2

I created a html form to enable users to update data. However the input data (array values) are not passed through to php SUBMIT, thus clicking SUBMIT does not update the table. When I go into the SUBMIT portion of the script and change the SET to specific numbers or text, the table is updated. Meaning that the values from the html input data array are not being passed through properly to the SUBMIT portion of the script. Any help appreciated.

<?php
//Mysql connection and initial select query placed above
?>

<table width="400" border="0" cellspacing="1" cellpadding="0">
<form name="Contacts" method="post" action="">
<tr> 
<td>
<table width="400" border="0" cellspacing="1" cellpadding="0">


<tr>
<td align="center"><strong>Id</strong></td>
<td align="center"><strong>Name</strong></td>
<td align="center"><strong>Lastname</strong></td>
<td align="center"><strong>Email</strong></td>
</tr>

<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center"><?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?></td>
<td align="center"><input name="name[]" type="text" id="name" value="<?php echo $rows['name']; ?>"></td>
<td align="center"><input name="lastname[]" type="text" id="lastname" value="<?php echo $rows['lastname']; ?>"></td>
<td align="center"><input name="email[]" type="text" id="email" value="<?php echo $rows['email']; ?>"></td>
</tr>
<?php
}
?>
<tr>
<td colspan="4" align="center"><input type="submit" name="Submit" value="Submit"></td>
</tr>
</table>
</td>
</tr>
</form>
</table>

<?php
// Check if button name "Submit" is active, do this 
if(isset($_POST['Submit'])){
$id=$_POST['id'];
$name=$_POST['name'];
for($i=0;$i<$num;$i++){
$sql1="UPDATE contacts SET name= ".$name[$i]." WHERE id= ".$id[$i]."";
$result1=mysql_query($sql1);
}
}

if($result1){
header("location:updated.php");
}
mysql_close();
?>

Thanks!

Improve this question
1
  • You're creating HTML with a loop, and your inputs have an id. You'll have duplicate ids if the while loop executes more than once Commented Dec 30, 2011 at 20:07

3 Answers 3

Reset to default
1

You are missing single quotes around your $name[$i] in the SQL statement. If id is not always numeric, you will also need to surround $id[$i] in single quotes.

$sql1="UPDATE contacts SET name= '".$name[$i]."' WHERE id= ".$id[$i]."";
//------------------------------^^^-----------^^^

Some error checking in your mysql_query() call would make this clearer. See below.

And you must filter these against SQL injection before passing them to the query.

for($i=0;$i<$num;$i++) {
  // Call mysql_real_escape_string() to sanitize these...
  $id[$i] = mysql_real_escape_string($id[$i]);
  $name[$i] = mysql_real_escape_string($name[$i]);

  $sql1="UPDATE contacts SET name= '".$name[$i]."' WHERE id= ".$id[$i]."";

  $result1 = mysql_query($sql1);
  // Error checking:
  if (!$result1) {
     echo mysql_error();
  }
}
Improve this answer
1
  • Issue fixed. Thanks for your assistance. I will post the final script later today for anyone who might need it later. Commented Dec 30, 2011 at 21:50
0

My Mistake. I didn't look at the form enough. You are assigning an array here. PHP is easy to debug-

Right here:

     $id=$_POST['id'];
     $name=$_POST['name'];

After those lines use var_dump($id) or print_r($id) to check out the contents in your variables.

Improve this answer
1
  • Issue fixed. Thanks for your assistance. I will post the final script later today for anyone who might need it later. Commented Dec 30, 2011 at 21:50
0

Thanks very much for the prompt responses and the assistance provided. After implementing the recommended changes, the final working script (using PHP 5.2) is as shown below (for anyone who might need it). 

  <?php
    Mysql connection, initial query and then close Mysql connection
  ?>

<table width="500" border="0" cellspacing="1" cellpadding="0">
<form name="Contacts" method="post" action="">
<tr> 
<td>
<table width="500" border="0" cellspacing="1" cellpadding="0">


<tr>
<td align="center"><strong>Id</strong></td>
<td align="center"><strong>Name</strong></td>
<td align="center"><strong>Lastname</strong></td>
<td align="center"><strong>Email</strong></td>
</tr>

<?php
while($rows=mysql_fetch_array($result)){
?>
<tr>
<td align="center"><?php $id[]=$rows['id']; ?><?php echo $rows['id']; ?></td>
<td align="center"><input name="name[]" type="text" id="name" value="<?php echo $rows['name']; ?>"></td>
<td align="center"><input name="lastname[]" type="text" id="lastname" value="<?php echo $rows['lastname']; ?>"></td>
<td align="center"><input name="email[]" type="text" id="email" value="<?php echo $rows['email']; ?>"></td>
</tr>
<?php
}
?>
<tr>
<td height="75" colspan="4" align="center"><input type="submit" name="Submit" value=" save for later "></td>
</tr>
</table>
</td>
</tr>
</form>
</table>

<?php
// Check if button name "Submit" is active, do this 
if(isset($_POST['Submit'])){
mysql_connect($dbhost,$username,$password);
@mysql_select_db($database) or die( "Unable to select database");

$name=$_POST['name'];

for($i=0;$i<$num;$i++) {

// sanitize...
  $id[$i] = mysql_real_escape_string($id[$i]);
  $name[$i] = mysql_real_escape_string($name[$i]);

  $sql1="UPDATE test_mysql SET name= '".$name[$i]."' WHERE id= ".$id[$i]."";

  $result1 = mysql_query($sql1);
  // Error checking:
  if (!$result1) {
     echo mysql_error();
  }
}
if($result1){
header("location:updated.php");
}
}

mysql_close();
?>
Improve this answer

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.