0

I am sending a parameter through URL like: domain-name.com/Edit-user.php?reg_no=NV000003 and retrieving data into in textfields for reg_no NV000003 from database. It is fine here but when I click on modify button and submit form by using below code:

<?php
if(/$_POST){
$query=mysql_query("update table-name set 
    NAME = '".(/$_REQUEST['name'])."',
    EMAIL = '".(/$_REQUEST['email'])."'
    where field-name = 'particular-value'
    ");
    ?>

It is updating the data table but with empty values in all fields. May be I am missing somthing. Any idea Plsss?

my form is

   <form action="" method="post" id="modifystndt" name="modifystndt"> 
   <table> <tbody> <tr> <td width="200px">Name of Student:</td> 
   <td width="400px"><strong><input type="text" name="name" id="name" value="<?php echo $NAME; ?>"></strong></td> </tr>
   <tr> <td>E-mail :</td> <td><strong><input type="text" name="name" id="name" value="<?php echo $EMAIL; ?>"></strong></td> </tr> 
   <tr> <tbody> <table> </form>
echo_Me
  • 37,078
  • 5
  • 58
  • 78
Richi
  • 1
  • 1
  • 2
  • Possible duplicate of [How to prevent SQL injection in PHP?](http://stackoverflow.com/questions/60174/how-to-prevent-sql-injection-in-php) — assuming all those bogus `/` are just a failed attempt to format code. – Álvaro González Aug 01 '13 at 10:39
  • Did you checked is there any value in `$_REQUEST['name']` – 웃웃웃웃웃 Aug 01 '13 at 10:39
  • I have put the "/" here because it was giving warning while posting code with $ here. So pls avoid "/". @ User016, yes all filds are there with value. It only gets empty after submitting form. – Richi Aug 01 '13 at 10:44

2 Answers2

0

try this

     $query=mysql_query("update table-name set 
NAME = '".$_REQUEST['name']."',
EMAIL = '".$_REQUEST['email']."'
where `field-name` = 'particular-value'
");

as i can see in your form there is many errors .

  • you dont close table, tbody, tr ,inputs tags.

  • you used same name and same id for both inputs of NAME and email.

change the input of email to

    <input type="text" name="email" id="email" value="<?php echo $EMAIL; ?>" />

EDIT2:

try this

 <?php
  if(isset($_POST['modifystndt'])){
 $query=mysql_query("update table-name set 
 NAME = '".$_POST['name']."',
 EMAIL = '".$_POST['email']."'
 where field-name = 'particular-value'
 ");
 ?>

your form :

   <form action="" method="post" id="modifystndt" name="modifystndt"> 
 <table> <tbody> <tr> <td width="200px">Name of Student:</td> 
 <td width="400px"><strong><input type="text" name="name" id="name" value="<?php echo $NAME; ?>" /></strong></td> </tr>
 <tr> <td>E-mail :</td> <td><strong><input type="text" name="email" id="email" value="<?php echo $EMAIL; ?>" /></strong></td> </tr> 
</tbody> </table> 
  <input type="submit" name="submit" value="Submit"/></form>
echo_Me
  • 37,078
  • 5
  • 58
  • 78
  • I have put the "/" here because it was giving warning while posting code with $ here. So pls avoid "/". @ User016, yes all filds are there with value. It only gets empty after submitting form. – Richi Aug 01 '13 at 10:53
  • It is updating values so no prob with where clause. It is updating every field with null value although I can see the values in all text fields before submitting form. – Richi Aug 01 '13 at 11:06
  • can you post your form ? – echo_Me Aug 01 '13 at 11:08
  • [code]
    Name of Student:
    E-mail :
    [/code]
     – Richi Aug 01 '13 at 11:27
  • Thank you, I have corrected those but still stuck. When I echo $_REQUEST['name'] before executing query, this prints no value. It mean all form inputs value is being flush on submitting it. Any idea? – Richi Aug 01 '13 at 11:53
  • Thank you so much dear I am emotional :). was making same mistake. I had same id and name for all inputs. Big copy paste mistake. LOL Thank you and thanks to all for helping. – Richi Aug 01 '13 at 12:19
0

If your form method is POST, you can retrieve your data with the array $_POST.

$query=mysql_query("update table-name set 
   NAME = '".$_POST['name']."',
   EMAIL = '".$_POST['email']."'
   where `field-name` = 'particular-value'
");
Alexandre Ouicher
  • 856
  • 1
  • 9
  • 15