0

I'm creating a simple PHP and SQL to do list application. My problem is, every time I edit a row, it creates another row instead of just editing the existing row. Here is some of the code from index.php:

<?php

$current_date = date("Y-m-d");

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

$task = isset($_POST['task']) ? $_POST['task'] : null;
$importance = isset($_POST['importance']) ? $_POST['importance'] : null;
$due_date = isset($_POST['due_date']) ? $_POST['due_date'] : null;
$order = isset($_POST['order']) ? $_POST['order'] : null;

if(isset($task,$importance,$due_date,$user_name)){
$sql = "INSERT INTO tasks (task, importance, due_date, user_name) VALUES ('$task', '$importance', '$due_date', '$user_name')";

$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));

}

}

?>

<?php
while($column = mysqli_fetch_assoc($result)){
?>
<tr><td><?php echo $column["task"]?></td><td class="<?php echo $column["importance"] ?>"><?php echo $column["importance"]?></td><?php if($column["due_date"]<$current_date){echo '<td class="overdue">';}else{echo '<td class="not_overdue">';} ?><?php echo $column["due_date"]?></td><td><?php echo "<a href='edit.php?id=".base64_encode($column['task_id'])."'>Edit</a>" ?></td><td><?php echo "<a href='delete_one.php?id=".base64_encode($column['task_id'])."' onclick=\"return confirm('Are you sure?')\">Delete</a>" ?></td></tr>
<?php
}
?>

Here is some of the code from edit.php:

<?php

if($_GET['id'] != ""){

$task_id = $_GET['id'];

$task_id = base64_decode($task_id);

$sql = "SELECT * FROM tasks WHERE task_id='$task_id'";

$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));

}

?>

<?php
}
?>

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

$task = isset($_POST['task']) ? $_POST['task'] : null;
$importance = isset($_POST['importance']) ? $_POST['importance'] : null;
$due_date = isset($_POST['due_date']) ? $_POST['due_date'] : null;

if(isset($task,$importance,$due_date)){

$sql = "UPDATE tasks SET task='$task', importance='$importance', due_date='$due_date' WHERE task_id='$task_id'";

$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));

}

}

?>

Can someone tell me what I'm doing wrong?

Julian
  • 97
  • 1
  • 1
  • 9
  • 3
    Presumably, you have an `insert` somewhere where you should have `update`. – Gordon Linoff Oct 09 '17 at 00:10
  • Does this mean that both the old record **and** a new record are in the database? Only possible with a trigger – Jacques Amar Oct 09 '17 at 00:14
  • @GordonLinoff There's no insert statement anywhere in edit.php. – Julian Oct 09 '17 at 00:16
  • @JacquesAmar Yes, it's leaving the old record in the database and also creating a new record. – Julian Oct 09 '17 at 00:17
  • **WARNING**: When using `mysqli` you should be using [parameterized queries](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [`bind_param`](http://php.net/manual/en/mysqli-stmt.bind-param.php) to add user data to your query. **DO NOT** use string interpolation or concatenation to accomplish this because you have created a severe [SQL injection bug](http://bobby-tables.com/). **NEVER** put `$_POST`, `$_GET` or **any** user data directly into a query, it can be very harmful if someone seeks to exploit your mistake. – tadman Oct 09 '17 at 00:43
  • Note: The object-oriented interface to `mysqli` is significantly less verbose, making code easier to read and audit, and is not easily confused with the obsolete `mysql_query` interface. Before you get too invested in the procedural style it’s worth switching over. Example: `$db = new mysqli(…)` and `$db->prepare("…”)` The procedural interface is an artifact from the PHP 4 era when `mysqli` API was introduced and should not be used in new code. – tadman Oct 09 '17 at 00:43
  • A lot of problems can be detected and resolved by [enabling exceptions in `mysqli`](https://stackoverflow.com/questions/14578243/turning-query-errors-to-exceptions-in-mysqli) so mistakes aren't easily ignored. – tadman Oct 09 '17 at 00:43
  • Looks like your edit.php file is posting to the index.php file. So show us index.php. – r lo Oct 09 '17 at 00:53
  • Looks like your are posting from edit.php to index.php, therefore the insert statement is being executed on the index.php file. I assume the first code block is index.php? – r lo Oct 09 '17 at 01:09
  • Review the html you had on your edit.php which you had shown before. I thought you were posting to index.php in the form if I remember correctly – r lo Oct 09 '17 at 01:10
  • @rlo Yes, the first block is index.php and the second block is edit.php. The insert statement adds rows to the table on index.php. If you click the edit link on index.php, you can edit the table row in edit.php. Once you have edited the table row, you are redirected back to index.php. – Julian Oct 09 '17 at 01:12
  • Look at your HTML Form on edit.php file and see if the action is pointed to edit.php or index.php file, it should be edit.php to update. – r lo Oct 09 '17 at 01:15

3 Answers3

0

On your edit.php file the Form tag should have an Action pointing to edit.php to update.

r lo
  • 306
  • 3
  • 14
0

I fixed this issue by removing the form action on edit.php. Original:

<form method="post" action="index.php">

New:

<form method="post">

I then added a redirect to the bottom of this code block on edit.php:

<?php

if ($_SERVER['REQUEST_METHOD'] == 'POST'){

$task = isset($_POST['task']) ? $_POST['task'] : null;
$importance = isset($_POST['importance']) ? $_POST['importance'] : null;
$due_date = isset($_POST['due_date']) ? $_POST['due_date'] : null;

if(isset($task,$importance,$due_date)){

$sql = "UPDATE tasks SET task='$task', importance='$importance', due_date='$due_date' WHERE task_id='$task_id'";

$result = mysqli_query($connection, $sql) or die(mysqli_error($connection));

header('Location: index.php');

}

}

?>
Julian
  • 97
  • 1
  • 1
  • 9
0

I suppose that on passing the task_id to edit.php you have a form for editing values and in that form, the action part should be updated to edit.php.

Kartik jain
  • 27
  • 3