-1

I’m new at php and I got some problem that I don’t know how to fix, I made A HTML form that should change the name of a database 

<div class="form-group">
    <form action="name.php" method="post">
        <input type="text" class="form-control" name="name">
        <input type="submit" value="Submit" name="submit">
    </form>
</div>

HTML form is also connected to PHP edit script 

<?php

$servername = "localhost";
$username = "root";
$password = "root";
$dbname = "tbl_product";

try {
    $conn = new PDO("mysql:host=$servername;dbname=$dbname", $username, $password);
    // set the PDO error mode to exception
    $conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    $sql ="UPDATE tbl_product SET name='$name' WHERE id = ID LIMIT 1";

    // Prepare statement
    $stmt = $conn->prepare($sql);

    // execute the query
    $stmt->execute();

    // echo a message to say the UPDATE succeeded
    echo $stmt->rowCount() . " records UPDATED successfully";
    header("Refresh:0; url=products.php");
    }
catch(PDOException $e)
    {
    echo $sql . "<br>" . $e->getMessage();
    }

$conn = null;
?>

The script that I run won’t change the database name and if it changes it changes all database names. For now, looks like the script runs fine but nothing happened. I need to limit the changing data from database so one change does not change all.

executable
  • 3,365
  • 6
  • 24
  • 52
Deda Mraz
  • 13
  • 6

2 Answers2

0

You have to set id in where clause, then it will update only one row matched with the id, You do not need to set LIMIT 1.

$sql ="UPDATE tbl_product SET name='$name' WHERE id = $id";

You can get id from hidden input in the form.

<div class="form-group">
    <form action="name.php" method="post">
        <input type="hidden" class="form-control" name="id" value="<?php echo $id; ?>">
        <input type="text" class="form-control" name="name">
        <input type="submit" value="Submit" name="submit">
    </form>
</div>
joy
  • 164
  • 1
  • 7
0

Your SQL query seems to be faulty. According to a quick test I ran on a local MySQL instance the condition WHERE id = ID seems to be always true (it is probably evaluated kind of like 1=1 would be. Therefore your query is the same as UPDATE tbl_product SET name='$name' LIMIT 1 and because of that it is updating all records without the LIMIT.

Also you are not properly utilizing prepared statements (which is not part of the problem, but you should do it the right way anyway).

$id = 1; // assign the id of the record you want to change
$name = "the new name";
$sql ="UPDATE tbl_product SET name = :name WHERE id = :id";

// Prepare statement
$stmt = $conn->prepare($sql);

// execute the query and bind values to placeholders in the query
$stmt->execute([
    ':name' => $name,
    ':id' => $id
]);

That way no SQL injection is possible and you properly use the id in your query and can remove the LIMIT part.

Edit 1 (Redirecting):

Redirecting and sending headers is a whole different topic. Basically you would do it like this (see also this for more details):

header('Location: products.php');
exit;

Also you can not use echo before header. It will throw an error. See here for more info.

Edit 2 (Changing random records):

Changing random records seems to be a strange application, but it would probably work by using this query instead:

UPDATE tbl_product SET name = :name ORDER BY RAND() LIMIT 1

You also need to remove the :id part from the $stmt->execute call, since you don't have an :id parameter in your query anymore.

Tobias Xy
  • 2,039
  • 18
  • 19
  • I need to choose what I wane change so I can’t only change one whit id 1 there will be much more. For now it only change one and i got this massage from MAMP UPDATE tbl_product SET name = :name WHERE id = :id SQLSTATE[HY093]: Invalid parameter number: no parameters were bound – Deda Mraz Dec 20 '18 at 10:56
  • Did you add the parameters in the `$stmt->execute` part (last lines of my example)? Then the error should not happen. Obviously you can assign different values to $id and change other records as well. This example just shows how to do it for the record with id = 1. – Tobias Xy Dec 20 '18 at 10:58
  • I change it from HTML form and when i put your code in it change it in "the new name" but it doesn’t return me to products.php – Deda Mraz Dec 20 '18 at 10:59
  • Yes i add the parameters – Deda Mraz Dec 20 '18 at 11:01
  • Me bad you are right it works now, I forgot to put the coma.  – Deda Mraz Dec 20 '18 at 11:06
  • To assign the id of the record i want to change, i need to pick up random records from me data and change it, whats the best way to do this? – Deda Mraz Dec 20 '18 at 11:10
  • I added a part for how to redirect to "products.php" in my answer. – Tobias Xy Dec 20 '18 at 11:10
  • Thanks it works, but can you tell me more about me previous question. To assign the id of the record i want to change, i need to pick up random records from me data and change it, whats the best way to do this? – Deda Mraz Dec 20 '18 at 11:15
  • Changing random records seems like an odd application, but I added it to my answer. If you have more questions consider creating a new question, so this one does not get too bloated. And if you think my answer solved your problem please accept it! :-) – Tobias Xy Dec 20 '18 at 11:22
  • Edit 2 (Changing random records): wont work i run it 4 times – Deda Mraz Dec 20 '18 at 11:31
  • Yes, but what does "does not work" mean? Do you get an error? Also the value of $name has to be different of course, otherwise the change would just do nothing. – Tobias Xy Dec 20 '18 at 11:33
  • Il do a new question this is to much bloated. Danke – Deda Mraz Dec 20 '18 at 11:38