5

I am trying to first, get an ID to query a database and print the results in a table(this part works). I want to then take the id that was given by the user and use it to update the information in the database using PHP. I want to use the input on the second form as the values to update the database with. The table to alter is customers and it has the fields ID, NAME, ADDRESS. I do not want the user to be able to change the ID.

Form1:

<form method="post" action="">
    <p style="margin-top: 70px;">Please type the ID of the person you wish to add to change their data</p>
    <p style="margin-bottom: 0px;">ID</p>
    <input style="color:black" type="text" name="id" placeholder="10001">
    <input style="color:lightblue;background-color: rgb(80,80,80);margin-top: 7px; " type="submit" value="Submit">
</form>

Form2:

<form method="post" action="">
    <p>New Information for Customer with ID entered above</p>
    <input style='color:black;' type='text' name='newName' placeholder='Name Change'>
    <input style="color:black;" type="text" name="newAddress" placeholder="New Address">
    <input style="color:lightblue;background-color: rgb(80,80,80);margin-top: 7px; " type="submit" name="submitForm2" value="Submit">
</form>

Here is my current php as requested but it does not work and the $_POST that checks if the values are set returns false.

<?php 
            session_start();
            if (isset($_POST["id"])){
                $servername = 'localhost';
                $user = 'root';
                $pass = '';
                $db = 'the_sports_store';
                $conn = new mysqli($servername,$user, $pass, $db);

                // Check connection
                if ($conn->connect_error) {
                    echo '<script language="javascript">';
                    echo 'alert("DB Connection Failed:")';
                    echo '</script>';
                    die("" . $conn->connect_error);
                } 

                $sessionID = $_SESSION["ID"];
                $newName = $_SESSION["newName"];
                $newAddress = $_SESSION["newAddress"];
                var_dump($newName);

                $sql = "SELECT * FROM `customers` WHERE ID='$sessionID';";


                //display the current record, allow user input to alter it, then display new data
                if ($conn->query($sql) == TRUE) {
                    echo"<div class='col-10'>";
                    echo"<table>";
                    echo"<tr>
                            <td align='justify'><b>ID</b></td>
                            <td align='justify'><b>NAME</b></td>
                            <td align='justify'><b>ADDRESS</b></td>
                         </tr>";
                    $result = mysqli_query($conn, $sql);
                    $row = mysqli_fetch_assoc($result);
                    echo "<tr><td style='padding: 10px;'>{$row['ID']}</td><td>{$row['NAME']}</td><td>{$row['ADDRESS']}</td></tr>";
                    echo "</table>";
                    echo "</div>";





                    if(!empty($_POST["newName"]) && !empty($_POST["newAddress"])){
                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';
                        $newName = $_POST["newName"];
                        $newAddress = $_POST["newAddress"];
                        $sqlChange = "UPDATE `customers` 
                                        SET `NAME` = '$newName', `ADDRESS` = '$newAddress' 
                                        WHERE `ID` = '$sessionID';";

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }

                    }else if(!empty($_POST["newName"])){
                        $newName = $_POST["newName"];
                        $sqlChange = "UPDATE `customers` SET `NAME` = '$newName' WHERE `ID` =  '$sessionID'";
                        echo '<script language="javascript">';
                        echo 'alert(',$newName,');';
                        echo '</script>';

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }
                    }else if(!empty($_POST["newAddress"])){
                        $newName = $_POST["newAddress"];
                        $sqlChange = "UPDATE `customers` SET `ADDRESS` = '$newAddress' WHERE `ID` =  '$sessionID'";

                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';

                        if ($conn->query($sqlChange) === TRUE) {
                            echo '<script language="javascript">';
                            echo 'alert("Update Successful.")';
                            echo '</script>';
                        } else {
                            echo '<script language="javascript">';
                            echo 'alert("Error. Update Unsucessful.")';
                            echo '</script>';
                        }
                    } else{
                        echo '<script language="javascript">';
                        echo 'alert(',$sessionID,');';
                        echo '</script>';
                    }
                }
                $conn->close();
            }

        ?>
Improve this question
11
  • If it's possible add related code! Commented Mar 7, 2018 at 5:31
  • use different name for both forms and submit button. Commented Mar 7, 2018 at 5:33
  • You are missing an "action" in your second form Commented Mar 7, 2018 at 5:35
  • The second form was on the page where the action was sent to. I have since condensed them onto a single page. Commented Mar 7, 2018 at 5:36
  • Where do they post though? Is it all just one page and both forms post to themselves? Commented Mar 7, 2018 at 5:41

1 Answer 1

Reset to default
1

Your problem is that your PHP code will only execute if the id is set. So the code will never execute when you post the second form.

Move this if (!empty($_POST["newName"]) && !empty($_POST["newAddress"])) and all elseif/else below outside of your initial if.

Also, I feel obligated to inform you about SQL Injection and how to avoid it: How can I prevent SQL injection in PHP?

Improve this answer
Sign up to request clarification or add additional context in comments.

11 Comments

They are already within the first if. Can I use the session variable there instead of just checking if the ID is set?
I said move them outside of the first if. I have no idea how you're using the session variables, are you actually setting them somewhere else?
I was using the session variable to save the ID entered in the first form so when the page refreshes on submit I keep the value
How are you doing that? And where? I don't see anything like $_SESSION["ID"] = $_POST["id"] anywhere. How to set session variables: w3schools.com/php/php_sessions.asp
I know its a security issue, but just connecting to the DB helped! Now I have a problem of an alert that says there was success in the update, but the update did not occur.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.