$20.34

How to update SQL database with PHP script

Ask a question+
1

I want to update one database entry from my website with a PHP script. In the input fields, the id is set correctly, but when I press the submit button, the entry doesn’t update.

<form action="includes/datenupdate.php" method="POST">
    <input id="editinputartikelnummer" type="text" name="artikelnummer" placeholder="Artikelnummer" required>
    <br>
    <input id="editinputartikelname" type="text" name="artikelname" placeholder="Artikelname" required>
    <br>
    <input id="editinputartikelpreis" type="text" name="artikelpreis" placeholder="Artikelpreis" required>
    <br>
    <input id="editinputid" type="text" name="artikelid" required>
    <button type="submit" name="submit">Ändern</button> 
</form>

dateupdate.php

<?php
    include_once 'dbh.inc.php';

    $artid = $_POST['artikelid'];
    $artnum = $_POST['artikelnummer'];
    $artname = $_POST['artikelname'];
    $artpreis = $_POST['artikelpreis'];


    $sql = "UPDATE artikel SET artikelnummer = $artnum, name= $artname, preis = $artpreis WHERE id = $artid;";

    mysqli_query($conn, $sql);

    header("Location: ../index.php?daten=success#artikel");
Liaa 200
add comment

2 Answers

0

You should use prepared statement and binding param in this way you avoid SQL injection and manage data type passing value properly assuming artikelpreis and id are an integer, the name is a string and press is double

include_once 'dbh.inc.php';

$artid = $_POST['artikelid'];
$artnum = $_POST['artikelnummer'];
$artname = $_POST['artikelname'];
$artpreis = $_POST['artikelpreis'];


$sql = "UPDATE artikel SET artikelnummer = $artnum, name= $artname, preis = $artpreis WHERE id = $artid;";
$stmt = $this->mysqli->prepare( $sql);

$stmt->bind_param('isdi', $artnum, $artname, $artpreis, $artid);
$status = $stmt->execute();
Vahe Minasyan 4K
add comment
0

Your SQL should be like this:

$sql = "UPDATE artikel SET artikelnummer = '$artnum', name= '$artname', preis = '$artpreis' WHERE id = $artid;";

Place variables within single quotes, especially for string type data like $artname. SQL will consider it a part of the syntax or a reserved word if the single quotes are missing.

Jhey Nalzaro 140
add comment

Your Answer