PDA

View Full Version : Looking to populate form with DB data and update DB with said form.



ljndit
04-30-2018, 04:48 PM
Hello all,
And thank you in advance for your assistance. I was reading an old post and found a wonderful example that I am trying to work from so that I can understand how the PHP script works to pull data from the DB and then fill out the form. Here is the post: http://www.dynamicdrive.com/forums/showthread.php?45895-How-to-populate-php-html-form-with-MySQL-data

I was hoping to speak to forum_amnesiac about his code. I have copied his example and am getting an error: Couldn't execute query. Unknown column 'ID' in 'where clause'

Looking over the code I am unable to figure out why the WHERE clause is referring to an 'ID'? It's been years since I've worked with PHP, but I appreciate any help anyone could provide. I also understand that the script in question is susceptible to SQL injection. I am just hoping to use this example to wrap my head around how to get the form and DB working together to update the data.

DyDr
04-30-2018, 05:29 PM
The error is telling you that there is no column named ID in your table.

When editing existing data, you are referring to an existing row in your table. You should do this by referencing an auto-increment primary index column, typically named id (column names are case-insensitive, so ID being used in the code should match any capitalization variation.) If your table doesn't have an auto-increment primary index, you need to add one. This will make any queries faster and allow you to store related data by referencing the id. If you have an auto-increment primary index by another name, the query needs to be modified to use that name.

You should not copy old code, but write you own, using current programming standards. The mysql extension has been removed from the latest php version, so that particular code won't even run on the latest php version, and the code is filled with unnecessary bits (programming pun intended), and it is insecure.

Some recommendations, which will actually simplify the code/query and help make it secure at the same time -

1) Use the php PDO extension.

2) Use real prepared queries (PDO has emulated prepared queries that should be turned off) when supplying data to the sql query statement. Prepared queries, using PDO, only add one statement to the code and simplify the sql query syntax.

3) Use exceptions to handle database statement (connection, query, prepare, and execute) errors and let php catch the exceptions, where it will use its error_reporting, display_errors, and log errors settings to control what happens with the actual error information. Doing this only requires one setting to be made and will eliminate all the error handling logic in the code.

4) Don't needlessly copy variables to other variables. Only use a new variable for something if you change the value/meaning from what is in the original variable. If you are operating on a set of data, use php array functions to operate on all the original data at the same time, rather than to write out a line of code for each value.

ljndit
04-30-2018, 06:15 PM
Thank you for the information DyDr.
I have noticed that the mysql extension has been replaced with mysqli. I have been trying to wrap my head around why that has yet to be updated in so many forums. I guess my Googlefu is rusty. I have been unable to locate any tutorials that use the correct mysqli extension. I have read about the PDO and prepared statements. Could you refer me to any resources I could go to that would introduce me to these topics? Thank you again for all your assistance.

DyDr
04-30-2018, 07:01 PM
Forget about the mysqli extension. It is overly complicated and inconsistent, to the point that whoever designed it apparently has never used php to execute queries in a real application.

See the following comprehensive PDO tutorial - https://phpdelusions.net/pdo