$20.31

How to update SQL database with PHP script

Ask a question+
1

I want to update one database entry from my website with php script. In the input fields the id are set correctly but when I press the submit button the entry doesn’t update.

<form action="includes/datenupdate.php" method="POST">
    <input id="editinputartikelnummer" type="text" name="artikelnummer" placeholder="Artikelnummer" required>
    <br>
    <input id="editinputartikelname" type="text" name="artikelname" placeholder="Artikelname" required>
    <br>
    <input id="editinputartikelpreis" type="text" name="artikelpreis" placeholder="Artikelpreis" required>
    <br>
    <input id="editinputid" type="text" name="artikelid" required>
    <button type="submit" name="submit">Ändern</button> 
</form>

dateupdate.php

<?php
    include_once 'dbh.inc.php';

    $artid = $_POST['artikelid'];
    $artnum = $_POST['artikelnummer'];
    $artname = $_POST['artikelname'];
    $artpreis = $_POST['artikelpreis'];


    $sql = "UPDATE artikel SET artikelnummer = $artnum, name= $artname, preis = $artpreis WHERE id = $artid;";

    mysqli_query($conn, $sql);

    header("Location: ../index.php?daten=success#artikel");
Lia 60
add comment

2 Answers

0

You should use prepared statement and binding param in this way you avoid sqlijection and manage data type passing value properly

assuming artikelnummer and id are integer, name is a string and presi is double

include_once 'dbh.inc.php';

$artid = $_POST['artikelid'];
$artnum = $_POST['artikelnummer'];
$artname = $_POST['artikelname'];
$artpreis = $_POST['artikelpreis'];


$sql = "UPDATE artikel SET artikelnummer = $artnum, name= $artname, preis = $artpreis WHERE id = $artid;";
$stmt = $this->mysqli->prepare( $sql);

$stmt->bind_param('isdi', $artnum, $artname, $artpreis, $artid);
$status = $stmt->execute();
Vahe Minasyan 3.6K
add comment
0

Your SQL should be like this:

$sql = “UPDATE artikel SET artikelnummer = ‘$artnum’, name= ‘$artname’, preis = ‘$artpreis’ WHERE id = $artid;”;

Place variables within single qoutes especially for string type data like $artname. SQL will consider it a part of the syntax or a reserved word if the single qoutes are missing.

Jhey Nalzaro 140
add comment

Your Answer