how to pass mysql_insert_id() to either $_POST or form action?

Question

I have a form page in which either an INSERT or an UPDATE query is submitted, depending on the presence/absence of an ID (and when there's an ID it's used to retrieve the record and pre-populate the form). In either case, the processing is in form.php so the form's action is itself (action="/form.php">). My problem is that when form.php reloads post-submit, the URL has an empty ID so the page enters 'INSERT' mode, rather than 'UPDATE' mode. What's the best practice way to resolve this?

1. What operator/condition should I add to this 'if' ...

   if (isset($_GET['ID']) && is_numeric($_GET['ID'])) {

... to include post-submit empty ID URL (i.e., form.php?ID=)

OR,

1. How do I pass `$newID = mysql_insert_id();1 to the form's action? (I've tried a number of variations here w/out success)

   $newID = mysql_insert_id(); ... [ snip ] ... <form method="post" action="/html/form.php?ID=<?php echo $newID; ?>">

I'm reading about hidden inputs and sessions but it's not yet clear to me how to use either to solve this problem. Lastly, since it isn't absolutely necessary that I reload the form page, I'm increasingly tempted to move the form processing/db queries to another page (e.g., process.php) to hopefully simplify; any opinions on this? What's best/common practice?

Many thanks in advance,

svs

Answer 1

Common practice should be to keep data posting separate from data displaying. This prevents accidental adds on a user's first arrival to the page as well as accidental double-posts if the user hits refresh.

In addition, keeping the logic separate makes the code more readable and maintainable in the future.

The approach you should probably look for is:

view.php?ID=<record to view> // Only displays a record already in the DB
add.php                      // The add record form with action="process_add.php"
process_add.php?Field1=<>&Field2=<>... // Receives data from add.php, puts it in
                                       // the database and then forwards back to
                                       // view.php or add.php as you see fit.

EDIT: While I have GET arguments on process_add.php, they are only there to demonstrate that they are being passed. They should be sent as POST arguments in and actual implementation.

Answer 2

here is an example of such a code, using templates.
working CRUD application based on the idea of passing id

dunno, though, why do you need to pass freshly generated id.

<?  
mysql_connect(); 
mysql_select_db("new"); 
$table = "test"; 
if($_SERVER['REQUEST_METHOD']=='POST') { //form handler part: 
  $name = mysql_real_escape_string($_POST['name']); 
  if ($id = intval($_POST['id'])) { 
    $query="UPDATE $table SET name='$name' WHERE id=$id"; 
  } else { 
    $query="INSERT INTO $table SET name='$name'"; 
  } 
  mysql_query($query) or trigger_error(mysql_error()." in ".$query); 
  header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);  
  exit;  
}  
if (!isset($_GET['id'])) { //listing part: 
  $LIST=array(); 
  $query="SELECT * FROM $table";  
  $res=mysql_query($query); 
  while($row=mysql_fetch_assoc($res)) $LIST[]=$row; 
  include 'list.php'; 
} else { // form displaying part: 
  if ($id=intval($_GET['id'])) { 
    $query="SELECT * FROM $table WHERE id=$id";  
    $res=mysql_query($query); 
    $row=mysql_fetch_assoc($res); 
    foreach ($row as $k => $v) $row[$k]=htmlspecialchars($v); 
  } else { 
    $row['name']=''; 
    $row['id']=0; 
  } 
  include 'form.php'; 
}  
?>

templates:
form.php

<? include TPL_TOP ?>
<form method="POST">
<input type="text" name="name" value="<?=$row['name']?>"><br>
<input type="hidden" name="id" value="<?=$row['id']?>">
<input type="submit"><br>
<a href="?">Return to the list</a>
</form>
<? include TPL_BOTTOM ?>

and list.php:

<? include TPL_TOP ?>
<a href="?id=0">Add item</a>
<? foreach ($LIST as $row): ?>
<li><a href="?id=<?=$row['id']?>"><?=$row['name']?></a>
<? endforeach ?>
<? include TPL_BOTTOM ?>