-1
<?php
include('config/db_connect.php');
$title = $email = $ingredients ='';
$errors = array('email'=>'', 'title'=>'', 'ingredient'=>'');
   if(isset($_POST['update'])){
     //Check email
     if(empty($_POST['email'])){
       $errors['email'] ='an email is required <br />';
     } else{
       $email = $_POST['email'];
       if(!filter_var($email, FILTER_VALIDATE_EMAIL)){
         $errors['email'] = 'Email must be a valid email address';
       }
     }
     //Check title
     if(empty($_POST['title'])){
       $errors['title'] ='a title is required <br />';
     } else{
       $title = $_POST['title'];
       if(!preg_match('/^[a-zA-Z\s]+$/', $title)){
         $errors['title'] = 'Title must be letters and spaces only';
       }
     }
     //Check ingredients
     if(empty($_POST['ingredients'])){
       $errors['ingredient'] = 'at least one ingredent is required <br />';
     } else{
       $ingredients = $_POST['ingredients'];
       if(!preg_match('/^([a-zA-Z\s]+)(,\s*[a-zA-Z\s]*)*$/', $ingredients)){
         $errors['ingredient'] = 'ingredients must be a comma separated list';
       }
     }
     if(array_filter($errors)){
       //echo 'errors in the form';
     }else{
       $id_to_update = mysqli_real_escape_string($conn, $_POST['$id_to_update']);
       $email = mysqli_real_escape_string($conn, $_POST['email']);
       $title = mysqli_real_escape_string($conn, $_POST['title']);
       $ingredients = mysqli_real_escape_string($conn, $_POST['ingredients']);

       //create SQL
       $sql = "UPDATE pizzas SET email='$email', title='$title', ingredients='$ingredients' WHERE id=$id_to_update";
       echo $sql;
       //save to db and check
       if(mysqli_query($conn, $sql)){
         //sucess
         header('Location: index.php');
       }else{
         //errors
         echo 'query error =' .mysqli_error($conn);
       }
     }
   }
   //check GET Request id param
   if(isset($_GET['id'])){
     $id = mysqli_real_escape_string($conn, $_GET['id']);

     // make sql
     $sql = "SELECT * FROM pizzas WHERE id = $id";

     //get query result
     $result = mysqli_query($conn, $sql);

     //fetch result in array format
     $pizza = mysqli_fetch_assoc($result);

     mysqli_free_result($result);
     mysqli_close($conn);

   }


?>
<!DOCTYPE html>
<html>

    <?php include('templates/header.php'); ?>
    <section class="container grey-text">
      <h4 class="center">Edit Pizza</h4>
      <form class="white" action="<?php echo $_SERVER['PHP_SELF'] ?>" method="POST">
        <label >Your Email:</label>
        <input type="text" name="email" value="<?php echo htmlspecialchars($pizza['email']); ?>">
        <div class="red-text"><?php echo $errors['email']; ?></div>
        <label >Pizza Title:</label>
        <input type="text" name="title" value="<?php echo htmlspecialchars($pizza['title']); ?>">
        <div class="red-text"><?php echo $errors['title']; ?></div>
        <label >ingredients(comma separated):</label>
        <input type="text" name="ingredients" value="<?php echo htmlspecialchars($pizza['ingredients']); ?>">
        <div class="red-text"><?php echo $errors['ingredient']; ?></div>
        <div class="center">
          <input type="submit" name="update" value="Update Pizza" class="btn brand z-depth-0">
          <a href="index.php" class="btn btn-default">Back</a>
        </div>
      </form>
    </section>

<?php include('templates/footer.php');?>

</html>

Undefined index: $id_to_update in C:\xampp\htdocs\pizza\edit.php on line 36 UPDATE pizzas SET email='ajisafejerry@gmail.com', title='fish Supreme', ingredients='fish, tomatoes, cheese, pepper' WHERE id=query error =You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '' at line 1

Dharman
  • 30,962
  • 25
  • 85
  • 135
Ajìśäfê Jëřëmiåh
  • 1
  • 1
  • Your html is –  Jan 09 '21 at 02:09
  • Does this answer your question? [How to include a PHP variable inside a MySQL statement](https://stackoverflow.com/questions/7537377/how-to-include-a-php-variable-inside-a-mysql-statement) – Dharman Jan 09 '21 at 13:49

1 Answers1

-1

You missed to post the "id" in your form you should add it.

   <input type="hidden" name="id_to_update" value="<?php echo $id ?>">

And you have a typo, remove the dollar sign, it is a name not a variable.

$id_to_update = mysqli_real_escape_string($conn, $_POST['id_to_update']);
                                                      // ^ here

And if you want, depending on your specifications, you can tweak your redirect after the update to smth. like this.

header('Location: sql.php?id='.$id_to_update);
Jakob Lämmle
  • 326
  • 1
  • 6