I wanted to ask for help in a mini project, the project consists of updating two records of a MySQL database, I have a record that is called nom and another one that is called code, I want to enter a page html or Php (I do not care, either) and change the registry, for example, if I have a registry with the name Juan and with the code 123456, I want to be able to rename the name and the code, in The table there are only 2 columns the nom and the code.
I hope I explained correctly and thank you very much for the help.
Code1:
<?php
$servername = "localhost";
$username = "***";
$password = "***";
$dbname = "***";
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT code, name FROM codes";
$result = $conn->query($sql);
if ($result->num_rows > 0) {
echo "<table><tr><th>ID</th><th>Name</th></tr>";
while($row = $result->fetch_assoc()) {
echo "<tr><td>".$row["code"]."</td>"
"<td>".$row["name"]." </td>"
"<td><a href='editar.php?id=".$row["code"].&.$row["name"]."'>Editar</a></td></tr>";
}
echo "</table>";
} else {
echo "0 results";
}
$conn->close();
?>
Code2:
$username = "***";
$password = "***";
$dbname = "****";
$nom = $_GET["nom"]
$_GET["code"]
$conn = new mysqli($servername, $username, $password, $dbname);
if ($conn->connect_error) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "UPDATE nom, code SET WHERE name=$nom";
if ($conn->query($sql) === TRUE) {
echo "Record updated successfully";
} else {
echo "Error updating record: " . $conn->error;
}
$conn->close();
?>
There is multiple issue in your code,
$name = $_GET["name"];
$code = $_GET["code"]; // forget to assign it
Also :
<td><a href='editar.php?id=".$row["code"].&.$row["name"]."'>Editar</a></td></tr>;
The "&" will not work, you need to do it like that I think :
<td><a href='editar.php?code=".$row["code"]."&name=".$row["name"]."'>Editar</a></td></tr>;
Add &name= before the $row["name"] and use code= before $row["code"] since you use $_GET["code"]; inside Php.
There is also a problem with the update
$sql = "UPDATE codes SET name = '".$name."', code = $code WHERE name= '".$nom."'";
Additionnal information, I did not use quotes around $code since $code looks like an integer, and so, you do not need to convert it as a string.
Btw, you should check that $name and $code are correct, cause if you use them like that, some SQL injection could be done. [Check @Twinfriends comments]
Always check input
Edit : As @Mubashar comments out, use for example : http://php.net/manual/en/function.filter-input.php
Thanks to @Masivuye for is review.