I have dynamic database working very well.
I have log in system working very well.
There are those "welcome user" links.
"user" is a link to everything user has in DB. When a user wants to change stuff, just click on "user". You get the form ChangeStuff.php
Amongst other good stuff, I have this
<form action="IamStuck.php">
<li> Property ID: <?php print $row['P_ID'] ?> <?php $P_ID = $row['P_ID']; $_SESSION['P_ID'] = $P_ID ?><input name="edit" type="submit" value="edit" /><br /><br />
   Address: <?php print $row['address']?>, <?php print $row['city'] ; ?>
</li>
</form>
Which basically produces something like this:
Edit Listings
Would you like to update your listing?
Property ID: 14 (submit button goes here)
Address: 1845 Oak Park Blvd, Pleasanton Hill
Property ID: 16 (submit button goes here)
Address: 3111 Adeline Ave, Emeryville
Then on the IamStuck.php, I have a full form (html+php) that pulls all the info on DB and allows user to update the info (query is fine and working very well):
<?php session_start();
.....
$P_ID = $_SESSION ['P_ID'];
if(isset($_POST['Submit'])){//if the submit button is clicked
$day = $_POST['day'];
$address = $_POST['address'];
etc
etc.
$update = "UPDATE property
SET day='$day', city='$city', state='$state', address='$address', price = $price, sq_ft = $sq_ft, lot_sq_ft = $lot_sq_ft,zip_code = $zip_code, bedroom = $bedroom, bathroom = $bathroom, partial_bath = $partial_bath, sunday_info = '$sunday_info',
web = '$web', broker_info='$broker_info', map_info='$map_info', youtube = '$youtube'
WHERE P_ID = ".$P_ID;
$db->query($update) or die("Cannot update");//update or error
The problem is to get the right P_ID from ChangeStuff.php
I tried this with anchor link and post/get and it worked wonderfully, except that the P_ID would go in the URL and you could just change the id and change someone's else DB info :O
No good.
Came back to session. It works very well as long as you want to change the last value of the array :)
If you want to change the property 14 (as seen in the example) you jut can't :( Pulls only last address (which is still your info in DB - but not the one supposed to be updated.
No good.
Is there any one out in there in blue planet who could give some ideas?
Full disclosure: I am new to this stuff of PHP, MYSQL, Javascript CSS all this wonderful stuff that I have been learning in the last several months :/
Thank you for your time.
PS. As you may have figured out, the array is dynamic, will change from person to person and even from the same person today to next month.
EDIT
Based on one of the comment below @Just Wood I came back to my original Post/Get method. changeStuff.php is like this:
<form action="IamLessStuck.php" method="post">
<li> <a href="IamLessStuck.php?P_ID=<?php echo $row['P_ID']; ?>">Property ID: <?php print $row['P_ID'] ?> </a><br /><br />
   Address: <?php print $row['address']?>, <?php print $row['city'] ; ?>
</li>
</form>
IamLessStuck.php is like this (just WHERE changed):
$update = "UPDATE property
SET day='$day', city='$city', state='$state', address='$address', price = $price, sq_ft = $sq_ft, lot_sq_ft = $lot_sq_ft,zip_code = $zip_code, bedroom = $bedroom, bathroom = $bathroom, partial_bath = $partial_bath, sunday_info = '$sunday_info',
web = '$web', broker_info='$broker_info', map_info='$map_info', youtube = '$youtube'
WHERE P_ID = ".$P_ID." and
username = '".(htmlentities($_SESSION['user']['username']))."'";
$db->query($update) or die("Cannot update");//update or error
Thank you. It works. I also changed the code/query where query SELECT *.... to get all values before the edit takes place and added the same WHERE clause (id=$_post id and user = session[user]). Now one can only see and change his/her only stuff. Thank you.
There is no problem at all with putting the P_ID in the URL. All you will need to do is check to make sure that that user has access to that entry before allowing them to edit/view it.
Just do a SQL query to check for that.
As a side note, as mentioned in my comments, I do not agree with putting the P_ID in with the rest of the session information. The P_ID has to do with a single request, not the entire session.