Error due to PHP UPDATE with PDO

Asked

Viewed 102 times

0

This code cannot find the records, and brings that variable $lista is undefined.

My HTML:

<html>
<head>
    <meta charset="UTF-8">
    <title></title>
</head>
<body>
    <?php
        include_once '../classes/Sistema2/Administrador.class.php';

    ?>
    <form action="Crud.php" method="post" id="none">
        <input type="hidden" name="acao" id="acao" value="<?php echo isset($_GET["id"])?'atualizar':'';?>">
        Nome:<input type="text" id="none" name="nome" value="<?php echo $lista['nome']?>">
        email:<input type="text" id="none" name="email" value="<?php echo $lista['email']?>">
        cpf:<input type="text" id="none" name="cpf" value="<?php echo $lista['cpf']?>">
        salario:<input type="text" id="none" name="salario" value="<?php echo $lista['salario']?>">
        <input type="submit" value="atualizar" name="atualizar">

    </form>    
</body>

That code stays in mine Crud.php and a file it receives from post and makes the call with the class Administrador

if(isset($_GET["id"])){
                if($_POST["acao"] == "atualizar"):
                    $administrador = new Administrador();
                    $administrador->atualizar((strip_tags(trim($_POST['nome']))),(trim($_POST['email'])),(trim($_POST['cpf'])),(trim($_POST['salario'])));
                endif;    
            }

That code is on class:

public function atualizar($nome,$email,$cpf,$salario){
        $sql_atualizar = "UPDATE administrador SET nome=:nome, email=:email, cpf=:cpf salario=:salario WHERE id = :id";
        print_r($sql_atualizar);
        try{
            $query_atualizar = $this->conn()->prepare($sql_atualizar);
            $query_atualizar->bindValue(':nome',$nome,PDO::PARAM_STR);
            $query_atualizar->bindValue(':email',$email,PDO::PARAM_STR);
            $query_atualizar->bindValue(':cpf',$cpf,PDO::PARAM_STR);
            $query_atualizar->bindValue(':salario',$salario,PDO::PARAM_STR);
            //echo "<script>alert('Administrador alterado com sucesso! ')</script>";
            header('location: Index.php');

        }catch(PDOException $err){
            echo " Erro: ".$err->getMessage();
        }
    }
  • 1

    Huuum, code review :D. Already comments on that header() to begin.

1 answer

3

First set an Hidden field with registration id in your form.

<form action="Crud.php" method="post" id="none">
   <input type="hidden" name="id" value="<?php echo $lista['id'; ?> " />

In Crud.php check if the id exists, if yes it is an update otherwise it is an Insert.

if(isset($_GET["id"] && ctype_digit($_GET["id"])){
   $administrador = new Administrador();
   $administrador->atualizar('valores ...');

Now create the respective bind for the id in atualizar() and don’t forget to call execute() otherwise your query will not arrive in the database how much and will not be executed.

$query_atualizar->bindValue(':salario',$salario,PDO::PARAM_STR);
$query_atualizar->bindValue(':id', $_GET["id"]);
if(!$query_atualizar->execute()){
   print_r($$query_atualizar->errorInfo()):
}else{
   echo 'sucesso';
}

Suggestions

This line is very long, it is a good opportunity to create a function or method to sanitize the user inputs.

 $administrador->atualizar((strip_tags(trim($_POST['nome']))),(trim($_POST['email'])),(trim($_POST['cpf'])),(trim($_POST['salario'])))

New function

function sanitizar($input){
     return trim(strip_tags($input));
}

$administrador->atualizar(sanitizar($_POST['nome']),sanitizar($_POST['email']),sanitizar($_POST['cpf']),sanitizar($_POST['salario']));

Browser other questions tagged

You are not signed in. Login or sign up in order to post.