Having editing issues with my MySQL/PHP database

beechmachine · June 28, 2016, 7:23am

So I am working on a website in my local host. I have created an “ADMIN” CMS that allows me to DELETE and EDIT records within the displayed database. The DELETE section works fine, but I cannot get the EDIT section to work…I have gone over so many tutorials, and cant seem to get it to work.

Any advice or suggestions would be amazing, thanks in advance!

[php]<?php
require_once(‘includes/connection.php’);
$OK = false;
$done = false;
// get details of selected record
//if (isset($_GET[‘band_id’]) && !$_POST) {
if (isset($_GET[‘band_id’])) {
// prepare SQL query
$sql = ‘SELECT band_id, email, bandname, bio, state, genre, link, sound FROM submit
WHERE band_id = ?’;
$stmt = $conn->prepare($sql);
// bind the results using numbers to reference the columns used in the select statement
$stmt->bindColumn(1, $email);
$stmt->bindColumn(2, $bandname);
$stmt->bindColumn(3, $bio);
$stmt->bindColumn(4, $state);
$stmt->bindColumn(5, $genre);
$stmt->bindColumn(6, $link);
$stmt->bindColumn(7, $sound);
// execute query by passing array of variables
$OK = $stmt->execute(array($_GET[‘band_id’]));
$stmt->fetch();
}
// if form has been submitted, update record
if (isset($_POST[‘update’])) {
// prepare update query
$sql = ‘UPDATE submit SET email = :email, bandname = :bandname , bio = :bio, state = :state, genre = :genre, link = :link, sound = :sound
WHERE band_id = :band_id’;
$stmt = $conn->prepare($sql);
// execute query by passing array of variables
$stmt->execute(array($_POST[’:email’], $_POST[’:bandname’], $_POST[’:bio’], $_POST[’:state’], $_POST[’:genre’], $_POST[’:link’], $_POST[’:sound’], $_POST[’:band_id’]));
$done = $stmt->rowCount();
}
// redirect if $_GET[‘band_id’] not defined
if ($done || !isset($_GET[‘band_id’])) {
header(‘Location: http://localhost/giggedin/admin.php’);
exit;
}
// display error message if query fails
if (isset($stmt) && !$OK && !$done) {
$error = $stmt->errorInfo();
if (isset($error[2])) {
$error = $error[2];
}
}
?>

GIGGEDIN - FIND A BAND

<!--- BOOTSTRAP ------->
<link rel="stylesheet" href="css/bootstrap.min.css" type="text/css" >
<!--- CSS FOR WHOLE PAGE STYLE -->
<link rel="stylesheet" type="text/css" href="css/styles.css">
<!--- CSS FOR NAV BAR -->
<link rel="stylesheet" type="text/css" href="css/nav.css">
<link rel="stylesheet" type="text/css" href="css/form.css">
<!--- FONTS ------------->
<link href='https://fonts.googleapis.com/css?family=Open+Sans|Oswald|Architects+Daughter' rel='stylesheet' type='text/css'>
<link rel="stylesheet" type="text/css" href="css/ionicons.min.css">

× Home Submit Band Search Bands

  <div class="social">
    <h4>Follow us</h4>
      <i class="ion-social-facebook"></i>
      <i class="ion-social-twitter"></i>
      <i class="ion-social-instagram"></i>
  </div>
</div>
<span style="font-size:30px;cursor:pointer;color:antiquewhite;" onclick="openNav()">&#9776; MENU</span>
</header>
<body>
    <div class="content">
      <div class="container">
        <h3>admin only - Edit</h3>
        
        <?php

if (isset($error)) {
echo “

Error: $error

”;
}
if($band_id == 0) { ?>

Invalid request: record does not exist.

<?php } else { ?>

<form role="form" method="post" action="">
    <fieldset>
          <div class="form-group row">
    <label for="email" class="col-sm-2 form-control-label">Band ID</label>
        <div class="col-sm-10">
            <input type="text" class="form-control" id="band_id" name="band_id" value="<?php echo htmlentities($band_id); ?>" />
        </div>
</div>
<div class="form-group row">
    <label for="email" class="col-sm-2 form-control-label">Email</label>
        <div class="col-sm-10">
            <input type="email" class="form-control" id="email" name="email" value="<?php echo htmlentities($email); ?>" />
        </div>
</div>
<div class="form-group row">
    <label for="bandname" class="col-sm-2 form-control-label">Band Name</label>
        <div class="col-sm-10">
            <input type="text" class="form-control" id="bandname" name="bandname" value="<?php echo htmlentities($bandname); ?>" />
        </div>
</div>
<div class="form-group row">
    <label for="bio" class="col-sm-2 form-control-label">Brief Bio</label>
        <div class="col-sm-10">   
            <textarea name="bio" class="form-control" id="bio" rows="5" value="<?php echo htmlentities($bio); ?>" /></textarea>
        </div>
</div>
<div class="form-group row">
    <label for="state" class="col-sm-2 form-control-label">State</label>
        <div class="col-sm-10">
            <select name="state" class="form-control" id="state" value="<?php echo htmlentities($state); ?>" />
                <option value="QLD">QLD</option>
                <option value="SA">SA</option>
                <option value="VIC">VIC</option>
                <option value="WA">WA</option>
                <option value="TAS">TAS</option>
                <option value="NSW">NSW</option>
                <option value="NT">NT</option>
                <option value="ACT">ACT</option>
            </select>
        </div>
</div>
<div class="form-group row">
    <label for="genre" class="col-sm-2 form-control-label">Genre</label>
        <div class="col-sm-10">
            <select name="genre" class="form-control" id="genre" value="<?php echo htmlentities($genre); ?>" />
                <option value="rock">ROCK</option>
                <option value="punk">PUNK</option>
                <option value="blues">BLUES</option>
                <option value="bluesrock">BLUES/ROCK</option>
                <option value="metal">METAL</option>
                <option value="jazz">JAZZ</option>
                <option value="acoustic">ACOUSTIC</option>
                <option value="solo">SOLO</option>
            </select>
        </div>
</div>
        
<div class="form-group row">
    <label for="link" class="col-sm-2 form-control-label">FB/Website Link:</label>
        <div class="col-sm-10">
            <input type="url" class="form-control" id="link" name="link" size="30" value="<?php echo htmlentities($link); ?>" />
        </div>
</div>
      
<div class="form-group row">
    <label for="sound"class="col-sm-2 form-control-label">Sound/Video Link:</label>
        <div class="col-sm-10">
            <input type="url" class="form-control" id="sound" name="sound" size="30" value="<?php echo htmlentities($sound); ?>" />
        </div>
</div>
        <input type="submit" name="update" value="update" class="submit" id="update" />
    </fieldset>
</form>

<?php } ?>

<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.0/jquery.min.js"></script>
<script src="js/scripts.js"></script>

[/php]

ErnieAlex · June 28, 2016, 12:39pm

Beech, I edited your post to place your code inside of the PHP tags as it should have been done. Makes it much easier for us to copy into our editors. Please do that in the future.

What errors are you getting when you attempt to update data? If you are not getting any error messages make sure you set all of the error options so that you see all types of errors. You can do that by adding these to the beginning of your page:
[php]
error_reporting(E_ALL);
ini_set(“display_errors”, 1);
[/php]
Try another edit and see if you get errors displayed and if so, let us know what they are. But, I notice that you do a PREPARE on your connection using SQL, then directly run the EXECUTE. You are not BINDING your values to the PREPARED ones. ($stmt->bind_param() )
Here is a tutorial on this: http://www.w3schools.com/php/php_mysql_prepared_statements.asp
Just to explain, the function " $stmt->execute()" is defined as " $stmt->execute(VOID) " which means it does not allow any type of arguments in it. You need to remove them and use a BIND method. Hope that helps!

astonecipher · June 28, 2016, 2:16pm

[php] $sql = 'UPDATE submit SET email = :email, bandname = :bandname , bio = :bio, state = :state, genre = :genre, link = :link, sound = :sound WHERE band_id = :band_id'; $stmt = $conn->prepare($sql); // execute query by passing array of variables $stmt->execute(array($_POST[':email'], $_POST[':bandname'], $_POST[':bio'], $_POST[':state'], $_POST[':genre'], $_POST[':link'], $_POST[':sound'], $_POST[':band_id']));[/php]

This type of query doesn’t work like this.

[php]$stmt = $conn->prepare(‘SELECT something FROM table WHERE id = :id’);
$stmt->execute([
‘:id’ => $_GET[‘id’]
]);[/php]

OR

[php]$stmt = $conn->prepare(‘SELECT something FROM table WHERE id = ?’);
$stmt->execute([ $_GET[‘id’] ]);
[/php]

There are a few other ways, but those are the simplest and they are not interchangeable.