How should I fix this mysqli prepare statement? - php

I'm very new to PHP and SQL. For a school assignment, I need to create a form for users to update customer data. However, I notice that the update function only updates the customer with the last ID in the data set. For example, if I have 4 customers in the data set. I used a drop down box t list the customer id. When I select id, 1 ~ 3, it says that 0 row is updated. It only works when I select id, 4. So I can only update the 4th one. Can someone take a look at my code and give me some tips on what the issue is and how to fix it? Thank you!
Here is the "updatecustomer.php" code:
<?php
//Turn on error reporting
ini_set('display_errors', 'On');
//Connects to the database
$mysqli = new mysql(SERVER_NAME, USERNAME,PASSWORD, DATABASE);
if($mysqli->connect_errno){
echo "Connection error " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if(!($stmt = $mysqli->prepare("UPDATE customer SET fName=?, lName=?, email=?, phone_number=?, address_no=?, address_street1=?,
address_street2=?, address_city=?, address_state=?, address_zip=? WHERE customer_id = ?"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!($stmt->bind_param("isssiissssi",$_POST['customer_id'],$_POST['fName'],$_POST['lName'],$_POST['email'],$_POST['phone_number'], $_POST['address_no'],
$_POST['address_street1'],$_POST['address_street2'],$_POST['address_city'],$_POST['address_state'], $_POST['address_zip']))){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $stmt->errno . " " . $stmt->error;
} else {
echo "Updated " . $stmt->affected_rows . " rows to customer.";
}
?>
Here is part of the code in my form:
<div>
<form method="post" action="updatecustomer.php">
<fieldset>
<legend>Update Existing Customer</legend>
<li>Customer ID:
<select name="customer_id">
<?php
if(!($stmt = $mysqli->prepare("SELECT customer_id, customer_id FROM customer"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if(!$stmt->bind_result($customer_id, $customer_id)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
while($stmt->fetch()){
echo '<option value=" '. $customer_id . ' "> ' . $customer_id . '</option>\n';
}
$stmt->close();
?>
</select>
</li>
<li>First Name: <input type="text" name="fName"> Last Name: <input type="text" name="lName"</li>
<li>Email Address: <input type="text" name="email"></li>
<li>Phone Number: <input type="text" name="phone_number"></li>
<li>Street Number: <input type="text" name="address_no"> Street Line 1: <input type="text" name="address_street1"></li>
<li>Street Line 2 (Apt or Unit Number): <input type="text" name="address_street2"></li>
<li>City: <input type="text" name="address_city"> State: <input type="text" name="address_state"> Zip: <input type="text" name="address_zip"> </li>
</fieldset>
<input type="submit" name="update" value="Update Customer">
<input type="submit" name="delete" value="Delete Customer">
</div>

Check the order of variables in your $stmt->bind_param line.

Try this: I have made the code neater, and easier to understand, and reordered the customer ID in the bind_param() method.
$stmt = $mysqli->prepare("
UPDATE customer
SET fName=?,
lName=?,
email=?,
phone_number=?,
address_no=?,
address_street1=?,
address_street2=?,
address_city=?,
address_state=?,
address_zip=?
WHERE customer_id = ?
");
if(!$stmt){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
$paramBinding = $stmt->bind_param("sssiissssii",
$_POST['fName'],
$_POST['lName'],
$_POST['email'],
$_POST['phone_number'],
$_POST['address_no'],
$_POST['address_street1'],
$_POST['address_street2'],
$_POST['address_city'],
$_POST['address_state'],
$_POST['address_zip'],
$_POST['customer_id']
);
if(!$paramBinding){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;
}
EDIT
Then when looping through the options:
foreach($stmt->fetch() AS $row){
echo '<option value="'. $row['customer_id'] . '"> ' . $row['customer_id'] . '</option>\n';
}

Related

How to extract multiple values into select form and then add them again into new table?

//Connects to the database
$mysqli = new mysqli(DB_HOST,DB_USER,DB_PASSWORD,DB_DB);
if($mysqli->connect_errno){
echo "Connection error " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if (isset($_POST['points']) & isset($_POST['user'])) {
if(!($stmt = $mysqli->prepare("INSERT INTO penalty (user_id, first_name, last_name, name, value) VALUES (?, ?, ?, ?, ?);"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!($stmt->bind_param("sssss",$_POST['points'],$_POST['user']))){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $stmt->errno . " " . $stmt->error;
} else {
$stmt->close();
header('Location: GivePoints1.php');
echo "Added successfully";
exit();
}
$stmt->close();
}
<form class="form-horizontal" action="GivePoints1.php" method="post">
<div class="form-group">
<label class="control-label col-sm-2">Penalty:</label>
<select name="points[]" id="points">
<?php
//Prepare SELECT statement for user's name
if(!($stmt = $mysqli->prepare("SELECT name, value FROM points"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
//Execute the SELECT statement
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
//Bind values to variables
if(!$stmt->bind_result($name, $value)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
//Output name
while($stmt->fetch()){
echo'<option value=" '.$name.' "> '.$name.' - ' . $value .' Pts </option>';
}
$stmt->close();
?>
</select>
</div>
<div class="form-group">
<label class="control-label col-sm-2">Give To:</label>
<select name="user[]" id="user">
<?php
//Prepare SELECT statement for user's name
if(!($stmt = $mysqli->prepare("SELECT id, first_name, last_name FROM award_user"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
//Execute the SELECT statement
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
//Bind values to variables
if(!$stmt->bind_result($id, $first_name, $last_name)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
//Output name
while($stmt->fetch()){
echo'<option value=" '.$id.' "> '.$first_name.' ' . $last_name .' </option>';
}
$stmt->close();
?>
</select>
</div>
<div class="form-group">
<div class="col-sm-offset-2 col-sm-10">
<button type="submit" class="btn btn-lg btn-primary ">Submit</button>
</div>
</div>
</form>
Can someone guide me to the right road?
I need to add those values into new table where id would be user_id (id extracted from award_user table change into user_id in penalty table)
I need to inser id - as user_id, first_name, last_name, name and value into table penalty. it prints select no problem but wouldn't add anything to new table
im trying to do it for a good while now and no luck. i will appriciate some explanation

PHP update query not reaching database

I am having an issue with my php/mysql UPDATE query not reaching my database. I know this probably has a simple fix I just cannot seem to find where my mistake is, here is my code:
This is the form I am using to send the data:
<?php
if(!($stmt = $mysqli->prepare("SELECT bowl_games.id, bowl_games.name, stadiums.name, bowl_games.inaugural_year FROM bowl_games
INNER JOIN stadiums ON stadiums.id = bowl_games.stadium_id
WHERE bowl_games.id = ? "))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!($stmt->bind_param("i", $_POST['bowl_game']))){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if(!$stmt->bind_result($id, $name, $stadium, $inauguralyear)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
while($stmt->fetch()){
}
?>
<div class="container">
<form method="post" action="update_bowl_game_2.php">
<fieldset> <legend>Update Bowl Game</legend>
<div class="form-group row">
<label class="col-sm-2 col-form-label">Name</label>
<div class="col-sm-10">
<input type="text", class="form-control", name="Name", value="<?php echo $name?>"/>
</div>
</div>
<div class="form-group row">
<label class="col-sm-2 col-form-label">Stadium</label>
<div class="col-sm-10">
<select name="Stadium">
<?php
if(!($stmt = $mysqli->prepare("SELECT id, name FROM stadiums ORDER BY name"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if(!$stmt->bind_result($id, $sname)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
while($stmt->fetch()){
if($sname === $stadium){
echo "<option value=\"" . $id . "\" selected>" . $sname . "</option>";
} else {
echo "<option value=\"" . $id . "\">" . $sname . "</option>";
}
}
$stmt->close();
?>
</select>
</div>
</div>
<div class="form-group row">
<label class="col-sm-2 col-form-label">Inaugural Year</label>
<div class="col-sm-10">
<input type="number", class="form-control", name="InauguralYear", value="<?php echo $inauguralyear?>"/>
</div>
</div>
<input type="hidden" name="id" value="<?php echo $id?>"/>
<div class="form-group row">
<div class="offset-sm-2 col-sm-10">
<button type="submit" class="btn btn-primary">Update Bowl Game</button>
</div>
</div>
</fieldset>
</form>
</div>
<?php
$mysqli = "SELECT bowl_games.id, bowl_games.name, stadiums.name, bowl_games.inaugural_year FROM bowl_games
INNER JOIN stadiums ON stadiums.id = bowl_games.stadium_id"
?>
And here is the php code that should update the entry in the database:
<?php
//Turn on error reporting
ini_set('display_errors', 'On');
//Connects to the database
$mysqli = new mysqli("oniddb.cws.oregonstate.edu","dejarnen-db","*hidden*","dejarnen-db");
if(!$mysqli || $mysqli->connect_errno){
echo "Connection error " . $mysqli->connect_errno . " " . $mysqli- >connect_error;
}
if(!($stmt = $mysqli->prepare("UPDATE bowl_games SET name=?, stadium_id=?, inaugural_year=? WHERE id= ?"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!($stmt- >bind_param("siii",$_POST['Name'],$_POST['Stadium'],$_POST['InauguralYear'],$_POST['id']))){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $stmt->errno . " " . $stmt->error;
} else {
echo "Updated " . $stmt->affected_rows . " rows in bowl games.";
}
?>
When I submit the form, if the selected entry has been successfully updated, I should see the message "Updated 1 rows in bowl games." Instead, I get the message "Updated 0 rows in bowl games."
Can anyone point me in the right direction with this issue that I am having? Thanks
In the form, you use a variable named $id for two different purposes:
For the id of the game
For the id of the stadium
First you retrieve the id for the game into the variable, then you retrieve the ids of the stadiums into the variable, then you use the variable to create the hidden input for the game id.
By the time you write the hidden input, the $id variable contains an id of a stadium.
One possible solution: When listing the stadiums, use a separate variable name:
<select name="Stadium">
<?php
if(!($stmt = $mysqli->prepare("SELECT id, name FROM stadiums ORDER BY name"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if(!$stmt->bind_result($stadium_id, $sname)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
while($stmt->fetch()){
if($sname === $stadium){
echo "<option value=\"" . $stadium_id . "\" selected>" . $sname . "</option>";
} else {
echo "<option value=\"" . $stadium_id . "\">" . $sname . "</option>";
}
}
$stmt->close();
?>
</select>
Generally, it is a good idea to use variable names that are specific. So, instead of "$name", use "$stadium_name" and so on. The only exception to that rule is when you have local variables in a function that is very short.
Another possible solution would be to write the hidden input earlier, before filling the select with stadiums.
Firstly check $_POST data not null then use bind param like sssi.
//example
if(!($stmt- >bind_param("sssi", $_POST['Name'], $_POST['Stadium'], $_POST['InauguralYear'], $_POST['id']))){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;

how to pass a id variable to a query in php/mysqli?

Can someone tell me how I can pass an ID to an UPDATE query in PHP/MySQL? Every time I select "ID #3" in the drop down box of a form, my update query always reads ID #1. I believe the problem is somewhere in the code below. I've been stuck with this for 2 days. I can't tell what I'm missing in my code. Your help is greatly appreciated.
<div>
<form method="post" action="updatecustomer.php">
<fieldset>
<legend>Update Existing Customer</legend>
<li>Customer ID:
<select name="customer_id">
<?php
if(!($stmt = $mysqli->prepare("SELECT customer_id FROM customer"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if(!$stmt->bind_result($customer_id)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
while($stmt->fetch()){
echo '<option value=".$customer_id."> '.$customer_id.'</option>\n';
}
$stmt->close();
?>
</select>
</li>
<li>First Name: <input type="text" name="fName"> Last Name: <input type="text" name="lName"</li>
<li>Email Address: <input type="text" name="email"></li>
<li>Phone Number: <input type="text" name="phone_number"></li>
<li>Street Number: <input type="text" name="address_no"> Street Line 1: <input type="text" name="address_street1"></li>
<li>Street Line 2 (Apt or Unit Number): <input type="text" name="address_street2"></li>
<li>City: <input type="text" name="address_city"> State: <input type="text" name="address_state"> Zip: <input type="text" name="address_zip"> </li>
</fieldset>
<input type="submit" name="update" value="Update Customer">
</div>
Here is the updatecustomer.php file:
<?php
//Turn on error reporting
ini_set('display_errors', 'On');
if(!($stmt = $mysqli->prepare("UPDATE customer SET fName=?, lName=?, email=?, phone_number=?, address_no=?, address_street1=?,
address_street2=?, address_city=?, address_state=?, address_zip=? WHERE customer_id=?"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
echo $_POST['customer_id'];
if(!($stmt->bind_param("sssiissssii",$_POST['fName'],$_POST['lName'],$_POST['email'],$_POST['phone_number'], $_POST['address_no'],
$_POST['address_street1'],$_POST['address_street2'],$_POST['address_city'],$_POST['address_state'], $_POST['address_zip'], $_POST['customer_id']))){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $stmt->errno . " " . $stmt->error;
} else {
echo "Updated " . $stmt->affected_rows . " rows to customer.";
}
$stmt->close();
?>
The first part of this line is single-quoted :
echo '<option value=".$customer_id."> '.$customer_id.'</option>\n';
That means that the variable "$customer_id" for the value will not be expanded as per the doc
Try with a double enquoted string like this :
echo "<option value=\"$customer_id\" >$customer_id</option>\n";

How can I update data for a selected row?

I'm learning PHP, html, and sql. I am trying to create a form that allows users to update data on existing customers. I was wondering what went wrong with my code because every time I tried to make changes on an existing customer, the changes are reflected on the first customer of the data set. For example, when I changed the data for customer ID #14, the changes are shown in customer ID #1. Customer ID #14 still holds the old data. Here is my code. Can someone give me some tips on how to fix it? I spent hours on this, but I don't know what I'm missing. Thanks a lot!
This is part of the code in the main.php file.
<div>
<form method="post" action="updatecustomer.php">
<fieldset>
<legend>Update Existing Customer</legend>
<li>First Name: <input type="text" name="fName"> Last Name: <input type="text" name="lName"</li>
<li>Email Address: <input type="text" name="email"></li>
<li>Phone Number: <input type="text" name="phone_number"></li>
<li>Street Number: <input type="text" name="address_no"> Street Line 1: <input type="text" name="address_street1"></li>
<li>Street Line 2 (Apt or Unit Number): <input type="text" name="address_street2"></li>
<li>City: <input type="text" name="address_city"> State: <input type="text" name="address_state"> Zip: <input type="text" name="address_zip"> </li>
<li>Customer ID:
<select name="customer_id">
<?php
if(!($stmt = $mysqli->prepare("SELECT customer_id, customer_id FROM customer"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if(!$stmt->bind_result($customer_id, $customer_id)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
while($stmt->fetch()){
echo '<option value=" '. $customer_id . ' "> ' . $customer_id . '</option>\n';
}
$stmt->close();
?>
</select>
</li>
</fieldset>
<input type="submit" name="update" value="Update Customer">
</div>
Here is the updatecustomer.php code:
if(!($stmt = $mysqli->prepare("UPDATE customer SET fName=?, lName=?, email=?, phone_number=?, address_no=?, address_street1=?,
address_street2=?, address_city=?, address_state=?, address_zip=? WHERE customer_id =?"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!($stmt->bind_param("sssiissssii",$_POST['fName'],$_POST['lName'],$_POST['email'],$_POST['phone_number'], $_POST['address_no'],
$_POST['address_street1'],$_POST['address_street2'],$_POST['address_city'],$_POST['address_state'], $_POST['address_zip'], $_POST['customer_id']))){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $stmt->errno . " " . $stmt->error;
} else {
echo "Updated " . $stmt->affected_rows . " rows to customer.";
}
Not sure, but try to remove spaces here first value=" '. $customer_id . ' " because this will send you a string type value like string(4) " 14 ". I'd go for intval($_POST['customer_id']) next.

What's wrong with my php/sqli update query? (Update query can't read customer_ID correctly)

I'm a beginner in php/mysqli. I've been trying to create a form that allows users to update customer data. I believe my php code is correct, but every time I make changes to a customer, all the new data is shown in the record of the first customer in the dataset. Can you take a look at my code below and give me some guidance on what I'm missing? Thanks!
Here is part of the main.php file
<div>
<form method="post" action="updatecustomer.php">
<fieldset>
<legend>Update Existing Customer</legend>
<li>Customer ID:
<select name="customer_id">
<?php
if(!($stmt = $mysqli->prepare("SELECT customer_id, customer_id FROM customer"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
if(!$stmt->bind_result($customer_id, $customer_id)){
echo "Bind failed: " . $mysqli->connect_errno . " " . $mysqli->connect_error;
}
while($stmt->fetch()){
echo '<option value=" '. $customer_id . ' "> ' . $customer_id . '</option>\n';
}
$stmt->close();
?>
</select>
</li>
<li>First Name: <input type="text" name="fName"> Last Name: <input type="text" name="lName"</li>
<li>Email Address: <input type="text" name="email"></li>
<li>Phone Number: <input type="text" name="phone_number"></li>
<li>Street Number: <input type="text" name="address_no"> Street Line 1: <input type="text" name="address_street1"></li>
<li>Street Line 2 (Apt or Unit Number): <input type="text" name="address_street2"></li>
<li>City: <input type="text" name="address_city"> State: <input type="text" name="address_state"> Zip: <input type="text" name="address_zip"> </li>
</fieldset>
<input type="submit" name="update" value="Update Customer">
</div>
Here is the updatecustomer.php
<?php
if(!($stmt = $mysqli->prepare("UPDATE customer SET fName=?, lName=?, email=?, phone_number=?, address_no=?, address_street1=?,
address_street2=?, address_city=?, address_state=?, address_zip=? WHERE customer_id=?"))){
echo "Prepare failed: " . $stmt->errno . " " . $stmt->error;
}
if(!($stmt->bind_param("sssiissssii",$_POST['fName'],$_POST['lName'],$_POST['email'],$_POST['phone_number'], $_POST['address_no'],
$_POST['address_street1'],$_POST['address_street2'],$_POST['address_city'],$_POST['address_state'], $_POST['address_zip'], $_POST['customer_id']))){
echo "Bind failed: " . $stmt->errno . " " . $stmt->error;
}
if(!$stmt->execute()){
echo "Execute failed: " . $stmt->errno . " " . $stmt->error;
} else {
echo "Updated " . $stmt->affected_rows . " rows to customer.";
echo $_POST['customer_id'];
}
$stmt->close();
?>
I would suggest that you bind your own defined variables as parameters instead of the actual $_POST data.
if($stmt->bind_param("sssiissssii",$fname,$lname$email, ... ,$customerid))
{
$fname = $_POST['fname'];
$lname = $_POST['lname'];
$email = $_POST['email'];
...
$customerid = $_POST['customer_id'];
}
else
{
//error message here then exit
}
It has something to do with the internals of the bind_param method.
Please give it a try then let me know how it goes.
Also, the way you test you do error handling in updatecustomer.php could use some changes. If the prepare statement fails, its already a given that everything after it will fail. Same goes for the succeeding method calls. They will fail if the method before them fails, might be better if you exit() after printing the error message to reduce the mess your code makes.

Categories