可以将文章内容翻译成中文,广告屏蔽插件可能会导致该功能失效(如失效,请关闭广告屏蔽插件后再试):
问题:
Issue 2.
I am now getting an error in where the code is not inputting the actual ID number into the query...
Here is the error:
Query Error : You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1
The code has been updated to show the new code. (again) this time with a hidden script, and a few other tweaks. I've about lost hope on getting this to work.
Issue 1 Solved:
This line of code is brining back and error:
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = "$_GET['id']"";
The error is:
**Parse error: syntax error, unexpected T_VARIABLE in /home/pawz/public_html/kaboomlabs.com/testbed/edit.php on line 49**
I can't figure out why it is doing it, if someone can show me my mistake it be greatlyfully appreciated.
Ok, here is the code in it's entirety.
<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>PDI NCMR - Edit</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
<div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>
<?php
$id=0;
if(isset($_GET['id']))
$id= mysqli_real_escape_string($dbc, trim($_GET['id']));
if (isset($_POST['submit'])) {
$id= mysqli_real_escape_string($dbc, trim($_POST["id"]));
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Enter data into the database
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = $id";
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// and at least use a basic mechanism to trap possibles errors
mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc));
// Confirm success with the user
echo '<p>If you wish to edit more NCMRs, please <a href="list.php">go to the admin page!</a></p>';
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
mysqli_close($dbc);
}
else {
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
// Grab the profile data from the database
if (!isset($_GET['id'])) {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
else {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';
echo '<div id="box1">';
if (empty($row['ab'])) $row['ab'] = "Empty";
if (empty($row['date'])) $row['date'] = "Empty";
if (empty($row['part'])) $row['part'] = "Empty";
if (empty($row['rev'])) $row['rev'] = "Empty";
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
echo '<div id="ab"><span class="b">Added By: </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
echo '<div id="date"><span class="b">Date Filed: </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
echo '<div id="part"><span class="b">Part Number: </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
echo '<div id="rev"><span class="b">Part Revision: </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
echo '<div id="ncmrqty"><span class="b">NCMR Qty: </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
echo '</div>';
//Company, Customer NCMR, Internal RMA, and Job Number
echo '<div id="box2">';
if (empty($row['comp'])) $row['comp'] = "Empty";
if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
if (empty($row['rma'])) $row['rma'] = "Empty";
if (empty($row['jno'])) $row['jno'] = "Empty";
echo '<div id="comp"><span class="b">Company: </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
echo '<div id="ncmrid"><span class="b">Customer NCMR ID: </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
echo '<div id="rma"><span class="b">Internal RMA #: </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
echo '<div id="jno"><span class="b">Job #: </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
echo '</div>';
//Type of Failure and Class of Failure
echo '<div id="box3">';
echo '<h2>Failure</h2>';
echo '<div id="cof"><span class="b">Class of Failure: </span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>';
echo '<div id="fdt"><span class="b">Failure Due To: </span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>';
echo '</div>';
//Fabricators
echo '<div id="box4">';
echo '<h2>Fabricators</h2>';
if ($row['fab1']="--None--")
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
if ($row['fab2']="--None--")
{
echo'<div id="fab2">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab2'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
}
if ($row['fab3']="--None--")
{
echo'<div id="fab3">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab3'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
} echo '</div>';
//Nonconformity, Disposition, Comments and Comments & Additional Details
echo '<div id="box5">';
if (empty($row['non'])) $row['non'] = "Empty";
if (empty($row['dis'])) $row['dis'] = "Empty";
if (empty($row['comm'])) $row['comm'] = "Empty";
if (empty($row['caad'])) $row['caad'] = "Empty";
echo '<div id="non"><span class="b">Nonconformity: </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
echo '<div id="dis"><span class="b">Disposition: </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
echo '<div id="comm"><span class="b">Comments: </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
echo '<div id="caad"><span class="b">Comments and/or Additional Details: </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';
echo '<div id="podr">';
if (empty($row['po'])) $row['po'] ="Empty";
if (empty($row['pod'])) $row['pod'] ="Empty";
if (empty($row['dir'])) $row['dri'] ="Empty";
echo '<div id="po"><span class="b">PO: </span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>';
echo '<div id="pod"><span class="b">PO Date: </span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>';
echo '<div id="dri"><span class="b">Date Received: </span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>';
echo '</div>';
echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>";
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
echo '</div>';
?>
</body>
</html>
回答1:
You need to use concatenation operator . before and after $_GET['id'] thingie. Or embed it into string:
".... WHERE id = {$_GET['id']}";
(note, that your $_GET['id'] is not sanitized and taken directly from the network input. not the best thing to do).
回答2:
Your forget concatenation operators here: "$_GET['id']"", should be ".$_GET['id'].";"
Each time you see a Parse error: syntax error, the fault is on your side. You have the filename and the line number, you just have to look :-)
回答3:
You have misquoted $_GET['id'] at the end:
WHERE id = "$_GET['id']"
// should be
WHERE id = '{$_GET['id']}'
However you should first escape it with mysql_real_escape_string()
$id = mysql_real_escape_string($_GET['id']);
// Then use
WHERE id = '$id'
回答4:
My memory of php is getting fuzzy but this part looks wrong:
WHERE id = "$_GET['id']"";
I assume you are using double quotes there to prevent confusion with the single quotes in your variable but I would imagine you would want some kind of concatenation operator there. ie:
WHERE id = ".$_GET['id'];
Alternatively you could just do
$getid = $_GET['id']
before hand and use the simpler variable name in your expression. This would be more consistent with how you deal with the rest of the variables...
回答5:
Escape getting the id off the querystring like you did for the other values. It isn't concatinating properly.
回答6:
You forgot to add the operator . for string concatenation. This is how it should look:
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = ".$_GET['id'];
And, very important: Never use unverified request data in SQL queries or you will be vulnerable to MySQL injections! in this case, if the id is always an integer, adding (int) before $_GET['id'] will help:
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = ".(int)$_GET['id'];
回答7:
Ok, after a lot of work, switching code around and sleepless nights I seem to of answered my own question with help here, and I gave kudos to those who did give answers that pointed me in the right direction.
Here is what I did, from the original code I changed these bits:
Lines 20 through 28: I put the accessing the database before the script, don't ask me why I didn't see this before, but I did it, a beginners mistake I am sure, but still it happens especially since I am still a beginnier.
This is the code between lines 20-28 as it looks now.
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$id= mysqli_real_escape_string($dbc, trim(0));
if(isset($_GET['id']))
$id= mysqli_real_escape_string($dbc, trim($_GET['id']));
if (isset($_POST['submit'])) {
$id= mysqli_real_escape_string($dbc, trim($_POST["id"]));
Line 54 was rewritten as suggested here.
It now is has the correct amount of quote marks on the end of it, and looks like this.
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '$id'";[/code]
I removed line 67.
This one:
echo "Query is : " . $query . "<br />";
I removed line 97 and 98.
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
That is all the edits.
Here is the complete code.
<?php
require_once('connectvars.php');
echo '<div id="postwrap">'
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Edit</title>
<link rel="stylesheet" type="text/css" href="CSS/postie.css" />
</head>
<body>
<div id="logo">
<img src="../images/PDI_Logo_2.1.gif" alt="PDI Logo" />
</div>
<?php
// Connect to the database
$dbc = mysqli_connect(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$id= mysqli_real_escape_string($dbc, trim(0));
if(isset($_GET['id']))
$id= mysqli_real_escape_string($dbc, trim($_GET['id']));
if (isset($_POST['submit'])) {
$id= mysqli_real_escape_string($dbc, trim($_POST["id"]));
// Enter data into the database
$ab = mysqli_real_escape_string($dbc, trim($_POST['ab']));
$date = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime ($_POST['date']))));
$part = mysqli_real_escape_string($dbc, trim($_POST['part']));
$rev = mysqli_real_escape_string($dbc, trim($_POST['rev']));
$partdesc = mysqli_real_escape_string($dbc, trim($_POST['partdesc']));
$ncmrqty = mysqli_real_escape_string($dbc, trim($_POST['ncmrqty']));
$comp = mysqli_real_escape_string($dbc, trim($_POST['comp']));
$ncmrid = mysqli_real_escape_string($dbc, trim($_POST['ncmrid']));
$rma = mysqli_real_escape_string($dbc, trim($_POST['rma']));
$jno = mysqli_real_escape_string($dbc, trim($_POST['jno']));
$fdt = mysqli_real_escape_string($dbc, trim($_POST['fdt']));
$cof = mysqli_real_escape_string($dbc, trim($_POST['cof']));
$fab1= mysqli_real_escape_string($dbc, trim($_POST['fab1']));
$fab2= mysqli_real_escape_string($dbc, trim($_POST['fab2']));
$fab3= mysqli_real_escape_string($dbc, trim($_POST['fab3']));
$non= mysqli_real_escape_string($dbc, trim($_POST['non']));
$dis= mysqli_real_escape_string($dbc, trim($_POST['dis']));
$comm= mysqli_real_escape_string($dbc, trim($_POST['comm']));
$caad= mysqli_real_escape_string($dbc, trim($_POST['caad']));
$po= mysqli_real_escape_string($dbc, trim($_POST['po']));
$pod = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['pod']))));
$dri = mysqli_real_escape_string($dbc, trim(date('Y-m-d',strtotime($_POST['dri']))));
$query = "UPDATE ncmr SET ab = '$ab', date = '$date', part = '$part', rev = '$rev' , partdesc = '$partdesc' , ncmrqty = '$ncmrqty' , comp = '$comp' , ncmrid = '$ncmrid' , rma = '$rma' , jno = '$jno' , fdt = '$fdt' , cof = '$cof' , fab1 = '$fab1' , fab2 = '$fab2' , fab3 = '$fab3' , non = '$non' , dis = '$dis' , comm = '$comm' , caad = '$caad' , po = '$po' , pod = '$pod' , dri = '$dri' WHERE id = '$id'";
// echo your raw query and look for obvious errors
echo "Query is : " . $query . "<br />";
// and at least use a basic mechanism to trap possibles errors
mysqli_query($dbc, $query) or die('Query Error : ' . mysqli_error($dbc));
// Confirm success with the user
echo '<p>If you wish to edit more NCMRs, please <a href="list.php">go to the admin page!</a></p>';
// Clear the form data
$id = "";
$ab = "";
$date = "";
$part = "";
$rev = "";
$partdesc = "";
$ncmrqty = "";
$comp = "";
$ncmrid = "";
$rma = "";
$jno = "";
$fdt = "";
$cof = "";
$fab1= "";
$fab2= "";
$fab3= "";
$non= "";
$dis= "";
$comm= "";
$caad= "";
$po= "";
$pod = "";
$dri = "";
mysqli_close($dbc);
}
else {
// Grab the profile data from the database
if (!isset($_GET['id'])) {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
else {
$query = "SELECT * FROM ncmr WHERE id = '$id'";
}
$data = mysqli_query($dbc, $query);
if (mysqli_num_rows($data) == 1) {
// The user row was found so display the user data
$row = mysqli_fetch_array($data);
echo "<form action='".$_SERVER['PHP_SELF']."' method='post'>";
echo '<fieldset>';
echo '<div id="box1">';
if (empty($row['ab'])) $row['ab'] = "Empty";
if (empty($row['date'])) $row['date'] = "Empty";
if (empty($row['part'])) $row['part'] = "Empty";
if (empty($row['rev'])) $row['rev'] = "Empty";
if (empty($row['partdesc'])) $row['partdesc'] = "Empty";
if (empty($row['ncmrqty'])) $row['ncmrqty'] = "Empty";
echo '<div id="ab"><span class="b">Added By: </span><input type="text" name="ab" value="' . $row['ab'] . '" /></div>';
echo '<div id="date"><span class="b">Date Filed: </span><input type="text" name="date" value="' . $row['date'] . '" /></div>';
echo '<div id="part"><span class="b">Part Number: </span><input type="text" name="part" value="' . $row['part'] . '" /></div>';
echo '<div id="rev"><span class="b">Part Revision: </span><input type="text" name="rev" value="' . $row['rev'] . '" /></div>';
echo '<div id="partdesc"><span class="b">Part Description: </span><textarea rows="4" cols="22">' . $row['partdesc'] . '</textarea></div>';
echo '<div id="ncmrqty"><span class="b">NCMR Qty: </span><input type="text" name="ncmrqty" value="' . $row['ncmrqty'] . '" /></div>';
echo '</div>';
//Company, Customer NCMR, Internal RMA, and Job Number
echo '<div id="box2">';
if (empty($row['comp'])) $row['comp'] = "Empty";
if (empty($row['ncmrid'])) $row['ncmrid'] = "Empty";
if (empty($row['rma'])) $row['rma'] = "Empty";
if (empty($row['jno'])) $row['jno'] = "Empty";
echo '<div id="comp"><span class="b">Company: </span><input type="text" name="comp" value="' . $row['comp'] . '" /></div>';
echo '<div id="ncmrid"><span class="b">Customer NCMR ID: </span><input type="text" name="ncmrid" value="' . $row['ncmrid'] . '" /></div>';
echo '<div id="rma"><span class="b">Internal RMA #: </span><input type="text" name="rma" value="' . $row['rma'] . '" /></div>';
echo '<div id="jno"><span class="b">Job #: </span><input type="text" name="jno" value="' . $row['jno'] . '" /></div>';
echo '</div>';
//Type of Failure and Class of Failure
echo '<div id="box3">';
echo '<h2>Failure</h2>';
echo '<div id="cof"><span class="b">Class of Failure: </span><input type="text" name="cof" size="15" value="' . $row['cof'] . '" /></div>';
echo '<div id="fdt"><span class="b">Failure Due To: </span><input type="text" name="fdt" size="15" value="' . $row['fdt'] . '" /></div>';
echo '</div>';
//Fabricators
echo '<div id="box4">';
echo '<h2>Fabricators</h2>';
if ($row['fab1']=="--None--")
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo'<div id="fab1">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab1'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
if ($row['fab2']="--None--")
{
echo'<div id="fab2">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab2'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab2"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
}
if ($row['fab3']="--None--")
{
echo'<div id="fab3">';
$mysqli = new mysqli(DB_HOST, DB_USER, DB_PASSWORD, DB_NAME);
$mysqli->select_db('user');
$result = $mysqli->query("SELECT * FROM user");
echo "<SELECT name='fab3'>\n";
while($row = $result->fetch_assoc())
{
echo "<option value='{$row['user']}'>{$row['user']}</option>\n";
}
echo "</select>\n";
echo '</div>';
}
else
{
echo '<div id="fab3"><span class="b"></span><input type="text" name="fab1" size="20" value="' . $row['fab1'] . '" /></div>';
echo '</div>';
} echo '</div>';
//Nonconformity, Disposition, Comments and Comments & Additional Details
echo '<div id="box5">';
if (empty($row['non'])) $row['non'] = "Empty";
if (empty($row['dis'])) $row['dis'] = "Empty";
if (empty($row['comm'])) $row['comm'] = "Empty";
if (empty($row['caad'])) $row['caad'] = "Empty";
echo '<div id="non"><span class="b">Nonconformity: </span><textarea rows="4" cols="105">' . $row['non'] . '</textarea></div>';
echo '<div id="dis"><span class="b">Disposition: </span><textarea rows="4" cols="105">' . $row['dis'] . '</textarea></div>';
echo '<div id="comm"><span class="b">Comments: </span><textarea rows="4" cols="105">' . $row['comm'] . '</textarea></div>';
echo '<div id="caad"><span class="b">Comments and/or Additional Details: </span><textarea rows="4" cols="105">' . $row['caad'] . '</textarea></div>';
echo '<div id="podr">';
if (empty($row['po'])) $row['po'] ="Empty";
if (empty($row['pod'])) $row['pod'] ="Empty";
if (empty($row['dir'])) $row['dri'] ="Empty";
echo '<div id="po"><span class="b">PO: </span><input type="text" name="po" size="7" value="' . $row['po'] . '" /></div>';
echo '<div id="pod"><span class="b">PO Date: </span><input type="text" name="pod" size="7" value="' . $row['pod'] . '" /></div>';
echo '<div id="dri"><span class="b">Date Received: </span><input type="text" name="dri" size="7" value="' . $row['dri'] . '" /></div>';
echo '</div>';
echo '<div id="button2"><input type="submit" value="Submit Edits" name="submit" /></div>';
//Save ID so it can be used with POST request.
echo "<input type='hidden' value='$id' name='id'/>";
echo '</div>';
echo '</fieldset>';
echo '</form>';
}
}
echo '</div>';
?>
</body>
</html>
