0

I'm very new to PHP and am trying to create a laptop signing in and out system. I want to be able to update the status of the laptop from 0 to 1 and vice versa depending on if that laptop is on loan or not. I've not written an UPDATE query before and cannot seem to get the value to update when the form is submitted. I'm also trying to use PDO and again am not sure if I'm using this correctly. I also seem to just be targeting the last item in the array rather than the corresponding laptop that I'm pressing the submit on.

I've tried to piece together different things from different answers and forums that I've read but have no idea if I'm going in the right direction. I know I'm connected to the database and am able to pull information from it but have not been able to get it to update. I know the form posts because I get the echo $laptop_name but like I said previously this is the last row rather than the button I'm pressing on. 

<?php

if(isset($_POST['borrow'])) {

    //  echo '<script language="javascript">';
    //      echo 'alert("hi")';
    //  echo '</script>';

    $STH = $DBH->prepare("SELECT * FROM laptops");
    $STH->execute(array());

    // WHILE LOOP TO LOOK THROUGH THE DIFFERENT ROWS
    while ($row = $STH->fetch()) {
        $laptop_name = htmlspecialchars($row->laptop_name);
        $laptop_id = htmlspecialchars($row->laptop_id);
        $status = htmlspecialchars($row->status);
    }

    $STH = $DBH->prepare("UPDATE laptops SET status = 0 
                          WHERE laptop_name = ? LIMIT 1");
    $STH->execute(array($laptop_name));

    echo $laptop_name;

}

$STH = $DBH->prepare("SELECT * FROM laptops");
$STH->execute(array());

// WHILE LOOP TO LOOK THROUGH THE DIFFERENT ROWS
while ($row = $STH->fetch()) {
    $laptop_name = htmlspecialchars($row->laptop_name);
    $laptop_id = htmlspecialchars($row->laptop_id);
    $status = htmlspecialchars($row->status);

?>

<form class="" action="" method="post">
    <div class=""><?php echo $laptop_name; ?></div>
    <div>

    <?php
    if($status == 1) {
        echo "Available";
    ?>

        <input type="submit" name="borrow" value="Borrow Laptop">

    <?php
    } else {
        echo "Not Available";
    }
    ?>

    </div>
</form>

<?php 
} 
?>

I've gotten rid of the error and variable as this is now marked as a duplicate and I don't know if it's based on that - I've spent a fair while looking through similar questions and have tried to take information from these but like I said I'm very new and would really appreciate some help please.

imakillabarbie
  • 59
  • 5
  • 3
    You should not mix GET/POST variables. Try getting laptop_name out of `$_POST` instead. – aynber Jul 18 '19 at 12:38
  • 1
    Don't use `htmlspecialchars()` on data goin into the DB, just on data that you are about to display on the website.¨ – Qirel Jul 18 '19 at 12:44
  • You are checking for a $_GET var, but the laptop name is $_POST. Also, use `isset()` to ensure the field is actually there before assigning it. – delboy1978uk Jul 18 '19 at 12:45
  • Thank you, I've gotten rid of that bit as it seems to just be making my question be marked as a duplicate and not actually address my main issue of not being able to update the database and identify the laptop. – imakillabarbie Jul 18 '19 at 12:50
  • htmlspecialchars() - So should I just be using this here on the laptop variable??
    – imakillabarbie Jul 18 '19 at 12:52
  • If you want to update all of the laptops in your loop, then you need to put the database queries inside the loop. Otherwise, you're just going to be updating the last laptop fetched. Now, if you want to update one particular laptop, then you still need to get the laptop_name from the form. You can verify which is being updated with `echo "I'm updating $laptop_name";` right before your update query. – aynber Jul 18 '19 at 12:53
  • Of course, you're also not passing in the laptop_name through your form. You're only echoing it, so without an input, you'll never know which one you're attempting to borrow. – aynber Jul 18 '19 at 12:54
  • Ah ok that makes sense - how do I pass it through my form without it being able to be edited? I just want to update the one laptop that I've clicked the button on. Sorry for the stupid questions and thank you for the help. – imakillabarbie Jul 18 '19 at 12:59
  • You can use a hidden input for the form. There is always some risk of a user editing a form before submitting, but the majority of users won't do that. All you can do is validate your input and make sure your query is safe against SQL injections, which you are doing. – aynber Jul 18 '19 at 13:01
  • Is this right? – imakillabarbie Jul 18 '19 at 13:06
  • No, it would be `` – aynber Jul 18 '19 at 13:09

0 Answers0