Home/ Questions/Q 9237833
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-18T07:37:27+00:00

I have a simple, unsecured, local database that I’m learning with (yes still using

  • 0

I have a simple, unsecured, local database that I’m learning with (yes still using MySQL for now) I can view my database rows in a table and click on an edit button which then displays the single record chosen with each column inside a text box to update and save. Here is my edit page.

<?php
$id = $_GET['id'];
$connect = mysql_connect("localhost", "XXXXXX", "XXXXXXX") or
die ("Check your connection.");
mysql_select_db("toner");
$quey1="select * from inventory where id ='".$id."'";
$result=mysql_query($quey1) or die(mysql_error());
?>
<html>
<form action="updateinfo.php" method="post">
<table>
<?php
while ($row=mysql_fetch_array($result))
{
?>
<tr>
  <td align="right">Partnumber:</td>
  <td align="left"><input type="text" name="partnumber" value="<?php echo $row['partnumber'];?>"/></td>
</tr> 
<tr>
  <td align="right">Description:</td>
  <td align="left"><input type="text" name="description" value="<?php echo $row['description'];?>"/></td>
</tr> 
<tr>
  <td align="right">Vendor:</td>
  <td align="left"><input type="text" name="vendor" value="<?php echo $row['vendor'];?>"/></td>
</tr> 
<tr>
  <td align="right">Price:</td>
  <td align="left"><input type="text" name="price" value="<?php echo $row['price'];?>"/></td>
</tr> 
<tr>
  <td align="right">Quantity:</td>
  <td align="left"><input type="text" name="quantity" value="<?php echo $row['quantity'];?>"/></td>
</tr> 
</table>
<br>
<input type="hidden" name="id" value="<?php echo $row['id'];?>"/>
<input type="submit" value="Edit/Update Toner">
<?php
 }
?> 
</form>
</html>

Here is my UPDATED updateinfo 

<?php
mysql_connect("localhost","XXXXX","XXXXX") or die("Error: ".mysql_error()); 
mysql_select_db("toner");
$id =$_POST['id'];
$partnumber = $_POST['partnumber'];
$description = $_POST['description'];
$vendor = $_POST['vendor'];
$price = $_POST['price'];
$quantity = $_POST['quantity'];
$sql = "UPDATE inventory SET partnumber ='".$partnumber."',description ='".$description."',vendor ='".$vendor."',price ='".$price."',quantity ='".$quantity."' WHERE id ='".$id."'";
mysql_query($sql) or die ("Error: ".mysql_error());
echo "Updated successfully";
header( "refresh:10;url=toner.php" );
?>

After adding a primary key I’m able to update the DB however $id = $_POST[‘id’]; still gives an error, any assistance is appreciated. Thanks. Yes I’m aware its vulnerable to injection and that I should be using PDO or MySQLi but I’m still a beginner and this is where I’ve chosen to start learning. Thank you.

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    the problem is because of partnumber,here you are again reseting the partnumber but the new one is not present in your database and because of that query does not update the new values.

    $sql = "UPDATE inventory SET description ='".$description."',vendor ='".$vendor."',price ='".$price."',quantity ='".$quantity."' WHERE partnumber = '".$partnumber."'";

    Solution

    Don’t again set the partnumber use it only in where clause.

    • 0