Update Button

spanner206 · October 22, 2013

hi ive been trying to sort this update button out but i keep getting errors and got no clue how to fix it. heres the code.

<?php

$con=mysqli_connect("localhost","","","lcm");

// Check connection

if (mysqli_connect_errno())

{

echo "Failed to connect to MySQL: " . mysqli_connect_error();

}

$sql = "Select * from tbl_contactinfo";

if (isset($_POST['update'])){

$UpdateQuery = "UPDATE tbl_contactinfo SET Name='$_POST[Name]', Address='$_POST[Address]' WHERE Name = '$_post[hidden]'";

mysql_query($UpdateQuery,$con);

};

if ($result = mysqli_query($con, $sql)){

echo "<table border='1'>

<tr>

<th>Address</th>

</tr>";

while($row = mysqli_fetch_array($result))

{ echo "<form action = index1.php method =post>";

echo "<tr>";

echo "<td>" . "<input type= text name =Name value =" . $record['Name'] . "</td>";

echo "<td>" . "<input type= text name =address value =" . $record['Address'] . "</td>";

echo "<td>" . "<input type= hidden hidden =Name value =" . $record['hidden'] . "</td>";

echo "<td>" . "<input type= submit name = update value=update". " </td>";

echo "</form>";

}

echo "</table>";

mysql_close($con);

?>

if someone could help id really apreciate it.

Edited October 22, 2013 by spanner206

trq · October 22, 2013

You might want to mention the errors.

You might also want to find some beginner books on using databases with PHP. Placing user inputted data like that directly into your sql is a major security concern that will get your script easily hacked.

spanner206 · October 22, 2013

this is the error

( ! ) Parse error: syntax error, unexpected end of file in C:\wamp\www\Index1.php on line 39

Ch0cu3r · October 22, 2013

There are a few issues with your script

Variable names are case sensitive. so $_POST and $_post are completely different variables. $_post[hidden'] should be $_POST['hidden']

You should also sanitize any user input before using it within an sql query

$name    = mysql_real_escape_string($_POST['name']);
$address = mysql_real_escape_string($_POST['address']);
$hidden  = mysql_real_escape_string($_POST['hidden']);

$UpdateQuery = "UPDATE tbl_contactinfo SET Name='$name', Address='$address' WHERE Name='$hidden'";

If you don't sanitize user input you'll be prone to SQL Injection attacks which will allow a malicious user to run SQL queries to perform harmful operations.

Your HTML form is incorrect for the field named hidden

echo "<td>" . "<input type= hidden hidden =Name value =" . $record['hidden'] . "</td>";

hidden =Name should be Name = hidden

Also always output valid HTML syntax

while($row = mysqli_fetch_array($result))
{
   echo '<form action="index1.php" method="post">';
   echo '<tr>';
   echo '<td><input type="text" name="Name" value="' . $record['Name'] . '" /></td>'; 
   echo '<td><input type="text" name="address" value="' . $record['Address'] . '" /></td>';
   echo '<td><input type="hidden" name="hidden" value="' . $record['hidden'] . '" /></td>'; 
   echo '<td><input type="submit" name="update" value="update" /></td>';
   echo '</form>';
}

Also you have miss match curly braces { and } , before the closing php tags ?> you need a }

Your fixed code

<?php
 
$con = mysqli_connect("localhost","root","","lcm");
// Check connection
if (mysqli_connect_errno())
{
	echo "Failed to connect to MySQL: " . mysqli_connect_error();
}

if (isset($_POST['update']))
{
	$name    = mysql_real_escape_string($_POST['name']);
	$address = mysql_real_escape_string($_POST['address']);
	$hidden  = mysql_real_escape_string($_POST['hidden']);

	$UpdateQuery = "UPDATE tbl_contactinfo SET Name='$name', Address='address' WHERE Name='$hidden'";
	mysql_query($UpdateQuery,$con);
}

$sql = "Select * from tbl_contactinfo";
if ($result = mysqli_query($con, $sql))
{
	echo "<table border='1'>
	<tr>
	<th>Name</th>
	<th>Address</th>
	</tr>";
	 
	while($row = mysqli_fetch_array($result))
	{
		echo '<form action="index1.php" method="post">';
		echo '<tr>';
		echo '<td><input type="text" name="name" value="' . $record['Name'] . '" /></td>'; 
		echo '<td><input type="text" name="address" value="' . $record['Address'] . '" /></td>';
		echo '<td><input type="hidden" name="hidden" value="' . $record['hidden'] . '" /></td>'; 
		echo '<td><input type="submit" name="update" value="update" /></td>';
		echo '</form>';
	}
	echo "</table>";
	mysql_close($con);
}
?>

Edited October 22, 2013 by Ch0cu3r

spanner206 · October 22, 2013

HI again ive pasted the new code in and now im starting to get another error (as you can probably tell i barely no anything )

( ! ) Parse error: syntax error, unexpected 'Name' (T_STRING), expecting ',' or ';' in C:\wamp\www\Index1.php on line 33

Ch0cu3r · October 22, 2013

Did you copy and paste my code correctly? I have copied and pasted it and I get no syntax errors for line 33

		echo '<td><input type="text" name="name" value="' . $record['Name'] . '" /></td>';

Strychnine · October 22, 2013

The loop should be as followed:

	while($row = mysqli_fetch_array($result))
	{
		echo '<form action="index1.php" method="post">';
		echo '<tr>';
		echo '<td><input type="text" name="name" value="' . $row['Name'] . '" /></td>'; 
		echo '<td><input type="text" name="address" value="' . $row['Address'] . '" /></td>';
		echo '<td><input type="hidden" name="hidden" value="' . $row['hidden'] . '" /></td>'; 
		echo '<td><input type="submit" name="update" value="update" /></td>';
		echo '</form>';
	}

$record was being used for data but there was no assignment of the variable, you were using $row on the result.

Edited October 22, 2013 by Strychnine

spanner206 · October 22, 2013

YES, GET IN, CHEERS FOR EVERYONES HELP :D :D :D :D

spanner206 · October 22, 2013

actually scratch that when i press update these messages comes up.

( ! ) Notice: Undefined index: Name in C:\wamp\www\Index1.php on line 12 Call Stack # Time Memory Function Location 1 0.0000 146432 {main}( ) ..\Index1.php:0

( ! ) Notice: Undefined index: Address in C:\wamp\www\Index1.php on line 13 Call Stack # Time Memory Function Location 1 0.0000 146432 {main}( ) ..\Index1.php:0

Ch0cu3r · October 22, 2013

In the form code I changed the field names to all lowercase, to get the name use $_POST['name'] for address use $_POST['address'].

Are you using my code as it is in reply #4?

spanner206 · October 22, 2013

yh sorry about that i was playing around trying to figure it out but now ive changed it back im getting no error messages but the update button is more like a reset because when i press it it resets the changes i make to the records, any ideas??

Barand · October 22, 2013

$UpdateQuery = "UPDATE tbl_contactinfo SET Name='$name', Address='address' WHERE Name='$hidden'";

Name='address'

should be

Name='$address'

Edited October 22, 2013 by Barand

Sign In

Update Button

Recommended Posts

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Link to comment

Share on other sites

Join the conversation

Important Information