0

I'm working on a project and I'm stuck on a moment and I can maybe use some help from you guys.

I'm running a while loop and in the while loop I'm using a button. I want to update that specific row of the button.

But at my code now, it updates a row randomly.

This is my code:

<form name="faturalar" method="POST">
<h4> Ödenmemiş Faturalarım </h4>
</br>
<table class="table table-striped table-dark">
<thead>
    <tr style="color:white">
        <th> # </th>
        <th> Ceza </th>
        <th> Miktar </th>
        <th> Ödeme </th>
    </tr> 
</thead>

<tbody>
    <?php
        $count=1;
        $sel_query="SELECT * from billing WHERE identifier= '{$cid}';";
        $result = mysqli_query($svcon,$sel_query);
        while($row = mysqli_fetch_assoc($result)) { 
        $fatMiktar = $row["amount"]; 
        if ($_SERVER['REQUEST_METHOD'] === 'POST') {

            if (isset($_POST['odeme'])) {
                $yeniMiktar = $BankaAl - $fatMiktar;
                $yeniAccount = array("bank"=>$yeniMiktar, "money"=>$NakitAl, "black_money"=>$BlackAl);
                $bankEncode = json_encode($yeniAccount);


                $up = "UPDATE users set accounts = '$bankEncode' WHERE id = '{$cid}'";

                $upresult = $svcon->query($up);
                $uprow = mysqli_fetch_array($upresult);
                header("Refresh:0");
            }
        }

    ?>
    <tr><td><?php echo $count; ?></td><td><?php echo $row["label"]; ?></td><td><?php echo $row["amount"]; ?></td><td><input name="odeme" type="submit" value="Öde" class="btn btn-primary"></td></tr>
    <?php $count++; } ?>
</tbody>
</table> 
</form>

I searched on stackoverflow but I didn't find any topic that I could use. What am I doing wrong?

Your Common Sense
  • 156,878
  • 40
  • 214
  • 345
IAMGOKTURK
  • 1
  • 2
    Please format your code and remove all excessive tabs/spaces in the beginning of the lines. – M. Eriksson Dec 20 '22 at 09:51
  • 2
    You never set `$cid` before the query. – Barmar Dec 20 '22 at 09:53
  • Why your logic of updating something is inside table? I hope you do not expect for PHP and HTML inputs to be related that way? Because PHP will execute first, only then HTML will be outputted – Justinas Dec 20 '22 at 09:56
  • @Barmar i actually did, updating the field where the ID matches the ID is not a problem, updating "$FatMiktar" that gets the amount is a problem for me now. – IAMGOKTURK Dec 20 '22 at 09:57
  • 1
    _"updating the field where the ID matches the ID is not a problem"_ - But how do you know _which_ id to update? You're not setting it anywhere in the form? Is this all the relevant code, or is this just a part of some bigger flow? – M. Eriksson Dec 20 '22 at 09:59
  • The form doesn't have any inputs other than the submit button. How is it supposed to know which row you want to update? – Barmar Dec 20 '22 at 09:59
  • @Justinas how can I update a specific row of the table? – IAMGOKTURK Dec 20 '22 at 10:00
  • You need to pass which row (or id) to target when submitting the form. – M. Eriksson Dec 20 '22 at 10:01
  • @M.Eriksson yessir, this is just a part of a bigger project. I have no issues with getting the ID that I want to update, $cid is the user id and it updates the right user. – IAMGOKTURK Dec 20 '22 at 10:01
  • How are you expecting us to be able to help if we can't see the full flow? We have no clue what anything not added to the question, is, does (or suppose to do) – M. Eriksson Dec 20 '22 at 10:03
  • Your table has a submit button in every row. They all have the same value, so how is the script supposed to know which button they clicked on, so that it will update the data for that row? Where do any of these values come from, and how are they related to the table? – Barmar Dec 20 '22 at 10:05
  • Put the row ID in the value of the submit button, then you can get that from `$_POST['submit']`. – Barmar Dec 20 '22 at 10:06
  • 2
    Instead of one big form, I think each row would need to contain a form within the td where your button is, and put the ID that the button should update in a hidden field within the form – ADyson Dec 20 '22 at 10:07
  • 3
    Welcome to Stack Overflow! Your script is vulnerable to [SQL Injection Attack](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php). Even if [you are escaping variables, its not safe](https://stackoverflow.com/questions/5741187/sql-injection-that-gets-around-mysql-real-escape-string%5D)! You should always use [prepared statements and parameterized queries](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) in either MYSQLI or PDO instead of concatenating user provided values into the query. – Barmar Dec 20 '22 at 10:07

0 Answers0