Jump to content

PHP update DataBase


Go to solution Solved by QuickOldCar,

Recommended Posts

Ho guys, i have one page where i choose witch iten i want to update, and when the user press "alterar" it redirect to another page where there's a form that show's the values in database and let the user decide what he want update.

But the update is not working.

 

There's the code of the 2 pages:

 

 

avaliacaoAlterar.php

<?php require "verificauser.php"; ?>

<!DOCTYPE html>
<html lang="en">

<head>
<meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="description" content="">
<meta name="author" content="">

<title>Alterar Avaliações</title>

<!-- Bootstrap Core CSS -->
<link href="css/bootstrap.min.css" rel="stylesheet">

<!-- Custom CSS -->
<link href="css/sb-admin.css" rel="stylesheet">
<!-- Morris Charts CSS -->
<link href="css/plugins/morris.css" rel="stylesheet">

<!-- Custom Fonts -->
<link href="font-awesome/css/font-awesome.min.css" rel="stylesheet" type="text/css">
</head>

<body>

<div id="wrapper">
<nav class="navbar navbar-inverse navbar-fixed-top" role="navigation">			
				
<?php
include("menuLateral.php");
include("menuTop.php");
?>
</nav>	
					
<div id="page-wrapper">
<div class="container-fluid">
					
<div class="row">
<div class="col-lg-12">
<div class="alert alert-info alert-dismissable">
<a href="avaliacao.php"> Avaliações Recentes</a>
 || 
<a href="avaliacaoPermitida.php">Avaliações Permitidas</a>
 || 
<a href="avaliacaoAlterar.php">Alterar Avaliações</a>
</div>
</div>
</div>
<?php
$con=mysqli_connect("localhost","root","6794","website");
if (mysqli_connect_errno()){
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
	
$query = mysqli_query($con, "SELECT * FROM `avaliacao` ");
$ln = mysqli_fetch_array($query);
$avaliacao=$_GET['avaliacao'];

$query2 = mysqli_query($con, "SELECT * FROM `avaliacao` WHERE id = $avaliacao");
$row = mysqli_fetch_array($query2);

		
		
?>
<div id="page-wrapper">
<div class="container-fluid">	
<table>
<form action="alterar.php" method="POST">
			
<tr>
<td>Número       <input type="number" max="10" name="id" id="id" value='<?php echo $avaliacao ?>' required></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Nota            <input type="number" name="nota" id="nota" value='<?php echo $row['nota']; ?>' required></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td>Comentário <textarea name="comentario" id="comentario" rows="1" cols="22" required><?php echo $row['comentario']; ?></textarea></td>
</tr>
<tr>
<td> </td>
</tr>
<tr>
<td><input type="submit" name="alterarAvaliacao" id="alterarAvaliacao"> </td>
</tr>
</form>
</table>
</div>
</div>
<?php
mysqli_close($con);
?>

</body>

</html>

alterar.php

<?php
$con=mysqli_connect("localhost","root","6794","website");
// Check connection
if (mysqli_connect_errno())
{
echo "Failed to connect to MySQL: " . mysqli_connect_error();
}
		
$id = $_POST["id"];
$nota = $_POST["nota"];
$comentario = $_POST["comentario"];
		
$update= "UPDATE avaliacao SET `nota` = $nota , comentario` = $comentario WHERE íd` = $id";
mysqli_query($con, $update);
		
header('Location: inicio.php');
	
mysqli_close($con);
?>

Can anyone help me?

Link to comment
https://forums.phpfreaks.com/topic/296920-php-update-database/
Share on other sites

You've got issues with the backticks and quotes in your update query.

 

UPDATE avaliacao SET `nota` = '$nota' , `comentario` = '$comentario' WHERE `íd` = $id

 

Honestly, you only need backticks when your table or column names are a reserved word, which I don't believe is the case here, so you shouldn't need them at all. All strings have to be enclosed in quotes. I've updated your query in red above.

 

Of course, the bigger issue is that you've got no validation or sanitization at all.

Link to comment
https://forums.phpfreaks.com/topic/296920-php-update-database/#findComment-1514361
Share on other sites

  • Solution

Try this query.

$update= "UPDATE avaliacao SET nota = '{$nota}' , comentario = '{$comentario}' WHERE id = '{$id}'";

You should be checking if POST values are set, data are expecting and not empty, also escaping them.

mysqli_real_escape_string

 

edit:

Maxxd beat me posting.

Edited by QuickOldCar
Link to comment
https://forums.phpfreaks.com/topic/296920-php-update-database/#findComment-1514362
Share on other sites

I had mysql_real_scape_string:

<?php
function limpa($valor){
return (mysql_real_escape_string(stripslashes($valor)));
}
?>

I'm converting all the website to mysqli, and i took the function off to be easly to search for errors. In the end i'll place them all.

 

Thx for your help, with that 

$update= "UPDATE avaliacao SET nota = '{$nota}' , comentario = '{$comentario}' WHERE id = '{$id}'";

thx QuickOldCar.

 

BTW, if you could convert my mysql_real_scape_string to mysqli would be great. Do i need only to place the i?? (mysql-->mysqli or do i need something else? I'm realy new in MySQLi...

Link to comment
https://forums.phpfreaks.com/topic/296920-php-update-database/#findComment-1514364
Share on other sites

You have to pass the connection as well.

$update= "UPDATE avaliacao SET nota = '{mysqli_real_escape_string($con,$nota)}' , comentario = '{mysqli_real_escape_string($con,$comentario)}' WHERE id = '{mysqli_real_escape_string($con,$id)}'";
Edited by QuickOldCar
Link to comment
https://forums.phpfreaks.com/topic/296920-php-update-database/#findComment-1514366
Share on other sites

 

You have to pass the connection as well.

$update= "UPDATE avaliacao SET nota = '{mysqli_real_escape_string($con,$nota)}' , comentario = '{mysqli_real_escape_string($con,$comentario)}' WHERE id = '{mysqli_real_escape_string($con,$id)}'";

I can't create a function like i did before?

Link to comment
https://forums.phpfreaks.com/topic/296920-php-update-database/#findComment-1514367
Share on other sites

mysqli_real_escape_string requires the connection made first

function limpa($con,$valor){
return mysqli_real_escape_string($con,$valor);
}

does this really save you making the function another function?

As i said before i'm new with MySQLi, just trying to understand it better and learn what is possible do with it and how. Thx for your help

Link to comment
https://forums.phpfreaks.com/topic/296920-php-update-database/#findComment-1514370
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.