1

I'm writing a script in which you can change the price of an article/item through a form, but it doesn't update my new prices. I think there might be a mistake in my $update, because I don't get any error messages when I change the affected rows (typo on purpose). But I just don't see it. What am I doing wrong? Thanks in advance.

<?php
$dbhost = "localhost";
$dbuser = "root";
$dbpass = "";
$dbname = "webauth";
$connection = mysqli_connect($dbhost, $dbuser, $dbpass, $dbname);

$artikelquery = "SELECT * FROM artikel;";
$artikel = mysqli_query($connection, $artikelquery);
?>

<form action="<?php $_SERVER['PHP_SELF']; ?>" method="post">
Kies een artikel:</br>
<select name="artikel">
<?php
while($artikelrow = mysqli_fetch_row($artikel)) {
    echo '<option value="'.$artikelrow[1].'">'."$artikelrow[1], $artikelrow[3] euro</option>";
}
?>
</select>

</br></br>

Vul de nieuwe prijs van het artikel in:</br>
<input type="number" name="prijs"></br></br>
<input type="submit" value="Verzend">
</form>

<?php
if($_SERVER['REQUEST_METHOD'] == "POST") {
    if($_POST['prijs'] == "") {
        echo 'bla';     
    }
    else {
        $nieuwprijs = $_POST['prijs'];
        $artikel = $_POST['artikel'];
        $update = "UPDATE artikels SET Verkoopprijs ='". $nieuwprijs ."' WHERE Artikelnr ='". $artikel ."';";
        mysqli_query($connection, $update);
        echo 'Artikel '. $artikel .' is aangepast naar '. $nieuwprijs .' euro.';
    }
}
?>
Improve this question
3
  • An error in your SQL query won't trigger a PHP error. You need to look for it explicitly. Check the return value of mysqli_query(). Commented Nov 3, 2014 at 1:20
  • Is $artikelrow[1] the article ID ? May be It's the name and the ID is $artikelrow[0] ?! Commented Nov 3, 2014 at 1:25
  • I think this is not a sql problem. Commented Nov 3, 2014 at 1:27

2 Answers 2

Reset to default
1

You are very vulenerable to SQL Injection. Anyway your problem is the table name:

$update = "UPDATE artikels SET Verkoopprijs ='". $nieuwprijs ."' WHERE Artikelnr ='". $artikel ."';";

Should be 

$update = "UPDATE artikel ..."

Without final s, as your SELECT query

$artikelquery = "SELECT * FROM artikel;";
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

I'd submit this as a comment if I had enough reputation. But here's my suggestion for tracking down SQL errors.

Add this after the UPDATE:

if (mysqli_connect_errno()) echo '<div>DB Error: '. mysqli_error($connection) .'</div>';

Also, I'd suggest doing some input validation or escaping so you're not susceptible to SQL injection.

Improve this answer

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.