-1

I created a section for editing. When I edit the information and click the save button, the information is not saved and the header section does not display completely.

<?php
if (isset($_POST['submit_btn']))
{
    $id = $_POST['id'];
    $fn = trim($_POST['name']);
    $ln = trim($_POST['lastname']);
    $age = trim($_POST['age']);
    $q = "UPDATE `users` SET `fn` = '$fn',
             `ln` = '$ln', 
             `age` = '$age'
            WHERE id = '$id'";
    mysqli_query($dbconnect,$q);

    if (mysqli_affected_rows($dbconnect) > 0)
        redirect("?msg=ok&id=**$id**");
    else
        redirect("?msg=error&id=**$id**");
}
else
    echo ("Not In If(isset)");
?>

<form action="" method="post">
    <label for="name">FirstName:</label>
    <input type="text" name="name" id="name" value="<?php echo $row['fn']?>">
    <br>
    <label for="lastname">LastName:</label>
    <input type="text" name="lastname" id="lastname" value="<?php echo $row['ln']?>">
    <br>
    <label for="age">Age:</label>
    <input type="text" name="age" id="age" value="<?php echo $row['age']?>">
    <br>
    <input type="submit" name="submit_btn" value="Save">
    <a href="index2.php">
        Back
    </a>
</form>
</body>

Bold sections do not work here. Below is a picture of the result:

enter image description here

In the link that I specified, after clicking on save the ID will not be displayed and all the information filled in the forms will be lost.

Sorry if the result is styleless and boring and I just created this page to practice php Thank you for being responsive

brombeer
  • 8,716
  • 5
  • 21
  • 27
Mahdi
  • 1
  • `$id = $_POST['id'];` There is no element with `name="id"` in your form – brombeer Aug 16 '21 at 11:42
  • Also, `$dbconnect` doesn't seem to be set in your code `mysqli_query($dbconnect,$q);` (unless you skipped that part) – brombeer Aug 16 '21 at 11:43
  • You're redirecting after your query, which makes it a GET request, so `$_POST['submit_btn']` is not set. That's why `"Not In If(isset)"` shows – brombeer Aug 16 '21 at 11:46
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Aug 16 '21 at 17:38

1 Answers1

0

You are mistaking a POST request with a GET request. Part, which appears in the URL is sent to the webserver in GET request.

Your form is submitting POST request to the webserver, logic in the code does the same, but you are trying to display information from url (GET).

Please check the examples in php.net:

You can take an example with GET request variable below, however, be careful with trusting the "end client" and always prepare your statements, which you send to your database to execute queries.


if (isset($_GET['submit']))
{
    $number = $_GET['number'];
    
    echo $number
        ? "Number which was submitted: $number <br>"
        : 'Number is not set';
} else {
    echo 'Form has not been yet submitted';
}
?>

<form action="" method="get">
    <input type="number" name="number" placeholder="Number">
    <input type="submit" name="submit" value="Save">
</form>
Edjjj
  • 178
  • 1
  • 6
  • Yes, you are right, but I have defined the ID in the other page as GET and I called it in the same page, but I had a problem and I even have all the information when I define it in GET. – Mahdi Aug 16 '21 at 11:51