PHP form MySql EDIT / UPDATE - cannot get form to fill with data

I am very new to PHP and MySQL. I created a form that creates rows in my MySQL tables, I created a page that displays all of these records. Now I am trying to edit these entries. I created another form that should fill in the information from the selected row. The only problem is that it isn't. Here's all my code including login.php ... just in case. Please let me. I've looked everywhere for the answer and couldn't find it. All I have found is mysql, not mysqli.

<?php //login.php
$db_hostname = 'localhost';
$db_database = 'mydata';
$db_username = 'user';
$db_password = '123#';

// Connect to server.
$link = mysqli_connect($db_hostname, $db_username, $db_password);
if (!$link) {
    die('Not connected : ' . mysqli_error());
}

// Select the database. 
$db_selected = mysqli_select_db($link, $db_database);
if (!$db_selected) {
    die ('Can\'t use database : ' . mysqli_error());
}
?>

      

edit_client.php

<?php
$title = "Edit Client Form";
?>

<!DOCTYPE html>
<html>
<head>
    <title><?php echo $title ?></title>
</head>
<body>
<div> <!-- form container div -->
    <form action="" method="post">
        <div> <!-- form description div -->
            <h2><?php echo $title ?></h2>
            <p>Edit a client here.</p>
        </div>

<?php
require_once = 'login.php';
// get value of id that sent from address bar
$id=$_GET['id'];
if(isset($id)) {
$sql="SELECT * FROM `clients` WHERE client_id='$id'";
$result=mysqli_query($sql);
$row=mysqli_fetch_assoc($result);
 ?>
        <input type="hidden" name="id" value="<?php echo $row['client_id']; ?>">
        <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" required><br />
        <input type="text"name="last_name" value="<?php echo $row['last_name']; ?>" required><br />
        <input type="text"name="company_name" value="<?php echo $row['company_name']; ?>" ><br />
        <input type="text" name="address" value="<?php echo $row['address']; ?>"><br />
        <input type="text" name="city" value="<?php echo $row['city']; ?>" required><br />
        <input type="text" name="state" value="<?php echo $row['state']; ?>" required><br />
        <input type="number" name="zip_code" value="<?php echo $row['zip_code']; ?>" required><br />
        <input type="tel" name="tel_number" value="<?php echo $row['tel_number']; ?>"  required><br />
        <input type="email" name="email" value="<?php echo $row['email']; ?>" required><br />
        <input value="Submit" type="submit">
    </form>
</div>
</body>
</html>

      

here is the table from "display_client" that sends id to edit_form.php page

<td align="left">' . '<a href="\edit_client.php?id=' . $row['client_id'] . '/">Edit</td>

      

Any pointers in the right direction would be much appreciated. thank.

As suggested below, I've used PDO Prepared instructions to achieve the desired result. Thanks! @nomistic!

<?php
$title = "Edit Client Form";
?>

<!DOCTYPE html>
<html>
<head>
    <title><?php echo $title ?></title>
</head>
<body>
<div> <!-- form container div -->
    <form action="update_client_submit.php" method="post">
        <div> <!-- form description div -->
            <h2><?php echo $title ?></h2>
            <p>Edit a client here.</p>
        </div>
            <?php
            require_once 'login.php';

            if(!empty($_GET['id'])){
                $client_id = intval($_GET['id']);
            }

            try {
            $results = $db -> prepare('SELECT * FROM clients WHERE client_id = ?');
            $results -> bindParam(1, $client_id);
            $results -> execute();

            } catch(Exception $e) {
                echo $e -> getMessage();
                die();
            }
            $row = $results -> fetch(PDO::FETCH_ASSOC);
            ?>  
        <input type="hidden" name="client_id" value="<?php echo $row['client_id']; ?>">
        <input type="text" name="first_name" value="<?php echo $row['first_name']; ?>" required><br />
        <input type="text" name="last_name" value="<?php echo $row['last_name']; ?>" required><br /> 
        <input type="text" name="company_name"  value="<?php echo $row['company_name']; ?>" required><br />
        <input type="text" name="address"  value="<?php echo $row['address']; ?>" required><br />  
        <input type="text" name="city" value="<?php echo $row['city'] ?>"  ><br />
        <input type="text" name="state" value="<?php echo $row['state'] ?>" required><br />
        <input type="text" name="zip_code" value="<?php echo $row['zip_code']; ?>" required><br /> 
        <input type="text" name="tel_number"  value="<?php echo $row['tel_number']; ?>" required><br />
        <input type="text" name="email"  value="<?php echo $row['email']; ?>" required><br />
        <input type="submit" name="sumbit">
    </form>
</body>
</html>

      

+3


source to share


1 answer


Edit by reducing this and fixing a potential issue in your request.

you need a loop to get the data. It should have something like this (using your data)

$id=$_GET['id'];
if(isset($id)) {
$sql="SELECT * FROM clients WHERE client_id=$id";
$result=mysqli_query($sql);
$row=mysqli_fetch_assoc($result);


    while($row=mysqli_fetch_assoc($result)) {


 echo  '<input type="hidden" name="id" value="'.$row['client_id']. '">';

    }

      

Note. ... You might want to look into ready-made statements; they are fairly easy to learn, especially at this stage, and you will have many advantages such as not having to worry about whether you are quoting int and varchar in your query; you declare them separately. They are also much more secure (prevent SQL injection) and can speed up large queries. You just need to switch to object oriented style. (note that listing the variables in your selection is what you should be doing anyway, not select from *

). The selection is simplified for ease of explanation.

Here's an example of how yours would work with mysqli:

This is your database connection (not entirely different, just a slightly different syntax)



$db_selected = new mysqli($db_hostname, $db_username, $db_password, $db_database)

if  ($db_selected->connect_error) {
    die("Connection failed: " . $dbc->connect_error);
}

      

Here are your questions. bind_param

simply identifies the element as INT

, and then replaces the ?

$ id variable in the query, and bind_result

takes the results of your query and turns them into variables.

The rest is pretty self-explanatory

$sql = $db_selected->prepare("SELECT client_id, first_name, last_name FROM clients WHERE client_id= ? ");
$sql->bind_param("i", $id);
$sql->execute();
$sql->store_result();
$sql->bind_result($client_id, $first_name,$last_name);

while ($sql->fetch()) {
 echo  '<input type="hidden" name="id" value="'.$client_id. '">';   
 echo  '<input type="text" name="first_name" value="'.$first_name. '" required><br />';
 echo  '<input type="text" name="last_name" value="'. $last_name. '" required><br />';  
}

$sql->free_result();
$sql->close();

      

If you need more information, here are some resources: mysqli prepared statements

+1


source







All Articles