user2412812
Reputation: 11
Update field in database, passing record ID through link
I'm trying to write a code doing the following. I want to retrieve records from MySQL database. Each record contains (Course name, From, To, Credit hours, Details). I then want to add link for each record. When the link for a record is clicked, I want to redirect to the another page to update the field state to 'Yes' for that record.
Question: how can I update a specific record in database depending on the ID of record? In other words, how can I make each link pass the ID of its record to the update page so I can update it without write a specific ID?
My table contains these fields :
ID ,
Course_name,
From ,
To ,
Credit_hours ,
Detailes ,
state
First page
<!DOCTYPE html><html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><link rel="stylesheet" type="text/css" href="mystyle.css">
<title>Training Courses Registration System </title>
</head>
<body>
<table style="width:786px; position:relative;
margin-left:auto;
margin-right:auto;">
<tr>
<td>
<img src="4.png" class="header">
</td>
</tr>
<tr>
<td><img src="2.png" class="bar">
<a href="home-ar.html"style="font-size:17px;position:absolute;top:163px;right:16px;z-index:5;lang=ar; text-decoration:none;">عربي</a>
<a href=" "style="font-size:17px;position:absolute;top:165px;right:55px;z-index:5; text-decoration:none;">Sign out |</a>
<a href="logout.php"class="l" >Profile </a>
<a href=" "class="l1">Available Courses </a>
<a href=" "class="l5">Approve Courses</a>
<a href=" "class="l4">Statistic</a>
</td>
</tr><tr>
<td>
<section class="b"><section class="f1">
<?php
$con=mysqli_connect("localhost","m","11","wafa");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
$result = mysqli_query($con,"SELECT * FROM internal");
?>
<br>
<?php
while($row = mysqli_fetch_array($result)) {
echo ' <details>
<summary style="padding-left:33px;">' . $row['Course_name'] . "
</summary>";
echo "<P> From: ".$row['From'] ."</p>" ;
echo "<p> To: ".$row['To'] . "</p>";
echo "<p> Credit Hours: ".$row['Credit_hours']."</p>" ;
echo "<p> Detailes: ". $row['Detailes'] ."</p>";
echo "<p>
<a style='color:#387c25;background-color:#a6d898;' href='in3.php?id=".$row['ID']."'>Accept</a>
</p>
</details> <br>";
}
mysqli_close($con);
?>
</section>
</td></tr>
<tr><td><div class="footer">
<img src="3.png" class="footer"></div></section>
</td></tr>
</table>
</body>
</html>
Second page
<?php
$con=mysqli_connect("localhost","m","11","wafa");
// Check connection
if (mysqli_connect_errno()) {
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
if(isset($_GET['ID'])){
$topic =$_GET['ID'];
}
$sql = ("UPDATE internal set state = u WHERE ID = $topic");
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
header("Location: internal.html");
mysqli_close($con);
?>
Upvotes: 0
Views: 728
Answers (1)
jeroen
Reputation: 91734
This is very wrong:
$sql = ("UPDATE internal set state = u WHERE ID = $topic");
- You have an sql injection problem;
- You are using an undefined column / element
u.
It should be something like:
$sql = "UPDATE internal set state = 'Yes' WHERE ID = ?";
And then you bind your variable to the placeholder (the question mark), using a prepared statement.
Note:
- You should also have checks to see if the referenced record can be changed by the user, otherwise a user could edit arbitrary records by changing the url (or the post data, see the next point);
- You should use
POSTinstead ofGETif you are going to modify information in the database. - You should add error handling to your database calls. The easiest way to do that in mysqli is to have it throw exceptions. To enable that, just put this at the top of your script:
mysqli_report(MYSQLI_REPORT_STRICT);
Upvotes: 2
Related Questions
- I need the ID that's held inside of the URL to update a table in database
- Performing mysql update based on passed variable from link?
- pass argument to link and update table
- MySQL updating "link" table
- Updating database field in PHP when link is pressed
- Updating records by ID mysql and php
- how to update table by clicking a link in php
- PHP and MYSQL with updating a row by link
- Updating an ID in the database
- Update a MySQL db via link in PHP