updating data from php to mysql creating blank data

Question

I have a webpage in php which has some form data in sql the user can update the data.

The form is like below:

<?php
$id=$_GET['id'];
$SelSql = "SELECT * FROM `registers` WHERE id=$id";
$res = mysqli_query($link, $SelSql);
$r = mysqli_fetch_assoc($res);
?>
<?php if(isset($fmsg)){ ?><div class="alert alert-danger" role="alert"> <?php echo $fmsg; ?> </div><?php } ?>

 <div class="breadcrumbs">
  <div class="breadcrumbs-inner">
    <div class="row m-0">
      <div class="col-sm-4">
        <div class="page-header float-left">
          <div class="page-title">
            <h1>Member Details</h1>
          </div>
        </div>
      </div>

    </div>
  </div>
</div>
<div class="content">
  <div class="animated fadeIn">

    <div class="row">

      <div class="col-xs-6 col-sm-6">
        <div class="card">

          <div class="card-body card-block">
            <div class="form-group">
              <label class=" form-control-label">Member ID</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-id-card-o"></i></div>
                <input class="form-control" value="<?php echo $r['id']; ?>" readonly>
              </div>
            </div>
            <form method="post">
              <div class="form-group">
                <label class=" form-control-label">First Name</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-address-card-o"></i></div>
                  <input name="fname" class="form-control" value="<?php echo $r['firstname']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Last Name</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-address-card-o"></i></div>
                  <input name="lname" class="form-control" value="<?php echo $r['lastname']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Mobile Number</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-mobile"></i></div>
                  <input name="mobile" class="form-control" value="<?php echo $r['mobilenumber']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Company</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-building"></i></div>
                  <input name="company" class="form-control" value="<?php echo $r['company']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Designation</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-clipboard"></i></div>
                  <input name="designation" class="form-control" value="<?php echo $r['designation']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Experience</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-sort-numeric-asc"></i></div>
                  <input name="experience" class="form-control" value="<?php echo $r['experience']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Address</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-map-marker"></i></div>
                  <input name="address" class="form-control" value="<?php echo $r['address']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Address Line 2</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-map-marker"></i></div>
                  <input name="addressline2" class="form-control" value="<?php echo $r['addressline2']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">City</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-building-o"></i></div>
                  <input name="city" class="form-control" value="<?php echo $r['city']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">State</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-map"></i></div>
                  <input name="state" class="form-control" value="<?php echo $r['state']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Pin</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-map-pin"></i></div>
                  <input name="pin" class="form-control" value="<?php echo $r['pin']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Country</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-globe"></i></div>
                  <input name="country" class="form-control" value="<?php echo $r['country']; ?>">
                </div>
              </div>
              <div class="form-group">
                <label class=" form-control-label">Whatsapp Number</label>
                <div class="input-group">
                  <div class="input-group-addon"><i class="fa fa-phone-square"></i></div>
                  <input name="whatsapp" class="form-control" value="<?php echo $r['Whatsapp']; ?>">
                </div>
              </div>
          </div>
        </div>
      </div>

      <div class="col-xs-6 col-sm-6">

        <div class="card">

          <div class="card-body card-block">

            <div class="form-group">
              <label class=" form-control-label">Alternate Number</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-phone"></i></div>
                <input name="alternate" class="form-control" value="<?php echo $r['alternatenumber']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Email</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-envelope"></i></div>
                <input name="email" class="form-control" value="<?php echo $r['Email']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Company Registration Number</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-registered"></i></div>
                <input name="crn" class="form-control" value="<?php echo $r['CompanyRegNumber']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Date of Incorporation</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-calendar"></i></div>
                <input name="doi" class="form-control" value="<?php echo $r['Date_Incorporation_orBusi_Stp']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">GST IN</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-sort-numeric-asc"></i></div>
                <input name="gstin" class="form-control" value="<?php echo $r['GSTIN']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Services Offered</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-question-circle"></i></div>
                <input name="services" class="form-control" value="<?php echo $r['Services_Offered']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Annual Turnover</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-money"></i></div>
                <input name="annualt" class="form-control" value="<?php echo $r['Annual_Turnover']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Fee</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-money"></i></div>
                <input name="fee" class="form-control" value="<?php echo $r['Fee']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Mode of Payment</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-credit-card"></i></div>
                <input name="mop" class="form-control" value="<?php echo $r['Mode_of_Payment']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Recommended By (A)</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-user"></i></div>
                <input name="reca" class="form-control" value="<?php echo $r['Recommended_by_A']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Recommended By (B)</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-user"></i></div>
                <input name="recb" class="form-control" value="<?php echo $r['Recommended_by_B']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Terms and Conditions</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-check"></i></div>
                <input name="tac" class="form-control" value="<?php echo $r['termsandconditions']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Declaration</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-check"></i></div>
                <input name="dec" class="form-control" value="<?php echo $r['Declaration']; ?>">
              </div>
            </div>
            <div class="form-group">
              <label class=" form-control-label">Confirmation</label>
              <div class="input-group">
                <div class="input-group-addon"><i class="fa fa-check"></i></div>
                <input name="cof" class="form-control" value="<?php echo $r['confirmation']; ?>">
              </div>
            </div>
            <input type="submit" class="btn btn-primary" value="Update">
            </form>
          </div>
        </div>
      </div>
<?php


if(isset($_POST) & !empty($_POST)){
    $fname = $_POST['fname'];
    $lname = $_POST['lname'];
    $email = $_POST['mobile'];
    $company = $_POST['company'];
    $designation = $_POST['designation'];
  $experience = $_POST['experience'];
    $address = $_POST['address'];
    $addressline2 = $_POST['addressline2'];
    $city = $_POST['city'];
    $state = $_POST['state'];
  $pin = $_POST['pin'];
    $country = $_POST['country'];
    $whatsapp = $_POST['whatsapp'];
    $alternate = $_POST['alternate'];
    $email = $_POST['email'];
  $crn = $_POST['crn'];
    $doi = $_POST['doi'];
    $gstin = $_POST['gstin'];
  $services = $_POST['services'];
    $annualt = $_POST['annualt'];
    $fee = $_POST['fee'];
    $mop = $_POST['mop'];
    $reca = $_POST['reca'];
  $recb = $_POST['recb'];
    $tac = $_POST['tac'];
    $dec = $_POST['dec'];
    $cof = $_POST['cof'];

}

$UpdateSql = "UPDATE `registers` SET firstname='$fname', lastname='$lname', mobilenumber='$email', experience='$experience',
designation='$designation', company='$company', address='$address', addressline2='$addressline2',
city='$city', state='$state', pin='$pin', country='$country',
Whatsapp='$whatsapp', alternatenumber='$alternate', Email='$email', CompanyRegNumber='$crn',
Date_Incorporation_orBusi_Stp='$doi', GSTIN='$gstin', Services_Offered='$services', Annual_Turnover='$annualt',
Declaration='$dec', Fee='$fee', confirmation='$cof', Mode_of_Payment='$mop',
Recommended_by_A='$reca', Recommended_by_B='$recb', termsandconditions='$tac' WHERE id=$id";
$res = mysqli_query($link, $UpdateSql);
if($res){
    header('location: update.php');
}else{
    $fmsg = "Failed to update data.";
}



?>

the update feature is working completely fine, when the user loads this page, the data is displayed in the form which is editable by user,now the problem is when the user updates the data, the page reloads and updates the data in database but, the page is displayed with empty values in the input fields, such that if the user clicks the update button again by mistake, the database field becomes blank. what is the problem in my code, what should i do to stop this mistake?

Your code is vulnerable to SQL injection. You need to use prepared statements. — Dharman, Jul 15 '19 at 13:08

score 1 · Answer 1 · edited Jul 15 '19 at 12:22

1

Pass id, when you are redirecting page, on success as following

if($res){
    header('location: update.php?id='.$id);
    exit;
}else{
    $fmsg = "Failed to update data.";
}

edited Jul 15 '19 at 12:22

Martin

22,212
11
70
132

answered Jul 15 '19 at 11:54

Roshni hegde

423
3
14

when i reload only the values again come – TEIA 2019 Jul 15 '19 at 11:58

h0r53 · Accepted Answer · 2019-07-15T12:35:29.263

1

The issue is fundamentally how you are passing parameters. If you are POSTing then the parameter id will not be accessible with your current code, which expects id to be a GET parameter. Try this:

$id=$_POST['id'];

Or better yet,

$id=$_REQUEST['id'];

The $_REQUEST variable is an associative array that by default contains the contents of $_GET, $_POST and $_COOKIE. Since it seems that you need the id parameter for both GET and POST methods, $_REQUEST should be used here.

UPDATE

Your mysqli_query($link, $UpdateSql) function should be wrapped in the if(isset($_POST) & !empty($_POST)) condition. It looks like it is executing on each load the way the code currently is.

if(isset($_POST) & !empty($_POST)){
    ...

    $UpdateSql = "....."


    $res = mysqli_query($link, $UpdateSql);
}

edited Jul 15 '19 at 12:35

answered Jul 15 '19 at 12:25

h0r53

3,034
2
16
25

still didnt work , its not displaying, and the main problem is, if i simply reload the page, data in database is blank, blank values added to database – TEIA 2019 Jul 15 '19 at 12:30
1

Updated answer to address that concern – h0r53 Jul 15 '19 at 12:35
No worries friend. I do want to mention that this code as-is can be vulnerable to SQL Injections. If this is something for a hobby project or school assignment you are probably fine, but in practice you should be sanitizing user input before executing statements against your database. I'm personally a fan of stored procedures and prepared statements. This post is a good read if you want to know more. https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php – h0r53 Jul 15 '19 at 12:46

updating data from php to mysql creating blank data

2 Answers2