1

Trying to make a CRUD, everything works except my Update function. I feel like the problem is in the second sql query. When I click on submit it just refreshes and the change is gone. Can anyone show me how to find what I need to change/show me what to change?

    <head>
<title>Update</title>
</head>

<body>
</form>



<?php 

require_once('dbconnect.php');
$id =  $_GET['id'];
$sql = "SELECT * FROM dealers where ID=$id";
$result = $conn->query($sql);



if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
        echo '<form action="" method="post">';
        echo "Company: <input type=\"text\" name=\"CName\" value=\"".$row['CName']."\"></input>";
        echo "<br>";
        echo "Contact: <input type=\"text\" name=\"Contact\" value=\"".$row['Contact']."\"></input>";
        echo "<br>";
        echo "City: <input type=\"text\" name=\"City\" value=\"".$row['City']."\"></input>"; 
        echo "<br>";
        echo "<input type=\"Submit\" = \"Submit\" type = \"Submit\" id = \"Submit\" value = \"Submit\">";
        echo "</form>";
    }
    echo "</table>";
} else {
    echo "0 results";
}
if(isset($_POST['Submit'])){
$sql = "UPDATE dealers SET CName='$CName', Contact='$Contact', City='$City' where ID=$id";
$result = $conn->query($sql);
}
$conn->close();

?>
Jitter
  • 9
  • 3
  • 1
    Your code is vulnerable to [SQL-Injections](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Please start using Prepared, Parameterized Queries. – Charlotte Dunois Aug 10 '16 at 20:05
  • If you have no choice (I had a PHB that insisted that any HTML was served via PHP `echo`) -- then in your `if(isset($_POST)` logic block. You need to re-execute `SELECT * FROM dealers where ID=$id --> and echo back the HTML for the changes.` Since this is server side logic serving up HTML it's messy as a pig in mud. You need to separate your concerns: You have a SELECT (cRud) and an UPDATE (crUd) in the same function. This is bad, even if you are serving up dynamic HTML from the server (which is also bad). – RyanNerd Aug 10 '16 at 21:05

2 Answers2

2

Instead of building a form inside PHP, just break with ending PHP tag inside your while loop and write your HTML in a clean way then start PHP again. So you don't make any mistake.

Also you've to submit your $id from your form too.

Try this

<?php 

require_once('dbconnect.php');

$id =  $_GET['id'];
$sql = "SELECT * FROM dealers where ID=$id";
$result = $conn->query($sql);


if ($result->num_rows > 0) {
    // output data of each row
    while($row = $result->fetch_assoc()) {
?>

    <form action="" method="post">

        <input type="hidden" name="id" value="<?= $id ?>" />

        Company: <input type="text" name="CName" value="<?= $row['CName'] ?>" />
        <br>

        Contact: <input type="text" name="Contact" value="<?= $row['Contact'] ?>" />
        <br>

        City: <input type="text" name="City" value="<?= $row['City'] ?>" /> 
        <br>

        <input type="Submit" name="Submit" id="Submit" value="Submit" />

    </form>

<?php

    } // end while loop

    echo "</table>";
} 
else {
    echo "0 results";
}

Note: You are passing undefined variables into your update query. As you are submitting your form you must have to define those variables before you use them.

if (isset($_POST['Submit'])) {

    $CName     =   $_POST['CName'];
    $Contact   =   $_POST['Contact'];
    $City      =   $_POST['City'];

    $id        =   $_POST['id'];

    $sql = "UPDATE dealers SET CName='$CName', Contact='$Contact', City='$City' where ID=$id";

    $result = $conn->query($sql);
}

$conn->close();
Zayn Ali
  • 4,765
  • 1
  • 30
  • 40
0

that loop? ID primary key or not?

maybe u need create more key in table dealer like as_id 

<input type="hidden" name="idform" value="$as_id">

in statment

if($_POST){
$idf = $_POST['idform'];
if(!empty($idf)){
$sql = "UPDATE dealers SET CName='$CName', Contact='$Contact', City='$City' where as_id=$idf";
$result = $conn->query($sql);
}
$conn->close();
}
Panjul
  • 56
  • 6