0

I have a PHP/HTML form, which should be able to allow the user to change the status of an item to either Active or Inactive. When I submit the form, my success message appears, but the query does not execute. The file name is editStatus.php

I've tried changing around some syntax in the MySQL query, but to no avail.

<html>
<head>
<meta charset="utf-8">
<title>Edit Status | Apparel</title>
<link href="inventoryManagerStyles.css" rel="stylesheet">
</head>
<body>
<h1>Edit Status | Apparel</h1>
<table>
    <tr>
        <td class="applyFont">
            <form action="editStatus.php" method="POST">
            STATUS: <input type="text" name="isActive" 
placeholder="Active/Inactive" required><br>
        </td>
    </tr>
    <tr>
        <td>
            <input type="submit" name="update" 
value="Update Status" class="submitBtn">
            </form>
            <a href='viewApparel.php'><button 
class='button'>Back</button></a>
        </td>
    </tr>
</table>
</body>

<?php

if(isset($_POST['update'])) {
    //Connect to DB
    $hostname = "hostname";
    $username = "username";
    $password = "password";
    $dbName = "dbName";

            $con = mysqli_connect($hostname, $username, $password, 
            $dbName);

    //Get Value From User
    $isActive = $_POST['isActive'];
    $ID = $_POST['ID'];

            //Query to Update Data
    $query = "UPDATE `Apparel` SET `isActive`='".$isActive."' 
            WHERE ID='$ID'";
    $result = mysqli_query($con, $query);

    //Check if Query Was Successful
    if($result) {
                echo "Status updated to $isActive";
    } else {;
        echo "Error updating the status of the item.";
    }   
    //Disconnect From DB
    mysqli_close($con);
}
?>

</html>

I'd love to get some insight on how I can get this query to actually change the status of the item to Active/Inactive.

Matthew
  • 27
  • 1
  • 8
  • 1
    You don't know what's wrong because you don't check for errors in your code. Never assume the code is always going to work flawlessly. Use [`mysqli_error()`](http://php.net/manual/en/mysqli.error.php) to get a detailed error message from the database. – John Conde Apr 02 '19 at 16:55
  • 1
    Please read about **[SQL injection](https://en.wikipedia.org/wiki/SQL_injection)**. Instead of building queries with string concatenation, use **[prepared statements](https://secure.php.net/manual/en/pdo.prepare.php)** with **[bound parameters](https://secure.php.net/manual/en/pdostatement.bindparam.php)**. See **[this page](https://phptherightway.com/#databases)** and **[this post](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php)** for some good examples. – John Conde Apr 02 '19 at 16:55
  • John, the issue is that I am not getting the error message I have set up. I have added the mysqli_error, but I will still get my "success" message. I appreciate the info about SQL injections. – Matthew Apr 02 '19 at 16:57

0 Answers0