Update form row in php error

Question

I'm trying to update multiple row/rows in my form. I'm getting the error Notice: Array to string conversion in C:\wamp.....

I'm also getting another error Warning: Cannot modify header information - headers already sent by (output started at C:\wamp\....

Both of these are now fixed.

Form

$ad = "<form action='updaterecords.php' method='post' id='update'> \n";

        $records = $this->query_recs();

        foreach ($records as $record) {
            $ad .= "<p id='id{$record->id}'>";
            $ad .= "<input type='hidden' name='id[]' value='" .$this->render_i18n_data($record->id) . "' />\n";
            $ad .= "<input type='text' name='paname[]' value='". $this->render_i18n_data($record->pa_name) . "' class='paname' />\n";
            $ad .= "<input type='text' name='pcname[]' value='". $this->render_i18n_data($record->pc_name) . "' class='pcname' />\n";
            $ad .= "<input type='text' name='pdname[]' value='". $this->render_i18n_data($record->pd_name) . "' class='pdname' />\n";
            $ad .= "<input type='text' name='pfname[]' value='". $this->render_i18n_data($record->pf_name) . "' class='pfname' />\n";

            $ad .= "<input type='submit' name='update' value='Update' />";
            $ad .= "</p>";
        }

        echo($ad);

PHP

<?php

include 'dbdetails.php';

$con = new mysqli($server, $user, $pass, $db);

// Check connection
if ($con->connect_error) {
    die("Connection failed: " . $con->connect_error);
} 
echo "Connected successfully";


if(isset($_POST['update'])){
    $id         = $_POST['id'];
    $paname = $_POST['paname'];
    $pcname     = $_POST['pcname'];
    $pdname = $_POST['pdname'];
    $pfname    = $_POST['pfname'];

    mysqli_query($con, "UPDATE wp_pbcbc_records
                    SET pa_name = '$paname', pc_name='$pcname', pd_name='$pdname', pf_name='$pfname'
                    WHERE id = '$id' ");   

    header("location: localhost/myp");
    exit;
}   
?>

Update: This has now been solved. Thanks to the people who gave me an answer!

All the `$_POST` variables are arrays, you have to loop over them. — Barmar, Apr 10 '15 at 00:41
When the name of the input ends in `[]`, PHP turns it into an array of all the rows. — Barmar, Apr 10 '15 at 00:42

score 2 · Answer 1 · answered Apr 10 '15 at 00:47

Since you used names ending with [] in your form, the $_POST variables become arrays, and you have to loop over them.

$stmt = mysqli_prepare("UPDATE wp_pbcbc_records
                SET pa_name = ?, pc_name=?, pd_name=?, pf_name=?
                WHERE id = ? ");  
mysqli_stmt_bind_param($stmt, "ssssi", $cur_paname, $cur_pcname, $cur_pdname $cur_pfname, $cur_id);
for ($i = 0; $i < count($id); $++) {
    $cur_paname = $paname[$i];
    $cur_pcname = $pcname[$i];
    $cur_pdname = $pcname[$i];
    $cur_pfname = $pcname[$i];
    $cur_id = $id[$i];
    mysqli_stmt_execute($stmt);
}

score 1 · Accepted Answer · edited May 23 '17 at 12:14

Note:

You passed values in array. You must run them in a loop before using them in your query.
On top of your isset() function, there must have no output of HTML entities, which is the common reason for header() function to fail and cause an error.

Your connection to your database:

include("dbdetails.php");

$con = new mysqli($server, $user, $pass, $db); /* MAKE SURE THAT THE VALUES OF YOUR VARIABLES ARE CORRECT CORRESPONDING TO YOUR DATABASE */

/* CHECK CONNECTION */
if (mysqli_connect_errno()) {
    printf("Connect failed: %s\n", mysqli_connect_error());
    exit();
}

Your updated code:

/* THERE MUST HAVE NO OUTPUT IN THIS SECTION TO FIX THE HEADER ERROR */

if(isset($_POST['update'])){

  $counter = count($_POST["paname"]);

  for($x = 0; $x<=$counter; $x++){

    if(!empty($_POST["paname"][$x])){

      $id = mysqli_real_escape_string($con,$_POST['id'][$x]);
      $paname = mysqli_real_escape_string($con,$_POST['paname'][$x]);
      $pcname = mysqli_real_escape_string($con,$_POST['pcname'][$x]);
      $pdname = mysqli_real_escape_string($con,$_POST['pdname'][$x]);
      $pfname = mysqli_real_escape_string($con,$_POST['pfname'][$x]);

      mysqli_query($con, "UPDATE wp_pbcbc_records
                    SET pa_name = '$paname', pc_name='$pcname', pd_name='$pdname', pf_name='$pfname'
                    WHERE id = '$id' ");   

    } /* END OF IF CHECKING paname */

  } /* END OF FOR LOOP */

  header("location: localhost/myp");
  exit;
} /* END OF ISSET */
?>

On the side note:

You must use mysqli_real_escape_string() to sanitize the values of your variables before using them in your query to prevent SQL injections.
Better recommendation, is to use mysqli_* prepared statement. It will sanitize the variables automatically and no need to escape the strings per variable.

Your code using mysqli_* prepared statement:

/* THERE MUST HAVE NO OUTPUT IN THIS SECTION TO FIX THE HEADER ERROR */

if(isset($_POST['update'])){

  $counter = count($_POST["paname"]);

  for($x = 0; $x<=$counter; $x++){

    if(!empty($_POST["paname"][$x])){

      if($stmt = $con->prepare("UPDATE wp_pbcbc_records SET pa_name=?, pc_name=?, pd_name=?, pf_name=? WHERE id=?")){

        $stmt->bind_param("ssssi",$_POST["paname"][$x],$_POST["pcname"][$x],$_POST["pdname"][$x],$_POST["pfname"][$x],$_POST["id"][$x]);
        $stmt->execute();
        $stmt->close();

      } /* END OF PREPARED STATEMENT */

    } /* END OF IF CHECKING paname */

  } /* END OF FOR LOOP */

  header("location: localhost/myp");
  exit;
} /* END OF ISSET */
?>

Whats the difference between the mysqli prepared statement and mysqli real escape string? Which is better to use? — crsMC, Apr 10 '15 at 00:59
Ok thanks for the answer! No errors now but one thing, my database is not been updated, but it is connecting to it? I'm also using this with wordpress, I forgot to mention, its a plugin. The form and the php are both in separate files. — crsMC, Apr 10 '15 at 01:13
@crsMC - if your established connection is right. And if your table and column names used in your query are correct. Then it will connect to your database. — Logan Wayne, Apr 10 '15 at 01:16
@crsMC - Make sure that there are data inside the passed data. For a simple troubleshoot, hide the `header()` function, and echo the passed data. Here, you will see if there are data really passed on. — Logan Wayne, Apr 10 '15 at 01:21
Ok, it's updating now, I had the wrong amount of s's in my ssssi, my bad. But now, it's updating all the rows in my database? It just deleted all my test info — crsMC, Apr 10 '15 at 01:29
`s` stands for `strings`. `i` stands for `int`. You will bind five variables in your query and correspond them with the necessary parse, so that is why it is `ssssi` — Logan Wayne, Apr 10 '15 at 01:32
It's working, my error again, I forgot to add the where clause. Thanks very much, you helped me out! — crsMC, Apr 10 '15 at 01:40

Update form row in php error

2 Answers2

Note: