CODEWITHSUNDEEP
phpmysql
Pullapooh
Pullapooh

Reputation: 161

mySQL php update

How can I update a row in my mySql database from a HTML form. I have tried every technique and nothing seems to work. I would like that users could update their own profile page information.

I have a form on my page but the data doesn't get sent through.

What am i missing?

Here is my code:

------------INDEX.php

<?php 
            require_once("inc/database.php");
            require_once("inc/query.php");
        ?>
        <div class="wrapper">
            <div class="content">
            <h1>User Profiles</h1>

                <?php
                while ($row = $results->fetch()) {

                    $id = ($row["id"]);
                    $name = ($row["name"]);
                    $age = ($row["age"]);
                    $password = ($row["password"]);

                    print '<div ' . 'class= id-' . ($id) . '">';
                    print "<p>" . ($name) . "</p>";
                    print "<p>" . ($password) . "</p>";
                    print "<p>" . ($age) . "</p>";
                    print "</div>";

                }
                ?>
        </div>
            </div>
            <form action="inc/addnew.php" method="post">
                <p>Name: <input type="text" name="name" required></p>
                <p>ID: <input type="text" name="id" value="<?php echo $id; ?>"></p>
                <p><input type="submit" value="Lisää"></p>
            </form>

------------QUERY.php

<?php

try{
    $results = $db->query("SELECT name, password, age, id FROM users");
    $results->execute();
    // echo "Our query ran successfully.";
} catch (Exception $e){
    echo "Data could not be retrived from the database.";
    exit;
}

------------DATABASE.php

<?php

try{
    $db = new PDO('mysql:host=localhost;dbname=user_profile;port=8889', 'User_profile','bFeLcZjMmVw4PBaF');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
    $db->exec("SET NAMES 'utf8'");
} catch (Exception $e){
    echo "Could not connect to the database.";
    exit;
}

------------UPDATE.php

<?php
require_once("database.php");


if( isset( $_POST['name'] ) &&  strlen( $_POST['id'] )){

    $id = $_POST['id'];
    $name = $_POST['name'];


    $results=("UPDATE users SET name='$name' WHERE id=$id");
    }

        header("Location: ../index.php");
    }
else
    {
        //error either $_POST['login'] is not set or $_POST['login'] is empty form field
        echo 'Name or ID field was empty. Please fill out those fields. <a href="../index.php">Back to site</a> <br>';
    }

Upvotes: 0

Views: 94

Answers (2)

tadman
tadman

Reputation: 211540

You need to prepare and execute your query, not just define it as a string:

$sth = $db->prepare("UPDATE users SET name=:name WHERE id=:id")

$sth->execute(array("name" => $_POST["name"], "id" => $_POST["id"]));

You should be using placeholders to insert your data. Your query uses string interpolation which is extremely dangerous due to SQL injection bugs. Do not put $_POST data directly into a query, it's never safe.

Upvotes: 1

Latheesan
Latheesan

Reputation: 24116

How you expect this query to execute? 

$results=("UPDATE users SET name='$name' WHERE id=$id");

you are just generating a query here on UPDATE.php without actually doing anything with it.

Replace this line with:

$results = $db->query("UPDATE users SET name='$name' WHERE id=$id");

Upvotes: 2

Related Questions