PDO Update - Html Form- Newbie Question

PHP
1

Hello guys,

I am able to update a record using PHP code, but what I would like to do is create an individual file in which it will hold my html form(or even php form).

I know my update code works, as I was able to change a students ‘forename’ from ‘Ann’ to ‘x’, but I would like to represent this by giving the admin the ability to use a form to update user’s that way.

Admin would be able to change the users Forename and Surname (obvs, later on it could grow into password, id etc)

Any help would be appreciated, I’m just going in circles.

p.s. ignore some of the //comments please, wrong wording.

Update.php



	<form action="" method="post">
	Forename:<input type="text" name="forename">
	Surname: <input type="text" name="surname">
	<input type="submit" name="update"></form>
<?php
// Connect to the student database
try {


	// make the functions in myfunctions.php accessible to us
	include ('connect_db.php');
	// call the getConnection function we wrote that returns a database connection and store it in the variable $db
	$db = getConnection();
	// Set up the SQL to query the database to get the module levels

	/*** INSERT data ***/
	$count = $db->exec("UPDATE student SET forename='' WHERE forename=''");

	/*** echo the number of affected rows ***/
	echo $count;

	/*** close the database connection ***/
	$dbh = null;
}
catch(PDOException $e)
{
	echo $e->getMessage();
}
?>
2

Your form is using the POST method (rather than GET).

This means you access the incoming variables like this

$_POST[‘forename’];

You want to update a single record.

Lets say the record in your database is like this


students_table
===========
id
forename
surname

Your PDO example uses something which expects values like:

“UPDATE student SET forename=‘x’ WHERE forename=''sue”

What if you have more than one person called “sue”?

Hence the common wisdom is that you give every row a unique identifier (although you could use a combination of fields as the unique index, lets stick with an id).

Your problem originates from your form not having the capacity to remember or pass on the id of the student.

Let say sue is student id 23, you want to make a form that contains this data:


<form method ="post" action="">
<input type="text" name="forename" value="sue">
<input type="text" name="surname" value="baloo">
<input type=hidden name="id" value="23">
<input type-"submit">
</form>

When that form is submitted you should be able to spot how you can do the equivalent of this

“updated students set forename = ‘$_POST[‘forename’]’ where id= $_POST[‘id’]” **

** this is before you correctly filter and check the incoming data for security attacks