Update table and other Update SQL questions

[ciresuark]

I'm new to PHP and I was able to figure out how to populate data from my database into my text fields. I am trying to add the update information to the same php file; however, I am now receiving errors within the data I was able to populate, 

Notice: Undefined variable: stmt in C:\xampp\htdocs\Cust_App\update.php on line 47

Warning: Invalid argument supplied for foreach() in C:\xampp\htdocs\Cust_App\update.php on line 47

and errors with the Update statement 

Notice: Undefined variable: stmtupdate in C:\xampp\htdocs\Cust_App\update.php on line 96

Notice: Trying to access array offset on value of type null in C:\xampp\htdocs\Cust_App\update.php on line 96

Notice: Undefined variable: customerID in C:\xampp\htdocs\Cust_App\update.php on line 96

I had defined the customerID variable above in the code, but it isn't being captured from here. 

I tried setting up this query like the one which gathered the data, but I'm off by a little bit. I would like the option to be able to update all fields.

Any help is appreciated. I'm trying to learn as I may get asked to update other forms in the future. (new boss asks a lot)

<?php
require_once('database.php');


?>



<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">

<!-- the head section -->
<head>
    <title>My Guitar Shop</title>
    <link rel="stylesheet" type="text/css" href="main.css" />
</head>

<!-- the body section -->
<body>
<div id="page">

    <div id="header">
        <h1>SportsPro Technical Support</h1>
        <p>Sports management software for the sports enthusiast.</p></h1>
    </div>

    <div id="main">

        <h1>View/Update Customer</h1>

        <form action="update.php" method="get" >
        <?php

        if(isset($_GET['customerID'])) {
            $customerID = filter_input(INPUT_GET, 'customerID', FILTER_SANITIZE_NUMBER_INT);
            $sql = "SELECT * FROM customers  WHERE customerID =$customerID ";
            $stmt = $db->query($sql);

        }

        ?>
        <div id="content">
            <!-- display a table of products -->
            <h2>Customers</h2>
            <form method = "edit">
               <?php foreach ($stmt as $cust) { ?>
                <div>
                    <label>First Name</label>
            <input type="text" name="name" class ="form-control" value ="<?php echo $cust['firstName']; ?>">
            </div><br>
                <div>
                    <label>Last Name</label>
                    <input type="text" name="name" class ="form-control" value ="<?php echo $cust['lastName']; ?>">
                </div><br>
            <div>
            <label>Address</label>
            <input type="text" name="address" class ="form-control" value ="<?php echo $cust['address']; ?>">
                </div><br>
                <div>
                    <label>City</label>
            <input type="text" name="city" class ="form-control" value ="<?php echo $cust['city']; ?>">
                </div><br>
                <div>
                    <label>State</label>
            <input type="text" name="state" class ="form-control" value ="<?php echo $cust['state']; ?>">
                </div><br>
                <div>
                    <label>Country</label>
            <input type="text" name="countryCode" class ="form-control" value ="<?php echo $cust['countryCode']; ?>">
                </div><br>
                <div>
                    <label>Zip Code</label>
            <input type="text" name="postalCode" class ="form-control" value ="<?php echo $cust['postalCode']; ?>">
                </div><br>
                <div>
                    <label>Email </label>
            <input type="text" name="email" class ="form-control" value ="<?php echo $cust['email']; ?>">
                </div><br>
                <div>
                    <label>Phone Number </label>
            <input type="text" name="phone" class ="form-control" value ="<?php echo $cust['phone']; ?>">
                </div><br>
                <div>
                    <label>Password </label>
            <input type="text" name="password" class ="form-control" value ="<?php echo $cust['password']; ?>">
                </div><br>
                <div>

                <?php    }


                ?>
            <input type="Submit" name="Update_Data" value="Update Data"></input>
                    <?php
                    $sql2 = "UPDATE customers SET firstName = ". $stmtupdate['firstName']." WHERE customerID =$customerID ";
                    $stmtupdate = $db->query($sql2);

                    ?>
        </div>
    </div>

    <div id="footer">
        <p>
            &copy; <?php echo date("Y"); ?> SportsPro, Inc.
        </p>
    </div>

</div><!-- end page -->
</body>
</html>

 

[Barand]

The $stmt variable is set only if $_GET['customerID'] exists.

However you attempt to use it later in the code.

As you are querying for a specific user and will get only a single record, why are you using a loop to process  it?

You should be using prepared statements and not putting values directly into your SQL statements.