Looking for a good tutorial on how to update a mysql database using a php form?
+2
A:
Updating data can be pretty simple. Let's start with a form, for starters:
<form method="post" action="submit.php">
<input type="text" name="id" value="12" />
<input type="text" name="value" value="Jonathan" />
<input type="submit" />
</form>
This form will send the data over to our submit.php script where we can handle it, and pass it into our database. Since our form method is "post," all of our values will be sent through the POST super array in PHP (this is not the case if you are using file uploaders). So within our submit.php page, we can print the ID and Value values like this:
print $_POST["id"]; // the name of the HTML element is the key
print $_POST["value"]; // again, note that we use the name as the key
You'll want to be careful about passing user-submitted values directly into your queries, so it's nice to clean up the data using a function like mysql_real_escape_string():
$id = mysql_real_escape_string( $_POST["id"] );
$value = mysql_real_escape_string( $_POST["value"] );
The next thing we'll want to do is place these in a query:
$sql = "UPDATE mytable SET value = '{$value}' WHERE id = {$id}";
This is a good time not state that I don't encourage you to use this example code in a live environment. You'll want to look up sql-injections, and how to avoid them. The code I'm providing here is merely an example. After our values are entered, the query that will be ran actually looks like this:
UPDATE mytable SET value = 'Jonathan' WHERE id = 12
Now, in order to run this, we need to be connected to a database.
$host = "localhost";
$user = "root";
$pass = "";
$database = "myDatabase";
$conn = mysql_connect($host, $user, $pass) or die( mysql_error() );
mysql_select_db($database) or die( mysql_error() );
All we're doing here is storing our mysql-user-account credentials in arrays, and passing them into a connect-function. This code should be pretty self-explanatory, but let me know if it's at all unclear.
Once you've got that, you're ready to run your query. Remember that we stored it in an array called $sql:
$result = mysql_query( $sql ) or die( mysql_error() );
That's it. You did it! The data, assuming nothing went wrong, is now updated in your database. There are numerous ways you can increase the information provided back to the user via this script. Also worth noting is that you'll want to sanitize your data before even allowing the script to run - if it's not acceptable data (somebody trying to inject their own queries) you'll want to spit it back.
Check out the MySQL Functions in the PHP Documentation for more goodies, and be sure to return here when you have more specific questions!
Jonathan Sampson
2010-03-18 02:23:02