1

Hi I am using html and PHP to update a variable in a database table, I have made sure that the html form works correctly and have used echos to make sure the script is running through. It isnt giving me any signs of error but wont update the table. To clarify my html code is working fine as the function is working and all the right echos are coming out. Here is the code I hope someone can enlighten me as to where I am going wrong. Thank you!

<?php
session_start();
$healthyPig = 50;
$userNamer = $_SESSION['rememberMe'];
echo $userNamer;
$connect=(mysql_connect("localhost","lpwd10","lpwd10","lpwd10_proj"));
if (mysql_error())
  {
  echo "Failed to connect";
  }
echo "connected SON";
mysql_query($connect,"UPDATE user SET 'pigHealth' = $healthyPig WHERE userName='$userNamer'");
header('Location: pigManager.php');
echo "Complete";
mysql_close($con);



?>
Lewis Dunn
  • 11
  • 1
  • Try `mysql_query(...) or die(mysql_error());` to see output errors. – showdev Apr 15 '13 at 21:34
  • your SET 'pigHealth' = is incorrect at the very least. omit the single quotes, or use backticks. I'd suggest just changing it to SET pigHealth = $healthyPig ... – gview Apr 15 '13 at 21:36
  • 1
    Does the user with the correct username exist in the table? And maybe you need to select the correct database with `mysql_select_db()`? – Jan-Henk Apr 15 '13 at 21:36
  • **You are leaving yourself wide open to SQL injection.** Please learn about using parametrized queries, preferably with the PDO module, to protect your web app. http://bobby-tables.com/php has examples to get you started. – Andy Lester Apr 15 '13 at 21:52
  • Let me know the url of the website once It's finished, I'd love to sql-inject it. I'm kidding, but seriously, It's sooo easy with your code, take a look at this: http://stackoverflow.com/questions/16023217/two-foreach-statements-with-only-one-mysql-query/16023628#16023628 I cba to rewrite it here. – Jonast92 Apr 15 '13 at 21:56
  • Please dont use [the `mysql_` database extension](http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php), it is deprecated (gone for ever in PHP7) Specially if you are just learning PHP, spend your energies learning the `PDO` database extensions. [Start here](http://php.net/manual/en/book.pdo.php) – RiggsFolly Apr 18 '16 at 16:45

2 Answers2

2

The value should be in quotes, not the column name

"UPDATE user SET pigHealth = '$healthyPig' WHERE userName='$userNamer'"

zavg
  • 10,351
  • 4
  • 44
  • 67
  • Hi, i have fixed my syntax and it still isnt working. The username is taken from a session variable and using echos I have made sure it is passed into the script. I am not worried about sql injection at the moment, it will be something that will be addressed later. – Lewis Dunn Apr 15 '13 at 22:05
0

I think you are getting the mysql_ and mysqli_ extensions muddled up.

Using the mysql_ extension your query() statement is wrong

mysql_query($connect,"UPDATE user SET 'pigHealth' = $healthyPig WHERE   userName='$userNamer'");

Should be 

mysql_query("UPDATE user SET 'pigHealth' = $healthyPig WHERE userName='$userNamer'", $connect);

BUT you should not be using the mysql_ extension anymore, its been deprecated for years and has been completely removed from PHP7, so any code you write using it will not run on PHP7.

Specially if you are just learning PHP, spend your energies learning the PDO database extensions. Start here

RiggsFolly
  • 93,638
  • 21
  • 103
  • 149