0

How can I update a row in my mySql database from a HTML form. I have tried every technique and nothing seems to work. I would like that users could update their own profile page information.

I have a form on my page but the data doesn't get sent through.

What am i missing?

Here is my code:

------------INDEX.php

<?php 
            require_once("inc/database.php");
            require_once("inc/query.php");
        ?>
        <div class="wrapper">
            <div class="content">
            <h1>User Profiles</h1>

                <?php
                while ($row = $results->fetch()) {

                    $id = ($row["id"]);
                    $name = ($row["name"]);
                    $age = ($row["age"]);
                    $password = ($row["password"]);

                    print '<div ' . 'class= id-' . ($id) . '">';
                    print "<p>" . ($name) . "</p>";
                    print "<p>" . ($password) . "</p>";
                    print "<p>" . ($age) . "</p>";
                    print "</div>";

                }
                ?>
        </div>
            </div>
            <form action="inc/addnew.php" method="post">
                <p>Name: <input type="text" name="name" required></p>
                <p>ID: <input type="text" name="id" value="<?php echo $id; ?>"></p>
                <p><input type="submit" value="Lisää"></p>
            </form>

------------QUERY.php

<?php

try{
    $results = $db->query("SELECT name, password, age, id FROM users");
    $results->execute();
    // echo "Our query ran successfully.";
} catch (Exception $e){
    echo "Data could not be retrived from the database.";
    exit;
}

------------DATABASE.php

<?php

try{
    $db = new PDO('mysql:host=localhost;dbname=user_profile;port=8889', 'User_profile','bFeLcZjMmVw4PBaF');
    $db->setAttribute(PDO::ATTR_ERRMODE,PDO::ERRMODE_EXCEPTION);
    $db->exec("SET NAMES 'utf8'");
} catch (Exception $e){
    echo "Could not connect to the database.";
    exit;
}

------------UPDATE.php

<?php
require_once("database.php");


if( isset( $_POST['name'] ) &&  strlen( $_POST['id'] )){

    $id = $_POST['id'];
    $name = $_POST['name'];


    $results=("UPDATE users SET name='$name' WHERE id=$id");
    }

        header("Location: ../index.php");
    }
else
    {
        //error either $_POST['login'] is not set or $_POST['login'] is empty form field
        echo 'Name or ID field was empty. Please fill out those fields. <a href="../index.php">Back to site</a> <br>';
    }
Improve this question
2
  • 1
    The form's action is inc/addnew.php. Does that file exist? Does it handle the form post? Commented Oct 24, 2013 at 16:00
  • @David ooh i didn't notice that now it goes through but the field doesn't update : / Commented Oct 24, 2013 at 16:06

2 Answers 2

Reset to default
2

How you expect this query to execute? 

$results=("UPDATE users SET name='$name' WHERE id=$id");

you are just generating a query here on UPDATE.php without actually doing anything with it.

Replace this line with:

$results = $db->query("UPDATE users SET name='$name' WHERE id=$id");
Improve this answer
Sign up to request clarification or add additional context in comments.

2 Comments

Without escaping this is really dangerous. PDO has prepared statements which make this easy to do.
Yes this is really bad, I was answering the original question without suggesting "better/proper" way of doing this.
1

You need to prepare and execute your query, not just define it as a string:

$sth = $db->prepare("UPDATE users SET name=:name WHERE id=:id")

$sth->execute(array("name" => $_POST["name"], "id" => $_POST["id"]));

You should be using placeholders to insert your data. Your query uses string interpolation which is extremely dangerous due to SQL injection bugs. Do not put $_POST data directly into a query, it's never safe.

Improve this answer

3 Comments

How would i implement this code? I have tried couple of ways but the code brakes.
No it just does nothing :/.
Read the section on prepared statements and try and use their method. Using string interpolation is extremely dangerous.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.