Script to update mysql from client not working

Question

1 - Script to update my mysql client 2 - When I leaving the (where id= id";) I doubled the other id just make them the same changes. when I editing the profile of client. I know the problem but do not know what to put there, I tried so meny options and still does not work, 3 - here is my script:

<?php
include('../conect.php');
if(isset($_POST['update']))
   // Get values from form
$id=$_POST['id'];
$username=$_POST['username'];
$utilizator=$_POST['utilizator'];
$password=$_POST['password'];
$nivel=$_POST['nivel'];
$departament=$_POST['departament'];
$location=$_POST['location'];
$country=$_POST['country'];
$email=$_POST['email'];
$ip=$_POST['ip'];


$query = "UPDATE utilizatori SET username = '$username', utilizator = '$utilizator', password = '$password', nivel = '$nivel', departament = '$departament', location = '$location', country = '$country', email = '$email', ip = '$ip' where id= id";
$res = mysql_query($query);
mysql_query($update);
    echo $update;


mysql_query($query);
echo "Record Updated";

header('location:../user.php');
// close connection
mysql_close(); 
?>

You are using [an **obsolete** database API](http://stackoverflow.com/q/12859942/19068) and should use a [modern replacement](http://php.net/manual/en/mysqlinfo.api.choosing.php). You are also **vulnerable to [SQL injection attacks](http://bobby-tables.com/)** that a modern API would make it easier to [defend](http://stackoverflow.com/questions/60174/best-way-to-prevent-sql-injection-in-php) yourself from. — Quentin, May 29 '13 at 16:30
I believe Death has the solution here. In addition to Quentin's suggestion (which I highly recommend), I hope your are encrypting that password before storing it! — StaticVoid, May 29 '13 at 16:33
@razvan - in that case, you'll have explain what you mean by it's not working. Do you get a white screen? An error message? Does it update nothing? Everything? The wrong item? The right item with the wrong data? — andrewsi, May 29 '13 at 16:40
in your program you have mysql_query($update); what does $update refer to? you don't have it mentioned anywhere except there and the line below it. — Jim, May 29 '13 at 16:42
Good catch Jim. Razvan, the $update variable is not defined anywhere shown. — StaticVoid, May 29 '13 at 16:42
@StaticVoid - well, the UPDATE query is in `$query`, which is being run. Twice, apparently. — andrewsi, May 29 '13 at 16:43
but if you let the free WHERE id = id "; is good but makes to all the same id — razvan, May 29 '13 at 16:45
@andrewsi We're referring to the variable name $update, not the update query. "mysql_query($update);" <-- That variable is undefined — StaticVoid, May 29 '13 at 16:47
remove the whitespace and never use a single quote and a double-quote together: WHERE id = '$ id " should be: WHERE id = $id — StaticVoid, May 29 '13 at 16:51
@StaticVoid - you're quite right; I don't think we're going to be able to fix the problem is until the OP actually tells us what the problem actually is. — andrewsi, May 29 '13 at 16:52
even if you understand the problem i have, let me know somewhere to watch how it's done — razvan, May 29 '13 at 16:55
One other problem you're having is that none of the variables are set except $id, because you aren't using brackets to enclose the results of your if() statement — Patrick Moore, May 29 '13 at 16:56
[Bobby Tables would so love your site](http://xkcd.com/327/). — Niels Keurentjes, May 29 '13 at 16:56

score 0 · Answer 1 · answered May 29 '13 at 16:33

You are not referencing the $id variable, but rather a string text id which breaks the query statement. Add a dollar sign to reference the variable, and if it's anything but an integer, wrap it in single quotes, too.

$query = "UPDATE utilizatori SET username = '$username', {...}, ip = '$ip' where id= '$id' ";

Jim · Accepted Answer · 2013-05-29T17:00:31.457

0

try this:

    <?php
include('../conect.php');
if(isset($_POST['update'])){
// Get values from form
$id=$_POST['id'];
$username=$_POST['username'];
$utilizator=$_POST['utilizator'];
$password=$_POST['password'];
$nivel=$_POST['nivel'];
$departament=$_POST['departament'];
$location=$_POST['location'];
$country=$_POST['country'];
$email=$_POST['email'];
$ip=$_POST['ip'];
    $query = "UPDATE utilizatori SET username = '$username', utilizator = '$utilizator',
    password = '$password', nivel = '$nivel', departament = '$departament', 
    location = '$location', country = '$country', email = '$email', ip = '$ip' 
    where id= $id";
    $res = mysql_query($query);
    if ($res) {
    echo "Record Updated";
    } else {
    echo "Record not updated.";
    }
    header('location:../user.php');
    } // end of first if statement
    // close connection
    mysql_close(); 
    ?>

edited May 29 '13 at 17:00

answered May 29 '13 at 16:54

Jim

1,315
4
17
45

maybe it's the problem of editing table – razvan May 29 '13 at 16:59
@razvan - You really need to define what you mean by not working. Do you know if anything is set? what is happening when you run it? – Jim May 29 '13 at 17:08
I not have any error, just does not do anything – razvan May 29 '13 at 17:34
Ok, lets start here, right after include('../conect.php'); put print_r($_POST['update']); This will tell us if $_POST['update'] is set or not. – Jim May 29 '13 at 17:37
my ip from host, 85.204.5.129 user Jim pass Jim – razvan May 29 '13 at 17:42
ok, so we know that it is going to call all of the variables then. echo the query statement and see what it looks like. And you can stop telling me it is not working, I get it and know it is frustrating. – Jim May 29 '13 at 17:45
you have some ID messinger or skype ? – razvan May 29 '13 at 17:47
you have jimdimag skyp yd ? – razvan May 29 '13 at 17:51
no gmail chat though or you can send an email to that address. – Jim May 29 '13 at 17:52

Script to update mysql from client not working

2 Answers2