0

I extremely new to both mysql and php (mostly mysql), and i'm not even sure i got all of the basics, cause i'm more of a learning-by-doing-person. So my code is made up of different explanations all around the web, and some of it might be wrong. So i'm trying to get data from a database, put it into a html form, edit it, and update the database with the new data. So far the data gets loaded into the form correctly, and with a lot of troubleshooting i've come to the conclusion that even the upload works out as it should, except the fields are empty. So i guess that my problem must be in getting the data from the form, to the update query.

This is my code

<html xmlns="http://www.w3.org/1999/xhtml">

<head>
<meta content="text/html; charset=utf-8" http-equiv="Content-Type" />
<title>Untitled 1</title>
</head>

<body>
<?php
require 'connect.php';


$result = $db->query("SELECT * FROM test") or die ($db->error);

while($row = mysqli_fetch_array($result))
{

    $name = $row['name'];
    $school = $row['school'];
    $email = $row['email'];
    $grade = $row['grade'];
    $workshop = $row['workshop'];
    $id = $row['id'];
?>
<form method="post" action="#">
    <?=$id?>
    <input name="nameid" type="text" value="<?=$name?>">
    <input name="emailid" type="text" value="<?=$email?>">
    <input name="gradeid" type="text" value="<?=$grade?>">
    <input name="workshopid" type="text" value="<?=$workshop?>">
    <input name="schoolid" type="text" value="<?=$school?>">
<?php } 
session_start();
$_SESSION['storage'] = $_POST;
?>
<input name="update" type="submit" id="update" value="Update">
</form>


<?php
if(isset($_POST['update']))
{

    $link = mysqli_connect("localhost", "892847", "123456789", "892847");

    // Check connection
    if($link === false){
        die("Couldn't connect. " . mysqli_connect_error());
    }
    session_start();

    $name = $_SESSION['storage']['nameid'];
    $school = $_SESSION['school']['schoolid'];
    $email = $_SESSION['email']['emailid'];
    $grade = $_SESSION['grade']['gradeid'];
    $workshop = $_SESSION['workshop']['grade'];
    $id = $_SESSION['id'];


    $sql = "UPDATE test SET name = '$name', email = '$email', school = '$school', grade = '$grade', workshop = '$workshop' WHERE id = '8'";
    if(mysqli_query($link, $sql)){
        echo "Records added successfully. $name";
        print_r($_POST['nameid']);
    } else{
        echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
    }


    mysqli_close($link);
}
?>

</body>
</html>

I'm aware that the session-chaos looks strange, but i read somewhere that a information isn't available across PHP-scripts, unless you make a session.

I'm really grateful for any kind of help - i've been fighting with this for about 48 hours

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
Oliver
  • 1
  • 1
  • You don't need to persist your post in session. And your query will give you more than a row. Since you just need a row, you should select only that row `$result = $db->query("SELECT * FROM test WHERE id = '$id'") or die ($db->error);` I assume you have an `id` field in your table and you are getting the `$id` of the row you want to update – Orion Aug 08 '16 at 10:27
  • Sorry, but almost everything is in the wrong place in this code. I suggest you change your approach and start with a good book or tutorial – RiggsFolly Aug 08 '16 at 10:36
  • @RiggsFolly Yeah, it's kind of messed up. But you know, i know how to connect, how to fetch the data, and how to upload, so i thought it'd be easy just to combine that knowledge – Oliver Aug 08 '16 at 11:45
  • @Orion okay, thanks. I do need to update all the rows though, i just made it simple for testing ;-) – Oliver Aug 08 '16 at 11:46

1 Answers1

0

This is a basic approach, using the easiest procedural php. First, you load data in from mysql into php array as follows, assuming you've already made the connections and id is the id of that specific row

$row = mysql_fetch_array(mysql_query("SELECT * FROM test WHERE `id` = '$id'"));

Find a way of ensuring that that page is displaying the required id, for instance, you can use $id = $_GET[row]; in that case your url will be http://url?row=id In the html code use echo as follows

<form action="process.php" method="POST">
<input type="hidden" name="id" value="<?php echo $_GET['row']" ?>" >
<input type="text" name="nameid" value="<?php echo $row['nameid'] ?>" >
...
</form>

Forget about sessions, the moment you press submit it should carry all this data in to the process.php in a global variable $_POST or $_GET, depending on which method you chose in the <form method>.

Now in the process.php, use 

$nameid = mysql_real_escape_string($_POST['nameid']);
$id = $_POST['id'];
$sql = mysql_query("UPDATE test SET `name_id` = '$nameid' WHERE `id` = '$id'");
if($sql) {
echo "update successful";
}

Needless to say, you need to use database connections in both pages.

AntonyMN
  • 660
  • 6
  • 18
  • Your script is at risk of [SQL Injection Attack](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) Have a look at what happened to [Little Bobby Tables](http://bobby-tables.com/) Even [if you are escaping inputs, its not safe!](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) Use [prepared statement and parameterized statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) – RiggsFolly Aug 08 '16 at 12:05
  • @RiggsFolly I have demonstrated the easiest method, this should work, but it is very unsafe, users should use more secure method, this is just a basic demonstration – AntonyMN Aug 08 '16 at 12:23