I can't get the string $_POST['add'] to save so instead it updates my database with an empty string. where is the issue?

Question

I am trying to make an update in my database using two post variables, one from file clientpag.php and another from login.php. The variable $_POST['add'] which is an input from clientpag.php is not being saved. Can you help please? it is my first project using php!

LoginScript.php

<?php
session_start();

include_once'config/connect.php'; //database connection


if($_POST['submit']) {


    $address = mysql_query("UPDATE venue SET location='".$_POST['add']."'
WHERE vid = (select vid from user_venue where id = (select user_id from iangadot_user        
where username='".$_POST['username']."' ))");


        while($row = mysql_fetch_assoc($address)){
            $_SESSION['add'] = $row['location'];

        }   

        header("Location: clientpag.php");


        } else {
            echo "<script language=javascript>alert('error')</script>";


        }

 ?>

clientpag.php

<?php session_start(); ?>
<!DOCTYPE html>
<html>
<body>

<form  action="LoginScript.php" method="POST"> 

<p>Address:</p> <input class = "field" name="add" placeholder= "<?php          
if(isset($_SESSION['address'])) { echo $_SESSION['address']; } ?>" type="text" >
<input class = "button"  type = "submit" Value = "Save"><br>

</form>

</body>
</html>

[Please, don't use `mysql_*` functions in new code](http://bit.ly/phpmsql). They are no longer maintained [and are officially deprecated](https://wiki.php.net/rfc/mysql_deprecation). See the [red box](http://j.mp/Te9zIL)? Learn about [*prepared statements*](http://j.mp/T9hLWi) instead, and use [PDO](http://php.net/pdo) or [MySQLi](http://php.net/mysqli) - [this article](http://j.mp/QEx8IB) will help you decide which. If you choose PDO, [here is a good tutorial](http://j.mp/PoWehJ). **You are also wide open to [SQL injections](http://stackoverflow.com/q/60174)** — John Conde, Jan 07 '14 at 16:56

score 0 · Answer 1 · answered Jan 07 '14 at 16:59

Change

<input class = "button"  type = "submit" Value = "Save">

to

<input class = "button"  type = "submit" Value = "Save" name="usubmit">

and then in PHP script change

if($_POST['submit'])

to

if($_POST['usubmit'] !='')

This should work unless there is an error in the query

I can't get the string $_POST['add'] to save so instead it updates my database with an empty string. where is the issue?

1 Answers1