Jump to content

Beginner in PHP - Populating form

Tracy2627

By Tracy2627
in PHP Coding Help

Recommended Posts

Tracy2627 Newbie

Tracy2627

Posted
Posted

I'm new to php and am playing around with basic coding.

 

I have set up a page whereby I need to update an entry in my database.

 

For now, I have set it up to populate the form with the plantID '2' but this only updates this single entry.

 

I need to set it up to select any plant (based on the primary key 'plantID') and then have it populate the form and then update the record.

 

Can any one offer some help please.

 

Thank you.

<h2>Edit a Plant</h2>
    
<?php

// run a select query to return the existing data for the record
$query = "SELECT * FROM plant WHERE plantID='2'"; 
    
$results = mysqli_query($conn, $query );

// capture any errors    
if(!$results) { 
    
echo ("Query error: " . mysqli_error($conn));
    
}
    
else {
    
// fetch and store the results for later use if no errors
while ($row = mysqli_fetch_array($results)) {
    
$cat_ID = $row['categoryID'];

$bot_name = $row['botanicName'];

$comm_name = $row['commonName'];

$pl_desc = $row['plantDescription'];

$comm_use = $row['commonUse'];
    
$pl_type = $row['plantType'];

$m_height = $row['maxHeight'];

$m_width = $row['maxWidth'];

$pop = $row['popular'];
       
}
    
}
    
?>

<form method="post" action="code/update_plant.php">

<p>Category ID: <input type="text" name="categoryID" value="<?=$cat_ID?>" required></p>

<p>Botanic Name: <input type="text" name="botanicName" value="<?=$bot_name?>" required></p>

<p>Common Name: <input type="text" name="commonName" value="<?=$comm_name?>"required></p>

<p>Plant Description: <input type="text" name="plantDescription" value="<?=$pl_desc?>" required></p>

<p>Common Use: <input type="text" name="commonUse" value="<?=$comm_use?>" required></p>

<p>Plant Type: <input type="text" name="plantType" value="<?=$pl_type?>" required></p>

<p>Max. Height (m): <input type="text" name="maxHeight" value="<?=$m_height?>" required></p>

<p>Max. Width (m): <input type="text" name="maxWidth" value="<?=$m_width?>" required></p>

<p>Popular? (Y/N): <input type="text" name="popular" value="<?=$pop?>"required></p>

<input type="submit" name="submit" value= "Update">

</form>


<?php

// MySQL Database Connect
require_once("connect.php");

// Call the file to check if the user is logged in
require_once("code/check_login.php");
 
// read the values from the form and store in variables

$categoryID = $_POST['categoryID'];

$botanicName = $_POST['botanicName'];

$commonName = $_POST['commonName'];

$plantDescription = $_POST['plantDescription'];

$commonUse = $_POST['commonUse'];

$plantType = $_POST['plantType'];

$maxHeight = $_POST['maxHeight'];

$maxWidth = $_POST['maxWidth'];

$popular = $_POST['popular'];

 
// escape variables for security

$categoryID = mysqli_real_escape_string($conn, $categoryID);

$botanicName = mysqli_real_escape_string($conn, $botanicName);

$commonName = mysqli_real_escape_string($conn, $commonName);

$plantDescription = mysqli_real_escape_string($conn, $plantDescription);

$commonUse = mysqli_real_escape_string($conn, $commonUse);

$plantType = mysqli_real_escape_string($conn, $plantType);

$maxHeight = mysqli_real_escape_string($conn, $maxHeight);

$maxWidth = mysqli_real_escape_string($conn, $maxWidth);

$popular = mysqli_real_escape_string($conn, $popular);
 
// create the UPDATE query
$query="UPDATE plant SET categoryID='$categoryID', botanicName='$botanicName', commonName='$commonName', plantDescription='$plantDescription', commonUse='$commonUse', plantType='$plantType', maxHeight='$maxHeight', maxWidth='$maxWidth', popular='$popular'WHERE plantID='2'";
 
//execute the query

$results = mysqli_query($conn, $query );

// check for errors
if(!$results) {
    
echo ("Query error: " . mysqli_error($conn));
    
exit;
    
}

else {
    
// Redirect the browser window back to the edit_plant page if there are no errors
    
header("location: ../edit_plant.php");
}
?>
Link to comment
Share on other sites
Zane Prolific Member

Zane

Posted
Posted

The simplest way would be to use a $_GET variable.  These are otherwise known as URL parameters.

 

So if you had a URL of: site.com/plant.php?pid=5

 

You could grab that value of 5 with a $_GET variable.

$plantID = $_GET['pid']

Then your query would be

$query = "SELECT * FROM plant WHERE plantID='" . $plantID . "'";
Link to comment
Share on other sites
cyberRobot Prolific Member

cyberRobot

Posted
Posted

Then your query would be

$query = "SELECT * FROM plant WHERE plantID='" . $plantID . "'";

 

@Tracy2627 - Be aware that users can tamper with the value in $plantID. So you will want to avoid putting the raw value into the query to protect yourself from SQL Injection Attacks. If you haven't done so already, you will want to look into Prepare Statements. More information can be found here:

http://php.net/manual/en/mysqli.prepare.php

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.