Geek Answers Handbook

Updating database data using the submit button

I want to update the database with new data so that when placing text in the text box, and then click the submit button, the data will be sent to the database with a specific identifier. All I want to send is brightness, with the code below. When I write something like this and I run it, I get error 403: access is denied. How can i fix this?

<?php function updater($value,$id){ // Create connection $conn = new mysqli( 'localhost' , 'user_name' , '' , 'data_base_name' ); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $sql = "UPDATE table_name SET name=$value WHERE id=$id"; if ($conn->query($sql) === TRUE) { echo "Record updated successfully"; } else { echo "Error updating record: " . $conn->error; } //$conn->close(); } ?> <!DOCTYPE html> <html> <header> </header> <body> <form action="<?php updater($_POST['name'],1); ?>" method="post" style="height:50px;width:50px;"> <input type="text" name="name" /><br><br> <input type="submit" /><br/> </form> </body> </html>
+8
html php mysql mysqli
source share
2 answers

like this:

 <?php function updater($value,$id){ // Create connection $conn = new mysqli( 'localhost' , 'user_name' , 'pass' ,'data_base_name' ); $value =mysqli_real_escape_string($conn,$value); $id =mysqli_real_escape_string($conn,$id); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $sql = "UPDATE table_name SET name='{$value}' WHERE id='{$id}'"; if ($conn->query($sql) === TRUE) { echo "Record updated successfully"; } else { echo "Error updating record: " . $conn->error; } $conn->close(); } if(isset($_POST['name'])){ updater($_POST['name'],$_POST['id']) } ?> <!DOCTYPE html> <html> <header> </header> <body> <form action="" method="post" style="height:50px;width:50px;"> <input type="hidden" name="id" value="1" /> <input type="text" name="name" /><br><br> <input type="submit" /><br/> </form> </body> </html>
+2
source share

You need to put the URL in the action attribute that processes the form, not the function:

 action="<?php updater($_POST['name'],1); ?>" // not this action="<?php echo $_SERVER['PHP_SELF']; ?>" // path to this page

If it's on the same page, you can simply omit it or use $_SERVER['PHP_SELF'] and then intercept the form submission. Inside this process, your custom function is called.

 if($_SERVER['REQUEST_METHOD'] === 'POST') { $value = $_POST['name']; $id = 1; updater($value, $id); }

A simple fix would just quote the line inside it:

 $sql = "UPDATE table_name SET name='$value' WHERE id=$id";

But this is open to SQL injection, another way to make safer queries is to prepare them:

 function updater($value,$id) { // Create connection $conn = new mysqli( 'localhost' , 'user_name' , '' , 'data_base_name' ); // Check connection if ($conn->connect_error) { die("Connection failed: " . $conn->connect_error); } $sql = "UPDATE table_name SET name = ? WHERE id= ?"; $update = $conn->prepare($sql); $update->bind_param('si', $value, $id); $update->execute(); if ($update->affected_rows > 0) { echo "Record updated successfully"; } else { echo "Error updating record: " . $conn->error; } }
+4
source share

More articles:


All Articles