sk2learnphp Posted May 29, 2022 Share Posted May 29, 2022 I am trying to develop an PHP MySQL database application where edit details is not working.I am new to PHP and doing this with the help of various web resources such as youtube videos, tutorials, similar programs etc .I am able to fetch the data from the database, but when it comes to edit, the data remains the same even after changing.Can anyone suggest the solution of this problem. manage-profile.php <?php session_start(); require('connection.php'); //If your session isn't valid, it returns you to the login screen for protection if(empty($_SESSION['sl_no'])){ header("location:access-denied.php"); } //retrive student details from the student table $result=mysqli_query($con, "SELECT * FROM student WHERE sl_no = '$_SESSION[sl_no]'"); if (mysqli_num_rows($result)<1){ $result = null; } $row = mysqli_fetch_array($result); if($row) { // get data from db $stdId = $row['sl_no']; $stdRoll = $row['roll_no']; $stdName = $row['name']; $stdClass = $row['class']; $stdSex= $row['sex']; } ?> <?php // updating sql query if (isset($_POST['update'])){ $myId = addslashes( $_GET[$id]); $myRoll = addslashes( $_POST['roll_no'] ); $myName = addslashes( $_POST['name'] ); $myClass = addslashes( $_POST['class'] ); $myGender = $_POST['sex']; $sql = mysqli_query($con,"UPDATE student SET roll_no='$myRoll', name='$myName', class='$myClass', sex='$myGender' WHERE sl_no = '$myId'" ); // redirect back to profile header("Location: manage-profile.php"); } ?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" /> <title>Student Profile Management</title> <link href="css/student_styles.css" rel="stylesheet" type="text/css" /> <script language="JavaScript" src="js/user.js"> </script> </head> <body bgcolor="#e6e6e6"> <center><b><font color = "black" size="6">Online Voting System</font></b></center><br><br> <div id="page"> <div id="header"> <h2>Manage Profile</h2> <a href="student.php">Home</a> | <a href="vote.php">Current Polls</a> | <a href="manage-profile.php">Manage My Profile</a> | <a href="changepassword.php">Change Password</a>| <a href="logout.php">Logout</a> </div> <div id="container"> <table border="0" width="620" align="center"> <CAPTION><h3>Update Profile</h3></CAPTION> <form action="manage-profile.php?$id=<?php echo $_SESSION['sl_no']; ?>" method="post" onsubmit="return updateProfile(this)"> <table align="center"> <tr><td>Roll Number:</td><td><input type="text" style="background-color:#e8daef; font-weight:regular;" name="roll_no" maxlength="50" value="<?php echo $row["roll_no"]; ?>"></td></tr> <tr><td>Name:</td><td><input type="text" style="background-color:#e8daef; font-weight:regular;" name="Name" maxlength="30" value="<?php echo $row["name"]; ?>"></td></tr> <tr><td>Class:</td><td><select name='sclass' style='background-color:#e8daef; font-weight:regular;' maxlength='10' id='class' required='true'> <option value='HS-1st Year' <?php if($row["class"]=='HS-1st Year') { echo "selected"; } ?> >HS-1st Year</option> <option value='HS-2nd Year' <?php if($row["class"]=='HS-2nd Year') { echo "selected"; } ?> >HS-2nd Year</option> <option value='BA-1st Sem' <?php if($row["class"]=='BA-1st Sem') { echo "selected"; } ?> >BA-1st Sem</option> <option value='BA-3rd Sem' <?php if($row["class"]=='BA-3rd Sem') { echo "selected"; } ?> >BA-3rd Sem</option> <option value='BA-5th Sem' <?php if($row["class"]=='BA-5th Sem') { echo "selected"; } ?> >BA-5th Sem</option> <option value='BCom-1st Sem' <?php if($row["class"]=='BCom-1st Sem') { echo "selected"; } ?> >BCom-1st Sem</option> <option value='BCom-3rd Sem' <?php if($row["class"]=='BCom-3rd Sem') { echo "selected"; } ?> >BCom-3rd Sem</option> <option value='BCom-5th Sem' <?php if($row["class"]=='BCom-5th Sem') { echo "selected"; } ?> >BCom-5th Sem</option> </select> </td></tr> <tr><td>Sex:</td><td> <input type='radio' style='background-color:#e8daef; font-weight:regular;' name='gender' id='male' value='Male' <?php if($row["sex"]=='Male') { echo "checked"; } ?> >Male<br> <input type='radio' style='background-color:#e8daef; font-weight:regular;' name='gender' id='female' value='Female' <?php if($row["sex"]=='Female') { echo "checked"; } ?> >Female<br></td></tr> <tr><td> </td></tr><tr><td><input type="submit" name="update" value="Update Profile"></td></tr> </table> </form> </div> <div id="footer"> <div class="bottom_addr">Student Union Election,Anonymous College</div> </div> </body> </html> Quote Link to comment https://forums.phpfreaks.com/topic/314861-edit-details-fetches-data-from-database-but-unable-to-change-the-values/ Share on other sites More sharing options...
Barand Posted May 29, 2022 Share Posted May 29, 2022 Check the names of the input in your form. These POST fields don't exist $myName = addslashes( $_POST['name'] ); $myClass = addslashes( $_POST['class'] ); $myGender = $_POST['sex']; PS Find some recent tutorials - your HTML markup code is a decade or two out of date and deprecated. Use prepared statements instead of embedding user-provided data in your SQL. Quote Link to comment https://forums.phpfreaks.com/topic/314861-edit-details-fetches-data-from-database-but-unable-to-change-the-values/#findComment-1596815 Share on other sites More sharing options...
mac_gyver Posted May 30, 2022 Share Posted May 30, 2022 (edited) the session variable is being used to determine which row of data to query for and use to populate the form field values with. you should also use the session variable to determine which row to update. your current method, of trying to use a get parameter in the form's action attribute (which contains a programming mistake anyways), will allow anyone to update anyone else's profile, since this value can be set to anything anyone wants, not just what you have attempted to set it to in the code. all external data submitted to your web pages can come from anywhere, can be set to anything, and cannot be trusted. also, your form processing code MUST trim, then validate all inputs before using them. had you done so, with the current attempted method of passing the id through the form's action attribute, your code would be producing an error for the user alerting them that there's no input id, and it would also be producing errors for the mismatch in form field names that @Barandhas pointed out, helping you to debug the mistakes in the code. here's an additional list of issues with the code - require isn't a function. the () around the filename are unnecessary clutter and should be removed. every redirect needs an exit/die statement after it to stop php code execution. a header() does not stop php code execution. all the code on that page is being executed every time the page gets requested. the code to retrieve the exiting data should come after the post method form processing code, should only be executed if the form has never been submitted, should keep the fetched data as an array, and should fetch the data into the same named variable that the post method form processing code is using (which should also be an array), so that after the form has been submitted, the form data will repopulate the form field values, so that the user doesn't need to keep reentering the changes over and over upon an error. if the query to get the existing data doesn't match a row, that's error and you should setup and display a message for the user alerting them to this problem, rather than to display a blank edit form. don't copy variables to other variables for nothing. this is just a waste of your time typing. the only time you should copy variables to other variables is when the meaning of the data in the variable has been altered, e.g. when trimming data, ... don't attempt to detect if the submit button is set. there are cases where it won't be. instead, detect if a post method form was submitted. if there can be more than one form processing code on a page, use a hidden field with a different value for each form, then use those values in the form processing code to control which code to execute. keep the form data as a set, in an array variable, then operate on elements in this array variable throughout the rest of the code. trim all the input data at once. since you will be keeping it in an array variable, you can do this will one single statement. validate all inputs, storing validation errors in an array, using the field name as the array index. after the end of the validation logic, if the array holding the user/validation errors is empty, use the submitted form data. because the update query can result in duplicate data (any column that must be unique should be defined as a unique index in the database table), you need error handling for that query that will test if a duplicate index error number has occurred, then setup a message for the user telling them what was wrong with the data that they submitted, so that they can correct the problem and resubmit the form. if there are errors at item #10, the code would continue on to display the html document, where you would test the array holding the errors and display its contents if there are, and redisplay the form, populating the form field values with the submitted form data. to get the form to submit to the same page it is on, simply leave the entire action='...' attribute out of the form tag. apply htmlentities() to any value you output on a web page to help prevent cross site scripting. don't write out code for every possible value. for the select/option choices and the radio buttons, define the choices in arrays, than loop over these defining arrays to produce the markup. you can also use these defining arrays in the validation logic to insure that only a permitted choice was made. the first select/option choice is usually an empty value with text that serves as a prompt to select one of the actual choices. this is actually need for the 'required' attribute to work, should the existing data being edited be empty or not match one of the permitted choices. this also results in an easily detected value for the server-side validation logic to test for. when you switch to use prepared queries, you would also want to switch to the much simpler PDO database extension. Edited May 30, 2022 by mac_gyver Quote Link to comment https://forums.phpfreaks.com/topic/314861-edit-details-fetches-data-from-database-but-unable-to-change-the-values/#findComment-1596824 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.