Update textarea issue

hi i am trying to create control panel using PHP which update database in SQL
while i use input it works fine…

<?php include 'connection.php';

if(isset($_POST['update']))
{
$UpdateQuery = "UPDATE Treatments SET Name='$_POST[Name]', Description='$_POST[Description]', 
Price='$_POST[Price]'
WHERE Name ='$_POST[hidden]'";
mysqli_query($con, $UpdateQuery);
}
$result= mysqli_query($con, "SELECT * FROM Treatments WHERE Type ='body-wrap'");



if(isset($_POST['delete']))
{
$DeleteQuery = "DELETE FROM Treatments WHERE Name ='$_POST[hidden]'";
mysqli_query($con, $DeleteQuery);
}
$result= mysqli_query($con, "SELECT * FROM Treatments WHERE Type ='body-wrap'");


echo "";
echo "<table>
<tr>
<td><h4>Name</h4></td>
<td></td>
<td><h4>Description</h4></td>
<td><h4>Price</h4></td>
</tr>";
while($row=mysqli_fetch_array($result, MYSQLI_ASSOC))
{
echo "<form action='panel-bodywrap.php' method='post'>";
echo "<tr>";
echo "<td>". "<input type=text name=Name value= '".$row['Name']."'/> </td>";
echo "<td>". "<input type=hidden name=hidden value= '". $row['Name']."'> </td>";
echo "<td>". " <input type=text name=Description value= '".$row['Description']."'> </td>";
echo "<td>". " <input type=text name=Price value= '".$row['Price']."'> </td>";
echo "<td>" . "<input type=submit name=update value= 'update'" . "</td>";
echo "<td>" . "<img src='images/delete.png' name=delete value= 'delete'" . "</td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysqli_close($con);
?>

but the input is too long so i tried to use textarea…and it stopped working…
i changed input for description to:
echo "<td>". " <textarea type=text name=Description value= >'".$row['Description']."'</textarea> </td>";

so the code is:

				<?php include 'connection.php';

if(isset($_POST['update']))
{
$UpdateQuery = "UPDATE Treatments SET Name='$_POST[Name]', Description='$_POST[Description]', 
Price='$_POST[Price]'
WHERE Name ='$_POST[hidden]'";
mysqli_query($con, $UpdateQuery);
}
$result= mysqli_query($con, "SELECT * FROM Treatments WHERE Type ='body-wrap'");



if(isset($_POST['delete']))
{
$DeleteQuery = "DELETE FROM Treatments WHERE Name ='$_POST[hidden]'";
mysqli_query($con, $DeleteQuery);
}
$result= mysqli_query($con, "SELECT * FROM Treatments WHERE Type ='body-wrap'");


echo "";
echo "<table>
<tr>
<td><h4>Name</h4></td>
<td></td>
<td><h4>Description</h4></td>
<td><h4>Price</h4></td>
</tr>";
while($row=mysqli_fetch_array($result, MYSQLI_ASSOC))
{
echo "<form action='panel-bodywrap.php' method='post'>";
echo "<tr>";
echo "<td>". "<input type=text name=Name value= '".$row['Name']."'/> </td>";
echo "<td>". "<input type=hidden name=hidden value= '". $row['Name']."'> </td>";
echo "<td>". " <textarea type=text name=Description value= >'".$row['Description']."'</textarea> </td>";
echo "<td>". " <input type=text name=Price value= '".$row['Price']."'> </td>";
echo "<td>" . "<input type=submit name=update value= 'update'" . "</td>";
echo "<td>" . "<img src='images/delete.png' name=delete value= 'delete'" . "</td>";
echo "</tr>";
echo "</form>";
}
echo "</table>";
mysqli_close($con);
?>

BUT NOT WORKING WITH TEXTAREA

Maybe because there is no such thing as a textarea type attribute?

You also need quotes around your attribute values. For example, <textarea name="description"></textarea>.

removed and still none of the fields update

nope :frowning:

You really shouldn’t be using the POST variables like that without validating and/or sanitising them. They could contain anything.

would using POST cause the issue…?

it is for internal use and college project…

No, I don’t see that causing your problem - I probably should have marked my post off-topic. However, even for internal use, we all make typing mistakes so validation would help to spot them, and if it’s for a college project, I would hope the tutor would expect you to validate your inputs.

There are spurious single-quotes in this line of code

echo "<td>". " <textarea type=text name=Description value= >'".$row['Description']."'</textarea> </td>";

Quite aside from quoting parameters being a good habit, there’s no “value” parameter for a textarea, you just put the value between the open and close tags. But you have single-quotes after the end of the opening tag, as well. This is what html I suspect it will output, given a description of “this is a test”:

<td><textarea type=text name=Description value= >'this is a test'</textarea> </td>

So, lose the single-quotes, drop the “type=” and “value=” sections and stick quotes around the name value, does that help?

Now you’ve extended the input field to a textarea, is the column in your database table sufficiently large to hold the contents?

If none of the above helps, can you be a bit more specific when you say “BUT NOT WORKING WITH TEXTAREA”? Does it not store the text you enter, not draw the textarea correctly, how far through the code does it get? Does it retrieve the form value?

1 Like

THANKS ill try this all

NOT WORKING means that ANY of the columns updates after i make changes and hit UPDATE button
however when use input for description column , it UPDATES CHANGES

Another thing to check is that the text you enter in the textarea is properly sanitised before you use it. As you’re not using a prepared statement and just putting the $_POST variable directly into the query string, if it’s got one or more single quote characters, that will mean your query now has a syntax error. So as @Gandalf said above, you need to make sure that can’t happen with any of the fields before you process the query.

You’ve also got this line twice:

$result= mysqli_query($con, "SELECT * FROM Treatments WHERE Type ='body-wrap'");

after each if() clause to check for update or delete routines. I guess the idea was to re-run the query after you’ve processed update or delete options, but there’s no need to do it twice. It’s outside the if() check, so both will run regardless of which option was selected.

i have found what cause the issue …it is super weird (well, for me php-beginner’) maybe not for pro…

so what happens is, the columns of NAME, DESCRIPTION and PRICE display
and DESCRIPTION 's area goes with single quote (pic attached)

and now when i try to make changes it doesnt work FOR ANY COLUMN, but when i DELETE SINGLE QUOTES and make changes IT WORKS

ANY IDEAS?

ok ill do the validation… thank you

1 Like

I’m surprised no has mention putting a table inside a form element. I think if you get rid of the table you could see the problem(s) easier. You can stylize a form tag just easily to fit the design you want.

While not the style you want doing it the following should make it easier to stylize.

            <form id="register" action="register.php" method="post" autocomplete="off">
                <fieldset>
                    <legend>Registration Form</legend>
                    <input type="hidden" name="action" value="enter">
                    <label for="name">name</label>
                    <input id="name" type="text" name="name" value="" autofocus tabindex="1">
                    <label for="password">password</label>
                    <input id="password" type="password" name="password" tabindex="2">
                    <label for="email">email address</label>
                    <input id="email" type="text" name="email" value="" tabindex="3">
                    <label for="verify_email">Verify Email</label>
                    <input id="verify_email" type="text" name="verify" value="" tabindex="4">
                    <input id="regBtn" type="submit" name="submit" value="enter" tabindex="5">
                </fieldset>
            </form>

the css for it:

@import url("https://fonts.googleapis.com/css?family=Merriweather|Raleway");

/*******************************************
TYPOGRAPHY CSS STYLING
********************************************/
h1, h2, h3, th {
    font-family: 'Merriweather', serif; 
}

p, td, label {
    font-family: 'Raleway', sans-serif; 
}

form#register {
    display: block;
    width: 100%;
    max-width: 600px;
    height: auto;
    background-color: #fff;
    padding: 10px;
    margin: 20px auto;
}

form#register fieldset {
    border: 2px solid #000;
    padding: 20px;
}

form#register legend {
    font-family: "Merriweather", serif;
    font-size: 1.4rem;
    padding: 0 5px;
}

form#register label {
    float: left;
    display: block;
    width: 100%;
    max-width: 200px;
    height: 40px;
    font-size: 1.2rem;
    line-height: 40px;
    text-transform: capitalize;
}

form#register input {
    clear: right;
    display: block;
    width: 100%;
    max-width: 336px;
    height: 40px;
    outline: none;
    border: none;
    font-size: 1.2rem;
    color: #fff;
    background-color: #4484CE;
    padding: 0 5px;
    margin-bottom: 5px;
}

form#register input[type=submit] {
    cursor: pointer;
    float: right;
    max-width: 100px;
    text-transform: capitalize;
    margin: 10px 0;
}

form#register input[type=submit]:hover {
    background-color: #2E2E2E;
}

I also thinking mixing PHP and HTML is messier than having them separated, but that is a personal choice. However, having HTML on top of HTML makes for harder debugging in my opinion.

thanks
it worked all fine with input, but i need textarea to wrap large amount of text…
so this solution doesnt work for me

Yes. I told you back in post #9 that you’ve got single quotes inside the code you use to draw the textarea. Those single quotes become part of the text, and cause the problem you have. I must admit I didn’t see that it would cause the problem, though I did mention that single-quotes inside the text will do, in post #11.

1 Like

yes just figured it out…as delete quotes inside textarea…not between
thanks a lot

This topic was automatically closed 91 days after the last reply. New replies are no longer allowed.