Error when Updating query using PDO - php

I have set a custom function to update my query however it doesn't seem to read the variables i am not sure where i am going wrong.
This is my function.
function update_product($productID, $productName, $productDescription, $productPrice, $categoryID){
global $conn;
$sql = "UPDATE product SET productName = :productName, productDescription = :productDescription, productPrice = :productPrice, categoryID = :categoryID WHERE productID = :productID";
$statement = $conn->prepare($sql);
$statement->bindValue(':productName', $productName);
$statement->bindValue(':productDescription', $productDescription);
$statement->bindValue(':productPrice', $productPrice);
$statement->bindValue(':categoryID', $categoryID);
$statement->bindValue(':productID', $productID);
$result = $statement->execute();
$statement->closeCursor();
return $result;
}
This is where i am calling the function
$result = update_product($productID, $productName, $productDescription, $productPrice, $categoryID);
I will also add my function where i am getting the ID and loading the inputs...
function select_productspreparedGETID(){
global $conn;
$productID = $_GET['id'];
//prepared
$sql = "SELECT * FROM product WHERE productID = :productID";
$statement = $conn->prepare($sql);
$statement->bindValue(':productID', $productID);
$statement->execute();
$result = $statement->fetchAll();
$statement->closeCursor();
foreach($result as $row):
?>
<form method="post" action="../controller/product_update_process.php" enctype="multipart/form-data">
<div>
<label>Name* </label>
<input id="Product_Name" type="text" name="Product_Name" value="<?php echo $row['productName'] ?>" />
</div>
<div>
<label>Description* </label>
<textarea id="productDescription" name="productDescription" /><?php echo $row['productDescription'] ?></textarea>
</div>
<div>
<label>Price* </label>
<input id="Price" type="text" name="Price" value="<?php echo $row['productPrice'] ?>" />
</div>
<input type="submit" name="submit" value= "Update Cart">
</form>
<?php
endforeach;
}
Any advice on how to improve my structure or better yet beat this error would be seriously appreciated i have been stuck for the last 20hours.


You are defining $productID = $_GET['id']; inside a function and using the same variable in another function. The $productID is clearly not available to other functions. Make sure that it is defined outside any functions.
Currently the variable is only available to the local scope in which it is defined. For example, define $productID outside any functions:
$productID = $_GET['id'];
You can send this variable to select_productspreparedGETID() as an argument:
function select_productspreparedGETID($productID){
//Your code
}
And then you have $productID inside both functions update_product() and select_productspreparedGETID() because update_product() already has $productID as an argument.

Related

My PHP Code is Not Updating Values In Database

I have tried to write a code that update category in the database using admin panel but whenever i try to do that it won't work and i don't get any errors to look into it, please help guys; thanks a lot
PHP Code:
<?php
if (isset($_GET['edit'])) {
$edit_id = $_GET['edit'];
$query = "SELECT * FROM categories WHERE category_id = $edit_id ";
$edit_get_result = mysqli_query($connection,$query);
if (!$edit_get_result) {
die("Edit Get Result Query FAILED");
}
while ($category_name_row=mysqli_fetch_assoc($edit_get_result)) {
$category_name = $category_name_row['category_name'];
}
?>
<center>
<form action="category.php" method="POST">
<div class="form-group">
<label for="update_category">Update Category</label>
<input type="text" class="form-control" id="update_category" value="<?php if(isset($category_name)){echo $category_name; } ?>" name="update_category" aria-describedby="emailHelp" placeholder="Enter Category Name">
</div>
<button type="submit" name="update_category_submit" class="btn btn-primary">Update</button>
</form>
</center>
<?php
if (isset($_POST['update_category_submit'])) {
$category_name = $_POST['update_category'];
$query = "UPDATE categories SET category_name = '$category_name' WHERE category_id = $edit_id ";
$final_update_query_result = mysqli_query($connection,$query);
if (!$final_update_query_result) {
die("Final Update Query Result FAILED");
}
}
}
?>

Please check below code. You need to pass edit_id in your form POST. I have put it in a hidden input and set it's value according to the GET parameter from top of your php part.
<?php
if (isset($_GET['edit'])) {
$edit_id = mysqli_real_escape_string($connection,$_GET['edit']);
$query = "SELECT * FROM categories WHERE category_id = '$edit_id' ";
$result = mysqli_query($connection,$query);
if(!$result) {
die("Edit Get Result Query FAILED");
}
while ($row=mysqli_fetch_assoc($result)) {
$category_name = $row['category_name'];
}
?>
<center>
<form action="category.php" method="POST">
<div class="form-group">
<label for="update_category">Update Category</label>
<input type="text" class="form-control" id="update_category" value="<?php if(isset($category_name)){echo $category_name; } ?>" name="update_category" aria-describedby="emailHelp" placeholder="Enter Category Name">
</div>
<input type="hidden" name="edit_id" value="<?php if(isset($edit_id)) echo $edit_id;?>">
<button type="submit" name="update_category_submit" class="btn btn-primary">Update</button>
</form>
</center>
<?php
if (isset($_POST['update_category_submit']) && isset($_POST['edit_id'])) {
$category_name = mysqli_real_escape_string($connection,$_POST['update_category']);
$edit_id = mysqli_real_escape_string($connection,$_POST['edit_id']);
$query = "UPDATE categories SET category_name = '$category_name' WHERE category_id = $edit_id ";
$result = mysqli_query($connection,$query);
if (!$result) {
die("Final Update Query Result FAILED");
}
else echo "Final Update Query Result Success";
}
?>

Hi have noticed that you have used raw inputs. try avoiding it. Also noticed your code had extra curly braces at the end.
Please try using the following code after replacing your end page section php script.
if (isset($_POST['update_category_submit'])) {
$category_name = $_POST['update_category'];
$query = "UPDATE categories SET category_name = '$category_name' WHERE category_id = $edit_id ";
$final_update_query_result = mysqli_query($connection,$query);
if (!$final_update_query_result) {
die("Final Update Query Result FAILED");
}
}
And Change your query variable to the following:
$query = "SELECT * FROM categories WHERE category_id = ".$edit_id;

PHP not inserting into database SQL SERVER 2008

I have this form that I want to use to capture data and insert into a database:
<form actoin="request-new-price.php" method="post" id="demo-form2" data-parsley-validate>
<div>
<label for="salesRep">Sales Rep:</label>
<div>
<input type="text" name="salesRep" id="salesRep" required="required" value="<?php echo $user['userName']; ?>">
</div>
</div>
<div>
<label for="CardName">Customer Name</label>
<div>
<input type="text" id="CardName" name="CardName" required="required" value="<?php echo $selectedCustomerName ?>">
</div>
</div>
<div>
<label for="CardCode">Customer Code</label>
<div>
<input type="text" id="CardCode" name="CardCode" required="required" value="<?php echo $selectedCustomerID ?>">
</div>
</div>
<div>
<label for="ItemName">Product Name</label>
<div>
<input type="text" id="ItemName" name="ItemName" required="required" value="<?php echo $selectedProductName ?>">
</div>
</div>
<div>
<label for="ItemCode">Product Code</label>
<div>
<input type="text" id="ItemCode" name="ItemCode" required="required" value="<?php echo $selectedProductCode ?>">
</div>
</div>
<div>
<label for="Price">Current Price</label>
<div>
<input type="text" id="Price" name="Price" required="required" value="£<?php echo $selectedProductPrice ?>">
</div>
</div>
<div>
<label for="requestedPrice">Requested Price</label>
<div>
<input type="text" id="requestedPrice" name="requestedPrice" required="required" value="£">
</div>
</div>
<div>
<div>
Cancel
<button type="submit" id="submit" name="submit" value="1">Submit</button>
</div>
</div>
</form>
And here is my SQL/PHP:
<?php
if(isset($_POST['submit'])){
print_r($_POST);
$query = prepare("INSERT INTO PriceRequests (salesRep, CardName, CardCode, ItemName, ItemCode, Price, requestedPrice)
VALUES (:salesRep, :cardName, :cardCode, :itemName, itemCode, :itemPrice, :newPrice)
");
$insertSql = sqlsrv_query($sapconn, $query);
$insertSql->bindParam(":salesRep",$salesRep);
$insertSql->bindParam(":cardName",$cardName);
$insertSql->bindParam(":cardCode",$cardCode);
$insertSql->bindParam(":itemName",$itemName);
$insertSql->bindParam(":itemCode",$itemCode);
$insertSql->bindParam(":itemPrice",$itemPrice);
$insertSql->bindParam(":newPrice",$newPrice);
$salesRep = trim($_POST['salesRep']);
$cardName = trim($_POST['CardName']);
$cardCode = trim($_POST['CardCode']);
$itemName = trim($_POST['ItemName']);
$itemCode = trim($_POST['ItemCode']);
$itemPrice = trim($_POST['Price']);
$newPrice = trim($_POST['requestedPrice']);
$insertSql->execute();
return $insertSql;
}
?>
But the data is not inserting into the database I am fairly new to PHP and this is my first attempt at writing back to the database, so I may be missing something simple, or it may be completely wrong.
Either way all help is appreciated.
EDIT:
My PHP is now this:
if(isset($_POST['submit'])){
//print_r($_POST);
$query = "INSERT INTO PriceRequests (salesRep, CardName, CardCode, ItemName, ItemCode, Price, requestedPrice)
VALUES (:salesRep, :cardName, :cardCode, :itemName, :itemCode, :itemPrice, :newPrice)
";
$stmt = $sapconn->prepare($query);
$salesRep = (isset($_POST['salesRep']) && !empty($_POST['salesRep']))?$_POST['salesRep'] : NULL;
$cardName = (isset($_POST['CardName']) && !empty($_POST['CardName']))?$_POST['CardName'] : NULL;
$cardCode = (isset($_POST['CardCode']) && !empty($_POST['CardCode']))?$_POST['CardCode'] : NULL;
$itemName = (isset($_POST['ItemName']) && !empty($_POST['ItemName']))?$_POST['ItemName'] : NULL;
$itemCode = (isset($_POST['ItemCode']) && !empty($_POST['ItemCode']))?$_POST['ItemCode'] : NULL;
$itemPrice = (isset($_POST['Price']) && !empty($_POST['Price']))?$_POST['Price'] : NULL;
$newPrice = (isset($_POST['requestedPrice']) && !empty($_POST['requestedPrice']))?$_POST['requestedPrice'] : NULL;
$stmt->bindValue(':salesRep', $salesRep, PDO::PARAM_STR);
$stmt->bindValue(':cardName', $cardName, PDO::PARAM_STR);
$stmt->bindValue(':cardCode', $cardCode, PDO::PARAM_STR);
$stmt->bindValue(':itemName', $itemName, PDO::PARAM_STR);
$stmt->bindValue(':itemCode', $itemCode, PDO::PARAM_STR);
$stmt->bindValue(':itemPrice', $itemPrice, PDO::PARAM_STR);
$stmt->bindValue(':newPrice', $newPrice, PDO::PARAM_STR);
$stmt->execute();
return $stmt;
}
But i still have no input to my database and i am getting the following error:
PHP Fatal error: Uncaught Error: Call to a member function prepare() on resource
DB Connection:
<?php
$serverName = "serverName";
$connectionInfo = array( "Database"=>"database_name", "UID"=>"user_Id", "PWD"=>"Password", "ReturnDatesAsStrings"=>true);
$sapconn = sqlsrv_connect( $serverName, $connectionInfo);
?>

One more typo in the PHP code :
$query = prepare("INSERT INTO PriceRequests (salesRep, CardName, CardCode, ItemName, ItemCode, Price, requestedPrice)
VALUES (:salesRep, :cardName, :cardCode, :itemName, itemCode, :itemPrice, :newPrice)
");
The placeholder itemCode does not have the suffix ":".
Check that and try.
Thank you.
UPDATE:
I tried something that you wrote in the question. You have tried to bind the parameters to the placeholders before the parameters are assigned.
When I tried to do so, I got exception. I think this may the reason the data is not getting inserted.
I would suggest you to write the code in the following manner :
PHP CODE :
<?php
if(isset($_POST['submit'])){
print_r($_POST); //Unnecessary, you can remove it
$query = prepare("INSERT INTO PriceRequests (salesRep, CardName, CardCode, ItemName, ItemCode, Price, requestedPrice)
VALUES (:salesRep, :cardName, :cardCode, :itemName, :itemCode, :itemPrice, :newPrice)
");
$insertSql = sqlsrv_query($sapconn, $query);
$salesRep = trim($_POST['salesRep']);
$cardName = trim($_POST['CardName']);
$cardCode = trim($_POST['CardCode']);
$itemName = trim($_POST['ItemName']);
$itemCode = trim($_POST['ItemCode']);
$itemPrice = trim($_POST['Price']);
$newPrice = trim($_POST['requestedPrice']);
$insertSql->bindParam(":salesRep",$salesRep);
$insertSql->bindParam(":cardName",$cardName);
$insertSql->bindParam(":cardCode",$cardCode);
$insertSql->bindParam(":itemName",$itemName);
$insertSql->bindParam(":itemCode",$itemCode);
$insertSql->bindParam(":itemPrice",$itemPrice);
$insertSql->bindParam(":newPrice",$newPrice);
$insertSql->execute();
return $insertSql;
}
?>
I would suggest a few change:
1. As PDO is used here, use a variable to get the Database connection (lets assume its $db_conn).
Instead of
$insertSql = sqlsrv_query($sapconn, $query);
use
$db_conn = new PDO(<connection-string>, <user-name>, <password>);
$stmt = $db_conn->prepare($query)
Then bind the value by :
$stmt->bindValue(<placeholder>, <variable_vlaue>, <value_type>);
eg : $stmt->bindValue(:itemName, $itemName, PDO::PARAM_STR);
Then perform execution:
$stmt->execute();
2. If you place some validation of the data it will be helpful :
Assign the value of POST to the variables via a validation
eg :
$itemName = (isset($_POST['ItemName']) && !empty($_POST['ItemName']))?$_POST['ItemName'] : NULL;
Here, when insert query is executed with 'NULL' it will throw an exception.
N.B. : try-catch block should be used.
I think it should work now.
Please feel free to tell if it does not work, I will check again.

you know there is a typo in the first line? Won't submit with that.
<form actoin="request-new-price.php" method="post" id="demo-form2" data- parsley-validate>
change to form action for a start

Simple update/edit of data not working with PHP/MySql

I am trying to do a simple edit/update of my data in the database. But somehow it will not work.
So I am able to read out the saved data into the form. I also don't have any errors
I have stared at my code and googled for hours but I don't see where I might have made a mistake with my code.
The printed echo gives the following output which seems to be right:
HTML code:
<form id="formAddCategory" class="FrmCat" action="<?php echo $_SERVER['PHP_SELF']; ?>" method="post">
<div class="form-group">
<!-- hidden id from tbl -->
<input type="hidden" name="hiddenId" value="<?php echo $hiddenID ?>" />
<label for="recipient-name" class="control-label">Category Name:</label>
<input type="text" class="form-control" id="recipient-name1" name="category" required="" value="<?php echo $category ?>" />
</div>
<button type="submit" id="btnEditCat" class="btn btn-danger" name="editCategory">Save Category</button>
</form>
Part of my php code to edit/update:
<?php
//edit/update data to db
if(isset($_POST['editCategory'])){
$categoryUpdate = mysqli_real_escape_string($con, $_POST['category']);
$categoryID = mysqli_real_escape_string($con, $_POST['hiddenId']);
$qry = "UPDATE tbl_Category SET category = $categoryUpdate WHERE category_id = $categoryID";
$result = mysqli_query($con, $qry);
echo $qry;
if($result){
header("Location: category.php");
}
}
?>

You need single quote ' to wrap your parameter:
$qry = "UPDATE tbl_Category SET category = '$categoryUpdate' WHERE category_id = '$categoryID'";

You should use single quotes (') for values
$qry = "UPDATE tbl_Category SET category = '$categoryUpdate' WHERE category_id = '$categoryID'";
Also you can use like this to avoid SQL injection (See here)
$stmt = $dbConnection->prepare('SELECT * FROM employees WHERE name = ?');
$stmt->bind_param('s', $name);
$stmt->execute();
$result = $stmt->get_result();
while ($row = $result->fetch_assoc()) {
// do something with $row
}

Retrieve data from database using mysqli

I have a problem when I fetching data from database and row it I Got an error.
How To fetch data From database using while and row it.
Fatal error: Call to a member function fetch() on a non-object in
Thanks in advance..
Here is my Code..
<body>
<?php
$id = $_GET['id'];
$iqry = $mysqli->prepare("SELECT itemcode,itemname,brandname,quantity FROM table_inventory WHERE id = ?");
$iqry->bind_param('i', $id);
$iqry->execute();
$iqry->bind_result($itemcode,$itemname,$brandname,$quantity);
$res = $iqry->store_result();
while ($row = $res->fetch()){
$itemcode = $row['itemcode'];
$itemname = $row['itemname'];
$brandname = $row['brandname'];
$quantity = $row['quantity'];
}
?>
<form method="post" name="increasing" action="save.php">
<table>
<tr><td>Itemcode</td><td>:</td><td><input type="text" name="itemcode" required="required" value="<?php echo $itemcode; ?>">/></td></tr>
<tr><td>Itemname</td><td>:</td><td><input type="text" name="itemname" required="required" value="<?php echo $itemname; ?>"/></td></tr>
<tr><td>Brandname</td><td>:</td><td><input type="text" name="brandname" required="required" value="<?php echo $brandname; ?>"/></td></tr>
<tr><td>Quantity</td><td>:</td><td><input type="text" name="quantity" required="required" value="<?php echo $quantity; ?>"/></td></tr>
<tr><td></td><td></td><td><input type="submit" class="myButton" value="Save"/></td></tr>
</table>
</form>
<body>

You seem to be mixing up mysqli_stmt and mysqli_result methods.
Try making the following changes:
LIMIT your resultset to one
... FROM table_inventory WHERE id = ? LIMIT 1
Stick with the mysqli_stmt as you seem to be further along with that
$iqry->bind_param('i', $id);
$iqry->execute();
$iqry->bind_result($itemcode, $itemname, $brandname, $quantity);
if (!$iqry->fetch()) {
throw new Exception('No results found for ID ' . $id, 404);
}
// You can now use $itemcode, $itemname, $brandname and $quantity,
// they will all be set
?>
<form ...

Call a variable from function and display in text field oop php

i want to show user specific data in html form(in text fields or in select list)
I have a function ShowUserInformation() in class MyClass:
function ShowUserInformation()
{
$query = "SELECT id, name, email FROM saloni WHERE id = '$_SESSION[ID_korisnika]'";
$result = mysql_query($query);
while($row=mysql_fetch_array($result)):
$id= $row['id'];
$name= $row['name'];
$email = $row['email'];
$address= $row['address'];
$address2= $row['address2'];
$address3= $row['address3'];
endwhile;
return $result;
}
My question is: How can i display value of $name, or $email, $id... on another page in text box or in select list?
If i do it in procedural way it works when i do this:
<input type="text" value="<?php echo $name ?>" name="name" class="" />
But, how can i display the $name,$email,$ID... in oop way? Is there a way to call it directly and not declare it as class variable and then call it.
i've included file, created object...
$my_class = new MyClass; //create an object of class
HTML - i've tried something like this...
<input type="text" value="<?php echo $my_class->ShowUserInformation($name)?>" name="name" class="" />
I'm new in PHP and oop so be easy with me :)
Thank you

If you only plan on one row being returned, then why not use mysql_fetch_assoc()
class MyClass{
public function GetUserInformation(){
$query = "SELECT id, name, email FROM saloni WHERE id = '$_SESSION[ID_korisnika]'";
$result = mysql_query($query);
$info = mysql_fetch_assoc($result);
return $info;
}
}
$class = new MyClass;
$info = $class->GetUserInformation();?>
<input type="text" value="<?php echo $info['id']?>" name="id" class="" />
<input type="text" value="<?php echo $info['name']?>" name="name" class="" />
Note: mysql_* functions are deprecated, and you should move to use MySQLi or PDO

First, change the function to get the data:
function ShowUserInformation()
{
// Assuming you need only one user, I have set "LIMIT" to "1"
$query = "SELECT id, name, email, address, address2, address3 FROM saloni WHERE id = '$_SESSION[ID_korisnika]' LIMIT 1";
$result = mysql_query($query);
return mysql_fetch_array($result);
}
Now, get the information:
$my_class = new MyClass;
$userData = $my_class->ShowUserInformation();
// HTML
<input type="text" value="<?php echo $userData['name']; ?>" name="name" class="" />

kindly try this:
<?php
$show_info=ShowUserInformation();
$data = $show_info->fetchAll(PDO::FETCH_ASSOC);
foreach($data as $row){ ?>
<input type="text" value="<?php $row['name']; ?>" name="name" class="" />
<?php } ?>
OR
<?php $show_info=ShowUserInformation();
while ($row= mysql_fetch_assoc($show_info){ ?>
<input type="text" value="<?php $row['name']; ?>" name="name" class="" />
<?php } ?>

Categories