Editing Data - Part 2
In this article we’re going to take a look at submitting information which has been edited using a HTML and PHP based form. Before you can continue with this guide you should have already covered Part 1 of this guide.
Prerequisites
Before we get started you will need the following in place
-
A working web server
-
Access to a MySQL database
-
Tables in your database which contain data
-
You should have completed Part 1 of Editing Data Dynamically
-
You should have existing knowledge of the $_GET parameter
Starting point
In order to get started with this task we need to pick back up where we left off from the Editing Data Dynamically - Part 1 guide. In this guide we use a $_GET parameter to dynamically query the database and SELECT information from a MySQL database. The code sample for this is below.
<?php
$servername = "hostdomain.co.uk";
$username = "database_username";
$password = "database_password";
$database = "database_name";
// attemp to connect to the server
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// select a product_id
$product_id = $_GET['product'];
$record = $conn->prepare("SELECT * FROM product WHERE product_id = $product_id");
$record->execute();
$single_product = $record->fetch();
?>
<form>
<input type="hidden" value="<?php echo $single_product['product_id']; ?>" />
<label for="product_name">Product Name</label>
<input type="text" name="product_name" value="<?php echo $single_product['product_name']; ?>" />
<label for="price">Product Price</label>
<input type="text" name="price" value="<?php echo $single_prodct['price']; ?>" />
</form>
Saving the data
At the moment our PHP script is working well in selecting data from the database dynamically based on the URL parameter which we called product. You can see this being collected and used in the script using the $_GET super global variable, which is built into PHP. That code looks like this, and can be seen in the full code snippet above also.
$_GET['product'];
The next step for us is to save this data back on top of the exiting record and for this we will use a MySQL which looks like this
UPDATE product SET product_name = $_POST['product_name'], price = $_POST['price'] WHERE product_id = $_POST['product_id'];
Once again we’re handing in dynamic parameters, however this time we have switched back to the $_POST super global variable. Remember this becomes available when we click the submit button to save the changes, but we also need to run this query. Let’s have a look at the code involved.
Check for $_GET OR $_POST
We need to first of all check for which type of request we’re receiving on the webpage, are we receiving a request which contains a $_GET parameter or a request which contains a $_POST parameter, or both. We will start with our PHP code, which currently looks like this.
$servername = "hostdomain.co.uk";
$username = "database_username";
$password = "database_password";
$database = "database_name";
// attemp to connect to the server
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// select a product_id
$product_id = $_GET['product'];
$record = $conn->prepare("SELECT * FROM product WHERE product_id = $product_id");
$record->execute();
$single_product = $record->fetch();
From this we need to add a conditional statement or an if statement in this case to check for the type of request.
$servername = "hostdomain.co.uk";
$username = "database_username";
$password = "database_password";
$database = "database_name";
// attemp to connect to the server
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// check if we recieve a product_id via the URL
if(isset($_GET['product'])) {
// select a product_id
$product_id = $_GET['product'];
$record = $conn->prepare("SELECT * FROM product WHERE product_id = $product_id");
$record->execute();
$single_product = $record->fetch();
}
We then need to check if we’re receiving any input from our form, remember this will only occur if a user clicks the submit button - however that’s important as without checking for a $_POST request first of all we might run into issues such as PHP errors which would stop our application from loading.
You can add this code to the bottom of your PHP section.
if($_SERVER['REQUEST_METHOD'] == "POST") {
// if we click submit run this code
}
If we do have data being submitted via a POST request then we can process this - in the exact same way as we create new products. Let’s have a look at the code involved here.
if($_SERVER['REQUEST_METHOD'] == "POST") {
// collect the data from the request
$product_id = $_POST['product_id'];
$product_name = $_POST['product_name'];
$product_price = $_POST['price'];
// generate and prepare the query
$record = $conn->prepare("UPDATE product SET product_name = '$product_name', price = '$product_price' WHERE product_id = '$product_id';");
// execute the query
$record->execute();
}
The changes will now be saved in the database but we need this to be reflected on the screen, the normal way to achieve this would be to redirect back to the same location with the URL parameter automatically appended to the URL. You can do this using the PHP header function.
header("Location: https://marc.developerstack.co.uk/edit.php?product=$product_id");
This can be placed directly below your execution line. Notice how we’re appending the dynamic product_id, this allows us to redirect back to the same product to immediately show the changes.
We would normally use what’s known as a flash message to display a success message to the user at this point, we will cover than in another article.
Making the submission possible
There is one final thing we’re missing in our code and that is the parameters required to submit the form. We need to first of all add a button to the form, have a look at the code below, a button is fairly simple to implement and you should use the tags. Note: We will be making the next few changes in the HTML element of the script.
<form>
<input type="hidden" value="<?php echo $single_product['product_id']; ?>" />
<label for="product_name">Product Name</label>
<input type="text" name="product_name" value="<?php echo $single_product['product_name']; ?>" />
<label for="price">Product Price</label>
<input type="text" name="price" value="<?php echo $single_prodct['price']; ?>" />
<button>Save Changes</button>
</form>
Once we have the button in place we need to add the action and method elements to our form tag. These should look like the code sample below.
<form action="" method="POST">
<input type="hidden" value="<?php echo $single_product['product_id']; ?>" />
<label for="product_name">Product Name</label>
<input type="text" name="product_name" value="<?php echo $single_product['product_name']; ?>" />
<label for="price">Product Price</label>
<input type="text" name="price" value="<?php echo $single_prodct['price']; ?>" />
<button>Save Changes</button>
</form>
Full Code Snippet
Below is the full code snippet for this article so you can see the full structure. Remember you can use this for different things, and there are some fundamental flaws, particularly around security with using this method. We will look at making this more secure over the next few sessions.
<?php
$servername = "hostdomain.co.uk";
$username = "database_username";
$password = "database_password";
$database = "database_name";
// attemp to connect to the server
$conn = new PDO("mysql:host=$servername;dbname=$database", $username, $password);
// set the PDO error mode to exception
$conn->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
// check if we recieve a product_id via the URL
if(isset($_GET['product'])) {
// select a product_id
$product_id = $_GET['product'];
$record = $conn->prepare("SELECT * FROM product WHERE product_id = $product_id");
$record->execute();
$single_product = $record->fetch();
}
if($_SERVER['REQUEST_METHOD'] == "POST") {
// collect the data from the request
$product_id = $_POST['product_id'];
$product_name = $_POST['product_name'];
$product_price = $_POST['price'];
// generate and prepare the query
$record = $conn->prepare("UPDATE product SET product_name = '$product_name', price = '$product_price' WHERE product_id = '$product_id';");
// execute the query
$record->execute();
// redirect
header("Location: https://marc.developerstack.co.uk/edit.php?product=$product_id");
}
?>
<form action="" method="POST">
<input type="hidden" name="product_id" value="<?php echo $single_product['product_id']; ?>" />
<label for="product_name">Product Name</label>
<input type="text" name="product_name" value="<?php echo $single_product['product_name']; ?>" />
<label for="price">Product Price</label>
<input type="text" name="price" value="<?php echo $single_prodct['price']; ?>" />
<button>Save Changes</button>
</form>