1

I am trying to update data from a submission form into the MySQL database using PHP. When I click on the button to update the value in the database, it becomes empty.

Additionally, I also receive the following two error messages :

Notice: Undefined variable: id in C:\xampp\htdocs\test1\edit.php on line 64

Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\test1\edit.php on line 66

The following is my PHP Code:

<?php

  $name = '';

  if (isset($_GET['editQ'])) {
    $ok = true;
    $id = $_GET['editQ'];

    if ($ok) {
      // add database code here
      $db = mysqli_connect('localhost', 'root', '', 'test2015');
      $sql = sprintf("UPDATE question SET question_body='%s'
              WHERE question_id=%s",
      mysqli_real_escape_string($db, $name),$id);
      mysqli_query($db, $sql);
      echo '<p>User updated.</p>';
      mysqli_close($db);
    }
    } else {
      $db = mysqli_connect('localhost', 'root', '', 'test2015');
      $sql = sprintf('SELECT * FROM question WHERE question_id=%s', $id);
      $result = mysqli_query($db, $sql);
      foreach ($result as $row) {
        $name = $row['question_body'];

      }
      mysqli_close($db);
    }
  ?>

  <form name="editQ" method="POST" action="edit.php" > 
    <td>Please Edit the Question</td> 
    <input type="text" name="<?php echo ($q)?>" value="<?php
            echo htmlspecialchars($name);?>" /> 
    <input type="submit" name="submit" value="Edit">
  </form>

Any help/advice would be much appreciated. Thanks in advance.

Improve this question
6
  • whats there in your query string .? Commented Feb 27, 2015 at 15:31
  • Why not use pdo libraries with prepared statement? Commented Feb 27, 2015 at 15:31
  • @nana.chorage what do you mean? Commented Feb 27, 2015 at 15:34
  • WARNING: When using mysqli you should be using parameterized queries and bind_param to add user data to your query. DO NOT use string interpolation to accomplish this because you will create severe SQL injection bugs. Please, do not use sprintf, it's a flimsy, error-prone alternative. Commented Feb 27, 2015 at 15:34
  • @Marco Mura I am using (mysqli) Commented Feb 27, 2015 at 15:34

4 Answers 4

Reset to default
2

Your form is sending POST and you're trying to get values using GET.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You don't initialize $id if it is not set in $_GET['editQ']. If however in that case you still need it, I guess you know some default id for that instance. Define it then at the top of the script in case it is later not overwritten by $_GET value.

Improve this answer

Comments

0

Try pulling the $id assignment outside the if statement:

<?php
  $name = '';


  if (isset($_GET['editQ'])) {
    $ok = true;
    $id = $_GET['editQ'];

    if ($ok) {
        // add database code here
        $db = mysqli_connect('localhost', 'root', '', 'test2015');
        $sql = sprintf("UPDATE question SET question_body='%s'
          WHERE question_id=%s",
          mysqli_real_escape_string($db, $name),
          $id);
        mysqli_query($db, $sql);
        echo '<p>User updated.</p>';
        mysqli_close($db);
    }
    else {
      $db = mysqli_connect('localhost', 'root', '', 'test2015');
      $sql = sprintf('SELECT * FROM question WHERE question_id=%s', $id);
      $result = mysqli_query($db, $sql);
      foreach ($result as $row) {
        $name = $row['question_body'];
      }
      mysqli_close($db);
    }
  }
?>

Edit: the above code clears the unset variable error, but the user is still working on distinguishing $id from $editQ.

Improve this answer

8 Comments

Thanks for the help,This gets rid of the error messages. However, the value in the database still stays empty when I am trying to update the value.
Do you think it is related to the line $name = '';? Maybe try $name = 'test_name';
Tried $name = 'test_name'; this will update the value in the database with test_name
I'd like to add that I am new to PHP, i apologise for silly questions/comments
@james: No silly questions! We were all new once :-) Maybe I don't understand what you're trying to do. UPDATE question SET question_body='%s' WHERE question_id=%s...$name, $id... should be updating row $id so field question_body equals $name. Maybe try changing mysqli_real_escape_string($db, $name) to mysqli_real_escape_string($name)?
|
0

$id is not being set before the SQL statement is being called. It's in the else section of the if statement isset($_GET['editQ']) which defines $id;

Also instead of foreach use the following with a mysqli result

while($row = $result->fetch_assoc())
{
    // STUFF
}
Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.