Trying to UPDATE sql table from html form

Question

I'm grossly underqualified to be trying what I'm trying but I seem to have things going my way until now. I have an issue with my function which seems like it isn't being called when the form submit button is clicked. Apologies if this is formatted poorly. Please see my code below, Thanks

Functions.php

// UP DATE INFO
function settingsUpdate()
{
    // call these variables with the global keyword to make them available in function
    global $db;

    // receive all input values from the form. Call the e() function
    // defined below to escape form values
    $usernameU = e($_POST['name']);
    $numberU = e($_POST['number']);
    $id = (isset($_SESSION['user']['id']));
    $error = '0';

    if($error == 0){
        $query = "UPDATE users SET 'username' 'number' WHERE id==$id
                      VALUES('$usernameU', '$numberU')";
        mysqli_query($db, $query);
        echo '<div class="alert alert-primary" role="alert">User Settings Updated Successfully.</div>';
    } else {
            ?><div class="alert alert-danger" role="alert">
                <p class="text-center"><strong>Oh snap!</strong> Something went wrong, contact us if you think that's wrong.</p>
            </div>,<?php
    }
}

Settings.php

<!--begin::Form-->
                                <form id="settings" class="form" method="post">
                                    <!--begin::Card body-->
                                    <div class="card-body border-top p-9">
                                        <!--begin::Input group-->
                                        <div class="row mb-6">
                                            <!--begin::Label-->
                                            <label class="col-lg-4 col-form-label required fw-bold fs-6">Full Name</label>
                                            <!--end::Label-->
                                            <!--begin::Col-->
                                            <div class="col-lg-8">
                                                <!--begin::Row-->
                                                <div class="row">
                                                    <!--begin::Col-->
                                                    <div class="col-lg-6 fv-row">
                                                        <input type="text" name="username" class="form-control form-control-lg form-control-solid mb-3 mb-lg-0" placeholder="Full Name" value="<?php echo $username; ?>" />
                                                    </div>
                                                    <!--end::Col-->
                                                </div>
                                                <!--end::Row-->
                                            </div>
                                            <!--end::Col-->
                                        </div>
                                        <!--end::Input group-->
                                        <!--begin::Input group-->
                                        <div class="row mb-6">
                                            <!--begin::Label-->
                                            <label class="col-lg-4 col-form-label fw-bold fs-6">
                                                <span class="required">Contact Number</span>
                                                <i class="fas fa-exclamation-circle ms-1 fs-7" data-bs-toggle="tooltip" title="Phone number must be active"></i>
                                            </label>
                                            <!--end::Label-->
                                            <!--begin::Col-->
                                            <div class="col-lg-8 fv-row">
                                                <input type="number" name="number" class="form-control form-control-lg form-control-solid" placeholder="Phone number" value="<?php echo $_SESSION['user']['number']?>" />
                                            </div>
                                            <!--end::Col-->
                                        </div>
                                        <!--end::Input group-->
                                    </div>
                                    <!--end::Card body-->
                                    <!--begin::Actions-->
                                    <div class="card-footer d-flex justify-content-end py-6 px-9">
                                        <button type="submit" class="btn btn-primary" id="settingsUpdate">Save Changes</button>
                                    </div>
                                    <!--end::Actions-->
                                </form>
                                <!--end::Form-->

can you post the complete settings.php file? we can't see what settings.php does with the data submitted via the form... — Erik, Sep 04 '21 at 07:08
settings.php is just the entire page and functions.php is included so that should work fine otherwise it's like 2000 lines — Jared Alexander, Sep 04 '21 at 07:13
show us the code where you capture the post data and process it. Where is the function `settingsUpdate` being called? Also for your query consider the following: 1. it should be UPDATE `table` SET field = value WHERE condition 2. it's open to sql injection if you put variables directly inside the query, use prepared statement instead. 3. consider dependency injection instead of global variables — Erik, Sep 04 '21 at 08:21
**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Sep 04 '21 at 15:58

score 0 · Answer 1 · answered Sep 04 '21 at 13:21

add action attribute in your form element

<form id="settings" class="form" method="post" action="Functions.php">
     ......
</form>

In your Functions.php create a class and put your function into

$settingUp = new SettingUp($_POST['username'], $_POST['number']);
$settingUp->settingsUpdate();

class SettingUp
{
   protected $username;
   protected $number;
   
   function __construct($username, $number)
   {
        $this->username = $username;
        $this->number = $number;
   }
   
   function settingsUpdate()
   {

        $usernameU = $this->username;
        $numberU = $this->number;
        $id = (isset($_SESSION['user']['id']));
        //complete the rest of your code

    } 
}

You can also include your Functions.php in your settings.php and give the name in your submit button

<?php
     include('Functions.php');
?>
<form id="settings" class="form" method="post" action="">
      ......
      <button type="submit" class="btn btn-primary" id="settingsUpdate" name="settingsUpdate">Save Changes</button>
</form>

in your Function.php remove the function and modify the code like this

if(isset($_POST['settingsUpdate'])
{
      $username = $_POST['username'];
      $number = $_POST['number'];
      //add the rest of your code
}

Trying to UPDATE sql table from html form

1 Answers1