Jump to content

Allowing user to change (variable) mysql variable by a radio button

ryandward

By ryandward
in PHP Coding Help

 Share

Recommended Posts

ryandward Newbie

ryandward

Posted
Posted

I am trying to allow the user to update a variable he chooses by radio buttons, which they will then input text into a box, and submit, to change some attributes. I really need some help here.  :'( It works just fine until I add the second layer of variables on top of it, and I can't find the answer to this question anywhere.

 

<?PHP require('connect.php'); ?>

 

<form action ='' method='post'> <select name="id">

 

<?php

$extract = mysql_query("SELECT * FROM cars");

 

while($row=mysql_fetch_assoc($extract)){

$id = $row['id'];

$make= $row['make'];

$model= $row['model'];

$year= $row['year'];

$color= $row['color'];

 

echo "<option value=$id>$color $year $make $model</option>

";}?>

 

</select>

 

Which attribute would you like to change?<br />

<input type="radio" name="getchanged" value="make"/>Make<br />

<input type="radio" name="getchanged" value="model"/>Model<br />

<input type="radio" name="getchanged" value="year" />Year<br />

<input type="radio" name="getchanged" value="color" />Color<br /><br />

 

<br /><input type='text' value='' name='tochange'>

<input type='submit' value='Change' name='submit'>

 

</form>

 

//This is where I need help...

 

<?PHP

if(isset($_POST['submit'])&&($_POST['tochange'])){

mysql_query("

UPDATE cars

SET '$_POST[getchanged]'='$_POST[tochange]'

where id = '$_POST[id]'

");}?>

Link to comment
Share on other sites
Psycho Prolific Member

Psycho

Posted
Posted

It's really difficult to follow your code as it is poorly structured - plus you have no error handling in your code. If you did you would have seen the error in your UPDATE query.

mysql_query("
   UPDATE cars
   SET '$_POST[getchanged]'='$_POST[tochange]'
   where id = '$_POST[id]'
         ");

You have the field name enclosed in single quote marks. If you enclose a field name in quote marks, you have to use back quotes.

 

There are also several other problems in that code: No escaping of user input (i.e. preventing SQL injection), not referencing POST data correctly (no quote marks around index name), etc. Here is a rewrite of your code in a more logical format with error handling and other corrections.

 

<?php

require('connect.php');

$confirmMsg = '';
if(isset($_POST['submit']))
{
    //Parse user input
    $id    = (isset($_POST['id'])) ? (int) $_POST['id'] : false;
    $field = (isset($_POST['value'])) ? mysql_real_escape_string(trim($_POST['value'])) : false;
    $value = (isset($_POST['value'])) ? mysql_real_escape_string(trim($_POST['value'])) : false;
    //Create and run query
    $query = "UPDATE cars
              SET `{$field}` = '{$value}'
              WHERE id = '$id'"
    $result = mysql_query($query);
    //Check results
    if(!$result)
    {
        $confirmMsg = "There was a problem updating the record.";
    }
    elseif(mysql_affected_rows()==0)
    {
        $confirmMsg = "There was no record to update.";
    }
    else
    {
        $confirmMsg = "The record was successfully updated.";
    }
}

//Create the select list options
$recordOptions = '';
$query = "SELECT * FROM cars";
$result = mysql_query($query);
if(!$result)
{
    $recordOptions = "<option>Error Retrieving Records</option>\n";;
}
else
{
    while($row=mysql_fetch_assoc($extract))
    {
        $recordOptions .= "<option value=\"{$row['id']}\">";
        $recordOptions .= "{$row['color']} {$row['make']} {$row['model']} {$row['year']}";
        $recordOptions .= "</option>\n";
    }
}

?>
<html>
<body>

<?php echo $confirmMsg; ?><br />

<form action ='' method='post'>

<select name="id">
<?php echo $recordOptions; ?>
</select>

Which attribute would you like to change?<br />
<input type="radio" name="field" value="make"/>Make<br />
<input type="radio" name="field" value="model"/>Model<br />
<input type="radio" name="field" value="year" />Year<br />
<input type="radio" name="field" value="color" />Color<br /><br />

<br /><input type='text' value='' name='value'>
<input type='submit' value='Change' name='submit'>

</form>

</body>
</html>

Link to comment
Share on other sites
ryandward Newbie

ryandward

Posted
  • Author
Posted

Very small changes, but it worked :) Thanks again!

 

<?php

require('connect.php');

$confirmMsg = '';
if(isset($_POST['submit']))
{
    //Parse user input
    $id    = (isset($_POST['id'])) ? (int) $_POST['id'] : false;
    $field = (isset($_POST['field'])) ? mysql_real_escape_string(trim($_POST['field'])) : false;
    $value = (isset($_POST['value'])) ? mysql_real_escape_string(trim($_POST['value'])) : false;
    //Create and run query
    
    $query = "UPDATE cars
              SET `{$field}` = '{$value}'
              WHERE id = '$id'";
    
    $result = mysql_query($query);
    //Check results
    if(!$result)
    {
        $confirmMsg = "There was a problem updating the record.";
    }
    elseif(mysql_affected_rows()==0)
    {
        $confirmMsg = "There was no record to update.";
    }
    else
    {
        $confirmMsg = "The record was successfully updated.";
    }
}

//Create the select list options
$recordOptions = '';
$query = "SELECT * FROM cars";
$result = mysql_query($query);
if(!$result)
{
    $recordOptions = "<option>Error Retrieving Records</option>\n";;
}
else
{
    while($row=mysql_fetch_assoc($result))
    {
        $recordOptions .= "<option value=\"{$row['id']}\">";
        $recordOptions .= "{$row['color']} {$row['make']} {$row['model']} {$row['year']}";
        $recordOptions .= "</option>\n";
    }
}

?>
<html>
<body>

<?php echo $confirmMsg; ?><br />

<form action ='' method='post'>

<select name="id">
<?php echo $recordOptions; ?>
</select>

Which attribute would you like to change?<br />
<input type="radio" name="field" value="make"	/>Make<br />
<input type="radio" name="field" value="model"	/>Model<br />
<input type="radio" name="field" value="year" 	/>Year<br />
<input type="radio" name="field" value="color" 	/>Color<br /><br />

<br /><input type='text' value='' name='value'>
<input type='submit' value='Change' name='submit'>

</form>

</body>
</html>

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.