Updating records by ID mysql and php

Question

I am learning php at the moment so I have set myself a task to create a to do list.

I have got to a point where I can add a record, show that record or records. Now I am wanting to edit that record and also delete that record but am a little confused. So I guess I need to target the unique ID of that record in order to make changes to update or delete.

Here is what I put together to get me started:

mysqli_query($con,"UPDATE items SET content='blah blah blah' WHERE id=id");

if (isset($_POST['content'])) {
   mysqli_query($con,"UPDATE items SET content='".mysqli_real_escape_string($con, $_POST['content'])."' WHERE id='".mysqli_real_escape_string($con, $_POST['id'])."' ");
}

header('Location: index.php');

mysqli_close($con);

That is hooked up to a form:

    <form action="insertupdate.php" method="post">
<input type="hidden" name="id" value ="1">
Content: <input type="text" name="content">
<input type="submit">
</form>

I also created a column with three status's to either 0 = deleted 1 = active 2 = complete

I am a little stuck and just need a pointer more than anything.

Answer 1

Your query should look like this:

mysqli_query($con,"UPDATE items SET content='blah blah blah' WHERE id=1");

EDIT

if (isset($_POST['content'])) {
   mysqli_query($con,"UPDATE items SET content='".mysqli_real_escape_string($con, $_POST['content'])."' WHERE id=1");
}

However you should learn How to prevent SQL-injection to make your code secure.

EDIT2

<form action="insertupdate.php" method="post">
Content: <input type="text" name="content">
<input type="hidden" name="id" value = "1">
<input type="submit">
</form>

and

if (isset($_POST['content'])) {
   mysqli_query($con,"UPDATE items SET content='".mysqli_real_escape_string($con, $_POST['content'])."' WHERE id=".intval($_POST['id']));
}

Answer 2

a varchar type value must be written in single or double quote.