how to include forms in php code

Question

I'm trying to insert a form in php statement like this

    while($row = mysql_fetch_array($result))
  {
  echo "<form id='send' action='up.php' method='POST'>
  <tr>
  <td>" .  $row['s_no'] ."</td>
  <td> <label for='student_name'><textarea name='student_name' >".$row['student_name']."</textarea></label></td>
   <td> <textarea name='roll_no'>".$row['roll_no'].     "</textarea></td>
   <td> <textarea name='company'>".$row['company'].     "</textarea></td>
   <td> <textarea name='contact_no' >".$row['contact_no'].  "</textarea></td>
   <td> <textarea name='email'>" .$row['email'].       "</textarea></td>
   </tr>
   <input type='text' name='batch_name' disabled='disabled' size='7' value=" .$_POST['batch_name']. "> 
   <p align='center'><button id='submit' type='submit'>Update</button></p>
  </form>";
  }

I'have taken the datas from the database and put as default into the texareas and thus it cab de edited. So i planned to USE UDPDATE query to make the alternations like this:

    <html>
<title>Alumini Update</title>
<head>

<?php
$con = mysql_connect("localhost","root","momsgift");
if (!$con)
  {
  die('Could not connect: ' . mysql_error());
  }

mysql_select_db("alumini", $con);

mysql_query("UPDATE $_POST[batch_name] SET contact_no = $_POST[contact_no] WHERE roll_no = '2321'");

mysql_close($con);
?>

But while sending a query the data in the textarea doesnt loaded to the database ( BUt it redirects to the up.php page) WHat may be the reason??

**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jan 08 '14 at 17:08

score 0 · Answer 1 · answered Jan 08 '14 at 17:09

You are generating invalid HTML.

You cannot wrap a form around a table row without wrapping it around the entire table.

Your browser is error recovering by moving the form element. This is the most likely cause of the unexpected results.

Use a validator on your generated HTML.

score 0 · Answer 2 · answered Jan 08 '14 at 17:26

In your MySQL update query you are only updating contact_no no other fields.

Also you have left your query open for SQL injections

$batch_number = mysql_real_escape_string($_POST['batch_name']);
$contact_no = mysql_real_escape_string($_POST['contact_no']);
$student_name = mysql_real_escape_string($_POST['student_name']);
$roll_no = mysql_real_escape_string($_POST['roll_no']);
$company = mysql_real_escape_string($_POST['company']);
$email = mysql_real_escape_string($_POST['email']);

mysql_query("UPDATE ('" . $batch_no.  "')
SET contact_no = ('" . $contact_no .  "'),
student_name = ('" . $student_name.  "'),
company = ('" . $company .  "'),
email = ('" . $email .  "'),
WHERE roll_no = ('" . $roll_no .  "')");

This (mysql_real_escape_string) won't solve every problem, and using PDO is a better method, but it's a very good stepping stone.

score 0 · Answer 3 · answered Jan 08 '14 at 17:32

first write this and see the result,if it show's text of textarea it show's that text is sending in right way.and the problem is in ur sql code. echo $_POST['contact_no']; then you can echo the query and copy and run it in phpmyadmin and view error of sql.

FilhoDumMocho · Answer 4 · 2014-01-08T17:51:06.637

0

    //EXAMPLE 1

       if (isset($_POST['update']))
        {           
        $result = pg_query($db_con, "UPDATE mydbtable SET mydbrecord = '$_POST[my_var1]' WHERE mydbrecord_id = '$_POST[myfilterbyid_var]'");  

        if (!$result)  
        {  
          echo "Update failed!!";  
        }
        else  
           {  
             echo "Update successfull!";  
           }  
        }


    //EXAMPLE 2

<form name="display" action="" method="post">  
<select name="mydropdown" action="test.php" method="post">
  <?php
     while($row = pg_fetch_assoc)
    {
     echo "<option id=\"{$row['result_var']}\">{$row['result_var']}</option>";
    }
?>
</select>

edited Jan 08 '14 at 17:51

answered Jan 08 '14 at 17:38

FilhoDumMocho

19
10

EXAMPLE 1 - Basically here i update a db record (mydbrecord) with my_var1 (an user input var) on my database table (mydbtable) also by filtering with another variable, in this example an id field (myfilterbyid_var), which could be passed through a previous select for example. EXAMPLE2 - A standard php entry into html with variable from a select result hope this helps. Best regards, – FilhoDumMocho Jan 08 '14 at 17:41
PS- on EXAMPLE2 you've got a select with a while to generate options while there is content – FilhoDumMocho Jan 08 '14 at 17:53

how to include forms in php code

4 Answers4