Date of Birth does not show and Form cannot edit in PHP

12
June 10, 2021, at 01:40 AM

I will describe my problems briefly. There are 2 main issues in my web app:

  1. Date of Birth does not show in the edit page (DONE)
  2. I cannot submit my record to the database (partly due to problem 1)

Here is my code:

<?php
$host = "localhost";
$username = "root";
$password = "";
$database = "students";
$mysqli = new mysqli($host, $username, $password, $database);
if (!$mysqli) {
    die("Cannot connect to mysql");
} 
 if (isset($_POST['save'])) {
        // Display errors if all fields are blank
        $errors = [];
        if (strlen(trim($_POST['student_id'])) === 0) {
            $errors['student_id'] = "Không được để trống trường này";            
        }
        if (strlen(trim($_POST['first_name'])) === 0) {
            $errors['first_name'] = "Không được để trống trường này";
        } 
        if (strlen(trim($_POST['last_name'])) === 0) {
            $errors['last_name'] = "Không được để trống trường này";
        } 
        if (strlen(trim($_POST['email'])) === 0) {
            $errors['email'] = "Không được để trống trường này";
        } else {
            if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL)) {
                $errors['email'] = 'Email phải đúng định dạng';
            } 
        }
        if (strlen(trim($_POST['dob'])) === 0) {
            $errors['dob'] = "Không được để trống trường này";
        }        
              
    }
    
    // If there is not any black field, show the information at the index page 
        $id = $_GET['id'];
        $sql = "SELECT * FROM students WHERE id = $id";
        $result = $mysqli->query($sql);
        $students = $result->fetch_assoc(); 
        print_r($students) ;
    if (isset($errors) && count($errors) == 0) {       
        $student_id = $_POST['student_id'];
        $first_name = $_POST['first_name'];
        $last_name = $_POST['last_name'];
        $email = $_POST['email'];
        $dob = $_POST['dob'];
        $sql = "UPDATE students(student_id, first_name, last_name, email, dob) 
                SET student_id = '$student_id', first_name = '$first_name', last_name = '$last_name', email = '$email', dob = '$dob'
                WHERE id = '$id'"; 
        $result = $mysqli->query($sql);
        
        if ($result) {
            header('location: index.php');
        }            
}
?>

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Create Student List</title>
    <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css" integrity="sha384-B0vP5xmATw1+K9KRQjQERJvTumQW0nPEzvF6L/Z6nronJ3oUOFUFpCjEUQouq2+l" crossorigin="anonymous">
    <link rel="stylesheet" href="https://pro.fontawesome.com/releases/v5.10.0/css/all.css" integrity="sha384-AYmEC3Yw5cVb3ZcuHtOA93w35dYTsvhLPVnYs9eStHfGJvOvKxVfELGroGkvsg+p" crossorigin="anonymous"/>
</head>
<body>
    <div class="card">
        <div class="card-body">
            <h3 class="card-title">Create Student</h3>    
            <form method="POST" action="./update.php" id="update">
                <!-- Student ID -->
                <div class="form-group">
                    <label for="student_id">Student ID <span style="color:red;">*</span></label>
                    <input type="text" id="student_id" name="student_id" class="form-control <?php echo isset($errors['student_id']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['student_id'] ?>"> 
                    <?php if (isset($errors) && isset($errors['student_id'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['student_id']; ?></small>
                    <?php } ?> 
                </div>
                
                <!-- First Name -->
                <div class="form-group">
                    <label for="first_name">First Name <span style="color:red;">*</span></label>
                    <input type="text" id="first_name" name="first_name" class="form-control <?php echo isset($errors['first_name']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['first_name'] ?> "> 
                    <?php if (isset($errors) && isset($errors['first_name'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['first_name']; ?></small>
                    <?php } ?> 
                </div>
                <!-- Last Name -->
                <div class="form-group">
                    <label for="last_name">Last name <span style="color:red;">*</span></label>
                    <input type="text" id="last_name" name="last_name" class="form-control <?php echo isset($errors['last_name']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['last_name'] ?>"> 
                    <?php if (isset($errors) && isset($errors['last_name'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['last_name']; ?></small>
                    <?php } ?> 
                </div>
                <!-- Email -->
                <div class="form-group">
                    <label for="email">Email <span style="color:red;">*</span></label>
                    <input type="email" id="email" name="email" class="form-control <?php echo isset($errors['email']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['email'] ?> "> 
                    <?php if (isset($errors) && isset($errors['email'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['email']; ?></small>
                    <?php } ?> 
                </div>
                
                <!-- Date of Birth -->
                <div class="form-group">
                    <label for="dob">Date of Birth <span style="color:red;">*</span></label>
                    <input type="date" id="dob" name="dob" class="form-control <?php echo isset($errors['dob']) ? 'is-invalid' : '' ?>" placeholder="" value="<?php echo $students['dob'] ?> "> 
                    <?php if (isset($errors) && isset($errors['dob'])) { ?>
                        <small id="helpId" class="invalid-feedback"><?php echo $errors['dob']; ?></small>
                    <?php } ?> 
                </div>                
                <!-- Buttons -->
                <button type="submit" class="btn btn-primary" name="save">Save</button>
                <a class="btn btn-secondary" href="./index.php">Cancel</a>
            </form>
        </div>
    </div>

    <script src="https://code.jquery.com/jquery-3.5.1.slim.min.js" integrity="sha384-DfXdz2htPH0lsSSs5nCTpuj/zy4C+OGpamoFVy38MVBnE+IbbVYUew+OrCXaRkfj" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/popper.js@1.16.1/dist/umd/popper.min.js" integrity="sha384-9/reFTGAW83EW2RDu2S0VKaIzap3H66lZH81PoYlFhbGU+6BZp6G7niu735Sk7lN" crossorigin="anonymous"></script>
    <script src="https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/js/bootstrap.min.js" integrity="sha384-+YQ4JLhjyBLPDQt//I+STsc9iw4uQqACwlvpslubQzn4u2UU2UFM80nGisd026JF" crossorigin="anonymous"></script>
</body>
</html>

Here is some pictures about those:

Hopefully, you can help me solve those problems as much as possible. Thank you!

Answer 1

The date of birth issue: extra space at the end of your value tag

value="<?php echo $students['dob'] ?> "

The database issues:

  • malformed update statement
  • insecure, open-to-attack query

You kind of mixed insert and update.

UPDATE students(student_id, first_name, last_name, email, dob) 
SET student_id = '$student_id', first_name = '$first_name', last_name = '$last_name', email = '$email', dob = '$dob'
WHERE id = '$id'

Update statements don't take a field list in parens like you have it. So the statement is failing. However you should really protect again SQL injection attacks by using query binding and prepared statements. Looks like this:

$sql = "UPDATE students SET student_id = '?', first_name = '?', last_name = '?', email = '?', dob = '?' WHERE id = '?'"; 
$query = $mysqli->prepare($sql);
$query->bind_param("isssi", $student_id, $first_name, $last_name, $email, $dob, $id);
$query->execute();

https://www.w3schools.com/php/php_mysql_prepared_statements.asp

READ ALSO
AWS Lambda: Input values needs to be concatenated with error message

AWS Lambda: Input values needs to be concatenated with error message

The query returns the expected result, the request in this forum is regarding the customized error messageIncase of failure the exception needs to stored along with the input values

50
Aggregated query returning 1s where 0&#39;s are expected

Aggregated query returning 1s where 0's are expected

In my devices table, is_muted is 0 for all 4 rows:

52
Parse an HTML string with JS

Parse an HTML string with JS

I searched for a solution but nothing was relevant, so here is my problem:

35
Splitting the text and writing to combo box

Splitting the text and writing to combo box

It's only writes to comboBox1What's the problem? Why doesn't it write to other combo boxes?

31