Modify DB row after query PHP

Question

I'm trying to modify my DB after a query. My goal is this: query the values, echo them with a little modify form that, if I hit "modify", the values will be modified in the DB. I don't know if I'm being clear enough, so here's my code, maybe it'll help me explain.

<h3>¿Quieres editar tu receta?</h3>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <h3>Introduce tu email: </h3><input type="text" name="email" placeholder="email"/><br/>
    <input type="submit" name="editar" value="Buscar mi receta" class="send-btn">
</form>
<?php
    date_default_timezone_set('Europe/Madrid');
    $link = mysqli_connect("localhost", "root", "root", "db_csw");
    if(!$link){
        die("Conexion fallida: ". mysqli_error());
    }
    if(isset($_POST['editar'])){
        $email = $_POST["email"];
        $query = "SELECT * FROM datosformulario WHERE email LIKE '%".$email."%'";
        $res = mysqli_query($link, $query);
        if($res !== false && mysqli_num_rows($res) > 0){
            while ($aux = mysqli_fetch_array($res)){
                $accion = $_SERVER['PHP_SELF'];
                $id = $aux['id'];
                echo "Nombre de la receta: ".$aux['nombrereceta']."<br>";
                echo "Pasos de la receta: ".$aux['pasosreceta']."<br>";
                echo "<br><br>";
                echo "¿Quieres editar esta receta?<br/>";
                echo "<form method='POST' action='".$accion."'>";
                echo "<input type='text' name='nombreRecetaEditada' placeholder='Nombre de la receta'/><br/>";
                echo "<textarea cols='42' rows='10' name='pasosRecetaEditada' placeholder='Pasos de la receta'></textarea><br/>";
                echo "<input type='submit' name='editarReceta' value='Editar' class='send-btn'><br/>";
                echo "</form>";
                if(isset($_POST["editarReceta"])){
                    $nombreRecetaEditada = $_POST["nombreRecetaEditada"];
                    $pasosRecetaEditada = $_POST["pasosRecetaEditada"];
                    $actualizaReceta = "UPDATE datosformulario SET nombrereceta='$nombreRecetaEditada',pasosreceta='$pasosRecetaEditada' WHERE id=$id";
                    $exito = mysqli_query($link, $actualizaReceta);
                    if($exito !== false){
                        echo "Receta modificada";
                    } else {
                        echo "No se pudo modificar la receta";
                    }
                }
            }
        } else {
            echo "El email introducido no se ha usado para enviar ninguna receta. Por favor, prueba de nuevo";
        }
    }
    mysqli_close($link);
?>

Thanks in advance.

Answer 1

The problem is, the control will never reach to this if(isset($_POST["editarReceta"])){ ... block even though you've click on the submit button the update the values in the table. And that's because it has to cross this if(isset($_POST['editar'])){ ... block to reach the former mentioned if block.

The solution is, take this entire if(isset($_POST["editarReceta"])){ ... } outside of the if(isset($_POST['editar'])){ ... } block, like this:

// your code
if(isset($_POST["editarReceta"])){
    ...
}
if(isset($_POST['editar'])){
    ...
}
// your code

Also, to get the $id value in the UPDATE query, you have to change the form's action attribute in the following way,

echo "<form method='POST' action='".$accion."?id='".$id.">";

So that you could catch the appropriate $id in the following way,

$id = (int)$_GET['id'];

Here's the complete code,

<h3>¿Quieres editar tu receta?</h3>
<form method="POST" action="<?php echo $_SERVER['PHP_SELF']; ?>">
    <h3>Introduce tu email: </h3><input type="text" name="email" placeholder="email"/><br/>
    <input type="submit" name="editar" value="Buscar mi receta" class="send-btn">
</form>
<?php
    date_default_timezone_set('Europe/Madrid');
    $link = mysqli_connect("localhost", "root", "root", "db_csw");
    if(!$link){
        die("Conexion fallida: ". mysqli_error());
    }

    if(isset($_POST["editarReceta"])){
        $id = (int)$_GET['id'];
        $nombreRecetaEditada = $_POST["nombreRecetaEditada"];
        $pasosRecetaEditada = $_POST["pasosRecetaEditada"];
        $actualizaReceta = "UPDATE datosformulario SET nombrereceta='$nombreRecetaEditada',pasosreceta='$pasosRecetaEditada' WHERE id=$id";
        $exito = mysqli_query($link, $actualizaReceta);
        if($exito !== false){
            echo "Receta modificada";
        } else {
            echo "No se pudo modificar la receta";
        }
    }

    if(isset($_POST['editar'])){
        $email = $_POST["email"];
        $query = "SELECT * FROM datosformulario WHERE email LIKE '%".$email."%'";
        $res = mysqli_query($link, $query);
        if($res !== false && mysqli_num_rows($res) > 0){
            while ($aux = mysqli_fetch_array($res)){
                $accion = $_SERVER['PHP_SELF'];
                $id = $aux['id'];
                echo "Nombre de la receta: ".$aux['nombrereceta']."<br>";
                echo "Pasos de la receta: ".$aux['pasosreceta']."<br>";
                echo "<br><br>";
                echo "¿Quieres editar esta receta?<br/>";
                echo "<form method='POST' action='".$accion."?id='".$id.">";
                echo "<input type='text' name='nombreRecetaEditada' placeholder='Nombre de la receta'/><br/>";
                echo "<textarea cols='42' rows='10' name='pasosRecetaEditada' placeholder='Pasos de la receta'></textarea><br/>";
                echo "<input type='submit' name='editarReceta' value='Editar' class='send-btn'><br/>";
                echo "</form>";
            }
        } else {
            echo "El email introducido no se ha usado para enviar ninguna receta. Por favor, prueba de nuevo";
        }
    }
    mysqli_close($link);
?>

---

Sidenote: Learn about prepared statement because right now your queries are susceptible to SQL injection. Also see how you can prevent SQL injection in PHP.