<form action="book.php" method="post">
<table>
<thead>
<tr>
<td>FlightID</td>
<td>From</td>
<td>Destination</td>
</tr>
</thead>
<tbody>
<tr>
<td name="flightID" value="1">1</td>
<td name="From" value="Sydney">Sydney</td>
<td name="Destination" value="Bali">Bali</td>
<td class="tdBook"><button class="btnBook" type=submit name="booking"> Book </button>
</tr>
<tr>
<td name="flightID" value="2">2</td>
<td name="From" value="London">London</td>
<td name="Destination" value="HongKong">Hong Kong</td>
<td class="tdBook"><button class="btnBook" type=submit name="booking"> Book </button>
</tr>
</tbody>
</table>
</form>
I created a table like this. At the end of each row, it has a book button.
What I am trying to do is when the user clicked the button, the selected row data(ID,From,Des) will pass to the 'book.php', then the PHP file will do the rest of the job.
But I tried to catch the value using $_POST['name'] in 'book.php', like this
<?php
if(isset($_POST['booking'])){
$ID = $_POST['flightID'];
$From = $_POST['From'];
$To = $_POST['Destination'];
}
?>
It shows all of those values are undefined. Any help would be appreciated.
The problem is that the values in <td> cannot be passed from the form to your PHP file by themselves. You could use hidden inputs for this. Additionally, each row in the table should be its own form to assure that all data is not submitted at the same time.
Try this:
<table>
<thead>
<tr>
<td>FlightID</td>
<td>From</td>
<td>Destination</td>
</tr>
</thead>
<tbody>
<tr>
<form action="book.php" method="post">
<td><input type="hidden" name="flightID" value="1">1</td>
<td><input type="hidden" name="From" value="Sydney">Sydney</td>
<td><input type="hidden" name="Destination" value="Bali">Bali</td>
<td class="tdBook"><button class="btnBook" type=submit name="booking"> Book </button>
</form>
</tr>
<tr>
<form action="book.php" method="post">
<td><input type="hidden" name="flightID" value="2">2</td>
<td><input type="hidden" name="From" value="London">London</td>
<td><input type="hidden" name="Destination" value="HongKong">Hong Kong</td>
<td class="tdBook"><button class="btnBook" type=submit name="booking"> Book </button>
</form>
</tr>
</tbody>
i have the same problem as yours and tried to create an answer so i came up with this code to indicate each row in an HTML table with a special name using loops, i can now take the specified row and do as much PHP operations as i can with it without disturbing the table as a whole and it was well synchronized with my database, hope it helps!
and btw the whole "marking each row with a special name" code is in usersTable.php
users.sql
create table users(
id int,
username varchar(50),
password varchar(50)
);
users.php
<?php
$host = "localhost";
$username = "root";
$password = "";
$database = "wdl2hw4db";
$conn = mysqli_connect($host, $username, $password, $database);
if (mysqli_connect_errno()){
die("can't connect to the Database" . mysqli_connect_errno());
}else{
echo "Database is connected" . "<br>";
}
if (isset($_POST['insert'])){
$idN1= $_POST['id'];
$usernameN1 = $_POST['username'];
$passwordN1 = $_POST['password'];
$query = "insert into users(id, username, pass) values ('".$idN1."' , '".$usernameN1."' , '".$passwordN1."' )";
$result = mysqli_query($conn, $query);
}else if (isset($_POST['update'])){
$idN2 = $_POST['id'];
$usernameN2 = $_POST['username'];
$passwordN2 = $_POST['password'];
$query = "update users set pass = '". $passwordN2 ."'where id = " . $idN2;
$result = mysqli_query($conn, $query);
}else if (isset($_POST['Display'])){
header('Location: usersTable.php');
}
echo "<br>";
?>
<form method="post">
ID: <input type="text" name="id" ><br><br>
username: <input type="text" name="username" ><br><br>
password: <input type="password" name="password" ><br><br>
<input type="submit" name="insert" value="insert">
<input type="submit" name="Display" value="Display">
</form>
userTable.php
<?php
$host = "localhost";
$username = "root";
$password = "";
$database = "wdl2hw4db";
$conn = mysqli_connect($host, $username, $password, $database);
$query = "select * from users";
$result = mysqli_query($conn, $query);
echo "<table border=\"6px\"><thead><tr><th>ID</th><th>username</th><th>password</th><th>Delete</th><th>Update</th></tr></thead>";
$i = 1;
while ($row = mysqli_fetch_assoc($result)) {
echo "<tr><form method='post'><td>" . $row['id'] . "</td><td>" . $row['username'] . "</td><td>" . $row['pass'] . "</td><td><input type='submit' name='Delete" . $i . "' value='Delete'></td><td><input type='submit' name='Update" . $i . "' value='Update'><input type='text' name='UpdateText" . $i . "' placeholder='insert new password here'></td></form></tr>";
$i++;
}
echo "</table>";
$i = 1;
$result2 = mysqli_query($conn, $query);
while ($row2 = mysqli_fetch_assoc($result2)) {
if (isset($_POST['Delete' . $i])) {
$usernameN4 = $row2['username'];
$query2 = "delete from users where username ='" . $usernameN4 . "'";
$result2 = mysqli_query($conn, $query2);
header("Refresh:0");
break;
}
$i++;
};
$i = 1;
$result3 = mysqli_query($conn, $query);
while ($row3 = mysqli_fetch_assoc($result3)) {
if (isset($_POST['Update' . $i]) && $_POST['UpdateText' . $i] != null ) {
$id4 = $row3['id'];
$Utext = $_POST['UpdateText' . $i];
$query3 = "update users set pass ='" . $Utext . "' where id = " . $id4;
$result3 = mysqli_query($conn, $query3);
header("Refresh:0");
break;
}
$i++;
};
mysqli_free_result($result);
Related
I am really new to PHP and am messing around with adding and editing database values. I have accomplished adding information to the database, but I cannot seem to figure out how to edit it properly!
I created a file called edit.php and here is the code I have thus far:
<?php
include '../database/connection.php';
$id = $_GET['id'];
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$university_id = $_GET['university_id'];
$sql = "UPDATE master_roster (first_name, last_name, university_id) VALUES ('$first_name', '$last_name', '$university_id') WHERE id = $id";
?>
No error messages of any help are posting. Whenever the form is submitted and is handed off to this file, I just get a blank screen with no results. I cannot seem to figure out what it is I am missing to have it update the content from input fields!
EDIT: I gave all of suggestions a shot but it still does not work! Here is the form that the data is coming from:
<?php
$id = $_GET['id'];
$first_name = $_GET['first_name'];
$last_name = $_GET['last_name'];
$university_id = $_GET['university_id'];
?>
<form action="edit_member.php?id=<?php echo $id; echo "&first_name="; echo $first_name; echo "&last_name="; echo $last_name; echo "&university_id="; echo $university_id; ?>" method="post">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="first_name" value="<?php echo $first_name; ?>"></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="last_name" value="<?php echo $last_name; ?>"></td>
</tr>
<tr>
<td>University ID</td>
<td><input type="text" name="university_id" value="<?php echo $university_id; ?>"></td>
</tr>
<tr>
<td></td>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
I am not too concerned about SQL Injections at this point because I am just trying to learn the basics.
EDIT #2:
LIST.PHP - where the DB pulls all the members
<table>
<tr>
<th>ID</th>
<th>First Name</th>
<th>Last Name</th>
<th>University ID</th>
</tr>
<?php
include '../database/connection.php';
$sql = "SELECT * FROM master_roster";
if($result = mysqli_query($link, $sql)){
if(mysqli_num_rows($result) > 0) {
while($row = mysqli_fetch_array($result)){
echo "<tr>";
echo "<td>" . $row['id'] . "</td>";
echo "<td>" . $row['first_name'] . "</td>";
echo "<td>" . $row['last_name'] . "</td>";
echo "<td>" . $row['university_id'] . "</td>";
echo "<td><a href='form.php?id=" . $row['id'] . "&first_name=" . $row['first_name'] . "&last_name=" . $row['last_name'] . "&university_id=" . $row['university_id'] . "'>Edit</a></td>";
echo "</tr>";
}
echo "</table>";
mysqli_free_result($result);
} else {
echo "No records matching your query were found.";
}
} else{
echo "ERROR: Could not able to execute $sql. " . mysqli_error($link);
}
mysqli_close($link);
?>
EDIT.PHP
<?php
include '../database/connection.php';
$id = mysqli_real_escape_string($_POST['id']);
$first_name = mysqli_real_escape_string($_POST['first_name']);
$last_name = mysqli_real_escape_string($_POST['last_name']);
$university_id = mysqli_real_escape_string($_POST['university_id']);
$sql = "UPDATE master_roster
SET
first_name = '$first_name',
last_name = '$last_name',
university_id = '$university_id'
WHERE
id = $id";
?>
FORM.PHP
<form action="edit.php" method="post">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="first_name"></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="last_name"></td>
</tr>
<tr>
<td>University ID</td>
<td><input type="text" name="university_id"></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
This is the wrong syntax for update. update takes a series of column=value clauses:
UPDATE master_roster
SET first_name = '$first_name',
last_name = '$last_name',
university_id = '$university_id'
WHERE id = $id
Mandatory comment:
Using variable substitutions in strings like that leaves your code vulnerable to SQL injection attacks. You should consider using a prepared statement instead.
You're writing wrong UPDATE statement.
Try this
$sql = "UPDATE master_roster
SET
first_name = '$first_name',
last_name = '$last_name',
university_id = '$university_id'
WHERE
id = $id";
Now execute the query using statement below.
$result = $conn->query($sql);
$result will return true if the insertion is successful and false if not.
Use this to check if it is done or not.
if($result == false){
die( "Connection Failed: ".$conn->error );
}
You should also be prevented from SQL injection.
You can use mysqli_real_escape_string() method.
$first_name = $_GET['first_name'];
$safe_first_name = mysqli_real_escape_string($conn, $first_name);
You can also use parameterized query.
Read this.
Now read the codes below modify your both pages like this.
Form
<form action="edit.php" method="post">
<table>
<tr>
<td>First Name</td>
<td><input type="text" name="first_name"></td>
</tr>
<tr>
<td>Last Name</td>
<td><input type="text" name="last_name"></td>
</tr>
<tr>
<td>University ID</td>
<td><input type="text" name="university_id"></td>
</tr>
<tr>
<td><input type="submit" value="Submit"></td>
</tr>
</table>
</form>
This will update the data.
<?php
include '../database/connection.php';
$id = mysqli_real_escape_string($conn, $_POST['id']);
$first_name = mysqli_real_escape_string($conn, $_POST['first_name']);
$last_name = mysqli_real_escape_string($conn, $_POST['last_name']);
$university_id = mysqli_real_escape_string($conn, $_POST['university_id']);
$sql = "UPDATE master_roster
SET
first_name = '$first_name',
last_name = '$last_name',
university_id = '$university_id'
WHERE
id = $id";
$result = $conn->query($sql);
if($result == false){
die( "Connection Failed: ".$conn->error );
}
?>
I am still learning, can anyone help me, What wrong in my code?
I need to load when you click on the Load button program will search the database ID selected in the dropdown, and them bring the name .. etc and show it on textbox.
Sorry, for my English.
<?php
$servername = "localhost";
$username = "estgv15592";
$password = "estgv155922016";
$dbname = "estgv15592";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST["loadbtn"]))
{
$id = (integer) $_POST["id"];
$query = "SELECT NOME, MORADA, PRECO FROM FICHA_DE_OBRA WHERE ID_FICHAOBRA = '$id' ";
$result = mysqli_query($conn, $query);
$details = mysql_fetch_array($result);
$nome = $details["NOME"];
$morada = $details["MORADA"];
$preco = $details["PRECO"];
}
$sql = "SELECT * FROM FICHA_DE_OBRA";
$result = mysqli_query($conn, $sql);
echo '<form id="form" method="post">';
echo "<select name ='id'>";
echo "<option value=''>Selecione Número ficha Obra</option>";
while($row = mysqli_fetch_array($result))
{
echo "<option value='" . $row['ID_FICHAOBRA'] . "'>" . $row['ID_FICHAOBRA'] . "</option>";
}
echo "</select>";
$conn->close();
?>
<input type="submit" value="Load" name="loadbtn">
<table width="300" border="0">
<tr>
<td>Name</td>
<td><input type="text" name="upName" style="text-align:right" value="<?php echo $nome;?>"/></td>
</tr>
<tr>
<td>Cost</td>
<td><input type="text" name="upCost" style="text-align:right" value="<?php echo $morada;?>" /></td>
</tr>
<tr>
<td>Active</td>
<td><input type="text" name="upActive" style="text-align:right" value="<?php echo $preco;?>" /></td>
</tr>
</table>
</div>
<br/>
</form>
You are not using proper php tag: (e.g. <?php echo $preco;?>):
<tr>
<td>Name</td>
<td><input type="text" name="upName" style="text-align:right" value="<?php echo $nome; ?>"/></td>
</tr>
<tr>
<td>Cost</td>
<td><input type="text" name="upCost" style="text-align:right" value="<?php echo $morada; ?>" /></td>
</tr>
<tr>
<td>Active</td>
<td><input type="text" name="upActive" style="text-align:right" value="<?php echo $preco; ?>" /></td>
</tr>
Use mysqli_query and mysqli_fetch_array function and note that first argument in mysqli_query should be the connection object where you made the mistake:
$result = mysqli_query($conn, $query); // first PHP block
$result = mysqli_query($conn, $sql); // second PHP block
$details = mysqli_fetch_array($result); // first PHP block
$row = mysqli_fetch_array($result) // second PHP block
And move below lines to the top of your first PHP block, or $conn would be undefined in your first PHP block:
$servername = "localhost";
$username = "estgv15592";
$password = "your_password";
$dbname = "estgv15592";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
The problem is came from your connection to database you use mysqli in connection but you when call queries you use mysql.
This is the code
<?php
$servername = "localhost";
$username = "estgv15592";
$password = "********";
$dbname = "estgv15592";
$conn = mysql_connect($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
if(isset($_POST["loadbtn"]))
{
$id = intval($_POST["id"]);
$query = "SELECT NOME, MORADA, PRECO FROM FICHA_DE_OBRA WHERE ID_FICHAOBRA = '$id' ";
$result = mysql_query($query, $conn);
$details = mysql_fetch_array($result);
$nome = $details["NOME"];
$morada = $details["MORADA"];
$preco = $details["PRECO"];
}
?>
<?php
$sql = "SELECT * FROM FICHA_DE_OBRA";
$result = $conn->query($sql);
echo '<form id="form" method="post">';
echo "<select name ='id'>";
echo "<option value=''>Selecione Número ficha Obra</option>";
while($row = mysqli_fetch_array($result))
{
echo "<option value='" . $row['ID_FICHAOBRA'] . "'>" . $row['ID_FICHAOBRA'] . "</option>";
}
echo "</select>";
$conn->close();
?>
<input type="submit" value="Load" name="loadbtn">
<table width="300" border="0">
<tr>
<td>Name</td>
<td><input type="text" name="upName" style="text-align:right" value="<? echo $nome; ?>" /></td>
</tr>
<tr>
<td>Cost</td>
<td><input type="text" name="upCost" style="text-align:right" value="<? echo $morada; ?>" /></td>
</tr>
<tr>
<td>Active</td>
<td><input type="text" name="upActive" style="text-align:right" value="<? echo $preco; ?>" /></td>
</tr>
</table>
</div>
<br/>
</form>
</body>
</html>
</div>
this method you use to get data not secure. I advise you to learn pdo or prepared statement with mysqli
I have added a foreign key in a table. Now, when I try to insert data from my form into the database, it doesn't work. I think the issue might be with the foreign key called 'register_id'. How can this issue be solved?
My code:
<?php
$username = "root";
$password = "";
$hostname = "localhost";
$dbhandle = mysql_connect($hostname, $username, $password) or die("cannot connect to database");
$selected = mysql_select_db("audit", $dbhandle);
$strQuery = 'SELECT * FROM schedule';
$retval = mysql_query($strQuery, $dbhandle);
if (!$retval) {
die('Could not get data: ' . mysql_error());
}
//insert code
if (isset($_POST['schedule'])) {
//$id = ($_POST['id']);
$_SESSION['company_session'] = $_POST['company_name'];
$_SESSION['auditor_session'] = $_POST['auditor_name'];
$_SESSION['date_session'] = $_POST['audit_date'];
$_SESSION['time_session'] = $_POST['audit_time'];
$_SESSION['status_session'] = $_POST['audit_status'];
$company_session = $_SESSION['company_session'];
$auditor_session = $_SESSION['auditor_session'];
$date_session = $_POST['audit_date'];
$time_session = $_POST['audit_time'];
$status_session = $_SESSION['status_session'];
mysql_query("INSERT INTO schedule (company_name,auditor_name,audit_date,audit_time,audit_status) VALUES ('$company_session','$auditor_session','$date_session','$time_session','$status_session')");
//echo ("New Process Created successfully");
header('Location: ?');
}
?>
//html code
<div class="form-group"><br>
<table class="table">
<tr><input class="form-control" type="hidden" name="id"></tr>
<tr><input class="form-control" type="hidden" name="register_id"></tr>
<?php
$connect = mysql_connect("localhost", "root", "") or die("Could not connect to the database");
mysql_select_db("audit") or die("could not find db");
$query = mysql_query("SELECT fullname FROM register WHERE register_id ='" . $_SESSION['register_id'] . "'");
$numrows = mysql_num_rows($query);
if ($numrows != 0) {
$row = mysql_fetch_assoc($query);
$name = $row['fullname'];
}
?>
<tr>
<td><label>Company Name:</label></td>
<td><input class="form-control" type="text" name="company_name" required="true"></td>
<td><label>Assigned Auditor:</label></td>
<?php echo "<td><input class='form-control' name='auditor_name' value='$name' required='true'/></td>" ?>
</tr>
<tr>
<td><label>Scheduled Date:</label></td>
<td><input class="form-control" type="date" name="audit_date" min="2000-01-02" required="true"></td>
<td><label>Scheduled Time:</label></td>
<td><input class="form-control" type="time" name="audit_time" required="true"></td>
</tr>
<tr>
<td><label>Status:</label></td>
<td><input class="form-control" type="text" name="audit_status" value="Not started" required="true"></td>
<td></td>
<td><button class="btn btn-primary" type="submit" name="schedule" value="submit">Schedule</button> <input class="btn btn-primary" type='submit' value='Update' name='update' /> <input class="btn btn-primary" type='submit' value='Delete' name='delete' /> <input class="btn btn-primary" type='submit' value='Reset' name='reset' /></td>
</tr>
</div>
</table>
</div>
</form>
I have virtually no programming experience and trying this first project, I am a bit stuck on how to update the database, so I click on edit and the correct record gets loaded into the edit screen update.php
When I click update, I get the message from updated.php saying that the database has been updated, but the database does not get updated, when I display the records they are the same as before the update, thanks in advance for all your help.
the following code:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"
"http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<title>Form Edit Data</title>
</head>
<body>
<table border=1>
<tr>
<td align=center>Form Edit Employees Data</td>
</tr>
<tr>
<td>
<table>
<?
$user_name = "";
$password = "";
$database = "";
$server = "localhost";
mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database);
$id = $_GET['id'];
$order = "SELECT * FROM MY_ID where ID = ' " .$id . " ' ";
$result = mysql_query($order);
$row = mysql_fetch_array($result);
?>
<form method="post" action="edit_data.php"?id=<?= $id ?>>
<input type="text" name="id" value="<? echo "$row[ID]"?>">
<tr>
<td>First Name</td>
<td>
<input type="text" name="FirsName" size="20" value="<? echo "$row[FirstName]"?>">
</td>
</tr>
<tr>
<td>Sur Name</td>
<td>
<input type="text" name="SurName" size="40" value="<? echo "$row[SurName]"?>">
</td>
</tr>
<tr>
<td>Address</td>
<td>
<input type="text" name="Address" size="40" value="<? echo "$row[Address]"?>">
</td>
</tr>
<tr>
<td align="right">
<input type="submit" name="submit" value="submit">
</td>
</tr>
</form>
</table>
</td>
</tr>
</table>
</body>
</html>
and here is the other file
<?php
$user_name = "";
$password = "";
$database = "";
$server = "";
mysql_connect($server, $user_name, $password);
$db_found = mysql_select_db($database);
$id = $_REQUEST['ID'];
$FirstName = trim(mysql_real_escape_string($_POST["FirstName"]));
$SurName = trim(mysql_real_escape_string($_POST["SurName"]));
$Address = trim(mysql_real_escape_string($_POST["Address"]));
$sql = "UPDATE MY_ID SET FirstName='$FirstName',SurName='$SurName',Address='$Address' WHERE ID='$id'";
$result=mysql_query($sql);
if ($result){
echo "Successful";
echo "<BR>";
echo "<a href='edit.php'>View result</a>";
}
else {
echo "ERROR";
}
?>
Looks like you forget the double quotation mark and the full stop. You should write it as: '".$example."'
$sql = "UPDATE MY_ID SET FirstName='".$FirstName."',SurName='".$SurName."',Address='".$Address.:' WHERE ID='".$id."'";
It is because your form method is POST, and you are trying to GET ID.
Probably ID returns null.
My suggestion is to put a hidden input in your form as with name="ID", then read it in your posted page as $_POST["ID"];
Yes, the answer is as Mansours said. You should not use single quota to your variable.
So, it's bad practice writing code something like this:
<input type="text" value="<?php echo "$row[name]"; ?>">
it should be
<input type="text" value="<?php echo $row['name']; ?>">
it would be clear, and also, when inserting or updating the record you should write as follow:
$sql = "UPDATE MY_ID SET FirstName='" . $FirstName . "',
SurName='" . $SurName . "',
Address='" . $Address . "'
WHERE ID='" . $id . "'";
mysql_query($sql);
There is a table:
|id name surname email |
|1 john surjohn #mail.com|
|2 peter pet #mail.com|
|.........................|
PHP:
<?php
if(isset($_POST['update']))
{
...
$conn = mysql_connect($dbhost, $dbuser, $dbpass);
if(! $conn )
{
die('Could not connect: ' . mysql_error());
}
$id = $_POST['id'];
$name = $_POST['name'];
$surname = $_POST['surname'];
$mail = $_POST['mail'];
$sql = "UPDATE emps ".
"SET name= '$name', surname'$surname', email='$mail' ".
"WHERE Id = $id" ;
mysql_select_db('dbase');
$retval = mysql_query( $sql, $conn );
if(! $retval )
{
die('Could not update data: ' . mysql_error());
}
echo "blablablabla ! \n";
mysql_close($conn);
}
else
{
?>
<form method="post" action="<?php $_PHP_SELF ?>">
<fieldset style="width: 350px" >
<table width="400" border="0" cellspacing="1" cellpadding="2">
<tr>
<td width="100">Id </td>
<td><input name="id" type="text" id="id" value=""></td>
</tr>
<tr>
<td width="100">name</td>
<td><input type="text" maxlength="15" name="name" value="" ></td>
</tr>
<tr>
<td width="100">surname</td>
<td><input type="text" maxlength="40" name="surname" value="" ></td>
</tr>
<tr>
<td width="100"> </td>
<td>
<input name="update" type="submit" id="update" value="update">
</td>
</tr>
</table>
</fieldset>
</form>
<?php
}
?>
}
In this form i need update all fields otherwise, updated table can have null values.
I want for example, update name field, but leave surname, email existing values. ideas?
Could try something like this:
$id = $_POST['id'];
$name = $_POST['name'];
$surname = $_POST['surname'];
$mail = $_POST['mail'];
$sql = "UPDATE emps SET";
$moresql = '';
if(isset($name) && !empty($name)) {
$moresql .= " name = '$name'";
}
if(isset($surname) && !empty($surname)) {
if ($moresql) $moresql .= ',';
$moresql .= " surname = '$surname'";
}
if(isset($mail) && !empty($mail)) {
if ($moresql) $moresql .= ',';
$moresql .= " mail = '$mail'";
}
$sql .= $moresql;
$sql .= " WHERE Id = '$id'";
This is untested though.
Karl's idea is the way to go, but it can be refactored this way:
$id = $_POST['id'];
$sql = "UPDATE emps SET";
$fieldValuePairs = array();
foreach($_POST as $key => value)
if($key != 'id')
$fieldValuePairs[] = "'$key' = '$value'";
$sql .= " ". implode(',', $fieldValuePairs)." WHERE id = $id";
Note: this works only if you use input names (in the form) equal the column names (in the database).
Have a great day.