepare("UPDATE fms_tbl_projects  set date = ?,project = ?,client = ?,hot = ?,cold = ?,value = ?,category = ?,order_no = ?,del = ?,estimate = ?,salesman = ?,design = ?,retention = ?,payment = ?,site_adr_1 = ?,site_Contact = ?,execution = ?,spec = ?,cold_rolled = ?,hd_bolts = ?,site_fixings = ?,bought_outs = ?,mpi = ?,butt = ?,pressings = ?,rollings = ?,paint = ?,treatment = ?,identification = ?,fi_steel = ?,fi_fittings = ?,notes = ?,live = ?,draughtsman = ?,lifting_st = ?,rwc_review = ?, client_id = ?, dsn_codes = ?, wps = ? WHERE client_proj_no = ?");
$stmt->bind_param('ssssssssssssssssssssssssssssssssssssssss', $date,$project,$client,$hot,$cold,$value,$category,$order_no,$del,$estimate,$salesman,$design,$retention,$payment,$site_adr_1,$site_Contact,$execution,$spec,$cold_rolled,$hd_bolts,$site_fixings,$bought_outs,$mpi,$butt,$pressings,$rollings,$paint,$treatment,$identification,$fi_steel,$fi_fittings,$notes,$live,$draughtsman,$lifting_st,$rwc_review, $client_id, $dsn_codes, $wps, $client_proj_no);

      if($stmt->execute()):
           echo "<script>location.href='index.php'</script>";
      else:
           echo "<script>alert('".$stmt->error."')</script>";
      endif;

$res = $mysqli->query("SELECT * FROM fms_tbl_projects WHERE client_proj_no=".$_GET['u']);
 	$row = $res->fetch_assoc();



   } else {
      // Display the error(s)...
      echo "You have errors in your input form:<br />" . $errormessage . "<br />";
   }
}

?>[/php]

I call the database information using this code:-
[php]

[/php]

Babysteps… LOL (From the movie What-About-Bob! one of my favorites…)

So, normally, if a form is NOT posted, in other words if it is just loaded, you would query the database
AFTER the posted code and load up a recordset with the data. Then, in the form itself, you enter the
current data in each of the fields. In your code, you have a place where you check if the user posted the
form. It is:
if(isset($_GET[‘u’])) {
some code…
}
(Note: I do not use colon’s as you do…)

Now, AFTER that code, you need to query the DB and pull out the current values for displaying in each of
the fields. The logic to this is that if they update their data, you still want to pull that live data OR if they
do not post the form, you want the currently live data from the DB. Either way, you want to query the DB
and grab the data…

So, right after the code to UPDATE the DB, run a query to select all of the data for that project. Then, place
it into the fields where it belongs. Just execute a select all where the project equals the current one.
Then, place the data into the fields. For that, it is slightly different for each type of data field. Normally, you
display an input field like: as an example. Lets say you load the
DB’s data into a variable $row[] by using the fetch-assoc function. This would mean that you need to alter
the input field to look something like this:
<input type=“text” name=“first_name” value="<?PHP echo $row["first_name"]; ?>">
As you see, we added the value of this field and inserted a value that was pulled from the DB. For this
example, I used the first name again. Of course, this would be different for each field on your input form.
And, they would match your names in your DB table. Of course, the layout is different for text-area’s and
check-boxes, etc. But, I think you get the idea…
Hope that helps…

The alternate syntax is nice when you are doing things you really shouldn’t be doing ( embedding php into the html. I am guilty as I am seeing where it does come in handy, but the was primarily because an old position I had, demanded that it be done that way. I find it easier to read endif; than trying to count closing brackets.

On that note… This is what I would do.

You create two arrays.
[php]
$replace = array();
$replacementValues = array()[/php]

You load the data from the database into the replacementValues array. Go through you form and do this kind of thing,

[php]value="{client_id}"[/php]

You load those all into the $replace array. Example,
[php]$replace = array(
‘{client_id}’,
);
OR array_push( $replace, ‘{client_id}’ );[/php]
[php]$file = file_get_contents( ‘your_file_name_and_location’ );
$output = str_replace( $replace, $replacementValues, $file)[/php]

When you echo $output, it will replace all of those values for you. All of the values are going to be replaced, but this downside: the replace and replacementValues need to line up. If you have one out of place it will screw the order up.

All of this processing needs to be before you output anything, but after the SQL query.

Astonechiper, yes on your comments, but, again, Babysteps!

He needs to get his code working correctly first and then we can make it better…

Since Dan had trouble understanding how to handle the posted data, it might be hard to explain replacement
arrays. Yes, I use them a lot, especially for email templates. They are better than jelly donuts! LOL

Hi guys,

If I have this correct in my head my current code is doing the following (or should be);-

1 / check to see if ‘u’ is set (‘u’ being a link “/update.php?u=0292” for example).
2 / check to see if the user has posted the data. This being a “submit” button.
3 / check to see if any values that are required are missing and display an error if so.
4 / if no errors are present update the database with the posted values. If this works correctly then re-direct to index.php and if not display an error.
5 / query the database for current values (and echo them in the input boxes etc).
6 / display an errors on the input form.

Shouldn’t item 6 be above item 5 because it relies on the form being posted before running the database query? So at the minute no query is being ran because the data hasn’t been posted?

You are displaying errors at 3 and 6, so, you are fine.
[php]
if form submitted {
validate the form data
if ! valid {
return errors to form
} else {
call database
if call successful {
redirect
} else {
inform user
}
} else {
Get stored form data.
Display update form, prepopulated with the stored data.
}[/php]

Well, I think you are all set, but, since you validate the inputs in #3 and display any errors there,
you don’t need to do it again at #6. Astonecipher’s list is the way I handle most user’s inputs. The issue
is that #3 is your validation section and you really display that inside the HTML part of the page, not in the
actual validation section. So, really the display is at #5 in my opinion. Just before re-displaying your form.

Dan, this has been a process of one step after the other for you to learn how to do this code. There is
always another way to do it. Many programmers use functions for validations. I do not as it seems to be
extra code and could slow up the page if there are many validation calls such as your long list of data.

I am just mentioning this as you will find a thousand ways to do this code online. Pick the best parts from
each that you read including code here. Always think about the data and what it is used for. Then, when it
works well for you, remember it or save it for the next project. User input is almost always the same from
site to site, just the data requested changes. (Such as logins, profiles, work data input, etc…)

Just more info to think about…

Thanks ErnieAlex / Astoneciper, I believe I am getting there and I want to use this code for future work beyond this exercise.

Using Astonecipher’s code I’ve modified mine to;-
[php]<?php

include(’…/…/includes/mysqli_connect.php’);

if(isset($_GET[‘u’])) {
}

if (isset($_POST[“pro”])) {
$date = $_POST[‘date’];
$project = $_POST[‘project’];
$client = $_POST[‘client’];
$hot = $_POST[‘hot’];
$cold = $_POST[‘cold’];
$value = $_POST[‘value’];
$category = $_POST[‘category’];
$order_no = $_POST[‘order_no’];
$del = $_POST[‘del’];
$estimate = $_POST[‘estimate’];
$salesman = $_POST[‘salesman’];
$design = $_POST[‘design’];
$retention = $_POST[‘retention’];
$payment = $_POST[‘payment’];
$site_adr_1 = $_POST[‘site_adr_1’];
$site_Contact = $_POST[‘site_contact’];
$execution = $_POST[‘execution’];
$spec = $_POST[‘spec’];
$cold_rolled = $_POST[‘cold_rolled’];
$hd_bolts = $_POST[‘hd_bolts’];
$site_fixings = $_POST[‘site_fixings’];
$bought_outs = $_POST[‘bought_outs’];
$mpi = $_POST[‘mpi’];
$butt = $_POST[‘butt’];
$pressings = $_POST[‘pressings’];
$rollings = $_POST[‘rollings’];
$paint = $_POST[‘paint’];
$treatment = $_POST[‘treatment’];
$identification = $_POST[‘identification’];
$fi_steel = $_POST[‘fi_steel’];
$fi_fittings = $_POST[‘fi_fittings’];
$notes = $_POST[‘notes’];
$live = $_POST[‘live’];
$draughtsman = $_POST[‘draughtsman’];
$lifting_st = $_POST[‘lifting_st’];
$rwc_review = $_POST[‘rwc_review’];
$client_id = $_POST[‘client_id’];
$client_proj_no = $_POST[‘client_proj_no’];
$dsn_Codes = $_POST[‘dsn_codes’];
$wps = $_POST[‘wps’];
}
if (empty($project)){

	$errormessage .= 		
	"<div class='alert alert-success alert-dismissible' role='alert'>
	<button type='button' class='close' data-dismiss='alert'><span aria-hidden='true'>&times;</span><span class='sr-only'>Close</span></button>
	<strong>Error!</strong> Project name is missing.
	</div>";

} else {
$stmt = $mysqli->prepare(“UPDATE fms_tbl_projects set date = ?,project = ?,client = ?,hot = ?,cold = ?,value = ?,category = ?,order_no = ?,del = ?,estimate = ?,salesman = ?,design = ?,retention = ?,payment = ?,site_adr_1 = ?,site_Contact = ?,execution = ?,spec = ?,cold_rolled = ?,hd_bolts = ?,site_fixings = ?,bought_outs = ?,mpi = ?,butt = ?,pressings = ?,rollings = ?,paint = ?,treatment = ?,identification = ?,fi_steel = ?,fi_fittings = ?,notes = ?,live = ?,draughtsman = ?,lifting_st = ?,rwc_review = ?, client_id = ?, dsn_codes = ?, wps = ? WHERE client_proj_no = ?”);
$stmt->bind_param(‘ssssssssssssssssssssssssssssssssssssssss’, $date,$project,$client,$hot,$cold,$value,$category,$order_no,$del,$estimate,$salesman,$design,$retention,$payment,$site_adr_1,$site_Contact,$execution,$spec,$cold_rolled,$hd_bolts,$site_fixings,$bought_outs,$mpi,$butt,$pressings,$rollings,$paint,$treatment,$identification,$fi_steel,$fi_fittings,$notes,$live,$draughtsman,$lifting_st,$rwc_review, $client_id, $dsn_codes, $wps, $client_proj_no);

	if($stmt->execute()) {
    echo "<script>location.href='index.php'</script>";

} else {
echo “";

}

} else {
$res = $mysqli->query(“SELECT * FROM fms_tbl_projects WHERE client_proj_no=”.$_GET[‘u’]);
$row = $res->fetch_assoc();
}

?>[/php]

I know I am nearly there but I get an error around the last “else” right before I load the current database values

Hi again, I am a step closer…

I dont get an errors with my code below BUT I get a blank white page instead

[php]<?php

include(’…/…/includes/mysqli_connect.php’);

if(isset($_GET[‘u’])) {
}

if (isset($_POST[“pro”])) {
$date = $_POST[‘date’];
$project = $_POST[‘project’];
$client = $_POST[‘client’];
$hot = $_POST[‘hot’];
$cold = $_POST[‘cold’];
$value = $_POST[‘value’];
$category = $_POST[‘category’];
$order_no = $_POST[‘order_no’];
$del = $_POST[‘del’];
$estimate = $_POST[‘estimate’];
$salesman = $_POST[‘salesman’];
$design = $_POST[‘design’];
$retention = $_POST[‘retention’];
$payment = $_POST[‘payment’];
$site_adr_1 = $_POST[‘site_adr_1’];
$site_Contact = $_POST[‘site_contact’];
$execution = $_POST[‘execution’];
$spec = $_POST[‘spec’];
$cold_rolled = $_POST[‘cold_rolled’];
$hd_bolts = $_POST[‘hd_bolts’];
$site_fixings = $_POST[‘site_fixings’];
$bought_outs = $_POST[‘bought_outs’];
$mpi = $_POST[‘mpi’];
$butt = $_POST[‘butt’];
$pressings = $_POST[‘pressings’];
$rollings = $_POST[‘rollings’];
$paint = $_POST[‘paint’];
$treatment = $_POST[‘treatment’];
$identification = $_POST[‘identification’];
$fi_steel = $_POST[‘fi_steel’];
$fi_fittings = $_POST[‘fi_fittings’];
$notes = $_POST[‘notes’];
$live = $_POST[‘live’];
$draughtsman = $_POST[‘draughtsman’];
$lifting_st = $_POST[‘lifting_st’];
$rwc_review = $_POST[‘rwc_review’];
$client_id = $_POST[‘client_id’];
$client_proj_no = $_POST[‘client_proj_no’];
$dsn_Codes = $_POST[‘dsn_codes’];
$wps = $_POST[‘wps’];

//  Validate all entries before saving to database and escape any invalid data like programming codes...
    $errormessage = "";

    if (empty($project)) $errormessage .= "<div class='alert alert-success alert-dismissible' role='alert'>
	<button type='button' class='close' data-dismiss='alert'><span aria-hidden='true'>&times;</span><span class='sr-only'>Close</span></button>
	<strong>Error!</strong> Project name is missing.
	</div>";

    //  Now name and email is loaded and validated.  If no errors process the data...
    if ($errormessage=="") {

} else {
$stmt = $mysqli->prepare(“UPDATE fms_tbl_projects set date = ?,project = ?,client = ?,hot = ?,cold = ?,value = ?,category = ?,order_no = ?,del = ?,estimate = ?,salesman = ?,design = ?,retention = ?,payment = ?,site_adr_1 = ?,site_Contact = ?,execution = ?,spec = ?,cold_rolled = ?,hd_bolts = ?,site_fixings = ?,bought_outs = ?,mpi = ?,butt = ?,pressings = ?,rollings = ?,paint = ?,treatment = ?,identification = ?,fi_steel = ?,fi_fittings = ?,notes = ?,live = ?,draughtsman = ?,lifting_st = ?,rwc_review = ?, client_id = ?, dsn_codes = ?, wps = ? WHERE client_proj_no = ?”);
$stmt->bind_param(‘ssssssssssssssssssssssssssssssssssssssss’, $date,$project,$client,$hot,$cold,$value,$category,$order_no,$del,$estimate,$salesman,$design,$retention,$payment,$site_adr_1,$site_Contact,$execution,$spec,$cold_rolled,$hd_bolts,$site_fixings,$bought_outs,$mpi,$butt,$pressings,$rollings,$paint,$treatment,$identification,$fi_steel,$fi_fittings,$notes,$live,$draughtsman,$lifting_st,$rwc_review, $client_id, $dsn_codes, $wps, $client_proj_no);

	if($stmt->execute()) {
    echo "<script>location.href='index.php'</script>";

} else
echo “";

}

} else {
$res = $mysqli->query(“SELECT * FROM fms_tbl_projects WHERE client_proj_no=”.$_GET[‘u’]);
$row = $res->fetch_assoc();
}

?>[/php]

Is it something simple and obvious?

If you indent your code, I think the issue should stand out.