0

I am very new to php and need some help please!

I am using a text box to display a value from a table which I would like then be able to be edited and used for an update statement.

This text box currently gets populated based on what the $studentId is and this works fine.

$conn = connection();

    $sql = "SELECT * FROM students WHERE studentId=$studentId";

    foreach ($conn->query($sql) as $row) {
    ?>
      <form>
        Student Name: <input name="name" type="text" method="post" value="<?php echo( htmlspecialchars( $row['name'] ) ); ?>" />
        <br>
        <input name="submitStudentUpdate" type="submit" value="Update" /> 
    </form>
    <?php
    }

connection(); is being provided from another page.

It's this line I need the value of

Student Name: <input name="name" type="text" method="post" value="<?php echo( htmlspecialchars( $row['name'] ) ); ?>" />

I would like to retrieve the value from this form and post to another page to be used in an update statement but how do I get at it?

I thought it may be:

if (isset($_POST['name'])) {

    echo $_POST['name'];

}

So currently, text box gets populated with

[Bob]

And I would like to be able to change it to, e.g.

[Bobby]

hit the submit button and retrieve this value.

I am using PDO.

Hope this makes sense and any help much appreciated. Thankyou.

Improve this question
2
  • why does the input have 'method="post"'? FORM tags have that attribute, not inputs. Commented Nov 23, 2013 at 18:09
  • I realized that was my error. Thanks @JAL :-) Commented Nov 23, 2013 at 21:44

2 Answers 2

Reset to default
1

You didn't define the method in your form so it defaults to get

So you should be able to get your value via $_GET['name']

I hope I'm understanding you correctly.

<?PHP
    if(isset($_GET['name'])) {

       $sql = "UPDATE students SET name = '".mysql_real_escape_string($_GET['name'])."' WHERE studentID = '".(int)$_GET['studentId']."' LIMIT 1";

       // or with pdo prepared statements (more secure)
       $stmt = $conn->prepare("UPDATE students SET name = ? WHERE studentID = ? LIMIT 1");
       $stmt->execute(array($_GET['name'], $_GET['studentId']));

    }        
$conn = connection();

        $sql = "SELECT * FROM students WHERE studentId=$studentId";

        foreach ($conn->query($sql) as $row) {
        ?>
          <form>
            Student Name: <input name="name" type="text" method="post" value="<?php echo( htmlspecialchars( $row['name'] ) ); ?>" />
            <br>
            <input type="hidden" name="id" value="<?php echo $studentId; ?>">
            <input name="submitStudentUpdate" type="submit" value="Update" /> 
        </form>
        <?php
        }
    ?>
Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

I know it's just an example for simplicity's sake, but since this is a basic question, I'm guessing the programmer is not adept at PHP, so I think it'd be better if we encouraged escaping. "UPDATE students SET name = '".mysql_real_escape_string($_GET['name'])."' WHERE studentID = '".(int) $_GET['studentId']."' LIMIT 1";
@M Miller actually, the asker says he/she is using PDO. You're recommending use of the mysql_* library apparently, which is the wrong one to use, additionally, since it's deprecated.
Yeah, I didn't know PDO offhand, and I would've used mysqli_, but that was even more complex since I'd have to instantiate an object.... The query should really be prepared. My bad, should've looked up PDO. Heck, even addslashes would at least be better than what was above.
added pdo example to answer
0 
$conn = connection();

$sql = "SELECT * FROM students WHERE studentId=$studentId";

if( isset($_GET['studentId']) )
{
   "UPDATE FROM students SET name = '".$_POST['name']."' WHERE studentId=".$_POST['studentId'];
}

foreach ($conn->query($sql) as $row) {
?>
  <form action="?studentId=<?php echo $row['studentId']; ?>" method="post">
    Student Name: <input name="name" type="text" method="post" value="<?php echo( htmlspecialchars( $row['name'] ) ); ?>" />
    <br>
    <input name="submitStudentUpdate" type="submit" value="Update" /> 
</form>
<?php
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.