PHP multiple forms, second uses data from the First

Question

I am trying to first, get an ID to query a database and print the results in a table(this part works). I want to then take the id that was given by the user and use it to update the information in the database using PHP. I want to use the input on the second form as the values to update the database with. The table to alter is customers and it has the fields ID, NAME, ADDRESS. I do not want the user to be able to change the ID.

Form1:

<form method="post" action="">
    <p style="margin-top: 70px;">Please type the ID of the person you wish to add to change their data</p>
    <p style="margin-bottom: 0px;">ID</p>
    <input style="color:black" type="text" name="id" placeholder="10001">
    <input style="color:lightblue;background-color: rgb(80,80,80);margin-top: 7px; " type="submit" value="Submit">
</form>

Form2:

<form method="post" action="">
    <p>New Information for Customer with ID entered above</p>
    <input style='color:black;' type='text' name='newName' placeholder='Name Change'>
    <input style="color:black;" type="text" name="newAddress" placeholder="New Address">
    <input style="color:lightblue;background-color: rgb(80,80,80);margin-top: 7px; " type="submit" name="submitForm2" value="Submit">
</form>

Here is my current php as requested but it does not work and the $_POST that checks if the values are set returns false.

<?php 
            session_start();
            if (isset($_POST["id"])){
                $servername = 'localhost';
                $user = 'root';
                $pass = '';
                $db = 'the_sports_store';
                $conn = new mysqli($servername,$user, $pass, $db);

                // Check connection
                if ($conn->connect_error) {
                    echo '<script language="javascript">';
                    echo 'alert("DB Connection Failed:")';
                    echo '</script>';
                    die("" . $conn->connect_error);
                } 

                $sessionID = $_SESSION["ID"];
                $newName = $_SESSION["newName"];
                $newAddress = $_SESSION["newAddress"];
                var_dump($newName);

                $sql = "SELECT * FROM `customers` WHERE ID='$sessionID';";


                //display the current record, allow user input to alter it, then display new data
                if ($conn->query($sql) == TRUE) {
                    echo"<div class='col-10'>";
                    echo"<table>";
                    echo"<tr>
                            <td align='justify'><b>ID</b></td>
                            <td align='justify'><b>NAME</b></td>
                            <td align='justify'><b>ADDRESS</b></td>
                         </tr>";
                    $result = mysqli_query($conn, $sql);
                    $row = mysqli_fetch_assoc($result);
                    echo "<tr><td style='padding: 10px;'>{$row['ID']}</td><td>{$row['NAME']}</td><td>{$row['ADDRESS']}</td></tr>";
                    echo "</table>";
                    echo "</div>";





                    if(!empty($_POST["newName"]) && !empty($_POST["newAddress"])){
                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';
                        $newName = $_POST["newName"];
                        $newAddress = $_POST["newAddress"];
                        $sqlChange = "UPDATE `customers` 
                                        SET `NAME` = '$newName', `ADDRESS` = '$newAddress' 
                                        WHERE `ID` = '$sessionID';";

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }

                    }else if(!empty($_POST["newName"])){
                        $newName = $_POST["newName"];
                        $sqlChange = "UPDATE `customers` SET `NAME` = '$newName' WHERE `ID` =  '$sessionID'";
                        echo '<script language="javascript">';
                        echo 'alert(',$newName,');';
                        echo '</script>';

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }
                    }else if(!empty($_POST["newAddress"])){
                        $newName = $_POST["newAddress"];
                        $sqlChange = "UPDATE `customers` SET `ADDRESS` = '$newAddress' WHERE `ID` =  '$sessionID'";

                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }
                    } else{
                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';
                    }
                }
                $conn->close();
            }

        ?>

The second form was on the page where the action was sent to. I have since condensed them onto a single page. — Enter Strandman, Mar 07 '18 at 05:36
Where do they post though? Is it all just one page and both forms post to themselves? — IcedAnt, Mar 07 '18 at 05:41
This is all one page. I had it broken into 2 at one point but I thought debugging would be easier in 1 page and I'm on a time crunch — Enter Strandman, Mar 07 '18 at 05:42
And why even use 2 forms, you could combine them in just one. — rndus2r, Mar 07 '18 at 05:47
I need to get the ID and display the data before allowing the user to change anything. But if that can be condensed into 1 form please share some code or even pseudo code — Enter Strandman, Mar 07 '18 at 05:49
You could definitely condense them, for example you could wrap the "new" buttons into an `if ( $_SERVER ["REQUEST_METHOD"] == "POST" ) {}` so they would only show after you submit the ID. But you'd also have to change the logic on your PHP... — IcedAnt, Mar 07 '18 at 05:59

IcedAnt · Accepted Answer · 2018-03-07T06:27:54.037

1

Your problem is that your PHP code will only execute if the id is set. So the code will never execute when you post the second form.

Move this if (!empty($_POST["newName"]) && !empty($_POST["newAddress"])) and all elseif/else below outside of your initial if.

Also, I feel obligated to inform you about SQL Injection and how to avoid it: How can I prevent SQL injection in PHP?

edited Mar 07 '18 at 06:27

answered Mar 07 '18 at 06:05

IcedAnt

444
3
12

They are already within the first if. Can I use the session variable there instead of just checking if the ID is set? – Enter Strandman Mar 07 '18 at 06:11
I said move them **outside** of the first if. I have no idea how you're using the session variables, are you actually setting them somewhere else? – IcedAnt Mar 07 '18 at 06:13
I was using the session variable to save the ID entered in the first form so when the page refreshes on submit I keep the value – Enter Strandman Mar 07 '18 at 06:15
How are you doing that? And where? I don't see anything like `$_SESSION["ID"] = $_POST["id"]` anywhere. How to set session variables: https://www.w3schools.com/php/php_sessions.asp – IcedAnt Mar 07 '18 at 06:17
I know its a security issue, but just connecting to the DB helped! Now I have a problem of an alert that says there was success in the update, but the update did not occur. – Enter Strandman Mar 07 '18 at 06:31
I am also getting an undefined index from id in the second form. – Enter Strandman Mar 07 '18 at 06:33
That probably because you are not setting the session variables anywhere. What is the output of `var_dump($_SESSION);`? Use it just before your first if – IcedAnt Mar 07 '18 at 06:40
array(1) { ["ID"]=> NULL } is the result. So when the page is refreshed, the ID value isn't saved – Enter Strandman Mar 07 '18 at 06:42
Well, yeah, it's not saved by itself, you have to save it yourself. Read the link above regarding session variables and how to use them – IcedAnt Mar 07 '18 at 06:58
$_SESSION['ID'] = $_POST['id']; $id = $_SESSION['ID']; – Enter Strandman Mar 07 '18 at 07:02
I used the above and it is transferred to the next page. How can I stop the overwrite that is happening when the next page is submitted? The value is null rather than the entered ID. – Enter Strandman Mar 07 '18 at 07:06

PHP multiple forms, second uses data from the First

1 Answers1