[RESOLVED] ID is the only field sent

[Nightwalker83]

Hi,

I am working on a website for my church but I can't for the life of me find where I am going wrong with the code below. The only field that gets sent to the database is the "id" field and I can't figure out what maybe stopping the other information from getting through.

HTML Code:

    <!-- TemplateBeginEditable name="main" --><div class="edit"><form name="registeration" class="regform" form action="<?php $_SERVER['PHP_SELF'];?>" method="post" enctype="application/x-www-form-urlencoded" target="_self">
<h2>Child's Name and Address</h2>
<input name="id" type="text" /><br />
<label for="nameochild">Name of child:</label><br />
<input name="nameochild" type="text" /><br />
<label for="address">Address:</label><br />
<input name="address" type="text" /><br />
<label for="postcode">Postcode:</label><br />
<input name="postcode" type="text" /><br />
<br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
<br />

<h2>Your Contact Details</h2>

<label for="landline">Land line:</label><br />
<input name="landline" type="text" /><br />
<label for="mobile">Mobile:</label><br />
<input name="mobile" type="text" /><br />
<label for="email">E-mail:</label><br />
<input name="email" type="text" /><br />
<br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
<br />

<h2>Child's Birthdate and Year level</h2>
<label for="dob">Date of Birth:</label><br />
<input name="dob" type="text" /><br />
<label for="year">School Year Level:</label><br />
<input name="year" type="text" /><br />
<br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
<br />

<h2>Consent</h2>

<input name="genconsent" type="checkbox" value="I consent">I consent</input>
<br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
<br />
<h2>Child's Medical Condition</h2>
<label for="medical">Please identify any medication conditions or special circumstances relating to your child that the leaders <br /> and coordinators of Kids Club should be aware of:</label><br />
<textarea name="medical" cols="60" rows="8"></textarea> <br />
<br />
<input name="photo" type="checkbox" value="">I consent to my child's photo and/or video be taken and/or used in any future advertising.</input><br />
<br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
<br />
<br />
<label for="guardian">Name of Parent or Care Giver:</label><br />
<input name="guardian" type="text" /><br /><br />

<label for="date">Date:</label>
<br />
    <input name="date" type="text" />
    <br />
    <br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
<br />
    <h2>Attendance</h2>
    
    <input name="mon" type="checkbox" value="Monday" /> Monday - Volleyball              $26
    <br/ ><input name="moncare" type="checkbox" value="After Hours Care" />After Hours Care       $15
  <br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
<br />  
    <h2>Extras</h2>
  <p>Any kids attending Kids Club for the first time need to pay an additional $10 for a special Kids Club T-Shirt.</p>

      <input name="t-shirt" type="checkbox" value="t-shirt">
  T-Shirt                            $10</input>
  <br />
  <br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
<br />
  <h2>How did you hear about this program?</h2>
            <input name="church" type="checkbox" value="church" />Church
  <input name="mailout" type="checkbox" value="Mailout" />Mail Out
    <input name="wom" type="checkbox" value="WoM" />Word of Mouth<br />
    <input name="letterbox" type="checkbox" value="letterbox" />Letterbox Drop
    <input name="newspaper" type="checkbox" value="Newspaper" />Newspaper
  <input name="internet" type="checkbox" value="internet" />Internet<br />
  <input name="school" type="checkbox" value="school" />School (please specify) &nbsp;<input name="school" type="text" value="school" /><br />
  <input name="other" type="checkbox" value="other" />Other (please specify)&nbsp;&nbsp;&nbsp;&nbsp;<input name="other" type="text" value="other" />
  <br />
  <br />
    <input name="submit" type="submit" value="Submit Form" />
  &nbsp;
  <input name="reset" type="reset" value="Reset Form" />
  <br />
  <br />
<a href="#top" tabindex="0" title="Back to top of page" target="_top">Back to top of page</a>
  </form>
  <br />  </div><!-- TemplateEndEditable name="main" -->
          </div>
            			<div class="bottomnav">
            &nbsp;<a href="home.php" title="Home">Home</a>&nbsp;|&nbsp;<a href="privacy.php" title="Privacy">Privacy</a>&nbsp;|&nbsp; <a href="mailto:[email protected]?subject=Malvern Uniting Church Kids Club Website Query" target="_blank" title="Contact Web Administrator">Web Administrator</a>
            </div>
            <div class="lastmod"><p>Last modified: <?php include ("time.php")?></p>
           </div>
           </div>

PHP Code:

           <?php
           $id="";       
$child="";
$address="";
$postcode="";
$landline="";
$mobile="";
$email="";
$dob="";
$grade ="";
$phone="";
$genconsent="";
$medical ="";
$photo="";
$guardian="";
$date="";

//connect to server or exit
require_once("conroot.php");

//create database
$query = "CREATE DATABASE IF NOT EXISTS $dbDatabase";
if (mysql_query($query, $conn)) {
echo ("Database create query successful");
}
//select database
if (mysql_select_db($dbDatabase, $conn)) {
echo ("Database selection successful");
}else {
die ("Could not locate $dbDatabase database" .mysql_error());
}
//create table
$query = "CREATE TABLE IF NOT EXISTS $table  (
ID int(2) NOT NULL auto_increment unique,
 Child varchar(30) default NULL,
  Address varchar(30) default NULL,
  Email varchar(50) default NULL,
  Mobile varchar(20) default NULL,
  Postcode varchar(6) default NULL,
  DOB varchar(20) default NULL,
  Grade varchar(2) default NULL,
  Phone varchar(10) default NULL,
  Consent varchar(20) default NULL,
  Medical varchar(100) default NULL,
  Photo varchar(1) default NULL,
  Guardian varchar(20) default NULL,
  Date varchar(8) default NULL,
  PRIMARY KEY  (ID)
) TYPE=MyISAM";


if (mysql_query($query, $conn)) {
//echo ("table  query successful");
}else {
//connect to database or exit
if (!(mysql_select_db($dbDatabase, $conn))){
//echo '&message=db+selection+failed&';
exit;
}
}

//validate or send data.
  if($_SERVER['REQUEST_METHOD'] == "POST"){
// Make sure the data has been sent to the script from html
//convert the POST variables from the html to local variables
if(isset($_POST['id'], $_POST['child'], $_POST['address'], $_POST['postcode'], $_POST['landline'], $_POST['mobile'], $_POST['email'], $_POST['dob'], $_POST['year'], $_POST['genconsent'], $_POST['medical'],$_POST['photo'],$_POST['guardian'], $_POST['date'])){
$id = mysql_real_escape_string($_POST['id']);
$child = mysql_real_escape_string($_POST['nameochild']);
$address = mysql_real_escape_string($_POST['address']);
$postcode = mysql_real_escape_string($_POST['postcode']);
$landline = mysql_real_escape_string($_POST['landline']);
$mobile = mysql_real_escape_string($_POST['mobile']);
$email = mysql_real_escape_string($_POST['email']);
$dob = mysql_real_escape_string($_POST['dob']);
$grade = mysql_real_escape_string($_POST['year']);
//$genconsent = mysql_real_escape_string($_POST['genconsent']);
$medical = mysql_real_escape_string($_POST['medical']);
//$photo = mysql_real_escape_string($_POST['photo']);
$guardian = mysql_real_escape_string($_POST['guardian']);
$date = mysql_real_escape_string($_POST['date']);
}
//send mysql a query to select records from the products table where the id's match. If the query fails exit
if (!($result = mysql_query("SELECT * FROM $table where ID= '$id'"))){
echo '&message=query+failed&';
exit;
}
//Retrieve the number of rows (records)that have been returned from above query
$num_results = mysql_num_rows($result);
if($num_results <= 0) {//record does not exist so insert
$query = "INSERT INTO kids (ID, Child, Address, Postcode, Landline, Mobile, Email, DOB, Grade, Medical, Guardian, Date)
VALUES ('$id','$child', '$address', '$postcode', '$landline','$mobile','$email','$dob', '$grade','$medical ','$guardian','$date')";
if (mysql_query($query , $conn)){
$update = "UPDATE kids SET Child = '$child', WHERE ID = '$id'";
}else{
    exit;
    }
if(!mysql_query($update, $conn)){
echo "&message=the+details+have+been+updated&";
}else{
echo "&message=update+not+successful&";
}
}
  }
           ?>

So far I have only coded the php up until the date field so I could make sure the php was working before continuing on with the rest of the code. I have compared this code with working code Id done before (look on my website) and as far as I can tell they are the same.

Edit:

The code for conroot.php can be found here.

Thanks,


Aaron

[dclamp]

have you used or die(mysql_error()); ? This may explain something. I read over it quickly and saw nothing wrong.

Why are you updating your database, right after you input everything?

PHP Code:

if($num_results <= 0) {//record does not exist so insert
$query = "INSERT INTO kids (ID, Child, Address, Postcode, Landline, Mobile, Email, DOB, Grade, Medical, Guardian, Date)
VALUES ('$id','$child', '$address', '$postcode', '$landline','$mobile','$email','$dob', '$grade','$medical ','$guardian','$date')";
if (mysql_query($query , $conn)){
$update = "UPDATE kids SET Child = '$child', WHERE ID = '$id'";
}else{
... 


[Nightwalker83]

have you used or die(mysql_error()); ? This may explain something. I read over it quickly and saw nothing wrong.

Why are you updating your database, right after you input everything?

That is a good question! However, I have tried commenting out the update code but when I do nothing is put in the database. This is the update code I used in a working data input system:

PHP Code:

if (mysql_query($query , $conn)){
$update = "update customers set FName='$fname', LName='$lname' where customerid='$cid'";
echo "&message=the+customer+'$fname'+'$lname'+has+been+successfully+added&";
}else{
echo '&message=the+insert+was+not+successful&';
}
if(!mysql_query($update, $conn)){
echo "&message=the+details+have+been+updated&";
}else{
echo "&message=update+not+successful&";
} 


[kows]

the key to debugging in the first place is creating break points that allow you to find out where the script is failing. you have no clue where the script is failing.

first of all, $_POST['genconsent'] and $_POST['photo'] are both checkboxes and will not be set if the checkboxes are not checked; therefore, having a long isset() call that lists every item in your form (including those checkboxes) is probably a bad idea if those checkboxex are optional. I have no idea what the case is, but even if it were required I would have a separate check for them so that an error could be displayed to the user.

second, if this long isset() call fails, the script should not be continuing! why would it continue? the form was not submitted properly if this isset() call fails. the script should either exit (which you have a lot of in this script, and I would discourage), or all of the code that should happen should be also nested within this statement.

so, that thing about breakpoints? first, when you check if $_SERVER['REQUEST_METHOD'] is equal to POST, throw these lines in afterward:

PHP Code:

if($_SERVER['REQUEST_METHOD'] == "POST"){
  echo '<pre>';
  print_r($_POST); 


now, you can see exactly what was submitted from the form.

inside of the long isset() statement, throw an echo to let you know if this piece of code was successful or not.

PHP Code:

if(isset( .... )){
  echo "the isset() statement executed!"; 


then, inside of the statement where you check if the INSERT query was successful, throw another echo. this will let you know WHAT query (you might have PHP [not MySQL] syntax errors, after all) was executed (if it was successful).

PHP Code:

if(mysql_query($query)){
  echo "$query\r\n\r\n the above was executed successfully"; 


after adding these break points, you'll know exactly what is and isn't executing in your script, and you'll also know all of the form data that is being submitted in the first place. double check your isset() statement against all of the data that has been submitted (except for the checkboxes, perhaps).

and yeah. you just did an INSERT with $id and $child; why would you then do an UPDATE setting the child of $id to $child? this makes no sense. that update should not be there at all -- you are free to get rid of it. the syntax of that statement is invalid, anyway; you can't have a comma in the middle of a statement like you do. commas are for separating fields (which you have done in the code you copied from), and you only have one field in this case. I would suggest you stop copying and pasting your old code, and rewrite it while putting a little thought into it instead. this should help you better understand things.

oh, and you're using <label>s wrong. the for attribute is for a corresponding ID, not the name of an element:

HTML Code:

<label for="name">Enter name: </label>
<input id="name" name="whatever_else" />

and for your checkboxes, you should use a label for the text rather than having it enclosed in your <input>:

HTML Code:

<input type="checkbox" id="consent" name="genconsent" />
<label for="consent">Do you consent to experimental radiation therapy?</label>

this will let a user "check" your checkbox by clicking on the label text.

feel free to ask more questions if you're confused about all of that stuff I rambled about early on in this post.

[Nightwalker83]

I did what you said about the print_r($_post) and this was the result:

Array
(
[id] => 1
[nameochild] => A
[address] => A
[postcode] => A
[landline] => A
[mobile] => A
[email] => A
[dob] => A
[year] => A
[consent] => I provide my consent for the leader, or delegates of Kids Club, where it is impracticable to communicate with me, to seek and arrange any such medical or surgical attention as the leader or authorized delegates may deem necessary for the well-being of my child, at any time during Kids Club. I authorize the use of ambulance and/or anesthetic and any other medical treatment deemed necessary by a qualified medical practitioner, if in their judgment it is necessary for the pay all expenses associated with any medical expenses of ambulance fees incurred. I agree to indemnify the leaders and authorized delegates of Kids Club and any other person connected with Kids Club against any responsibility for personal injury, loss or theft of property affecting my child.
[genconsent] => I consent
[medical] => ;;
[photo] =>
[guardian] => 1
[date] => 8
[school] => school
[other] => other
[submit] => Submit Form
)

That seems correct although, I don't see why the school and other fields are included when they aren't even the fields where I am looking for data.

Also, I am receiving the error below although on previous sites I have made the code

Notice: Undefined variable: update in C:\wamp\www\Kids Club\php\registeration.php on line 361

PHP Code:

if(!mysql_query($update, $conn)){
    echo "&message=the+details+have+been+updated&";
}else{
echo "&message=update+not+successful&";
} 


Where I made $update equal:

PHP Code:

if (mysql_query($query , $conn)){
    $update = "update kids set where ID='$id'";
echo "&message=the+record+'$child'+has+been+successfully+added&";
}else{
echo '&message=the+insert+was+not+successful&';
} 


I checked my websites which are working correctly and they used the same code without having to put:

PHP Code:

    $update = ""; 


at the top of the php in order for the code to work correctly.

[kows]

if you're getting an undefined variable error, then somewhere in your script you are trying to use $update and it has not yet been defined. if $update is only defined in the portion of code you posted (within an IF statement), then it's no wonder. you are only defining $update if this query succeeds, but you are most likely always calling mysql_query() on $update, even if $update does not exist. your call to mysql_query() should be nested in the IF statement as well.

and I don't understand what you don't get about the whole print_r() thing. print_r() prints out the entire contents of an array. the array in question is the superglobal $_POST. $_POST is populated by having a form submitted; all of the elements defined via the name attribute within that form will be represented in this array. so, that means you have some elements named school and other on your form. if you don't want these things to be in your $_POST array, then don't name them on your form?

anyhow, you really still didn't follow the rest of the advice I gave you in my last post -- using print_r() simply displays whatever data is being submitted from your form. it doesn't actually help you in this case, because obviously the data is being submitted correctly (though you are submitting a bunch of irrelevant data that you should probably not be). you haven't even touched on the rest of what I had said, though.

add the break point echos and run your script to find out what's happening.

[Nightwalker83]

For some reason the insert query isn't firing and thus the code following returns the fail error message. This is the insert code I'm using:

PHP Code:

$query = "INSERT INTO kids (ID, Child, Address, Postcode, Landline, Mobile, Email, DOB, Grade, Medical, Guardian, Date)
VALUES ('$id','$child', '$address', '$postcode', '$landline','$mobile','$email','$dob', '$grade','$medical ','$guardian','$date')"; 


[kows]

you should be echoing out the actual query so that you can see what it looks like when MySQL is actually trying to execute it (and possibly running it through MySQL yourself to see what errors it actually returns). my first suggestion would be to put ` (that's the tilde key) quotes around your field names. date is a reserved word and may cause an error.

[Nightwalker83]

Thanks kows! I finally managed to make the input system work using this code:

PHP Code:

        <?php
           $id="";       
$child="";
$address="";
$postcode="";
$landline="";
$mobile="";
$email="";
$dob="";
$grade ="";
$phone="";
$genconsent="";
$medical ="";
$photo="";
$guardian="";
$booking="";

//connect to server or exit
require_once("conroot.php");

//create database
$query = "CREATE DATABASE IF NOT EXISTS $dbDatabase";
if (mysql_query($query, $conn)) {
echo ("Database create query successful");
}
//select database
if (mysql_select_db($dbDatabase, $conn)) {
echo ("Database selection successful");
}else {
die ("Could not locate $dbDatabase database" .mysql_error());
}
//create table
$query = "CREATE TABLE IF NOT EXISTS $table  (
ID int(2) NOT NULL auto_increment,
 Child varchar(30) default NULL,
  Address varchar(30) default NULL,
  Email varchar(50) default NULL,
  Mobile varchar(20) default NULL,
  Postcode varchar(6) default NULL,
  DOB varchar(20) default NULL,
  Grade varchar(2) default NULL,
  Phone varchar(10) default NULL,
  Consent varchar(20) default NULL,
  Medical varchar(100) default NULL,
  Photo varchar(1) default NULL,
  Guardian varchar(20) default NULL,
  Date varchar(8) default NULL,
  PRIMARY KEY  (ID)
) TYPE=MyISAM";


if (mysql_query($query, $conn)) {
//echo ("table  query successful");
}else {
//connect to database or exit
if (!(mysql_select_db($dbDatabase, $conn))){
//echo '&message=db+selection+failed&';
exit;
}
}

//validate or send data.
  if($_SERVER['REQUEST_METHOD'] == "POST"){
      //echo '<pre>';
  //print_r($_POST);  
 
// Make sure the data has been sent to the script from html
//convert the POST variables from the html to local variables


$id = mysql_real_escape_string($_POST['id']);
$child = mysql_real_escape_string($_POST['nameochild']);
$address = mysql_real_escape_string($_POST['address']);
$postcode = mysql_real_escape_string($_POST['postcode']);
$landline = mysql_real_escape_string($_POST['landline']);
$mobile = mysql_real_escape_string($_POST['mobile']);
$email = mysql_real_escape_string($_POST['email']);
$dob = mysql_real_escape_string($_POST['dob']);
$grade = mysql_real_escape_string($_POST['year']);
//$genconsent = mysql_real_escape_string($_POST['genconsent']);
$medical = mysql_real_escape_string($_POST['medical']);
//$photo = mysql_real_escape_string($_POST['photo']);
$guardian = mysql_real_escape_string($_POST['guardian']);
$booking = mysql_real_escape_string($_POST['booking']);

//send mysql a query to select records from the kids table where the id's match. If the query fails exit
if (!($result = mysql_query("SELECT * FROM $table where ID='$id'"))){
echo '&message=query+failed&';
exit;
}

//Retrieve the number of rows (records)that have been returned from above query
$num_results = mysql_num_rows($result);
if($num_results <= 0) {//record does not exist so insert
$query = "INSERT INTO $table (
ID ,
Child ,
Address ,
Email ,
Mobile ,
Postcode ,
DOB ,
Grade ,
Phone ,
Consent ,
Medical ,
Photo ,
Guardian ,
Date
)
VALUES (
'$id', '$child', '$address', '$email', '$mobile', '$postcode', '$dob', '$grade', '$landline', '$genconsent', '$medical', '$photo', '$guardian', '$booking'
)";
}
//echo $query;

if (mysql_query($query, $conn)){
echo "&message=the+record+'$child'+has+been+successfully+added&";
}else{
echo '&message=the+insert+was+not+successful&';
}
  }
           ?>

Although, as you can see the above code I removed the isset function because it was not functioning. I am not sure why when I echoed the $query the data was listed.