-2

I'm trying to have a simple webpage with a form to update one cell of my mysql table. I'm not sure why it's not sending the data to my table. I have two webpages. form.php and process.php. Below is the code for each respectively.

form.php

<!DOCTYPE HTML PUBLIC
<html>
<head>
      <title></title>
 </head>

<body>

<!-- form to get key detail of record in database -->
<form method="POST" action="process.php"> 
<input type="text" name="inputtest" />
<input type="submit" name"submitButton" value="Submit!" /> 
</form> 

<?php
   $inputtest = $_POST["inputtest"];
?>

</body>
</html>

process.php

<?php
$con=mysqli_connect("localhost","root","********","allstate");
// Check connection
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }

$result = mysqli_query($con,"SELECT * FROM producers");
?>
<?php 
UPDATE producers
    SET TEST={$inputtest}
    [WHERE ID=1]
?>
user2593697
  • 29
  • 2
  • 6

1 Answers1

2

Because you are trying to write your SQL directly in PHP instead of building a string and passing it to mysqli_query as you did for your SELECT query.

You got it right the first time. Change the second bit of SQL to follow the pattern of the first.

Secondly, you are trying to assign your submitted form data ($inputtest = $_POST["inputtest"];) in the page that displays the form to the user instead of the page that processes the request from the form. Move that code to the other page.

Note that injecting user input directly into an SQL statement like that will make you vulnerable to SQL injection attacks that you need to defend yourself from.

Community
  • 1
  • 1
Quentin
  • 914,110
  • 126
  • 1,211
  • 1,335
  • @user2593697 See also http://www.phptherightway.com/#databases for a similar discussion on avoiding SQL injection, and other useful PHP advice. – contrebis Feb 26 '14 at 00:29