Simple log editing with PHP + MySQL

Question

Simple log editing with PHP + MySQL

Navigation

#1 by (1 votes)
#2 by (0 votes)

4

Basically the three scripts should edit a record in the Database:

records.php:

<?php

// Aqui você se conecta ao banco
$mysqli = new mysqli('127.0.0.1', 'root', '', 'login');

// Executa uma consulta 
$sql = "SELECT 'user_id', 'user_name' , 'user_email' , 'user_data' FROM 'users'";
$query = $mysqli->query($sql);
while ($dados = $query->fetch_assoc()) {
	$id        = $dados["user_id"];
	$nome      = $dados["user_name"];
	$email = $dados["user_email"];
	$data = $dados["user_data"];
	
	echo "<a href=\"editar.php?id=$id\">Editar </a>";
	
	
}


?>

edit.php:

  <?php

// Aqui você se conecta ao banco
$mysqli = new mysqli('127.0.0.1', 'root', '', 'login');

// Executa uma consulta 
$sql = "SELECT 'user_id', 'user_name' , 'user_email' , 'user_data' FROM 'admin_users'";
$query = $mysqli->query($sql);
while ($dados = $query->fetch_assoc()) {
	$id        = $dados["user_id"];
	$nome      = $dados["user_name"];
	$email = $dados["user_email"];
	$data = $dados["user_data"];
	
	echo "
	<form id=\"form1\" name=\"form1\" method=\"post\" action=\"salvar_edicao.php\">
	<input name=\"id\" type=\"text\" readonly=\"readonly\" id=\"id\" value=\"$id\" size=\"35\"/><br>
	<input name=\"nome\" type=\"text\" id=\"id\" value=\"$nome\" size=\"35\"/><br>
	<input name=\"email\" type=\"text\" id=\"id\" value=\"$email\" size=\"35\"/><br>
	<input name=\"data\" type=\"text\" readonly=\"readonly\" id=\"id\" value=\"$data\" size=\"35\"/><br>
	<input type=\"submit\" onclick=\"return confirm('Deseja mesmo editar esse registro?');\" name=\"Submit\" value=\"SALVAR ALTERAÇÕES\" class=\"btnNew\"/>
	</form>
	";
	
	
}


?>    
 
</div></div>

save_edicao.php:

<?php
$id      = $_POST["id"];
$nome = $_POST["nome"];
$email     = $_POST["email"];
$data      = $_POST["data"]; 

// Aqui você se conecta ao banco
$mysqli = new mysqli('127.0.0.1', 'root', '', 'login');

mysql_query("UPDATE users SET user_name = '$nome', user_email = '$email' WHERE users.id = $id");
mysql_close();
header("Location: index.php#tabs-4");
?>

Does not change. What's wrong?

php mysql sql mysqli

asked by anonymous 26.02.2015 / 20:40

2 answers

0

Fixed complete code:

records.php:

<?php

// Aqui você se conecta ao banco
$mysqli = new mysqli('127.0.0.1', 'root', '', 'login');

// Executa uma consulta 
$sql = "SELECT 'user_id', 'user_name' , 'user_email' , 'user_data' FROM 'users'";
$query = $mysqli->query($sql);
while ($dados = $query->fetch_assoc()) {
	$id        = $dados["user_id"];
	$nome      = $dados["user_name"];
	$email = $dados["user_email"];
	$data = $dados["user_data"];
	
	echo "<a href=\"editar.php?user_id=$id\">Editar</a>";
	
	
}


?>

edit.php:

  <?php

// Aqui você se conecta ao banco
$mysqli = new mysqli('127.0.0.1', 'root', '', 'login');
$id = $_GET["user_id"];
settype($id, "integer");

// Executa uma consulta 
$sql = "select * from users where user_id = $id";
$query = $mysqli->query($sql);
while ($dados = $query->fetch_assoc()) {
$id        = $dados["user_id"];
$nome      = $dados["user_name"];
$email = $dados["user_email"];
$data = $dados["user_data"];}


?>

<form id="form1" name="form1" method="post" action="salvar_edicao.php">
<input type="text" readonly name="id" id="id" value="<?php echo $id;?>" /><br>
<input type="text" name="nome" id="nome" value="<?php echo $nome;?>" /><br>
<input type="text" name="email" id="email" value="<?php echo $email;?>" /><br>
<input type="text" readonly name="data" id="data" value="<?php echo $data;?>" /><br>

<input type="submit" onClick="return confirm('Deseja atualizar o registro?');" name="Submit" value="SALVAR ALTERAÇÕES" id="button-form" />
 </form>
 
</div></div>

save_edicao.php:

<?php
@ini_set('display_errors', '1');
error_reporting(E_ALL);

$id        = $_POST["id"];
$nome      = $_POST["nome"];
$email = $_POST["email"];
$data     = $_POST["data"];

// Aqui você se conecta ao banco
$mysqli = new mysqli('127.0.0.1', 'root', '', 'login');

$sql = 'UPDATE users SET user_name = ?, user_email = ? WHERE users.user_id = ?';
$stmt = $mysqli->prepare($sql) or die($mysqli->error);

if(!$stmt){
  echo 'erro na consulta: '. $mysqli->errno .' - '. $mysqli->error;
}

$stmt->bind_param('ssi', $nome, $email, $id);
$stmt->execute();
header("Location: index.php#tabs-4");
?>

03.03.2015 / 13:07

Java error report in PDF Entity Framework is not interpreting my settings

score 1 · Accepted Answer

In save_edicao.php do the update routine by calling the correct mysqli API and not the old mysql _ *

Change:

mysql_query("UPDATE users SET user_name = '$nome', user_email = '$email'
             WHERE users.id = $id");

To:

$mysqli->query("UPDATE users SET user_name = '$nome', user_email = '$email'
             WHERE users.id = $id");

You can avoid the sql injection problem by using prepared statements:

$sql = 'UPDATE users SET user_name = ?, user_email = ? WHERE users.id = ?';
$stmt = $mysqli->prepare($sql);

if(!$stmt){
  echo 'erro na consulta: '. $mysqli->errno .' - '. $mysqli->error;
}

$stmt->bind_param('ssi', $nome, $email, $id);
$stmt->execute();