1

my php is returning null when values are passed to it i checked it with chrome's plugin POSTMAN... i am unable to figure out the problem :\ This is my code i am trying to update the database by sending values from my android code(which is okay):-

<?php


$response = array();

// check for required fields
if (isset($_POST['id']) && isset($_POST['company']) && isset($_POST['date']) && 
isset($_POST['time']) && isset($_POST['ten']) && isset($_POST['twelve']) &&    
isset($_POST['aggregate']) && isset($_POST['backlog']) && isset($_POST['pending']) &&        
isset($_POST['branch'])) {
$cid = $_POST['id'];
$company = $_POST['company'];
$date = $_POST['date'];
$time = $_POST['time'];
$ten = $_POST['ten'];
$twelve = $_POST['twelve'];
$aggregate = $_POST['aggregate'];
$backlog = $_POST['backlog'];
$pending = $_POST['pending'];
$branch = $_POST['branch'];

// include db connect class
require_once __DIR__ . '/db_connect.php';

// connecting to db
$db = new DB_CONNECT();

// mysql update row with matched pid
$result = mysql_query("UPDATE companies SET company = '$company', date = '$date', time  
= '$time' ten = '$ten', twelve = '$twelve',aggregate = '$aggregate', backlog = 
'$backlog', pending = '$pending', branch = '$branch'  WHERE id = $cid");

// check if row inserted or not
if ($result) {
// successfully updated
$response["success"] = 1;
$response["message"] = "Company successfully updated.";

// echoing JSON response
echo json_encode($response);
} else {

}
} else {
// required field is missing
$response["success"] = 0;
$response["message"] = "Required field(s) is missing";

// echoing JSON response
echo json_encode($response);
}
?>
Harekam Singh
  • 66
  • 9
  • `// connecting to db $db = new DB_CONNECT();` this looks strange – Daryl Gill Aug 16 '13 at 20:09
  • 1
    Oof. You need to use prepared statements. This is unsafe. See [here](http://stackoverflow.com/questions/60174/how-can-i-prevent-sql-injection-in-php?rq=1) – ಠ_ಠ Aug 16 '13 at 20:09
  • Please use parametrized queries with PDO; your code is easily prone to SQL injection. – Kevin Ji Aug 16 '13 at 20:11
  • dp_connect.php is my connection file connecting to database which is okay n working well for other php's and $db = new DB_CONNECT(); is calling class in it ..i'll be really helpful if someone just figure it out whats the error...also i am poor in php – Harekam Singh Aug 16 '13 at 20:14
  • also i am using front end validations (in my android code) php is back end helping me to connect to mysql..so i guess sql injection can be avoided that way – Harekam Singh Aug 16 '13 at 20:17
  • no, front end validation doesn't help – Royal Bg Aug 16 '13 at 20:21
  • front end validation is going to do nothing when someone can pass data to your script directly. They'll just bypass your validation to do it.You should really look at using mysqli or PDO, since mysql is deprecated – JRizz Aug 16 '13 at 20:26
  • okay n thnks i will look to this n edit my code – Harekam Singh Aug 16 '13 at 20:37

1 Answers1

3

You missed a comma:

= '$time', ten = '$ten', twelve = '$twelve', aggregate = '$aggregate', backlog = 
     ____^_____
Kevin Ji
  • 10,479
  • 4
  • 40
  • 63
  • If this was the solution to your issue you should accept the answer so others can see that it was solved – Jake Aug 16 '13 at 20:27