Error in function of UPDATE in PHP with PDO

0

This code can not find the records, and causes the variable $lista to be undefined.

My HTML:

<html>
<head>
    <meta charset="UTF-8">
    <title></title>
</head>
<body>
    <?php
        include_once '../classes/Sistema2/Administrador.class.php';

    ?>
    <form action="Crud.php" method="post" id="none">
        <input type="hidden" name="acao" id="acao" value="<?php echo isset($_GET["id"])?'atualizar':'';?>">
        Nome:<input type="text" id="none" name="nome" value="<?php echo $lista['nome']?>">
        email:<input type="text" id="none" name="email" value="<?php echo $lista['email']?>">
        cpf:<input type="text" id="none" name="cpf" value="<?php echo $lista['cpf']?>">
        salario:<input type="text" id="none" name="salario" value="<?php echo $lista['salario']?>">
        <input type="submit" value="atualizar" name="atualizar">

    </form>    
</body>

This code is in my Crud.php and a file that receives post and makes the call with class Administrador

if(isset($_GET["id"])){
                if($_POST["acao"] == "atualizar"):
                    $administrador = new Administrador();
                    $administrador->atualizar((strip_tags(trim($_POST['nome']))),(trim($_POST['email'])),(trim($_POST['cpf'])),(trim($_POST['salario'])));
                endif;    
            }

This code is in class :

public function atualizar($nome,$email,$cpf,$salario){
        $sql_atualizar = "UPDATE administrador SET nome=:nome, email=:email, cpf=:cpf salario=:salario WHERE id = :id";
        print_r($sql_atualizar);
        try{
            $query_atualizar = $this->conn()->prepare($sql_atualizar);
            $query_atualizar->bindValue(':nome',$nome,PDO::PARAM_STR);
            $query_atualizar->bindValue(':email',$email,PDO::PARAM_STR);
            $query_atualizar->bindValue(':cpf',$cpf,PDO::PARAM_STR);
            $query_atualizar->bindValue(':salario',$salario,PDO::PARAM_STR);
            //echo "<script>alert('Administrador alterado com sucesso! ')</script>";
            header('location: Index.php');

        }catch(PDOException $err){
            echo " Erro: ".$err->getMessage();
        }
    }
    
asked by anonymous 10.12.2015 / 18:00

1 answer

3

First define a hidden field with the id of the record in your form.

<form action="Crud.php" method="post" id="none">
   <input type="hidden" name="id" value="<?php echo $lista['id'; ?> " />

In Crud.php check if the id exists, if yes is an update of the opposite is an insert.

if(isset($_GET["id"] && ctype_digit($_GET["id"])){
   $administrador = new Administrador();
   $administrador->atualizar('valores ...');

Now create the respective bind for the id in atualizar() and do not forget to call execute() otherwise your query will not arrive in the database when nor will it be executed.

$query_atualizar->bindValue(':salario',$salario,PDO::PARAM_STR);
$query_atualizar->bindValue(':id', $_GET["id"]);
if(!$query_atualizar->execute()){
   print_r($$query_atualizar->errorInfo()):
}else{
   echo 'sucesso';
}

Suggestions

This line is very long, it is a good opportunity to create a function or method that sanitizes user input.

 $administrador->atualizar((strip_tags(trim($_POST['nome']))),(trim($_POST['email'])),(trim($_POST['cpf'])),(trim($_POST['salario'])))

New role

function sanitizar($input){
     return trim(strip_tags($input));
}

$administrador->atualizar(sanitizar($_POST['nome']),sanitizar($_POST['email']),sanitizar($_POST['cpf']),sanitizar($_POST['salario']));
    
10.12.2015 / 18:43