-1

I want to update one database entry from my website with php script. In the input fields the id are set correctly but if I am pressing the submit button the entry doesn´t update.

<form action="includes/datenupdate.php" method="POST">
    <input id="editinputartikelnummer" type="text" name="artikelnummer" placeholder="Artikelnummer" required>
    <br>
    <input id="editinputartikelname" type="text" name="artikelname" placeholder="Artikelname" required>
    <br>
    <input id="editinputartikelpreis" type="text" name="artikelpreis" placeholder="Artikelpreis" required>
    <br>
    <input id="editinputid" type="text" name="artikelid" required>
    <button type="submit" name="submit">Ändern</button> 
</form>

datenupdate.php

<?php
    include_once 'dbh.inc.php';

    $artid = $_POST['artikelid'];
    $artnum = $_POST['artikelnummer'];
    $artname = $_POST['artikelname'];
    $artpreis = $_POST['artikelpreis'];


    $sql = "UPDATE artikel SET artikelnummer = $artnum, name= $artname, preis = $artpreis WHERE id = $artid;";

    mysqli_query($conn, $sql);

    header("Location: ../index.php?daten=success#artikel");
Scherix
  • 13
  • 1

1 Answers1

0

You should use prepared statement and binding param in this way you avoid sqlijection and manage data type passing value properly

assuming artikelnummer and id are integer, name is a string and presi is double 

include_once 'dbh.inc.php';

$artid = $_POST['artikelid'];
$artnum = $_POST['artikelnummer'];
$artname = $_POST['artikelname'];
$artpreis = $_POST['artikelpreis'];


$sql = "UPDATE artikel SET artikelnummer = $artnum, name= $artname, preis = $artpreis WHERE id = $artid;";
$stmt = $this->mysqli->prepare( $sql);

$stmt->bind_param('isdi', $artnum, $artname, $artpreis, $artid);
$status = $stmt->execute();
ScaisEdge
  • 131,976
  • 10
  • 91
  • 107