CODEWITHSUNDEEP
phphtmlmysql
Kacper
Kacper

Reputation: 63

Update database when I submit button HTML / PHP

I want to create form where I have text which I can edit and save to database for later use it in other file. I wrote following code, text is showing great from database , but updating text by submit button don't work.

It is strange but after submit, echo "Successfully saved!" normally displays, but not updating.

$connection = new mysqli("localhost", "db", "password", "db");
$query = "SELECT text FROM mailtext";
$result = mysqli_query($connection, $query);

while($row = mysqli_fetch_assoc($result))
{
    $text = iconv('iso-8859-2', 'utf-8', $row['text']);
    echo'
<center>
    <form id="mailtext" method="post">
        <textarea name="text" style="width: 500px; height: 300px;">'.$text.'</textarea>
        <input type="submit" name="submit" value="Save">
    </form>
</center>
';
    if(isset($_POST['submit'])) {
        $query2 = "UPDATE mailtext SET text='.$text.' WHERE id=1";
        mysqli_query($connection, $query2);
        echo 'Successfully saved!';
    }
}

If you have any question or something like this, please ask :) Yes, I tried to searching answers in other questions, but nothing helped.

Upvotes: 0

Views: 1854

Answers (1)

Cid
Cid

Reputation: 15257

When you are submitting your form, the page is reloaded with the content of $_POST and is re-executed from top to bottom.

//            Form is submitted
// You are getting the content of the table
//                  |
//                  |
//                  V
$connection = new mysqli("localhost", "db", "password", "db");
$query = "SELECT text FROM mailtext";
$result = mysqli_query($connection, $query);
//      You are displaying the form
//                  |
//                  |
//                  V
while($row = mysqli_fetch_assoc($result))
{
    $text = iconv('iso-8859-2', 'utf-8', $row['text']);
    echo'
<center>
    <form id="mailtext" method="post">
        <textarea name="text" style="width: 500px; height: 300px;">'.$text.'</textarea>
        <input type="submit" name="submit" value="Save">
    </form>
</center>
';
// You are treating the previously submitted form
//                  |
//                  |
//                  V
    if(isset($_POST['submit'])) {
        $query2 = "UPDATE mailtext SET text='.$text.' WHERE id=1";
        mysqli_query($connection, $query2);
        echo 'Successfully saved!';
    }
}

You have to treat the form before querying the database to get the informations, otherwise, the datas won't be inserter/updated.

Note that your query is vulnerable to SQL injections. I suggest you to use parameterized queries

$connection = new mysqli("localhost", "db", "password", "db");
if(isset($_POST['submit'])) {
    $text = $_POST['text'];
    $query2 = "UPDATE mailtext SET text=? WHERE id=1";
    //                                  ^------------------- Set a parameter for the query
    $stmt = mysqli_prepare($connection, $query2);
    //      ^------------^---------------------------------- Prepare the query for parameters
    mysqli_stmt_bind_param($stmt, "s", $text);
//  ^--------------------^---------------------------------- bind the parameters
    mysqli_stmt_execute($stmt);
//  ^-----------------^------------------------------------- execute the safe query
    echo 'Successfully saved!';
}

$query = "SELECT text FROM mailtext";
$result = mysqli_query($connection, $query);

while($row = mysqli_fetch_assoc($result))
{
    $text = iconv('iso-8859-2', 'utf-8', $row['text']);
    echo'
<center>
    <form id="mailtext" method="post">
        <textarea name="text" style="width: 500px; height: 300px;">'.$text.'</textarea>
        <input type="submit" name="submit" value="Save">
    </form>
</center>
';
}

Upvotes: 3

Related Questions