0

I built an html page with some options to insert details for a friends club. I used an INSERT query and it worked. I want to add other queries like an UPDATE, DELETE, SELECT etc.

this is the php file:

<?php
//Input posted data.
$Fname = $_POST["Fname"];
$Lname = $_POST["Lname"];
$Date = $_POST["Date"];
$Mail = $_POST["Mail"];
$Pass = $_POST["Pass"];

// Create connection
$conn = mysqli_connect('localhost','root',"");

//Check if the connection was opened, if not prompt the error to the page.
if (!$conn)
{
  die('Could not connect: ' . mysqli_error());
}

//Select the data base.
mysqli_select_db($conn, "club");

//Set the character set to utf-8 to allow hebrew.
mysqli_query($conn, "SET NAMES 'utf8'");    

//SQL query - user Details 
$sql = "INSERT INTO customers (Fname, Lname, Mail, Date, Pass) 
          VALUES('$Fname','$Lname','$Mail','$Date','$Pass')";

//Run SQL query
$results = mysqli_query($conn, $sql) or die (mysqli_connect_errno());


//Close the SQL connection.
mysqli_close($conn);

?>

I want to use those queries in the same file.

how can I do that?

Should I add a new form on the same page?

For example <form name="input" action="Update.php" method="POST"> to direct it to the Update.php file?

can I use more than one form at the same html file?

I've created this form for the Update button on the page to Update.php file but it doesn't work. It just adds the details and does not update them, although I used the UPDATE query.

GrumpyCrouton
  • 8,486
  • 7
  • 32
  • 71
Jason B.
  • 9
  • 2
  • 2
    [Little Bobby](http://bobby-tables.com/) says **[you are at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) for [MySQLi](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php). Even **[escaping the string](https://stackoverflow.com/q/5741187)** is not safe! I recommend `PDO`, which I [wrote a function for](http://paragoncds.com/grumpy/pdoquery/#function) to make it extremely **easy**, very **clean**, and way more **secure** than using non-parameterized queries. – GrumpyCrouton Sep 06 '17 at 20:05
  • Also having a look at this woulde be helpful http://www.codingcage.com/2015/06/multiple-insert-update-delete-crud.html – Chetan_Vasudevan Sep 06 '17 at 20:07

1 Answers1

1

You take all your PHP code and put it in the head of the form's page, then wrap it all inside

if(isset($_POST['submit-button-name'])){
    //YOUR PHP CODE
}

Now you for each submit-button-name you make an if statement with it, for example

if(isset($_POST['insert'])){
  //YOUR INSERT QUERY
}

if(isset($_POST['update'])){
  //YOUR UPDATE QUERY
}

if(isset($_POST['delete'])){
  //YOUR DELETE QUERY
}

That if you for example have 3 buttons like the following

<button type='submit' name='insert'>INSERT</button>
<button type='submit' name='update'>UPDATE</button>
<button type='submit' name='delete'>DELETE</button>

Inside the form, of course the UPDATE & DELETE queries require an identifier to find the row 

WHERE id = $id

So it depends how you will implement the buttons in one form.

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
AXAI
  • 706
  • 6
  • 17