I'm trying to modify the contents of a cell in a table with php and ajax. the problem that the content has been changed in the page but it is not registered in the database. this is the page index.php:
<?php
include 'connexion.php';
$sql = 'SELECT * FROM liste_user_tbl';
$result = mysql_query($sql) or die(__LINE__.mysql_error().$sql);
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html>
<head>
<title>Modification "inline" de données</title>
<script src="https://ajax.googleapis.com/ajax/libs/jquery/1.5.2/jquery.min.js"></script>
<script>
$(function(){
var message_status = $("#status");
$("td[contenteditable=true]").blur(function(){
var field_userid = $(this).attr("id") ;
var value = $(this).text() ;
$.post('test1.php' , field_userid + "=" + value, function(data){
if(data != '')
{
message_status.show();
message_status.text(data);
setTimeout(function(){message_status.hide()},3000);
}
});
});
</script>
</head>
<body>
<h1>Utilisateurs</h1>
<table id="table-utilisateurs">
<tr>
<th>Nom</th>
<th>Prénom</th>
</tr>
<?php
while($user = mysql_fetch_assoc($result))
{
?>
<tr>
<td id="<?php echo $user['id']; ?>" contenteditable="true">
<?php echo $user['nom']; ?>
</td>
<td id="<?php echo $user['id']; ?>" contenteditable="true">
<?php echo $user['prenom']; ?>
</td>
</tr>
<?php
}
?>
</table>
</body>
</html>
<?php
mysql_close();
?>
this is test1.php:
<?php
if(!empty($_POST))
{
include "connexion.php";
foreach($_POST as $field_name => $val)
{
//clean post values
$field_userid = strip_tags(trim($field_name));
$val = strip_tags(trim(mysql_real_escape_string($val)));
//from the fieldname:user_id we need to get user_id
$split_data = explode(':', $field_userid);
$user_id = $split_data[1];
$field_name = $split_data[0];
if(!empty($user_id) && !empty($field_name) && !empty($val))
{
//update the values
mysql_query("UPDATE liste_user_tbl SET $field_name = '$val' WHERE id = $user_id") or mysql_error();
echo "Updated";
} else {
echo "Invalid Requests";
}
}
} else {
echo "Invalid Requests";
}
?>
First of all, $field_name
is not defined in your code, that's why the query will produce an error if you enable debugging Second of all, your code is very vulnerable to SQL injections. Your are using user's posted data as it is, without any filtering, and this can lead to loosing your entire database data. Third of all, you are still using procedural php and "old schoool" database connection. Instead, you can use PDO and POO
use print_r($_POST);
to receive post data and display check if the post data has a problem
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.