0

I am a newbie, i want to update the database and when i submit the form to update the record, i get this error

Notice: Undefined index: idno in /Library/WebServer/Documents/practice/employee/edit_employee.php on line 6 Call Stack: 0.0001 633952 1. {main}() /Library/WebServer/Documents/practice/employee/edit_employee.php:0

This is the code

<?php
require_once '../includes/configuration.php';

    if (!isset($_POST['enter']))
    {
        $employee_id_passport = $_GET['idno'];

        $sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
        $result = mysql_query($sql_query, $connection);
        $row = mysql_fetch_assoc($result);


?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">

<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
    <title> </title>

    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>

<body>
    <form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
        Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
        First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
        Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
        Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
        <input type="submit" value="Enter" name="submit" />
    </form>
</body>

<html>
<?php
    }
    else
    {
        $_POST['employee_id_passport'] = $employee_id_passport;
        $_POST['first_name'] = $first_name;
        $_POST['surname'] = $surname;
        $_POST['mobile_number'] = $mobile_number;

        $sql_query_update = "UPDATE employee_master SET first_name = '$first_name',  SET surname = '$surname', SET mobile_number = '$mobile_number', WHERE employee_id_passport = '$employee_id_passport'";

        $result = mysql_query($sql_query_update, $connection);
    }


?>
Improve this question
4
  • 1
    UPDATE syntax is wrong, please refer to dev.mysql.com/doc/refman/5.1/en/update.html Commented May 31, 2011 at 7:07
  • 1
    well...you don't have index 'idno'..check if isset($_GET['idno']) Commented May 31, 2011 at 7:08
  • 1
    SQL INJECTION! Don't ever put variables without proper quoting inside SQL strings! Assume someone called your page with idno=';DELETE FROM employee_master; -- . What do you think would happen? Please always use prepared statements (see here) or use mysql_real_escape_string. Commented May 31, 2011 at 7:20
  • See also here. Commented May 31, 2011 at 7:31

2 Answers 2

Reset to default
1

A few bugs in your code.

  • Never trust Users to input anything without validating and sanitising their data.
  • Always test for and act on errors or unexpected conditions.
  • There is no comma before the WHERE clause in an SQL command.

Try the below:

<?php

require_once '../includes/configuration.php';

if( !isset( $_POST ) ){
 # No Update Form Submission
  if( isset( $_GET['idno'] ) ){
   # ID Number Set for Query
    $employee_id_passport = mysql_real_escape_string( $_GET['idno'] );
    $sql_query = "SELECT * FROM employee_master WHERE employee_id_passport = '$employee_id_passport'";
    if( !( $result = mysql_query( $sql_query , $connection ) ) ){
     # Query Failed
    }elseif( mysql_num_rows( $result )==0 || mysql_num_rows( $result )>1 ){
     # Query Succeeded, but No Rows Returned OR More than One Row Returned
    }else{
      $row = mysql_fetch_assoc( $result );
    }
  }else{
   # No ID Number sent for Query
  }

?><!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
  "http:www.w3.org/TR/xhthml1/DTD/xhtml1-transitional.dtd">
<html xmls="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<title>Employee Search</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<link rel="stylesheet" type "text/css" href="styles/global.css" />
</head>

<body>
<?php if( $row ){ ?>
    <form name="view_employee" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="POST" />
        Employee ID/Passport: <input type="text" name="id_passport" disabled="disabled" value="<?php echo $row['employee_id_passport']; ?>" /> <br />
        First Name: <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" /> <br />
        Surname: <input type="text" name="surname" value="<?php echo $row['surname']; ?>" /> <br />
        Mobile Number: <input type="text" name="mobile_number" value="<?php echo $row['mobile_number']; ?>"/> <br />
        <input type="submit" value="Enter" name="submit" />
    </form>
<?php } ?>
</body>
<html>
<?php
} else {
 # Declare Error Holder
  $error = array();
 # Declare Field Holder
  $field = array();
 # Validate
  if( !isset( $_POST['employee_id_passport'] ) || $_POST['employee_id_passport']=='' )
    $error['employee_id_passport'] = 'No ID/Passport Set';
  elseif( !is_int( $_POST['employee_id_passport'] ) )
    $error['employee_id_passport'] = 'ID/Passport is not a Number';
  else
    $field['employee_id_passport'] = mysql_real_escape_string( $_POST['employee_id_passport'] );

  if( !isset( $_POST['first_name'] ) || $_POST['first_name']=='' )
    $error['first_name'] = 'No First Name Set';
  else
    $field['first_name'] = mysql_real_escape_string( $_POST['first_name'] );

  if( !isset( $_POST['surname'] ) || $_POST['surname']=='' )
    $error['surname'] = 'No First Name Set';
  else
    $field['surname'] = mysql_real_escape_string( $_POST['surname'] );

  if( !isset( $_POST['mobile_number'] ) || $_POST['mobile_number']=='' )
    $error['mobile_number'] = 'No First Name Set';
  else
    $field['mobile_number'] = mysql_real_escape_string( $_POST['mobile_number'] );

  if( !count( $error ) ){
   # Validation was Passed
    $sql_query_update = "UPDATE employee_master
                           SET first_name = '{$field['first_name']}',
                           SET surname = '{$field['surname']}',
                           SET mobile_number = '{$field['mobile_number']}'
                         WHERE employee_id_passport = '{$field['$employee_id_passport']}'";
    if( !( $result = mysql_query($sql_query_update, $connection) ) ){
     # Update Query Failed
    }else{
     # Update Query OK
    }
  }

?>
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

The key idno is not set in your $_GET superglobal. Check your query string for &indo=.

Improve this answer

3 Comments

The $_GET comes from another page, what am i supposed to do about it?
Make sure it is set in the link, else this page will fail.
"how can i do that?" If you see a question mark - "?" - in the address bar of your browser, and "idno=" somewhere to the right of it, then it is set. If not, then you are not sending the "$_GET" parameter properly - review some basic PHP tutorials, like tizag.com/phpT/postget.php

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.