Reputation: 563
Editing an entry in a database using PHP
I want to edit an entry in the database through the edit button on my HTML page. The page showData.php prints out a table and shows all the entries of the database in the patients table combined with two buttons delete and edit in separate columns with each row.
When I press the Edit button, the page redirects to updateData.php. Here we can update any field except patientID. After clicking modify button it redirects to edit.php where it performs the action by applying the query to the database and then goes back again to the page showData.php.
My problem is that when I click Modify it goes back to the showData.php without actually updating the database table. Pictures are attached for convenience.
Here is the code:
showData.php
<!DOCTYPE html>
<html>
<head>
<title></title>
<style>
body {
}
</style>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
<script src="jquery-3.4.0.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
</head>
<body>
<?php
$servername = "localhost";
$username = "root";
$password = "";
try{
$conn = new PDO("mysql:host=$servername;dbname=bbdb", "$username", "$password");
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$stmn = $conn->prepare("Select * from patients order by patientID;");
$stmn->execute();
$result = $stmn->fetchAll();
echo "<br/>";
echo "<table class='table table-hover'>";
echo "<thread>
<tr>
<th scope='col'>Patient ID</th>
<th scope='col'>Name</th>
<th scope='col'>Blood Group</th>
<th scope='col'>Email</th>
<th scope='col'>Address</th>
<th scope='col'>Delete</th>
<th scope='col'>Edit</th>
</tr>
</thread>";
foreach ($result as $row) {
echo "<tr>";
echo "<td>" . $row['patientID'] . "</td>";
echo "<td>" . $row['p_name'] . "</td>";
echo "<td>" . $row['p_bloodGroup'] . "</td>";
echo "<td>" . $row['p_email'] . "</td>";
echo "<td>" . $row['p_address'] . "</td>";
echo "<td> <a href='delete.php?patientID=" . $row['patientID'] . "'>Delete</a></td>";
echo "<td> <a href='updateData.php?patientID=" . $row['patientID'] . " &p_name=" . $row['p_name'] . " &p_bloodGroup=" . $row['p_bloodGroup'] . " &p_email=" . $row['p_email'] . " &p_address=" . $row['p_address'] . "'>Edit</a></td>";
echo "</tr>";
}
echo "</table>";
}catch(PDOEXCEPTION $e){
echo "Connection Failed" , $e->getMessage();
}
?>
</body>
</html>
Here is the showData.php visualization:
updateData.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
try{
$conn = new PDO("mysql:host=$servername;dbname=bbdb", "$username", "$password");
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
session_start();
if(!isset($_SESSION['loginUsername'])){
header("location: bbIndex.php");
}
$id = $_GET['patientID'];
$name = $_GET['p_name'];
$bloodGroup = $_GET['p_bloodGroup'];
$email = $_GET['p_email'];
$address = $_GET['p_address'];
}catch(PDOEXCEPTION $e){
echo "Connection Failed" , $e->getMessage();
}
?>
<!DOCTYPE html>
<html>
<head>
<title></title>
<style>
body {
}
</style>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css">
<script src="jquery-3.4.0.min.js"></script>
<script src="https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js"></script>
<script src="https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js"></script>
</head>
<body>
<center>
<form action="edit.php" method="post" class="was-validated">
<div class="w-50 p-3">
<label>PatientID</label>
<input type="text" class="form-control" name="pID" size="30" placeholder="<?php echo $id ?>" readonly="" required="true">
<div class="valid-feedback">Valid.</div>
<div class="invalid-feedback">Please fill out this field.</div>
</div>
<div class="w-50 p-3">
<label>Name</label>
<input type="text" class="form-control" name="pname" size="30" maxlength="225" value="<?php echo $name ?>" required="true">
<div class="valid-feedback">Valid.</div>
<div class="invalid-feedback">Please fill out this field.</div>
</div>
<div class="w-50 p-3">
<label>Blood Group</label>
<input type="text" class="form-control" name="pBG" size="30" maxlength="3" value="<?php echo $bloodGroup ?>" required="true">
<div class="valid-feedback">Valid.</div>
<div class="invalid-feedback">Please fill out this field.</div>
</div>
<div class="w-50 p-3">
<label>Email</label>
<input type="email" class="form-control" name="pemail" size="30" maxlength="225" value="<?php echo $email ?>" required="true">
<div class="valid-feedback">Valid.</div>
<div class="invalid-feedback">Please fill out this field.</div>
</div>
<div class="w-50 p-3">
<label>Address</label>
<input type="text" class="form-control" name="pAdd" size="30" maxlength="225" value="<?php echo $address ?>" required="true">
<div class="valid-feedback">Valid.</div>
<div class="invalid-feedback">Please fill out this field.</div>
</div>
<button type="submit" class="btn btn-light">Modify</button>
<button type="reset" class="btn btn-light">Reset</button>
</form>
</center>
</body>
</html>
Here is the updateData.php visualization:
edit.php
<?php
$servername = "localhost";
$username = "root";
$password = "";
try{
$conn = new PDO("mysql:host=$servername;dbname=bbdb", "$username", "$password");
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$id = $_POST['pID'];
$name = $_POST['pname'];
$bloodGroup = $_POST['pBG'];
$email = $_POST['pemail'];
$address = $_POST['pAdd'];
$stmn = $conn->prepare("update patients set p_name='$name', p_bloodGroup='$bloodGroup', p_email='$email', p_address='$address' where patientID = '$id';");
$stmn->execute();
header("refresh:0;url=showData.php");
}catch(PDOEXCEPTION $e){
echo "Connection Failed" , $e->getMessage();
}
?>
Upvotes: 1
Views: 860
Answers (2)
Reputation: 983
Let's hope this isn't real patient data. By sending all fields as part of the href to the updateData.php, you do absolutely no validation and a malicious user could easily insert any data into the table just by typing their own URL in.
At a very minimum you should just pass the patient-id to updateData.php, and let it read the information from the database.
How are you not running into problems when passing data containing spaces to updateData.php?
Upvotes: 1
Reputation: 44
Just change placeholder attribute to value attribute for input $id in updateData.php.
Your value of $id which you are using in WHERE clause in your query is not passing from updateData.php to edit.php because POST method takes whatever there is in value attribute and POST it but in your case, you are using placeholder attribute. Rest of the information is passing except your $id so that's why your query is not outputting what you want.
Hope it helps :)
Upvotes: 1
Related Questions
- Editing data from MySQL via PHP
- PHP form to edit database entries
- Edit database row from PHP page
- Edit Value in MySQL Database
- Php - How can I edit a certain row in my html table and update my db?
- how to edit a record from MySQL database
- Data from MySQL Database - Edit entry
- Edit data from Mysql using php
- EDIT Single ROW in database from html form
- Editing a mySQL record with PHP