Editing SQL Database using PHP

Question

While editing a specific record using PHP code given below, all records in the database are edited simultaneously to the some garbage values. Here "db" is the Database. I am new to PHP and SQL. Please help

<?php
/* 
 EDIT.PHP
 Allows user to edit specific entry in database
*/

 // creates the edit record form
 // since this form is used multiple times in this file, I have made it a function that is easily reusable
 function renderForm($reportno, $dateofreceipt, $title, $type, $issuingagency, $markedto, $date, $remarks, $isdate, $issuedto, $returndate)
 {
 ?>
 <!DOCTYPE HTML PUBLIC >
 <html>
 <head>

 <title>Edit Record</title>
 </head>
 <body>


 <form action="edit.php" method="post">
  <div>
 <p><strong>Report No.:</strong> <?php echo $reportno; ?></p>
 <strong>Date of receipt: *</strong> <input type="date" name="dateofreceipt" value="<?php echo $dateofreceipt; ?>"/><br/>
 <strong>Report Title: *</strong> <input type="text" name="title" value="<?php echo $title; ?>"/><br/>
 <strong>Report Type: *</strong> <input type="text" name="type" value="<?php echo $type; ?>"/><br/>
 <strong>Issuing agency: *</strong> <input type="text" name="issuingagency" value="<?php echo $issuingagency; ?>"/><br/>
 <strong>Marked to: *</strong> <input type="text" name="markedto" value="<?php echo $markedto; ?>"/><br/>
 <strong>Date: *</strong> <input type="date" name="date" value="<?php echo $date; ?>"/><br/>
 <strong>Remarks: *</strong> <input type="text" name="remarks" value="<?php echo $remarks; ?>"/><br/>
 <strong>Issuing Date: *</strong> <input type="date" name="isdate" value="<?php echo $isdate; ?>"/><br/>
 <strong>Issued To: *</strong> <input type="text" name="issuedto" value="<?php echo $issuedto; ?>"/><br/>
 <strong>Return Date: *</strong> <input type="date" name="returndate" value="<?php echo $returndate; ?>"/><br/>
 <p>* Required</p>
 <input type="submit" name="submit" value="Submit">
 </div>
 </form> 
 </body>
 </html> 
 <?php
 }



 // connect to the database
 include('connect-db.php');

 // check if the form has been submitted. If it has, process the form and save it to the database
 if (isset($_POST['submit']))
 { 


 // get form data, making sure it is valid
 $reportno = $_POST['reportno'];
 $dateofreceipt = mysql_real_escape_string(htmlspecialchars($_POST['dateofreceipt']));
 $title = mysql_real_escape_string(htmlspecialchars($_POST['title']));
 $type = mysql_real_escape_string(htmlspecialchars($_POST['type']));
 $issuingagency = mysql_real_escape_string(htmlspecialchars($_POST['issuingagency']));
 $markedto = mysql_real_escape_string(htmlspecialchars($_POST['markedto']));
 $date = mysql_real_escape_string(htmlspecialchars($_POST['date']));
 $remarks = mysql_real_escape_string(htmlspecialchars($_POST['remarks']));
 $isdate = mysql_real_escape_string(htmlspecialchars($_POST['isdate']));
 $issuedto = mysql_real_escape_string(htmlspecialchars($_POST['issuedto']));
 $returndate = mysql_real_escape_string(htmlspecialchars($_POST['returndate']));



 //renderForm($reportno, $dateofreceipt, $title, $type, $issuingagency, $markedto, $date,$remarks, $isdate, $issuedto, $returndate, $error);

 // save the data to the database
 mysql_query("UPDATE `db` SET `Report No.`='[$reportno]',`Date of receipt`='[$dateofreceipt]',`Report Title`='[$title]',`Report Type`='[$type]',`Issuing agency`='[$issuingagency]',`Marked to`='[$markedto]',`Date`='[$date]',`Remarks`='[$remarks]',`Issuing date`='[$isdate]',`Issued to`='[$issuedto]',`Return Date`='[$returndate]' WHERE `Report No.`= '$id'")


 // once saved, redirect back to the view page
 header("Location: view.php"); 


  }

 // query db
 $id = $_GET['id'];
 $result = mysql_query("SELECT * FROM db WHERE `Report No.`= '$id'")
 or die(mysql_error()); 
 $row = mysql_fetch_array($result);

 // check that the 'id' matches up with a row in the databse
 if($row)
 {

 // get data from db

 $reportno = $row['Report No.'];
 $dateofreceipt = $row['Date of receipt'];
 $title= $row['Report Title'];
 $type= $row['Report Type'];
 $issuingagency= $row['Issuing agency'];
 $markedto= $row['Marked to'];
 $date= $row['Date'];
 $remarks=$row['Remarks'];
 $isdate= $row['Issuing date'];
 $issuedto= $row['Issued to'];
 $returndate= $row['Return Date']; 

 // show form
 renderForm($reportno, $dateofreceipt, $title, $type, $issuingagency, $markedto, $date, $remarks ,$isdate, $issuedto, $returndate, '');
 }


?>

Answer 1

Several issues here:

• The mysql api in PhP is deprecated. Don't bet on it working for longer. Use the mysqli api instead.

• In your query the " where 1 part is completly superflous. 1 means true and where 1 means all records, at which point you can leave the WHERE out completly. You probably wanted to use WHERE somekey = 1 , which is different.

Answer 2

Try this query for updation. Also dont forget to add semicolons after statements. Use mysqli_* Functions instead of mysql_*

mysqli_query("UPDATE `db` SET `Date of receipt`='$dateofreceipt',`Report Title`='$title',`Report Type`='$type',`Issuing agency`='$issuingagency',`Marked to`='$markedto',`Date`='$date',`Remarks`='$remarks',`Issuing date`='$isdate',`Issued to`='$issuedto',`Return Date`='$returndate' WHERE Report No = $reportno");

Answer 3

try this

mysql_query("UPDATE db SET Report No. =".'$reportno'.", Date of receipt =."'$dateofreceipt'.", Report Title =."'$title'.", Report Type =."'$type'.", Issuing agency =."'$issuingagency'.", Marked to =."'$markedto'.", Date =."'$date'.", Remarks =."'$remarks'.", Issuing date =."'$isdate'.", Issued to =."'$issuedto'.", Return Date =."'$returndate'." WHERE Report No. = ."'$id'."")