I am trying to update one of my tables in my database. To identify the row that I am going to update, I use as my base for the search an email that I enter in a form before requesting that I enter the rest of the data to update. The problem is that after performing the operation it throws an error and I have not been able to find my fault. On this site I use:
Page on which I request the data.
A PHP connection.
A PHP that processes the update.
The database.
Next I will illustrate the process and I will have a code snippet
Screen in which I request and enter the data.
form code
<label>Localidad</label>
<input type="text" name="labelLocalidad1" required/>
</div>
<div class="form-element">
<label>Direccion</label>
<input type="text" name="labelDireccion1" required/>
</div>
<div class="form-element">
<label>Codigo Postal</label>
<input type="text" name="labelPostal1" pattern="[a-zA-Z0-9] " required/>
</div>
<div class="form-element">
<label>Providencia</label>
<input type="text" name="labelProvidencia1" pattern="[a-zA-Z0-9] " required/>
</div>
<div class="form-element">
<label>Numero de telefono</label>
<input type="number" name="labeltelefono1" pattern="[a-zA-Z0-9] " required/>
</div>
<button type="submit" name="PAGO" value="PAGO">Registrar direccion</button>
</form>
Conection code
<?php
$host = "localhost";
$user = "root";
$clave = "";
$bd = "usuarios";
$conectar = mysqli_connect($host,$user,$clave,$bd);
?>
php
<?php
require 'conexion.php';
$idusuario= session_id();
$localidad = $_POST['labelLocalidad1'];
$direccion = $_POST['labelDireccion1'];
$postal = $_POST['labelPostal1'];
$providencia = $_POST['labelProvidencia1'];
$telefono = $_POST['labeltelefono1'];
$correoentrega = $_POST['labelcorreo1'];
$actualizar =("UPDATE datosentrega set localidad='$localidad',direccion='$direccion',postal=$postal,providencia='$providencia',telefono='$telefono' WHERE correoentrega='$correoentrega'");
$query = mysqli_query($conectar,$actualizar);
if($query){
echo "<script> alert('Datos registrados');
</script>";
}else{
echo "<script> alert('Error favor de revisar el codigo XD');
</script>";
}
CodePudding user response:
You have not supplied a field as defined in the PHP code
$correoentrega = $_POST['labelcorreo1'];
Make sure the field is available in the post form ie
<input type='text' name='labelcorreo1' value='[email protected]'>
CodePudding user response:
First, the variable named $correoentrega assigned to wrong value, there is no index named "labelcorreo1" in the $_POST array, that's mean that your code here is wrong:
$correoentrega = $_POST['labelcorreo1'];
You should correct it either by using correct index or by adding input tag to the form with the same name used as index.
Second, to make the code more secure and away from errors, use the prepare function which allows you sperat the sql statement from the data, also it will make your code easier to future improvements or changes, and the important thing is that the prepare function will protect your DB from SQL INJECTION.
To know how to use prepare function see: using bind_param with mysqli_query
There is a small example of using prepare:
$ = $mysqli->prepare("SELECT * FROM myTable WHERE name = ? AND age = ?");
$stmt->bind_param("si", $_POST['name'], $_POST['age']);
$stmt->execute();
$stmt->close();
this is how to use it, you but a question mark instead of butting the value directly, then by using the bind_param() function to add the values, but the values in the same order as the question marks in the sql statement, the first parameter is to determine the data type of values you will using. To know more about that see: https://www.php.net/manual/en/mysqli-stmt.bind-param.php
https://www.w3schools.com/php/php_mysql_prepared_statements.asp