mysql - Updating a MySQLi database using php and HTML5 forms -
on website have admin page want able update information in database, using form.
this code im using enter information , update in database:
adminform.php
<html> <head> <link rel="stylesheet" href="assets/css/main.css" /> </head> <body> <header id="header"> <h1><a href="home.php">safetnet</a></h1> <nav id="nav"> <ul> <li>admin page only</li> <li></li> <li><a href="logout.php" class="button">logout</a> </li> </ul> </nav> </header> <h1> select member </h1> <br /> <select name="members" onchange="showuser(this.value)"> <option value="">select member email</option> <?php $query = "select * members"; $mysqli = new mysqli('localhost','root','root','safetnetd'); $result = $mysqli->query($query); while($row = $result->fetch_assoc()) echo '<option value="'.$row["email"].'">'.$row["email"].'</option>'; ?> </select> <div id="signup"> <h2>update member information</h2> <form method="post" action="admin1.php"> <table> <tr> <td>email</td> <td><input type="text" name="email" required="required"></td> </tr> <tr> </tr> <tr> <td>city </td> <td><input type="text" name="city"></td> </tr> <tr> </tr> <tr> </table> <br><br> <div id="buttons"> <input type="submit"> </div> </body> </html> admin1.php
<html> <head> <title>admin</title> <link rel="stylesheet" href="assets/css/main.css" /> </head> <body> <header id="header"> <h1><a href="home.php">safetnet</a></h1> <nav id="nav"> <ul> <li>admin page only</li> <li></li> <li><a href="logout.php" class="button">logout</a></li> </ul> </nav> </header> <br /> <?php $query = "select * members"; $mysqli = new mysqli('localhost','root','root','safetnetd'); $result = $mysqli->query($query); while($row = $result->fetch_assoc()) echo '<option value="'.$row["email"].'">'.$row["email"].'</option>'; ?> </select> <br /> <?php $q=$row["email"]; $mysqli = new mysqli('localhost','root','root','members'); $sql = "select * members email='".$q."'"; if(array_key_exists('_submit_check', $_post)) { $email = $_post['email']; $city = $_post['city']; $sql = "update members set city = '$city' email = '$q'"; if($mysqli->query($sql) === true) { echo 'record updated successfully<br />'; } else { echo $sql.'<br />' . $mysqli->error; } $mysqli->close(); } ?> <br><br><br> <footer id="footer"> <img src="logo.jpg" height="50px"> <ul class="copyright"> <li>© safetnet. rights reserved.</li><li> 2016</li> </ul> </footer> </body> </html> i can form run cant information change in database or echo screen.
thank in advance.
if(array_key_exists('_submit_check', $_post)) { $email = $_post['email']; $city = $_post['city']; $sql = "update members set city = '$city' email = '$q'"; if($mysqli->query($sql) === true) { echo 'record updated successfully<br />'; } else { echo $sql.'<br />' . $mysqli->error; } $mysqli->close(); } there no element called '_submit_check' in form. guess forgot name attribute of submit-button.
your script vulnerable sql-injection. should not throw userinput query. can use mysqli_real_escape_string() or prepared statements protect application.
to improve readability of code change structure little. in admin1.php should business logic before outputting html. first check if form has been sent, database operation. result of check or success/error-message of database operation can written variable until output content of site.
this way starts reading code knows 'alright, script target of form , accesses database write-operation'.
Comments
Post a Comment