I have a database that has a ‘plant’ theme. I am wanting a script to retrieve the details of a rose plant and place the values into fields. I then want the ability for the user to update the item and have it submitted back to the database.

I want the user to pull the item from the database by its latin name which is a unique attribute in the ‘rose’ table. Here is the code to insert a rose, could somebody please help me adapt this to how I want it please using prepared statements:

//connect to database
$conn2 = DB2();

require_once('header_admin.php');
  /*

if (isset($_POST['addrose'])) 
{

//detect if we have errors or not
$errors = false;
$error_msg = "Error, please try again";

/*
 *  Could do other validation here
 *  Make sure they enter an email address for example
 */

//if we have no errors, do the SQL
if (!$errors) {  

$latin_name = $_POST['latin_name'];
$common_name = $_POST['common_name'];
$variety_name = $_POST['variety_name'];
$colour = $_POST['colour'];
$season = $_POST['season'];
$hardiness = $_POST['hardiness'];
$situation = $_POST['situation'];
$soil_type = $_POST['soil_type'];
$price = $_POST['price'];
$fragrance = $_POST['fragrance'];
$height = $_POST['height'];

//insert data
$stmt = $conn2->prepare("INSERT INTO rosename (latin_name, common_name, variety_name, colour, season_of_interest, hardiness, situation, soil_type, price, 
fragrance, ultimate_height) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)");

//bind the parameters
  $stmt->bind_param('ssssssssdss', $latin_name, $common_name, $variety_name, $colour, $season, $hardiness, $situation, $soil_type, $price, $fragrance,
  $height);

// Execute query
$stmt->execute();

//if the query worked, put out the confirmation message (you can make this look however you want)
if ($stmt) {
  echo "<p class='black'>Rose Added!</p>";