0

I want to create form where I have text which I can edit and save to database for later use it in other file. I wrote following code, text is showing great from database , but updating text by submit button don't work.

It is strange but after submit, echo "Successfully saved!" normally displays, but not updating.

$connection = new mysqli("localhost", "db", "password", "db");
$query = "SELECT text FROM mailtext";
$result = mysqli_query($connection, $query);

while($row = mysqli_fetch_assoc($result))
{
    $text = iconv('iso-8859-2', 'utf-8', $row['text']);
    echo'
<center>
    <form id="mailtext" method="post">
        <textarea name="text" style="width: 500px; height: 300px;">'.$text.'</textarea>
        <input type="submit" name="submit" value="Save">
    </form>
</center>
';
    if(isset($_POST['submit'])) {
        $query2 = "UPDATE mailtext SET text='.$text.' WHERE id=1";
        mysqli_query($connection, $query2);
        echo 'Successfully saved!';
    }
}

If you have any question or something like this, please ask :) Yes, I tried to searching answers in other questions, but nothing helped.

Improve this question
5
  • Why all rows from mailtext is selected and only updated one ? Commented Feb 4, 2019 at 10:42
  • Have you checked for errors occuring during the update? Have you thought about using code that is not widely open to SQL injection? Commented Feb 4, 2019 at 10:46
  • @SmitMehta I updated only one rows, because I have only one rows in mailtext. Commented Feb 4, 2019 at 10:55
  • @NicoHaase what do you mean about code not widely open to SQL injection? I am not perfect in this. Commented Feb 4, 2019 at 10:57
  • You should google that term quickly if you don't know it yet: just image what would happen if $text contained a single quote Commented Feb 4, 2019 at 10:58

1 Answer 1

Reset to default
3

When you are submitting your form, the page is reloaded with the content of $_POST and is re-executed from top to bottom.

//            Form is submitted
// You are getting the content of the table
//                  |
//                  |
//                  V
$connection = new mysqli("localhost", "db", "password", "db");
$query = "SELECT text FROM mailtext";
$result = mysqli_query($connection, $query);
//      You are displaying the form
//                  |
//                  |
//                  V
while($row = mysqli_fetch_assoc($result))
{
    $text = iconv('iso-8859-2', 'utf-8', $row['text']);
    echo'
<center>
    <form id="mailtext" method="post">
        <textarea name="text" style="width: 500px; height: 300px;">'.$text.'</textarea>
        <input type="submit" name="submit" value="Save">
    </form>
</center>
';
// You are treating the previously submitted form
//                  |
//                  |
//                  V
    if(isset($_POST['submit'])) {
        $query2 = "UPDATE mailtext SET text='.$text.' WHERE id=1";
        mysqli_query($connection, $query2);
        echo 'Successfully saved!';
    }
}

You have to treat the form before querying the database to get the informations, otherwise, the datas won't be inserter/updated.

Note that your query is vulnerable to SQL injections. I suggest you to use parameterized queries

$connection = new mysqli("localhost", "db", "password", "db");
if(isset($_POST['submit'])) {
    $text = $_POST['text'];
    $query2 = "UPDATE mailtext SET text=? WHERE id=1";
    //                                  ^------------------- Set a parameter for the query
    $stmt = mysqli_prepare($connection, $query2);
    //      ^------------^---------------------------------- Prepare the query for parameters
    mysqli_stmt_bind_param($stmt, "s", $text);
//  ^--------------------^---------------------------------- bind the parameters
    mysqli_stmt_execute($stmt);
//  ^-----------------^------------------------------------- execute the safe query
    echo 'Successfully saved!';
}

$query = "SELECT text FROM mailtext";
$result = mysqli_query($connection, $query);

while($row = mysqli_fetch_assoc($result))
{
    $text = iconv('iso-8859-2', 'utf-8', $row['text']);
    echo'
<center>
    <form id="mailtext" method="post">
        <textarea name="text" style="width: 500px; height: 300px;">'.$text.'</textarea>
        <input type="submit" name="submit" value="Save">
    </form>
</center>
';
}
Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

this script is okay but it will created multiple forms equal to number of rows in the mailtext table. Isn't that incorrect ?
Now its okay. Great!
@SmitMehta still not, I fixed some comments
Oh well, in fact it will submit only 1 form, even if there is many of them
Yes, true. But that will updated that row whose id equals to 1 everytime regardless whichever of the form is submitted.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.