why my cannot edit/update database using PHP?

Question

Here is my code. In this code, when you edit and "update" the data in the database by using PHP, it doesn't change the data in the database or myphpadmin. Take a look at the below code:

<?php
include("dataconn.php"); //connect to database with the external php.

if($_SESSION["loggedin"]!="true")
    header("location:admin_login.php");

$aid=$_SESSION["userid"];
$admin_info="select * from admin where AD_ID='".$aid."'";

    if(isset($_POST["savebtn"]))
{
    $adname=$_POST["name"];
    $adaddress=$_POST["address"];
    $ademail=$_POST["email"];
    $adcontact=$_POST["contact"];

            mysql_query("update admin set AD_NAME='".$ad_name."',ADDRESS='".$adaddress."',EMAIL='".$ademail."',CONTACT_NUM='".$adcontact."' where AD_ID=$aid");

    header("location:profile.php");

}

 ?>

    <body>

        <form name="edit" method="post" action="">
            <tr>
                <th class="title">Name</th>
                <td>:</td>
                <th><input type="text" size="50" value="<?php echo $row["AD_NAME"]?>" name="name"/></th>

            </tr>

            <tr>
                <th class="title">Address</th>
                <td>:</td>
                <th><input type="text" size="50" value="<?php echo $row["ADDRESS"];?>" name="address" /></th>
            </tr>
            <tr>
                <th class="title">Email</th>
                <td>:</td>
                <th><input type="text" size="50" value="<?php echo $row["EMAIL"];?>" name="email"/></th>
            </tr>
            <tr>
                <th class="title">Contact Number</th>
                <td>:</td>
                <th><input type="text" size="50" value="<?php echo $row["CONTACT_NUM"];?>" name="contact"></th>
            </tr>

        <table>

        <span id="edit"><input type="submit" name="savebtn" value="SAVE/CHANGE"/></span>
        </form>


  </body>
   </html>

I have tried to fix this numerous times，but it still has the same problem. Can you help me?

Do you get an error? Also, look into prepared statements, or you will get an SQL injection attack. — Sablefoste, Jul 17 '13 at 14:01
you should be either storing and checking `mysql_query` or testing for no `mysql_error`. also, look in to using `PDO` statements, as accepting values directly from `$_POST` and placing them in your query is dangerous. — Brad Christie, Jul 17 '13 at 14:02
@SableFoste i didnt get error massage at all,just the edited data didn't at my database. — JCChan, Jul 17 '13 at 14:05
http://stackoverflow.com/questions/12859942/why-shouldnt-i-use-mysql-functions-in-php — RiaD, Jul 17 '13 at 14:05
Do you have necessary privileges to insert/update for your database connection? — Sergiy T., Jul 17 '13 at 14:06
I also had put the mysql_error() inside and it work,means that didn't show me the error massage. — JCChan, Jul 17 '13 at 14:10
Your code style is HORRIBLE and hurts in the eyes. `'" . $adcontact . "' where AD_ID=" . $aid)`, `header("Location: admin_login.php");`, ... http://framework.zend.com/manual/1.12/de/coding-standard.coding-style.html — Daniel W., Jul 17 '13 at 14:10
So you can not insert/update db table under username and password in your dataconn.php even with phpMyAdmin? If so, than you need to connect to db with permission to insert/update. — Sergiy T., Jul 17 '13 at 14:15

score 1 · Answer 1 · answered Jul 17 '13 at 14:09

1

Try to replace you current tag with the one I listed below maybe it will help.

<form name="edit" method="post" action="<?php echo $_SERVER['PHP_SELF']; ?>">

answered Jul 17 '13 at 14:09

Ideal Bakija

629
5
14

Sbml · Accepted Answer · 2013-07-17T14:31:17.123

To help finfing the error:

<?php

echo $adname . '<br />';
echo $adaddress . '<br />';
echo $ademail . '<br />';
echo $adcontact . '<br />';

$result = mysql_query("update admin set AD_NAME='".$ad_name."',ADDRESS='".$adaddress."',EMAIL='".$ademail."',CONTACT_NUM='".$adcontact."' where AD_ID=$aid");

if (!$result) {
    die('Invalid query: ' . mysql_error());
}else{
    //header("location:profile.php");
    echo "Success";
}


?>

And try to change your code to PDO, something like this:

<?php

if(isset($_POST["savebtn"])){

$adname=$_POST["name"];
$adaddress=$_POST["address"];
$ademail=$_POST["email"];
$adcontact=$_POST["contact"];

try {
  $pdo = new PDO('mysql:host=localhost;dbname=someDatabase', $username, $password);
  $pdo->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

  $stmt = $pdo->prepare('UPDATE admin SET AD_NAME=:adname ,ADDRESS = :adaddress , EMAIL = :ademail , CONTACT_NUM = :adcontact WHERE AD_ID = :aid');

  $stmt->execute(array(
    ':adname'   => $adname,
    ':adaddress' => $adaddress,
    ':ademail' => $ademail,
    ':adcontact' => $adcontact,
    ':aid' => $aid
  ));

  header("location:profile.php");

} catch(PDOException $e) {
  echo 'Error: ' . $e->getMessage();
}

}

?>

it just show me ** $adaddress . '
'; echo $ademail . '
'; echo $adcontact . '
'; and success** and **$adname .** missing — JCChan, Jul 17 '13 at 14:33
@JCChan One small detail in your HTML, you need to fix your table structure, open tag, close properly
and you just need TITLE: — Sbml, Jul 17 '13 at 14:49

score 0 · Answer 3 · answered Jul 17 '13 at 14:16

You definitely should consider moving to mysqli or PDO for your PHP MYSQL integration. At the very minimum you should be using at least some form of input escaping (ie using mysql_real_escape_string()).

In regards to it not working you really need to let php/mysql tell you what it's error is; like so:

$result = mysql_query("update admin set AD_NAME='".$ad_name."',ADDRESS='".$adaddress."',EMAIL='".$ademail."',CONTACT_NUM='".$adcontact."' where AD_ID=$aid") or die("Error with query: ".$query."<br /> Error message: ".mysql_error());

However that being said to really be able to help it would be useful to have - 1 the error message - 2 the table definition

Despite that I am guessing that your problem is probably in the WHERE clause of the query - try it as "...where AD_ID='$aid'"

I had try it,unfortunately not error message shown and remain the same problem.Anyway,thanks — JCChan, Jul 17 '13 at 14:27

why my cannot edit/update database using PHP?

3 Answers3