9

I want to update a database so that when you put your text in a text box and click the submit button, the data will be sent to the database with a specific id. It is clear what I want to do in the code below. When I write something like this and run it, I receive a 403 error: Access forbidden. How can I fix this?

<?php
   function updater($value,$id){
// Create a connection
   $conn = new mysqli( 'localhost' , 'user_name' , '' , 'data_base_name' );
// Check the connection
   if ($conn->connect_error) {
       die("Connection failed: " . $conn->connect_error);
   }
   $sql = "UPDATE table_name SET name=$value WHERE id=$id";
   if ($conn->query($sql) === TRUE) {
       echo "Record updated successfully";
   } else {
       echo "Error updating record: " . $conn->error;
   }
//$conn->close();
}
?>

<!DOCTYPE html>
<html>
<header>
</header>
<body>
    <form action="<?php updater($_POST['name'],1); ?>" method="post" style="height:50px;width:50px;">
        <input type="text" name="name" /><br><br>
        <input type="submit" /><br/>
    </form>
</body>
</html>
Improve this question
5
  • 4
    this action="<?php updater($_POST['name'],1); ?>" is definitely questionable. Plus, your value is a string; treat it as such in your SET. Commented Apr 20, 2015 at 23:38
  • you don't invoke the function inside the action attribute, you put in there the url which the form will be processed Commented Apr 20, 2015 at 23:39
  • I know.... can you show me the true way? Commented Apr 20, 2015 at 23:39
  • 1
    @Ghost care to do the honours? ;-) I have to run. Commented Apr 20, 2015 at 23:40
  • my english is not so good... what do you mean? please write me how to do that work... tnx a lot! Commented Apr 20, 2015 at 23:42

2 Answers 2

Reset to default
6

You need to put the URL inside the action attribute that does the form processing, not the function:

action="<?php updater($_POST['name'],1); ?>"  // not this
action="" // empty for the same page

Also, usually the edited value fills the input and the record's id is added to the form in a hidden field. If processing is on the same page, best to leave the action empty. So a basic form could be like this:

<form action="" method="post">
    <input type="text" name="name"  value="<?=htmlspecialchars($row['name']) ?>"/><br>
    <input type="hidden" name="id" value="<?=htmlspecialchars($row['id']) ?>"/>
    <input type="submit" /><br/>
</form>

Above the form, the processing has to be added

if($_SERVER['REQUEST_METHOD'] === 'POST') {
    $conn = new mysqli( 'localhost' , 'user_name' , '' , 'data_base_name' );
    updater($conn, $_POST['name'], $_POST['id']);
}

Besides, you must use safer prepared queries:

function updater($mysqli, $value, $id) {
    $sql = "UPDATE table_name SET name = ? WHERE id= ?";
    $update = $mysqli->prepare($sql);
    $update->bind_param('si', $value, $id);
    $update->execute();
    return $update->affected_rows;
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

like this:

<?php
function updater($value,$id){
    // Create connection
    $conn = new mysqli( 'localhost' , 'user_name' , 'pass' ,'data_base_name' );
    $value =mysqli_real_escape_string($conn,$value);
    $id =mysqli_real_escape_string($conn,$id);
    // Check connection

    if ($conn->connect_error) {
        die("Connection failed: " . $conn->connect_error);
    }   
    $sql = "UPDATE table_name SET name='{$value}' WHERE id='{$id}'";
    if ($conn->query($sql) === TRUE) {
        echo "Record updated successfully";
    } else {
        echo "Error updating record: " . $conn->error;
    }
    $conn->close();
}   

if(isset($_POST['name'])){
    updater($_POST['name'],$_POST['id'])
}
?>

<!DOCTYPE html>
<html>
<header>
</header>
<body>
<form action="" method="post" style="height:50px;width:50px;">
    <input type="hidden" name="id" value="1" />           
    <input type="text" name="name" /><br><br>
    <input type="submit" /><br/>
</form>
</body>
</html>
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.