Update form, what am I doing wrong?

Question

I made a update form for my MySQL database but for some reason it isn't updating my database. It works without errors but it doesn't do anything..... Could someone tell me what I'm doing wrong?

***EDIT

updated the script but it still isn't working.....

    <html>
    <head>
        <link rel="stylesheet" type="text/css" href="css/layout.css"/>
    </head>
    <body>
        <div id="menu">
            <div id="menu_wrapper">
                <ul>
                    <li>Configuratiebeheer<img src="afb/pijltje.png" width="10"/></a>
                        <ul>
                            <li><a href="configuratiebeheer_hardware.php">Lijst hardware</a></li>
                            <li><a href="hardware_toevoegen.php">Hardware toevoegen</a></li>
                            <li><a href="hardware_verwijderen.php">Hardware verwijderen</a></li>
                        </ul>
                    </li>
                </ul>
            </div>
        </div>      
<?php
            $connect=mysql_connect("localhost", "root","");
            mysql_select_db("helpdesk_middenpolder", $connect);
            $id=$_GET['id'];
            $q="SELECT * FROM hardware WHERE hardwareID=$id";

            $r=mysql_query($q);
            echo  "<form method='post'>";
            echo    "<table border='1'>";
            echo    "<th>merknaam</th><th>producttype</th><th>hardwaretype</th>";
            while   ($x=mysql_fetch_array($r)){
                echo "<tr>";
                echo "<td>";
                echo "<input type='text' value='".$x['merknaam']."'>";
                echo "</td>";
                echo "<td>";
                echo "<input type='text' value='".$x['producttype']."'>";
                echo "</td>";
                echo "<td>";
                echo "<input type='text' value='".$x['hardwaretype']."'>";
                echo "</td>";
                echo "</tr>";
            }
            echo "</table>";


?>
<?php
            if(isset($_POST['updatehardware'])){ 
            $query = "UPDATE hardware SET merknaam='".$_POST['merknaam']."', producttype='".$_POST['producttype']."', hardwaretype='".$_POST['hardwaretype']."' WHERE hardwareID=".$id."";
            mysql_query($query);
            }
            ?>
<?php
mysql_close($connect);
?>


    <input type="submit" name="updatehardware" value="Hardware updaten">
    </form>
    </body>
</html>

Thanks in advance!

*sidenote:* stop using deprecated `mysql_*` functions. use [MySQLi](http://php.net/manual/en/book.mysqli.php) or [PDO](http://php.net/manual/en/book.pdo.php) instead. — Raptor, Jun 03 '14 at 10:40
You didn't check whether your UPDATE query is successful or not by checking the affected rows. Also, there is probably a logical error near `$id=$_GET['id'];` — Raptor, Jun 03 '14 at 10:41
UPDATE hardware SET merknaam='', producttype='', hardwaretype='' WHERE hardwareID='3' — niekerd1, Jun 03 '14 at 10:42
@ManigandanArjunan not related. the connection will close when it reaches the last line of script. — Raptor, Jun 03 '14 at 10:42
also, the `hardwareID` is probably an `INT` column, thus no need single quote to surround the value. — Raptor, Jun 03 '14 at 10:43
*Awwww... lots of errors spotted in codes* Can you please double check / re-write it ? — Raptor, Jun 03 '14 at 10:45
**Danger**: You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, Jun 03 '14 at 10:46

score 2 · Answer 1 · answered Jun 03 '14 at 10:44

Try this. Include text fields in form .

<html>
    <head>
        <link rel="stylesheet" type="text/css" href="css/layout.css"/>
    </head>
    <body>
        <div id="menu">
            <div id="menu_wrapper">
                <ul>
                    <li>Configuratiebeheer<img src="afb/pijltje.png" width="10"/></a>
                        <ul>
                            <li><a href="configuratiebeheer_hardware.php">Lijst hardware</a></li>
                            <li><a href="hardware_toevoegen.php">Hardware toevoegen</a></li>
                            <li><a href="hardware_verwijderen.php">Hardware verwijderen</a></li>
                        </ul>
                    </li>
                </ul>
            </div>
        </div>      
<?php
            $connect=mysql_connect("localhost", "root","");
            mysql_select_db("helpdesk_middenpolder", $connect);
            $id=$_GET['id'];
            $q="SELECT * FROM hardware WHERE hardwareID=$id";


            $r=mysql_query($q);
            echo  "<form method='post'>";
            echo    "<table border='1'>";
            echo    "<th>merknaam</th><th>producttype</th><th>hardwaretype</th>";
            while   ($x=mysql_fetch_array($r)){
                echo "<tr>";
                echo "<td>";
                echo "<input type='text' value='".$x['merknaam']."'>";
                echo "</td>";
                echo "<td>";
                echo "<input type='text' value='".$x['producttype']."'>";
                echo "</td>";
                echo "<td>";
                echo "<input type='text' value='".$x['hardwaretype']."'>";
                echo "</td>";
                echo "</tr>";
            }
            echo "</table>";

        mysql_close($connect);
?>
<?php
    if(isset($_POST['updatehardware'])){ 
        $query = "UPDATE hardware SET merknaam='".$_POST['merknaam']."', producttype='".$_POST['producttype']."', hardwaretype='".$_POST['hardwaretype']."' WHERE hardwareID='".$id."'";
        }
        mysql_query($query);
?>



    <input type="submit" name="updatehardware" value="Hardware updaten">
    </form>
    </body>
</html>

and use $_POST[] for getting values in input fields..

Could you provide me an example of the $_POST[] for the input fields?? — niekerd1, Jun 03 '14 at 10:48
$_POST is used for retrieving values from a form inputs when the form is passed through method="post" option. Got it? — Vaisakh Pc, Jun 03 '14 at 10:50
I know what you mean now, but I can't figure out how to write it down in my PHP script?? :P — niekerd1, Jun 03 '14 at 10:54
then how could you get $_GET['id']. Are you redirecting from any other page? — Vaisakh Pc, Jun 03 '14 at 11:11
don't use mysql_select_db as it is deprecated in higher versions and you can include db in mysql_conncet itself as it's third argument and always try to use mysqli instead of mysql. OK? — Vaisakh Pc, Jun 03 '14 at 11:21

Andy Gee · Answer 2 · 2014-06-03T10:56:47.423

1

You need to change your query to POST values:

if(isset($_POST['updatehardware'])){ 
    $query = "UPDATE hardware SET merknaam='".$_POST['merknaam']."', producttype='".$_POST['producttype']."', hardwaretype='".$_POST['hardwaretype']."' WHERE hardwareID='".$id."'";
    }
    mysql_query($query);

Also set names for yuour form elements

<input type='text' value='".$x['merknaam']."' name="merknaam">

edited Jun 03 '14 at 10:56

answered Jun 03 '14 at 10:43

Andy Gee

3,149
2
29
44

I now get undefined index for all the $_POST , how can I get the wright? – niekerd1 Jun 03 '14 at 10:50

score 1 · Answer 3 · edited May 23 '17 at 10:26

You are using the mysql_close($connect); and than trying to update, do the mysql_close($connect); after the update.
Also your form does not include other fields than Submit button .
Your form input values are the same as before , so even if you update with these values - you wont see the difference.
You are POSTing but here you are getting the id from GET $id=$_GET['id']; , you need to include the 'id' field on the form BTW.
On update query use the POSTed variable rather than the retrieved values from DB.

So see the difference :

<?php
$connect=mysql_connect("localhost", "root","");
mysql_select_db("helpdesk_middenpolder", $connect);

$id = $_POST['id']; 

$q="SELECT * FROM hardware WHERE hardwareID = $id";

$r=mysql_query($q);

echo "<form method='post'>";
echo "<table border='1'>";
echo "<th>merknaam</th><th>producttype</th><th>hardwaretype</th>";

while   ($x=mysql_fetch_array($r)){
    echo "<tr>";
    echo "<td>";
        echo "<input type='text' value='".$x['merknaam']."'>";
    echo "</td>";

    echo "<td>";
        echo "<input type='text' value='".$x['producttype']."'>";
    echo "</td>";

    echo "<td>";
        echo "<input type='text' value='".$x['hardwaretype']."'>";
    echo "</td>";
    echo "</tr>";
}
echo "</table>";
echo '<input type="hidden" name="id" value="' . $id . '">';
echo '<input type="submit" name="updatehardware" value="Hardware updaten">';
echo "</form>";

if(isset($_POST['updatehardware'])){ 
$query = "UPDATE hardware SET merknaam='".$_POST['merknaam']."', producttype='".$_POST['producttype']."', hardwaretype='".$_POST['hardwaretype']."' WHERE hardwareID='".$id."'";
}

mysql_query($query);

mysql_close($connect);

?>

Also notice that using form inside a table is difficult as explained on the 2nd answer best here

score 1 · Answer 4 · answered Jun 03 '14 at 11:30

Remember you need to enclose varchars and other types except numerical types by single quotation if hardware id is not varchar do this

$query = "UPDATE hardware SET merknaam='$_POST['merknaam']', producttype='$_POST['producttype']', hardwaretype='$_POST['hardwaretype']' WHERE hardwareID=$id ";

else

$query = "UPDATE hardware SET merknaam='$_POST['merknaam']', producttype='$_POST['producttype']', hardwaretype='$_POST['hardwaretype']' WHERE hardwareID='$id' ";

score 0 · Answer 5 · answered Jun 03 '14 at 10:41

You don't have your input elements within the form tag.

Move the opening form tag ABOVE the input tags

<html>
<head>
<link rel="stylesheet" type="text/css" href="css/layout.css"/>
</head>
<body>
<div id="menu">
    <div id="menu_wrapper">
    <ul>
        <li>Configuratiebeheer<img src="afb/pijltje.png" width="10"/></a>
        <ul>
            <li><a href="configuratiebeheer_hardware.php">Lijst hardware</a></li>
            <li><a href="hardware_toevoegen.php">Hardware toevoegen</a></li>
            <li><a href="hardware_verwijderen.php">Hardware verwijderen</a></li>
        </ul>
        </li>
    </ul>
    </div>
</div>
<form method="post">
<?php
        $connect=mysql_connect("localhost", "root","");
        mysql_select_db("helpdesk_middenpolder", $connect);
        $id=$_GET['id'];
        $q="SELECT * FROM hardware WHERE hardwareID=$id";


        $r=mysql_query($q);

        echo    "<table border='1'>";
        echo    "<th>merknaam</th><th>producttype</th><th>hardwaretype</th>";
        while   ($x=mysql_fetch_array($r)){
        echo "<tr>";
        echo "<td>";
        echo "<input type='text' value='".$x['merknaam']."'>";
        echo "</td>";
        echo "<td>";
        echo "<input type='text' value='".$x['producttype']."'>";
        echo "</td>";
        echo "<td>";
        echo "<input type='text' value='".$x['hardwaretype']."'>";
        echo "</td>";
        echo "</tr>";
        }
        echo "</table>";

    mysql_close($connect);
?>
<?php
    if(isset($_POST['updatehardware'])){ 
    $query = "UPDATE hardware SET merknaam='".$x['merknaam']."', producttype='".$x['producttype']."', hardwaretype='".$x['hardwaretype']."' WHERE hardwareID='".$id."'";
    }
    mysql_query($query);
?>


    <input type="submit" name="updatehardware" value="Hardware updaten">
    </form>
    </body>
</html>

score 0 · Answer 6 · answered Jun 03 '14 at 10:41

You include the form incorrectly.

An input elements must surrounded with form elements(like <input />, <select /> ... etc)

Change like this,

<form method="post">
  <!-- while loop stuff -->

  <input type="submit" name="updatehardware" value="Hardware updaten">
</form>

score 0 · Answer 7 · answered Jun 03 '14 at 11:13

Separate controller from view. At least, move all of your PHP code BEFORE HTML.
Use names for your input fields, so you can differ what is what with ease.
Use square brackets in names, to submit same inputs, but for different rows/items.
ALWAYS typecast values, that are integers and floats, that will automatically remove issues with wrong inputs. If you are not using PDO and bound parameters, use mysql_real_escape_string to make sure, user will not spoil your database.
Keep GET's and POST's out of functions, send them to functions in separate part of code.
For database interactions use PDO or MySQLi, to avoid old issues.

Without solving 6th issue, my solution would look something like this:

<?php

// This is your "library" of functions
function getConnection() {
    $connect=mysql_connect("localhost", "root","");
    mysql_select_db("helpdesk_middenpolder", $connect);
    return $connect;
}
function endConnection() {
    mysql_close($connect);
}
function updateProducts($products) {
    $query = '';
    foreach ($products as $productId => $productData) {
        $query .= "UPDATE hardware SET merknaam='".mysql_real_escape_string($productData['merknaam'])."', producttype='".mysql_real_escape_string($productData['producttype'])."', hardwaretype='".mysql_real_escape_string($productData['hardwaretype'])."' WHERE hardwareID='".(int) $productId."'; ";
    }
    mysql_query($query);
}
function getProducts($id) {
    $q = "SELECT * FROM hardware WHERE hardwareID=$id";
    $r = mysql_query($q);
    $products = array();
    while ($x=mysql_fetch_array($r)) {
        $products[] = $x;
    }
    return $products;
}

// This is your controller
$connect = getConnection();;
if (isset($_POST['products'])) {
    updateProducts($_POST['products']);
}
$input_id = (isset($_GET['id']) ? (int) $_GET['id'] : 0);
if ($input_id > 0) {
    $products = getProducts($input_id);
}
endConnection();

// This is your view
?><html>
    <head>
        <link rel="stylesheet" type="text/css" href="css/layout.css" />
    </head>
    <body>
        <div id="menu">
            <div id="menu_wrapper">
                <ul>
                    <li>Configuratiebeheer<img src="afb/pijltje.png" width="10"/></a>
                        <ul>
                            <li><a href="configuratiebeheer_hardware.php">Lijst hardware</a></li>
                            <li><a href="hardware_toevoegen.php">Hardware toevoegen</a></li>
                            <li><a href="hardware_verwijderen.php">Hardware verwijderen</a></li>
                        </ul>
                    </li>
                </ul>
            </div>
        </div>
        <form method="get">
            <h2>Get product by ID</h2>
            <div>
                <label for="productId">ID</label> <input id="productId" type="text" name="id" value="<?php echo ($input_id > 0 ? $input_id : ''); ?>" />
            </div>
            <input type="submit" value="Get item" />
        </form>
        <?php if (isset($products) && !empty($products)): ?>
        <h2>Products found by ID</h2>
        <form method="post">
            <table border="1">
                <thead>
                    <tr>
                        <th>ID</th>
                        <th>merknaam</th>
                        <th>producttype</th>
                        <th>hardwaretype</th>
                    </tr>
                </thead>
                <tbody>
                <?php foreach ($products as $product): ?>
                    <tr>
                        <td><?php echo $product['hardwareID']; ?></td>
                        <td><input type="text" name="product[<?php echo $product['hardwareID']; ?>][merknaam]" value="<?php echo $product['merknaam']; ?>" /></td>
                        <td><input type="text" name="product[<?php echo $product['hardwareID']; ?>][producttype]" value="<?php echo $product['producttype']; ?>" /></td>
                        <td><input type="text" name="product[<?php echo $product['hardwareID']; ?>][hardwaretype]" value="<?php echo $product['hardwaretype']; ?>" /></td>
                    </tr>
                <?php endforeach; ?>
                </tbody>
            </table>
            <input type="submit" value="Hardware updaten" />
        </form>
        <?php endif; ?>
    </body>
</html>

Haven't tested this code, but it should make you understand the way, it should be done, or at least path, that you should start to move towards.

Try to write clean code, don't be afraid to use function and classes, and always learn from your mistakes.

Raptor · Answer 8 · 2014-06-03T10:55:24.777

Lots of errors in the codes:

input tags should be place withing <form> tag
instead of $x['merknaam'] in the UPDATE query, use $_POST['merknaam'] (same for other fields); watch out for SQL Injection though.
hardwareID is probably an INT column; no single quote is needed to surround the value in the UPDATE query
the update codes should be placed before the form
there is a logic error near $id = $_GET['id']; posting the form as POST method will lose the $id; SQL Injection again. Add a <input type="hidden" name="id" value="<?php echo $id; ?>" /> inside your form tag
(minor) where is your DOCTYPE?
stop using deprecated mysql_* libraries; use PDO / MySQLi instead.
(minor) where is your <title> tag? and the whole <head> as well !
border='1' is deprecated; use CSS instead
you perform a mysql_query() AFTER mysql_close(), which will cause error
if you don't see error, error reporting must be turned OFF; turn it back ON by ini_set('display_errors', '1');
highly suggest you to check whether mysql connection is established successfully or not, by checking the return value of mysql_connect()
(minor) normally you don't need a name for submit button, but it's fine to have it.
Your <th> are not surrounded by <tr>

Fix these.

Update form, what am I doing wrong?

8 Answers8