Update Query not working with bootstrap modal

Question

I have a bootstrap modal form that opens up when you click on the edit button. Unfortunately, the update query does not execute. Kindly help me see where I am going wrong. Thank you.

The button code is <td><button type="button" class="btn btn-success editbtn">Edit House</button></td>

The modal form gets the data passed because I see it when I inspect the console.

<div class="modal fade" id="editmodal" tabindex="-1" role="dialog" aria-labelledby="myModalLabel" aria-hidden="true">
  <div class="modal-dialog">
    <div class="modal-content">
    <div class="modal-header">
        <h5 class="modal-title" id="exampleModalLabel">Edit</h5>
          <button type="button" class="close" data-dismiss="modal" aria-label="Close">
           <span aria-hidden="true">&times;</span>
          </button>
</div>
<div class="modal-body">
  <form class="form-sample" form action="updatehouse.php" method="POST">
          <div class="content-wrapper">
          <div class="row">
            <div class="col-12 grid-margin">
              <div class="card">
                <div class="card-body">
                  <h4 class="card-title">Update Property</h4>
                    <div class="form-group">
                      <label for="house">House Name</label>
                      <input type="hidden" name="house_id" id="house_id"/>
                      <input type="text" class="form-control" id="house_name" name="house_name" />
                    </div>
                    <div class="form-group">
                      <label for="landlord">Landlord</label>
                      <input type="text" class="form-control" id="house_landlord" name="house_landlord" />
                    </div>
                    <div class="form-group">
                      <label for="location">Location</label>
                      <input type="text" class="form-control" id="house_location" name="house_location" />
                    </div>
                    <div class="form-group">
                      <label for="commission">Commission</label>
                      <input type="text" class="form-control" id="house_commission" name="house_commission" />
                    </div>
                    <div class="form-group">
                      <label for="serviceCharge">Service Charge</label>
                      <input type="text" class="form-control" id="house_service_charge" name="house_service_charge" />
                      <input type="hidden" name="house_siku_added" id="house_siku_added"/>
                    </div>
                </div>
            </div>
          </div>
        </div>
      </div>
          <div class="modal-footer">
            <button type="button" class="btn btn-secondary" data-dismiss="modal">Close</button>
            <button type="submit" class="btn btn-primary" name="submit" id="submit">Save changes</button>
          </div>
          </form>
        </div>
      </div>
    </div>
  </div>

To trigger the button to open the modal, I call the script

<script>
  $(document).ready(function() {
    $('.editbtn').on('click', function(){
      $('#editmodal').modal('show');
      $tr = $(this).closest('tr');
    var data = $tr.children("td").map(function(){
      return $(this).text();
    }).get();
    console.log(data);
    $('#house_id').val(data[0]);
    $('#house_name').val(data[1]);
    $('#house_landlord').val(data[2]);
    $('#house_location').val(data[3]);
    $('#house_commission').val(data[4]);
    $('#house_service_charge').val(data[5]);
    $('#house_siku_added').val(data[6]);
    });
  });   
</script>

The updatehouse.php

include('config/db_connect.php');
    if(isset($_POST["submit"]))
    {   
                $house_id = $_POST['$house_id'];
                $house_name = $_POST['$house_name'];
                $house_landlord = $_POST['$house_landlord'];
                $house_location = $_POST['$house_location'];
                $house_commission = $_POST['$house_commission'];
                $house_service_charge = $_POST['$house_service_charge'];
                $house_siku_added = $_POST['$house_siku_added'];
    
    $sql = "UPDATE houses SET house_name = '$house_name', house_landlord = '$house_landlord', house_location = '$house_location', house_commission = '$house_commission', house_service_charge = '$house_service_charge', house_siku_added = '$house_siku_added' WHERE house_id = '{$house_id}'";  
        $sqlQuery = mysqli_query($connection, $sql);
                    
                    if($sqlQuery){
                     echo '<script> alert("Record was updated successfully."); </script>';
                     header("Location:listhouses.php");
                        }
                    else
                        {
                        echo '<script> alert("Data not updated"); </script>';
                        }
    }       
?>

**Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) — Dharman, Oct 14 '21 at 20:25
@Dharman I had them initially, `$house_name = mysqli_real_escape_string($connection,$_POST['$house_name']);` stripped it down to the bear minimum to see what was the issue with the update. Thanks. — pmuyoti, Oct 14 '21 at 21:36
Please do not use escaping. Learn to use parameterized queries. — Dharman, Oct 14 '21 at 21:37

score -1 · Answer 1 · edited Oct 18 '21 at 09:50

-1

In case someone else ever faces the same problem. This is how I was able to get the results:

$sql = "UPDATE houses SET house_name = '$house_name', house_landlord = '$house_landlord', house_location = '$house_location', house_commission = '$house_commission', house_service_charge = '$house_service_charge', house_siku_added = '$house_siku_added' WHERE house_id = '$house_id' LIMIT 1";

I will learn the prepared statements. We all must start somewhere. Thank you.

edited Oct 18 '21 at 09:50

RiveN

2,595
11
13
26

answered Oct 17 '21 at 16:17

pmuyoti

17
2

Such code should never be used anywhere, as it is pretty insecure. Also, you should highlight what you've changed such that others can learn from your answer – Nico Haase Oct 18 '21 at 07:21
@NicoHaase I am learning PHP and I indicated I will look into the prepared statements. In the meantime, I found that `Limit 1` is what I needed to update the database. Thank you. – pmuyoti Oct 19 '21 at 07:39
Are there multiple houses with the same `house_id`? – Nico Haase Oct 19 '21 at 07:40

Update Query not working with bootstrap modal

1 Answers1