CRUD only returning one record

zpupster · May 27, 2020, 1:31pm

example from the Read.php

i gave my columns an orderby asc and desc in the read file, but before that the edit.php was working code was working correctly.

My Update (or edit) is only returning one record- the first record to be updated.- pic shows first record in DB.

Capture

the product ID will not be updateable in the final version, just in for testing… this is a custom page in the
admin section of a CMS.

What I have tried you name it, been messing with this for a day. Time for help TY.

The question , what is wrong with my code in edit.php , no matter what edit i press,
I only get the first record of the database returned with Product ID of 35.
edit.php:

<?php error_reporting(E_ALL);
        ini_set('display_errors', '1');
?>
<?php
include 'connect.php';
	if(isset($_POST['btn_submit'])){
		$sql ="update products set 
							
							products_quantity = '".$_POST['txt_quantity']."',
							products_weight = '".$_POST['txt_weight']."',
							products_price= '".$_POST['txt_price']."'
							where products_id = '".$_POST['txt_id']."'
		";
		if(mysqli_query($con, $sql)){
		    header('Location:index.php');	
		}else{
			echo "Error " .mysqli_error($con);
	}
}

	if(isset($_GET['id'])){
		 $sql = "SELECT products_id, products_quantity, products_weight, products_price 
				FROM products";
    $result = mysqli_query($con, $sql);
    if(mysqli_num_rows($result)>0){
	   ($row = mysqli_fetch_assoc($result)); 
	 $id = $row['products_id'];
	 $quantity = $row['products_quantity'];
	 $weight = $row['products_weight'];
	 $price = $row['products_price'];
     }
}


?>

<form action="" method="post">
  <table>
  	 <tr>
      <td>Product ID</td>
      <td><input name = "txt_id" value ="<?=$id?>"></td>
    </tr>
    <tr>
      <td>Quantity</td>
      <td><input name = "txt_quantity" value ="<?=$quantity?>"></td>
    </tr>
       <tr>
      <td>Weight</td>
       <td><input name = "txt_weight" value ="<?=$weight?>"></td>
    </tr>
    <tr>
      <td>Price</td>
      <td><input name = "txt_price" value ="<?=$price?>"></td>
    </tr>
    <tr>
      <td><input type = "hidden" value ="<?=$id?>" name = "txt_id" ></td>
      <td><input type="submit" name="btn_submit"></td>
    </tr>
  </table>
</form>

skawid · May 27, 2020, 1:43pm

Could you edit your post to include a question? It’s difficult to see what you think is wrong here.

zpupster · May 27, 2020, 2:27pm

Sorry for the confusion,

When I click edit in the a row (the far right column) it is suppoe to bring up the record of
that row with the product ID and dispalyed in a form on edit.php.

The question , what is wrong with my code in edit.php , no matter what edit i press,
I only get the first record of the database returned with Product ID of 35.

Ty
If oyu need more information I will gladly supply it.

zpupster · May 27, 2020, 4:11pm

changed this

$sql = "SELECT products_id, products_quantity, products_weight, products_price 
				FROM products";

to this:

 $sql = "SELECT products_id, products_quantity, products_weight, products_price 
				FROM products 
				WHERE products_id=" .$_GET['id'];

In the form it is not recognizing the decalred variables

phdr · May 27, 2020, 6:00pm

For the posted code, $_GET[‘id’] is apparently set, but could be empty, which would produce a query syntax error.

Some points that will result in secure code/query and get your code to work or tell you why it isn’t working -

You must validate all inputs before using them. If $_GET[‘id’] is empty, that’s an error. You should trim the value then test if it is empty in your code, set up an error message for the user, and skip running any code that’s dependent on having a non-empty id.
You must have error handling for all statements that can fail. For database statements, the easiest way of adding error handling, without adding logic at each statement, is to use exceptions for errors and in most cases let php catch and handle the exception, where it will use its error related settings to control what happens with the actual error information (database statement errors will ‘automatically’ get displayed/logged the same as php errors.) Adding error handling for the SELECT query would get it to tell you if/why it is failing.
For fatal errors, such as a SELECT query that fails due to an error, there’s no point in letting the code to continue to run and try to use the result from the query. This just results in follow-on errors, having nothing to do with the actual problem. The mysqli_num_rows() error and the undefined errors in the form fields are follow-on errors. The good news, if you use exceptions for database statement errors (see item #2 in this list), execution transfers to the nearest exception handler upon an error, php in this case, and your code won’t try to use the result from a query that has failed.
Do NOT put external, unknown, dynamic values directly into an sql query statement, as this will let sql special characters in the data break the sql query syntax, which is how sql injection is accomplished. Instead, use a prepared query, with a ? place-holder in the sql statement for each value, then supply the values when the query gets executed. You would also want to switch to the much simpler and more consistent PDO extension, instead of the mysqli extension.
Any header() redirect need an exit/die statement after it to stop program execution.
Any dynamic value that you output on a web page needs to have htmlentities() applied to it to help prevent cross site scripting.
Since you are updating existing data, when there are validation error(s) in the post method form processing code, you need to re-populate the form field values with the submitted form data, not the initial data from the SELECT query. The simplest way of doing this is to use a common array variable, that you trim and copy the $_POST data to inside the post method form processing code. If this variable is empty after the form processing code, you know that the form has never been submitted. You can test for this to decide if you need to run the code with the SELECT query. You would fetch the data from the SELECT query into this common array variable. You would use this common array variable throughout the rest of the code.