0

The way I've structured my form data is by creating them in a while loop, but each time they are created the form will take a unique id. So my question is, how do I access them individually and update specified data to a MYSQL server. I've attempted to do it in the code at the end of the script, but I'm not sure how to access the forms individually

<?php 
        include 'user_data.php';
        include 'core.inc.php';

        $query = mysql_query("SELECT `post_text` FROM `posts`,`sub_posts` WHERE sub_posts.post_id = posts.id AND                sub_posts.user_id='$user_id'");

        while($row = mysql_fetch_array($query)){

          ?><a href="#" class="askedClick"><?php echo $row[post_text].'<br>'?></a>

          <form action="<?php $curent_file ?>" method="POST">
            <textarea name="answer_field" > </textarea><br />
            <input type="submit" value="Submit Answer">
            <input type="hidden" name="post_id" value="<?php echo $row['post_id']; ?>" />
         </form>

    <?php
        }//While Loop
    if (isset($_POST['answer_field']) && !empty($_POST['answer_field'])){   
        $answer = mysql_real_escape_string($_POST['answer_field']);
        $id = intval($_POST ['post_id']);
        $query = "UPDATE `sub_posts` SET `sub_answer`='$answer' WHERE `post_id`='$id'";
    }


?>
Improve this question
4
  • Don't mix up $_POST ['answer'] and $_POST ['answer_field']. Both must have the same name, as you're referring to the same thing. Commented Feb 16, 2013 at 1:02
  • Is the if condition correct here? Doesn't seem to be updating to the server Commented Feb 16, 2013 at 1:06
  • Yep. You may want to actually execute the created SQL query by passing it to mysql_query though ;) Since the $id variable is guaranteed to be a number, the quotes around it are not necessary in the query. Commented Feb 16, 2013 at 1:09
  • 1
    Those small things you don't notice, and I just realized I hadn't even selected post_id in the original query. Thanks for the help, much appreciated Commented Feb 16, 2013 at 1:11

1 Answer 1

Reset to default
2

Only a single form gets posted when clicking the "submit" field. The form name does not get submitted by itself. Instead, you would place the post ID to which the form corresponds as a hidden field:

<input type="hidden" name="post_id" value="<?php echo $row['post_id']; ?>" />

And then later:

$answer = mysql_real_escape_string ($_POST ['answer']);
$id = intval ($_POST ['post_id']);
$query = "UPDATE `sub_posts` SET `sub_answer`='{$answer}' WHERE `post_id`={$id}";

Note that you definitely need to escape the answer before putting it in the query and make sure that the ID is a number. Otherwise, you're opening up your code to SQL injection attacks.

Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

I appreciate the help, I am going to go implement this now it should most definitely work. $id = intval ($_POST ['post_id']);, what is the "intval" in the code?
The "intval" function converts the parameter it is passed to an integer (the name stands for "integer value", check out the docs. If you don't do this, somebody could edit your form and change it into '-1 OR 1=1', then your query's where clause would be: "WHERE post_id=-1 OR 1=1", which is always true, updating every single record in the table.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.