1

I'm writing a script in which you can change the price of an article/item through a form, but it doesn't update my new prices. I think there might be a mistake in my $update, because I don't get any error messages when I change the affected rows (typo on purpose). But I just don't see it. What am I doing wrong? Thanks in advance.

<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "webauth";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

$artikelquery = "SELECT * FROM artikel;";
$artikel = mysqli_query($connection, $artikelquery);
?>

<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
Kies een artikel:</br>
<select name="artikel">
<?php
while($artikelrow = mysqli_fetch_row($artikel)) {
    echo '<option value="'.$artikelrow[1].'">'."$artikelrow[1], $artikelrow[3] euro</option>";
}
?>
</select>

</br></br>

Vul de nieuwe prijs van het artikel in:</br>
<input type="number" name="prijs"></br></br>
<input type="submit" value="Verzend">
</form>

<?php
if($_SERVER['REQUEST_METHOD'] == "POST") {
    if($_POST['prijs'] == "") {
        echo 'bla';     
    }
    else {
        $nieuwprijs = $_POST['prijs'];
        $artikel = $_POST['artikel'];
        $update = "UPDATE artikels SET Verkoopprijs ='". $nieuwprijs ."' WHERE Artikelnr ='". $artikel ."';";
        mysqli_query($connection, $update);
        echo 'Artikel '. $artikel .' is aangepast naar '. $nieuwprijs .' euro.';
    }
}
?>
Matthijs2504
  • 53
  • 7
  • An error in your SQL query won't trigger a PHP error. You need to look for it explicitly. Check the return value of `mysqli_query()`. –  Nov 03 '14 at 01:20
  • Is `$artikelrow[1]` the article ID ? May be It's the name and the ID is `$artikelrow[0]` ?! – akmozo Nov 03 '14 at 01:25
  • I think this is not a sql problem. – akmozo Nov 03 '14 at 01:27

2 Answers2

1

You are very vulenerable to SQL Injection. Anyway your problem is the table name:

$update = "UPDATE artikels SET Verkoopprijs ='". $nieuwprijs ."' WHERE Artikelnr ='". $artikel ."';";

Should be 

$update = "UPDATE artikel ..."

Without final s, as your SELECT query

$artikelquery = "SELECT * FROM artikel;";
Community
  • 1
  • 1
dynamic
  • 46,985
  • 55
  • 154
  • 231
1

I'd submit this as a comment if I had enough reputation. But here's my suggestion for tracking down SQL errors.

Add this after the UPDATE:

if (mysqli_connect_errno()) echo '<div>DB Error: '. mysqli_error($connection) .'</div>';

Also, I'd suggest doing some input validation or escaping so you're not susceptible to SQL injection.

Eric B
  • 321
  • 2
  • 7