Update record in table using selected in MYSQL

1

I have this problem, which I can not solve.

I have the following tables in the database:

Andintheformitpullstherightdata,sointhenowthatI'llupdateforexampleonlythecardanddonotchangeanythingelseintheform,thefieldtypeofvehiclesandSectoritdoesnotwritetothedatabase,twoemptyfields.andIdidnotchangeanythinginthesetwofields

Onlyafterupdatingitdoesnotappearanythinginthetwocolumns

phpformUpdateVeiculos.php

<formclass="row" name="formcontato" action="UpdateVeiculos.php" method="post" enctype="multipart/form-data" target="_self">

              <div class="col-md-12">
              <div class="box-header with-border">
                <h5 class="box-title"><i class="ion-android-car"></i> - <label>Identificação do Veiculo</label></h5>
                <div class="tile-footer">
               </div>
              </div>
            </div>

            <?php
            $idVeiculo = $_GET['idVeiculo']; 
            $result_usuario = "SELECT idVeiculo, placa, prefixo, b.tipoveiculo, c.nomesetor FROM veiculos a INNER JOIN tipoveiculos b on (a.idTipo=b.idTipo) INNER JOIN setores c on (a.idSetor=c.idSetor) WHERE idVeiculo = '$idVeiculo'";
            $resultado_usuario = mysqli_query($conn, $result_usuario); $row_usuario = mysqli_fetch_assoc($resultado_usuario); ?>

             <input type="hidden" name="idVeiculo" class="form-control" readonly value="<?php echo $row_usuario['idVeiculo']; ?>" id="idVeiculo" />





              <div class="col-md-3">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Placa</label></b>
                <input class="form-control" name="placa" value="<?php echo $row_usuario['placa']; ?>" id="placa" type="text">
              </div>
            </div>

              <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Prefixo</label></b>
                <input class="form-control" name="prefixo" value="<?php echo $row_usuario['prefixo']; ?>" id="prefixo" type="text">
              </div>
            </div>

            <div class="col-md-3">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Marca</label></b>
                <input class="form-control" name="marca" value="<?php echo $row_usuario['marca']; ?>" id="marca" type="text">
              </div>
            </div>

              <div class="col-md-4">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Modelo</label></b>
                <input class="form-control" name="modelo" value="<?php echo $row_usuario['modelo']; ?>" id="modelo" type="text">
              </div>
            </div>

             <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Ano Fabricação</label></b>
                <input class="form-control" name="anofab" value="<?php echo $row_usuario['anofab']; ?>" id="anofab" type="text">
              </div>
            </div>

              <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Ano Modelo</label></b>
                <input class="form-control" name="anomodelo" value="<?php echo $row_usuario['anomodelo']; ?>" id="anomodelo" type="text">
              </div>
            </div>

            <div class="col-md-4">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Numero de Chassis</label></b>
                <input class="form-control" name="chassis" value="<?php echo $row_usuario['chassis']; ?>" id="chassis" type="text">
              </div>
            </div>

              <div class="col-md-4">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Numero de Motor</label></b>
                <input class="form-control" name="motor" value="<?php echo $row_usuario['motor']; ?>" id="motor" type="text">
              </div>
            </div>

            <div class="col-md-3">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Numero do Renavam</label></b>
                <input class="form-control" name="renavam" value="<?php echo $row_usuario['renavam']; ?>" id="renavam" type="text">
              </div>
            </div>


            <div class="col-md-3">
          <div class="form-group">
            <b><label class="col-form-label" for="inputDefault">Tipo de Veiculos</label></b>
              <select name="idTipo" class="form-control select2" id="idTipo" style="width:100%;" >
              <option selected = "selected" value="<?php echo $row_usuario['idTipo'] ?>" ><?php echo $row_usuario['tipoveiculo'] ?></option>
      <?php
      $resultipo = "SELECT * FROM tipoveiculos";
      $resultadotipo = mysqli_query($conn, $resultipo);
      while ($row = mysqli_fetch_assoc($resultadotipo)) {          
      ?>
              <option value="<?php echo $row['idTipo']; ?>"><?php echo $row['tipoveiculo']; ?></option>
                <?php
      }
      ?>
               </select>
          </div>
        </div>

            <div class="col-md-3">
          <div class="form-group">
            <b><label class="col-form-label" for="inputDefault">Setor</label></b>
              <select name="idSetor" class="form-control select2" id="idSetor" style="width:100%;" >
              <option selected = "selected" value="<?php echo $row_usuario['idSetor'] ?>" ><?php echo $row_usuario['nomesetor'] ?></option>
      <?php
      $resultipo = "SELECT * FROM setores";
      $resultadotipo = mysqli_query($conn, $resultipo);
      while ($row = mysqli_fetch_assoc($resultadotipo)) {          
      ?>
              <option value="<?php echo $row['idSetor']; ?>"><?php echo $row['nomesetor']; ?></option>
                <?php
      }
      ?>
               </select>
          </div>
        </div>

         <div class="col-md-3">
          <div class="form-group">
            <b><label class="col-form-label" for="inputDefault">Tipo de Eixo</label></b>
              <select name="eixo" class="form-control select2" id="eixo" style="width:100%;" >
              <option selected = "selected" value="<?php echo $row_usuario['eixo'] ?>" ><?php echo $row_usuario['eixo'] ?></option>
              <option value="TOCO">TOCO</option>
              <option value="TRUCADO">TRUCADO</option>
               </select>
          </div>
        </div>

        <div class="col-md-12">
              <div class="box-header with-border">
                <h5 class="box-title"><i class="fa ion-ios-speedometer"></i> - <label>Horimetro - Revisão - Troca de Oleo e Filtros</label></h5>
                <div class="tile-footer">
               </div>
              </div>
            </div>


        <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Revisão</label></b>
                <input class="form-control" placeholder="insira horimetro" name="revisao" value="<?php echo $row_usuario['revisao']; ?>" id="revisao" type="text">
              </div>
            </div>

            <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Oleo Motor</label></b>
                <input class="form-control" placeholder="insira horimetro" name="oleomotor" value="<?php echo $row_usuario['oleomotor']; ?>" id="oleomotor" type="text">
              </div>
            </div>

            <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Oleo Cambio</label></b>
                <input class="form-control" placeholder="insira horimetro" name="oleocambio" value="<?php echo $row_usuario['oleocambio']; ?>" id="oleocambio" type="text">
              </div>
            </div>

            <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Oleo Diferencial</label></b>
                <input class="form-control" placeholder="insira horimetro" name="oleodiferencial" value="<?php echo $row_usuario['oleodiferencial']; ?>" id="oleodiferencial" type="text">
              </div>
            </div>

            <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Filtro Hidraulico</label></b>
                <input class="form-control" placeholder="insira horimetro" name="filtrohidraulico" value="<?php echo $row_usuario['filtrohidraulico']; ?>" id="filtrohidraulico" type="text">
              </div>
            </div>

            <div class="col-md-2">
              <div class="form-group">
                <b><label class="col-form-label" for="inputDefault">Filtro AL-12</label></b>
                <input class="form-control" placeholder="insira horimetro" name="filtroal12" value="<?php echo $row_usuario['filtroal12']; ?>" id="filtroal12" type="text">
              </div>
            </div>


            <div class="col-md-1">
          <div class="form-group">

               <input type="hidden"  name="dataalteracao"  value="<?php echo date('Y-m-d H:i:s');?>" class="form-control" id="datacadastro" />
          </div>
        </div>


        <div class="col-md-12">
          <div class="form-group">
        <div class="tile-footer">
          <button  type="submit" onclick="return validar_form_contato()" class="ion-compose btn btn-primary pull-right" > Atualizar</button>
        </div>
      </div>
    </div>

            </form>

UpdateVeiculos.php

 $id         =     $_POST['idVeiculo'];
  $placa      =     $_POST['placa'];
  $prefixo    =     $_POST['prefixo'];
  $marca      =     $_POST['marca'];
  $modelo     =     $_POST['modelo'];
  $anofab     =     $_POST['anofab'];
  $anomodelo  =     $_POST['anomodelo'];
  $chassis    =     $_POST['chassis'];
  $motor      =     $_POST['motor'];
  $renavam    =     $_POST['renavam'];
  $idTipo     =     $_POST['idTipo'];
  $idsetor    =     $_POST['idSetor'];
  $eixos       =     $_POST['eixo'];
  $revisao    =     $_POST['revisao'];
  $oleomotor  =     $_POST['oleomotor'];
  $oleocambio =     $_POST['oleocambio'];
  $oleodif    =     $_POST['oleodiferencial'];
  $filtrohid  =     $_POST['filtrohidraulico'];
  $filtroal12 =     $_POST['filtroal12'];
  $usuarioalt =     $_POST['usuarioalteracao'];
  $dataalt    =     $_POST['dataalteracao'];









  $query  = "UPDATE veiculos SET placa = '$placa', prefixo = '$prefixo', marca = '$marca', anofab = '$anofab', anomodelo = '$anomodelo', chassis = '$chassis', motor = '$motor', renavam = '$renavam', idTipo = '$idTipo', idSetor = '$idsetor', eixo = '$eixos' WHERE idVeiculo = '$id'";
  $result = mysqli_query($conn,$query);
    
asked by anonymous 10.05.2018 / 14:51

1 answer

1

When you are querying the user data is not returning ID fields:

"SELECT idVeiculo, placa, prefixo, b.tipoveiculo, c.nomesetor FROM ..."

Add the fields a.idTipo and a.idSetor

Enable display errors, these errors are easily caught with errors enabled.

Another point is that your code is vulnerable to SQL Injection. Only using mysqli will not make your code more secure, you should use prepared statements .

    
10.05.2018 / 15:04