Update SQL Via Submit Buttons & Post Action

Question

I would like to be able to press a button on my site that then updates the status field on my Table,

But when i am placing $id = $_POST['id'] it is not finding the ID?

Where if I place $id = 2 It will update like you saw in the GIF,

<?php
include_once 'db.php';

$id = $_POST['id'];

$sql = "UPDATE form SET status='aid' WHERE id = '$id'";

if ($conn->query($sql) === TRUE) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

= Orders.paid.inc.php

  while($row = mysqli_fetch_array($sqldata))
                 {
                  echo "</thead>";
                  echo "<tbody>";
                  echo '<form action="../assets/includes/orders.paid.inc.php" method="post">';
                  echo "<tr><td>";
                  echo $row['id'];
                  echo "</td><td>";
                  echo $row['name'];
                  echo "</td><td>";
                  echo $row['email'];
                  echo "</td><td>";
                  echo $row['diet'];
                  echo "</td><td>";
                  echo $row['pers'];
                  echo "</td><td>";
                  echo $row['quan'];
                  echo "</td><td>";
                  echo $row['address'];
                  echo "</td><td>";
                  echo $row['status'];
                  echo "</td><td>";
                  echo '<button type="submit" name="submit">Test</button>';
                  echo "</td><td>";
                  echo"<button>Canceld</button>";
                  echo "</td><td>";
                  echo"<button>Sent</button>";
                  echo "</form></td><td>";
                }

= Partial from Orders.php

Welcome to Stack Overflow! [Your script is at risk for SQL Injection Attacks.](//stackoverflow.com/q/60174) — Blue, Jul 30 '18 at 12:09
Thanks Security and Protection is the last phase just need to get some code working first :) — W3L5HY, Jul 30 '18 at 12:10
Not exactly php button PHP Code and Submit buttons but you had to have 15 Words in the title — W3L5HY, Jul 30 '18 at 12:12
" Security and Protection is the last phase"... really you should write the queries safely the first time. Then you don't have to re-test everything when you later change them. What's the point of getting "working" code when you know it's not secure? You just have to verify it all over again later, which wastes time. Better to get into good habits from the start IMO. It's not a big effort to write it using parameters. — ADyson, Jul 30 '18 at 12:12
"Not exactly php button" you probably meant a HTML button. As a bonus, that uses up more characters in the title ;-) — ADyson, Jul 30 '18 at 12:13
Thanks and the code I will go over now you are right better getting into the habit now so it gets easier and quicker over time :) — W3L5HY, Jul 30 '18 at 12:14

Blue · Answer 1 · 2018-07-30T12:13:36.723

You need to include the ID as part of your form:

<form action="../assets/includes/orders.paid.inc.php" method="post">
    ....
    <input type="hidden" name="id" value="<?php echo $row['id']; ?>" />
    ...
</form>

In addition, please review your SQL. It's currently prone to SQL injection attacks. Follow best practices here: How can I prevent SQL injection in PHP?

<?php
include_once 'db.php';

$id = $_POST['id'];

$stmt = $conn->prepare('UPDATE form SET status='aid' WHERE id = ?');
$stmt->bind_param('i', $id);
if ($stmt->execute()) {
    echo "New record created successfully";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

Ah you beat me to it! I have a feeling that this should be closed as a duplicate, just can't find the post. — dylan-myers, Jul 30 '18 at 12:13

Update SQL Via Submit Buttons & Post Action

1 Answers1