Strange problem with form proccesing

Client Joined: Oct 07, 2003 Posts: 735 Location: Ohio

I don't understand why this is happening. My addsoldier page works perfectly, but my editsoldier page will not update some fields in the table. The table is my milpacs_members where I have uniform, rank_id, flag, u_name, nuke_username, location... etc.

The fields are display when I access the page but I cannot edit the u_name field. I have tried but it just stays the same. I cannot edit the nuke_username field but it doesn't stay the same. When I attempt to edit it blanks out the field instead, leaving it empty. I can update any other field on the page excpet for these two and I don't know why.

Need some fresh eyes on this. nuke_username is used to match the account in the nuke_users table and "autologin" a user to private pages in my module. I got this to work but found this bug in my editsoldier page when attempting to edit the nuke_username.

Any help is mucho appreciated.

Code:

<?php


/************************************************************************/


/* MILPACS (Military Personell and Classification System)               */


/* Author::Donovan [3rd ID]                                    */


/* Copyright (c) 2005 by Steven Donovan AKA Donovan [3rd ID]         */


/* Email:: [ Only registered users can see links on this board! Get registered or login! ]


/* Homepage::http://www.3rd-infantry-division.net                  */


/*                                                      */


/* This program is free software; you can redistribute it and/or modify */


/* it under the terms of the GNU General Public License as published by */


/* the Free Software Foundation; either version 2 of the License.       */


/*                                                                      */


/* This program is distributed in the hope that it will be useful, but  */


/* WITHOUT ANY WARRANTY; without even the implied warranty of           */


/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU     */


/* General Public License for more details.                             */


/*                                                                      */


/* If you want a copy of the GNU General Public License write to the    */


/* Free Software Foundation, Inc.                              */


/* 59 Temple Place, Suite 330, Boston, MA 02111-1307               */


/* USA                                                                  */


/************************************************************************/


/*********************************************************/


/* Edit Soldier                                          */


/*********************************************************/





if (!defined('ADMIN_FILE')) { 


die ("Access Denied"); 


} 





define('INDEX_FILE', false);


$index = 0;


include_once("header.php");


global $module_name, $db, $prefix, $admin_file;   





   if ($op == "SaveSoldier") {


   // Validations go here


   // If all validations passed, save and exit, otherwise, redisplay with errors


   $id = intval($_POST['id']);


   $rank_id = intval($rank_id);


   $unit_id = intval($unit_id);


   $weapon_id = intval($weapon_id);


   $subunit_id = intval($subunit_id);


   $adminunits;


   $num_of_adminunits = sizeof($_POST[admin_unit_id]);


   $k = 0;


   for ($i=0; $i < $num_of_adminunits; $i++) {


      $ifDuplicated = false;


      $test_for_duplication = explode(",",$adminunits);


      if ($_POST[admin_unit_id][$i]) {


         for ($j=0; $j < sizeof($test_for_duplication); $j++) {


            if ($_POST[admin_unit_id][$i] == $test_for_duplication[$j])


               $ifDuplicated = true;


         }


         if (!$ifDuplicated) {


            if ($k > 0)


               $adminunits .= ",";


            $adminunits .= $_POST[admin_unit_id][$i];


            $k++;


         }


      }


   }


//      Order in increasing numerical order


   $admin_array = explode(",",$adminunits);


   sort($admin_array);


   $adminunits = "";


   for ($i=0; $i <= sizeof($admin_array); $i++) {


      if ($admin_array[$i] != "")


         $adminunits .= $admin_array[$i] . ",";


   }


//   $email = addslashes($email);


   $bio = addslashes($bio);


   $sql = "UPDATE " . $prefix . "_milpacs_members set


      uniform = '$uniform',


      rank_id = $rank_id,


      flag = '$flag',


      u_name = '$soldierName',


      nuke_username = '$nukeusername',


      location = '$location',


      status = '$status',


      p_mos = '$p_mos',


      unit_id = $unit_id,


      subunit_id = $subunit_id,


      adminunits = '$adminunits',


      reports = '$reports',


      position = '$position',


      weapon_id = $weapon_id,


      enlistment_dt = '$enlistment_dt',


      promotion_dt = '$promotion_dt',


      icq = '$icq',


      email = '$email',


      bio = '$bio'


      WHERE uniqueid ='$id'";


   $update = $db->sql_query($sql);


}





   // If not saving, load values from database


if ($op != "SaveSoldier") {


   $id = intval($_GET['id']);


   $result = $db->sql_query("SELECT * FROM " . $prefix . "_milpacs_members mm JOIN " . $prefix . "_milpacs_units mu JOIN " . $prefix . "_milpacs_weapons mw WHERE mm.uniqueid ='$id' AND mm.unit_id = mu.unit_id AND mm.weapon_id = mw.weapon_id");


   $info = $db->sql_fetchrow($result);


   if (!$result) {


      echo("<p>Error performing query: " . mysql_error() . "</p>");


      exit();


   } else {


      $soldierName = $info[u_name];


      $nukeusername = $info[nuke_username];


      $uniform = $info[uniform];


      $rank_id = $info[rank_id];


      $flag = $info[flag];


      $location = $info[location];


      $status = $info[status];


      $p_mos = $info[p_mos];


      $unit_id = $info[unit_id];


      $subunit_id = $info[subunit_id];


      $adminunits = $info[adminunits];


      $reports = $info[reports];


      $position = $info[position];


      $weapon_id = $info[weapon_id];


      $qual = $info[qual];


      $enlistment_dt = $info[enlistment_dt];


      $promotion_dt = $info[promotion_dt];


      $icq = $info[icq];


      $email = $info[email];


      $bio = stripslashes($info[bio]);


   }


}


$DOCUMENT_ROOT = $_SERVER['DOCUMENT_ROOT'];


// Load Uniform images (Rank, Flag)


$urlofimages="$DOCUMENT_ROOT/modules/MILPACS/images/uniform/";


$uniformselecthtml = "<select name=\"uniform\">";


$uniformselecthtml .= "<option value=\"\">Select Uniform Image</option>";


if ($handle=@opendir($urlofimages)) { 


   while ($imgfile = readdir($handle)) {


      if ($imgfile != "." && $imgfile != ".." && $imgfile != "" && $imgfile != "index.html" && $imgfile != "WS_FTP.LOG" && $imgfile != "Thumbs.db") {


         if ($imgfile==$uniform) {


            $uniformselecthtml .= "<option value =\"$imgfile\" selected>$imgfile</option>";


         } else {


            $uniformselecthtml .= "<option value =\"$imgfile\" >$imgfile</option>";


         }


      }


   }


   @closedir($handle);


}


$uniformselecthtml .= "</select>";


// Load Ranks


$rankselecthtml = "<select name=\"rank_id\">";


$rankselecthtml .= "<option value=\"\">Select Rank</option>";


$result2 = $db->sql_query("SELECT * FROM " . $prefix . "_milpacs_ranks order by rankname");


while ($rankrow = $db->sql_fetchrow($result2)) {


   if ($rankrow[rank_id]==$rank_id) {


      $rankselecthtml .= "<option value =\"$rankrow[rank_id]\" selected>$rankrow[rankname]</option>";


   } else {


      $rankselecthtml .= "<option value =\"$rankrow[rank_id]\" >$rankrow[rankname]</option>";


   }


}


$rankselecthtml .= "</select>";


// Load Flag images


$urlofimages="$DOCUMENT_ROOT/modules/MILPACS/images/flags/";


$flagselecthtml = "<select name=\"flag\">";


$flagselecthtml .= "<option value=\"\">Select Flag Image</option>";


if ($handle=@opendir($urlofimages)) { 


   while ($imgfile = readdir($handle)) {


      if ($imgfile != "." && $imgfile != ".." && $imgfile != "" && $imgfile != "index.html" && $imgfile != "WS_FTP.LOG" && $imgfile != "Thumbs.db") {


         if ($imgfile==$flag) {


            $flagselecthtml .= "<option value =\"$imgfile\" selected>$imgfile</option>";


         } else {


            $flagselecthtml .= "<option value =\"$imgfile\" >$imgfile</option>";


         }


      }


   }


   @closedir($handle);


}


$flagselecthtml .= "</select>";





// Load Weapons


$weaponselecthtml = "<select name=\"weapon_id\">";


$weaponselecthtml .= "<option value=\"\">Select Weapon</option>";


$result3 = $db->sql_query("SELECT * FROM " . $prefix . "_milpacs_weapons order by make");


while ($weaponrow = $db->sql_fetchrow($result3)) {


   if ($weaponrow[weapon_id]==$weapon_id) {


      $weaponselecthtml .= "<option value =\"$weaponrow[weapon_id]\" selected>$weaponrow[make]</option>";


   } else {


      $weaponselecthtml .= "<option value =\"$weaponrow[weapon_id]\" >$weaponrow[make]</option>";


   }


}


$weaponselecthtml .= "</select>";





// Load Unit


$unitselecthtml = "<select name=\"unit_id\">";


$unitselecthtml .= "<option value=\"\">Select Unit</option>";


$result4 = $db->sql_query("SELECT * FROM " . $prefix . "_milpacs_units order by unit_name");


while ($unitrow = $db->sql_fetchrow($result4)) {


   if ($unitrow[unit_id]==$unit_id) {


      $unitselecthtml .= "<option value =\"$unitrow[unit_id]\" selected>$unitrow[unit_name]</option>";


   } else {


      $unitselecthtml .= "<option value =\"$unitrow[unit_id]\" >$unitrow[unit_name]</option>";


   }


}


$unitselecthtml .= "</select>";





// Load Status


$statusselecthtml = "<select name=\"status\">\n<option value=\"\">Select Status</option>";


$wStatus = array("Active", "LOA", "Long Term LOA", "Retired", "Discharged");


for ($i=0; $i < sizeof($wStatus); $i++) {


   if ($status == $wStatus[$i])


      $statusselecthtml .= "<option value='$wStatus[$i]' selected>$wStatus[$i]</option>";


   else


      $statusselecthtml .= "<option value='$wStatus[$i]'>$wStatus[$i]</option>";


}


$statusselecthtml .= "</select>";





// Load Reporting Official


// Not Used!!


//$reportselecthtml = "<select name=\"uniqueid\">";


//$reportselecthtml .= "<option value=\"\">Select Reporting Official</option>";


//$result6 = $db->sql_query("SELECT u_name, uniqueid, report_id FROM " . $prefix . "_milpacs_members WHERE status IN ('Active','LOA','Long Term LOA'");


//while ($reportrow = $db->sql_fetchrow($result6)) {


//   if ($reportrow[report_id]==$uniqueid) {


//      $reportselecthtml .= "<option value =\"$reportrow[uniqueid]\" selected>$reportrow[u_name]</option>";


//   } else {


//      $reportselecthtml .= "<option value =\"$reportrow[uniqueid]\" >$reportrow[u_name]</option>";


//   }


//}


//$reportselecthtml .= "</select>";








// Load Subunit


$subunitselecthtml = "<select name=\"subunit_id\">\n<option value=\"\">Select Subunit</option>";


$result5 = $db->sql_query("SELECT * FROM " . $prefix . "_milpacs_subunit WHERE unit_id = '$unit_id' ORDER BY subunit_name");


while ($subunit_row2 = $db->sql_fetchrow($result5)) {


   if ($subunit_row2[subunit_id] == $subunit_id)


      $subunitselecthtml .= "<option value =\"$subunit_row2[subunit_id]\" selected>$subunit_row2[subunit_name]</option>";


   else


      $subunitselecthtml .= "<option value =\"$subunit_row2[subunit_id]\">$subunit_row2[subunit_name]</option>";


}


$subunitselecthtml .= "</select>";





// Load Admin Units


$num_of_admin_units = 0;


$adminunitselecthtml = "";


$result8 = $db->sql_query("SELECT * FROM " . $prefix . "_milpacs_adminunit");


while ( $adminunits_row = $db->sql_fetchrow($result8) ) {


   $num_of_admin_units++;


}


$adminunitarray = explode(",",$adminunits);


$noa_admin_units = sizeof($adminunitarray);


for ($i=0; $i < $noa_admin_units; $i++) {


   if ($i > 0)


      $adminunitselecthtml .= "<br>\n";


   $adminunitselecthtml .= "<select name=\"admin_unit_id[]\">\n<option value=\"\">Add New Admin Unit</option>";


   $result7 = $db->sql_query("SELECT * FROM " . $prefix . "_milpacs_adminunit ORDER BY admin_unit_name");


   while ( $adminunit_row = $db->sql_fetchrow($result7) ) {


      $adminunit_id[$i] = $adminunit_row[admin_unit_id];


      $adminunit_name[$i] = $adminunit_row[admin_unit_name];


      if ($adminunit_id[$i] == $adminunitarray[$i-1])


         $adminunitselecthtml .= "<option value=\"$adminunit_id[$i]\" selected>$adminunit_name[$i]</option>";


      else


         $adminunitselecthtml .= "<option value=\"$adminunit_id[$i]\">$adminunit_name[$i]</option>";


   }


   $adminunitselecthtml .= "</select>";


}





OpenTable();


echo "<p><a href=\"admin.php?op=milpacs\">Return to Main Administration</a></p>";


echo " <form name=\"editsoldier\" action=\"".$admin_file.".php\" method=\"post\">"


?>


<table width="100%" border="2" cellpadding="2" align="center" cellspacing="0" style="border-collapse: collapse;" bgcolor="#555555" bordercolor="#111111">


   <tr>


      <td align="center" bgcolor="#777777"><b><font color="#000000">Personnel File of <?php echo $soldierName ?></font></b></td>


   </tr>   


   <tr>


      <td align="center" bgcolor="#777777"> Uniform image: <?php echo $uniformselecthtml ?></td>


   </tr>


   <tr>


      <td align="center" bgcolor="#777777"> Rank image: <?php echo $rankselecthtml ?></td>


   </tr>


   <tr>


      <td align="center" bgcolor="#777777"> Flag image: <?php echo $flagselecthtml ?></td>


   </tr> 


</table>


<table width="100%" border="2" cellpadding="2" align="center" cellspacing="0" style="border-collapse: collapse;" bgcolor="#555555" bordercolor="#111111">


   <tr>


      <td height="25" colspan="2" align="left" bgcolor="#666633"><b><font color="#000000">Vital Statistics</font></b></td>


   </tr>


   <tr>


      <td align="center" bgcolor="#999999">


<table width="100%" border="1" cellpadding="2" cellspacing="1" style="border-collapse: collapse;" id="AutoNumber1" bordercolor="#111111"> 


      </td>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Name:</font></b></td>


      <td width="50%"><input type="text" name="soldierName" value="<?php echo $soldierName ?>"/></td>


   </tr>


   <tr>


          <td width="50%" align="right"><b><font color="#660033">(For Drill Access) Nuke Name:</font></b></td>


        <td width="50%"><input type="text" name="nuke_username" value="<?php echo $nukeusername ?>"/></td>


    </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Location:</font></b></td>


      <td width="50%"><input type="text" name="location" value="<?php echo $location ?>"/></td>


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Status:  </font></b></td>


      <td width="50%"><?php echo $statusselecthtml ?></td>


   </tr>


   <tr>


      <td width="50%"><p align="right"><font color="#660033"><b>Primary MOS:</b></font></td>


      <td width="50%"><input type="text" name="p_mos" value="<?php echo $p_mos ?>"/></td>


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Combat Unit:</font></b></td>


      <td width="50%"><?php echo $unitselecthtml ?></td>


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Combat Subunit:</font></b></td>


      <td width="50%"><?php echo $subunitselecthtml ?></td>


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Admin Units:</font></b></td>


      <td width="50%"><?php echo $adminunitselecthtml ?></td>


   </tr>


   <tr>


      <td width="50%"><p align="right"><b><font color="#660033">Reports to:</font></b></td>


      <td width="50%"><input type="text" name="reports" value="<?php echo $reports ?>"/></td>      


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Position:</font></b></td>


      <td width="50%"><input type="text" name="position" value="<?php echo $position ?>"/></td>


   </tr>


   <tr>


      <td width="50%" align="right"><font color="#660033"><b>Weapon:</b></font></td>


      <td width="50%"><?php echo $weaponselecthtml ?></td>


   </tr>


   <tr>


      <td width="50%"><p align="right"><font color="#660033"><b>Qualifications:</b></font></td>


      <td width="50%"><input type="text" name="qual" value="<?php echo $qual ?>"/></td>


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Enlisted Date:</font></b></td>


      <td width="50%"><input type="text" name="enlistment_dt" value="<?php echo $enlistment_dt ?>"/>


      <a href="javascript:showCal('Enlistment');"><img src="modules/MILPACS/images/icon_calendar.gif" title="Select Date" alt="Select Date"></a>


      </td>


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">Promoted Date:</font></b></td>


      <td width="50%"><input type="text" name="promotion_dt" value="<?php echo $promotion_dt ?>"/>


      <a href="javascript:showCal('Promoted');"><img src="modules/MILPACS/images/icon_calendar.gif" title="Select Date" alt="Select Date"></a>


      </td>


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">ICQ#:  </font></b></td>


      <td width="50%"><input type="text" name="icq" value="<?php echo $icq ?>"/></td>


   </tr>


   <tr>


      <td width="50%" align="right"><b><font color="#660033">E-mail:</font></b></td>


      <td width="50%"><input type="text" name="email" size="35" maxlength="35" value="<?php echo $email ?>"/></td>


   </tr>


</table>


</table>


<table width="100%" border="2" cellpadding="2" align="center" cellspacing="0" style="border-collapse: collapse;" bgcolor="#555555" bordercolor="#111111">


   <tr>


      <td align="left" bgcolor="#666633"><b><font color="#000000">Personal Bio</font></b></td>


   </tr>


   <tr>


      <td align="left" bgcolor="#999999">   <textarea name="bio" cols="130" colspan="1" rows="6"><?php echo $bio ?></textarea></td>


   </tr>


</table>


<br>


<input type="hidden" name="op" value="SaveSoldier"/>


<input type="hidden" name="profilename" value="<?php echo $soldierName ?>"/>


<input type="hidden" name="nukename" value="<?php echo $nukeusername ?>"/>


<input type="hidden" name="id" value="<?php echo $id ?>"/>


<input type="submit" class="button" align="center" value="Update"/>


</form>


<?php


CloseTable();


include_once("footer.php");


?>

Posted: Tue Mar 07, 2006 6:03 am

Donovan, are you tired of me yet? Wink

I have a hunch that you really need to explicitly "cleanse" and "validate" each of your POST variables. I am thinking that some of your fields are not being set? You could echo each one before your update statement to see for sure.

Up in this section here:

Code:

  if ($op == "SaveSoldier") { 


   // Validations go here 


   // If all validations passed, save and exit, otherwise, redisplay with errors 


   $id = intval($_POST['id']); 


   $rank_id = intval($rank_id); 


   $unit_id = intval($unit_id); 


   $weapon_id = intval($weapon_id); 


   $subunit_id = intval($subunit_id); 


   $adminunits; 


   $num_of_adminunits = sizeof($_POST[admin_unit_id]);

I would make sure each of your POST variables that you will use down below in your SQL UPDATE statement have been assigned and cleansed in this up-front code.

Also, not sure what this line is:

$adminunits;

That needs an assignment of some sort?

Now, for the real question. In your update statement, you have this line:

nuke_username = '$nukeusername',

Where is $nukeusername getting set? I cannot find it being set BEFORE you get to the UPDATE statement. This is why I mentioned the initial comments first with regards to setting all your incoming POST variables.

Do not rely on register_globals to get your post variables. This can cause you issues -- potentially -- down the road. In addition, if you were ever to release this module (which I do not think is your intent), you would be opened up to too many possible hack attempts. You need to know how every variable is being used and ensure up-front, that it is being properly cleansed and validated. Now, luckily, these are sitting behind admin right? That is another layer of protection as long as you have ensured that only admins can get in AND that each separate script cannot be accessed directly.

Posted: Tue Mar 07, 2006 11:19 am

montego wrote:

Donovan

I have a hunch that you really need to explicitly "cleanse" and "validate" each of your POST variables. I am thinking that some of your fields are not being set? You could echo each one before your update statement to see for sure.

Up in this section here:

Code:

  if ($op == "SaveSoldier") { 


   // Validations go here 


   // If all validations passed, save and exit, otherwise, redisplay with errors 


   $id = intval($_POST['id']); 


   $rank_id = intval($rank_id); 


   $unit_id = intval($unit_id); 


   $weapon_id = intval($weapon_id); 


   $subunit_id = intval($subunit_id); 


   $adminunits; 


   $num_of_adminunits = sizeof($_POST[admin_unit_id]);

I would make sure each of your POST variables that you will use down below in your SQL UPDATE statement have been assigned and cleansed in this up-front code.

But if I am editing the data in the table aren't I just setting it to whatever is in the field? Hence the use of _POST isn't even used very much in my editsoldier page. I think I am going to have trouble with this. I'll start echoing out my variables to see what they are before the update.

Posted: Tue Mar 07, 2006 12:41 pm

Besides what Montego posted there is code in your SQL update statement where you don't have single quotes around:

Code:

rank_id = $rank_id,

Don't know if that could be the source of your problem or not but the two fields you are having trouble with come right after that.

A couple of other things:

1. I've seen that a lot of Chatserv's patch fixes seem to involve putting single quotes around items being read in. So if you say " $soldierName = $info[u_name];" the u_name would be single quoted. I've tried it with similar code both with and without the single quotes and it "works" but I've always wondered what the security advantage is. The same is true with post variables you are reading in; I believe that the "proper" way is to single quote them.

2. I'm just trying to teach myself html 4.01 compliance and you have a lot of font codes right in the html. Validators will tell you that they are deprecated and should be replaced with styles. I know you are just trying to get this thing to work but as long as we are developing "new" code we might as well fix it so we don't have to go back later and convert it.

Other than that I'd be doing what Montego suggested and echoing the values especially before the SQL update statement to see what is going in there. A lot of times if I have something squirrely like that going on I will keep a PHPmyadmin window open and browsing the file and I'll have the record I'm trying to update up right before the update and then refresh it right after. That way I can isolate exactly where and when the problem happens. If you have $nukeusername being echoed okay right before it goes into the SQL update statement and then the update runs and the record isn't updated ... well I'd be looking at field types or something like that. I'd also echo back $sql right after the assignment and before the update and pick thru that pretty carefully.

Posted: Tue Mar 07, 2006 2:54 pm

I added all the single quotes and still same result. When I manually update the field using phpMyadmin in the table to Donovan [3rd ID] and then access editsoldier by using my uniquied I see the field displayed as it should. So the variable is set upon entering the script. (By the way I can update my u_name now, just not the $nukeusername = $info['nuke_username'] Wink

When I submit is when the field is blanked out or emptied.

I can successfully echo out $nukeusername before I click submit. After the field is empty.

Posted: Tue Mar 07, 2006 3:21 pm

The hidden field that you have on your form has the name "nukename". That displays $nukeusername in the form but when the form is submitted the value will be in something called $_POST['nukename'], unless I am missing something. So you need to update using that value. I think.

Posted: Tue Mar 07, 2006 7:42 pm

Quote:

But if I am editing the data in the table aren't I just setting it to whatever is in the field? Hence the use of _POST isn't even used very much in my editsoldier page. I think I am going to have trouble with this. I'll start echoing out my variables to see what they are before the update.

Donovan, not sure what you are trying to say by "but if I am editing the data in the table", but the bottom line is that in the first pass of this script, you are displaying all the information for the "soldier" to the admin. They then have the opportunity to modify the form fields, make their selections, and then click on the "save" button (to submit the form). What they entered on the form is coming back in the $_POST super global variable. It is this "array" of values that you should be cleansing and using in your update statement.

You are assuming that register_globals is "ON", which in your current case, may be true. I am just trying to steer you in a proper direction and also hoping that when you analyze all of the POST variables that you had in your form for cleansing, that you will find where your particular variable is not getting set properly based on the user's input.

You should know me by now that my philosophy is "teach a man to fish and you feed him for a lifetime"...

Posted: Tue Mar 07, 2006 7:59 pm

Just to amplify what Montego said, but first let me say don't get discouraged. I think you are pretty close to making this work. And working with forms can get pretty confusing.

Please don't be offended if any of this seems pretty basic. First, leaving furniture out, there are two types of tables. One is a database table. The other is a table in a web page with rows and columns. In your application you are reading data out of a web table and sticking it on a web form for updating. When you have a line like:

Code:

 <td width="50%"><input type="text" name="soldierName" value="<?php echo $soldierName ?>"/></td>

the text input field on the form has the name of soldiername. What you are setting as the initial value is the variable $soldierName which you read in from your database table earlier.

When you hit the submit button on the form you are sending the form data to whatever php program is specified in the action= area of the form. So, there will be a $_POST variable with the name of $soldierName and whatever value you entered in the form. If you didn't change the value that was initially placed there from your database table then it will still have that value. But it will still overwrite the old value in the database upon processing. In that td above you could call the name of the input element "foobar" or whatever and do a $soldierName = $_POST['foobar'] and it would still work.

edit; later

Also, I just went into some code I have that works more or less like yours in terms of the sql update. I took the single quotes out around one of the set x to '$y', statements and I got a sql error. Put the single quotes back in and it works. I'm thinking that your sql update statement might not be working at all, at least with the version you posted. I don't believe that you indicated that was fixed yet.

Posted: Wed Mar 08, 2006 8:49 am

This is working now. Can't really explain why but I renamed nuke_username to nukeusername in my table and on all my scripts. So now instead of nuke_username = $nukeusername it is nukeusername = $nukeusername.

I am still going to look into cleansing my data before I post. Next I need to look into 4.01 compliance, and get rid of all my font tags.

I have never constructed a style.css and don't even know where to begin. Anybody have any reccomendations?

Posted: Thu Mar 09, 2006 8:24 am

Did you fix the single quotes issue four lines up from the nukeusername line? If not I don't see how the code could work and if so that's probably what made it work. I don't see how the field name would make any difference (i.e., nuke_username versus nukeusername) and I don't think there's any reserved words in field names. Often "nuke_" is the user prefix in config.php but I still don't see how it would affect your code.

Re. styles, I picked up the book Head First: HTML with CSS and XHTML by Elisabeth Freeman and Eric Freeman at the bookstore a couple weeks ago. It's kind of in the complete idiots mold but that's why it suits me. It covers both compliance and CSS pretty thoroughly. It's a teaching rather than a reference book but you can find plenty of references on the web.

Two style related web sites that I use the most often are:

http://www.richinstyle.com/

and

http://www.w3schools.com/css/css_howto.asp

The former has tutorials and the latter a convenient set of references and examples. And of course you can google around. I've been able to find "pre-written" public domain styles for almost anything I've wanted to do.

One final thing that you will learn soon enough anyway. Working with a style sheet of any complexity, just change one thing at a time and look at it in a browser and make sure it works. Otherwise the style changes can interact with each other in some bizarre ways and you won't know which change caused the effect you are looking at.