0

heloo i have an ajx call function which brings information from a dropdown populated into a table with text inputs by ajax.

i was wondering if there was anyway that i could update the record in the database by using these text fields and the UPDATE function i am relativity new and the internet didnt bring much to light.

i have a button appearing in this table from a drop down but as far as i am aware you cannot use forms within php and the page this would have been submitted from is already submitting a php function and 2 can not be submitted at once.

i was wondering if it was possible that when the data in the textboxes below is changed when the user clicks the button those details are updated in the database?

im new to ajax and php so help would be amazing.

ps. i know this isnt secure i want it to be functional first and before it goes live i will secure it.

here is the code:

<?php
$q = $_GET['q'];

$con = mysqli_connect('server','uid','pwd','dbname');
if (!$con)
  {
  die('Could not connect: ' . mysqli_error($con));
  }

mysqli_select_db($con,"account.php");
$sql="SELECT * FROM account WHERE name = '".$q."'";

$result = mysqli_query($con,$sql);

echo "<table border='1'>
<tr>
<th>Your Name</th>
<th>Your Email</th>
<th>Your Password</th>
<th>Your User Level</th>
<th>Save Changes</th>
</tr>";

while($row = mysqli_fetch_array($result))
  {

  echo "<tr>";
  echo "<td> <input type='text' name='txt_yourname' id='txt_yourname' value='" .$row['name']."' required='required' />  </td>";
  echo "<td> <input type='text' name='txt_email' id='txt_email' value='" .$row['email']."' required='required' /> </td>";
  echo "<td> <input type='text' name='txt_password' id='txt_password' value='" .$row['password']."'  required='required' /> </td>";
  echo "<td> <input type='text' name='txt_userLevel' id='txt_userLevel' value='" .$row['user_level']."'  required='required' /> </td>";
  echo "<td> <input type='button' name='btn_user' id='txt_user' type='submit' value='cheese'/> </td>";

  echo "</tr>";
  }
echo "</table>";

mysqli_close($con);
?>
user3009419
  • 17
  • 4
  • http://www.bobby-tables.com (sql injects nbdjs) – skrilled Dec 03 '13 at 20:07
  • 1
    Hi there, welcome to Stack. This isn't a tutorial forum (which is what you want) and we aren't going to write any code for you. You should take to Google and read some tutorials about Ajax and how to use it, and you'll find it's actually pretty easy to use, even for a beginner. – scrowler Dec 03 '13 at 20:07
  • 1
    ^ what he said. Also, you should focus on knowing one thing before you know many. Learn php before you try to learn php and ajax at the same time. That code you have above would have your entire database destroyed and stolen in seconds by a 7 year old hacker in malaysia. – skrilled Dec 03 '13 at 20:08
  • Here is a basic AJAX submit script complete with HTML, jQuery, and PHP. http://stackoverflow.com/questions/20150130/ajax-and-php-to-enter-multiple-forms-input-to-database/20150474#20150474 – MonkeyZeus Dec 03 '13 at 20:09

1 Answers1

0

These statements execute user input, opening you up to a SQL Injection attack. You'll want to not do this.

$q = $_GET['q'];
$sql="SELECT * FROM account WHERE name = '".$q."'";
$result = mysqli_query($con,$sql);

To answer your question, in order to update a row like you want you'll need a way to identify in the database the row that has changed. One way to do it would be to include the row's primary key as a field/attribute in the HTML table row, but I'll leave it to someone more well versed in this area to say whether that's a good idea.

You're also going to want to escape and check the type of all of the fields the user can input when you go to do the update.

CPS
  • 531
  • 1
  • 9
  • 18