NOt able to update existing data of a application form

Question

I am editing my application form.So what i am Doing telling you here..I am already logged in

First of all i am giving a edit link(edit_profile1.php) on my home page
NOw i am asking again for username and password so that unauthorized user can not making editing in your profile
NOw on edit_profile1.php i am checking username and password sent by user to the username and password stored in database
If username and password are correct then i am redirected to edit_profile2.php
Here I am creating a form with same text boxes as i used in filling the application form(i am using same name for boxes).Here is a button with name update

For the last page edit_profile3.php i am giving coading here

<?php

    $con=mysql_connect("localhost","root","");
        if(!$con)
        {
        die('Could Not Connect:'.mysql_error());
        } 
        mysql_select_db("tcs",$con);

$usr=$_POST["username"];                 
$pwd=hash('sha1',$_POST['password']);   

$query="select * from employee where Username='$usr' and Password='$pwd'";   

$result=mysql_query($query,$con);


if ($result) 
{

$row=mysql_fetch_array($result);
$sql="update employee set ($row['Username']=$usr,$row['Password']=$pwd");

$deepak=mysql_query($sql,$con);

if($deepak)
{
    echo "Updation Successfull"
}

}
?>

Now when i excute this error is coming like this Parse error: syntax error, unexpected T_ENCAPSED_AND_WHITESPACE, expecting T_STRING or T_VARIABLE or T_NUM_STRING in F:\Study Material\Linux\xampp\htdocs\edit_profile3.php on line 21

Line number 21 is 
 $sql="update employee set ($row['Username']=$usr,$row['Password']=$pwd");

NOw i am not getting where i am getting wrong.Plz also tell me is there any other method for updating application forms any another logic.Plz check out above.

score 1 · Accepted Answer · edited May 23 '17 at 11:48

1

Apart from the problem with the parentheses that others have already pointed out, shouldn't it be like this?

"update employee set password=$pwd WHERE username=$usr"

If you also want to change the username, do something like this:

"update employee set username=$new_username, password=$pwd WHERE username=$old_username"

See the UPDATE documentation for MySQL for a description of the syntax.

Also, putting strings like this directly into SQL queries is risky - if you're not careful you could leave an SQL injection invulnerability. You should use query parameters to ensure that your code is secure. Read more about it from this question on StackOverflow.

edited May 23 '17 at 11:48

Community

1
1

answered Feb 05 '10 at 20:02

Mark Byers

811,555
193
1,581
1,452

ok fine i remove the quote problem but still the same error..and plz cheak out properly i want to do edit evrything not only password but also username thats why i give command $sql="update employee set ($row['Username']=$usr,$row['Password']=$pwd)" BUt this is not working – Deepak Narwal Feb 05 '10 at 20:13
@Deepak: Sorry, but you're doing it wrong. Have you ever used UPDATE in SQL before? I suggest you read the documentation (see link in my updated answer) and some tutorials and try playing around with UPDATE in the query browser until you understand it. – Mark Byers Feb 05 '10 at 20:19
Thank for your suggestion sir ,In future i will follow it sure.But now its urgent sir thats why i am so insisting here.. About problem May be i am not able to tell you properly what i wnat.Ok plz listen once again..First of all i am fetching all form data from dataabse into a form .My form have onely two field username and password.Now i want to change both username and password... That's why i am writing $row['Username'](old value)=$usr(new value) and $row['Password'](old value)=$pwd(new value)..plz tell me correct code once so that i can grab it and can implement into my project.plz – Deepak Narwal Feb 05 '10 at 20:42

score 0 · Answer 2 · answered Feb 05 '10 at 20:00

0

Your closing bracket ) is outside the query string.

Use a PHP editor with syntax highlighting, they help see such problems straight away.

And the PHP manual is very good, and always good to have handy.

answered Feb 05 '10 at 20:00

Pekka

442,112
142
972
1,088

score 0 · Answer 3 · answered Feb 05 '10 at 20:03

0

The statement is not properly written:

$sql="update employee set ($row['Username']=$usr,$row['Password']=$pwd)";

The quote must be after the ' ) '.

answered Feb 05 '10 at 20:03

TheGrandWazoo

2,879
1
17
15

NOt able to update existing data of a application form

3 Answers3