-1

I made a php app which displays race results for 10 guys. I then have a edit button which takes them to a new page with inputs enabled for the user to edit and update race results/data. However, when the form is submitted, instead of saving every change, it saves the same details for all 10 people in the results table. Please see the code below;

Code:

<?php
require 'resources/mysqli_connect.php';
session_start();
if(!empty($_SESSION['id'])){
    $id = $_SESSION['id'];
    $result = mysqli_query($conn, "SELECT * FROM users WHERE id = '$id'");
    $row = mysqli_fetch_assoc($result);
    if($row['rank'] != 4){
        echo '<script>alert("You are not authorized to access this!");location="index.php";</script>';
    }
}
else{
    echo '<script>alert("Please login to access");location="login.php";</script>';
}

$query = "SELECT * FROM results";
$qResult = mysqli_query($conn, $query);


if(isset($_POST["editResults"])){
    $firstname = $_POST["firstName"];
    $lastname = $_POST["lastName"];
    $coach = $_POST["coach"];
    $free = $_POST["free"];
    $back = $_POST["back"];
    $breast = $_POST["breast"];
    $fly = $_POST["fly"];

    $query = "update results set first_name = '$firstname', last_name = '$lastname', coach = '$coach', free = '$free', free = '$free', back = '$back', breast = '$breast', fly = '$fly'";
    if ($conn -> query($query) == TRUE){
        echo "<script> alert('Updated Successful'); </script>";
        header("Location: results.php");
    } else{
        echo "<script> alert('An error has occurred.'); </script>";
    }


}




?>

<!DOCTYPE html>
<html>
<head>
    <link rel="stylesheet" href="resources/Styling/stylesheet.css">
    <link rel="stylesheet" href="resources/Styling/results.css">
</head>
<body>
    <nav id="navbar">
        <a href="index.php">Home</a>
        <a href="squads.php">Squads</a>
        <a href="results.php">Results</a>
        <a href="profile.php">Profile</a>
        <a href="logout.php">Logout</a>
    </nav>
    
    <div class="content-wrapper">
        <h1>Results</h1>
        <form method="post" action="">
            <table>
                <th>First Name</th>
                <th>Surname</th>
                <th>Coach</th>
                <th>100 Free</th>
                <th>100 Back</th>
                <th>100 Breast</th>
                <th>100 Fly</th>
                <tr>
                <?php
                    while($resultRow = mysqli_fetch_assoc($qResult))
                    {
                    ?>
                        <td><input type="text" value="<?php echo $resultRow['first_name']; ?>" name="firstName"></td>
                        <td><input type="text" value="<?php echo $resultRow['last_name']; ?>" name="lastName"></td>
                        <td><input type="text" value="<?php echo $resultRow['coach']; ?>" name="coach"></td>
                        <td><input type="text" value="<?php echo $resultRow['free']; ?>" name="free"></td>
                        <td><input type="text" value="<?php echo $resultRow['back']; ?>" name="back"></td>
                        <td><input type="text" value="<?php echo $resultRow['breast']; ?>" name="breast"></td>
                        <td><input type="text" value="<?php echo $resultRow['fly']; ?>" name="fly"></td>

                    </tr>
                    <?php 
                    }

                    ?>
            </table>
            <button type="submit" name="editResults">Edit Results</button>
        </form>
        
    </div>
    
    
</body>
</html>

Database:

<?php

$DB_HOST='localhost';
$DB_USER='root';
$DB_PASSWORD='';
$DB_NAME='webapp';

// Make the connection:
$conn = mysqli_connect ($DB_HOST, $DB_USER, $DB_PASSWORD, $DB_NAME);

I looked it up but couldn't find any solution so any help would be appreciated!

Elux
  • 11
  • (1) You just repeat the data (with **same names**) inside the loop (2) In your update query, all the records will be updated because there is no where clause – Ken Lee May 09 '23 at 01:43
  • I didn't get you, could you provide an example? – Elux May 09 '23 at 01:44
  • **Warning:** You are wide open to [SQL Injections](https://php.net/manual/en/security.database.sql-injection.php) and should use parameterized **prepared statements** instead of manually building your queries. They are provided by [PDO](https://php.net/manual/pdo.prepared-statements.php) or by [MySQLi](https://php.net/manual/mysqli.quickstart.prepared-statements.php). Never trust any kind of input! Even when your queries are executed only by trusted users, [you are still in risk of corrupting your data](http://bobby-tables.com/). [Escaping is not enough!](https://stackoverflow.com/q/32391315) – Dharman May 09 '23 at 08:53

1 Answers1

1

If you do a var_dump($_POST) you will see that it does not return 10 records but only 1, that is because they are overwritten. You can make a form for each of the records with a submit button to edit them one by one or put the names as an array

Ex: name="firstName[]"

and make a loop that iterates through all the values ​​and enters them one by one

Try this code commenting out one input and then another and you'll be able to figure it out.

<!DOCTYPE html>
<html lang="en">
<head>
    <meta charset="UTF-8">
    <meta http-equiv="X-UA-Compatible" content="IE=edge">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>Document</title>
</head>
<body>

    <form action="" method="post">
        <?php
            for($i=0;$i<10;$i++)
            {
                ?>
                    <!-- <input type="text" name="value[]" value="<?=$i?>"> -->
                    <input type="text" name="value" value="<?=$i?>">
                <?php
            }
        ?>

        <input type="submit" value="Enviar">
    </form>

</body>
</html>

<?php

            if(isset($_POST))
            {
                var_dump($_POST);
            }

?>
Julian Fagadau
  • 71
  • 5