I have a table containing multiple rows. Behind every row is a button you can click to update a column (baatinn) in the database from 0 to 1. However when you click the button it will update all the rows from 0 to 1 instead of the row you are clicking the button on. How do i make it so it will only update the row you are clicking on
Picture of database:
HTML:
<tr>
<th>Båt ut</th>
<th>Båt inn</th>
<th>Båtnr</th>
<th>Fornavn</th>
<th>Etternavn</th>
<th>Tid</th>
<th>Kr</th>
<th>Edit</th>
</tr>
PHP:
$sql = "SELECT utleid, inntid, baatnr, fornavn, etternavn, tid, kr, baatinn FROM utleie WHERE baatnr LIKE '%$sok%' or fornavn LIKE '%$sok%' or etternavn LIKE '%$sok%' or tid LIKE '%$sok%' ORDER BY id desc";
$result = $conn-> query($sql);
if ($result-> num_rows > 0) {
while ($row = $result-> fetch_assoc()) {
?>
<tr>
<td><?php echo $row["utleid"]; ?></td>
<td><?php echo $row["inntid"]; ?></td>
<td><?php echo $row["baatnr"]; ?></td>
<td><?php echo $row["fornavn"]; ?></td>
<td><?php echo $row["etternavn"]; ?></td>
<td><?php echo $row["tid"]; ?></td>
<td><?php echo $row["kr"]; ?></td>
<td><form method="post" action="innlevering.php">
<button name="edit" value="1">Edit</button>
</form></td>
</tr>
<?php
}
echo "</table>";
} else {
echo "0 results";
}
$conn-> close();
innlevering.php:
<?php
include_once 'dbconnect.php';
if ($_POST['edit']) {
$conn->query("UPDATE utleie SET baatinn=1");
}
?>
To help your injection problem, parameterize. It would be something like this (I use PDO, so you will want to double check):
/functions/getUtleie.php
function getUtleie($so, $conn)
{
$query = $conn->prepare("SELECT utleid, inntid, baatnr, fornavn, etternavn, tid, kr, baatinn FROM utleie WHERE baatnr LIKE ? or fornavn LIKE ? or etternavn LIKE ? or tid LIKE ? ORDER BY id desc");
$so = "%{$so}%";
$query->bind_param('ssss',$so, $so, $so, $so);
$result = $query->execute();
if($result->num_rows == 0)
return [];
while($row = $result->fetch_assoc()) {
$data[] = $row;
}
return $data;
}
Now, when you go to use it, include the function, then the key on the form is to make the id in a hidden field:
# Fetch the data
$result = getUtleie($so, $conn);
# If there are any results
if(!empty($result)): ?>
<table>
<?php foreach($result as $row): ?>
<tr>
<td><?php echo $row["utleid"] ?></td>
<td><?php echo $row["inntid"] ?></td>
<td><?php echo $row["baatnr"] ?></td>
<td><?php echo $row["fornavn"] ?></td>
<td><?php echo $row["etternavn"] ?></td>
<td><?php echo $row["tid"]; ?></td>
<td><?php echo $row["kr"]; ?></td>
<td>
<form method="post" action="innlevering.php">
<input type="hidden" name="action" value="update_utleie" />
<input type="hidden" name="utleid" value="<?php echo $row["utleid"] ?>" />
<input type="text" name="val" />
<input type="submit" value="Edit" />
</form>
</td>
</tr>
<?php endforeach ?>
</table>
<?php else: ?>
0 results
<?php endif ?>
After you submit the form, you will want to update using a WHERE
clause:
<?php
include_once 'dbconnect.php';
# Check to make sure the form was submitted
if(!empty($_POST['action'] && $_POST['action'] == 'update_utleie') {
# Trim these. You should also check they aren't empty (especially the id)
$id = trim($_POST['utleid']);
$value = trim($_POST['val']);
$query = $conn->prepare("UPDATE `utleie` SET `baatinn` = ? WHERE `utleid` = ?");
$query->bind_param('si', $value, $id);
$query->execute();
}
Anyway, I haven't checked these scripts but it should be pretty close. Should at least point you in the right direction.
Collected from the Internet
Please contact [email protected] to delete if infringement.
Comments