CODEWITHSUNDEEP
phpphpmyadmin
Sunny0101
Sunny0101

Reputation: 476

How do I update a table in the database securely using an input from a html form?

I have a html table where I need to take the users input safely and securely to update a table item. Any guidance? (I know what I've wrote below is incorrect)

For example if they wanted to update their own details for example surname:

<div class="grid-2"> 
    <p><b>UPDATE MY DETAILS</b></p>
    <form action ="includes/update.inc.php" method ="post">
        <label>S.Name</label>
        <input name="update-surname" type="text" placeholder="Enter new surname...">
        <label>Address</label>
        <input name="update-houseno" type="text" placeholder="Enter house no' or name...">
        <input name="update-ln1" type="text" placeholder="1st Line of Address...">
        <input name="update-town" type="text" placeholder="Town...">
        <input name="update-county" type="text" placeholder="County...">
        <input name="update-postcode" type="text" placeholder="Postcode...">
        <label>Contact Number</label>
        <input name="update-number" type="text" placeholder="Contact Number...">
        <label>Email</label>
        <input name="update-email" type="text" placeholder="Email...">
        <input type="submit" name="update-details" value="Update">
    </form>
</div>

Update name snapshot..... Update the name

UPDATE I have added code to the above page and an action on the form as requested. The code below is the start of what I've made to the page the action leads to:

    <?php
    // Here we check whether the user got to this page by clicking the proper button.
    if (isset($_POST['update-details'])) {

          require 'dbh.inc.php';

    // We grab all the data which we passed from the update form so we can use it later.
        $surname = $_POST['update-surname'];
        $houseno = $_POST['update-houseno'];
        $ln1 = $_POST['update-ln1'];
        $town = $_POST['update-town'];
        $county = $_POST['update-county'];
        $postcode = $_POST['update-postcode'];
        $number = $_POST['update-number'];
        $email = $_POST['update-email'];

          // We validate email is correct if email has been updated. 
      if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
        header("Location: ../after-login.php?error=invalidmail&uid=");
        exit();
        }
    }
?>

Upvotes: 0

Views: 365

Answers (1)

imposterSyndrome
imposterSyndrome

Reputation: 897

So you need an action on your form - i.e a script to point it to to process the form (can be the same script). You also ideally want to set the method to post so that data isn't visible in the url then you need to clean your data, connect to the db and do your query.

This should help you get the right idea

Form in PDO to update data

Upvotes: 1

Related Questions