I'm currently doing a Web Programming module at university and have been having trouble with some of the homework set. We are meant to insert code that updates our current mysql table with new information (gender, age, email, comment). This information needs to be inserted into the row of each persons session generated ID (currID). How do we code for the updated information to be inserted into a session-specific row?
<?php
session_start();
include('muqHeader.html');
include('commonSrc.php');
include('../shareCode/mysqlLink.php');
if ($_SERVER['REQUEST_METHOD'] == 'POST'):
// update the mf record
if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)){
}else{
echo "Not a valid email address";
}
if(filter_var($_POST['comment'], FILTER_SANITIZE_STRING)){
}else{
echo "Text includes invalid characters";
}
$gender = $_POST['gender'];
$age = $_POST['age'];
$email = $_POST['email'];
$comment = $_POST['comment'];
$currID = $_SESSION['currID'];
if ($_POST['submit']){
$sql = "UPDATE muq
SET (gender='$gender', age = '$age', email = '$email', comment = '$comment')
WHERE (muqID = '$currID')";
}
if (@mysqli_query($link, $sql)) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . @mysqli_error($link);
}
else:
$useTime = implode(',', $_SESSION['useTime'] );
$usedM = implode( ',', $_SESSION['usedM'] );
$tmp = array();
for($i=0; $i < count($_SESSION['freqRate']); $i++) {
$tmp[$i] = implode( '', $_SESSION['freqRate'][$i] ); // empty string as 'glue'
}
$freqRate = implode( ',', $tmp );
$dateTime = $_SESSION['dateTime'];
$taskTime = (time() - $_SESSION['startTime']) / 60; //in minutes
$sql = "INSERT INTO muq
(dateTime, taskTime, useTime, usedM, freqRate)
VALUES ('$dateTime', '$taskTime', '$useTime', '$usedM', 'freqRate')";
$link = connectDB();
@mysqli_query( $link, $sql );
$_SESSION['currID'] = @mysqli_insert_id($link);
@mysqli_close($link);
?>
Well, before answearing your question, here is some coding rules you need to respect: 1- You don't have to use more lines than what you need. This means you don't have to do an an empty "if" using 4 lines if you can do it in 2 lines. Example: Instead of:
if (filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)){
}else{
echo "Not a valid email address";
}
You can do:
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL))
echo "Not a valid email address";
Second thing, to update a row in a database, you need an ID. This the key you are going to use to tell your db engine which row you are going to update because if not "he" will not know which row "he" should update (I'm considering the db engine as a person like me and you :D ) So, you need to inject that key (account ID or whatever) in your session so that you can use later when updating your database by telling you db engine that "he" needs to update that row identified by that key.