<?php
// Your code here!
$link = mysqli_connect("***", "***", "***", "***");
if ($link === false) {
die("ERROR: Could not connect. " . mysqli_connect_error());
}
$sql = "SELECT * FROM TABLE";
$result = mysqli_query($link, $sql);
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (isset($_POST['submit'])) {
$myCode = $_POST['myCode'];
$myDescription = $_POST['myDescription'];
$myMatCost = $_POST['myMatCost'];
$myQty = $_POST['myQty'];
$id = $_POST['id'];
mysqli_query($link, 'UPDATE ANCREN_G2_MAT SET myCode=$myCode, myDescription=$myDescription, myMatCost=$myMatCost, myQty=$myQty WHERE id=$id');
mysqli_free_result();
}
}
?>
<form method="POST"
action="<?php echo $_SERVER['PHP_SELF']; ?>">
<table>
<thead>
<tr>
<th>Code</th>
<th>Description</th>
<th>Mat Cost</th>
<th>Qty</th>
<th>Action</th>
</tr>
</thead>
<tbody>
<?php
while ($row = mysqli_fetch_array($result)) {
?>
<tr>
<td>
<input type="text"
value="<?php echo $row['myCode']; ?>"
name="myCode">
</td>
<td>
<input type="text"
value="<?php echo $row['myDescription']; ?>"
name="myDescription">
</td>
<td>
<input type="text"
value="<?php echo $row['myMatCost']; ?>"
name="myMatCost">
</td>
<td>
<input type="text"
value="<?php echo $row['myQty']; ?>"
name="myQty">
</td>
<td>
<input type="hidden"
value="<?php echo $row['id']; ?>"
name="id">
<input type="submit" value="Save" name="saveMe">
</td>
</tr>
<?php
} ?>
</tbody>
</table>
</form>by doing two queries in the same script. You’re over thinking it.
like what i did already but not working it showing me the selected items but dosent allow me to update them
i know something is wrong but i can not find it please hrlp
That block never is true.
None of those variables are needed.
but then how to get the value from user
You need the $_POST values, you don’t need the new variables you are assigning existing variables to.
if (isset($_POST[‘submit’])) why it is never true can you explane plase
You need the $_POST values, you don’t need the new variables you are assigning existing variables to.
cuz i use this var to make my query
im not been funny i really need help if you could explain id appreciated
Have you looked at prepared statements at all?
1 Like
Beginners - Learning PHP
Here’s the problem with reproducing things you see, just putting your data fields into it. Too much of the information people are finding to use is out of date, contains unnecessary code/syntax, and is not secure. This results in learning information that isn’t current, contains extra implementation details that doesn’t add any value, which just wastes your time, and if used on a live/public web server can compromise your web server or your users security.
Here’s a laundry list of things the current code should/should not do -
- Use the much simpler PDO extension.
- Don’t output raw database errors onto a web page. Use exceptions instead and in most cases let php catch and handle the exceptions. The exception to this rule is when inserting/updating duplicate or out of range user submitted data. In this case, your code should catch and handle the exception.
- List the fields you are SELECTing in your query. This helps to make your code self-documenting and selects only the data that you need.
- Don’t attempt to detect if the submit button is set. There are cases where the submit button isn’t sent with the form data. Since you are already testing the request method, that’s all you need for what you are currently doing.
- Don’t make a bunch of discrete variables and copy variables to other variables without a good reason. This is just a waste of your time. Instead keep the form data as an array variable and operate on elements of the array. This will let you do things like trim all the data using a single line of code and as a more advanced subject, dynamically process the form data without writing out blocks of code for every form field.
- Your form processing code should trim, then validate all the input data, storing validation error messages in an array, using the field name as the array index. This array is also an error flag. If the array is empty, there are no errors, and you can use the submitted form data. You can test/display the contents of this array at the appropriate location in the html document to display the errors.
- Use a prepared query when supplying external, unknown, dynamic data values to an sql query. This will actually simplify the sql query syntax, making it easier to write error free queries. Your current query has an issue in that string data values are not enclosed by single-quotes, which will produce errors once you get to the point of executing that query. Again, this is an issue with reproducing things you see, without actually learning the fundamental reasoning behind what you are doing. With a prepared query, you would just put simple ? place-holders in the query for each data value, without any single-quotes around them, then supply the values when the query is executed.
- There’s no result for an UPDATE query, so using _free_result() is pointless. This is more of just reproducing things you have seen.
- To get a form to submit to the same page, just leave the action=’…’ attribute out of the form tag. Also, $_SERVER[‘PHP_SELF’] is open to cross site scripting, so, just leave it out…
- If there are validation errors(s), you should populate the form fields with the submitted form data, not the original data, so that the user doesn’t need to keep reentering the same values over and over. To do this, you would have a common (array) variable in the code that initially gets the original data from the SELECT query, then inside the form processing code, gets a trimmed copy of the submitted form data. You would use the contents of this common variable in the rest of the code.
- Any dynamic value that you output onto a web page needs to have htmlentities() applied to it to help prevent cross site scripting.
You should also start small, with code that deals with just one form field. Then, once you get your program logic to work, you can deal with the code needed for more than one field.
You also need to define what overall goal you are trying to accomplish. Your current code has one form with multiple sets of fields and submit buttons (repeating the same fields names.) Clicking on any of the submit buttons will submit all form fields (only the data in the last set will be used since the field names are repeated.) Your form processing code is expecting a single set of form fields to be submitted.
So, what you are trying to accomplish? Edit a single row of data at a time, in which case you need a separate form for each row, or edit multiple rows of data at a time, in which case you need one form, one submit button, and to use array names for your form fields, with the row’s id as the array index, so that all the fields will be uniquely named.
1 Like
I found this link on PDO - https://phpdelusions.net/pdo to be very useful. I even now I still refer to it time to time.
1 Like
you are so kind @phdr .
thank you so much for your time.
as you have noticed I’m a beginner and i haven’t got any formal training. i wasn’t blessed like some people.
but i really wish one day i can get better and better at this. i really want this .
now i will read your answer again and again and search most of them to understand them.
what i’m trying to accomplish ,is ,to create 13 group which each group has a few items in it, and all items under that one group will have sum of total cost combine for that group. so here which i was trying to do with my poor designed form. then i have created a quote already which by searching an items will give you the price and rest of info.
so now here im trying to make CRUD except i dont want Delete and Create option. only Read and Update.
thank you @Strider64 i will definitely save the link and refer to it . I JUST VERY SCARED OF PDO LOOKS SOOOO COMPLICATED.
I can’t believe how kind you are in this website. not like stackoverflow. i asked two question on there and each time either got blocked or they tell me to go learn the basic. omw i have to start from somewhere. seeing as im actually self taught . thank you for your encouragement.