1

I am working on a project that takes students attendance in class and I want to update the database data through PHP whilst running a SQL function of UPDATE, but I want to be able to update it base on the id of the data.

This is the code that I am working with at the moment.

<?php

require_once './dba.php';

$status = "";

if(isset($_POST['time_in'])) {

    $query = "INSERT INTO nameOfTable (datetime) VALUES (NOW())";

    $d = $conn->prepare($query);

    $d->execute();     

} elseif(isset($_POST['time_out'])) {
    $query = "UPDATE nameOfTable SET datetime = NOW() WHERE id = ? ";

    $d = $conn->prepare($query);

    $d->execute();     
} else {
    $status = "Can't time in!";
}

Improve this question
8
  • You forgot to call $d->bind_param() to provide a value for the ? placeholder. Commented Dec 21, 2021 at 2:03
  • 1
    Are you using MySQLI or PDO? Commented Dec 21, 2021 at 2:04
  • Where do you get the ID to update from? Commented Dec 21, 2021 at 2:04
  • @Barmar using PDO Commented Dec 21, 2021 at 2:04
  • 1
    Oh, I think I get it. You want the ID that was created by AUTO_INCREMENT when you inserted the previous time. Set a session variable from $conn->lastInsertId(), and use that when they clock out. Commented Dec 21, 2021 at 2:30

3 Answers 3

Reset to default
3

Use $conn->lastInsertId() to get the ID that was assigned when they clocked in. Save that in a session variable and use it when they clock out.

<?php

require_once './dba.php';

$status = "";

if(isset($_POST['time_in'])) {
    $query = "INSERT INTO nameOfTable (datetime) VALUES (NOW())";
    $d = $conn->prepare($query);
    $d->execute();     
    $_SESSION['clock_id'] = $conn->lastInsertId();
} elseif(isset($_POST['time_out'])) {
    if (!isset($_SESSION['clock_id'])) {
      $status = "You need to clock in first!";
    } else {
      $query = "UPDATE nameOfTable SET datetime = NOW() WHERE id = :id ";
      $d = $conn->prepare($query);
      $d->execute(['id' => $_SESSION['clock_id']]);   
    }
} else {
    $status = "Can't time in!";
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

0

You must remember to prepare the query and bind the parameters onto it.

Use the $id variable to prepare the query with the appropriate ID.

Make sure you authenticate the session before passing the ID to the query, otherwise an attacker can manipulate this data to pull anyone's data they wish.

// Its helpful to create elements within the code to bind onto. :id is ours.
$query = "UPDATE nameOfTable SET datetime = NOW() WHERE id = :id ";

$d = $conn->prepare($query);

// Run the query & bind id to :id
$d->execute(['id' => $id]);
Improve this answer

5 Comments

Do I need to define variable $id to run $d->execute? It is returning me that debug result
Yes. Make sure you define $id. If you want to test, you can do $id = 1 if you have a row with id of 1 :)
But what if I want to update without specifiying id of 1, 2, etc
Where would you like to get the ID from? What is the purpose of this script? :) You can use $_POST and $_GET to practice. If you dont want to use these, you can use a $_SESSION variable. Depends what you want to do. I'll help you out, just clarify what you need.
If you aren't going to specify the id value, then you don't need to use a prepared statement and your UPDATE will affect EVERY row in your table. Be sure that that behavior is what you want.
0

You try update

    $query = "UPDATE nameOfTable SET datetime = NOW() WHERE id = :id ";

    $d = $conn->prepare($query);

    $d->execute(['id' => $id ]);
Improve this answer

2 Comments

Do I need to define variable $id to run $d->execute? It is returning me that debug result
@s.alonzo Of course you do. How else would it know which ID you want to update?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.