0

I'm trying to make a form that will update a row in a database. So I can make titles for posts and stuff like that.

Can anyone help me?

Improve this question
2
  • post your code please. Then only we can try to figure out your problem Commented Jan 15, 2013 at 10:01
  • if (isset($_POST['title'])&& isset($_POST['content'])) { $query = "UPDATE text SET title='".mysql_real_escape_string($_POST['title'])."', content='".mysql_real_escape_string($_POST['content'])."' WHERE id='$post_id'"; mysql_query($query); Commented Jan 15, 2013 at 10:11

2 Answers 2

Reset to default
1

Update: Given the short string of code you have provided, I shall make some minor updates to my answer.

Your question is very general, but I'll provide some code to get you started. For instance if you want to update the title for post #60.

HTML

<form action='update.php' method='POST'>
    <label for='title'>Post title:</label>
    <input type='text' id='title' name='title' required>

    <label for='content'>Post body:</label>
    <textarea cols='80' rows='10' id='content' name='content'></textarea>

    <input type='hidden' name='postID' value='60'>
    <button type='submit'>Update</button>
</form>

I'm assuming each post has a unique ID called id. Again this is a very simple example. For the sake of this example I'll also assume your database is MySQL. I will use PDO here but feel free to use mysqli, or the mysql driver if you really have to.

PHP (update.php)

<?php

    // Define your MySQL credentials here
    define('DB_NAME', 'your database name');
    define('DB_HOST', 'localhost'); // usually it's localhost
    define('DB_PORT', 3306) // usually it's 3306
    define('DB_USER' 'username');
    define('DB_PASSWORD', 'password');

    // Check if your HTTP POST parameters are set
    if(!isset($_POST['title']) || !isset($_POST['content']) || !isset($_POST['id'])) {
        die('Missing POST parameters');
    }

    // Create a new PDO instance
    $db = new PDO("mysql:dbname=" . DB_NAME . ";host=" . DB_HOST . ";port=" . DB_PORT, DB_USER, DB_PASSWORD);

    $sql = 'UPDATE `text` SET `title` = :title, `content` = :content WHERE `id` = :id;';

    // Create a new PDOStatement by preparing it
    $statement = $db->prepare($sql);

    // Bind the values to the prepared statement
    // By doing this you don't have to worry about escaping them
    $statement->bindValue(':title', $_POST['title'], PDO::PARAM_STR);
    $statement->bindValue(':content', $_POST['content'], PDO::PARAM_STR);
    $statement->bindValue(':id', $_POST['postID'], PDO::PARAM_INT);

    // Execute the prepared statement
    $statement->execute();

    // Since we're doing an update, it is a good idea to check if the query succeeded.
    // rowCount() should return 1 here
    if($statement->rowCount()) {
        echo 'Post title updated.';
    }
?>

For more information you can consult the MySQL documentation for the UPDATE query (or the documentation for your RDBMS).

Hopefully this will get you started!

Improve this answer
Sign up to request clarification or add additional context in comments.

5 Comments

Thanks, but were do I put the mysql login data? I see "$db = new PDO("mysql:dbname=" . DB_NAME . ";host=" . DB_HOST . ";port=" . DB_PORT, DB_USER, DB_PASSWORD);" That is PDO? Sorry, I've never used it.
You can declare them as constants, you can put dollar signs in front of the capitalized text and make them variables, or you can directly write them in there without string concatenation. I'll further edit my code to clarify.
Thanks! It's not working yet. There were some errors. But thanks :)
Also only last question, the table here if i'm not wrong should be called text right?
In your original query you called your table text so that's what I used here.
0

core script file

<?  
mysql_connect(); 
mysql_select_db("new"); 
$table = "test"; 
if($_SERVER['REQUEST_METHOD']=='POST') { //form handler part: 
  $name = mysql_real_escape_string($_POST['name']); 
  if ($id = intval($_POST['id'])) { 
    $query="UPDATE $table SET name='$name' WHERE id=$id"; 
  } else { 
    $query="INSERT INTO $table SET name='$name'"; 
  } 
  mysql_query($query) or trigger_error(mysql_error()." in ".$query); 
  header("Location: http://".$_SERVER['HTTP_HOST'].$_SERVER['PHP_SELF']);  
  exit;  
}  
if (!isset($_GET['id'])) { //listing part: 
  $LIST=array(); 
  $query="SELECT * FROM $table";  
  $res=mysql_query($query); 
  while($row=mysql_fetch_assoc($res)) $LIST[]=$row; 
  include 'list.php'; 
} else { // form displaying part: 
  if ($id=intval($_GET['id'])) { 
    $query="SELECT * FROM $table WHERE id=$id";  
    $res=mysql_query($query); 
    $row=mysql_fetch_assoc($res); 
    foreach ($row as $k => $v) $row[$k]=htmlspecialchars($v); 
  } else { 
    $row['name']=''; 
    $row['id']=0; 
  } 
  include 'form.php'; 
}  
?>

and 2 template files: form.php

<form method="POST">
<input type="text" name="name" value="<?=$row['name']?>"><br>
<input type="hidden" name="id" value="<?=$row['id']?>">
<input type="submit"><br>
<a href="?">Return to the list</a>
</form>

and list.php

<a href="?id=0">Add item</a>
<? foreach ($LIST as $row): ?>
<li><a href="?id=<?=$row['id']?>"><?=$row['name']?></a>
<? endforeach ?>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.