Harshit Damani Harshit Damani - 9 days ago 4
PHP Question

Unable to update MYSQL database table fields using php in XAMPP

So, I am trying to design a php website and so far it works well in terms of adding an entry to the list table. The problem is it isnt able to update the table using edit.php when the edit link is clicked and shows "There is no data to be edited.", but if I try to manually put localhost/edit.php**?id=1** it shows the id numbered list and works fine.Please help.

home.php

<html>
<head>
<title>My first PHP Website</title>
</head>
<?php
session_start(); //starts the session
if($_SESSION['user']){ // checks if the user is logged in
}
else{
header("location: index.php"); // redirects if user is not logged in
}
$user = $_SESSION['user']; //assigns user value
?>
<body>
<h2>Home Page</h2>

<hello>!
<!--Display's user name-->
<a href="logout.php">Click here to go logout</a><br/><br/>
<form action="add.php" method="POST">
Add more to list: <input type="text" name="details" /> <br/>
Public post? <input type="checkbox" name="public[]" value="yes" /> <br/>
<input type="submit" value="Add to list"/>
</form>
<h2 align="center">My list</h2>
<table border="1px" width="100%">
<tr>
<th>Id</th>
<th>Details</th>
<th>Post Time</th>
<th>Edit Time</th>
<th>Edit</th>
<th>Delete</th>
<th>Public Post</th>
</tr>
<?php
mysql_connect("localhost","root","") or die(mysql_error());
mysql_select_db("first_db") or die("Cannot connect to database");
$query = mysql_query("select * from list");
while($row = mysql_fetch_array($query))
{
print "<tr>";
print '<td align="center">'. $row['id'] . "</td>";
print '<td align="center">'. $row['details'] . "</td>";
print '<td align="center">'. $row['date_posted'] . " - " . $row['time_posted'] . "</td>";
print '<td align="center">'. $row['date_edited'] . " - " . $row['time_edited'] . "</td>";
print '<td align="center"><a href="edit.php">edit</a></td>';
print '<td align="center"><a href="delete.php">delete</a></td>';
print '<td align="center">'. $row['public'] . "</td>";
print "</tr>";
}
?>
</table>
</body>
</html>


http://s15.postimg.org/qqfwh2nez/screenshot_18.png)

edit.php

<html>
<head>
<title>My first PHP website</title>
</head>
<?php
session_start(); //starts the session
if($_SESSION['user']){ //checks if user is logged in
}
else{
header("location:index.php"); // redirects if user is not logged in
}
$user = $_SESSION['user']; //assigns user value
$id_exists = false;
?>
<body>
<h2>Home Page</h2>
<p>Hello <?php Print "$user"?>!</p> <!--Displays user's name-->
<a href="logout.php">Click here to logout</a><br/><br/>
<a href="home.php">Return to Home page</a>
<h2 align="center">Currently Selected</h2>
<table border="1px" width="100%">
<tr>
<th>Id</th>
<th>Details</th>
<th>Post Time</th>
<th>Edit Time</th>
<th>Public Post</th>
</tr>
<?php
if(!empty($_GET['id']))
{
$id = $_GET['id'];
$_SESSION['id'] = $id;
$id_exists = true;
mysql_connect("localhost", "root","") or die(mysql_error()); //Connect to server
mysql_select_db("first_db") or die("Cannot connect to database"); //connect to database
$query = mysql_query("Select * from list Where id='$id'"); // SQL Query
$count = mysql_num_rows($query);
if($count > 0)
{
while($row = mysql_fetch_array($query))
{
Print "<tr>";
Print '<td align="center">'. $row['id'] . "</td>";
Print '<td align="center">'. $row['details'] . "</td>";
Print '<td align="center">'. $row['date_posted']. " - ". $row['time_posted']."</td>";
Print '<td align="center">'. $row['date_edited']. " - ". $row['time_edited']. "</td>";
Print '<td align="center">'. $row['public']. "</td>";
Print "</tr>";
}
}
else
{
$id_exists = false;
}
}
?>
</table>
<br/>
<?php
if($id_exists)
{
Print '
<form action="edit.php" method="POST">
Enter new detail: <input type="text" name="details"/><br/>
public post? <input type="checkbox" name="public[]" value="yes"/><br/>
<input type="submit" value="Update List"/>
</form>
';
}
else
{
Print '<h2 align="center">There is no data to be edited.</h2>';
}
?>
</body>
</html>

<?php
if($_SERVER['REQUEST_METHOD'] == "POST")
{
mysql_connect("localhost", "root","") or die(mysql_error()); //Connect to server
mysql_select_db("first_db") or die("Cannot connect to database"); //Connect to database
$details = mysql_real_escape_string($_POST['details']);
$public = "no";
$id = $_SESSION['id'];
$time = strftime("%X");//time
$date = strftime("%B %d, %Y");//date
foreach($_POST['public'] as $list)
{
if($list != null)
{
$public = "yes";
}
}
mysql_query("UPDATE list SET details='$details', public='$public', date_edited='$date', time_edited='$time' WHERE id='$id'") ;
header("location: home.php");
}
?>


http://s15.postimg.org/m8dloz7d7/screenshot_20.png

and here's the one with ?id=1 in the url.
http;//s15,postimg,org/yoabiq0p7/screenshot_21,png (change the commas with fullstops).

Answer

You are printing only the edit.php, you need to print the entire edit link.

print '<td align="center"><a href="edit.php">edit</a></td>';

Replace this line with:

print '<td align="center"><a href="edit.php?id=' . $row["id"] . '">edit</a></td>';

This will solve the problem.

P.S: Be careful, your code is open for SQL Injection! Make sure to use mysql_real_escape_string() in this place:

$id = mysql_real_escape_string($_GET['id']);

If the id is only number, you can do the following too to avoid SQL Injection:

$id = intval($_GET["id"]);

The SQL Injection thing is very serious and you need to filter what comes from outside. I recommend using prepared statement PDO too.

Comments