Get data from 2 different forms and continue the same table row

Question

Please help me get this done since it's driving me crazy already.

I'm new to this whole process so what seems easy for you might be a nightmare for me, and no, google didn't help :(

So, i'm having one mysql table named member with the following structure:

mem_id

username

password

firstname

lastname

titlu (title)

descriere (description)

joy (integer)

comm

I'm parsing user details using execute.php looking like this:

<?php
session_start();
include('db.php');
$username=$_POST['username'];

$result  =  mysqli_query($db,"SELECT  *  FROM  member  WHERE  username='$username'");
$num_rows  =  mysqli_num_rows($result);

if  ($num_rows)  {
header("location:  index.php?remarks=failed");
}
else
{
$firstname=$_POST['firstname'];
$lastname=$_POST['lastname'];
$username=$_POST['username'];
$password=$_POST['password'];
mysqli_query($db,"INSERT  INTO  member(firstname,  lastname,  username,  password)VALUES('$firstname',  '$lastname',  '$username',  '$password')");
header("location:  index.php?remarks=success");
}
?>

Now i have another form that inserts gift details and must continue filling the same row in mysql.

I've tried the following but no luck:

<?php
session_start();
include('db.php');
$username=$_POST['username'];

$result  =  mysqli_query($db,"SELECT  *  FROM  member  WHERE  username='$username'");
$num_rows  =  mysqli_num_rows($result);

if  ($num_rows)  {
header("location:  index.php?remarks=failed");
}
else
{
$titlu = $_POST['titlu'];
$descriere = $_POST['descriere'];
$joy = $_POST['joy'];
$comm = $_POST['comm'];
$sql = "UPDATE member 
            SET titlu = '".mysql_real_escape_string($_POST[titlu])."'
            SET descriere = '".mysql_real_escape_string($_POST[descriere])."'
            SET joy = '".mysql_real_escape_string($_POST[joy])."'
            SET comm = '".mysql_real_escape_string($_POST[comm])."'
            WHERE username='".mysql_real_escape_string($_POST['username'])."'";
header("location:  welcome.php?remarks=success");
}
?>

Thank you very much for your support!

In your second file you're doing query for select the user, count the rows. If there is more than one row, you redirect to remarks=failed. So you can't update the data, because if the username exists it will redirect false and if it don't exists it can't make an update since the user doesn't exist. — Twinfriends, Nov 25 '16 at 08:16
Also you are doing `$sql = ...` which will not be triggered, use `mysqli_query($sql);` — Patrik Krehák, Nov 25 '16 at 08:21
Just turn your if condition. The code in the "else" part should be in the "if" part. Thats all. And as debute said, mysqli_query($sql) instead of just $sql = havent seen this one. — Twinfriends, Nov 25 '16 at 08:27
You shouldn't mix `mysqli_` with `mysql_`. In particular, `mysql_real_escape_string` should've been `mysqli_real_escape_string`. See http://stackoverflow.com/questions/17498216/can-i-mix-mysql-apis-in-php — Pang, Nov 26 '16 at 04:37
Your code is vulnerable to [SQL injection attacks](https://en.wikipedia.org/wiki/SQL_injection). Please read [this post](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) to learn more on how to prevent it. — Pang, Nov 26 '16 at 04:38
@pang thank you very much for that but that's not in my project scope. I just need the functionality. — Murea Adrian, Nov 28 '16 at 07:22

score 1 · Answer 1 · answered Nov 25 '16 at 08:27

Change your second file to the below code. it will redirect to index.php?remark=failed only if no user exist with the given username

 <?php
    session_start();
    include('db.php');
    $username=$_POST['username'];

    $result  =  mysqli_query($db,"SELECT  *  FROM  member  WHERE  username='$username'");
    $num_rows  =  mysqli_num_rows($result);

    if  (!$num_rows)  {
    header("location:  index.php?remarks=failed");
    }
    else
    {
    $titlu = $_POST['titlu'];
    $descriere = $_POST['descriere'];
    $joy = $_POST['joy'];
    $comm = $_POST['comm'];
    $sql = "UPDATE member 
                SET titlu = '".mysql_real_escape_string($_POST[titlu])."',
                descriere = '".mysql_real_escape_string($_POST[descriere])."',
               joy = '".mysql_real_escape_string($_POST[joy])."',
                comm = '".mysql_real_escape_string($_POST[comm])."'
                WHERE username='".mysql_real_escape_string($_POST['username'])."'";
mysqli_query($sql);
    header("location:  welcome.php?remarks=success");
    }
    ?>

I'm afraid this didn't resolve my problem, data is still not added in the missing table columns. I'm trying a different approach now. I'll update soon — Murea Adrian, Nov 25 '16 at 11:48
@MureaAdrian I think in the second file $_POST[username] is null. That will be the roblem — jophab, Nov 25 '16 at 12:55

score 1 · Answer 2 · edited Feb 18 '22 at 00:28

I managed to get it done by using:

<?php
    session_start();
    include('db.php');
    include('session.php');
    
    $res  =  mysqli_query($db,"SELECT * FROM member where mem_id=$loggedin_id");    
    $num_rows  =  mysqli_num_rows($res);

    if  (!$num_rows)  {
        header("location:  welcome.php?remarks=failed");
    }
    else
    {
    $titlu = $_POST['titlu'];
    $descriere = $_POST['descriere'];
    $joy = $_POST['joy'];
    $comm = $_POST['comm'];
    
mysqli_query($db,"UPDATE member 
               SET titlu = '$titlu',
               descriere = ' $descriere ',
               joy = '$joy',
               comm = '$comm'
               where mem_id=$loggedin_id");
    header("location:  welcome.php?remarks=success");
    }
    ?>

score -1 · Answer 3 · answered Nov 25 '16 at 08:33

-1

you can use mysqli_insert_id get last id insert. Then update with id.

answered Nov 25 '16 at 08:33

Thu Đoàn

1
3

but what if someone else gets there first with another insert? – Takarii Nov 25 '16 at 08:40

Get data from 2 different forms and continue the same table row

3 Answers3