I am trying to create a very simple Control Panel for a web programming project, the "Show" function in my control panel works very well and shows all the elements by my Delete, Add and Update functions do not work at all.
Here's what I want to do with each function: Add function -> I want to add an element to my database from the input elements Delete function -> I want to delete the element that its ID is input by the user in the Control Panel Update -> Using this function I want to change the Product Title of the selected Product.
These 3 functions don't work, when I input data in the webpage I see that nothing is added/altered to/in the tables.
Here's the code:
add.html
<title>Add</title>
</head>
<body>
<form action="add.php" method="post">
<font size="+2" color="#CC0033">ID</font><input type="text" name="ID" />
<font size="+2" color="#CC0033">Product Title</font><input type="text" name="ProductTitle" />
<font size="+2" color="#CC0033">Price</font><input type="text" name="Price" />
<font size="+2" color="#CC0033">Quantity</font><input type="text" name="Quantity" />
<input type="submit" value="Insert" />
</form>
</body>
</html>
add.php
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Done</title>
</head>
<body>
<?
$ID=$HTTP_POST_VARS["ID"];
$ProductTitle=$HTTP_POST_VARS["ProductTitle"];
$Price=$HTTP_POST_VARS["Price"];
$Quantity=$HTTP_POST_VARS["Quantity"];
$db=mysql_connect("localhost","root","");
if($db==false)
{
print "Error";
exit;
}
mysql_select_db("Computer");
$query=("insert into Products values('".$ID." ',' ".$ProductTitle."',' ".$Price."',' ".$Quantity."')");
mysql_query($query);
?>
</body>
</html>
delete.html
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
Enter the ID of the product that you wish to delete:
<form action="delete.php" method="post">
<input type="text" name="UserInput">
<br>
<input type="submit" value="Delete">
</form>
</body>
</html>
delete.php
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?
$UserInput=$HTTP_POST_VARS["UserInput"];
$db=mysql_pconnect("localhost","root","");
if(!db)
{
print "Error";
exit;
}
mysql_select_db("Computer");
$query=("delete from Products where ID=".'$UserInput');
mysql_query($query);
?>
</body>
</html>
update.html
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<form action="update.php" method="post">
Product ID<input type="text" name="ProductID">
Product Name<input type="text" name="ProductTitle">
New Product Name<input type="text" name="NewProductTitle">
<br>
<input type="submit" value="Update">
</form>
</body>
</html>
update.php
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
</head>
<body>
<?
$ProductID=$HTTP_POST_VARS["ProductID"];
$ProductTitle=$HTTP_POST_VARS["ProductTitle"];
$NewProductTitle=$HTTP_POST_VARS["NewProductTitle"];
$db=mysql_pconnect("localhost","root","");
if(!$db)
{
echo "Error";
exit;
}
mysql_select_db("Computer");
$query=("update Products set ProductTitle='".$NewProductTitle. "' where ID=$ProductID");
mysql_query($query);
?>
</body>
</html>
firstly, good on you for trying to come up with a solution, however, as other commenters have said, you do have issues in your script. Firstly, I'd consider replacing $HTTP_POST_VARS["ID"]; with the $_POST global variable, and also running an if(isset()) to ensure all fields were set when the user submitted the form.
Secondly, you should consider using MySQLi or PDO for handling your database connection, as they can also provide validation and filtration to prevent injection attacks as Marc B mentioned. It's a good attempt if you are an absolute beginner and I feel if you stick at it you can progress further, and this community is great for getting answers and understanding where you have gone wrong. Hopefully this helps and good luck! :)