0

I'm new to php, m trying to make a manage_product.php page which takes data from user about a 'xyz product' and showcase it on product.php page.

later u can edit its detail or delete it. however when i submit the form no changes are made in the database

ps:ignore the add image section ,i know it is not properly implemented in the given code. once i find the solution to my problem i'll work on it. any help is welcome

manage_product.php

<?php
require('top.inc.php');
$categories_id='';
$product='';
$mrp='';
$price='';
$qty='';
$image='';
$short_desc='';
$description='';
$meta_title='';
$meta_desc='';
$meta_keyword='';
$msg='';
if(isset($_GET['id'])&& $_GET['id']!=''){
    
    $id=get_safe_value($con,$_GET['id']);
    $res=mysqli_query($con,"select * from product where id='$id'");
    $check=mysqli_num_rows($res);
    if($check>0){
        $row=mysqli_fetch_assoc($res);
        $categories_id=$row['categories_id'];
        $product=$row['name'];
        $mrp=$row['mrp'];
        $price=$row['price'];
        $qty=$row['qty'];
        $short_desc=$row['short_desc'];
        $description=$row['description'];
        $meta_title=$row['meta_title'];
        $meta_desc=$row['meta_desc'];
        $meta_keyword=$row['meta_keyword'];
    }
    else{
        echo "<script>window.location.href='product.php';</script>";
        die();
    }
}
if(isset($_POST['submit']))
{   
    $categories_id=get_safe_value($con,$_POST['categories_id']);
    $product=get_safe_value($con,$_POST['product']);
    $mrp=get_safe_value($con,$_POST['mrp']);
    $price=get_safe_value($con,$_POST['price']);
    $qty=get_safe_value($con,$_POST['qty']);
    $short_desc=get_safe_value($con,$_POST['short_desc']);
    $description=get_safe_value($con,$_POST['description']);
    $meta_title=get_safe_value($con,$_POST['meta_title']);
    $meta_desc=get_safe_value($con,$_POST['meta_desc']);
    $meta_keyword=get_safe_value($con,$_POST['meta_keyword']);
    
    $res=mysqli_query($con,"select * from product where name='$product'");
    $check=mysqli_num_rows($res);
    if($check>0)
    {
        if(isset($_GET['id'])&& $_GET['id']!=''){
            $getData=mysqli_fetch_assoc($res);
            if($id==$getData['id']){
                
            }
            else{
                $msg="product already exist!";
            }
        }
        else{
            $msg="product already exist!";
        }
    }   
    if($msg==''){
        if(isset($_GET['id'])&& $_GET['id']!=''){
            mysqli_query($con,"update product set categories_id='$categories_id',name='$product',mrp='$mrp',price='$price',qty='$qty',
            short_desc='$short_desc',description='$description',meta_title='$meta_title',meta_keyword='$meta_keyword' where id='$id'"); 
        }
        else{   
            mysqli_query($con,"insert into product(categories_id,name,mrp,price,qty,short_desc,description,meta_title,
            meta_keyword,status) values ('$categories_id','$product','$mrp','$price','$qty','$short_desc','$description',
            '$meta_title','$meta_keyword',1)");
        }
    echo "<script>window.location.href='product.php';</script>";
    die();
    }
}
?>
<div class="content pb-0">
    <div class="animated fadeIn">
        <div class="row">
            <div class="col-lg-12">
                <div class="card">
                    <div class="card-header">
                    <strong>Products </strong><small>form</small>
                        <form method="post">
                            <div class="card-body card-block">
                                <div class="form-group">
                                    <label for="categories" class="form-control-label">Categories</label>
                                    <select class="form-control" name="categories_id">
                                    <option>select categories</option>
                                    <?php
                                    $res=mysqli_query($con,"select id,categories from categories order by categories asc");
                                    while($row=mysqli_fetch_assoc($res)){
                                        if($row['id']==$categories_id){
                                        echo '<option selected value='.row['id'].'>'.$row['categories'].'</option>';
                                        }
                                        else{
                                        echo '<option value='.row['id'].'>'.$row['categories'].'</option>';
                                        }
                                    }
                                    ?>
                                    
                                    </select>
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">Product name</label>
                                    <input type="text" name="product" placeholder="Enter product name" class="form-control"value="<?php echo $product?>">
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">MRP</label>
                                    <input type="text" name="mrp" placeholder="Enter product MRP" class="form-control"value="<?php echo $mrp?>">
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">price</label>
                                    <input type="text" name="price" placeholder="Enter product Price" class="form-control"value="<?php echo $price?>">
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">Quantity</label>
                                    <input type="text" name="qty" placeholder="Enter product quantity" class="form-control"value="<?php echo $qty?>">
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">Image</label>
                                    <input type="file" name="image" class="form-control"value="<?php echo $image?>">
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">Short Description</label>
                                    <textarea name="short_desc" placeholder="Enter product short description" class="form-control" required><?php echo $short_desc?></textarea>
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">Description</label>
                                    <textarea name="description" placeholder="Enter product description" class="form-control"><?php echo $description?></textarea>
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">Meta Title</label>
                                    <textarea name="meta_title" placeholder="Enter product meta title" class="form-control"><?php echo $meta_title?></textarea>
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">Meta Description</label>
                                    <textarea name="meta_desc" placeholder="Enter product meta description" class="form-control "><?php echo $meta_desc?></textarea>
                                </div>
                                <div class="form-group">
                                    <label for="product" class="form-control-label">Meta keyword</label>
                                    <textarea name="meta_keyword" placeholder="Enter product meta keyword" class="form-control "><?php echo $meta_keyword?></textarea>
                                </div>
                                <button name="submit" type="submit"class="btn btn-lg btn-info btn-block">Submit</button> 
                                <div class="field_error"><?php echo $msg ?></div>
                            </div>
                        </form>
                    </div>
                </div>
            </div>
        </div>
    </div>
</div>

  <?php
require('footer.inc.php');
?>
Barmar
  • 741,623
  • 53
  • 500
  • 612
UnknownRish
  • 1
  • 2
    Welcome to Stack Overflow! Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating user provided values into the query. – Barmar Dec 20 '22 at 07:53
  • Check the value of `$msg`. – Barmar Dec 20 '22 at 08:00
  • What have you tried to resolve the problem? Where are you stuck? – Nico Haase Dec 20 '22 at 08:03
  • I actually tried a similar code in another page for categories it worked properly there the only difference is that it does not have these many variables. – UnknownRish Dec 20 '22 at 08:07
  • @Barmer u need to give me more than that whats wrong with $msg – UnknownRish Dec 20 '22 at 08:09
  • I have tried everything i could think of nothing seems to work. What could be the issue – UnknownRish Dec 22 '22 at 17:21

1 Answers1

0

A $ symbol is misssing in the while loop:

echo '<option value=' . $row['id'] .
buddemat
  • 4,552
  • 14
  • 29
  • 49
Akshay kumar
  • 14
  • 1