What is the right way to update mysql database using data coming from a dynamically generated list of textboxes?

Question

I have a set of dynamically generated textboxes that holds the number of a certain product the user wants (quantity). I am trying to incorporate functionality that allows the user to change the number in the textbox to reflect the right number using php/mysql. I have the code below that pulls the current quantity the user enters from the previous page, but I'm not sure how to incorporate the changes in quantity from the current page. I'm assuming I will have to use UPDATE but I don't know how to include it only for a certain product (or row).

@$link = $_GET['link'];
$price = $_GET['price'];
$title = $_GET['title'];
$retailer = $_GET['retailer'];
$options = $_GET['options'];
$quantity = $_GET['quantity'];
$session = session_id();
$_SESSION['sess_var'] = $session;

mysql_query("INSERT INTO sessionid (sessionid, link, retailer, price, title, qt, options) VALUES('$session' , '$link', '$retailer', '$price', '$title', '$quantity', '$options') ");

                $query = "SELECT * FROM `sessionid` WHERE `sessionid` = '$session'  ";
                $result = mysql_query($query) or die(mysql_error());

                    echo '<table class="table"><tbody><form action = "viewcart.php" method = "get">';

                    $subtotal = 0;
                    $i=1;
                    while($row = mysql_fetch_assoc($result)) {
                            echo '<tr><td></td><td><h3>' . $row['title'] . '</h3></td><td>' . $row['options'] . '</td><td><div class="span3 offset1"><input type="text" name="box[' . $i . '] "value="' . $row['qt'] . '" class="span1"> <input type="submit" class="btn" value = "Refresh">   <h4> $' . $row['price'] . '</h4></td></tr>';
                            $i++;
                            $prodtotal= $row['qt'] * $row['price'];
                            $subtotal= round($subtotal+ $prodtotal, 2);
                            $_SESSION['subtotal']=$subtotal;
                            }

    echo '</form></tbody></table>';

Answer 1

There are many ways to handle your situation. Here are 3 approaches for you to consider:

1. If you want to keep the DB session updated with every update on page and you want to do the update through form submission and page refresh then you will need to recognize which form is filling the super global that you are using: The one on the previous page or the one on the current page. I have done this in the past by adding a hidden form field (such as <input type="hidden" name="form_alias" value="update_form" /> . You could also consider inserting on the previous page and redirecting on successful insert.

2. If you want to keep the DB session updated but want to avoid the need for refreshing the page just for a quantity update then you can submit the update through AJAX. (See MahanGM's note.)

3. If you do not need to update the DB session with every tiny quantity update and you like the idea of putting less stress on the db and server and do not mind doing more client-side (JavaScript) calculations, then you can just update the client-side content dynamically through JavaScript and only update the db upon form submission.

PS - Beware of SQL injection. Your current code is quite vulnerable to it. You are doing nothing to the user-passed data and it can be easily manipulated through the URL since you are using GET instead of POST. If you are not too far along I recommend switching to PDO and using prepare . Otherwise consider using mysql_real_escape_string .