Php mysql failure to save some data

lui1969 · April 23, 2021, 1:29pm

I apologize for my bad English and I hope I can better explain my problem and receive your support. Thank you

I created a small function in php where I can search the database for a “card” number, once the card number is found, “name, surname, customer_id, card number” are returned to me.
once I see this information inside I have to save in the database “points, expense, customer_id” points and expense “are saved successfully while” customer_id "is not saved what am I wrong?

this is my code

<form action="" method="post">
  <input type="text" name="tessera" placeholder="Inserisci Numero Tessera"/>
<input type="submit" name="search" value="Cerca"/>
</form>
<?php
$connection = mysqli_connect("localhost","user","password");
$db = mysqli_select_db($connection,'database');
if(isset($_POST['search']))
{
$id = $_POST['tessera'];
$query = "SELECT tessera,nome,cognome,id_cliente FROM cliente where tessera='$id'";
$query_run = mysqli_query($connection,$query);
while($row = mysqli_fetch_array($query_run))
{?>
<form action="" method="post">
<input type="text" name="tessera" disabled="disabled" value="<?php echo $row['tessera'] ?>"/><br>
<input type="text" name="nome" disabled="disabled" value="<?php echo $row['nome'] ?>"/><br>
<input type="text" name="cognome" disabled="disabled" value="<?php echo $row['cognome'] ?>"/><br>
<input type="text" name="id_cliente" disabled="disabled" value="<?php echo $row['id_cliente'] ?>"/>
<input class="form-control" type="text" id='punti' name="punti" />
<input class="form-control" type="text" id='spesa' name="spesa" />
<input class="form-control" type="date" id='data_punti' value="<?php echo date('Y-m-d'); ?>" name="data_punti" />
<input type="submit" name="update" value="aggiungi">
</form>
<?php
}}?>
<?php
$connection = mysqli_connect("localhost","user","password");
$db = mysqli_select_db($connection,'database');
if(isset($_POST['update']))
{
$query = "INSERT INTO punti (punti, spesa, data_punti, id_cliente)
VALUES('".$_POST["punti"]."','".$_POST["spesa"]."','".$_POST["data_punti"]."', '".$_GET["id_cliente"]."')";
$query_run = mysqli_query($connection,$query);
if($query_run)
{echo '<script> alert("aggiunti")</script>';
}else
{echo '<script> alert("errore") </script>';
}}?>
thanks

benanamen · April 23, 2021, 4:33pm

Your whole logic is wrong. You don’t select data to re-save it to another table. Learn about Database Normalization.

lui1969 · April 23, 2021, 4:42pm

thanks

the punti and spesa these are saved it’s just id_cliente
it doesn’t save, would you be kind enough to give me a logical example? thank you

phdr · April 23, 2021, 11:08pm

Actually, @benanamen the OP is storing new related data in a secondary table, related back to the primary table row through its id.

You ALWASY need to validate input data before using it. If a ‘required’ input is not present, it’s either a user error (the user reached a page without selecting a required input value) or a programming mistake (which is the current case.) Your form processing code expects punti, spesa, data_punti (shouldn’t that be date_punti), and id_cliente inputs. You should trim, than validate all those inputs, storing validation error messages in an array, using the input name as the array index. After the validation logic, if there are no errors (the array will be empty), use the submitted data. You would test and display the contents of the array at the appropriate location in the html document to display the error messages.

There are also a number of issues with the rest of the code - the search form should use the get method and be ‘sticky’, the database connection code should only exist once, you should use exceptions for database statement errors, you should not put external, unknown, dynamic data directly into sql query statements, use a prepared query instead, don’t copy variables to other variables for no reason, just use the original variables, don’t use a loop to fetch data from a query that will at most match one row of data, just directly fetch the single row of data, if a query doesn’t match any data you should set up and display a message telling the user so, empty form action=’’ attributes are actually invalid, just leave the whole action=’’ attribute out of the form tag to cause the form to submit to the same page, the post method form processing code (for the INSERT query) should be above the start of the html document, and a few more…

benanamen · April 23, 2021, 11:42pm

Yeah, I missed that.

whispers · April 25, 2021, 6:07am

Perhaps try changing it from $_GET to $_POST…like the others values you say are saving correctly.