Good Tutorial on How to Update Your MySQL Database with a PHP Form

Good tutorial on how to update your Mysql database with a PHP form?

Updating data can be pretty simple. Let's start with a form, for starters:

<form method="post" action="submit.php">
  <input type="text" name="id" value="12" />
  <input type="text" name="value" value="Jonathan" />
  <input type="submit" />
</form>

This form will send the data over to our submit.php script where we can handle it, and pass it into our database. Since our form method is "post," all of our values will be sent through the POST super array in PHP (this is not the case if you are using file uploaders). So within our submit.php page, we can print the ID and Value values like this:

print $_POST["id"]; // the name of the HTML element is the key
print $_POST["value"]; // again, note that we use the name as the key

You'll want to be careful about passing user-submitted values directly into your queries, so it's nice to clean up the data using a function like mysql_real_escape_string():

$id = mysql_real_escape_string( $_POST["id"] );
$value = mysql_real_escape_string( $_POST["value"] );

The next thing we'll want to do is place these in a query:

$sql = "UPDATE mytable SET value = '{$value}' WHERE id = {$id}";

This is a good time not state that I don't encourage you to use this example code in a live environment. You'll want to look up sql-injections, and how to avoid them. The code I'm providing here is merely an example. After our values are entered, the query that will be ran actually looks like this:

UPDATE mytable SET value = 'Jonathan' WHERE id = 12

Now, in order to run this, we need to be connected to a database.

$host = "localhost"; 
$user = "root"; 
$pass = "";
$database = "myDatabase";
$conn = mysql_connect($host, $user, $pass) or die( mysql_error() );
        mysql_select_db($database) or die( mysql_error() );

All we're doing here is storing our mysql-user-account credentials in arrays, and passing them into a connect-function. This code should be pretty self-explanatory, but let me know if it's at all unclear.

Once you've got that, you're ready to run your query. Remember that we stored it in an array called $sql:

$result = mysql_query( $sql ) or die( mysql_error() );

That's it. You did it! The data, assuming nothing went wrong, is now updated in your database. There are numerous ways you can increase the information provided back to the user via this script. Also worth noting is that you'll want to sanitize your data before even allowing the script to run - if it's not acceptable data (somebody trying to inject their own queries) you'll want to spit it back.

Check out the MySQL Functions in the PHP Documentation for more goodies, and be sure to return here when you have more specific questions!

php form updating mysql

I removed the $ from in-front of season and it went thought and now its all working. Thanks for the 2nd set of eyes :)

Updating MySQL db

Replace echo 'Error'; with echo mysql_error(); to see why you didn't get a result and then slap yourself for misspelling a column name or something most likely easily overlooked. If you still can't figure it out, post the error. And if you go that far, post the result of SHOW CREATE TABLE project_directory

Insert and update database with php mysql

you can't use onclick tag to determine of requested page PHP function .

a easy way to do it . replace below codes at the customer.php file.

Replace :

function insert()

with :

if($_POST['Submit'] == 'Add Customer')

and replace :

function update()

with :

if($_POST['Submit'] == 'Update Customer')

Update fields in database

Let the password field empty. Stored passwords should be kept hashed at any circumstance. Of course you need to check whether or not the password field is set when updating and if it fits your applications password standards.

In your programming logic, you could use something like the following to ensure the password is posted:

if(isset($_POST["password"]) && !empty($_POST["password"])) {
    // update in database
}
else {
    // show error notification
}

Note that this allows any password size and is not very secure. But it prevents entering an empty password. For more information about filtering data, I think this is a good reference.

Submitting form, mysql and php

There are a few things wrong here.

You're using the wrong identifiers for your columns in (and being quotes):

('id', 'username', 'password', 'email')

remove them

(id, username, password, email)

or use backticks

(`id`, `username`, `password`, `email`)

mysql_error() should have thrown you an error, but it didn't because of:

• You're mixing MySQL APIs with mysqli_ to connect with, then mysql_ in your query.

Those two different APIs do not intermix with each other.

Use mysqli_ exclusively and change your present query to:

if($query = mysqli_query($connect, "INSERT...

and change mysql_error() to mysqli_error($connect)

as a rewrite for that block:

if(isset($_POST["submit"])){
    if($query = mysqli_query($connect,"INSERT INTO users ('id', 'username', 'password', 'email') VALUES('', '".$username."', '".$password."', '".$email."')")){
        echo "Success";
    }else{
        echo "Failure" . mysqli_error($connect);
    }
}

Just to test the error, make the changes as I outlined just above, while keeping the quotes around your columns the way you have it now. You will then see the error that MySQL will throw. You can then do as I've already outlined above and remove the quotes around the column names, or replace them with backticks.

The tutorial you saw may very well used backticks, but were probably not distinguishable enough for you to tell that they were indeed backticks and not single quotes.

However, your present code is open to SQL injection. Use mysqli with prepared statements, or PDO with prepared statements, they're much safer.

---

I noticed you may be storing passwords in plain text. If this is the case, it is highly discouraged.

I recommend you use CRYPT_BLOWFISH or PHP 5.5's password_hash() function. For PHP < 5.5 use the password_hash() compatibility pack.

---

Also, instead of doing:

$connect = mysqli_connect("localhost", "root", "") or die("Could not connect to server!");
mysqli_select_db($connect, "php_forum") or die("Could not connect to database!");

You should be checking for errors instead, just as the manual states

$link = mysqli_connect("myhost","myuser","mypassw","mybd") 
or die("Error " . mysqli_error($link)); 

• http://php.net/manual/en/function.mysqli-connect.php

So in your case:

$connect = mysqli_connect("localhost", "root", "","php_forum") 
or die("Error " . mysqli_error($connect)); 

---

Edit: and I changed action="register.php" to action="" since you're using the entire code inside the same page.

<!DOCTYPE HTML>
<html>
    <head>
        <title>Register</title>
    </head>
    <body>
        <form action="" method="POST">
            Username: <input type="text" name="username">
            <br/>
            Password: <input type="password" name="password">
            <br/>
            Confirm Password: <input type="password" name="confirmPassword">
            <br/>
            Email: <input type="text" name="email">
            <br/>
            <input type="submit" name="submit" value="Register"> or <a href="login.php">Log in</a>
        </form>
    </body>
</html>
<?php
    require('connect.php');
    $username = $_POST['username'];
    $password = $_POST['password'];
    $confirmPassword = $_POST['confirmPassword'];
    $email = $_POST['email'];

    if(isset($_POST["submit"])){
        if($query = mysqli_query($connect,"INSERT INTO users (`id`, `username`, `password`, `email`) VALUES ('', '".$username."', '".$password."', '".$email."')")){
            echo "Success";
        }else{
            echo "Failure" . mysqli_error($connect);
        }
    }
?>

---

Related Topics