0

I`m trying to get modal form that can update values to the database.

The modal gets values from database but couldnt update. After clicked save button in modal, modal is closed but value doesnt updated.

I was looking solutions wrote in PHP but all the time i saw combine ajax. It is possibility to write modal update form in php?

index.php file:

    <div class="col-md-6">
    <h2>Added products</h2>
    <p>List added products to the base today:</p>
    <table class="table table-striped">
      <thead>
        <tr>
          <th>Name</th>
          <th>Model</th>
          <th>Date</th>
          <th>Actions</th>
        </tr>
      </thead>
      <tbody>
      <?php
        $query = "SELECT * FROM products";
        $resultProducts = mysqli_query($conn, $query);
        while($row = mysqli_fetch_array($resultProducts)){ ?>
        <tr>
          <td><?php echo $row['name']; ?></td>
          <td><?php echo $row['model']; ?></td>
          <td><?php echo $row['date']; ?></td>
          <td>
            <!-- Button to Open the Modal -->
            <a href="update.php?id=<?php echo $row['id']; ?>" class="btn btn-success" data-bs-toggle="modal" data-bs-target="#myModal<?php echo $row['id']; ?>">Edit</a>
            <a href="delete.php?id=<?php echo $row['id']; ?>" class="btn btn-danger">Delete</a>
            <!-- The Modal -->
                  <div class="modal" id="myModal<?php echo $row['id']; ?>">
                    <div class="modal-dialog modal-lg">
                      <div class="modal-content">

                        <!-- Modal Header -->
                        <div class="modal-header">
                          <h4 class="modal-title">Adding</h4>
                          <button type="button" class="btn-close" data-bs-dismiss="modal"></button>
                        </div>

                        <!-- Modal body -->
                        <div class="modal-body">
                          <form action="update.php" method="POST">
                          <div class="form-group">
                            <input type="text" class="form-control" placeholder="Name" name="name" value="<?php echo $row['name']; ?>"> </br>
                            <input type="text" class="form-control" placeholder="Model" name="model" value="<?php echo $row['model']; ?>"> </br>
                            <input type="text" class="form-control" placeholder="Date" value="<?php echo $row['date']; ?>">
                            </br>
                              <label for="comment">Description:</label>
                                <textarea class="form-control" rows="5" name="description" value="<?php echo $row['description']; ?>"></textarea>
                        </div>

                        </br>
                        <div id="contentUpload">
                        <form method="POST" action="" enctype="multipart/form-data">
                        <input type="file" name="uploadfile" value=""/>
                        <button type="submit" name="upload">UPLOAD PHOTO</button>
                        </form>
                        </div>
                        <!-- Modal footer -->
                        <div class="modal-footer">
                          <button type="submit" class="btn btn-success" data-bs-dismiss="modal" name="update">Save</button>
                          <button type="button" class="btn btn-danger" data-bs-dismiss="modal">Close</button>
                        </div>
                      </form>
                      </div>
                    </div>
                  </div>
            </td>
            </tr>
  </div>
  <?php }?>
  </tbody>
  </table>
  </div>

update.php file

<?php

include ("connection.php");

if (isset($_GET['id'])) {
  $id = $_GET['id'];
  $query = "SELECT * FROM products WHERE id = $id";
  $result = mysqli_query($conn, $query);
  if (mysqli_num_rows($result) == 1) {
    //die (mysqli_error($conn));
    $row = mysqli_fetch_array($result);
    $name = $row['name'];
    $model = $row['model'];
    $description = $row['description'];
    $photo = $row['photo'];
    }
  }
  //echo "Delete";

  if (isset($_POST['update'])) {
    $id = $_GET['id'];
    $name = $_POST['name'];
    $model = $_POST['model'];
    $description = $_POST['description'];

    $query = "UPDATE products SET name = '$name', model = '$model', description ='$description' WHERE id = $id";
    mysqli_query($conn, $query);
    $_SESSION['message'] = 'Product updated';
    $_SESSION['message_type'] = 'success';
    header("Location: index.php");
    }
?>
Vizzini
  • 37
  • 5
  • You use a `
    ` to post fields, and you get those fields correctly, apart from the most important one: `$id = $_GET['id'];`. This should also be a `$_POST[];`.
     – KIKO Software Feb 07 '22 at 22:30
  • Firstly thank you for answer. You mean that $_GET['id']; in update should be $_POST['id'];? I changed that but doesnt work. – Vizzini Feb 07 '22 at 22:38
  • 2
    Your code is vulnerable to SQL injection. You should switch to prepared statements and parameterized queries. – GrumpyCrouton Feb 07 '22 at 22:40
  • @GrumpyCrouton Thank you for answer. I know it but there`s problem with update values. – Vizzini Feb 07 '22 at 22:46
  • Yes, it should be `$_POST['id'];`. There can be other errors that I haven't spotted. – KIKO Software Feb 07 '22 at 22:50
  • For instance, you have a form, for file uploads, inside the normal form. That's not right, [do not nest forms](https://stackoverflow.com/questions/379610/can-you-nest-html-forms). – KIKO Software Feb 07 '22 at 22:51
  • Deleted form for file uploads but still nothing. – Vizzini Feb 07 '22 at 22:56
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/5741187) – Dharman Feb 08 '22 at 12:48

0 Answers0