Update a record in a Mysql table from a POST variable?

Question

Update a record in a Mysql table from a POST variable?

Navigation

#1 by (0 votes)
#2 by (0 votes)

1

I am trying to update a record in a MySQL table, by means of a script called " prueba_envio_1.php " which selects the value of the first row of the table with heading waiting when you press the call next button, when you get this information, you write it automatically in the input text to be sent by POST, once you have selected the value, again press the button that is now called end shift to end the turn.

//  prueba_envio_1.php
<!doctype html>
<html lang="en">
<html>
    <head>
        <meta charset="UTF-8">
        <title>Prueba</title> 
    </head>

    <body>

        <!-- CUERPO -->
        <center>
        <form name="datos_turnos" method="POST"> 

        <div id="datos_y_turnos_liquidacion">
        <div>  
            <label style="font-size: 35pt; color:yellow" name="estado" id="estado"></label>   <!-- ETIQUETA DE ATENDIENDO : -->
            <label style="font-size: 35pt; color:yellow" name="turn" id="turn"></label><br/>   <!-- ETIQUETA DE TURNO SELECCIONADO -->
            <input type="text" name="turno_oculto" id="turno_oculto" style="text-align: right"> 

        <table id="tabla_turnos" name="tabla_turnos" style="font-size: 18pt; text-align:center" border="1px">  

            <tr>
                <th style="font-size: 18pt">TURNOS EN ESPERA</th>
            </tr>

            <tr>
                <td>I4</td>     
            </tr>

            <tr>
                <td>I5</td>     
            </tr>

            <tr>
                <td>I6</td>     
            </tr>               
        </table>  
        </div>
        </div>  

        <div id="remitir_y_finalizar_liquidacion">
        <div>   
            <button type="button" name="finalizar turno" id="BTN_FINALIZAR_TURNO" class="campana" onclick="cambio_texto('prueba_envio_2.php')" style="width:350px; height:200px; Arial; font-size: 20pt">LLAMAR SIGUIENTE</button>
        </div>
        </div>

    </body>
</html>

<script>
// VARIABLES
var tabla = document.getElementById('tabla_turnos');
var uno = document.getElementById('BTN_FINALIZAR_TURNO');
var estado = document.getElementById('estado');
var turno = document.getElementById('turn');
var oculto = document.getElementById('turno_oculto');

//  PARA CAMBIAR EL TEXTO    CADA VEZ QUE SE DA CLICK EN EL BOTON (SE EJECUTA CADA VEZ QUE DAMOS CLICK AL BOTON DE LLAMAR Y FINALIZAR)
function cambio_texto(destino1) {

//  ESTE IF ES PARA CUANDO PRESIONEMOS EL BOTON EN CASO DE QUERER FINALIZAR TURNO, ES DECIR CUANDO EL BOTON DIGA "FINALIZAR TURNO"  
  if (uno.innerHTML == 'FINALIZAR TURNO'){                      // SI QUIERE FINALIZAR TURNO O LLAMAR
      var respuesta = confirm('¿ ESTA SEGURO QUE DESEA FINALIZAR TURNO ?');
      if(respuesta==true){                                      // SI RESPONDO QUE SI
          uno.innerHTML = 'LLAMAR SIGUIENTE';                   // CAMBIA TEXTO DEL BOTON A "LLAMAR SIGUIENTE"               
          estado.innerText = '';
          turno.innerText = '';
          document.datos_turnos.action = destino1;              // 
          document.datos_turnos.submit();                       // SE ENVIA POR POST A : prueba_envio_2.php
      }
      else{ 

      }
  }

  else{    // ESTE ELSE ES PARA CUNADO PRESIONEMOS EL BOTON EN CASO DE QUERER LLAMAR TURNO, ES DECIR CUANDO EL BOTON DIGA "LLAMAR SIGUIENTE"
    if(tabla.rows[1]){                                           // SI YA SELECCIONO TURNO 
    estado.innerHTML = 'ATENDIENDO: ';
    turno.innerText = tabla.rows[1].textContent;
    oculto.value = tabla.rows[1].textContent;
    uno.innerHTML = 'FINALIZAR TURNO';
    }

    else {                                                       // NO HA SELECCIONADO TURNO
        alert("NO HAY TURNOS EN ESPERA.");
    }
  }  
}
</script>

It is assumed that at the end of the shift it sends by POST the value that is in the input text to the script prueba_envio_2.php which is responsible for receiving the data by POST and update the record with the current time in the row that corresponds to the data received, but I do not know why I do not update in the database, and I checked if the data is coming by printing it with echo in the script prueba_envio_2 .php and if it is arriving, but it does not update.

//  prueba_envio_2.php
<?php
include("conexion.php");

date_default_timezone_set("America/Bogota");
setlocale(LC_ALL,"es_ES");

$fecha_actual = date("Y-m-d H:i:s");
$turno_remitido = $_POST["turno_oculto"];     // SE RECIBE LA VARIABLE POR POST

echo $turno_remitido;            // IMPRIME LA VARIEBLE RECIBIDA POR POST

// ACTUALIZA LA BD DICIENDO

$_UPDATE_SQL = ("UPDATE $tabla1_bd Set 
FINALIZADO = '$fecha_actual'
WHERE TURNO = '$turno_remitido'");        // ACTUALIZAMOS EN LA CELDA QUE COINCIDA CON LA VARIABLE RECIBIDA

mysqli_query($conexion,$_UPDATE_SQL);

header('Location:prueba_envio_1.php');
?>

I enclose the conexion.php script and the database table:

//  conexion.php
<?php
$host = "localhost";
$usuariobd = "zona1";
$clavebd = "PrimeraZona12345";
$basededatos = "distrito_militar_7";

$tabla1_bd = "ciudadanos";
$tabla2_bd = "login";
$tabla3_bd = "remitidos";

$conexion = mysqli_connect($host,$usuariobd,$clavebd,$basededatos);

if ($conexion->connect_errno){
    echo "Nuestro sistema experimenta fallos...";
    exit();     
}
?>

If someone knows what the error is, I appreciate your cooperation.

mysql javascript php mysqli

asked by andresuarez_95 03.10.2018 в 19:41

source

2 answers

0

try this to see:

$_UPDATE_SQL = "UPDATE {$tabla1_bd} SET FINALIZADO = '{$fecha_actual}' WHERE TURNO = '{$turno_remitido}' ";

and try this to see the errors

die("MySQL error $mysqli_error() <br> Query:<br> $query", $msqli_errno());

answered by 03.10.2018 в 21:02

Send message by socket in C blocks Problem with a margin (Using bootstrap 4)

score 0 · Accepted Answer

It is always convenient to debug everything to see where the problem is.

If you say that your update query occurs like this:

UPDATE ciudadanos Set FINALIZADO = '2018-10-03 13:27:31' WHERE TURNO = '    I4 '

Just copy / paste it in a text editor and show the invisible characters, we can see that the value that should serve as a criterion does not match the real data, because it is coming as follows: ' I4 ' .

In a text editor, we see that:

to the left of the value there is a tabulation
to the right of the value there is a blank space

In conclusion, this: ' I4 ' is not the same as this: 'I4' .

You can check it with a var_dump($turno_remitido); which will tell you exactly how many characters your string has. The correct value should show string(2) for the case of I4 , if it throws something else it is clear that the criterion of WHERE will never be fulfilled.

You should therefore clean the data.

How do you say you get it this way in the client:

document.getElementById('turno_oculto').value = tabla.rows[1].textContent;

You can apply the trim function on the value, like this:

document.getElementById('turno_oculto').value = tabla.rows[1].textContent.trim();

Anyway, it is good that you control the value that is presented in tabla.rows[1].textContent , establishing controls that clean the data, for example, when inserting them in databases, in text files or others.

NOTE ON SECURITY:

The way you query the database is highly vulnerable to   SQL injection attacks. A malicious user could manipulate   the value that is passed in $turno_remitido and cause serious damage in   the data and even in the system. To neutralize that kind of   attacks should shield the code through the use of queries   prepared. It is convenient that you read about it later.