0

At the moment I have a page that loads all the data into text areas for easy editing of an entire profile.

I'd like to make it so that when the submit button is pressed, it will update the 'clients' database and the appropriate columns.

At the moment it pulls the data by grabbing the id using the post method.

    <head>
      <link rel="stylesheet" href="table.css">
      <link rel="stylesheet" href="menus.css">
    <script>
    </head>
    <table class="topheader" border="0" cellspacing="0" cellpadding="0">
    <tr><td ><img src="images/header.png" width="400" height="150" alt=""/></td></tr></table>
    <?php include("includes/menu.php"); ?>
    
    <br>
    <h2 align="center" font-family="sans-serif">EDIT CLIENT PROFILE</h2><br>
    <?php
    
    include("includes/dbconnect.php");
    $userid = $_GET['id'];
    
    $sql = "SELECT * FROM clients WHERE id = ". $userid;
    $result = $conn->query($sql);
    
    while($data = mysqli_fetch_array($result)){
    
    echo "<h2 align='center'><i>" . $data["company"] . "</h2></i><br>";
    
    echo "<center><table width='600' border='0' cellspacing='0' cellpadding='0' bgcolor='#E1DBD0'>
      <tbody >
        <tr>
          <td><br><center><form name='updater'>Company Name: <input type='text' name='company' align='center' value='". $data["company"] ."' /></center></td>
        </tr>
        <tr>
          <td><br><center>Address 1: <input type='text' name='streetaddress' align='center' value='". $data["streetaddress"] ."' /></center></td>
        </tr>
        <tr>
          <td><br><center>Address 2: <input type='text' name='streetaddress2' align='center' value='". $data["streetaddress2"] ."' /></center></td>
        </tr>
        <tr>
          <td><br><center>Suburb: <input type='text' name='sasuburb' align='center' value='". $data["sasuburb"] ."' /></center></td>
        </tr>
        <tr>
          <td><br><center>Postcode: <input type='text' name='sapostcode' align='center' value='". $data["sapostcode"] ."' /></center></td>
        </tr>
        <tr>
          <td><br><center>Company Office Number: (08) <input type='text' name='companyoffnumber' align='center' value='". $data["companyoffnumber"] ."' /></center></td>
        </tr>
        <tr>
          <td><br><center>Email: <input type='text' name='companyemail' align='center' value='". $data["companyemail"] ."' /></center></td>
        </tr>
        <tr>
          <td><br><center>Opening Hours: <input type='text' name='openinghours' align='center' value='". $data["openinghours"] ."' /></center></td>
        </tr>
        <tr>
          <td><br><center>Closing Hours: <input type='text' name='closinghours' align='center' value='". $data["closinghours"] ."' /></center></td>
        </tr>
            <tr>
          <td><br><center>Open Days: <input type='text' name='opendays' align='center' value='". $data["opendays"] ."' /></center></td>
        </tr>
            <tr>
          <td><br><center>LinkedIn: <input type='text' name='companylinkedin' align='center' value='". $data["companylinkedin"] ."' /></center></td>
        </tr>
            <tr>
          <td><br><center>Coments: <input type='textarea' name='opencomments' align='center' value='". $data["opencomments"] ."' /></center></td>
        </tr>
                <tr>
          <td><br><center><input type='hidden' name='id' value='$userid'/><input type='submit'></form></center></td>
        </tr>
      </tbody>
    </table>
    </center>";
    
    }
    $conn->close();
    ?>
Dharman
  • 30,962
  • 25
  • 85
  • 135
devolution
  • 9
  • 3
  • Anything you can share that you've tried so far? – AnTrakS Mar 01 '21 at 07:02
  • I've tried to post/get using the form function to little success mainly due to the spaces in the street address. – devolution Mar 01 '21 at 07:03
  • Use https://www.php.net/manual/en/mysqli.real-escape-string.php to do correct insert. $streetaddress = mysqli_real_escape_string($link, $_POST['streetaddress']); $sql = "UPDATE client SET streetaddress=" . $_POST['streetaddress'] . " WHERE id=" . $_POST['id'] . ""; – Monnomcjo Mar 01 '21 at 07:12
  • 3
    @Monnomcjo That would be an incorrect insert. See about sql injection – Strawberry Mar 01 '21 at 10:24
  • And don't forget to read https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string – Monnomcjo Mar 01 '21 at 10:35
  • Side note: `
    ` is obsolete in HTML. Don't write new code using obsolete tags. Use CSS instead for positioning. Elsewhere you also seem to be using tables to control the layout (e.g. the table around your header image). That's an obsolete technique from the 1990s. It's also unsemantic, since tables are meant to display tabular data. And it's incredibly verbose, making your code hard to read, and hard to make changes to layout later. Learn about using HTML5 and CSS with divs, and about Responsive Design to allow your sites to work better across multiple devices and screen sizes.
     – ADyson Mar 01 '21 at 10:39
  • 1
    `I've tried to`...please show your code. more than likely though (from your brief description) your problem is not parameterising your queries properly. – ADyson Mar 01 '21 at 10:43

0 Answers0