按ID提取MYSQL行，并在表单中进行编辑和更新？

Question

I have a MYSQL table with edit link and delete button on each row. The edit link goes to edit_movie.php which has a form. My problem is that the form is not showing any data to be updated/edited. How do I fetch the id from the row clicked on or what function to write to pick it up. The form is just blank, no fields are filled out.

Could someone help out I´d be very happy! Been sitting with this problem for 3 days now and just can´t get it to work. I'm a PHP beginner...

I know I'm using mysql functions which are outdated and I need to lookover SQL injection which I will once I get this working.

Table info:

Table 1 name: Movies
Fields: id (primary key, AI), title, release_year, genre_id, director

Table 2 name: Categories
Fields: genre_id (primary key, AI), genre

They have a foreign relation between genre_id.

Here is the code in index.php file

    <?php

require('movie.inc.php');

if ( isset($_GET['delete']) && isset($_GET['id']) ){
   if ( delete_movie_by_id($_GET['id']) ){ //it's 100% safe
       die('Movie has been removed. Refresh the page now'); // or the like
   } else {
      echo 'Sorry movie could not be deleted'; // could not - handle here
   }
}
    include 'add_movie.php';
?>
<!DOCTYPE html>
<html>
<head>

<title>My movie library</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="mall.css" />

</head>
<body>

<table>
 <tr>
  <th>Title</th>
  <th>Release year</th>
  <th>Genre</th><th>Director</th>
  <th>Update</th>
  <th>Delete</th>
 </tr>

  <?php  foreach (get_all_movies() as $index => $row) : ?>
   <tr>
     <td><?php echo $row['title'];?></td>
     <td><?php echo $row['release_year']; ?></td>
     <td><?php echo $row['genre'];?></td>
     <td><?php echo $row['director'];?></td>
     <td><a href='<?php printf('edit_movie.php?edit=%s', $row['id']);?>'>Edit</a></td>
     <td>
      <form action="index.php" method="GET">
              <input type="hidden" name="delete" value="yes" />
              <input type="hidden" name="id" value="<?php echo $row['id'];?>" /> 
              <input type="submit" value="Delete" />
      </form>
      </td>
    </tr>
    <?php endforeach; ?>
    </table>

</body>
</html>

Here is the edit_movie.php code:

 <?php

    require 'connect.inc.php';
    require_once('movie.inc.php');

    ?>

    <!DOCTYPE html>

    <html>

    <head>

    <title>My movie library</title>
    <meta charset="utf-8" />
    <link rel="stylesheet" href="mall.css" />

    </head>

    <body>

    <h1>Edit movie</h1>
    <div id="form_column">
    <form action="edit_movie.php" method="post">
    <input type="hidden" name="id" value="<?php if (isset($row["id"])) ?>" /> <br>
    Title:<br> <input type="text" name="title" value="<?php if (isset($row["title"])) { echo $row["title"];} ?>" /> <br>
    Release Year:<br> <input type="text" name="release_year" value="<?php if (isset($row["release_year"])) { echo $row["release_year"];} ?>" /> <br>
    Director:<br> <input type="text" name="director" value="<?php if (isset($row["director"])) { echo $row["director"];} ?>" /> <br><br>
    Select genre:
    <br>
    <br> <input type="radio" name="genre_id" value="1" checked />Action<br>
    <br> <input type="radio" name="genre_id" value="2" />Comedy<br>
    <br> <input type="radio" name="genre_id" value="3" />Drama<br>
    <br> <input type="radio" name="genre_id" value="4" />Horror<br>
    <br> <input type="radio" name="genre_id" value="5" />Romance<br>
    <br> <input type="radio" name="genre_id" value="6" />Thriller<br><br>
    <input type="submit" value="Update movie" />
    </form>
    </div>



    </body>

    </html>

And here is the movie.inc.php file

<?php

require_once('connect.inc.php');


function get_all_movies(){

   $query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id";

   $result = mysql_query($query);

   if ( ! $result ){ 
     return false;
   } else {
     $return = array();

     while ($row = mysql_fetch_assoc($result)){

        $return[] = array('director' => $row['director'], 'genre' => $row['genre'], 'release_year' => $row['release_year'], 'title' => $row['title'], 'id' => $row['id']); 
     }
       return $return;
   }
}


function delete_movie_by_id($id){
   return mysql_unbuffered_query(sprintf("DELETE FROM `movies` WHERE id='%s' LIMIT 1", mysql_real_escape_string($id)));
}

if ( isset($_POST['delete'], $_POST['id']) ){

   delete_movie_by_id($_POST['id']); 
}


?>

Answer 1

In edit_movie.php it doesn't look like you're actually getting the movie passed view the form. You need something like this in your movie.inc.php :

function get_movie_to_edit($id) {

     $query = "SELECT * FROM movies m INNER JOIN categories c ON m.genre_id = c.genre_id WHERE id = $id";

     $result = mysql_query($query);

     if ( ! $result ){ 
         return false;
     } else {

         while ($row = mysql_fetch_assoc($result)){

                $return = array('director' => $row['director'], 'genre' => $row['genre'], 'release_year' => $row['release_year'], 'title' => $row['title'], 'id' => $row['id']); 
         }
             return $return;
     }
}

And then in edit_movie.php you need to call this function. Something like...

if(isset($_GET['edit'])) {
    $movie = get_movie_to_edit($_GET['edit']);
}

Of course, as you mentioned, you need to clean up a lot of the code to prevent against injection and check for a scenario where, say, you get to edit_movie.php and the ID ro edit doesn't exist, but this is the basic gist.

You would also then edit the values in the form in edit_movie.php to reflect the new array like:

<form action="edit_movie.php" method="post">
<input type="hidden" name="id" value="<?php echo $movie['id']; ?>" /> <br>
Title:<br> <input type="text" name="title" value="<?php echo $movie['title']; ?>" /> <br>
.... the rest of your form inputs
</form>

Updated For the genre radio buttons...

<input type="radio" name="genre_id" value="1"<?php if($movie['genre'] == 1) { echo ' checked'; } ?> />Action<br>
<input type="radio" name="genre_id" value="2"<?php if($movie['genre'] == 2) { echo ' checked'; } ?> />Comedy<br>
.... and so on