Im having a problem editing data and storing it in the database. I have a form that is loading data from a patients_details table and displaying in a html table on the page. I have made it so there are textboxes for each field of the database so the user has the option of changing the data and then clicking a button to send the data to the database and then re display the page. My problem lies in when i click the button, that the records do not save to the database, so therefore do not display in the table. Ive spent hours looking into this and cant seem to understand why it wont work. Ive managed to add information to a seperate table and then display the data on to the page but its different when editing. I think it could be a problem with my database but im not too sure.
Heres my code:
****updateUsers.php*****
<html>
<head>
<title>Current Patients</title>
<head>
<meta charset='utf-8' />
<link href='../fullcalendar.css' rel='stylesheet' />
<link href='../fullcalendar.print.css' rel='stylesheet' media='print' />
<script src='../lib/moment.min.js'></script>
<script src='../lib/jquery.min.js'></script>
<script src='../lib/jquery-ui.custom.min.js'></script>
<script src='../fullcalendar.min.js'></script>
</head>
<body>
<?php
$con = mysql_connect('localhost', 'root', 'password');
if (!$con) {
die("Cannot connect" . mysql_error());
}
mysql_select_db('DoctorScheduler');
if (isset($_POST['submit']) && $_POST['submit'] == 'updatePatients') {
$updatePatientsDetailsQuery = "UPDATE patients_details SET patient_id='$_POST[patient_id]', patient_surname='$_POST[patient_surname]', patient_forename='$_POST[patient_forename]', patient_dob='$_POST[patient_dob]', patient_doctor='$_POST[patient_doctor]', phone_num='$_POST[patient_number]', patient_email='$_POST[patient_email]', patient_address='$_POST[patient_address]' WHERE patient_id='$_POST[hidden] ' ";
$patientRecords =mysql_query($updatePatientsDetailsQuery);
}
$sql = "SELECT * FROM patients_details";
$records=mysql_query($sql);
// <a href="form1.php"> Request an Appointment </a>
echo "<table border=1>";
echo "<tr>";
echo "<th>ID</th>";
echo "<th>Surname</th>";
echo "<th>Forename</th>";
echo "<th>Date of Birth</th>";
echo "<th>Doctor</th>";
echo "<th>Phone Number</th>";
echo "<th>Email</th>";
echo "<th>Address</th>";
echo "</tr>";
while($currentPatients = mysql_fetch_assoc($records) ) {
echo "<form action=updateUsers.php method=post>";
echo "<tr>";
echo "<td>" . "<input type=hidden name=patient_id value=" . $currentPatients['patient_id'] . " </td>";
echo "<td>" . "<input type=text name=patient_surname value=" . $currentPatients['patient_surname']." </td>";
echo "<td>" . "<input type=text name=patient_forename value=" . $currentPatients['patient_forename'] . " </td>";
echo "<td>". "<input type=text name=patient_dob value=" . $currentPatients['patient_dob'] . " </td>";
echo "<td>". "<input type=text name=patient_doctor value=" . $currentPatients['patient_doctor'] . " </td>";
echo "<td>". "<input type=text name=patient_num value=" . $currentPatients['patient_num'] . " </td>";
echo "<td>". "<input type=text name=patient_email value=" . $currentPatients['patient_email'] . " </td>";
echo "<td>". "<input type=text name=patient_address value=" . $currentPatients['patient_address'] . " </td>";
echo "<td>" . "<input type='submit' name='updatePatients' value='Update Patients' onclick='updateDatabase()'" . " </td>";
echo "</tr>";
echo "</form>";
} // end of while
echo "</table>";
?>
<script>
function updateDatabase() {
var xmlhttp;
xmlhttp=new XMLHttpRequest();
xmlhttp.open("GET", "updateData.php?patient_surname=" + document.getElementById("patient_surname").value +
"&patient_forename="+document.getElementById("patient_forename").value + "&patient_dob="+document.getElementById("patient_dob").value +
"&patient_doctor="+document.getElementById("patient_doctor").value + "&patient_num="+document.getElementById("patient_num").value +
"&patient_email="+document.getElementById("patient_email").value + "&patient_address="+document.getElementById("patient_address").value,false);
xmlhttp.send(null);
}
</script>
</body>
****updataData.php******
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/html4/loose.dtd">
<html>
<head>
<title> updateData </title>
<meta http-equiv="Content Type" content="text/html"; charset="UTF-8">
</head>
<body>
<?php
$patient_surname=$_GET['patient_surname'];
$patient_forename=$_GET['patient_forename'];
$patient_dob=$_GET['patient_dob'];
$patient_doctor=$_GET['patient_doctor'];
$patient_num=$_GET['patient_num'];
[enter image description here][1]$patient_email=$_GET['patient_email'];
$patient_address=$_GET['patient_address'];
mysql_connect("localhost", "root", "password");
mysql_select_db("DoctorScheduler");
mysql_query("insert into patients_details values('$patient_surname', '$patient_forename', '$patient_dob', '$patient_doctor', '$patient_num', '$patient_email', '$patient_address')");
?>
</body>
</html>
All of these expressions like:
... "UPDATE patients_details SET patient_id='$_POST[patient_id]' ....
will cause n "unknown variable patient_id" and similar error. It should be:
... "UPDATE patients_details SET patient_id='" . $_POST['patient_id'] . "' ....
The expresion $_POST[patient_id] is wrong as long as patient_id isn't defined as constant (which isn't I assume).
It must be $_POST['patient_id'] (mind the quotes) and as you are lost in escaping quotes otherwise, use string concatenator . instead;
EDIT
If you issue an SQL statement like insert into patients_details values('? with no field names given, it is necessary that there is a value for all columns in that table and that the values are given in the definition order of these columns. Otherwise use this syntax:
insert into patients_details (field1, field2) values ('one', 'two');