The button does not send data to the database

Links for php scripts

Moderators: gesf, Michalio

Post Reply
kemeemek

Hello, would someone be so nice and tell me why after pressing the button it does not send data?

Code: Select all


<?php

include "connect.php";

$id = (isset($_POST['ID']) ? $_POST['ID'] : '');

$qry = mysqli_query($conn,"select * from podstawowa where id='$id'");

$data = mysqli_fetch_array($qry);

if(isset($_POST["update"]))
{
    $id = $_POST['ID'];
    $tytul = $_POST['Tytuł'];
    $gatunek = $_POST['Gatunek'];
    $dataw = $_POST['Data_wykonania'];
    $platforma = $_POST['Platforma'];
    $nosnik = $_POST['Nośnik'];
    $srednia = $_POST['Średnia_ocena'];
	
    $edit = mysqli_query($conn,"UPDATE `podstawowa` SET `Tytuł`='$tytul',`Gatunek`='$gatunek',`Data wykonania`='$dataw',`Platforma`='$platforma',`Nośnik`='$nosnik',`Średnia ocena`='$srednia' where id='$id'"); var_dump($edit);
	
    if($edit)
    {
        echo("Zmodyfikowano");
        mysqli_close($conn);
        header("location:update.php");
        exit;
    }
    else
    {
        echo mysqli_error();
    }    	
}
?>

<h3>Update Data</h3>

<form method="POST" action="edytuj.php">
  <input type="hidden" name="ID">
  <input type="text" name="Tytuł" value="<?php echo $data['Tytuł'] ?>" placeholder="Wprowadź tytuł" Required>
  <input type="text" name="Gatunek" value="<?php echo $data['Gatunek'] ?>" placeholder="Wprowadź gatunek" Required>
  <input type="date" name="Data_wykonania" value="<?php echo $data['Data_wykonania'] ?>" placeholder="Wprowadź datę wydania" Required>
  <input type="text" name="Platforma" value="<?php echo $data['Platforma'] ?>" placeholder="Wprowadź platformę" Required>
  <input type="text" name="Nośnik" value="<?php echo $data['Nośnik'] ?>" placeholder="Wprowadź nośniki" Required>
  <input type="number" name="Średnia_ocena" step="any" value="<?php echo $data['Średnia_ocena'] ?>" placeholder="Wprowadź średnią ocenę" Required>
  <input type="submit" name="update" value="Edytuj">


</form>
User avatar
Michalio
Moderator
Moderator
Posts: 339
Joined: Sun Jul 18, 2021 1:33 pm
Location: Poland

The $_POST['ID'] seems to be empty (the form input contains only the name).
Additionally you should NEVER trust the data from a user. Read more about binding parameters to the query and sql injection vulnerability

Binding params:
https://www.php.net/manual/en/mysqli-stmt.bind-param.php
SQL Injection:
https://owasp.org/www-community/attacks/SQL_Injection
https://pl.wikipedia.org/wiki/SQL_injection
Free coding lessons: https://php-forum.com/phpforum/viewtopic.php?t=29852
Post Reply