Sii Ann Die Sii Ann Die - 4 months ago 15
PHP Question

How to expand my PHP code to add more database fields?

I found a code php for updating database, but it's just for two field that's id and item. How about if I have 7 fields, that's id_admin, name, email, address, phonenumber, username, and password, and the table name is admin. This the code that I found.

<?php
error_reporting(0);
include("db_config.php");

// array for JSON response
$response = array();

if( isset($_POST['id'] ) && isset($_POST['item']) ) {
$id=$_POST['id'];
$item=$_POST['item'];

$result = mysql_query("update myorder set item='$item' where id='$id' ") or die(mysql_error());

$row_count = mysql_affected_rows();

if($row_count>0){
$response["success"] = 1;
$response["message"] = "Updated Sucessfully.";
}
else{
$response["success"] = 0;
$response["message"] = "Failed To Update.";
}
// echoing JSON response
echo json_encode($response); } ?>

Answer

Change these lines :

   if( isset($_POST['id'] ) && isset($_POST['item']) ) {
   $id=$_POST['id'];
   $item=$_POST['item'];
   $result = mysql_query("update myorder set item='$item' where id='$id' ")   or die(mysql_error());

with these :

 if( isset($_POST['submit'] ) ) {
   $id=htmlspecialchars($_POST['id']);
   $item=htmlspecialchars($_POST['item']);
   $name=htmlspecialchars($_POST['name']);
   $email=htmlspecialchars($_POST['email']);
   //and so on... 
   $result = mysql_query("update myorder set item=$item, name=$name, email= $email ... where id=$id ")   or die(mysql_error());