0

EDIT I haven't gotten to preparing the statements yet. Want to get functionality down first.

I'm creating a page where the user can view the questions from the database and update them at the same time. The questions echo out into a text box. For each question/choices, I'm echoing out a form and submit button. When a change is made, the query runs successfully on submit and if you hit refresh in the browser, the changes will update. However, pressing the update button displays the old results rather than updating. What can I do here? Setting the header to refresh after form submission doesn't seem to work.

Code

<?php include 'database.php'; include 'authenticate.php'; ?>     
<?php   
  $questionText = $_POST['question'];
  $qNum = $_POST['question_number'];
  $query = "SELECT * FROM `questions`";
  $result = $mysqli->query($query);
?>
<?php
  if (isset($_POST['update'])) {
    $questionQuery = "UPDATE `questions` SET text = '$questionText' WHERE question_number = '$qNum'";
    $mysqli->query($questionQuery) or die("Query failed: " . $mysqli->error.__LINE__);
  } 
?>
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="UTF-8">
<title>Update</title>
</head>
<body>  
<?php while($row = $result->fetch_assoc()): ?>
<?php $questionNumber = $row['question_number']; ?>
    <?php echo "<form action='update.php' method='post'>"; ?>
        <?php echo $questionNumber; ?>  <input type="text" name="question" value="<?php echo $row['text']; ?>" style="width: 75%" />
        <input type="hidden" name="question_number" value="<?php echo $row['question_number']; ?>" /><br>
        <?php 
            $query1 = "SELECT * FROM `choices` WHERE question_number = '$questionNumber'";
            $result1 = $mysqli->query($query1);

            //echo out choices right under each question
            while ($row1 = $result1->fetch_assoc()) {
                $text = $row1['text'];
                if ($row1['is_correct'] == 1) {
                    echo "<input type='text' name='choice' value='$text' style='border: 4px solid lightgreen' />" . "<br>";                                     
                } else {
                    echo "<input type='text' name='choice' value='$text' style='border: 4px solid red' />" . "<br>";                                        
                }
            }
        ?>
        <input type="submit" name="update" value="Update" />
    <?php echo "</form>"; ?>
    <?php echo "<br>"; ?>
<?php endwhile; ?>

  • If the data is updated, but not the webpage, you may have a caching issue. – Jay Blanchard Nov 03 '16 at 20:15
  • [Little Bobby](http://bobby-tables.com/) says ***[your script is at risk for SQL Injection Attacks.](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)*** Learn about [prepared](http://en.wikipedia.org/wiki/Prepared_statement) statements for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even [escaping the string](http://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string) is not safe! [Don't believe it?](http://stackoverflow.com/q/38297105/1011527) – Jay Blanchard Nov 03 '16 at 20:15
  • I run into this with Chrome a lot. My hack/solution is to put something unique at the end of the URL, forcing the browser to ignore cached copies. ` – Duane Lortie Nov 03 '16 at 20:23

1 Answers1

0

This happens because you run a select before the update, so you will display the old values stored.

Move this line 

  $result = $mysqli->query($query);

after the update block. :)

minux
  • 2,694
  • 2
  • 18
  • 16
  • That did it. I knew it had to be the order of statements or something miniscule. Thanks m8! –  Nov 03 '16 at 20:35