This is probably simple but i just can't get the last little bit to work. I have a PHP/HTML form. Parts are filled in by querying the database and parts are filled in by the user. everything works except for the last $sql statement in the PHP write to database. Basically the second part of the form page retrieves a number of user stored envelopes then allows the user to input the amount to put into that envelope. I need to store that amount but there are many envelopes and i need to make sure the entered amount coresponds to the correct envelope. As you can see i am lost.
This is the main form:
<form action="newpaycheck.php" method="post">
<div id="col2top">
<?php
include 'includes/connection.php';
echo "<select name= 'bankaccount'>";
echo '<option value="">'.'--- Bank Account ---'.'</option>';
$query = mysqli_query($con,"SELECT bankaccount FROM bankaccounts");
$query_display = mysqli_query($con,"SELECT bankaccount FROM bankaccounts");
while($row=mysqli_fetch_array($query))
{
echo "<option value='". $row['bankaccount']."'>".$row['bankaccount']
.'</option>';
}
echo '</select>';
?><br><br>
Amount: <input type="text" name="paycheckamount"><br><br>
Name: <input type="text" name="paycheckname"><br><br>
Date: <input type="text" name="normaldate">
</div>
<div id="col2bottom">
<?php
$result = mysqli_query($con,"SELECT envelopename, envelopebudget FROM envelopes");
echo "<table border='1'>
<tr>
<th>Envelope</th>
<th>Budget</th>
<th>Amount</th>
</tr>";
while($row = mysqli_fetch_array($result)) {
echo "<tr>";
echo "<td>" . $row['envelopename'] . "</td>";
echo "<td>" . $row['envelopebudget'] . "</td>";
?><td><input type="text" name="budgetamount"></td><?php;
echo "</tr>";
}
echo "</table>";
?>
<input type="submit">
</div>
</form>
</div>
This is what writes it all to the database:
<?php
//MySQL Database Connect
include 'includes/connection.php';
// escape variables for security
$bankaccount = mysqli_real_escape_string($con, $_POST['bankaccount']);
$paycheckamount = mysqli_real_escape_string($con, $_POST['paycheckamount']);
$paycheckname = mysqli_real_escape_string($con, $_POST['paycheckname']);
$normaldate = mysqli_real_escape_string($con, $_POST['normaldate']);
$budgetamount = mysqli_real_escape_string($con, $_POST['budgetamount']);
$sql="INSERT INTO paychecks (bankaccount, paycheckamount, paycheckname, normaldate)
VALUES ('$bankaccount','$paycheckamount','$paycheckname','$normaldate')";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
$sql="ALTER TABLE envelopes ADD COLUMN $paycheckname varchar (50)";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
$sql="UPDATE envelopes SET '$paycheckname'='$budgetamount' WHERE envelopename ='$envelopename'";
if (!mysqli_query($con,$sql)) {
die('Error: ' . mysqli_error($con));
}
echo "1 record added";
mysqli_close($con);
Column names should not be quoted. Change
$sql="UPDATE envelopes SET '$paycheckname'='$budgetamount' WHERE envelopename ='$envelopename'";
to
$sql="UPDATE envelopes SET $paycheckname='$budgetamount' WHERE envelopename ='$envelopename'";
you may use backticks if you wish
$sql="UPDATE envelopes SET `$paycheckname`='$budgetamount' WHERE envelopename ='$envelopename'";