Click here to Skip to main content
15,064,806 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
So I have an update form, the update part works just fine and within that update there is an insert/delete query as well. The insert/delete query are for the dates.

For example if the user updates the date details lets say from may-june to may-july.
I have tables representing the months that would have their new data entered (Name, Status). The code works but only if I click the update button for a second time.


This is my AJAX:
$(document).ready(function(){  
      $(document).on('click', '.edit_data', function(){  
           var cname = $(this).attr("id");  
           $.ajax({  
                url:"fetch.php",  
                method:"POST",  
                data:{cname:cname},  
                dataType:"json",  
                success:function(data){  
                     $('#name').val(data.Name);  
                     $('#livingcondition').val(data.LivingCondition);  
                     $('#oattype').val(data.OatType);  
                     $('#quantity').val(data.NoOfOats);  
                     $('#start').val(data.StartMem);
                     $('#end').val(data.EndMem);    
                     $('#insert').val("Update");  
                     $('#add_data_Modal').modal('show');  
                }  
           });  
      });  
      $('#insert_form').on("submit", function(event){  
           event.preventDefault();  
                $.ajax({  
                     url:"insert.php",  
                     method:"POST",  
                     data:$('#insert_form').serialize(),  
                     beforeSend:function(){  
                          $('#insert').val("Inserting");  
                     },  
                     success:function(data){  
                          $('#insert_form')[0].reset();  
                          $('#add_data_Modal').modal('hide');  
                          $('#client_table').html(data);  
                      } 
                });    
      });


This is my fetch.php:
<?php  
 //fetch.php  
 $connect = mysqli_connect("localhost", "root", "", "oatdistribution");  
 if(isset($_POST["cname"]))  
 {  
      $query = "SELECT * FROM oatdis WHERE Name = '".$_POST["cname"]."'";  
      $result = mysqli_query($connect, $query);  
      $row = mysqli_fetch_array($result);  
      echo json_encode($row);  
 }  
 ?>


this is my insert.php:
<?php  
 $connect = mysqli_connect("localhost", "root", "", "oatdistribution");  
 if(!empty($_POST))  
 {  
      $output = '';  
      $message = '';  
      $name = mysqli_real_escape_string($connect, $_POST["name"]);  
      $livingcondition = mysqli_real_escape_string($connect, $_POST["livingcondition"]);  
      $oattype = mysqli_real_escape_string($connect, $_POST["oattype"]);  
      $quantity = mysqli_real_escape_string($connect, $_POST["quantity"]);  
      $start = mysqli_real_escape_string($connect, $_POST["start"]);
      $end = mysqli_real_escape_string($connect, $_POST["end"]);  
  
           $query = "  
           UPDATE oatdis   
           SET  
           LivingCondition='$livingcondition',   
           OatType='$oattype',   
           NoOfOats = '$quantity',   
           StartMem = '$start',
           EndMem = '$end'   
           WHERE Name='$name'";

           $mem = "SELECT MONTHNAME(DATE_ADD(StartMem,INTERVAL i MONTH)) AS Months FROM oatdis CROSS JOIN counter WHERE DATE_ADD(StartMem,INTERVAL i MONTH)<=EndMem AND Name = '$name'";
           $memRes = mysqli_query($connect,$mem);

           $data = array();
           foreach ($memRes as $row) {
             $data[] = $row['Months'];
           }

           if(in_array("January", $data)){

            $mysql=mysqli_query($connect, "SELECT * FROM January WHERE Name = '.$name'");

            if(mysqli_num_rows($mysql)>0){
              $ins = mysqli_query($connect,"UPDATE january SET Name ='.$name.' WHERE Name = '.$name'");
            }
            else{
              $ins = mysqli_query($connect,"INSERT INTO january VALUES('.$name.','Not Delivered')");
            }
             
           }

if(in_array("February", $data)){

             $mysql=mysqli_query($connect, "SELECT * FROM february WHERE Name = '.$name'");

            if(mysqli_num_rows($mysql)>0){
              $ins = mysqli_query($connect,"UPDATE february SET Name ='.$name.' WHERE Name = '.$name'");
            }
            else{
              $ins = mysqli_query($connect,"INSERT INTO february VALUES('.$name.','Not Delivered')");
            }

           }

$message = 'Data Updated';

if(mysqli_query($connect, $query))  
      {  
           echo "<script> alert('$message');</script>";  
           $select_query = "SELECT * FROM oatdis";  
           $result = mysqli_query($connect, $select_query);  
           $output .= '  
                <table class="table table-bordered">
                  <thead>  
                     <tr style="background-color: black; color: white;">  
                          <th width="70%" style="border-width: 2px; border-color: white;">Employee Name</th>  
                          <th width="15%" style="border-width: 2px; border-color: white;">Edit</th>  
                          <th width="15%" style="border-width: 2px; border-color: white;">View</th>  
                     </tr>
                  </thead>
                  <tbody>  
           ';  
           while($row = mysqli_fetch_array($result))  
           {  
                $output .= '  
                     <tr>  
                          <td style="font-weight: bold; background-color: #DAD2D2; border-color: white; border-width: 2px;">' . $row["Name"] . '</td>  
                          <td style="text-align: center; background-color: #EEEEEE; border-color: white; border-width: 2px;"><input type="button" name="edit" value="Edit" id="'.$row["Name"] .'" class="btn btn-info btn-xs edit_data"  style=" background-color: #FFF6AF; color: black; width: 50px; font-weight: bold; " /></td>  
                          <td style="text-align: center; background-color: #DAD2D2; border-color: white; border-width: 2px;"><input type="button" name="view" value="view" id="' . $row["Name"] . '" class="btn btn-info btn-xs view_data" style=" background-color: #FFF6AF; color: black; width: 50px; font-weight: bold; "/></td>  
                     </tr>  
                ';  
           }  
           $output .= '</tbody></table>';  
      }
        
      echo $output;  
 }  
 ?>


What I have tried:

I'm not sure what makes it this way, no error pops up.
Posted
Comments
Richard Deeming 20-May-21 12:06pm
   
$query = "SELECT * FROM oatdis WHERE Name = '".$_POST["cname"]."'";

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
PHP: SQL Injection - Manual[^]

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)




CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900