Last ID is added to DB

Question

index.php

<form method="POST" action="add_to_db.php">
    <?php 
    foreach ($response->getGraphEdge() as $graphNode) :
    echo
    "<div class='form-check mb-3'>" .
        "<input type='radio' name='fb_name' class='form-check-input mt-3' value='".$graphNode['name']."'>" .
       "<img class='mx-2' src='" . $graphNode['picture']['url'] . "'>" . 
       "<label class='form-check-label' for='fb_name'>" . $graphNode['name'] . '</label>' . 
       "<input type='hidden' name='fb_id' value='" . $graphNode['id'] . "'>" .
       "<input type='hidden' name='fb_access_token' value='" . $graphNode['access_token'] . "'>" .
    "</div>";
    endforeach; ?>
</form>

add_to_db.php

if(isset($_POST['submit'])) {
  $query = new db;
  $b = $query->Query('SELECT * FROM user WHERE user_ID = 1');

  $fb_id           = $_POST['fb_id'];
  $fb_name         = $_POST['fb_name'];
  $fb_access_token = $_POST['fb_access_token'];

    $update = $query->Query("UPDATE user 
                             SET user_fb_page_id = '$fb_id',
                                 user_fb_page_name = '$fb_name', 
                                 user_fb_page_access_token = '$fb_access_token' 
                             WHERE user_ID = 1 ");

    if(!$update) {
      echo '<div class="alert alert-success" role="alert">Updated Successful!</div>';
    } else {
      echo '<div class="alert alert-danger" role="alert">Oh no! Something went wrong ☹️</div>';
    }

}

Problem:

When a user clicks on the Facebook Page that they want, the value to their name & access token is successfully updated to the database however it'll update the last fb_id to the db which is clearly not what I want! I am not sure at all why the ID does this yet none of the other attributes do it

[Little Bobby](http://bobby-tables.com/) says **[you may be at risk for SQL Injection Attacks](https://stackoverflow.com/q/60174/)**. Learn about [Prepared Statements](https://en.wikipedia.org/wiki/Prepared_statement) with [parameterized queries](https://stackoverflow.com/a/4712113/5827005). I recommend `PDO`, which I [wrote a class for](https://github.com/GrumpyCrouton/GrumpyPDO) to make it extremely easy, clean, and more secure than using non-parameterized queries. Also, [This article](https://phpdelusions.net/pdo/mysqli_comparison) may help you choose between `MySQLi` and `PDO` — GrumpyCrouton, Jul 27 '18 at 17:35
You have your `if(!$update){...}` mixed up here. That `!` means "not". Might not fix your code but it is contradictory to the messages you have in that condtional statement. — Funk Forty Niner, Jul 27 '18 at 17:40
*"the value to their name & access token is successfully added to the database"* - What you've shown us isn't something that's "added", you have an UPDATE statement. — Funk Forty Niner, Jul 27 '18 at 17:43
@FunkFortyNiner changed from "add" to "update" to clear any confusion — Nazar Abubaker, Jul 27 '18 at 18:11

Marleen · Accepted Answer · 2018-07-27T19:17:38.533

The form input fields in one iteration of your foreach loop have the same names as the input fields in the other iterations.

This produces a form where all of the input fields that hold an id have the exact same name. (The same goes for the input fields that hold an access token and the radio buttons.) Because the fields have the same name, only the last value of each set is submitted to the server, with exception of the radio button which just submits the selected value.

To fix this, you need to give all of the fields in your form an unique name. I've done so here by adding a $key (alternatively you can use the fb_id, if that's unique).

When the form is submitted, only one value should exist in the POST array for $_POST['key'], this is the key of the selected radio button. You can then use this key to find the id, name and access token that go with it:

<form method="POST" action="add_to_db.php">
    <?php 
    foreach ($response->getGraphEdge() as $key => $graphNode) :
    echo
    "<div class='form-check mb-3'>" .
        "<input type='radio' name='key' class='form-check-input mt-3' value='".$key."'>" .
       "<img class='mx-2' src='" . $graphNode['picture']['url'] . "'>" . 
       "<label class='form-check-label'>" . $graphNode['name'] . '</label>' . 
       "<input type='hidden' name='fb_name[".$key."]' value='" . $graphNode['name'] . "'>" .
       "<input type='hidden' name='fb_id[".$key."]' value='" . $graphNode['id'] . "'>" .
       "<input type='hidden' name='fb_access_token[".$key."]' value='" . $graphNode['access_token'] . "'>" .
    "</div>";
    endforeach; ?>
</form>

and

if(isset($_POST['submit'])) {
  $query = new db;
  $b = $query->Query('SELECT * FROM user WHERE user_ID = 1');

  $key             = $_POST['key'];
  $fb_id           = $_POST['fb_id'][$key];
  $fb_name         = $_POST['fb_name'][$key];
  $fb_access_token = $_POST['fb_access_token'][$key];

    $update = $query->Query("UPDATE user 
                             SET user_fb_page_id = '$fb_id',
                                 user_fb_page_name = '$fb_name', 
                                 user_fb_page_access_token = '$fb_access_token' 
                             WHERE user_ID = 1 ");

    if(!$update) {
      echo '<div class="alert alert-success" role="alert">Updated Successful!</div>';
    } else {
      echo '<div class="alert alert-danger" role="alert">Oh no! Something went wrong ☹️</div>';
    }

}

(I've removed the "label for" because it wasn't working. To get it to work you can add id='$key' to the radio input, and label for='$key' to the label.)

Perfect! Thank you so much – Nazar Abubaker Jul 27 '18 at 19:24 — Nazar Abubaker, Jul 27 '18 at 19:24

Last ID is added to DB

1 Answers1