CODEWITHSUNDEEP
phpmysql
Onret
Onret

Reputation: 47

How to update database with entire html table (PHP, MySQL)

I have been struggling with this for several days now. I have searched on how to update tables and have managed to get as far as to update rows, but only the last one in the table. So now i am trying to get a loop that loops through all the inputs and updates the database with the inputted values. I think the code that needs to be corrected is located near the end of the code

What i want to do:

Here is a picture of what the table looks like in web view:

Table as it would look in web view

<?php
//Connect to database
include '../db/connect.php';
?>
   <form action='test7.php' method="post">
      <table border='1'>
         <?php
            $result = $MySQLi_CON->query("SELECT * FROM users");
               echo "<tr>";
               echo "<td colspan='3'>CLASS 1</td>";
               echo "</tr>";
               //All table rows in database presented in html table
               while($row = $result->fetch_array()){
                  echo "<tr>";
                  echo "<td><input type='hidden' name='user_id[]' value='".$row['user_id']."' /></td>";
                  echo "<td>username  :<input type='text' name='username[]' value='".$row['username']."' /></td>";
                  echo "<td>email  :<input type='text' name='email[]' value='".$row['email']."' /></td>";
                  echo "<td>rank  :<input type='number' name='rank[]' value='".$row['rank']."' /></td>";
                  echo "</tr>";
               }
            echo "<input type='submit' name='update' value='UPDATE' />";
         ?>
      <table>
   </form>
<?php
   if(isset($_POST['update'])){ 
      $total = count($_POST['rank']); 
      $user_id_arr = $_POST['user_id']; 
      $rank_arr = $_POST['rank']; 
      for($i = 0; $i < $total; $i++){ 
         $user_id = $user_id_arr[$i]; 
         $rank = $rank_arr[$i]; 
         $query = "UPDATE users SET `rank`= '".$rank."' WHERE `user_id`= '".$user_id."'"; 
         $MySQLi_CON->query($query); 
         header('Location: test7.php');
      } 
   }
?>

When I press the UPDATE button, i get PHP Notice: Array to string conversion in....

It refers to line 30 which is this line:

$query = "UPDATE user SET rank=$_POST[rank][$row] WHERE user_id=$value ";

EDIT: Edited the code above to the working code. Thank you @Frayne Konok for your help.

Upvotes: 4

Views: 8931

Answers (2)

Murad Hasan
Murad Hasan

Reputation: 9583

You did a great mistake here, Why you use the $result in foreach loop?? FRom where the $result comes?? The $result is the resource of the sql query.

Try this:

if(isset($_POST['update'])){
    $total = count($_POST['rank']);
    $user_id_arr = $_POST['user_id'];
    $rank_arr = $_POST['rank'];
    for($i = 0; $i < $total; $i++){
        $user_id = $user_id_arr[$i];
        $rank = $rank_arr[$i];
        $query = "UPDATE users SET `rank`= '".$rank."' WHERE `user_id`= '".$user_id."'";  
        $MySQLi_CON->query($query);
    }
}

Try with this and let me know if there is any problem.

Upvotes: 1

random_user_name
random_user_name

Reputation: 26160

You are very close.

The issue is that in this code $_POST[rank][$row] - rank is an undefined constant. You need it to be a string, like so $_POST['rank'][$row]. Also, pull the $POST variable out of the query directly to allow typecasting - you should always be very uncomfortable when you see a query that has $_POST data directly:

if(isset($_POST['update'])){
    foreach ($result as $row => $value) { 
        // typecast to a number with decimals below.  If you only need integers, than use (int)
        $rank = (float)$_POST['rank'][$row];
        $query = "UPDATE user SET rank={$rank} WHERE user_id={$value}";
        $MySQLi_CON->query($query);
    }
}

However, it would be better to use mysqli prepared statements rather than insert the variables directly - as it stand, the above code is vulnerable to SQL Injection attacks.

Your code should be modified to look something like so to prevent sql injection attacks:

if(isset($_POST['update'])) {
    $stmt = $MySQLi_CON->prepare("UPDATE user SET rank= ? WHERE user_id= ?");
    foreach ($result as $row => $value){      
        $stmt->bind_param('di', $_POST['rank'][$row], $value); 
        $stmt->execute(); 
    }
    $stmt->close();
}

Upvotes: 3

Related Questions