Search code examples
phpdatabaseformsmysqlienter

Can view a form, can enter data, but won't post to database

I'm attempting to work on this form, at this time it is showing me my form, but it is not allowing me to enter the information into the database. Now as far as I can tell everything is correct, but I can't be sure. The only thing I can think that is out of place or wrong is that the code pointing to entering the data into the database once entered into the form is wrong.

I know I haven't sanitized my fields yet, so please don't tell me I need to. I am attempting to get this script written first, and I will do the clean up of the script after.

If someone can find the error, tell me what it is, and how to fix it, it be greatly appreciated.

The website is here:

http://kaboomlabs.com/PDI/1-1.php?id=2

The code is this:

        <?php
  require_once('connectvars.php');
?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
  <title>PDI NCMR - View</title>
  <link rel="stylesheet" type="text/css" href="CSS/view.css" />
</head>
<body>
   <div id="logo">
    <img src="images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>

<?php
  // Connect to the database
  $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

    if (isset($_POST['submit'])) {
    // Grab the profile data from the POST
    $ncmrsc = mysqli_real_escape_string($dbc, trim($_POST['ncmrsc']));
    $ncmrsr = mysqli_real_escape_string($dbc, trim($_POST['ncmrsr']));
    $error= false;
}
    // Update the form in the database
    if (!$error && !empty($ncmrsr) && !empty($ncmrsc)) {
        $dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);

    $query = "INSERT INTO ncmr ('ncmrsr', 'ncmrsc')  VALUES ('$ncmrsr', '$ncmrsc) WHERE id ='$id'";
    mysqli_query($dbc, $query);

    // Confirm success with the user
  echo 'Customer added.';
  mysqli_close($dbc);
        exit();
        }
  // Grab the profile data from the database
  if (!isset($_GET['id'])) {
    $query = "SELECT * FROM ncmr WHERE id = '$id'";
  }
  else {
    $query = "SELECT * FROM ncmr WHERE id = '" . $_GET['id'] . "'";
  }
  $data = mysqli_query($dbc, $query);

  if (mysqli_num_rows($data) == 1) {
    // The user row was found so display the user data
    $row = mysqli_fetch_array($data);
    echo'<h3 id="NCMR2">Non-Conforming Materials Report (NCMR:&nbsp;&nbsp;' . $row['NCMR_ID'] . ')</h3>';
        echo '<form id="all" method="post">';
            echo '<fieldset>';
                if (!empty($row['Added_By']) && empty($row['Added_By_Date'])) {
                    echo '<div id="ab"><span class="b">Added By:&nbsp;&nbsp;</span>' . $row['Added_By'] . '</div>';
                    echo '<div id="abd"><span class="b">On:&nbsp;&nbsp;</span>' . $row['Added_By_Date'] . '</div>';
                    }
        echo '<div id="box">';
            echo '<div id="box1">';
                if (!empty($row['Nexx_Part']) && !empty($row['Nexx_Rev']) && !empty($row['Nexx_Part_Description']) && !empty($row['NCMR_Qty'])) {
                    echo '<div id="np"><span class="b">Nexx Part:&nbsp;&nbsp;</span>' . $row['Nexx_Part'] . '</div>';
                    echo '<div id="nr"><span class="b">Nexx Rev:&nbsp;&nbsp;</span>' . $row['Nexx_Rev'] . '</div>';
                    echo '<div id="npd"><span class="b">Nexx Part Description:&nbsp;&nbsp;</span>' . $row['Nexx_Part_Description'] . '</div>';
                    echo '<div id="ncqt"><span class="b">NCMR Qty:&nbsp;&nbsp;</span>' . $row['NCMR_Qty'] . '</div>';
                    }
                echo '<div id ="JSI">';
                    if (!empty($row['JO']) && !empty($row['SN']) && !empty($row['INV'])) {
                    echo '<div id="JO"><span class="b">JO:&nbsp;&nbsp;</span><br />' . $row['JO'] . '</div>';
                    echo '<div id="SN"><span class="b">SN:&nbsp;&nbsp;</span><br />' . $row['SN'] . '</div>';
                    echo '<div id="INV"><span class="b">INV:&nbsp;&nbsp;</span><br />' . $row['INV'] . '</div>';
                    }
            echo '</div>';
        echo '</div>';
            echo '<div id="box4-1">';
// We know both $ncmrsr AND $ncmrsc are blank
$row['ncmrsr'] = trim($row['ncmrsr']);
$row['ncmrsc'] = trim($row['ncmrsc']);
if (empty($row['ncmrsr']) && empty($row['ncmrsc'])) {
     // add comments.
        echo '<div id="ncmrsr"><span class="b">NCMR Supplier Response:<br /></span><textarea name="ncmrsr" rows="6" cols="85" ></textarea></div><br />';
        echo '<div id="ncmrsc"><span class="b">NCMR Supplier Comment:<br /></span><textarea name="ncmrsr" rows="6" cols="85" ></textarea></div><br />'; 
        echo '<div id="button"><input type="submit" name="submit" value="Enter Comments" /></div>';


        }

else {
// echo the two fields.
                if (!empty($row['ncmrsr']) && !empty($row['ncmrsc'])) {
                    echo '<div id="ncmrsr"><span class="b">NCMR Supplier Response:&nbsp;&nbsp;</span>' . $row['ncmrsr'] . '</div>';
                    echo '<div id="ncmrsc"><span class="b">NCMR Supplier Comment:&nbsp;&nbsp;</span>' . $row['ncmrsc'] . '</div>';
                    }
                    echo '</div>';
echo '</div>';
        echo '</div>';
        echo '</fieldset>';

    echo '</form>';


}  
  mysqli_close($dbc);
}

?>
</body> 
</html>
Solution

  • Your query is missing a '

    $query = "INSERT INTO ncmr ('ncmrsr', 'ncmrsc')  VALUES ('$ncmrsr', '$ncmrsc) WHERE id ='$id'";

    Should be 

    $query = "INSERT INTO ncmr ('ncmrsr', 'ncmrsc')  VALUES ('$ncmrsr', '$ncmrsc') WHERE id ='$id'";

    Notice the ' after $ncmrsc