multiple inputs to update mysql table by id

Question

I got stuck because I can't update my mysql table using multiple form rows. Currently only the first row works. Basically I would like the person in charge to choose the id to update, enter it and automatically my table will be updated. The next step is that I can get an email with a list of the fields he has updated.

Thank you

index.php

<div class="row">
                <h2>Imposta quantità di stampa Dataplate</h2>
                    <?php
                        $quantitad_form = $rows['quantita_d'];
                        $quantitae_form = $rows['quantita_e'];
                        $id_form = $rows['emp_id'];
                        
                    ?>
                <form method = "post" action = "update.php">
                    <div class="jumbotron jumbotron-fluid" id="dataAdd">
                        <div class="container-fluid big-container">
                            <div class="form-row check">
                                <div class="form-group col-md-4">
                                    <label>ID</label>
                                    <input name = "id_form[]" value = "$id_form" type = "number" id = "id_form1" class="form-control">
                                </div>
                                <div class="form-group col-md-4">
                                    <label>Totale Dataplate</label>
                                    <input name="quantitad_form[]" value = "$quantitad_form" type="number" id = "quantitad_form2" class="form-control variable-field quantity"/>
                                </div>
                                <div class="form-group col-md-4">
                                    <label>Totale Energy Label</label>
                                    <input name="quantitae_form[]" value = "$quantitae_form" type="number" id = "quantitae_form2" class="form-control width-80 totalcostprice" readonly/>
                                </div>
                            </div>
                        </div>
                        <div class="container-fluid">
                            <button type="button" class="btn btn-success" id="addRow">Aggiungi Riga</button>
                            <button type="button" class="btn btn-danger" id="deleteRow">Cancella Riga</button>
                            <button name = "update" type = "submit" class="btn btn-danger" id="deleteRow">AGGIORNA</button>
                        </div>
                    </div>
                </form>
            </div>

update.php


<?php
   
<?php

include_once("db_connect.php");
mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);

// Check connection
if ($conn->connect_error) {
  die("Connection failed: " . $conn->connect_error);
}


   for ($i = 0; $i < count($_POST["quantitad_form"]); $i++) {
    
    $id_form = $_POST["id_form"][$i];
    $quantitad_form = $_POST["quantitad_form"][$i];
    $quantitae_form = $_POST["quantitae_form"][$i];

    $sql = "UPDATE emp SET quantita_d='$quantitad_form', quantita_e='$quantitae_form' WHERE emp_id='$id_form'";

   }

/*

if ($conn->query($sql) === TRUE) {
  $update_status = '?update_status=success';
} else {
  $update_status = '?update_status=error';
}

$conn->close();
header("Location: index.php".$update_status);
*/
?>

Thank you all for your helpfulness, this is the full link https://unical.atena.net/

What have you tried to resolve the problem? Where are you stuck? — Nico Haase, Mar 10 '23 at 11:18
Also, be warned that your query is vulnerable for SQL injection. Have a look at prepared statements to avoid getting hacked — Nico Haase, Mar 10 '23 at 11:19
Clearly you're going to need a loop - had you at least got that far in your thinking? It's unclear how/where you actually got stuck. I suggest, instead of numeric naming of form fields such as `name="quantitad_form9"`, just use array syntax - e.g. `name="quantitad_form[]"` so then in PHP you can simply use a `for` or `foreach` loop to go through all the entries in `$_POST["quantitad_form"]` (which will be an array). This is not a new problem, there are previous questions on the same topic if you search around. — ADyson, Mar 10 '23 at 11:21
**Warning:** Your code is vulnerable to SQL Injection attacks. You should use parameterised queries and prepared statements to help prevent attackers from compromising your database by using malicious input values. http://bobby-tables.com gives an explanation of the risks, as well as some examples of how to write your queries safely using PHP / mysqli. **Never** insert unparameterised data directly into your SQL. The way your code is written now, someone could easily steal, incorrectly change, or even delete your data. — ADyson, Mar 10 '23 at 11:22
https://phpdelusions.net/mysqli also contains good examples of writing safe SQL using mysqli. See also the [mysqli documentation](https://www.php.net/manual/en/mysqli.quickstart.prepared-statements.php) and this: [How can I prevent SQL injection in PHP?](https://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php) . Parameterising your queries will also greatly reduce the risk of accidental syntax errors as a result of un-escaped or incorrectly quoted input values. If you learnt your current technique from a tutorial or book, please don't use that resource again. — ADyson, Mar 10 '23 at 11:22
Please bring your error handling into the 21st century. Add `mysqli_report(MYSQLI_REPORT_ERROR | MYSQLI_REPORT_STRICT);` before your `mysqli_connect()` (or `new mysqli()`) command, and this will ensure that errors with your SQL queries are reported correctly to PHP automatically. That way you don't need to clutter your script with repetitive code to keep checking errors after every mysqli command. And you should never be echoing error data deliberately - it can easily reveal sensitive info to attackers by accident. — ADyson, Mar 10 '23 at 11:22
Can you give me an example of the cycle so I can try? Thank you — ateve, Mar 10 '23 at 11:27
___Suggestion___ `if(!isset($_POST['submit']))` then you really have no business running any more of this code. So just setting an error message and ploughing on regardless is clearly not enough! — RiggsFolly, Mar 10 '23 at 11:30
An example of what, precisely? What part are you stuck on? Are you aware of how to create a loop? — ADyson, Mar 10 '23 at 11:34
I can change my inputs to something like this `````` Then for the loop I can think of ```foreach($_POST['quantitad_form'] as $index => $value) { ... }``` — ateve, Mar 10 '23 at 11:42
Yep that's the basic idea. Bear in mind though that you probably also want to read from the quantitae_form and id_form fields in the same loop, I expect? That's why a `for` might be better. e.g. `for ($i = 0; $i < count($_POST["quantitad_form"]); $i++) { $quantitad_form1 = $_POST["quantitad_form1"][$i]; $quantitae_form1 = $_POST["quantitae_form1"][$i]; $id_form1 = $_POST["id_form1"][$i]; ... etc` — ADyson, Mar 10 '23 at 11:48
I have to study because now I am even more confused. In the meantime, thank you — ateve, Mar 10 '23 at 12:01
What exactly are you confused by? I can try to explain if you tell me — ADyson, Mar 10 '23 at 12:14
You would need at least 20 reputation to join a chat room. Try answering a question or two, to get some upvotes. — ADyson, Mar 10 '23 at 12:43
Let us [continue this discussion in chat](https://chat.stackoverflow.com/rooms/252444/discussion-between-ateve-and-adyson). — ateve, Mar 10 '23 at 12:51

multiple inputs to update mysql table by id

0 Answers0