My code doesnt update the Student ID in our database help me fix it please. This is the code <?php
session_start();
// error_reporting(0);

$conn = mysqli_connect("localhost", "root", "", "card");

if (!$conn) {
die("Connection Failed: " . mysqli_connect_error());
}

include 'header.php';
$employee_name = $_SESSION['admin_name'];

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['updateInformation'])) {
$student_id = $_POST['studentID'];

$query = "SELECT * FROM student_records WHERE studentID = '$student_id'";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);

$lname = ucwords(strtolower($_POST['lName']));
$fname = ucwords(strtolower($_POST['fName']));
$mname = ucwords(strtolower($_POST['mName']));
$studId = strtoupper($_POST['studentID']);
$lrn = strtoupper($_POST['lrn']);
$grade = $_POST['grade'];
$sec = strtoupper($_POST['sec']);
$aYear1 = $_POST['aYear1'];
$aYear2 = $_POST['aYear2'];
$acadYear = $aYear1 . '_' . $aYear2;

$update_query = "UPDATE student_records SET lastName = '$lname', firstName = '$fname', middleName = '$mname', studentID = '$studId', LRN = '$lrn', gradeLevel = '$grade', section = '$sec', academicYear = '$acadYear' WHERE studentID = '$student_id'";
$update_result = mysqli_query($conn, $update_query);

$date_and_time = new DateTime();
$date_and_time -> setTimezone(new DateTimeZone('Asia/Manila'));
$date_and_time = $date_and_time -> format('Y-m-d H:i:s');

$activity = $employee_name . " Edited " . $student_id . "\'s Information";
$activity_history = "INSERT INTO activity_history VALUES ('$date_and_time', '$activity', '3')";
$activity_history_result = mysqli_query($conn, $activity_history);

if ($update_result && $activity_history_result) {
header('Location: searchStudent.php');
exit();
}
else {
echo "Error updating student information: " . mysqli_error($conn);
}
}

if (isset($_POST['student_id']) && $_SESSION['employee_name']) {
$student_id = $_POST['student_id'];

$query = "SELECT * FROM student_records WHERE studentID = '$student_id'";
$result = mysqli_query($conn, $query);

$row = mysqli_fetch_assoc($result);

$lname = $row['lastName'];
$fname = $row['firstName'];
$mname = $row['middleName'];
$studId = $row['studentID'];
$lrn = $row['LRN'];
$grade = $row['gradeLevel'];
$sec = $row['section'];
$acadYear = $row['academicYear'];
}
else {
header('Location: searchStudent.php');
exit();
}
?>

Edit Student Information

">

Edit Student Information
<?php echo $employee_name;?>
Student ID:
" maxLength="9">

Last Name:
" required>

First Name:
" required>

Middle Name:
">

LRN:
">

Grade Level:
" maxlength="2" required>

Section:
" required>

Academic Year:
" maxLength="4">-
" maxLength="4">

Question

AdrianJAtaiza AdrianJAtaiza

21-04-2024
Computers and Technology

Answered

My code doesnt update the Student ID in our database help me fix it please. This is the code <?php
session_start();
// error_reporting(0);

$conn = mysqli_connect("localhost", "root", "", "card");

if (!$conn) {
die("Connection Failed: " . mysqli_connect_error());
}

include 'header.php';
$employee_name = $_SESSION['admin_name'];

if ($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['updateInformation'])) {
$student_id = $_POST['studentID'];

$query = "SELECT * FROM student_records WHERE studentID = '$student_id'";
$result = mysqli_query($conn, $query);
$row = mysqli_fetch_assoc($result);

$lname = ucwords(strtolower($_POST['lName']));
$fname = ucwords(strtolower($_POST['fName']));
$mname = ucwords(strtolower($_POST['mName']));
$studId = strtoupper($_POST['studentID']);
$lrn = strtoupper($_POST['lrn']);
$grade = $_POST['grade'];
$sec = strtoupper($_POST['sec']);
$aYear1 = $_POST['aYear1'];
$aYear2 = $_POST['aYear2'];
$acadYear = $aYear1 . '_' . $aYear2;

$update_query = "UPDATE student_records SET lastName = '$lname', firstName = '$fname', middleName = '$mname', studentID = '$studId', LRN = '$lrn', gradeLevel = '$grade', section = '$sec', academicYear = '$acadYear' WHERE studentID = '$student_id'";
$update_result = mysqli_query($conn, $update_query);

$date_and_time = new DateTime();
$date_and_time -> setTimezone(new DateTimeZone('Asia/Manila'));
$date_and_time = $date_and_time -> format('Y-m-d H:i:s');

$activity = $employee_name . " Edited " . $student_id . "\'s Information";
$activity_history = "INSERT INTO activity_history VALUES ('$date_and_time', '$activity', '3')";
$activity_history_result = mysqli_query($conn, $activity_history);

if ($update_result && $activity_history_result) {
header('Location: searchStudent.php');
exit();
}
else {
echo "Error updating student information: " . mysqli_error($conn);
}
}

if (isset($_POST['student_id']) && $_SESSION['employee_name']) {
$student_id = $_POST['student_id'];

$query = "SELECT * FROM student_records WHERE studentID = '$student_id'";
$result = mysqli_query($conn, $query);

$row = mysqli_fetch_assoc($result);

$lname = $row['lastName'];
$fname = $row['firstName'];
$mname = $row['middleName'];
$studId = $row['studentID'];
$lrn = $row['LRN'];
$grade = $row['gradeLevel'];
$sec = $row['section'];
$acadYear = $row['academicYear'];
}
else {
header('Location: searchStudent.php');
exit();
}
?>

Edit Student Information

">

Edit Student Information
<?php echo $employee_name;?>
Student ID:
" maxLength="9">

Last Name:
" required>

First Name:
" required>

Middle Name:
">

LRN:
">

Grade Level:
" maxlength="2" required>

Section:
" required>

Academic Year:
" maxLength="4">-
" maxLength="4">

Answer :

Other Questions

Which Muslim empire became the largest empire of its time? Ottoman Safavid Mughal Persian

Product of two consecutive integers is 29 more than their sum . Find the integers

organisms that form index fossils

Let f(x)=x^3-x-1 a. Find the equation of the tangent line to the graph of the function at x = 0. b. What does the derivative of the function at x = 0 tell you

In a solution of salt and water, if the concentration of salt molecules is greater outside a cell than inside, then water molecules will __________. A. move int

Modernists stressed science and secular ideas rather than A. the value of education B. religious beliefs C. technological progress D. scientific theories

The United States declared war on Japan in 1941 because of an attack on which location or group?

Select the list that shows the numbers in order from least to greatest. A. 0.402 0.42 0.375 1.2 0.85 B. 1.2 0.85 0.402 0.375 0.42 C. 0.375 0.4

chibabykalu16 chibabykalu16 · Answer 1 · 2024-04-21T03:02:27-04:00

Code Debugging:

It looks like your PHP code for updating student information in the database is mostly set up correctly, but there are a few points that might be causing issues with updating the Student ID. Let's identify possible flaws;

1. Form Data and POST Request Verification

First, make sure that the form sending the POST request is correctly formatted and includes a field named `updateInformation` that matches the condition in your PHP script. This is important because your script checks if this field is set before proceeding with the update.

Important: SQL Injection Vulnerability

Before addressing the main issue, it's important to note that your code is highly vulnerable to SQL injection because it directly inserts POST data into the SQL query. To fix this, you should use prepared statements. This not only secures your code but also might indirectly solve issues by ensuring data is correctly formatted for SQL operations.

3. Student ID Update Logic

The main issue seems to be related to how the Student ID is handled. You are using the same variable `$student_id` to fetch the current student record and also as the new Student ID. If you're trying to change the Student ID itself, there's a logical flaw here because the WHERE clause will use the new Student ID (if changed) to look for a record that hasn't been updated yet.

Also make sure you have a hidden input field in your form that holds the original Student ID, which you don't intend to change during the update process. This will be used in the WHERE clause to identify the correct record to update.

In short, by addressing these issues, it may work as intended.