How to update data of selected product?

Question

I have a list of my products in my online ordering system and I want to update the data of the selected product. What happens is when I click the Edit link, it will just post the values from the database to other page(Edit page) and the database will not update even if I already change a data.

ADMIN.PHP (Page where all the products are listed)

<a href=addprod.php?id='.$row['ID'].'>EDIT</a>

ADDPROD.PHP (Page where the admin can add/update the product)

echo'<form method="post" action="saveprod.php" class="product" style="margin-top:500px;" enctype="multipart/form-data">';
if (isset($_GET['id'])) {
include('db.php');
$id=$_GET['id'];
$result = mysql_query("SELECT * FROM products WHERE ID = $id");
echo'<input type="hidden" name="hiddenId" value="'.$id.'">
<table border="1" cellpadding="8px" width="100%">';

while($row3 = mysql_fetch_array($result)) {
$ID = $row3['ID'];
$Image = $row3['Image'];
$Product = $row3['Product'];
$Description = $row3['Description'];
$PricePack = $row3['PricePack'];
$PriceBox = $row3['PriceBox'];
$Discount = $row3['Discount'];
$Category = $row3['Category'];
}
echo'
<tr><td align="right">Image</td><td><input type="text" id="img" name="img" value="'.$Image.'"/> </td></tr>
<tr><td align="right"></td><td><input type="file" id="img" name="img" /></td </tr>
<tr><td align="right">Product</td><td><input type="text" id="prod" name="prod" value="'.$Product.'"/></td></tr>
<tr><td align="right">Description</td><td><textarea  id="desc" name="desc" style="resize:none; height:100px; width:200px; ">'.$Description.'</textarea></td></tr>
<tr><td align="right">Price Pack</td><td><input type="text"  id="pck" name="pck" value="'.$PricePack.'"/></td></tr>
<tr><td align="right">Price Box</td><td><input type="text"  id="box" name="box" value="'.$PriceBox.'"/></td></tr>
<tr><td align="right">Discount</td><td><input type="text" id="disc" name="disc" value="'.$Discount.'"/></td></tr>
<tr><td align="right">Category</td><td><input type="text" id="cat" name="cat" value="'.$Category.'"/></td></tr>
<tr><td align="right"></td><td><input type="submit" value="Save"/></a> <input type="reset" value="Clear"/></td></tr>';
}
echo' </table> </form>';

SAVEPROD.PHP

<?php
include('db.php');
$id = $_POST['ID'];
$Image = $_POST['Image'];
$Product = $_POST['Product'];
$Description = $_POST['Description'];
$PricePack = $_POST['PricePack'];
$PriceBox = $_POST['PriceBox'];
$Discount = $_POST['Discount'];
$Category = $_POST['Category'];
mysql_query("UPDATE products SET Image='$Image', Product='$Product',    Description='$Description', PricePack='$PricePack', PriceBox='$PriceBox',  Discount='$Discount', Category='$Category' WHERE ID='$id'");

header("location: admin.php");
    exit(); 
?>

Your trying to update your data? I don't see anything like that here. No queries with ```UPDATE``` or ```$_POST``` You need to show your saveprod.php file if your having issues — KyleMassacre, Feb 09 '15 at 04:30
Hi @KyleMassacre i already updated my question. Sorry I wasn't able to paste the query for saveprod. Thanks. Hope u can help. — fashionavenew, Feb 09 '15 at 05:05

score 1 · Answer 1 · answered Feb 09 '15 at 05:21

On your saveprod.php you are trying to get the value of a non-existing element, check the name of each input field on your addprod.php, it should correspond on the request you are making on your saveprod.php

Here is an example of what you are doing:

ADDPROD.PHP

    <input type="text" id="img" name="img" value="'.$Image.'"/>

SAVEPROD.PHP

    $Image = $_POST['Image'];

Should be this way:

ADDPROD.PHP

   <input type="text" id="img" name="img" value="'.$Image.'"/>

SAVEPROD.PHP

   $Image = $_POST['img'];

score 1 · Accepted Answer · edited May 23 '17 at 11:56

Note:

Your post data name is incorrect.
Make sure that the column name, table name you have provided is correct. Be CASE SENSITIVE about it.
You should consider mysqli_* prepared statement at least to prevent SQL injections.

Your savepro.php should look like this:

<?php
include('db.php');
/* CHANGED THE WAY YOU CALL THE POST DATA BASED FROM YOUR HTML FORM */
$id = $_POST['hiddenId'];
$Image = $_POST['img'];
$Product = $_POST['prod'];
$Description = $_POST['desc'];
$PricePack = $_POST['pck'];
$PriceBox = $_POST['box'];
$Discount = $_POST['disc'];
$Category = $_POST['cat'];
mysql_query("UPDATE products SET Image='$Image', Product='$Product', Description='$Description', PricePack='$PricePack', PriceBox='$PriceBox',  Discount='$Discount', Category='$Category' WHERE ID='$id'");

header("location: admin.php");
exit(); 
?>

If you did it in prepared statement, it would look like the one below. So you won't worry much about SQL injections. Just a simple sample:

$stmt = $YourConnection->prepare("UPDATE products SET Image=?, Product=?, Description=?, PricePack=?, PriceBox=?, Discount=?, Category=? WHERE ID=?"); 

$stmt->bind_param('sssssssi', $_POST["img"], $_POST["prod"], $_POST["desc"], $_POST["pck"], $_POST["box"], $_POST["disc"], $_POST["cat"], $_POST["hiddenId"]);

$stmt->execute();

How to update data of selected product?

2 Answers2

Note: