Php-Nothing being written in Mysql table using post method

Question

I have looked online for many hours but still can’t figure out what’s wrong with my code. Code works okay when I have $SALES=30; $ID=10; etc. Now I want to post those values using html form, but can't make it to work.

 <?php
$http_origin = $_SERVER['HTTP_ORIGIN'];
if ($http_origin == "http://......")
   {
   header('Access-Control-Allow-Origin: *');
   }
  $SALES = $_POST['SALES'];//Supplied by html form
$ID = $_POST['ID'];//Supplied by html form
$con = mysqli_connect("xxx","TABLE","xxx");
if (mysqli_connect_errno())
  {
  echo "Failed to connect to MySQL: " . mysqli_connect_error();
  }
mysqli_select_db($con,"xxxxxx") or die ("no database"); 
    $sql="update TABLE
    set 
    id = @newer := $ID,
    tray_1 = case when tray_1 is null then @newer:=$SALES else tray_1 end,
    tray_2 = case when @newer = $ID and tray_2 is null then @newer:=$SALES else tray_2 end,
    tray_3 = case when @newer = $ID and tray_3 is null then @newer:=$SALES else tray_3 end

WHERE id = $ID";This updates table values where field is null
if (!mysqli_query($con,$sql))
  {
  die('Error: ' . mysqli_error($con));
  }
mysqli_close($con);
 ?>

What is wrong with my code? Thank you.

Answer 1

There is probably some typo in first line:

$SALES = '$_POST['SALES']';//Supplied by html form

Should be:

$SALES = $_POST['SALES'];//Supplied by html form

Maybe this will help you?

BTW you should check something about mysql injection, for example here: PHP MySQL injection example?

Handling forms this way is ultra dangerous, because anyone can delete whole your database in one second.