How to send specific database records to other files

Question

My question is regarding the ability to update a certain record by choosing a single record from a table and going to that selected record in another page with the full data. I know I would have to create another file with all of the input fields I need, but my question is how do I get there and send over the data info that I selected, then how do I echo out that information and allow the record to be updated?

Let's say I have a table called "Products" that looks like this:

ID Name Amount

1 Shoes $10 Edit

2 Hats $5 Edit

If I click the "Edit" Button next to "Shoes" I want to go to a different page which allows me to edit all of the information for that record selected.

  <form method="POST">
   <input name="first" placeholder="First Name">
   <input name="last" placeholder="Last Name">
   <input name="product" placeholder="Product">
   <button name="add" type="submit">Add</button>
</form>
</div>
<hr>
<table>
<thead>
   <tr>
      <th>ID</th>
      <th>Name</th>
      <th>Amount</th>
      <th></th>
   </tr>
</thead>
<tbody>
   <?php
      $stmt = $dbc->query("SELECT * FROM users");
      $stmt->setFetchMode(PDO::FETCH_ASSOC);

      while($row = $stmt->fetch()) {
      ?>
   <form method="POST">
      <tr>
         <td><?php echo $row['id'];?></td>
         <td><?php echo $row['name'];?></td>
         <td><?php echo $row['amount'];?></td>
         <td><button name="edit" type="submit">Edit</button></td>
      </tr>
   </form>
   <?php } ?>
</tbody>

In PHP you get a map with the post information. It's called $_POST. You can use it to collect the parameters you sent, such as $_POST["first"]. http://php.net/manual/en/reserved.variables.post.php — Shaymin Gratitude, Apr 07 '16 at 13:19
@ShayminGratitude Can you show me what you mean? I'm guessing you are saying that is how I will get the information, but I am unsure of how to send it over. — Becky, Apr 07 '16 at 13:21
You specify that in the form attributes, I believe. Looks like Saty has this under control. Use the action attribute to specify the page. — Shaymin Gratitude, Apr 07 '16 at 13:23
What is 'Edit' ?? I think you're a bit confused about the term 'table' as it applies to a MySQL database and as it applies to an html table. — Strawberry, Apr 07 '16 at 14:31

Saty · Accepted Answer · 2016-04-07T13:37:40.333

3

You can send your form data to next page using hidden field as

<form method="POST" action="edit_page.php">// add action here
        <tr>
            <td><?php echo $row['id'];?></td>
            <td><?php echo $row['name'];?></td>
            <td><?php echo $row['amount'];?></td>
            <input name="name" type="hidden" value="<?php echo $row['name'];?>">
            <input name="id" type="hidden" value="<?php echo $row['id'];?>">
            <input name="amount" type="hidden" value="<?php echo $row['amount'];?>">
            <td><button name="edit" type="submit">Edit</button></td>
        </tr>
    </form>

And in edit_page.php use

$name=$_POST['name'];
$id=$_POST['id'];
$amount=$_POST['amount'];

edited Apr 07 '16 at 13:37

answered Apr 07 '16 at 13:23

Saty

22,443
7
33
51

@Saty Can I do this? `` ... Then how am I actually able to get and use the information on the other file? – Becky Apr 07 '16 at 13:27
Look in my answer i an adding action in form tag. You need to create a file names as `edit_page.php` and inside this page use `print_r($_POST)` to check your post data – Saty Apr 07 '16 at 13:29
Ok. I get the data to show up within the `print_r($_POST)` , but how would I specifically use it. Say I want to have an input for the name? Would I do this? `` – Becky Apr 07 '16 at 13:36
1

Awesome, thanks! If I were to write an `UPDATE` query would there be anything special that I would have to write in to update that selected record? – Becky Apr 07 '16 at 13:42
Also why on certain pages if someone clicks on a certain records, why does the ? come up in the browser with id numbers and what not? – Becky Apr 07 '16 at 13:43
1

No you can just write your update query!! We are using post method so none of parameter comes in browser!! – Saty Apr 07 '16 at 13:46
Is that the best way to do it? Just wondering, trying to learn. – Becky Apr 07 '16 at 13:51
I think you may need to sanitize the input before putting it in a query. Otherwise a clever user can execute their own SQL statements. – Shaymin Gratitude Apr 07 '16 at 13:52
http://stackoverflow.com/questions/129677/whats-the-best-method-for-sanitizing-user-input-with-php – Shaymin Gratitude Apr 07 '16 at 13:58
Like this? `$id = $_POST['id']; $newId = filter_var($id, FILTER_SANITIZE_STRING);` Then `` ? – Becky Apr 07 '16 at 14:01
Ok, so I only need to use `htmlspecialchars`? So, `value="` Is that right? – Becky Apr 07 '16 at 14:04
No, you're putting it in an SQL query, right? So you use mysqli_real_escape_string. – Shaymin Gratitude Apr 07 '16 at 14:05
@ShayminGratitude I am trying to learn PDO. Is there a PDO method? – Becky Apr 07 '16 at 14:07
Use prepared statements. Look at the other answers in the question I linked. – Shaymin Gratitude Apr 07 '16 at 14:08
Just saw that and was about to write that. So, would it be beneficial to the do htmlspecialchars on my first page before hitting the "Edit" button and then filtering the data like I showed above and then doing the prepared statement for the update? – Becky Apr 07 '16 at 14:09
Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/108530/discussion-between-shaymin-gratitude-and-becky). – Shaymin Gratitude Apr 07 '16 at 14:12

D14n4 · Answer 2 · 2016-04-07T14:30:23.747

<form method="POST" action="other_page.php">
        <tr>
           <input type="hidden" name="id" value="<?php echo $row['id'] ?>" />
           <input type="hidden" name="name" value="<?php echo $row['name'] ?>" />
           <input type="hidden" name="amount" value="<?php echo $row['amount'] ?>" />

            <td><?php echo $row['id'];?></td>
            <td><?php echo $row['name'];?></td>
            <td><?php echo $row['amount'];?></td>
            <td><button name="edit" type="submit">Edit</button></td>
        </tr>
</form>

And then in other_page.php:

<?php

    $stmt = $dbc->query("SELECT * FROM products WHERE `id`=".$_POST['id'].";");
    $stmt->setFetchMode(PDO::FETCH_ASSOC);
    ?>


    <form method="POST" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) ?>">
        <input type="text" name="id" value="<?php echo $row['id'] ?>" />
        <input type="text" name="name" value="<?php echo $row['name'] ?>" />
        <input type="text" name="amount" value="<?php echo $row['amount'] ?>" />
        <button name="update" type="submit">Edit</button>
    </form>

    <?php
    if (isset($_POST['update'])){ // if the update button is clicked
        // write your update query here, with $id = $_POST['id'] and so on...
    }

Thanks! I get this error for the query in the edit page. `Parse error: syntax error, unexpected '' (T_ENCAPSED_AND_WHITESPACE), expecting identifier (T_STRING) or variable (T_VARIABLE) or number (T_NUM_STRING` — Becky, Apr 07 '16 at 14:21

How to send specific database records to other files

2 Answers2