PHP/MySQL update problem

[emclark]

Hi PHP Freaks. Noobie here. Trying to learn PHP, following lecturesnippets.com PHP lessons. This is lesson 38. This seems like it should be simple, but no matter what I do, I can't get the database to update. Any help would be greatly appreciated. Thanks. Here's my code right now:

 

<html>

<head>

</head>

<body>

<?php

$con = mysqli_connect("localhost","Eric","******");

 

if (!$con){

die("Cannot connect:" .  mysqli_connect_error());

}

 

mysqli_select_db($con,"snippets");

 

if (isset($_POST['update'])){

$UpdateQuery = "UPDATE lectures SET Topic = '$_POST', Name='$_POST[name]', Attendance= '$_POST[attendance]'  WHERE Topic='$_POST[hidden]'";

 

mysqli_query($con,$UpdateQuery);

};

 

$sql = "SELECT * FROM lectures";

 

$myData = mysqli_query($con,$sql);

 

echo "<table border=1> 

<tr>

<th>Topic</th>

<th>Name</th>

<th>Attendance</th>

</tr>";

 

while($record = mysqli_fetch_array($myData)){

echo"<form action=mydata3.php method=post>";

echo "<tr>";

echo "<td>" . "<input type=text name=topic value=" . $record['Topic']  . "> </td>";

echo "<td>" . "<input type=text name=name value=" . $record['Name']  . "> </td>";

echo "<td>" . "<input type=text name=attendance value=" . $record['Attendance']  . "> </td>";

echo "<td>" . "<input type=hidden name=hidden value=" . $record['Topic']  . "> </td>";

echo "<td>" . "<input type=submit name=submit value=update" . "> </td>";

echo "</form>";

}

 

echo"</table>";

mysqli_close($con);

 

?>

 

</body>

</html>

[requinix]

Please look for another tutorial. That one is teaching you bad practices that can be difficult to unlearn.

 

if (isset($_POST['update'])){

That is trying to detect that the form was submitted (and is trying to update data) but it's not looking for the right information. See how there's nothing in the form with the name "update"? However there is the submit button, with the name "submit" and the value "update". You can check for that instead:

if (isset($_POST['submit']) && $_POST['submit'] == 'update'){

[wezhind]

Also I believe you need a space between echo and string containing the form element here:

echo"<form action=mydata3.php method=post>";

Good luck

[wezhind]

echo"</table>";

is possibly another error. (requires space after echo)

 

It's never a bad idea to view the source of the html that is produced by the php. Most modern browsers will allow you to right-click and view source (or in one of the menus on the standard toolbar - if you have it enabled). It's worth running through and seeing if what is produced makes sense i.e. that all the tags/elements that are open are closed etc.. The script above for instance, doesn't close the <tr> tag on each loop. I also have some issues with where the <form> tags are placed - but I'd have to check the validity of my belief and it's late

 

You can always copy the html you find using 'View source' and use a validation service like http://validator.w3.org/check to check for obvious mark-up no-no's. It's not the 'be all and end all' of validators - but it will help a little with creating well-formed html and 'bug' hunting.

 

Hopefully, any further tutorials you read/use will also introduce and strongly persuade you to very carefully think about the concept of security. In the case of the script above, it is taking a user's input and then without validation is inserting it straight into a database. Who knows what the user has just sent you - could be some disguised MySQL command that deletes all your records?!

 

http://php.net is a great place for checking out functions available to you through php.

 

I'm sorry if I'm telling you stuff you already know, but I had 5 minutes and thought I'd attempt to pass on a few (hopefully) useful bits of info.

 

Good luck

Edited January 9, 2015 by wezhind

[emclark]

Thank you Jealous moderator. 

 

Please look for another tutorial. That one is teaching you bad practices that can be difficult to unlearn.
 

if (isset($_POST['update'])){

That is trying to detect that the form was submitted (and is trying to update data) but it's not looking for the right information. See how there's nothing in the form with the name "update"? However there is the submit button, with the name "submit" and the value "update". You can check for that instead:

if (isset($_POST['submit']) && $_POST['submit'] == 'update'){

Thank you Jealous Moderator. the ISSET function was the problem.

[emclark]

echo"</table>";

is possibly another error. (requires space after echo)

 

It's never a bad idea to view the source of the html that is produced by the php. Most modern browsers will allow you to right-click and view source (or in one of the menus on the standard toolbar - if you have it enabled). It's worth running through and seeing if what is produced makes sense i.e. that all the tags/elements that are open are closed etc.. The script above for instance, doesn't close the <tr> tag on each loop. I also have some issues with where the <form> tags are placed - but I'd have to check the validity of my belief and it's late

 

You can always copy the html you find using 'View source' and use a validation service like http://validator.w3.org/check to check for obvious mark-up no-no's. It's not the 'be all and end all' of validators - but it will help a little with creating well-formed html and 'bug' hunting.

 

Hopefully, any further tutorials you read/use will also introduce and strongly persuade you to very carefully think about the concept of security. In the case of the script above, it is taking a user's input and then without validation is inserting it straight into a database. Who knows what the user has just sent you - could be some disguised MySQL command that deletes all your records?!

 

http://php.net is a great place for checking out functions available to you through php.

 

I'm sorry if I'm telling you stuff you already know, but I had 5 minutes and thought I'd attempt to pass on a few (hopefully) useful bits of info.

 

Good luck

 

Yes, Thank you. It's all good. No information is bad information. It all adds up. Better practices ahead. 

 

I understand that this is not the most secure version, but I am a noobie at PHP and this particular set of tutorials is very easy to understand, so it seemed like a good starting place. Places like PHP.net  are (at this point) a bit hard for me to decipher. I have now solved this particular problem. Thank you all for the info. 

[wezhind]

Cool. Yep, I understand you are new to the language and going for the simplest scripts to aid understanding etc - just thought if I poke you now regards security then you will hopefully be thinking about it in regards to scripts you view or use - even if you don't yet use it just yet. Good habit to form early - it should be ingrained :-)

 

Have to agree with you regards php.net and new php coders - but one day it will be one of your dearest (even if still slightly incomprehensible) friends.

 

Good luck with your learning. Glad you solved your issue.