1

I've been going at this for a couple of hours now (searching here and google) but nothing I find helped me to get this to work.

I'm trying to make one form and have a Insert INTO and UPDATE $table SET function in the same form, using buttons.

But whatever I try the Update doesn't copy the data from the form. INSERT INTO works. But when I try to edit the form, no data is copied.

HTML:

<form id="contact-form" method="post" action="cms_data.php" role="form">
    <div class="col-sm-12">
        <h2>id</h2>
        <input name="id" type="text" placeholder="<?php echo $id;?>" value="1">
    </div>
    <div class="col-sm-12">
        <h2>Omschrijving</h2>
        <textarea name="omschrijving" type="text" style="height:220px;width:100%;resize:none;"><?php echo $omschrijving;?></textarea>
    </div>
    <div class="col-sm-12">
        <h2>Datum</h2>
        <input name="datum" type="text" value="<?php echo $datum;?>">
    </div>
    <div class="col-sm-12">
        <h2>Tijd</h2>
        <input name="tijd" type="text" value="<?php echo $tijd;?>">
    </div>
    <div class="col-sm-12">
        <h2>Locatie</h2>
        <input name="locatie" type="text" value="<?php echo $locatie;?>">
    </div>
    <div class="col-sm-12">
        <h2>Dresscode</h2>
        <input name="dresscode" type="text" value="<?php echo $dresscode;?>">
    </div>
    <div class="col-sm-12 text-right">
        <input type="submit" class="btn btn-success btn-send" value="Versturen" id="sent" <?php // echo $_SESSION['disabled']; ?>>
        <a href="update-cms.php">Update </a>
    </div>
</form>

CMS_DATA.php

<?php session_start();?>
<?php
    $servername = "localhost";
    $username = "xxx";
    $password = "xxx";
    $dbname = "xxx";

    // Create connection
    $conn = mysqli_connect($servername, $username, $password, $dbname);
    //echo '<div style="width:100%;background:green;color:#FFF;font-size:2rem;text-align:center;">Connected to '. $dbname. '</div>';

    // Check connection
    if (!$conn) {
        die("Connection failed: " . mysqli_connect_error());
    }

$id = $_POST['id'];
$omschrijving = $_POST["omschrijving"];
$datum = $_POST["datum"];
$item = $_POST["tijd"];
$locatie = $_POST["locatie"];
$dresscode = $_POST["dresscode"];

$quote = iconv("UTF-8", "WINDOWS-1252//TRANSLIT");
$date = date('Y-m-d');
date_default_timezone_set("Europe/Amsterdam");
$time = date("h:i:sa");
$sql = "INSERT INTO $table (ID, Omschrijving, Datum, Tijd, Locatie, Dresscode )
                        VALUES ('" .$id."','" .$omschrijving."','".$datum."',' ".$item."','".$locatie."','".$dresscode."')";

if ($conn->query($sql) === TRUE) {
    echo "";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

UPDATE-CMS.php

<?php session_start();?>
<?php
    $servername = "localhost";
    $username = "xxx";
    $password = "xxx";
    $dbname = "xxx";

    // Create connection
    $conn = mysqli_connect($servername, $username, $password, $dbname);
    //echo '<div style="width:100%;background:green;color:#FFF;font-size:2rem;text-align:center;">Connected to '. $dbname. '</div>';

    // Check connection
    if (!$conn) {
        die("Connection failed: " . mysqli_connect_error());
    }

$id = $_POST['id'];
$omschrijving = $_POST["omschrijving"];
$datum = $_POST["datum"];
$item = $_POST["tijd"];
$locatie = $_POST["locatie"];
$dresscode = $_POST["dresscode"];

$quote = iconv("UTF-8", "WINDOWS-1252//TRANSLIT");
$date = date('Y-m-d');
date_default_timezone_set("Europe/Amsterdam");
$time = date("h:i:sa");
$sql = "UPDATE $table SET
    Omschrijving = '$omschrijving', Datum = '$datum', Tijd = '$item', Locatie = '$locatie', Dresscode = '$dresscode' WHERE ID = '1'";

if ($conn->query($sql) === TRUE) {
    echo "Done";
} else {
    echo "Error: " . $sql . "<br>" . $conn->error;
}

$conn->close();
?>

Like I said, the INSERT INTO works fine. But no data (values) are copied when using the update. I just overrides ID 1 with empty rows... I hope someone can help me... thanks in advance.

Jay-oh
  • 426
  • 2
  • 6
  • 28
  • 1
    You want to read about [SQL Injection](http://php.net/manual/en/security.database.sql-injection.php). Your program is vulnerable. – sticky bit Aug 22 '18 at 12:55
  • Check for [mysqli errors](http://php.net/manual/en/mysqli.error.php) after your update to see if it's complaining about anything. Also, you are wide open for SQL injection. Since you're using mysqli, take advantage of [prepared statements](http://php.net/manual/en/mysqli.quickstart.prepared-statements.php) and [bind_param](http://php.net/manual/en/mysqli-stmt.bind-param.php). **This will take care of any pesky quoting issues that may occur.** – aynber Aug 22 '18 at 12:55
  • Not sure if i understood you correctly, but you could go and try mysql's ON DUPLICATE KEY UPDATE , so you wouldn't have to have 2 scripts. Of course if your primary key is consistent in your DB – Denis Solakovic Aug 22 '18 at 12:57
  • Primary key is the ID and this is always `1`. And about SQL injections this is only used internally no user is able to get to the page this is build on... – Jay-oh Aug 22 '18 at 12:58
  • Try var_dump-ing your POST in update script, to make sure you have all the variables set, if not, the error is probably in your sql statment -as @aynber suggested, use prepared statements (quoting situation could be avoided) – Denis Solakovic Aug 22 '18 at 13:00
  • `echo var_dump($_POST["omschrijving"]);` = NULL. There is no data, thats what I already suspected... – Jay-oh Aug 22 '18 at 13:03
  • try var_dump($_POST), and then in yout sql try avoiding qoutes, or try it like this `$sql = "UPDATE $table SET Omschrijving = '".$omschrijving."', Datum = '".$datum."',...` – Denis Solakovic Aug 22 '18 at 13:04
  • Can it be null? Then that would be another case to use parameter binding, since it can detect nulls and pass that in. If not, then check to make sure that `$_POST` is populated at all, make sure the input names are correct, and try putting all of your update code inside an `if(!empty($_POST))` block. – aynber Aug 22 '18 at 13:06
  • @Denis Solakovic: thanks for your time. This is var_dump($_POST) -> `array(0) { }` What about making a AJAX function or something? – Jay-oh Aug 22 '18 at 13:07
  • Your update link is just that, a link, not a button that would submit your form. – Dave Aug 22 '18 at 13:10
  • Right now, it's just a link. – Jay-oh Aug 22 '18 at 13:13
  • 1
    Listen, try this approach, put two submit buttons, and then handle them via JS, so you can post it where you want to, here's a good explanation: https://stackoverflow.com/questions/26039603/process-a-form-submit-with-multiple-submit-buttons-in-javascript later on combine it with https://stackoverflow.com/questions/5361751/how-to-use-javascript-to-change-the-form-action (you have form action explanation here) – Denis Solakovic Aug 22 '18 at 13:14
  • I thinks that might work. I've tried it before but with another question on SO. So I'll check this out. Thanks! – Jay-oh Aug 22 '18 at 13:16
  • 1
    @Denis Solakovic: Thanks for the link. It worked like a charm!! Thanks! – Jay-oh Aug 22 '18 at 13:57
  • @Jay-oh, no problem at all, I have posted an answer below, so if you think it was helpful fell free to upvote :-D – Denis Solakovic Aug 22 '18 at 13:59

3 Answers3

1

You have defined action on your form action="cms_data.php", so your button that is responsible for submitting that form works correctly, but on the other hand you've defined another button (anchor tag), that only has href (hence points to another page), so if you click on it, you won't pass any arguments with it.

My suggestion here is, as I mentioned in comment below your question, to use two buttons, both with submit property, but then handle clicking on them via JavaScript.

When you capture submitment, you can dinamically change action on your form, so your data will be passed to desired script.

Handling multiple buttons in a form: Process a Form Submit with Multiple Submit Buttons in Javascript

Manipulating form's action property: How to use JavaScript to change the form action

Another suggestion would be that you use prepared statements in your query, so you wouldn't be vulnerable to SQL injections (from the comments section, I see you'll only be using this locally, but this is a good practice).

Using Mysqli prepared statements: https://stackoverflow.com/a/24989090/5018750

Denis Solakovic
  • 245
  • 3
  • 12
0

Echo only prints value on the screen in your respective textbox and does not assign that value to your actual field.

Instead what you can do is start the session in the start of your contact form and store those fields in session variable.

When user selects UPDATE option he will get redirected to UPDATE-CMS.php page. In UPDATE-CMS.php you can retrieve your stored session variables and assign them to your actual variables. In this way you can carry forward your old as well as new values.

Tejas Gundecha
  • 29
  • 1
  • 3
0

anchor just links the page it will not pass data

you are trying to have submit and update button in one form

solution:

in html5 button has formaction attribute .formaction specifies page data to be transferred .so that different button can have different action page

<form id="contact-form" method="post" action="cms_data.php" role="form">
    <div class="col-sm-12">
        <h2>id</h2>
        <input name="id" type="text" placeholder="<?php echo $id;?>" value="1">
    </div>
    <div class="col-sm-12">
        <h2>Omschrijving</h2>
        <textarea name="omschrijving" type="text" style="height:220px;width:100%;resize:none;"><?php echo $omschrijving;?></textarea>
    </div>
    <div class="col-sm-12">
        <h2>Datum</h2>
        <input name="datum" type="text" value="<?php echo $datum;?>">
    </div>
    <div class="col-sm-12">
        <h2>Tijd</h2>
        <input name="tijd" type="text" value="<?php echo $tijd;?>">
    </div>
    <div class="col-sm-12">
        <h2>Locatie</h2>
        <input name="locatie" type="text" value="<?php echo $locatie;?>">
    </div>
    <div class="col-sm-12">
        <h2>Dresscode</h2>
        <input name="dresscode" type="text" value="<?php echo $dresscode;?>">
    </div>
    <div class="col-sm-12 text-right">
        <buttin formaction="CMS-DATA.php" type="submit" class="btn btn-success btn-send" value="Versturen" id="sent" <?php // echo $_SESSION['disabled']; ?>>
        <button formaction="UPDATE-CMS.php" >Update </button>
    </div>
</form>
jasinth premkumar
  • 1,430
  • 1
  • 12
  • 22