How to edit table values in MySQL and PHP?

Question

I have that people can add team names to my MySQL table. Now I want them to edit it. I have tried several tutorials but i can't figure it out. I like to know what i am doing wrong.

This is my admin.php:

<?php
    $username = "root";
    $password = "";
    $hostname = "localhost";

    $dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");

    $selected = mysql_select_db("login", $dbhandle);



        if(isset($_POST['team'])){
            $team = $_POST['team'];
            $ID = $_POST['id'];         

            $query = mysql_query("SELECT * FROM e2teams WHERE Team='$team' and ID='$ID'");
            if(mysql_num_rows($query) > 0 ) { //check if there is already an entry for that username
                echo "$team bestaat al!";
            }
            else{
                mysql_query("INSERT INTO e2teams (Team) VALUES ('$team')");
                header("location:e2admin.php");
            }
    }

    mysql_close();
?>

<html>
    <body>
        <h1>Add teams</h1>
            <form action="e2admin.php" method="POST">
                <input type="text" name="team" placeholder="Team naam" /><br>
                <input type="submit" value="Toevoegen" />
            </form>

            <?php
                $table = "e2teams";
                $sql = "SELECT * FROM e2teams";
                $result = mysql_query($sql, $dbhandle);
                if(mysql_num_rows($result) > 0){
                    while($row = mysql_fetch_array($result)) {
                        echo $row['Team']. "<a href='edit.php?edit=$row[1]'>Bewerk</a><br>";
                    }
                }
            ?>
    </body>
</html>

The add teams works. but the edit button doesn't work yet. If I click on edit I go to the edit.php page; here I want to add the new name and need the Team to change in the MySQL row.

This is my edit.php:

<?php
    $username = "root";
    $password = "";
    $hostname = "localhost";

    $dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");

    $selected = mysql_select_db("login", $dbhandle);

    if( isset($_GET['edit'])) {
        $id = $_GET['edit'];
        $res = mysql_query("SELECT * FROM e2teams");
        $row= mysql_fetch_array($res);
    }

    if (isset ($_POST['nieuwenaam'])) {
        $newname = $_POST['nieuwenaam'];
        $id = $_POST['id'];
        $sql = "UPDATE e2teams SET Team='$newname' WHERE id='$id'";
        $res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
        echo "<meta http-equiv='refresh' content='0;url=edit.php'>";
    }
?>      


<html>
<body>       


            <form action="edit.php" method="POST">
                <input type="text" name="nieuwenaam" placeholer="test" /><br>
                <input type="hidden" name="id" placeholder="idnaam" value"s" /><br>
                <input type="submit" value="Update" />
            </form>
</body>
</html>

I also like to know how to delete team names but this is maybe for a next question.

Answer 1

This should work:

<?php
$username = "root";
$password = "";
$hostname = "localhost";

$dbhandle = mysql_connect($hostname, $username, $password) or die("Could not connect to database");

$selected = mysql_select_db("login", $dbhandle);

$id = intval($_GET['edit']);
if($id > 0) {
    $res = mysql_query("SELECT * FROM e2teams WHERE `id` = $id");
    $row= mysql_fetch_array($res);

    $newname = mysql_real_escape_string($_POST['nieuwenaam']);
    if (!empty($newname)) {
        $sql = "UPDATE e2teams SET Team='$newname' WHERE id=$id";
        $res = mysql_query($sql) or die ("Fout bij updaten".mysql_error());
        echo "<meta http-equiv='refresh' content='0;url=edit.php?edit=$id'>";
    }

}
?>


<form action="edit.php?edit=<?= $id; ?>" method="POST">
<input type="text" name="nieuwenaam" placeholer="test" /><br>
<input type="submit" value="Update" />
</form>
</body>
</html>

Also, about the intval() and mysql_real_escape_string(). 另外，关于intval（）和mysql_real_escape_string（）。 Since you were using $_GET without any filter, I've added intval() function on it. Without filtering $id you could've been easily attacked by some sort of eg SQL Injection. Same with mysql_real_escape_string(). You might read about this filter function in php manual. For further study I recommend changing mysql_ functions to PDO or mysqli prepared statements. Happy coding!

Answer 2

Check your edit form. You have to put the value attribute like this value="s" no like value"". I think thats all.

Answer 3

I assume when they click on the edit link it's passing the id of the team so the edit.php select should be something like:

$id = (int)$_GET['edit'];
if (!empty($id))
{
    $sql = "SELECT * FROM e2teams WHERE id='$id'";
    $result = mysqli_query($sql);
    $row = mysql_fetch_assoc($res);
}
//... keep the rest of code as is

Now you need to change the HTML form to:

<form action="edit.php?edit=<?php echo $row['id'] ?>" method="POST">
   <input type="text" name="nieuwenaam" placeholer="test" value="<?php echo $row['Team'] ?>" /><br>
   <input type="hidden" name="id" placeholder="idnaam" value"<?php echo $row['id'] ?>" /><br>
   <input type="submit" value="Update" />
</form>