How to edit a database table using PHP and variables stored in $_session function

Question

0.00/5 (No votes)

See more:

i am trying to edit my data already stored in database i need help to write that part of the code.
help me complete this part

 //Edit category 
    if(isset($_POST['editCategory']) && !empty($_POST['editCategory'])){

What I have tried:

<pre><?php   
    session_start();
    include '../controller/dbConnection.php';

    if(isset($_GET['edit']) && !empty($_GET['edit'])){
        $edit_id = (int)$_GET['edit'];
        $edit_id = filter_var($edit_id,FILTER_VALIDATE_INT);
        
        //for child 
        $sql_child = "SELECT * FROM category WHERE id='$edit_id'";       
        $result_child = $db->query($sql_child);
        $child_row = mysqli_fetch_assoc($result_child);
        $item_parent_id = $child_row['parent'];

        //for parent 
        $sql_parent = "SELECT * FROM category WHERE id='$item_parent_id'"; 
        $result_parent = $db->query($sql_parent);
        $parent_row = mysqli_fetch_assoc($result_parent);

        $_SESSION['edit_id'] = $edit_id;
        $_SESSION['parent_name'] = $parent_row['categoryName'];
        $_SESSION['child_name'] = $child_row['categoryName'];
        $_SESSION['parent_id'] = $parent_row['id'];

        header('Location: ../admin/category.php');
        die();

    }
    //delete category
    if(isset($_GET['delete']) && !empty($_GET['delete'])){
        $delete_id = (int)$_GET['delete'];
        $delete_id = filter_var($delete_id,FILTER_VALIDATE_INT);
        $sql = "SELECT * FROM category WHERE id = '$delete_id'";
        $result = $db->query($sql);
        $delete_category = mysqli_fetch_assoc($result);
        if($delete_category['parent'] == 0){
            $dsql1 = "DELETE FROM category  WHERE parent = '$delete_id'";
            $dsql2 = "DELETE FROM category  WHERE id = '$delete_id'";
            $db->query($dsql1);
            $db->query($dsql2);
        }else{
            $dsql = "DELETE FROM category  WHERE id = '$delete_id'";
            $db->query($dsql);
        }
       
    }
    //Add category 
    if(isset($_POST['addCategory']) && !empty($_POST['addCategory'])){
       
        $parent = filter_var($_POST['parent'],FILTER_SANITIZE_STRING);
        $category = filter_var($_POST['category'],FILTER_SANITIZE_STRING);
        $error = null;
        //category is blank
        if($category == ''){           
            $_SESSION['error'] = 'The category cannot be left blank';
            header('Location: ../admin/category.php');           
            die();
        }
        
        $sqlform = "SELECT * FROM category WHERE categoryName = '$category' AND parent = '$parent'";
        $fresult = $db->query($sqlform);
        $count = mysqli_num_rows($fresult);
        //if it already exist in database
        if($count > 0){
            $_SESSION['error'] = $category.' already exists. Please a choose a new category';
            header('Location: ../admin/category.php');            
            die();
        }
        //insert into database
        $insertsql = "INSERT INTO category (categoryName, parent) VALUES('$category','$parent')";           
        $db->query($insertsql);
        $_SESSION['success'] = 'Category has been added successfully';
        header('Location: ../admin/category.php');
        die();
    }

    //Edit category 
    if(isset($_POST['editCategory']) && !empty($_POST['editCategory'])){
        $edit = (int)$_POST['editCaregory'];
        $edit =  filter_var($_POST['editCategory'],FILTER_SANITIZE_STRING);
        $Nparent = filter_var($_POST['parent'],FILTER_SANITIZE_STRING);
        $Ncategory = filter_var($_POST['category'],FILTER_SANITIZE_STRING);
        $udpate_sql = "SELECT * FROM category WHERE categoryName = '$Ncategory' AND parent = '$Nparent' AND id = ''";


    }
?>

Posted 9-Jun-20 5:37am

Sylar Appiah

Updated 9-Jun-20 10:08am

Add a Solution

Comments

Richard Deeming 9-Jun-20 12:22pm

Your code is vulnerable to SQL Injection[^]. NEVER use string concatenation / interpolation to build a SQL query. ALWAYS use a parameterized query.

PHP: SQL Injection - Manual[^]

ZurdoDev 9-Jun-20 14:58pm

Where are you stuck? What exactly is your question?

1 solution

Add a Solution

Add your solution here

Treat my content as plain text, not as HTML

Preview 0

…

Existing Members

Sign in to your account

...or Join us

Download, Vote, Comment, Publish.

Your Email
Password
Forgot your password?

Your Email
This email is in use. Do you need your password?
Optional Password

I have read and agree to the Terms of Service and Privacy Policy
Please subscribe me to the CodeProject newsletters

When answering a question please:

Read the question carefully.
Understand that English isn't everyone's first language so be lenient of bad spelling and grammar.
If a question is poorly phrased then either ask for clarification, ignore it, or edit the question and fix the problem. Insults are not welcome.
Don't tell someone to read the manual. Chances are they have and don't get it. Provide an answer or move on to the next question.

Let's work to help developers, not make them feel stupid.

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)

W∴ Balboos, *GHB* · Answer 1 · 2020-06-09T10:09:00

Solution 1

Based upon your code, as written, your session will not start and $_SESSION will be unusable for your.

The session_start(); must be on the absolute first line.

PHP

<?php session_start();

That alone may help you well along your way - but if you don't tell us exactly what the program error is then we're not going to do better than take a guess.

Does your SQL query fail? Does it not even run? If it doesn't run, is it a connection error or something else?

Posted 9-Jun-20 10:09am

W∴ Balboos, GHB

v2

Comments

Sylar Appiah 9-Jun-20 19:49pm

the section start is on a different page and i have included this page on that page. i mean i can't write the edit database query. "the last part of my code if(issect('editCategory')........... i want you to help me build that part.

W∴ Balboos, GHB 10-Jun-20 7:43am

You still haven't said what's wrong - did you try anything and get an error? What was it? If you don't get an error message, what is happening? If you don't see an error message then you need to see what your SQL looks like - it all may be working and your asking it to change something that's not in your table.

Does any of it work?

You can't expect me to rewrite the entire section for you.