Hello there and thank you for your time and effort, basically I have the following problem: I have a CRUD system for registered vehicles and everything works fine, expect that when I search for whatever I need and submit the search, the results pop up without the actions "Edit" and "Delete". In a few words, whenever I search for a record in MYSQL, I need it to pop up together with the actions I've included in my CRUD system which are "Edit" and "Delete". Any help is greatly appreciated.
P.S: I know I haven't used parameterized queries to prevent SQL injection but this is for an university project and won't be used anywhere. I know it's a good practice to use them but I gotta learn the proper way first.
index.php
<!DOCTYPE html>
<html>
<head>
<meta charset="UTF-8">
<script src="https://code.jquery.com/jquery-2.1.3.min.js"></script>
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-beta.3/css/bootstrap.min.css">
</head>
<body>
<?php require_once 'process.php';?>
<?php
if (isset($_SESSION['message'])): ?>
<div class="alert alert-<?=$_SESSION['msg_type']?>">
<?php
echo $_SESSION['message'];
unset($_SESSION['message']);
?>
</div>
<?php endif ?>
<div class="container">
<?php
$mysqli = new mysqli('localhost','root', '', 'unnecessary') or die(mysqli_error($mysqli));
$result = $mysqli->query("SELECT * FROM storage") or die($mysqli->error);
?>
<?php print("$outputsrch");?>
<div class="row justify-content-center">
<table class="table">
<thead>
<tr>
<th> Registration Number: </th>
<th> Date Of Arrival: </th>
<th> Mark: </th>
<th> Model: </th>
<th> Shz Number: </th>
<th> Engine Number: </th>
<th> Weight: </th>
<th> Color: </th>
<th> Owner: </th>
<th> Owner's Address: </th>
<th> Notes: </th>
<th colspan="2">Action</th>
</tr>
</thead>
<?php
while ($row=$result->fetch_assoc()): ?>
<tr>
<td><?php echo $row['RegNum']; ?></td>
<td><?php echo $row['DateOfArrival']; ?></td>
<td><?php echo $row['Mark']; ?></td>
<td><?php echo $row['Model']; ?></td>
<td><?php echo $row['ShasiNum']; ?></td>
<td><?php echo $row['EngineNum']; ?></td>
<td><?php echo $row['Weight']; ?></td>
<td><?php echo $row['Color']; ?></td>
<td><?php echo $row['Owner']; ?></td>
<td><?php echo $row['OwnerAddress']; ?></td>
<td><?php echo $row['Notes']; ?></td>
<td>
<a href="index.php?edit=<?php echo $row['ID']; ?>"
class="btn btn-info"> Edit </a>
<a href="process.php?delete=<?php echo $row['ID']; ?>"
class="btn btn-danger"> Delete </a>
</td>
</tr>
<?php endwhile;?>
</table>
</div>
<?php
function pre_r( $array){
echo '<pre>' ;
print_r($array);
echo '</pre>';
}
?>
<div class="row justify-content-center">
<form action="" method="POST">
<input type="text" name="search" placeholder="Search..">
<input type="submit" value=">>">
<input type="hidden" name="ID" value="<?php echo $ID; ?>">
<div class="form-group">
<label>Registration Number</label>
<input type="text" name="RegNum" class="form-control" value="<?php echo $RegNum; ?>">
</div>
<div class="form-group">
<label>Date Of Arrival</label>
<input type="text" name="DateOfArrival" class="form-control" value="<?php echo $DateOfArrival; ?>">
</div>
<div class="form-group">
<label>Mark</label>
<input type="text" name="Mark" class="form-control" value="<?php echo $Mark; ?>">
</div>
<div class="form-group">
<label>Model</label>
<input type="text" name="Model" class="form-control" value="<?php echo $Model; ?>">
</div>
<div class="form-group">
<label>Shz Number </label>
<input type="text" name="ShasiNum" class="form-control" value="<?php echo $ShasiNum; ?>">
</div>
<div class="form-group">
<label>Engine Number</label>
<input type="text" name="EngineNum" class="form-control" value="<?php echo $EngineNum; ?>">
</div>
<div class="form-group">
<label>Weight</label>
<input type="text" name="Weight" class="form-control" value="<?php echo $Weight; ?>">
</div>
<div class="form-group">
<label>Color</label>
<input type="text" name="Color" class="form-control" value="<?php echo $Color; ?>">
</div>
<div class="form-group">
<label>Owner</label>
<input type="text" name="Owner" class="form-control" value="<?php echo $Owner; ?>">
</div>
<div class="form-group">
<label>Owner's Address</label>
<input type="text" name="OwnerAddress" class="form-control" value="<?php echo $OwnerAddress; ?>">
</div>
<div class="form-group">
<label>Notes</label>
<input type="text" name="Notes" class="form-control" value="<?php echo $Notes; ?>">
</div>
<div class="form-group">
<?php
if ($update == true):
?>
<button type="submit" name="update" class="btn btn-info">Update</button>
<?php else: ?>
<button type="submit" name="save" class="btn btn-primary">Save</button>
<?php endif; ?>
</div>
</form>
</div>
</div>
</body>
</html>
process.php
<?php
session_start();
$ID = 0;
$update = false;
$RegNum = '';
$DateOfArrival = '';
$Mark = '';
$Model = '';
$ShasiNum = '';
$EngineNum = '';
$Weight = '';
$Color = '';
$Owner = '';
$OwnerAddress = '';
$Notes = '';
$mysqli= new mysqli('localhost', 'root', '', 'unnecessary') or die(mysqli_error($mysqli));
if (isset($_POST['save'])) {
$RegNum = $_POST['RegNum'];
$DateOfArrival = $_POST['DateOfArrival'];
$Mark = $_POST['Mark'];
$Model = $_POST['Model'];
$ShasiNum = $_POST['ShasiNum'];
$EngineNum = $_POST['EngineNum'];
$Weight = $_POST['Weight'];
$Color = $_POST['Color'];
$Owner = $_POST['Owner'];
$OwnerAddress = $_POST['OwnerAddress'];
$Notes = $_POST['Notes'];
$mysqli->query("INSERT INTO storage (RegNum, DateOfArrival, Mark, Model, ShasiNum, EngineNum, Weight, Color, Owner, OwnerAddress, Notes) VALUES('$RegNum', '$DateOfArrival', '$Mark', '$Model', '$ShasiNum', '$EngineNum', '$Weight', '$Color', '$Owner', '$OwnerAddress', '$Notes') ") or die($mysqli->error);
$_SESSION['message'] = "Record has been saved!";
$_SESSION['msg_type'] = "success";
header("location: index.php");
}
if (isset($_GET['delete'])) {
$ID = $_GET['delete'];
$mysqli->query("DELETE FROM storage WHERE ID=$ID") or die($mysqli->error());
$_SESSION['message'] = "Record has been deleted!";
$_SESSION['msg_type'] = "danger";
header("location: index.php");
}
if (isset($_GET['edit'])) {
$ID=$_GET['edit'];
$update = true;
$result = $mysqli->query(" SELECT * FROM storage WHERE ID=$ID") or die($mysqli->error());
if(count($result)==1){
$row = $result->fetch_array();
$RegNum = $row['RegNum'];
$DateOfArrival = $row['DateOfArrival'];
$Mark = $row['Mark'];
$Model = $row['Model'];
$ShasiNum = $row['ShasiNum'];
$EngineNum = $row['EngineNum'];
$Weight = $row['Weight'];
$Color = $row['Color'];
$Owner = $row['Owner'];
$OwnerAddress = $row['OwnerAddress'];
$Notes = $row['Notes'];
}
}
if (isset($_POST['update'])) {
$ID = $_POST['ID'];
$RegNum = $_POST['RegNum'];
$DateOfArrival = $_POST['DateOfArrival'];
$Mark = $_POST['Mark'];
$Model = $_POST['Model'];
$ShasiNum = $_POST['ShasiNum'];
$EngineNum = $_POST['EngineNum'];
$Weight = $_POST['Weight'];
$Color = $_POST['Color'];
$Owner = $_POST['Owner'];
$OwnerAddress = $_POST['OwnerAddress'];
$Notes = $_POST['Notes'];
$mysqli->query(" UPDATE storage SET RegNum = '$RegNum', DateOfArrival = '$DateOfArrival', Mark = '$Mark', Model = '$Model', ShasiNum = '$ShasiNum', EngineNum = '$EngineNum', Weight = '$Weight', Color = '$Color', Owner = '$Owner', OwnerAddress = '$OwnerAddress', Notes = '$Notes' WHERE ID=$ID") or die($mysqli->error);
$_SESSION['message'] = "Record has been updated!";
$_SESSION['msg type'] = "warning";
header('location: index.php');
}
$outputsrch ='';
if (isset($_POST['search'])) {
$searchq = $_POST['search'];
$searchq = preg_replace("#[^0-9a-z]#i","",$searchq);
$querysrch = mysqli_query($mysqli, "SELECT * FROM storage WHERE RegNum LIKE '%$searchq%' OR ShasiNum LIKE '%$searchq%' OR EngineNum LIKE '%$searchq%' OR Owner LIKE '%$searchq%' ") or die(mysqli_error($mysqli));
$count = mysqli_num_rows($querysrch);
if($count == 0) {
$outputsrch = 'There were no search results!';
}
else {
while($row = mysqli_fetch_array($querysrch)) {
$RegNumD = $row['RegNum'];
$DateOfArrivalD = $row['DateOfArrival'];
$MarkD = $row['Mark'];
$ModelD = $row['Model'];
$ShasiNumD = $row['ShasiNum'];
$EngineNumD = $row['EngineNum'];
$WeightD = $row['Weight'];
$ColorD = $row['Color'];
$OwnerD = $row['Owner'];
$OwnerAddressD = $row['OwnerAddress'];
$NotesD = $row['Notes'];
$outputsrch .='<div> '.$RegNumD.' '.$DateOfArrivalD.' '.$MarkD.' '.$ModelD.' '.$ShasiNumD.' '.$EngineNumD.' '.$WeightD.' '.$ColorD.' '.$OwnerD.' '.$OwnerAddressD.' '.$NotesD.' </div> ';
}
}
}
?>
A possible solution but can't manage to write it down
The following code is used to display the "Edit" and "Delete" action but I don't know how to include it in the PhP variable "$querysrch" that is used to display all the information.
<td>
<a href="index.php?edit=<?php echo $row['ID']; ?>"
class="btn btn-info"> Edit </a>
<a href="process.php?delete=<?php echo $row['ID']; ?>"
class="btn btn-danger"> Delete </a>
</td>