I have this form, which is a PHP form to add and update a record using the same form depends on query parameters.
<?php
if (isset($_GET['id'])) {
$id = $_GET['id'];
echo '<h1>Edit</h1>';
} else {
echo '<h1>Add New</h1>';
}
global $wpdb;
$pr = $wpdb->get_results("SELECT * FROM wp_projects WHERE id = $id LIMIT 1");
?>
<form action="" method="post">
<input type="text" name="pr-name" value="<?php echo $pr[0]->name ?>" size="50">
<input type="text" name="pr-lang" value="<?php echo $pr[0]->languages ?>" size="50">
<?php
if (isset($_GET['id'])) {
echo '<input style="margin-left: 10%;" class="btn btn-primary" type="submit"
name="edit" value="Edit" />';
} else {
echo '<input style="margin-left: 10%;" class="btn btn-primary" type="submit"
name="add" value="Add" />';
}
?>
</form>
Logic to handle this form:
if (isset($_POST['add'])) {
global $wpdb, $name, $lang;
$name = !empty($_POST['pr-name']) ? sanitize_text_field($_POST['pr-name']) : null;
$lang = !empty($_POST['pr-lang']) ? sanitize_text_field($_POST['pr-lang']) : null;
$table_name = $wpdb->prefix . "projects";
$wpdb->insert($table_name, array(
'time' => current_time('mysql'),
'name' => $name,
'languages' => $lang,
));
}
if (isset($_POST['edit'])) {
global $wpdb, $name, $lang;
$name = !empty($_POST['pr-name']) ? sanitize_text_field($_POST['pr-name']) : null;
$lang = !empty($_POST['pr-lang']) ? sanitize_text_field($_POST['pr-lang']) : null;
$table_name = $wpdb->prefix . "projects";
$wpdb->update(
$table_name,
array('time' => current_time('mysql'), 'name' => $name ),
array('ID'=>$id),
array("%s"),
array("%d")
);
}
Right now it's not adding any record, and if I use the Edit (or Update) route It turns the whole record blank. It removes the previous values from the record.
If I delete <?php echo $pr[0]->name ?>
form input fields everything works perfect, but I couldn't get the stored values from the DB so I know what's I'm updating.
What can I do to solve it?
you have here some problems.
At first, - never use data from $_GET or $_POST directly in the SQL - you will get SQL Injection
At second, how you think it <?php echo $pr[0]->name ?>
will work when you will try to add new record, if there is no any data in $pr? So, you can try smth like this <?php echo $pr[0]->name ?? '' ?>
, or to go more correct way I described below.
So you need to use this line $pr = $wpdb->get_results("SELECT * FROM wp_projects WHERE id = $id LIMIT 1");
only when you in the edit url. This way you can also add check - is there record with this id
in the db.
So, the code will be something like that:
<?php
global $wpdb;
$name = '';
$lang = '';
if (isset($_GET['id'])) {
$id = $_GET['id'];
$pr = $wpdb->get_results("SELECT * FROM wp_projects WHERE id = $id LIMIT 1");
if (!$pr) {
die('No record with id: ' . $id);
}
$name = $pr[0]->name;
$lang = $pr[0]->languages;
echo '<h1>Edit</h1>';
} else {
echo '<h1>Add New</h1>';
}
?>
<form action="" method="post">
<input type="text" name="pr-name" value="<?php echo $name ?>" size="50">
<input type="text" name="pr-lang" value="<?php echo $lang ?>" size="50">
<?php
if (isset($_GET['id'])) {
echo '<input style="margin-left: 10%;" class="btn btn-primary" type="submit"
name="edit" value="Edit" />';
} else {
echo '<input style="margin-left: 10%;" class="btn btn-primary" type="submit"
name="add" value="Add" />';
}
?>
</form>